This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure VMware Solution Now Available in Italy North Region

Azure VMware Solution has been made available in the Italy North Azure Region. This expansion allows customers in Italy to integrate their VMware workloads with Azure services seamlessly, leveraging the global scale, security, and performance of Azure while maintaining the VMware tools and expertise they are accustomed to. This launch supports the growing demand for cloud solutions in the region, enabling local businesses to innovate and scale with the cloud’s flexibility and efficiency.

Italy North Region Added to Azure HDInsight

Azure HDInsight is now generally available in the Italy North region. This expansion enhances Azure’s managed, full-spectrum, open-source analytics service capabilities, allowing enterprises to leverage popular frameworks such as Hadoop, Apache Spark, Apache Hive, LLAP, Apache Kafka, and more within Italy North. The availability of HDInsight in this region enables local and global enterprises to process big data, run real-time analytics, and use machine learning more efficiently with reduced latency.

Networking

Azure Virtual Network Manager Security Admin Rule Configuration Feature 

The Azure Virtual Network Manager’s security admin rule configuration feature has reached general availability (GA) across 30 regions. This feature empowers organizations to enforce security policies across their virtual networks (VNets) efficiently, spanning subscriptions and regions worldwide. By prioritizing these rules above network security groups (NSGs), it ensures a standardized approach to security, helping to mitigate misconfigurations and adherence to corporate policies. The introduction of security admin rules streamlines network management, reducing the complexity of operations while enhancing security measures for expanding network infrastructures.

Azure Virtual Network Manager Topology View 

Azure Virtual Network Manager (AVNM) topology view has been officially launched and is now generally available. This innovative feature offers a scalable and reliable solution for managing networks across global subscriptions. It integrates with Azure Resource Topology (ART) to provide a comprehensive visualization of network resources, contextualized by AVNM connectivity configurations. The topology view facilitates a deeper understanding of network connections, offering insights into the connectivity among network groups and VNets, thus enhancing confidence in network deployment strategies.

ExpressRoute Guided Portal Experience (preview)

Microsoft announces the public preview of the ExpressRoute guided portal experience, aimed at simplifying the configuration of multi-site resilient ExpressRoute circuits. This new portal experience offers critical information, such as the distance between peering locations and traffic engineering recommendations, to assist customers in making informed decisions. During the preview, users can access this feature globally in the Azure public cloud via the Azure portal flight link. This initiative underscores Microsoft’s commitment to providing intuitive tools for enhancing network resiliency and connectivity.

Storage

Mount Azure Storage as a Local Share in App Service Linux Now Supports NFS

Azure App Service Linux now supports NFS when mounting an Azure File share as a local share for web apps. This update enables more flexible and efficient storage solutions for web applications hosted on Azure, streamlining the integration and management of file storage.

Azure Ultra Disk Storage Now Available in Canada East

Azure Ultra Disk Storage, offering high throughput, high IOPS, and consistent low-latency disk storage, is now available in Canada East. Ideal for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads, Ultra Disk Storage enhances Azure Virtual Machines’ performance and capabilities in the region.

Azure NetApp Files Standard Network Features – Edit Volumes in US Gov Regions

Azure has launched a public preview for editing network features of Azure NetApp Files volumes in US Gov regions, leveraging advanced hardware and software integration. This update introduces Standard Network Features, enhancing the virtual networking experience with improved security for Azure NetApp Files. Users can now upgrade Basic network features to Standard, benefiting from increased IP limits, enhanced network security and control, and improved connectivity options. This preview is available across all US Gov regions (VA, TX, & AZ).

General Availability: Support for up to 100 TB of Storage for the FHIR Service

Azure announces general availability for expanded storage support in the FHIR service, part of Azure Health Data Services, up to 100 TB. This enhancement allows for the storage and exchange of vast amounts of health data, facilitating large-scale analytics, population health management, research, and insights from health data. Organizations requiring storage beyond the default 4 TB can request an increase through the Azure portal.

Azure Stack

Azure Stack HCI

Azure Stack HCI 23H2 General Availability

Microsoft has announced the general availability of Azure Stack HCI version 23H2, marking a significant update in cloud-managed edge infrastructure. This version is ready for production . It introduces several previews, including Azure Migrate and Microsoft Defender for Cloud, specifically designed for Azure Stack HCI environments. However, it’s noteworthy that certain features like stretched clustering and System Center VMM support are temporarily unavailable in some regions. The launch of Azure Stack HCI 23H2 represents a leap forward in Microsoft’s edge infrastructure offerings, providing enterprises with robust, scalable solutions for their hybrid cloud environments.

