This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Overview of Management Services in Azure
Monitor
Azure Monitor
VM Health Monitoring with VM Watch for Azure VMs (preview)
VM Watch, now available in public preview, is a lightweight and adaptable service for monitoring the health of virtual machines (VMs) and VM Scale Sets in Azure. This service performs health checks within the VM at configurable intervals, sending results to Azure via a uniform data model. The collected data is used by Azure’s AI Operations (AIOps) engines to detect and prevent regressions. VM Watch is deployed through the Application Health VM extension, simplifying management and adoption for customers, and it is offered at no additional cost. The service is compatible with both Linux and Windows environments, suitable for individual VMs or VMSS. Additionally, VM Watch ensures efficient monitoring without compromising system performance, thanks to limits on CPU and memory usage. The service includes a set of predefined tests, easily configurable for specific scenarios, making monitoring ready-to-use right out of the box.
Govern
Azure Cost Management
Updates related to Microsoft Cost Management
Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.
Secure
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- Security Findings for GitHub Repositories without GitHub Advanced Security: Starting October 21, 2024, GitHub offers security findings for repositories even without GitHub Advanced Security. This new feature enables users to identify and fix Infrastructure-as-Code (IaC) misconfigurations, container vulnerabilities, and code weaknesses, providing greater protection and visibility without the advanced license. However, secret scanning, code scanning with CodeQL, and dependency scanning remain exclusive to GitHub Advanced Security.
- Deprecation of Compliance Standards in Defender for Cloud: Starting November 17, 2024, three compliance standards will be removed from Defender for Cloud: SWIFT CSP-CSCF 2020 (replaced by version 2022), CIS Microsoft Azure Foundations 1.1.0 and 1.3.0 (updated to versions 1.4.0 and 2.0.0, respectively). These updates reflect the latest best practices, and users can consult the Defender for Cloud documentation for an overview of currently supported standards.
- Deprecation of Defender for Cloud Standards for AWS and GCP: As of November 17, 2024, Defender for Cloud will deprecate three standards specific to AWS and GCP (AWS CSPM, GCP CSPM, and GCP Default). These checks have been integrated into the Microsoft Cloud Security Benchmark (MCSB), which becomes the default, unified standard for all multi-cloud security assessments.
- Binary Drift Detection in Containers: Since October 9, 2024, binary drift detection is available for Defender for Containers. This feature detects any suspicious changes within containers in real-time, ensuring greater security for deployments on all versions of Azure Kubernetes Service (AKS).
- Updated Recommendations for Container Runtime (Preview): Recommendations for addressing vulnerabilities in containers running on AWS, Azure, and GCP have been unified to reduce duplication and optimize result analysis.
- Kubernetes Identity and Access View in the Security Graph (Preview): Kubernetes identities and access configurations are now visible in the security graph, showing nodes, service accounts, roles, and connections illustrating permissions among Kubernetes objects.
- Identity-Based Kubernetes Attack Paths (Preview): Using RBAC data, Defender for Cloud can identify attack paths across Kubernetes clusters, detecting lateral movement.
- Enhanced Attack Path Analysis for Containers: Attack path analysis now also supports containers, providing a more detailed view of potential attack patterns in cloud environments.
- Complete Discovery of Container Images in Supported Registries: Defender for Cloud now detects all container images in supported registries, improving visibility and allowing in-depth searches through Cloud Security Explorer to identify images based on metadata.
- Container Software Inventory with Cloud Security Explorer: Cloud Security Explorer now provides a comprehensive inventory of software installed within containers and images, facilitating the quick identification of potential vulnerabilities, including zero-day threats, before CVEs are published.
Protect
Azure Backup
Reduced Rates for SAP HANA Backup Protected Instances
As of September 1, 2024, Azure introduced a significant rate reduction for Protected Instances (PIs) related to the SAP HANA backup service on Azure VMs. This update is aimed at enhancing cost efficiency, offering a more affordable service for protecting critical data for companies without compromising quality or performance. Specifically, the backup streaming rate for SAP HANA has been set at a standard price of $80 per instance (in the East US2 region), with a standard regional surcharge, regardless of the HANA database size. For snapshot backups, the cost is $80 per 5 TB increment, with the same regional surcharge. This change allows enterprises to protect their data in a more economically sustainable way.
GRS and CRR Support for Azure VMs with Premium SSD v2 and Ultra Disk in Azure Backup
Azure has announced support for the backup of virtual machines on Premium SSD v2 and Ultra Disk using GRS (Geo-Redundant Storage) vaults. These offerings represent the most advanced storage solutions, designed to meet the needs of IO-intensive enterprise applications requiring sub-millisecond latencies, high IOPS, and throughput. With GRS support and cross-region restore capabilities, users can protect their virtual machines from data loss during disaster events, as well as perform periodic audits by restoring data on demand in the secondary region. Currently, GRS vault enablement for virtual machines using Premium SSD v2 and Ultra Disk is available in various regions, including Southeast Asia, East Asia, North Europe, West Europe, East US, West US, and West US 3. Support will be extended to other public regions in the coming months.
Immutable WORM Storage for Backups in Azure Recovery Services Vaults (preview)
Azure backup introduces the capability to use immutable WORM (Write Once, Read Many) storage for backups within Recovery Services Vaults. This option ensures that a recovery point, once created, cannot be deleted or altered during its retention period, up to the designated expiration date, helping to meet compliance requirements. WORM support will be applicable to all vaults, both new and existing, and is currently available in preview in specific regions.
Transition to Azure Business Continuity Center for Large-Scale BCDR Management (preview)
Starting October 3, 2024, Azure made the new “Azure Business Continuity Center” (ABCC) available in public preview, a centralized solution for large-scale backup and disaster recovery management. This tool arises from evolving customer needs, influenced by the growing threat of ransomware attacks, which have led many companies to seek out multiple vendors for data protection. The ABCC, which will replace the previous Backup Center, offers unified management for Azure and hybrid environments, integrating the functionalities of Azure Backup and Azure Site Recovery. The transition is immediate and at no additional cost: users can immediately view their protection status in the new center without needing to take specific actions. Simply log into the Azure portal and search for the Business Continuity Center. The Backup Center has been removed from global search results in the Azure portal but remains accessible through an option within the ABCC.
Migrate
Azure Migrate
New releases and features of Azure Migrate
Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features. This month’s main update is that the import of the RVTools XLSX file enables reading storage data, where available, from the vPartition and vMemory sheets (for storage space required for unreserved memory).
Azure Database Migration
Azure Evaluation
For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.
