This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.
Azure
General
Azure Governance Update – Management Groups
Beginning May 3, 2024, Azure will commence enabling the root management group for tenants that have not yet enabled it. This proactive step aligns with best practices for applying Azure Policy and reduces the initial setup work for following governance best practices. Upon creation of the root management group, all subscriptions will become children of this group, facilitating efficient management and compliance enforcement. This update does not alter access permissions or change subscriptions’ configurations; rather, it streamlines governance processes and enhances organizational compliance with Azure Policy standards.
Extensibility Model in Azure Deployment Environments (preview)
Azure Deployment Environments introduces a new extensibility model, now available in public preview, aimed at empowering customers to customize their deployment workflows using various infrastructure-as-code (IaC) frameworks. This model enables users to harness their preferred IaC framework, such as Bicep, Terraform, or Pulumi, to tailor deployment workflows to meet specific organizational needs. With support for Terraform and Bicep, users can seamlessly integrate their chosen IaC framework into Azure Deployment Environments, enhancing flexibility and efficiency in app infrastructure provisioning.
Compute
Azure Dedicated Host – Redeploy (preview)
In a move towards enhancing service resilience and user control, Azure Dedicated Host introduces the “Redeploy” feature, now available in public preview. This feature simplifies the process of moving an Azure Dedicated Host and its associated Virtual Machines (VMs) from one node to another within the same hardware generation. Termed as user-initiated service healing, the redeploy process ensures minimal disruption to services while addressing issues caused by user configurations or underlying host infrastructure. With support available across all regions of the Azure public cloud, users can utilize the Azure Portal or CLI to initiate host redeployment, maintaining host properties while ensuring data integrity on VMs’ temporary disks.
Networking
Application Gateway Web Application Firewall (WAF) Inspection Limit & Size Enforcement
Azure’s Application Gateway v2, integrated with the regional Web Application Firewall (WAF), now provides enhanced control over inspection limits and size enforcement for WAF policies running Core Rule Set (CRS) 3.2 or later. This update enables users to finely tune request body inspection, maximum request body limit, and maximum file upload limit independently. Moreover, users can disable enforcement of these limits without compromising request body inspection. These enhancements empower users to manage WAF policies more effectively, allowing larger requests to pass through without impediment.
Virtual Network Flow Logs
Azure Network Watcher introduces Virtual Network Flow Logs, a new capability enabling users to capture detailed information about IP traffic within their virtual networks. Whether for usage monitoring, optimization, troubleshooting, compliance, or security analysis, flow logs offer valuable insights into network activity. Users can record network traffic at the scope of the virtual network, subnet, or Network Interface Card (NIC), facilitating audit and compliance requirements, identifying traffic patterns, troubleshooting connectivity issues, and detecting malicious activity. Flow data is stored in Azure Storage accounts and can be exported to various analysis tools and security solutions for further examination.
Azure Virtual Network Manager Security Admin Rule Generally Available
The Azure Virtual Network Manager Security Admin Rule is now generally available across all public regions. This rule empowers users to enforce security policies consistently across virtual networks, regardless of subscriptions or regions. By evaluating rules before network security groups (NSGs), organizations can standardize security enforcement, mitigate misconfigurations, and ensure compliance with company policies. With streamlined security management and default settings to prevent errors, users can enhance network security while simplifying operational complexities.
Azure Virtual Network Manager User-Defined Route (UDR) Management (preview)
Azure Virtual Network Manager introduces user-defined route (UDR) management in public preview, offering users the ability to define and apply routing rules across multiple subnets and virtual networks. With this feature, users can easily describe their desired routing behavior within Azure Virtual Network Manager, streamlining the application of routing rules at scale without manual configuration of route tables for each subnet. This capability allows for various scenarios, including routing traffic between spokes across different hubs and directing traffic to specific destinations based on predefined rules, enhancing network management and flexibility within Azure environments.
Storage
Ultra Disks now available on Italy North Azure Region
Azure users in the Italy North region can now leverage the power of Ultra Disks for their virtual machines. Ultra Disks offer high throughput, low latency, and consistent performance, making them ideal for I/O-intensive workloads. With Ultra Disks, users can experience enhanced storage capabilities to meet the demands of their applications while maintaining scalability and reliability.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
