February 2026 Microsoft Cloud Security & Infrastructure Updates: What You Need to Know

Enhanced DNS Security with DoH Public Preview

Microsoft has launched a public preview of DNS over HTTPS (DoH) for Windows DNS Server, available in the February 2026 update for Windows Server 2025. This feature encrypts DNS queries and responses, enhancing authentication and privacy while maintaining existing server functions.

The DoH implementation aligns with Zero Trust security principles and supports U.S. federal cybersecurity requirements. However, it's important to note that the feature is disabled by default and is not yet production-ready. Currently, it only encrypts client-to-server traffic, with future updates planned for upstream encryption support.

Key considerations:

• Feature is disabled by default
• Only encrypts client-to-server traffic (upstream encryption coming)
• Not production-ready yet
• Feedback encouraged during preview phase

This move represents Microsoft's commitment to enhancing DNS security in enterprise environments, particularly for organizations subject to strict compliance requirements.

Azure Blob Storage Tiering: Clarity and Practical Guidance

A recent article from the Azure Infrastructure team provides essential clarity on Azure Blob Storage tiering for backup architects. The piece debunks common misconceptions about tier performance and access, explaining that Hot, Cool, and Cold tiers are all online and offer immediate data access.

Critical insights:

• Minimum retention is a billing rule, not a technical limit
• Archive tier requires rehydration before restores
• Restore speed depends on throughput architecture, not tier
• Cost is influenced by both storage and access patterns

The article emphasizes that effective tiering strategies and lifecycle policies are essential for scaling backup repositories from terabytes to petabytes, ensuring operational safety and cost control. For architects managing large-scale backup solutions, this guidance provides practical design recommendations and clarifies Azure tier behaviors.

Multi-Region AKS Architecture for Maximum Availability

The Azure Architecture team has published a comprehensive reference architecture for deploying Azure Kubernetes Service (AKS) across multiple Azure regions. This guide compares active/active, active/passive, and deployment stamp patterns, detailing trade-offs in availability, complexity, and cost.

Key components include:

• Azure Front Door for global routing
• Geo-replicated data services
• Centralized monitoring
• Consistent security across regions

The article emphasizes that multi-region resilience requires coordinated patterns, not a simple switch, and should align with business RTO/RPO objectives and operational maturity. For organizations requiring high availability, this architecture provides a roadmap for achieving resilient, multi-region deployments.

Simplified Machine Provisioning for Azure Local

Microsoft has announced the public preview of Simplified Machine Provisioning for Azure Local, streamlining edge infrastructure deployment by shifting configuration to Azure. This approach enables IT teams to centrally define and automate provisioning using Azure Arc, with minimal onsite interaction.

Benefits of the new approach:

• Staff only need to rack, power on hardware, and use a prepared USB
• Built on FIDO Device Onboarding standard for secure onboarding
• End-to-end deployment visibility
• Faster, less error-prone deployments

This new process enables organizations to efficiently provision and manage Azure Local infrastructure across multiple sites, reducing deployment complexity and improving consistency.

Automated VM Recovery: Minimizing Downtime

Azure Automated Virtual Machine Recovery is a built-in Azure feature designed to minimize VM downtime by automatically detecting, diagnosing, and mitigating failures within seconds, without customer intervention. The system operates continuously, leveraging multiple detection mechanisms and optimized recovery paths.

Key advantages:

• No setup required; all Azure VMs benefit automatically
• Recovery Event Annotations provide deep visibility
• Over the past 18 months, average VM downtime has been halved
• Ensures business continuity and consistent SLA compliance

This feature empowers customers to confidently run resilient applications with reduced risk of service disruption and financial loss.

Security Enhancements Across the Ecosystem

Several security-focused updates have been announced:

User-Bound User Delegation SAS

Microsoft has announced the public preview of user-bound user delegation SAS for Azure Storage, enhancing security by restricting SAS token usage to a specific Microsoft Entra ID identity. This ensures only the designated user can access storage resources, reducing the risk of unintended access.

Multi-Agent AI Security

An article on securing multi-agent AI solutions focused on user context and the complexities of On-Behalf-Of (OBO) flows outlines how enterprise-grade systems can preserve user identity and enforce access controls when AI agents interact with backend services.

Migration and Modernization Tools

AWS to Azure Migration

A structured five-phase approach for migrating workloads from AWS to Azure emphasizes a "like-for-like" architecture to minimize risk and complexity. The approach includes planning, preparation, execution, evaluation, and decommissioning phases.

Agentic Tools for Cloud Migration

Agentic tools are transforming cloud migration and modernization by introducing autonomy, continuous optimization, and context-aware decision-making. These tools automate environment discovery, recommend modernization paths, execute migrations, validate and optimize workloads, and ensure governance.

FinOps Toolkit Enhancements

FinOps toolkit 13 (January 2026) delivers stability and usability improvements for cloud cost management, including enhanced documentation, Key Vault purge protection options, Power BI report fixes, and streamlined Cost Management exports via PowerShell with Parquet support.

Key improvements:

• Enhanced documentation and security features
• Streamlined Cost Management exports
• Community engagement with new office hours
• Future plans include AI-driven automation

AI Fluency and Credential Updates

Microsoft Learn has emphasized the importance of AI fluency for all roles within organizations, providing practical steps to integrate AI into daily workflows. The AI Skills Navigator is highlighted as a resource for building AI fluency.

Additionally, Microsoft's February 2026 Credentials roundup introduces four new AI-focused Certifications and six new Applied Skills, targeting both technical and business professionals. These credentials validate expertise in AI integration, Copilot, and agent solutions.

What's Next

These February 2026 updates demonstrate Microsoft's continued investment in security, automation, and AI capabilities across its cloud ecosystem. Organizations should evaluate these features for potential implementation, particularly the DNS over HTTPS preview for enhanced security and the automated VM recovery for improved reliability.

For those planning migrations or modernization efforts, the structured approaches and agentic tools provide frameworks for reducing risk and improving outcomes. The emphasis on AI fluency and new credentials also signals the growing importance of AI skills across all IT roles.

Bottom line: Microsoft's February 2026 updates focus on enhancing security, simplifying operations, and preparing organizations for an AI-driven future. Staying current with these developments will be crucial for maintaining competitive advantage and operational excellence in cloud environments.