Archivi categoria: Announcements and updates

Azure IaaS and Azure Stack: announcements and updates (December 2019 – Weeks: 47 and 48)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Microsoft cloud in Norway opens with availability of Microsoft Azure

Microsoft announces the availability of Microsoft Azure from the new cloud datacenter regions in Norway, marking a major milestone as the first global cloud provider to deliver enterprise-grade services in country. The new cloud regions in Norway are targeted to expand in 2020 with Office 365, one of the world’s leading cloud-based productivity solutions, and Dynamics 365 and Power Platform, the next generation of intelligent business applications and tools.

Azure Migrate now supports assessment of physical servers

Support to assess physical servers is now available in Azure preview, in addition to existing support for VMware and Hyper-V servers. The appliance for physical servers can be installed on an existing Windows server. This feature can be used to assess virtual machines where there is no access to the hypervisor, as well as virtual machines on any cloud.

Azure Migrate: assessment of imported servers is supported in preview

Azure Migrate now supports the assessment of server inventories imported using a CSV file. Import the servers into Azure Migrate server assessment by adding server details in a CSV file as per the available template, deploying an appliance isn’t required. This is useful if you’re looking for a quick assessment using CMDB inventory or if you’re waiting for approvals to deploy the Azure Migrate appliance. Performance-based assessments can be run as well by specifying utilization values in the CSV.

Azure DevTest Labs: Azure managed identities to deploy lab environments

Azure managed identities to deploy lab environments As a lab owner, you can now use a user assigned managed identity to deploy environments in a lab. This feature is helpful in scenarios where the environment contains or has references to Azure resources such as key vaults, shared image galleries, and networks that are external to the environment’s resource group. It enables creation of sandbox environments that aren’t limited to the resource group of that environment only.

Azure DevTest Labs: New Dashboard with Cost Estimator

Azure Lab Services added a dashboard view enabling instructors to view the summary of the lab. On the dashboard, you will be able to see cost estimate for the lab based on size of the virtual machine picked, number of students, quota hours and scheduled hours.

HPC Specialized VMs (GPU) – NVv4-Series in preview

NVv4 offers unprecedented GPU resourcing flexibility, giving customers more choice than ever before. Customers can select from VMs with a whole GPU all the way down to 1/8th of a GPU. This makes entry-level and low-intensity GPU workloads more cost-effective than ever before, while still giving customers the option to scale up to powerful full-GPU processing power. NVv4 Virtual Machines support up to 32 vCPUs, 112GB of RAM, and 16 GB of GPU memory.

Kubernetes cluster health with Azure Monitor for containers

Azure Monitor for containers can now monitor and report health status of Kubernetes cluster infrastructure components and all nodes running on any Kubernetes cluster.

Azure private endpoint support for Azure Cosmos DB in preview

Azure private endpoint for Azure Cosmos DB is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your virtual network, effectively bringing the service into your virtual network.

 

Azure IaaS and Azure Stack: announcements and updates (November 2019 – Weeks: 45 and 46)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite 2019 conference.

Azure

Save more on Azure usage: reservations for six more services

With reserved capacity, you get significant discounts over your on-demand costs by committing to long-term usage of a service. Microsoft is pleased to share reserved capacity offerings for the following additional services:

  • Blob Storage (GPv2) and Azure Data Lake Storage (Gen2).
  • Azure Database for MySQL.
  • Azure Database for PostgreSQL.
  • Azure Database for MariaDB.
  • Azure Data Explorer.
  • Premium SSD Managed Disks.

With the addition of these services, Microsoft supports reservations for 16 services, giving you more options to save and get better cost predictability across more workloads.

Azure Key Vault Virtual Machine extension generally available

The Azure Key Vault Virtual Machine extension makes it easier for apps running on virtual machines to use certificates from a key vault, by abstracting the common tasks as well as best practices.

Azure Disk Encryption

Azure Disk Encryption enables you to encrypt your Azure Virtual Machine disks with your keys safeguarded in Azure Key Vault. Previously this capability was available through PowerShell and CLI, now this capability is also available in the Azure portal, which makes it very easy to use. Microsoft has also added support for the latest versions of the common Linux distros on Azure, including Red Hat Enterprise Linux 7.6 and 7.7 as well as CentOS Linux 7.6 and 7.7.