Key Highlights:

• Production-Ready: Azure Stack HCI 23H2 is now ready for production environments, offering robust and reliable infrastructure solutions.
• Seamless Update Process: An update from the previous version 22H2 to 23H2 will soon be available, specifically targeting 23H2 clusters to ensure smooth transitions.
• Enhanced Solutions Availability: The GA version includes premier and integrated solutions, enriching the ecosystem for Azure Stack HCI users.
• Azure Virtual Desktop (AVD) for Azure Stack HCI: AVD is now generally available, bringing together the advantages of Azure Virtual Desktop and Azure Stack HCI. This combination allows organizations to run virtualized desktops and apps securely, either on-premises at the edge or within data centers.
• Azure Migrate Integration (Preview): Azure Stack HCI now supports Azure Migrate in preview, facilitating easier migration of workloads to Azure Stack HCI environments.
• Microsoft Defender for Cloud Integration (Preview): Enhance your security posture with Microsoft Defender for Cloud for Azure Stack HCI, currently in preview.
• Guidance on Using Version 22H2: It’s recommended to continue using version 22H2 temporarily if:
  1. The service is not available in your region (currently limited to East US and West Europe).
  2. You require stretched clustering support, which is not available in 23H2.
  3. Your setup relies on System Center VMM, not supported by 23H2.

Additional Information:

• Currently, 3-node switchless deployments are not supported.
• The GA version includes proxy support for HCI infrastructure, but not yet for VMs.
• Updates to 23H2 can be performed through the portal on existing preview clusters or by new deployment.
• With Windows Defender Application Control (WDAC) enabled by default in Azure Stack HCI 23H2, steps may be needed to allow certain applications to run.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Cloud Services (Classic) Retirement

Microsoft has announced the retirement of its Azure Cloud Services (Classic) deployment model, effective August 31, 2024. This decision marks a significant shift towards more advanced and modern cloud solutions. Users of Azure Cloud Services (Classic) are encouraged to migrate their services to Cloud Services (Extended Support) in Azure Resource Manager, which offers new capabilities and improved efficiency. This transition is vital for maintaining service continuity and accessing enhanced features.

Compute

Automatic Image Creation

Azure has announced the general availability of its Automatic Image Creation service. This feature simplifies the process of creating and managing virtual machine images, allowing for automation and streamlining of deployments. The general availability of this service underscores Azure’s commitment to providing efficient and user-friendly solutions in cloud computing.

Upgrade of Azure Gen1 VMs to Gen2-Trusted Launch (private preview)

Microsoft has announced a private preview that allows users to upgrade their existing Azure Generation 1 (Gen1) virtual machines (VMs) to Generation 2 (Gen2) with Trusted Launch support. This upgrade enhances the foundational security of existing Azure VMs by enabling features like Secure Boot and vTPM capabilities, integral to the Trusted Launch service. Trusted Launch provides a robust security framework for Azure VMs, ensuring boot integrity and protection against advanced threats. The service works by ensuring that only signed operating systems and drivers can boot, establishing a root of trust for the VM software stack. It supports a wide range of compute-optimized, memory-optimized, and storage-optimized VM sizes, as well as multiple operating systems including various versions of Linux and Windows. Notably, this upgrade doesn’t increase existing VM pricing, making it an attractive option for users seeking enhanced security without additional costs.

Networking

Azure Virtual Network Encryption

Microsoft has released the general availability of Azure Virtual Network Encryption, providing an additional layer of security for data in transit. This new feature ensures that data moving within a virtual network is encrypted, enhancing protection against potential threats and unauthorized access. The availability of this feature signifies Microsoft’s ongoing commitment to offering robust security solutions in its cloud services.

Load Balancer in Azure API Management (preview)

Microsoft has introduced a public preview of the Load Balancer in Azure API Management. This feature aims to optimize the distribution of user requests across various servers, ensuring efficient resource utilization and improved response times. The introduction of this load balancer in the preview phase allows users to test and provide feedback, helping Microsoft enhance the feature before its full-scale release.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Storage

Customer-Managed Keys for Azure NetApp Files volume encryption

Azure NetApp Files now supports customer-managed keys for volume encryption, enhancing data security and control. This feature allows users to manage their encryption keys, providing an additional layer of security for sensitive data stored in the cloud. The integration of customer-managed keys with Azure NetApp Files ensures that data encryption aligns with organizational policies and regulatory requirements, offering a secure and compliant storage solution.

