Azure IaaS and Azure Stack: announcements and updates (June 2019 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Web Application Firewall (WAF) for Azure Front Door service is generally available

Customers can use WAF to define security policies that allow, block, forward or rate limit access to their web applications delivered through Azure Front Door.

  • A WAF security policy may consist of an ordered list of custom rules and Azure managed pre-configured rulesets.
  • Custom rules are based on a combination of client IP addresses, geolocation, http parameters, request methods and size constraints.
  • The pre-configured default rule set can be enabled to protect your applications from OWASP top 10 threats.
  • New or updated WAF configurations are deployed globally within minutes, letting you respond quickly to changing attack patterns.
  • WAF for Azure Front Door is integrated with Azure Monitor and the logs can be accessed through an Azure storage account, Azure Event Hub or Azure Log Analytics.

DevTest Labs supports the Shared Image Gallery feature

It enables lab users to access images from a shared location while creating lab resources. It also helps you build structure and organization around your custom-managed VM images.

High-Performance Computing Virtual Machines are available in West US 2, East US

HC-series Virtual Machines, designed to provide supercomputer-grade performance and scalability with the best price-performance on the public cloud, are generally available in West US 2 and East US.

Azure File Sync is GA for Azure Government cloud

Azure File Sync is generally available for Azure Government cloud. Azure File Sync in Government Cloud can be used with the same v6 agent that a customer would use in public cloud. It is at feature parity with what’s available publicly.

Azure Shared Image Gallery are generally available

Shared Image Gallery provides a simple way to share your applications with others in your organization, within or across Azure Active Directory (AD) tenants and regions. This enables you to expedite regional expansion or DevOps processes and simplify your cross-region HA/DR setup.

Azure DevTest Labs: PowerShell module to simplify management of labs

You can now make use of Az.DevTestLabs, a PowerShell module to simplify the management of Azure DevTest Labs. It provides composable functions to create, query, update and delete labs, virtual machines, custom images and environments. 

Advanced data security for SQL servers on IaaS

Advanced data security is now available for SQL Server on Azure Virtual Machines. Advanced data security for SQL Server on Azure Virtual Machines currently includes functionality for surfacing and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate a threat to your server.

Adaptive Network Hardening in Security Center id generally available

Security Center learns the network traffic and connectivity patterns of Azure workloads and provides NSG rule recommendations, for Internet facing virtual machines. This helps our customer better configure their network access policies and limit their exposure to attacks. 

Azure Application Gateway Web Application Firewall custom rules are Generally Available

Custom rules for WAF_v2 allow customers to create their own rules with IP/IP range or String based matching conditions. For example, customers will be able to create rules which block requests from a specific IP range, or those matching a specific regular expression in the request’s header/cookie/URI/queryString/form elements. Users can also join multiple matching conditions into a single custom rule. More details can be found here

Update rollup for Azure File Sync Agent

Improvements and issues that are fixed
  • After creating a server endpoint, High CPU usage may occur when background recall is downloading files to the server.
  • Sync and cloud tiering operations may fail with error ECS_E_SERVER_CREDENTIAL_NEEDED due to token expiration.
  • Recalling a file may fail if the URL to download the file contains reserved characters.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 6.2.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4489738.