HB and HC Virtual Machines in additional regions

The HB-series VMs are optimized for HPC applications driven by memory bandwidth, such as fluid dynamics, explicit finite element analysis, and weather modeling. The HB-Series VM is now available in East US. HC-series VMs are optimized for HPC applications driven by intensive computation, such as implicit finite element analysis, reservoir simulation, and computational chemistry. The HC-Series VM is now available in Japan East. 

Azure IaaS and Azure Stack: announcements and updates (Microsoft Ignite 2019 – Special Edition)

This special edition includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft this week during Microsoft Ignite 2019 conference. Microsoft announced several important additions to its Azure infrastructure as a service (IaaS) portfolio and the Microsoft infrastructure services continue to evolve to optimize the experience of running business-critical workloads.

Azure

Azure Arc: Extended Azure management and security to any infrastructure

Azure Arc enables Azure services anywhere and extends Azure management to any infrastructure for unified management, governance and control across clouds, datacenters and edge. They look and feel just like Azure resources, and they provide unified auditing, compliance, and role based access control across multiple environments and at scale.
As a result, customers can modernize any infrastructure with cloud management and security protection. With cloud practices that work anywhere, Microsoft is delivering these resources, from cloud to datacenter to edge, and enabling cloud security anywhere.
With Azure Arc, customers can now take advantage of Azure’s robust cloud management experience for their own servers (Linux and Windows Server) and Kubernetes clusters by extending Azure management across environments.
Customers can seamlessly inventory, organize, and govern their own resources at scale through a consistent and unified experience through the Azure Portal.

Virtual Machines

Azure generation 2 virtual machines generally available

Generation 2 virtual machines are now generally available on Azure. Generation 2 VMs provide support for Intel Software Guard Extensions (Intel SGX), UEFI boot architecture, and the ability to provision large VMs (up to 12TB) and OS Disks sizes that exceed 2TB. 

Proximity placement groups generally available

A proximity placement group is a logical grouping capability for Azure Virtual Machines that you can use to decrease the network latency between a set of virtual machines. When you assign your virtual machines to a proximity placement group, their placement is optimized to deliver lower latency for your latency-sensitive workloads. Now this feature is generally available in most Azure regions.

Azure VMware Solutions available in West Europe

Azure VMware Solutions are available in the West Europe Azure region. Azure VMware Solutions delivers the ability to run your VMware environment natively on Azure. This gives you the option to leverage your existing VMware skills and investments while taking full advantage of the scale and automation Azure offers. Azure VMware Solutions is now supported in East US, West US, and West Europe regions.

Azure Spot VMs

Azure Spot Virtual Machines, give you access to unused Azure compute capacity at deep discounts, will be available soon (we expect to preview this by early 2020). Spot Virtual Machines will be ideal for workloads that can be interrupted, providing scalability while reducing costs. You will be able to take advantage of Spot Virtual Machine pricing for Azure Virtual Machines or Virtual Machine Scale Sets (VMSS) to deploy opportunistic workloads of all sizes.

New virtual machine scale sets capabilities in preview

New virtual machine scale sets features simplify the management of virtual machines while improving their runtime and performance capabilities.

Vulnerability assessment in Azure Security Center

Applications that are installed in virtual machines could often have vulnerabilities that could lead to a breach of the virtual machine. Microsoft announced that the Security Center Standard tier includes built-in vulnerability assessment for virtual machines for no additional fee.

Advanced data security for SQL servers on Azure Virtual Machines

Azure Security Center’s support for threat protection and vulnerability assessment for SQL DBs running on IaaS virtual machines (VMs) is in preview.

New Azure Dav4-series and Eav4-series virtual machines

New Azure Dav4-series and Eav4-series virtual machines (VMs) based on AMD EPYC™ are available. They are ideal for general purpose (Dav4-series) and memory intensive workloads (Eav4-series).

New NVv4 series Azure Virtual Machines in preview 

NVv4 (currently in preview) offers, for Windows Virtual Desktops and high-performance computing (HPC) workloads, enhanced GPU resourcing flexibility, giving customers more choice by offering partitioned GPUs built using industry-standard SR-IOV technology. Customers can select the right size of GPU Virtual Machines with as little as 2GB of dedicated GPU frame buffer for an entry-level desktop in the cloud, and up to the whole GPU with 16GB of frame buffer to provide powerful engineering workstations.