Premium SSD v2 and Ultra Disks support with Trusted Launch

Azure introduces the general availability of Premium SSD v2 and Ultra disks support for Trusted Launch virtual machines. This integration enhances security and performance for Azure virtual machines. Trusted Launch provides foundational security with features like Secure Boot and vTPM, protecting against advanced threats. The Ultra disks offer high-performance storage ideal for data-intensive workloads, while Premium SSD v2 disks provide a cost-effective solution for a broad range of enterprise applications.

Zone Redundant Storage for Azure Disks in more regions

Azure has expanded the availability of Zone Redundant Storage (ZRS) for Azure Disk Storage. Now available in West US3 and Germany West Central regions, ZRS enables synchronous data replication across three availability zones. This feature enhances data resilience and application uptime by mitigating the impact of zonal failures. ZRS is compatible with Azure Premium SSDs and Standard SSDs, ensuring high availability for critical workloads.

Azure Ultra Disk Storage Now Available in UK West and Poland Central

Azure has expanded its Ultra Disk Storage to the UK West and Poland Central regions, offering high throughput, high IOPS, and consistent low-latency disk storage. Azure Ultra Disk Storage is ideal for handling data-intensive workloads like SAP HANA, top-tier databases, and transaction-heavy processes. This expansion provides users in these regions with access to Azure’s most advanced storage solutions, optimizing performance for critical applications.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This release marks the final update for the year 2023, and I take this opportunity to wish everyone the best for the upcoming year 2024!

Azure

General

Microsoft Cloud for Sovereignty

Microsoft has announced the general availability of Microsoft Cloud for Sovereignty, a significant advancement in cloud technology for government agencies. This new offering is designed to meet the unique compliance, security, and policy requirements of governments while leveraging cloud capabilities to deliver enhanced value to citizens.

Key Highlights:

• Compliance and Security: Microsoft Cloud for Sovereignty is built on over 60 cloud regions, providing industry-leading cybersecurity and the broadest compliance coverage. It enables governments to implement policies that align with national or regional data residency requirements.
• Sovereign Controls: The platform offers sovereign controls to protect and encrypt sensitive data. This includes sovereign landing zones and Azure Confidential Computing, which secures data in memory in hardware-based trusted execution environments.
• Policy Initiatives: Governments can adopt sovereignty-focused Azure policy initiatives to address the complexity of compliance with national and regional regulatory requirements. This includes the Azure Cloud Security Benchmark and Sovereignty Policy Baseline, among others.

New Capabilities:

• Drift Analysis Tool: Identifies non-compliant settings and helps maintain policy compliance.
• Transparency Logs: Provides visibility into instances where Microsoft engineers access customer resources.
• Configuration Tools in Azure Portal: Simplifies the creation of sovereign landing zones.

This development marks a significant step in enabling governments to harness the power of cloud technology while maintaining strict control over data sovereignty and regulatory compliance.

Compute

Red Hat Enterprise Linux 8.9 on Azure Virtual Machines

Azure now supports Red Hat Enterprise Linux (RHEL) 8.9 on its Virtual Machines, marking the latest minor release of RHEL 8. This version offers enhanced stability, security, and performance for production environments. Key features include streamlined deployment and migration options, new metrics in the performance co-pilot, and new Application Streams for Node.js 20, Java-21, and compiler toolkits. RHEL 8.9’s release emphasizes Azure’s commitment to providing a versatile and efficient operating environment for varied infrastructures.

Networking

Security Update for Azure Front Door WAF CVE-2023-50164

Azure has deployed a new managed rule for its global Web Application Firewall (WAF) customers to address the security vulnerability CVE-2023-50164. This update is crucial for applications potentially impacted by this vulnerability. The fix has been implemented in the ruleset versions 2.1, 2.0, and earlier. The rule, identified as ID 99001017 in the MS-ThreatIntel-CVEs Rule Group, is initially set to ‘Disabled’ with an ‘Anomaly Score’ action, and users are advised to enable it if their application is vulnerable. This update underscores Azure’s commitment to providing robust security for web applications.

Security Update for Application Gateway WAF CVE-2023-50164

Azure has announced the general availability of a security update for the Application Gateway WAF to address the CVE-2023-50164 vulnerability. This update is vital for regional WAF customers to safeguard their applications. The update includes changes to the Default Ruleset (DRS) and Core Ruleset (CRS), with the rule ID 99001017 now set to ‘Enabled’ and ‘Log’ action. It’s important to note that the ‘Anomaly Score’ action is not supported for this rule, and users with older WAFs running CRS 3.1 should upgrade to enable ‘Block’ mode.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Support Plan offer extended

Microsoft Azure has announced an extension of its Azure Support offer. Starting from January 1, 2024, all new and renewing Azure customers who purchase an Enterprise Agreement (EA or EES) or are part of the field-led Microsoft Customer Agreement (MCA) will receive free Azure Standard support. This promotion, designed to assist customers in their cloud journey, will be available until June 30, 2024, at no additional charge. The offer aims to provide an extra level of access to expert technical support, enhancing the Azure experience for enterprise customers. Existing customers will automatically benefit from this offer, with no additional action required. The terms of the promotion can be viewed on the Azure website, with updates to be visible from January 1, 2024.

