Moving the cheese –

Microsoft is retiring personal MSDN blogs. As a result, I’ve moved all my blog content to:  I hope you’ll keep the great feedback coming there. Steve  

ACR Build (Preview) Now Supported In All Public Regions

ACR Build, a native container build capability of the Azure Container Registry is now available in all regions ACR is available. That’s 23 regions worldwide as of July 23rd 2018. ACR Build enables network close builds, alongside your container registry. While docker has an efficient image layering scheme, image layers can grow in size. Reducing the…

Azure Container Registry Build Supports All Windows Versions (Preview of Preview)

ACR Build, a cloud-native container build capability of the Azure Container Registry now supports all supported versions of Windows Containers. In May of 2018, Azure announced ACR Build (Preview), a component of Azure’s OS & Framework Container Life-cycle Management Today, we wanted to give customers early access to Windows Builds, in addition to the Linux and ARM…

Key Differences between VM and Container Vulnerability Scanning

As we explore the various options for integrating vulnerability scanning into containers running in Azure, we encountered many different approaches and requests. I was initially writing a document for internal discussions, outlining some of our internal goals for how we want to think about container security, and why we might take one approach or another….


ACR Build OS & Framework Patching Now Supports Docker Hub

In May we announced the public preview of ACR Build, enabling OS & Framework patching. When we announced the preview, only Azure Container Registries were supported for base image update notifications. With DockerCon starting this week, it’s only appropriate we add support for base in Docker Hub. Docker build a locally scoped directory in Azure,…

How ACR Build Id’s are generated

As you use ACR Build, for OS & Framework patching, native container builds, or validating a docker build without having the docker client installed, you may be wondering, what is the format for those alpha-numeric Build id’s. aa12 The short answer is it’s based on the region the build was executed upon, and a base…

Docker Tagging: Best practices for tagging and versioning docker images

In any new tech, there are lots of thoughts around “best practices”. When a tech is new, what makes a best practice? Working at Microsoft, running the Azure Container Registry (ACR), talking with lots of customers, some that use Azure and some that don’t, we’ve had a lot of exposure to what customers have encountered….


Relaxing ACR storage limits, with tools to self manage

When we created the tiered SKUs for ACR, we built the three tiers with the following scenarios in mind: Basic – the entry point to get started with ACR. Not intended for production, due to the size, limited webhooks and throughput SLA. Basic registries are encrypted at rest and geo-redundantly stored using Azure Blob Storage,…


Working with ACR Geo-replication notifications

Azure Container Registry geo-replication enables a single control plane across the global footprint of Azure. You can opt into the regions you’d like your registry to have a network-close/local experience. However, there are some important aspects to consider. ACR Geo-replication is multi-master. You can push to any region, and ACR will replicate the manifests and…

OS & Framework Patching with Docker Containers – a paradigm shift

Thinking of containers, we think of the easy packaging of our app, along with its dependencies. The dockerfile FROM defines the base image used, with the contents copied or restored into the image. We now have a generic package format that can be deployed onto multiple hosts. No longer must the host know about what…