Updated NDv2 Azure Virtual Machines preview

The NDv2-series Virtual Machines, currently in preview, are the latest, fastest, and most powerful addition to the GPU family, specifically designed for the cutting edge demands of distributed HPC, AI, and machine learning workloads.

HBv2 Azure Virtual Machines for HPC workloads coming soon

HBv2 VMs are designed to deliver supercomputer-class performance, message passing interface (MPI) scalability, and cost efficiency for a variety of real-world HPC workloads. HBv2 Virtual Machines support up to 80,000 cores for single MPI jobs to deliver performance that rivals some of the world’s largest and most powerful bare metal supercomputers.

Networking

Azure Bastion is generally available

Microsoft announced the general availability (GA) of Azure Bastion, a fully managed platform as a service (PaaS) service that provides more secure and seamless RDP and SSH access to virtual machines directly through the Azure portal.

 

Azure Firewall Manager is now in preview

Azure Firewall Manager Preview is a security management service that provides central security policy and route management for cloud-based security perimeters. It works with Azure Virtual WAN Hub, a Microsoft-managed resource that lets you easily create hub and spoke architectures. When security and routing policies are associated with such a hub, it is referred to as a Secured Virtual Hub.

Native Azure Active Directory authentication support in point-to-site VPN

Native Azure Active Directory (Azure AD) authentication support for OpenVPN protocol, and Azure VPN Client for Windows are now available. Native Azure AD authentication support was widely requested by enterprise customers because Azure AD integration enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and a new Azure VPN Client to obtain and validate an Azure AD token.

Azure Private Link is now available in all regions

Azure Private Link, which provides private connectivity to Azure services, is now available in all regions.

Azure Peering Service in managed preview

Azure Peering Service is a partnership with service providers to provide highly reliable and optimized internet connectivity to Microsoft services. It also provides internet latency telemetry and route monitoring with alerting against hijacks, leaks, and any other BGP mal configurations.  Azure Peering Service is targeting customers with an internet-first network strategy for accessing Azure and SaaS services such as Office 365. Through partnering with internet service providers, customers are able to take advantage of optimized routing of their internet traffic to the Microsoft cloud.

Enhancements to Azure Virtual WAN

Significant enhancements include the preview of hub-to-hub and any-to-any connectivity. Virtual WAN users can connect multiple hubs for full mesh connectivity to further simplify their network architecture. Additionally, ExpressRoute and Point to Site are now Generally Available with Virtual WAN.

IPv6 for Azure Virtual Network is generally available

IPv6 support within the virtual network and to the internet enables you to expand into the growing mobile and IoT markets with Azure-based applications and to address IPv4 depletion in your own corporate networks.

Azure ExpressRoute for satellites is available

ExpressRoute, with one of the largest networking ecosystems in the public cloud, now includes satellite connectivity partners, bringing new options and coverage.

Storage

Azure Data Share is available

Azure Data Share enables organizations to easily and securely share data with other organizations to expand analytics datasets for enhanced insights.

Azure Stack 

Azure Stack, the extension of Azure that brings the innovation of cloud computing to build and deploy hybrid applications anywhere, is being renamed “Azure Stack Hub“. Also, Azure Data Box Edge, the Microsoft data-transfer devices, is being renamed as “Azure Stack Edge“.  

So, Azure Stack will expand to include a portfolio of products consisting of:

  • Azure Stack HCI
  • Azure Stack Hub (previously Azure Stack)
  • Azure Stack Edge (previously Azure Data Box Edge):
    • It is an Azure managed appliance that brings the compute, storage, and intelligence of Azure to the edge.
    • It is a first party Microsoft appliance, delivered to customers’ sites to run Azure services with no upfront costs (you pay monthly in your Azure bill).
    • Customers can use the Azure portal to order and provision Azure Stack Edge; Azure management tools are used for monitoring and running updates. 

Azure Stack Hub

Microsoft is sharing some new updates for Azure Stack Hub roadmap, including N-Series virtual machines enabled by NVIDIA V100 GPUs. It’s also announcing the general availability of Kubernetes on Azure Stack Hub. You can now easily provision Kubernetes clusters on Azure Stack Hub using Azure Kubernetes Service (AKS) engine to automate the creation, update, and scaling of Kubernetes clusters. In the first half of 2020, Event Hubs and Azure Stream Analytics will also be available for public preview.

