November has brought a series of significant updates in the Azure management services landscape. In this monthly recap, the most relevant innovations are highlighted, thus allowing for a specific deep dive into the new functionalities and optimizations introduced.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Overview of Management Services in Azure
Monitor
Azure Monitor
Azure Monitor System Center Operations Manager (SCOM) Managed Instance
Azure Monitor SCOM Managed Instance brings the capabilities of SCOM monitoring and configurable health models to Azure Monitor. As an integrated feature in Azure Monitor, SCOM Managed Instance provides a cloud-based alternative for SCOM customers, ensuring continuity of monitoring for both cloud and on-premises environments. SCOM Managed Instance is now available to everyone and since its preview, it has added multiple features, such as the integration of SCOM alerts with Azure Monitor alerts, the ability to send integrated alerts to IT service management tools, the capability to view service health from the Azure portal, and an improved onboarding experience.
Azure Monitor Agent integrated with Connection Monitor
Azure Monitor Agent, integrated with Connection Monitor, offers an effective solution for network connectivity monitoring. This integration simplifies the management of monitoring agents by consolidating multiple functions into a single agent. It enables the collection of network connectivity and performance data for both Azure and on-premises environments enabled with Azure Arc. New features include improved support for Azure Arc on-premises endpoints and simpler management of monitoring extensions. Additionally, there are plans to expand support for additional Azure resources and enhance performance metrics.
Azure Monitor Log Storage up to 12 Years
More than a year ago, Azure Monitor Logs launched a log storage solution that allows logs to be retained for up to seven years at a reduced cost. This feature has been valuable for many customers with regulations requiring long-term data retention. Since the introduction of this storage capability, there has been a steady increase in the number of customers utilizing log storage and in the duration of data retention. There has also been demand from many customers for longer storage periods beyond the supported seven years. Examples include tax authorities and healthcare regulations in some countries, which require data retention for 10-12 years. After extensive technical discussions and evaluations, Microsoft has extended the supported retention period, and Azure Monitor Logs now supports up to 12 years of data retention.
Adding dynamic values in custom alert fields
Microsoft recently introduced a new feature for Azure Monitor alerts, which now allows the addition of dynamic values in custom fields. This feature is particularly useful for customizing alarm notifications, allowing users to include values dynamically extracted from the alert payload or a combination of both. This update significantly improves the flexibility and effectiveness of alarm notifications, allowing for more customization in actions triggered by action groups, such as webhook actions, Azure function, or logic app. This new capability enhances the precision and relevance of alarm notifications, improving the management and monitoring of infrastructure and applications on Azure.
OpenTelemetry deployment for ASP.NET Core Applications
Microsoft announced the general availability of Azure Monitor’s OpenTelemetry deployment for ASP.NET Core applications. Part of the Azure Monitor ecosystem, this offering is designed for native cloud application monitoring, enabling customers to observe failures, bottlenecks, and usage patterns to more quickly resolve incidents and reduce downtime. The OpenTelemetry deployment of Azure Monitor includes a thin wrapper for easy implementation with a single line of code, along with specific Azure features for an optimized experience on the platform. This deployment is open and extensible, allowing data to be sent to multiple destinations and extended with a rich set of OpenTelemetry instrumentation libraries that collect data from a wide range of frameworks and environments.
Latency Metrics for Azure Disks and Performance Metrics for Temporary Disks on Azure Virtual Machines (preview)
Microsoft recently announced the introduction of the capability to monitor latency across OS, data, and temporary disks using the SCSI protocol, with support for the NVMe protocol coming soon. This improvement is particularly important for high-performance applications such as SAP Hana and OLTP databases, where latency plays a crucial role in read and write operations. It is now possible to track latency operations on OS, data, and temporary disks using Azure Monitor metrics. Additionally, temporary disks, which are by nature non-persistent and typically found in Virtual Machine (VM) families marked with a ‘d’ in their name, are now accessible for performance monitoring on Azure Monitor. It is now easy to monitor queue depth, IOPS, and throughput for these temporary disks, even though their storage does not persist beyond the lifecycle of the associated VM.
Azure Monitor Agent and JSON Log Collection (preview)
Azure Monitor Agent (AMA) now supports the collection of logs in JSON format for ingestion into Log Analytics. This new feature is designed to enable customers to collect their JSON-formatted logs generated in their services or applications and insert them into a Log Analytics workspace table for analysis. The AMA agent is required to use custom JSON logs.
Integration of Azure Monitor alerts with Event Grid for Azure Key Vault System Events (preview)
Microsoft recently announced a new feature in public preview: the integration of Azure Monitor Alerts with Event Grid for Azure Key Vault system events. This integration represents a significant step in the evolution of event and alert management services in Azure. Azure Monitor alerts are essential for detecting and addressing issues before users become aware, proactively notifying when Azure Monitor data indicates there might be a problem with the infrastructure or application. The integration with Event Grid enables efficient communication of events that indicate changes in the system state. This approach is common in decoupled architectures, such as those using microservices. With Azure Monitor alerts as a destination in Event Grid event subscriptions, it is possible to receive critical event notifications through action groups such as SMS, email, push notifications, and more. This feature, currently available only for Azure Key Vault system events, combines Event Grid’s low-latency event delivery with the flexibility and direct-to-customer notifications of Azure Monitor alerts.
Configure
Azure Automation
Azure Automation now supports PowerShell 7.2
Azure Automation has announced the general availability of PowerShell 7.2 runbooks. Users can now create runbooks in the long-term supported version of PowerShell, using the Azure Automation extension for Visual Studio Code, enhanced by GitHub Copilot, and run them on a secure and reliable platform.
