This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure South Africa regions are available
Azure services are now available from new cloud regions in Johannesburg (South Africa North) and Cape Town (South Africa West), South Africa. The launch of these regions marks a major milestone for Microsoft as they open their first enterprise-grade datacenters in Africa, becoming the first global provider to deliver cloud services from datacenters on the continent. With 54 regions announced worldwide, the Microsoft global cloud infrastructure will connect the new regions in South Africa with greater business opportunity, help accelerate new global investment, and improve access to cloud and internet services across Africa. The new cloud regions in Africa are connected with Microsoft’s other regions via their global network, which spans more than 100,000 miles (161,000 kilometers) of terrestrial fiber and subsea cable systems to deliver services to customers.
Microsoft Azure Sentinel: intelligent security analytics for the entire enterprise
Security can be a never-ending saga, a chronicle of increasingly sophisticated attacks, volumes of alerts, and long resolution timeframes where today’s Security Information and Event Management (SIEM) products can’t keep pace. Microsoft rethinks the SIEM tool as a new cloud-native solution called Microsoft Azure Sentinel. Azure Sentinel provides intelligent security analytics at cloud scale for your entire enterprise. Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, to users, to apps, to servers on any cloud. It uses the power of artificial intelligence to ensure you are identifying real threats quickly and unleashes you from the burden of traditional SIEMs by eliminating the need to spend time on setting up, maintaining, and scaling infrastructure. Since it is built on Azure, it offers nearly limitless cloud scale and speed to address your security needs. Traditional SIEMs have also proven to be expensive to own and operate, often requiring you to commit upfront and incur high cost for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs, you pay for what you use.
Virtual network service endpoints for Azure Database for MariaDB are available
virtual network service endpoints for Azure Database for MariaDB are accessible in all available regions. Virtual network service endpoints allow you to isolate connectivity to your logical server from only a given subnet or set of subnets within your virtual network. Traffic to Azure Database for MariaDB from the virtual network service endpoints stays within the Azure network, preferring this direct route over any specific routes that take internet traffic through virtual appliances or on-premises.
M-series virtual machines (VMs) are available in the Korea South region and in the China North 2 region
Azure M-series VMs are now available in the Korea South region and in the China North 2 region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.
Azure Policy root cause analysis and change tracking features
New functionalities have been added to Azure Policy, including root cause analysis and change tracking features. This means that you’ll be able to see why a resource evaluated as non-complaint and what changes were implemented directly by a policy.
Azure Container Registry firewall rules and Virtual Network
Firewall rules and Virtual Network support in Azure Container Registry are available in preview. Limit registry access to your resources in Azure, or specific on-premises resources, including Express Route connected devices. Virtual Network access is provided through the Azure Container Registry premium tier. General availability pricing will be announced at a later date.
Azure Lab Services
Azure Lab Services is generally available. With Azure Lab Services, you can easily set up and provide on-demand access to preconfigured virtual machines (VMs) to teach a class, train professionals, run hackathons or hands-on labs, and more. Simply input what you need in a lab and let the service roll it out to your audience. Your users go to a single place to access all their VMs across multiple labs, and connect from there to learn, explore, and innovate.
Azure Availability Zones in East US
Azure Availability Zones, a high-availability solution for mission-critical applications, is now generally available in East US.
Global VNet Peering in Azure Government regions
Global VNet Peering is generally available in all Azure Government cloud regions. This means you can peer virtual networks across the Azure Government cloud regions. You cannot peer across Azure Government cloud and Azure public cloud regions.
Global VNet Peering supports Standard Load Balancer
Previously, resources in one virtual network could not communicate with the front-end IP address of an internal load balancer over a globally peered connection. The virtual networks needed to be in the same region. This is no longer the case. You can communicate with the internal IP address of a Standard Load Balancer instance across regions from resources deployed in a globally peered virtual network. This support is in all Azure regions, including Azure China and Azure Government regions.
New capabilities in Azure Firewall
Two new key capabilities in Azure Firewall:
- Threat intelligence based filtering: Azure Firewall can now be configured to alert and deny traffic to and from known malicious IP addresses and domains in near real-time. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Threat intelligence-based filtering is default-enabled in alert mode for all Azure Firewall deployments, providing logging of all matching indicators. Customers can adjust behavior to alert and deny.
- Service tags filtering: a service tag represents a group of IP address prefixes for specific Microsoft services such as SQL Azure, Azure Key Vault, and Azure Service Bus, to simplify network rule creation. Microsoft today supports service tagging for a rich set of Azure services which includes managing the address prefixes encompassed by the service tag, and automatically updating the service tag as addresses change. Azure Firewall service tags can be used in the network rules destination field.
Azure File Sync is now supported in Japan East, Japan West, and Brazil South regions.
Azure Premium Blob Storage public preview
Premium Blob Storage is a new performance tier in Azure Blob Storage, complimenting the existing Hot, Cool, and Archive tiers. Premium Blob Storage is ideal for workloads with high transactions rates or requires very fast access times, such as IoT, Telemetry, AI and scenarios with humans in the loop such as interactive video editing, web content, online transactions, and more. Premium Blob Storage has higher data storage cost, but lower transaction cost compared to data stored in the regular Hot tier. This makes it cost effective and can be less expensive for workloads with very high transaction rates.
Update rollup for Azure File Sync Agent: March 2019
An update rollup for the Azure File Sync agent was released today which addresses the following issues:
- Files may fail to sync with error 0x80c8031d (ECS_E_CONCURRENCY_CHECK_FAILED) if change enumeration is failing on the server
- If a sync session or file receives an error 0x80072f78 (WININET_E_INVALID_SERVER_RESPONSE), sync will now retry the operation
- Files may fail to sync with error 0x80c80203 (ECS_E_SYNC_INVALID_STAGED_FILE)
- High memory usage may occur when recalling files
- Cloud tiering telemetry improvements
More information about this update rollup:
- This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 220.127.116.11 or later installed.
- The agent version of this update rollup is 18.104.22.168.
- A restart may be required if files are in use during the update rollup installation.
- Installation instructions are documented in KB4481060.
Azure App Service on Azure Stack 1.5 (Update 5) Released
This release updates the resource provider and brings the following key capabilities and fixes:
- Updates to **App Service Tenant, Admin, Functions portals and Kudu tools**. Consistent with Azure Stack Portal SDK version.
- Updates to **Kudu** tools to resolve issues with styling and functionality for customers operating **disconnected** Azure Stack.
- Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.
All other fixes and updates are detailed in the App Service on Azure Stack Update Five Release Notes.