Azure Stack Edge

Azure Stack Edge will soon support new compute and AI capabilities including virtual machines, Kubernetes clusters, NVIDIA GPU support and high-availability support. With these capabilities, Azure Stack Edge is quickly evolving to the forefront of edge computing in the market. Microsoft is also enabling private cellular networks as a service by adding the tech preview of multi-access edge compute (MEC) on Azure Stack Edge.

Azure Stack portfolio and Azure Arc

Azure Arc and Azure Stack portfolio are complementary, so you can combine the benefits of Azure Arc with Azure Stack portfolio, where Azure Arc can manage virtual machines, containers, and run Azure Data Services on Azure Stack portfolio of validated and integrated systems while leveraging the compute and cloud capabilities of Azure Stack.

Conclusions

The most important announcement from Microsoft Ignite 2019 for me is Azure Arc, the Microsoft’s new approach to hybrid. Enterprises rely on a hybrid technology approach to take advantage of their on-premises investment and, at the same time, utilize cloud innovation. As more business operations and applications expand to include edge devices and multiple clouds, hybrid capabilities must enable apps to run seamlessly across on-premises, multi-cloud, and edge devices, while providing consistent management and security across all distributed locations. Hybrid cloud capabilities in Microsoft is evolving to enable innovation anywhere, while providing a seamless development, deployment and ongoing management experience.

Azure IaaS and Azure Stack: announcements and updates (November 2019 – Weeks: 43 and 44)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

New Cost Management features

Here are the Cost Management features that are generally available as of October 2019.

Azure Mv2-series VMs with 12TB memory now GA in new regions

Azure Mv2-series Virtual Machines with 12TB memory are generally available for the US West 2, US East, US East 2, Southeast Asia, EU West and EU North regions. Azure Mv2-series virtual machines are hyper-threaded and feature Intel® Xeon® Platinum 8180M 2.5GHz (Skylake) processors, offering up to 416 vCPU in 3TB, 6 TB and 12 TB memory configurations. This is by far the largest-memory virtual machine offered on Azure. Mv2-series virtual machines provide unparalleled computational performance to support large in-memory databases and workloads such as SAP HANA and SQL Hekaton.

Azure Monitor’s Service Map is available in new regions

The Service Map feature of Azure Monitor is now available in South Central US, West US, Central US, North Central US, East Asia, and Central India.  Around the world is it available in eighteen public regions. Service map automatically discovers application components on Windows and Linux systems and maps the communication between services. With service map, you can view your servers in the way that you think of them—as interconnected systems that deliver critical services. Service map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.

Server-side encryption with customer-managed keys for Azure Managed Disks (preview)

The preview for server-side encryption (SSE) with customer-managed keys (CMK) for Azure Managed Disks is available. Azure customers already benefit from server-side encryption with platform managed keys (PMK) for Azure Managed Disks enabled by default. Customers also benefit from Azure disk encryption (ADE) that leverages the BitLocker feature of Windows and the DM-Crypt feature of Linux to encrypt Managed Disks with customer managed keys within the guest virtual machine. Server-side encryption with customer-managed keys improves on platform managed keys by giving you control of the encryption keys to meet your compliance needs. It improves on Azure disk encryption by enabling you to use any OS types and images for your virtual machines by encrypting data in the storage service. Server-side encryption with customer-managed keys is integrated with Azure Key Vault (AKV) that provides highly available and scalable, secure storage for RSA cryptographic keys backed by hardware security modules (HSMs). You can either import your RSA keys to Azure Key Vault or generate new RSA keys in Azure Key Vault.

Azure File Sync is available in new regions

Azure File Sync is available in South Africa and UAE regions. To get the latest list of supported regions, see this document.

Azure File Sync agent v8 release

Azure File Sync is now on Microsoft Update and Microsoft Download Center. Improvements and issues that are fixed:

  • Restore performance improvements
    • Faster recovery times for recovery done through Azure Backup.Restored files will sync back down to Azure File Sync servers much faster.
  • Improved cloud tiering portal experience
    • If you have tiered files that are failing to recall, you can now view the recall errors in the server endpoint properties. Also, the server endpoint health will now show an error and mitigation steps if the cloud tiering filter driver is not loaded on the server.
  • Simpler agent installation
    • The Az\AzureRM PowerShell module is no longer required to register the server making installation simpler and fast.
  • Miscellaneous performance and reliability improvements

More information about this release:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 8.0.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4511224.