Compute

Intel TDX based confidential VMs now available in Azure (preview)

Microsoft Azure has introduced the public preview of DCesv5 and ECesv5-series confidential virtual machines (VMs), marking a significant advancement in cloud computing security. These VMs, powered by 4th Gen Intel® Xeon® Scalable processors with Intel® Trust Domain Extensions (Intel® TDX), are now accessible through the Azure portal, Azure CLI, and ARM templates. This development enables organizations to bring confidential workloads to the cloud without necessitating code changes to applications. Initially available in select regions including Europe West, Central US, and East US 2, these VMs represent a leap forward in Azure’s confidential computing capabilities. The introduction of these VMs underscores Azure’s commitment to providing secure and innovative cloud solutions.

Networking

Delaying domain Front Block on Azure Front Door and CDN Services

Microsoft Azure has announced the postponement of the enforcement of blocking domain fronting on Azure Front Door and Azure CDN Standard from Microsoft (classic) to January 22, 2024. This decision, influenced by customer feedback, aims to provide additional time for users to adapt to the upcoming changes. Azure plans to introduce two log fields, “SNI” and “Result,” by December 25, 2023, to assist customers in identifying domain fronting behavior in their resources. The enforcement of this block is intended to enhance security by preventing traffic that attempts to bypass domain fronting checks. It’s important to note that this change will not affect regular users accessing the service through compliant browsers, APIs, SDKs, etc., and is focused on enhancing the security of Azure’s network services.

Storage

Azure File Sync agent v17 release: enhanced performance and expanded features

Microsoft has announced the release of Azure File Sync agent v17, now in flighting and accessible on the Microsoft Update Catalog. This latest update introduces significant improvements and fixes, enhancing the overall performance and functionality of Azure File Sync. Key enhancements include:

• Sync Upload performance improvements: users will experience notable improvements in sync upload performance, especially beneficial during file share migrations and high churn events where a large number of files need uploading. 

• Expanded character support for file and directory names: the update extends the list of supported characters for file and directory names in SMB File shares, aligning with the NTFS file system’s capabilities for valid Unicode characters. This expansion allows for greater flexibility in naming conventions.

• New Cloud Tiering low disk space mode metric: a new feature enables users to configure alerts for servers in low disk space mode, enhancing monitoring capabilities. 

• Resolved agent update issue: the update addresses and resolves a previous issue where the agent update process would hang, improving reliability.

• Miscellaneous reliability and telemetry improvements: the release also includes various enhancements for cloud tiering and sync, focusing on reliability and telemetry.

Additional Release Information:

• The v17 release is compatible with Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.
• Windows Server 2012 R2 users must have .NET Framework version 4.6.2 or higher.
• The agent version for this release is 17.0.0.0.

For installation instructions and further details, users can refer to KB5023053 in the Microsoft knowledge base. This release marks a significant step forward in the Azure File Sync service, offering enhanced performance and expanded capabilities to users.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Storage

Encryption at Host for Premium SSD v2 and Ultra Disks

Azure has announced the general availability of encryption at host for Premium SSD v2 and Ultra Disks. This feature, already available for other Azure Disk types, ensures that data on the Virtual Machine (VM) host is encrypted at rest and remains encrypted during transit to the Storage service. The encryption at host for Premium SSD v2 and Ultra Disks enhances data security and privacy, providing an additional layer of protection for sensitive information stored on Azure. This update is a significant step forward in Azure’s commitment to offering secure and reliable cloud storage solutions.

Azure NetApp Files support for 2 TiB Capacity Pools

Azure NetApp Files now supports the creation of capacity pools with a minimum size of 2TiB, a feature that has reached general availability. This enhancement is particularly useful for workloads such as SAP shared files and VDI, which require lower capacity pool sizes for their capacity and performance needs. Customers can now start with a 2TiB pool and increase in 1TiB increments, providing a more cost-effective solution for managing capacities less than 3TiB. This update is supported in all regions with standard network features, offering customers the flexibility to re-evaluate volume planning and take advantage of the savings associated with smaller capacity pools.

