We are pleased to announce the release of the Azure API Management Premium tier service in general availability with a full SLA. If you've tried the Premium tier while it was in preview, you would know that it expands our offering with a number of enterprise-grade features.
Multiple Geography Deployment
You can now provision the proxy and portal of your API Management service in multiple geo-regions simultaneously. This can reduce latency for your international customers while spreading the load to multiple instances. You can switch to the Premium tier on the Scale tab of Azure Management Portal's view of your instance. Once done you can choose the number of instances for each region you want API Management to be available in. Learn more about how to deploy to multiple Azure regions. To maximize the benefit of deploying to multiple regions you can enable caching on each region to get a de-facto API CDN. This would avoid expensive round-trips for remote regions and greatly improve response time for users.
Azure Virtual Network / VPN support
Connectivity to on-premise backends was previously achievable by securing the connection using mutual certificates. If you are using the Premium tier now you can create an Azure Virtual Network or ExpressRoute and connect to your backend through it as an alternative. You will find the settings for it in the Configure tab of your instance's Azure Management portal view. Note that if you have deployed to multiple regions you will have to pick a virtual network for each region. Learn more about setting up VPN connections.
Azure Active Directory support
The API Management developer portal already supports user authentication via Facebook, Twitter, Google or Microsoft accounts in addition to basic username and password. Today we are enabling Azure Active Directory as an additional identity provider. This enables leveraging existing corporate credentials to provide access to the portal and moreover using AD group membership to gate access to individual APIs (via their presence in a product). It is now possible to disable basic authentication for this particular scenario.
You can also enable multiple AAD tenants if needed to support multiple organizations.