Azure IaaS and Azure Stack: announcements and updates (October 2019 – Weeks: 41 and 42)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure DNS private zones is now generally available

Azure DNS private zones is now production ready and backed by Azure DNS SLA. Azure DNS private zones provide reliable, secure DNS service to host, resolve and manage domain names from a virtual network without the need to add a custom DNS solution.  Azure DNS private zones enables you to effortlessly tailor your DNS namespace design to best suit your organization’s needs without having to worry about scalability, security and performance issues that arise from operating a custom DNS solution. Unlike public DNS zone, private DNS zones are not accessible over internet. DNS queries made against a private DNS zones can be resolved only from the virtual networks linked to the zone.

Customer Provided Keys with Azure Storage Service Encryption

Microsoft presents enhancement to storage service encryption to support granular encryption settings on storage account with keys hosted in any key store. Customer provided keys (CPK) enables you to store and manage keys in on-premises or key stores other than Azure Key Vault to meet corporate, contractual, and regulatory compliance requirements for data security.

New Azure Active Directory roles to reduce the number of Global administrators

Microsoft introduces 16 new roles in Azure AD designed to help you reduce the number of Global administrators by delegating administration tasks and assigning lower-privileged roles.

New Azure Resource Graph functionality

An update to Azure Resource Graph API now allows you to see further details about the changes to your Azure resources. For each change record, an overall changeType is returned indicating if the overall change to the resource was a Create, Update, or Delete action. When you set the fetchPropertyChanges flag to true in your request, the response body will contain a new section called propertyChanges that contains the list of property changes made, including the property name, the before value, the after value, and the change type for that property change (Insert, Update, or Remove).

Large file shares (100 TiB) for Azure Files standard tier

Microsoft announces the general availability of larger, more powerful files shares (100TiB) for Azure Files on standard tier. Large file shares on standard shares significantly improves customers’ experience on standard shares by increasing not only the capacity limits to 100 TiB (20x increase), but also the performance limits up to 10,000 IOPS (10x increase) and 300 MiB/s (5x increase). Large file shares for standard tier is now live in 13 Azure regions with support to enable large file shares on existing accounts.

SR-IOV availability schedule on NCv3 Virtual Machines SKU

As part of Azure’s ongoing commitment to providing industry-leading performance, Microsoft is enabling support for all MPI types and versions, and RDMA verbs for InfiniBand-equipped virtual machines, beginning with NCv3 coming in early November 2019.

Azure Monitor updates

  • Azure Monitor for VMs is available in South Central US, West US, Central US, North Central US, East Asia, and Central India. It’s available around the world in eighteen public regions.
  • In April 2019 Microsoft added support for Azure Kubernetes Services (AKS) in China regions. As part of this support, multi-cluster view is now available in the table of contents so you can monitor multiple clusters at once. Also, AKS-Engine is now supported for China regions. 
  • Azure Monitor for containers has updated the agent to support pod annotation settings. This supports Prometheus metrics scrapping per namespace configurations via config map. Also supports descriptive error outputs to troubleshoot scrape settings.
  • Grafana dashboard template is now available for out-of-the-box metrics collected by Azure Monitor for containers.

Azure IaaS and Azure Stack: announcements and updates (October 2019 – Weeks: 39 and 40)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Large file shares (100 TiB) Azure FIles standard preview available in new regions

Azure Files standard large file shares (LFS) preview in available in two more regions: North Europe and East Asia. Please see the full region list at this page.

New version of Azure Storage Explorer

This month Microsoft released a new version of Azure Storage Explorer, 1.10.0. This latest version of Storage Explorer introduces several new features and delivers significant updates to existing functionality. These features and changes are all designed to make users more efficient and productive when working with Azure Storage, CosmosDB, ADLS Gen2, and, starting with 1.10.0, managed disks. You can download Storage Explorer 1.10.0 to take advantage of all of these new features.

Increment snapshots of Azure managed disks in preview

The preview of incremental snapshots of Azure managed disks is now available. Incremental snapshots are a cost-effective point-in-time backup of managed disks. Unlike current snapshots, which are billed for the full size, incremental snapshots are billed for the delta changes to disks since the last snapshot. They are always stored on the most cost-effective storage i.e., standard HDD irrespective of the storage type of the parent disks. Additionally, for increased reliability, they are stored on Zone redundant storage (ZRS) by default in regions that support ZRS. They cannot be stored on premium storage. 