User and Group quota management in Azure NetApp Files

Azure NetApp Files has reached general availability with its user and group quota management feature. This functionality allows administrators to control storage consumption by setting capacity limits for individual users or groups within a specific Azure NetApp Files volume. It supports NFS, SMB, and dual protocol-enabled volumes, offering both default and individual user quotas. For NFS-enabled volumes, default or individual group quotas can be defined. This feature is now available in Azure commercial regions and US Government regions, providing a robust solution for managing capacity consumption and ensuring efficient storage utilization.

Azure NetApp Files: standard network features support in US Government Regions

Azure NetApp Files now offers general availability of standard network features in US Government regions, including Virginia, Texas, and Arizona. This enhancement delivers an improved Virtual Networking experience for non-Azure host-based workloads like Azure NetApp Files. Key features include increased route scale for VNets with ANF volumes, enhanced network security with support for Network Security Groups (NSGs) on ANF delegated subnets, and improved network control through User Defined Routes (UDRs). Additionally, it facilitates on-premises connectivity, ExpressRoute FastPath connectivity, cross-region mount volumes, and support for Private Link and service endpoints. This update significantly enhances the networking capabilities and security for Azure NetApp Files in US Government regions.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS). These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This week marks a significant milestone with the occurrence of the Microsoft Ignite event, bringing with it a substantial number of important updates and innovations announced by Microsoft. To delve deeper into the specific developments unveiled during this conference in these areas, I invite you to read the dedicated article: Unveiling the future: key insights from Microsoft Ignite on Azure IaaS and Azure Stack.

Azure

General

Azure to End Support for TLS 1.0 and 1.1 by 31 October 2024

Microsoft Azure has announced that it will end support for Transport Layer Security (TLS) versions 1.0 and 1.1 by 31 October 2024. This decision is part of Azure’s ongoing efforts to enhance security and provide best-in-class encryption for customer data. From this date, interactions with Azure services will require TLS 1.2 or later. While the Microsoft implementation of older TLS versions is not known to be vulnerable, TLS 1.2 and subsequent versions offer improved security features, such as perfect forward secrecy and stronger cipher suites. Customers are advised to confirm that their resources interacting with Azure services are using TLS 1.2 or later to avoid potential service disruptions. If resources are already exclusively using TLS 1.2 or later, no further action is required. However, if there is still a dependency on TLS 1.0 or 1.1, it is recommended to transition to TLS 1.2 or later by the specified deadline. Microsoft provides additional resources and support to assist with this transition.

Compute

Ubuntu Server to Ubuntu Pro in-place upgrade now available

Microsoft Azure has announced the general availability of an in-place upgrade from Ubuntu Server to Ubuntu Pro. This upgrade can be added as a subscription to your Azure Virtual Machines (VMs), enabling the transition without the need to redeploy or take VMs offline. Ubuntu Pro offers an extended support period of 10 years for over 2,300 Main and 23,000+ Universe packages, with the 18.04 version recently entering extended support. This upgrade enhances VMs with additional security and compliance features, making it a robust choice for enterprise environments. For detailed instructions on the upgrade process, Azure users can refer to the official documentation, and pricing information for Ubuntu Pro is available on the Azure pricing page.

Introducing NGads V620 Series VMs Optimized for Gaming Scenarios

Microsoft Azure has announced the general availability of the NGads V620 series VMs, a new addition optimized for gaming scenarios. These GPU-enabled virtual machines are powered by AMD Radeon™ PRO V620 GPUs and AMD EPYC 7763 (Milan) CPUs, designed to deliver a high-quality, interactive gaming experience hosted in Azure. The NGads V620 VMs feature GPU Partitioning, allowing VMs to access ¼, ½, or a whole GPU, enabling customers to tailor their performance and cost according to their business needs. Additionally, these VMs come standard with NVMe drives, offering up to 1025 GB of temp storage for rapid local data access. A key component of the NGads V620 series is the AMD Software: Cloud Edition. This software targets optimizations available in the consumer gaming version of the AMD Adrenaline driver, further tested and optimized for cloud environments. It is frequently updated to support the latest game releases. The software also supports accelerated virtual desktop environments, with Radeon PRO optimizations for high-end workstation applications in design or rendering.

Networking

Application Gateway: using a common port for Public and Private listeners

Microsoft Azure has announced the general availability of the feature that allows configuring the same port number for public and private listeners on your Application Gateway. This update simplifies the use of Application Gateway deployments to serve both internet-facing and internal clients without the need for non-standard ports or backend application customizations. The feature is available in all public regions, including Azure China and Azure Government cloud regions. Note that additional configuration may be necessary for inbound rules when using Network Security Groups.