Govern
Azure Advisor
Enhancing the reliability of Azure Disks with the introduction of Zone Redundant Storage
Microsoft has announced the general availability of a new Azure Advisor recommendation that enhances the reliability of Azure disks through the use of Zone Redundant Storage (ZRS). Disks with ZRS offer synchronous data replication across three Availability Zones within a region, significantly increasing resilience. By adopting this recommendation, users can now design their solutions using ZRS disks, ensuring that their disks can withstand a zonal outage. This update brings a notable improvement in the resilience of solutions, preventing downtime and interruptions.
Azure Cost Management
Exporting costs via the FOCUS Schema (preview)
The FinOps Open Cost and Usage Specification (FOCUS) is an innovative initiative aimed at establishing a common, provider- and service-agnostic format for billing data. This format allows organizations to better understand cost and usage patterns and optimize spending and performance across multiple cloud offerings, software as a service (SaaS), and even on-premises solutions. Microsoft Cost Management is introducing support for exporting cost and usage data aligned with the FOCUS schema as part of a limited preview ahead of the upcoming major release of FOCUS.
Updates related to Microsoft Cost Management
Microsoft is continually seeking new methods to enhance Microsoft Cost Management, the solution for providing greater visibility into where costs are accumulating in the cloud, identifying and preventing incorrect spending patterns, and optimizing costs. This article details some of the latest improvements and updates regarding this solution.
Azure Arc
VMware vSphere rnabled by Azure Arc
VMware vSphere enabled by Azure Arc helps users simplify the management of their hybrid IT environment spread across VMware vSphere and Azure. Customers can begin by connecting Azure Arc to resources in VMware vSphere deployments, thus facilitating the large-scale installation of agents and enabling Azure’s management, monitoring, and security solutions on on-premises systems.
Self-Service capabilities of System Center Virtual Machine Manager (SCVMM) in Azure with Azure Arc
The self-service capabilities of System Center Virtual Machine Manager (SCVMM) are now generally available in Azure through Azure Arc. Once connected with Azure Arc, customers can manage and control their SCVMM environments on Azure and perform self-service operations on virtual machines (VMs) directly from the Azure portal. This provides customers with a consistent management experience across Azure for both cloud and hybrid environments.
New features for SQL Server enabled by Azure Arc
The enhancements to SQL Server enabled by Azure Arc provide additional management capabilities for SQL Server systems operating outside of Azure:
- Monitoring for SQL Server Enabled by Azure Arc (preview). The monitoring for SQL Server enabled by Azure Arc, now in preview, will allow customers to gain visibility across their entire SQL Server infrastructure, both in on-premises data centers and in the cloud. This enhances the performance of databases and allows for quicker diagnosis of issues.
- Improved High Availability and Disaster Recovery (HA/DR) Management for SQL Server Enabled by Azure Arc (Preview). With Azure Arc, customers can now improve operational continuity and the availability of SQL Server by viewing and managing Always On availability groups, failover cluster instances, and backups directly from the Azure portal.
- Extended Security Updates for SQL Server Enabled by Azure Arc. These updates, which provide critical security updates for up to three years after the end of extended support, are now available as a service through Azure Arc.
Secure
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- DevOps Security Insights for GitHub, Azure DevOps, and GitLab. Users will gain deep visibility into the security posture of their applications on GitHub, Azure DevOps, and GitLab within Defender for Cloud. In addition to advanced security for GitHub and Azure DevOps, with the preview of GitLab Ultimate integration, Defender for Cloud now supports the three main development platforms.
- Integration with Microsoft Entra Permissions Management. Users will get a centralized view of the Permissions Creep Index, implement access controls based on the principle of least privilege for cloud resources, and proactively analyze attack paths by linking access permissions to other potential vulnerabilities on Azure, Amazon Web Services (AWS), and Google Cloud.
- Enhanced Container Security in Multicloud Environments. Users will be able to anticipate risks in containerized applications and prioritize misconfigurations and exposures in their Kubernetes deployments with the expansion of contextual graph-based capabilities of the Defender Cloud Security Posture Management (CSPM) to Amazon Elastic Kubernetes Service (Amazon EKS) and Google Kubernetes Engine (GKE) clusters.
- Proactive Attack Path Analysis and Faster Risk Mitigation. Users can efficiently remediate critical risks with a risk-based attack path analysis engine to identify and prioritize the resolution of more complex risks, such as cross-cloud attack paths.
- Improved Security Posture for APIs. With the general availability of the Defender for APIs plan in Defender for Cloud, administrators will be able to gain visibility into critical business APIs, prioritize the remediation of vulnerabilities, and rapidly detect active real-time threats for APIs published in Azure API Management. New preview capabilities aimed at sensitive data classification supported by Microsoft Purview and curated attack paths will further assist security administrators in protecting data from API risks.
- Microsoft Security Copilot. Users will be able to gain efficiency in discovering and resolving risks with the power of AI-generated guidance.
Protect
Azure Backup
Azure Backup for AKS
Microsoft has announced the general availability of Azure Backup for Azure Kubernetes Service (AKS). This native Azure solution provides simple and secure protection for containerized applications deployed on AKS, enabling customers to protect their mission-critical workloads.
Customer-Managed Key Encryption for Backup Vaults (Preview)
Microsoft Azure has introduced the capability to use customer-managed encryption keys (CMKs) for backing up data security. This feature, supported for Recovery Services Vaults, has been extended to Backup Vaults. It is now possible to use CMKs when creating a new backup vault or updating the encryption settings of an existing vault to use CMKs.
Migrate
New releases and features of Azure Migrate
Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.
Azure Evaluation
For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.