Windows Virtual Desktop is generally available

Windows Virtual Desktop is generally available worldwide. It is the only service that delivers simplified management, a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. With Windows Virtual Desktop, you can deploy and scale your Windows desktops and apps on Azure in minutes. It is available in all geographies, customers will be able to deploy scalable Azure-based virtualization solutions with a number of operating systems, including Windows 10 multi-session, Windows Server, and Windows 7 desktops with free Extended Security Updates for up to three years for customers still completing their move to Windows 10.

Azure Lab Service Updates

Azure Lab Services added this new features:

  • Adjust quota per user, enabling instructors to give additional hours to students as needed.
  • An option to install GPU drivers automatically if a GPU size is picked. 
  • An updated and improved UI experience.

Private Link for Azure SQL Database and Data Warehouse is in preview

Private Link enables you to connect to Azure SQL Database and Data Warehouse via a private endpoint. Use it to establish cross-premises access to the private endpoint using ExpressRoute, private peering, or VPN tunneling, or you can choose to disable all access via public endpoint.

Preview of direct-upload to Azure managed disks

You can directly upload your VHD do Azure Managed disks without converting them. The direct-upload is in preview.

Azure File Sync agent version 4.x will expire

On November 5, 2019, Azure File Sync agent version 4.x will be expired and stop syncing. If you have servers with agent version 4.x, update to a supported agent version (5.x or later). If you don’t update your servers before November 5, 2019, they will stop syncing. To resume syncing, the agent must be updated to a support version.

Azure IaaS and Azure Stack: announcements and updates (September 2019 – Weeks: 37 and 38)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

New cloud regions in Germany

Microsoft Azure is available from new cloud regions in Germany. Azure is available in new cloud datacenter regions in Germany, Germany West Central (located in Frankfurt) and Germany North (located in Berlin), to provide greater flexibility, the latest intelligent cloud services, full connectivity to the global cloud network, and data residency within Germany. The new regions with German-specific compliance, including Cloud Computing Compliance Controls Catalogue (C5) attestation, and will remove barriers so in-country companies can benefit from the latest solutions such as containers, IoT, and AI.

Azure Firewall is ISO compliant

Azure Firewall is Payment Card Industry (PCI), Service Organization Controls (SOC), and International Organization for Standardization (ISO) compliant. It currently supports SOC 1 Type 2, SOC 2 Type 2, SOC 3, PCI DSS, and ISO 27001, 27018, 20000-1, 22301, 9001, 27017. For more information, see the Microsoft Compliance Guide.

New Azure ExpressRoute sites

The following new ExpressRoute meet-me sites are now live:

  • Copenhagen
  • Stockholm
  • Munich

Azure Private Link in preview

Private Link simplifies the network architecture and secures the connection between endpoints in Azure by keeping data on the Azure network, thus eliminating exposure to the internet. Private Link also enables you to create and render your own services on Azure. During public preview, Private Link supports Azure Storage, Azure Data Lake Storage Gen 2, Azure SQL Database, Azure SQL Data Warehouse, and customer-owned services.

Monitor bandwidth for all peered Azure virtual networks with ExpressRoute

Azure network monitoring solutions including Network Performance Monitor and Network Watcher help monitor your networks in the cloud and in hybrid environments. ExpressRoute Monitoring enables you to monitor network performance over ExpressRoute circuits that are configured to use private peering or Microsoft peering.

Azure Monitor for Azure Virtual Machines is available in additional regions

Monitor for Virtual Machines monitors and analyzes the performance and health of your Windows and Linux virtual machines hosted in Azure, on-premises, or with another cloud provider. Azure Monitor for Azure Virtual Machines is now available in Japan East, North Europe, and East US2. 

Service Map feature of Azure Monitor is available in additional regions

Service Map automatically discovers application components on Windows and Linux systems and maps communication between services. The feature enables you to view your servers, processes, inbound and outbound connection latency, and ports as interconnected systems. The Service Map feature of Azure Monitor is available in Japan East, North Europe, and East US2. 