Rate-Limit Rules for Application Gateway Web Application Firewall

Azure has introduced rate-limit custom rules for its regional Web Application Firewall (WAF) on Application Gateway, now generally available. This feature allows the detection and blocking of unusually high levels of traffic aimed at your application. Rate-limiting is instrumental in mitigating various types of denial-of-service attacks, managing misconfigured clients sending excessive requests, or controlling traffic from specific geographical locations. This enhancement bolsters the security and management of your web applications.

Application Gateway Supports IPv6 Frontend (preview)

Azure’s Application Gateway v2 is now in public preview for supporting dual-stack (IPv4 and IPv6) connections at the frontend. This upgrade enables the Application Gateway to manage traffic from both IPv4 and IPv6 clients, enhancing flexibility and connectivity options. This feature is particularly beneficial for addressing IPv4 address exhaustion and meeting various regulatory requirements. Users can now set up a new Application Gateway with both IPv4 and IPv6 addresses, reflecting Azure’s commitment to delivering top-notch service and customer experience.

Storage

Azure NetApp Files Datastores for Azure VMware Solution in US Government Regions

Azure NetApp Files datastores have achieved general availability in US Government Cloud regions to support storage-intensive workloads on Azure VMware Solution (AVS). This advancement allows users to create datastores through the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes, which can be attached to any selected private cloud clusters. With the ability to scale storage independently of compute and surpass the local instance storage limits provided by vSAN, this feature aims to reduce the total cost of ownership. This service is now available in the US Gov Virginia and US Gov Arizona regions.

Azure Elastic SAN Updates – Snapshots, Security, and Usability (preview)

Azure Elastic SAN, currently in preview, has received new updates to enhance its performance and security. The updates include live volume resizing, force delete capabilities, and Server-Side Encryption with Customer Managed Keys (SSE with CMK) for improved security. As a VMware Certified datastore, Elastic SAN offers scalable storage and performance, which optimizes total cost of ownership and scalability. These improvements are part of Azure’s ongoing efforts to provide seamless integration with other native Azure products and a robust, secure storage solution.

Azure Stack

Azure Stack HCI

AKS on Azure Stack HCI and Windows Server 2023-10-30

The AKS HCI management cluster has been updated to Kubernetes version 1.26.6, laying the groundwork for future Kubernetes versions for workload clusters. This release includes security updates to address vulnerabilities, enhancements to Azure Arc onboarding prechecks for better network resilience, and several bug fixes. Users are encouraged to try AKS on Azure Stack HCI or Windows Server using the evaluation guide and to contribute feedback and follow the AKS hybrid roadmap through GitHub.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Integration with Canonical’s Snapshot Service (preview)

Microsoft has announced a public preview of Azure’s integration with Canonical’s Snapshot Service, marking a significant step forward in the deployment of secure and resilient Canonical workloads on Azure. This collaboration positions Azure as the first cloud provider to integrate with Canonical’s snapshot service. The integration aims to streamline the update process for Linux operating systems, enhancing security and reliability across Azure services. The Azure Guest Patching Service (AzGPS) and Azure Kubernetes Service (AKS) will utilize this new feature to apply consistent updates across different regions using Safe Deployment Principles (SDP). This initiative underscores Microsoft’s commitment to providing a secure and up-to-date environment for Linux-based applications on Azure.

Compute

Extension of Azure Compute Reservations Exchange Period

Microsoft Azure has announced a significant extension of the exchange period for Azure Compute Reservations, which includes Azure Reserved Virtual Machine Instances, Azure Dedicated Host reservations, and Azure App Services reservations. Initially set to end on January 1, 2024, the exchange period has been extended until at least July 1, 2024. This extension provides an additional grace period, allowing users to exchange their Azure Compute Reservations to better suit their resource needs and planning. Launched in October 2022, the Azure Savings Plan for Compute aims to offer greater flexibility, accommodating changes such as virtual machine series and regions. After the grace period, it will no longer be possible to exchange instance series or regions for the mentioned reservations. Users can choose to convert their Azure Compute Reservations into a savings plan or continue to use and purchase reservations for predictable and stable workloads.

Networking

Default Rule Set 2.1 for Regional WAF with Application Gateway

Microsoft Azure has reached a new milestone with the general availability of Default Rule Set (DRS) 2.1 for the regional Web Application Firewall (WAF) on Azure Application Gateway. This release is based on the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and is enhanced with additional proprietary protection rules developed by the Microsoft Threat Intelligence team. The team’s analysis of Common Vulnerabilities and Exposures (CVEs) has been instrumental in adapting the CRS to address these vulnerabilities while minimizing false positives. This update reflects Microsoft’s dedication to providing robust security measures for applications deployed on Azure, ensuring that they are safeguarded against a wide array of threats.

Azure Bastion for Developers (Preview)

Azure Bastion now offers a developer-focused preview that enables secure and seamless RDP and SSH access to virtual machines over the Azure platform. This service is designed to provide a more integrated and streamlined experience for developers, with features that cater specifically to their workflows and access requirements. The preview aims to enhance productivity and security for development environments hosted on Azure.

Storage

Azure Blob Storage Cold Tier

Azure Blob Storage has announced the general availability of its Cold Tier support for Blob Batch operations as of August 10th, 2023. This new online access tier is the most cost-effective option within Azure Blob Storage for storing infrequently accessed data that requires long-term retention while still providing instant access. Blob Batch operations have been enhanced to support tiering operations for the cold tier, allowing for the efficient management of large volumes of data. For more information on optimizing performance and cost with the Cold Tier, users can refer to the Azure documentation.

TLS 1.2 to Become the Minimum TLS Version for Azure Storage

In a move to align with evolving technology and regulatory standards, Azure Storage is set to deprecate support for TLS versions 1.0 and 1.1. Starting from November 1, 2024, the minimum supported version will be TLS 1.2. This update is crucial as TLS 1.2 offers enhanced security and speed over its predecessors, which do not support modern cryptographic algorithms and cipher suites. The change will affect both existing and new storage accounts that are currently using the older TLS versions across all Azure clouds.

To prevent any service disruptions, users of Azure Storage are required to transition to TLS 1.2 and eliminate any dependencies on the older versions. Azure Storage already supports and defaults to TLS 1.2, so customers using it will not experience any impact due to this update. However, for those utilizing TLS 1.0 or 1.1, it is imperative to update operating systems, development libraries, frameworks, and any other solutions to the latest versions that support TLS 1.2 before October 31, 2024.

Azure has provided a set of recommendations and resources to facilitate this migration. For further details and guidance, users can navigate to the Azure updates page.

Azure Premium SSD v2 Disk Storage Now Available in More Regions

Azure Premium SSD v2 Disk Storage has expanded its availability, now including Poland Central, China North 3, and US Gov Virginia regions. This next-generation storage solution provides sub-millisecond disk latencies and is designed to support IO-intensive workloads at a cost-effective price point. It is ideal for a variety of enterprise production workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, and big data analytics. For more information on Premium SSD v2 Disk Storage and pricing, users can refer to the Azure Managed Disks pricing page.

Azure NetApp Files Standard Storage with Cool Access (preview)

Azure has introduced a new feature in public preview for Azure NetApp Files, standard storage with cool access. This innovative feature allows users to configure a standard capacity pool with cool access, effectively moving cold (infrequently accessed) data transparently to an Azure storage account. This transition aims to reduce the cost of storage while maintaining the same throughput to and from the volume.

However, users should note that there might be a difference in data access latency, as data blocks could be tiered to the Azure storage account. The cool access feature offers options for the “coolness period” to optimize network transfer costs based on specific workload and read/write patterns. This functionality is provided at the volume level.

During the preview phase, this feature is available in several regions, including East US2, East Asia, Central India, Canada Central, Australia East, North Europe, Brazil South, France Central, Australia Southeast, and Canada East. More regions will be added as the preview progresses.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure achieves HITRUST CSF v11.0.1 certification

I am thrilled to announce that Microsoft Azure has achieved HITRUST CSF v11.0.1 certification across 162 Azure services and 115 Azure Government services. This certification covers all GA Azure regions across both Azure and Azure Government clouds. This monumental achievement stands as a testament to Azure’s unwavering commitment to enhancing its security and compliance offerings, especially for valued customers in the healthcare sector.

HITRUST CSF v11.0.1 is the latest iteration of the framework, incorporating new requirements and updates from authoritative sources such as NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and more. Moreover, HITRUST CSF v11.0.1 introduces innovative features and enhancements, including a maturity scoring model, risk factor analysis, an expanded inheritance program, improved assessment scoping tools, and more. By securing this certification, Azure reinforces its dedication to providing secure and compliant cloud services for customers in the healthcare industry.

Compute

Azure Dedicated Host – Resize

With the introduction of Azure Dedicated Host’s new ‘resize’ feature, users can now effortlessly transition their existing dedicated host to a different Azure Dedicated Host SKU, for instance, moving from Dsv3-Type1 to Dsv3-Type4. This innovative ‘resize’ feature significantly reduces the complexities and efforts associated with reconfiguring VMs when there’s a need to upgrade the foundational dedicated host system. One of the standout features is the ability to automatically create a new host, migrate all pre-existing VMs, and subsequently delete the old host. This eliminates the need for any manual interventions during the upgrade process of the dedicated host. Additionally, this could lead to potential cost savings, as users gain the capability to operate more VMs on the newly introduced dedicated host SKUs.