Zone Redundant Storage (ZRS) for Azure Files premium tier

Zone Redundant Storage (ZRS) is available for Azure Files premium tier. The ZRS replication provides customers a choice of performant Azure Files services with higher availability. With the release of ZRS support, Azure Files premium tier now offers two durability options:

  • Zone redundant storage (ZRS) for data protection against entire zonal outage.
  • Locally-redundant storage (LRS) for lower cost-effective storage for data protection against hardware failure.

Currently, ZRS option is available in West Europe and we plan to gradually expand the regional coverage.

Azure Lab Services supports new GPU Virtual Machine sizes

Azure Lab Services supports two new 6-core GPU Virtual Machine sizes: 

  • Small GPU (Compute): 6 cores, 56 GB RAM, 139 Lab units.
    • Available in US, North Europe, and West Europe regions
    • Best-suited for compute-intensive and network-intensive applications such as Artificial Intelligence and Deep Learning 
  • Small GPU (Visualization): 6 cores, 56 GB RAM, 160 Lab units.
    • Available in US, North Europe, West Europe, and Australia regions
    • Best-suited for remote visualization, streaming, gaming, and encoding using frameworks such as OpenGL and DirectX. 

M-series virtual machines (VMs) are available in new regions

Azure M-series VMs are now available in: Germany West, Germany North, Switzerland West and Switzerland North. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure IaaS and Azure Stack: announcements and updates (September 2019 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Microsoft Azure available from new cloud regions in Switzerland

Microsoft announced the availability of new Azure Regions in Switzerland. With the Azure Region Switzerland West and Switzerland North, Microsoft addresses the need of customers to have cloud regions and datacenters available in Switzerland. Remember that not all services are available in all Azure regions. You can find more information about the products and services available in the Swiss Azure regions on the Azure website.

31 new Azure edge sites

Microsoft announced the addition of 31 new edge sites, bringing the total to over 150 across more than 50 countries. Microsoft is also adding 14 new meet-me sites to Azure ExpressRoute to further enable and expand access to dedicated private connections between customers’ on-premises environments and Azure.

Azure Firewall in China

Azure Firewall is also available in China.

Azure DevTest Labs now integrates with Azure Bastion

Azure DevTest Labs now integrates with Azure Bastion, enabling you to connect to your virtual machines through a web browser. Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. As a lab owner, it’s possible to enable your lab virtual machines to have browser-based access provided they’re created in a virtual network that has Azure Bastion configured on it.

Azure Stack

Azure App Service on Azure Stack Update 7 (1.7)

This release updates the resource provider and brings the following key capabilities and fixes:

  • Updates to **App Service Tenant, Admin, Functions portals and Kudu tools**. Consistent with Azure Stack Portal SDK version.
  • Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.
  • Access Restrictions now enabled in User Portal

All other fixes and updates are detailed in the App Service on Azure Stack Update Seven Release Notes.

Diagnostic log collection is generally available for Azure Stack

The Azure Stack diagnostic log collection service provides a simplified way for Azure Stack operators to collect and share diagnostic logs with Microsoft Customer Support Services (CSS). A new user experience in the Azure Stack administrator portal is available for operators to set up the automatic upload of diagnostic logs to a storage blob when certain critical alerts are raised, or to perform the same operation on demand.

Azure IaaS and Azure Stack: announcements and updates (August 2019 – Weeks: 33 and 34)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Geo Zone Redundant Storage in Azure in preview

Geo Zone Redundant Storage provides a great balance of high performance, high availability, and disaster recovery and is beneficial when building highly available applications or services in Azure. Geo Zone Redundant Storage helps achieve higher data resiliency by doing the following:

  • Synchronously writing three replicas of your data across multiple Azure Availability Zones, such as zone-redundant storage today, protecting from cluster, datacenter, or entire zone failure.

  • Asynchronously replicating the data to another region within the same geo into a single zone, such as locally redundant storage, protecting from a regional outage.

Ultra Disks generally available

Microsoft Azure Ultra Disks is the new managed disks offering which is now generally available for running data intensive business critical workloads on cloud requiring high IO performance and low latency. With the introduction of Ultra Disk Storage, Azure includes four types of persistent disk: Ultra Disk Storage, Premium SSD, Standard SSD, and Standard HDD. This portfolio gives you price and performance options tailored to meet the requirements of every workload.