VMSS Automatic Instance Repairs – Reimage, Restart Repair Actions (preview)

Automatic instance repairs help Virtual Machine Scale Set customers achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime. Microsoft has announced that customers can now choose between Replace, Reimage (Preview), or Restart (Preview) as the default repair action performed in response to an “Unhealthy” application signal. These new options provide a less-impactful repair process, ensuring higher application availability while preserving VM properties and metadata for customers with sensitive workloads.

Networking

Default Outbound Access for VMs in Azure Will Be Retired

Microsoft has recently announced that starting from 30 September 2025, the default outbound access connectivity for all new virtual machines in Azure will be retired. This decision is in line with Azure’s move towards a secure-by-default model, which means that the default outbound access to the internet will be turned off. Consequently, after the mentioned date, Azure will no longer assign a default implicit IP for VMs to communicate with the internet. However, it’s important to note that existing VMs will not be affected by this retirement. For those who require outbound access post this date, Azure will provide an easy way to enable outbound internet access using explicit outbound methods. Additionally, for VMs currently having default outbound access and wishing to transition to a secure configuration after this date, Azure will offer a mechanism for easy opt-in. Users already utilizing explicit outbound connectivity methods will remain unaffected by this retirement. Azure emphasizes the benefits of explicit outbound connectivity methods, including greater control over internet connections, protection from public IP address changes, and traceable IP address resources beneficial for measurement and troubleshooting. Azure will be sending periodic updates to subscription owners impacted by this change in the coming months.

ExpressRoute Traffic Collector now generally available

Microsoft Azure has announced the general availability of the ExpressRoute Traffic Collector. This feature allows users to capture information about IP flows sent over ExpressRoute direct circuits. The ExpressRoute Traffic Collector supports flow logs capture for both Private and Microsoft peering. The captured flow logs data is sent to a Log Analytics workspace, enabling users to create custom log queries for in-depth analysis.

Some of the primary use cases for flow logs include:

• Network Monitoring: gain near real-time visibility into network throughput and performance, perform network diagnosis, and forecast capacity.
• Network Usage and Cost Optimization: analyze traffic trends by filtering sampled flows by IP, port, or applications. Identify top talkers for a source IP, destination IP, or applications. Optimize network traffic expenses by analyzing traffic patterns.
• Network Forensics Analysis: identify potentially compromised IPs by analyzing all associated network flows. Users can also export flow logs to a SIEM tool of their choice to monitor and correlate events.

It’s important to note that the flow logs collected by the ExpressRoute Traffic Collector do not impact network throughput or latency. Users can enable or stop flow logs collection without any risk of affecting the network performance of an ExpressRoute direct circuit.

Azure Private Link for MySQL – Flexible Server

Azure Private Link allows users to connect to various PaaS services, such as Azure Database for MySQL – Flexible Server, in Azure, via a private endpoint. Private Link brings Azure services inside your private virtual network (VNet). Using the private IP address, the Azure Database for MySQL – Flexible Server becomes accessible just like any other resource within the VNet. This feature is now available for general use.

Storage

Azure Files improved support for Unicode characters

Azure Files has undergone enhancements to now support all valid Unicode characters. This development allows for the creation of SMB File shares with file and directory names that align with the NTFS file system, specifically for valid Unicode characters. This expanded character set support includes:

• Control characters that are supported by NTFS.
• Trailing dot (.) characters at the end of directory and file names.
• Characters that function individually but were previously blocked when used in combination, especially in non-English languages.

Such advancements facilitate tools like AzCopy and Storage mover to migrate all files into Azure Files using the REST protocol. This expanded character support is now accessible in all Azure regions.

Zone Redundant Storage for Azure Disks in More Regions

Microsoft has announced the general availability of Zone Redundant Storage (ZRS) for Azure Disk Storage on Azure Premium SSDs and Standard SSDs in the Norway East and UAE North regions. Disks with ZRS offer synchronous replication of data across three availability zones within a region. This ensures that the disks can withstand zonal failures without disrupting the associated applications. The feature not only enhances the resilience of disks against zonal failures but also eliminates the need for application-level replication of data across zones. Furthermore, ZRS can be combined with shared disks to provide even higher availability for clustered or distributed applications, including SQL FCI, SAP ASCS/SCS, and GFS2.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.