Azure File Sync agent v7.2

Azure File Sync agent v7.2 update rollup is on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes if the proxy configuration is null.
  • Server endpoint will start BCDR (error 0x80c80257 – ECS_E_BCDR_IN_PROGRESS) if multiple endpoints on the server have the same name.
  • Cloud tiering reliability improvements.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 7.2.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4490497.

Azure Files Azure Active Directory Domain Services (Azure AD DS) Authentication

General Availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. By enabling integration with Azure AD DS, you can mount your Azure file share over SMB using Azure AD credentials from Azure AD DS domain joined Windows VMs with NTFS ACLs enforced.

Just-in-time (JIT) VM access for Azure Firewall is generally available
 
Use it to secure your Azure Firewall protected environments  in addition to your NSG protected environments.

Azure IaaS and Azure Stack: announcements and updates (August 2019 – Weeks: 31 and 32)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure Dedicated Host

Azure Dedicated Host is a new Azure service that enables you to run your organization’s Linux and Windows virtual machines on single-tenant physical servers. Azure Dedicated Hosts provide you with visibility and control to help address corporate compliance and regulatory requirements. Azure Dedicated Host is in preview in most Azure regions.

Azure marketplace charges are available in Azure Cost Management for Pay-As-You-Go customers

Azure marketplace charges within Cost Analysis tool for Pay-As-You-Go customers are available. As a part of this preview you can analyze marketplace charges alongside Azure service charges within Cost Analysis and reconcile Azure marketplace invoice using both Cost Analysis and a new usage csv download API.

Network security group improvements

New improvements have been added to network security group (NSG), which filters network traffic to and from various Azure resources:

  • Specify ICMP as the protocol in your NSG rules, in addition to TCP, UDP, or Any. 
  • Override the default Azure platform considerations by creating an NSG rule with the following service tags. Please exercise caution when using these tags.
    • ​​AzurePlatformDNS for DNS 
    • AzurePlatformIMDS for IMDS 
    • AzurePlatformLKM for Windows licensing (Key Management Service)
Azure File Sync agent v7.1 update rollup
 

Azure File Sync agent v7.1 update rollup is on Microsoft Update and Microsoft Download Center. Improvements and issues that are fixed:

  • Accessing or browsing a server endpoint location over SMB is slow on Windows Server 2012 R2.
  • Increased CPU utilization after installing the Azure File Sync v6 agent.
  • Cloud tiering telemetry improvements.
  • Miscellaneous reliability improvements for cloud tiering and sync.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 7.1.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4490496.

Most cost-effective storage offering

Microsoft has dropped Azure Archive Storage prices by up to 50 percent in some regions. The new pricing is effective immediately.

New AMD-based Azure VMs for general purpose and memory intensive workloads

New Azure virtual machines part of the Dv3 and Ev3-series, optimized for general purpose and memory intensive workloads, are in Preview. The new general purpose Da_v3 and Das_v3 Azure VM-series provide up to 64 vCPUs, 256 GiBs of RAM and 1,600 GiBs of SSD-based temporary storage. Das_v3 Azure VM-series supports Premium SSD disk storage. The new memory optimized Ea_v3 and Eas_v3 Azure VM-series provide up to 64 vCPUs, 432 GiBs of RAM and 1,600 GiBs of SSD-based temporary storage. Eas_v3 Azure VM-series supports Premium SSD disk storage.

M-series virtual machines (VMs) are generally available in the Brazil South Region

Azure M-series VMs are available in the Brazil South region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure Geo and Zone Redundant Storage in public preview

Azure Geo and Zone Redundant Storage (GZRS) helps customers achieve higher data resiliency by Synchronously writing three replicas of your data across multiple Availability Zones and Asynchronously replicating the data to another region within the same geo into a single zone (like LRS today) protecting from a regional outage.

Azure Files Active Directory (Azure AD) authentication with Azure AD domain services is generally available

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard SMB protocol. Integration with Azure AD enables SMB access to Azure file shares using Azure AD credentials from Azure AD domain services domain joined Windows VMs.

Azure Firewall feature updates for July 2019

Here are the Azure Firewall feature updates for July 2019:

  • Multiple public IPs is generally available in all Azure public regions.
  • Availability Zones is now generally available. 
  • SQL FQDN filtering is now in preview in all Azure regions.
  • Azure HDInsight FQDN tag is now in preview in all Azure public regions. 
  • Central management using partner solutions