This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite (November 2021) conference.

Azure

Compute

Zerto Disaster Recovery for Azure VMware Solution

Zerto Disaster Recovery is now available and supported with Azure VMware Solution, delivering data protection and disaster recovery services that eliminate data loss and downtime for vSphere virtual machines running on Azure VMware Solution environment.

Zerto Disaster Recovery for Azure VMware Solution supports the following 3 scenarios:

• On-premises VMware to Azure VMware Solution for Hybrid disaster recovery
• Azure VMware Solution to Azure VMware Solution for cloud-based disaster recovery
• Azure VMware Solution to Azure IaaS for cloud-based disaster recovery

Azure Spot Virtual Machines: Try to restore functionality

You can now opt-in and use this feature while deploying Spot VMs using Virtual Machine Scale Sets. This new feature will automatically try to restore an evicted Spot VM to maintain the desired target compute capacity (e.g., number of VMs) in a scale set.

Storage

Azure File Sync agent v14 

Improvements and issues that are fixed in the v14 release:

• Improved server endpoint deprovisioning guidance in the portal. When removing a server endpoint via the portal, we now provide step by step guidance based on the reason behind deleting the server endpoint, so that you can avoid data loss and ensure your data is where it needs to be (server or Azure file share).
• Invoke-AzStorageSyncChangeDetection cmdlet improvements. Microsoft has improved the Invoke-AzStorageSyncChangeDetection cmdlet and the 10,000 item limit no longer applies when scanning the entire share. 
• Azure File Sync is now supported in West US 3 region.
• Reduced transactions when a file consistently fails to upload due to a per-item sync error.
• Reliability and telemetry improvements for cloud tiering and sync.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

• This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
• A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
• The agent version for this release is 14.0.0.0.
• Installation instructions are documented in KB5001872.

Ephemeral OS disks for Azure VMs support additional VM sizes

You now can choose where to store Ephemeral OS disks, either in VM temp disk or on VM cache. This feature enables Ephemeral OS disks to be created for all the VMs, which don’t have cache or have an insufficient cache (such as Dav3, Dav4, Eav4, and Eav3) but has sufficient temp disk to host the Ephemeral OS disk.

Networking

New Azure Firewall Premium capabilities

 Several new Azure Firewall Premium capabilities are available:

• Azure Firewall Premium availability in more regions. Azure Firewall Premium is now available in both Microsoft Government Cloud and Azure China 21Vianet. This expansion makes Azure Firewall Premium now available in 44 Azure regions.
• Terraform support for Firewall Policy Premium. Azure Firewall Premium supports a range of DevOps tools including Azure CLI, PowerShell, REST API. Customers can now use Terraform, a popular open-source tool used by DevOps for implementing infrastructure as code, to manage their Azure Firewall Premium.
• Web categories Category Check (in preview). Web categories lets administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Often customers want to check what categories does a specific URL fall under. Customers can now use the convenience of Azure Portal to determine URL web categories and share feedback if the category is not accurate.

• Migrate to Premium SKU using Stop/Start approach. If you use Azure Firewall Standard SKU with Firewall Policy, you can use the Allocate/Deallocate method to upgrade your Firewall SKU to Premium. This migration approach is supported on both VNET Hub and Secure Hub Firewalls. Secure Hub deployments will be upgraded while preserving the public IP of the firewall. 

Extended regional availability for Private Link NSG Support and for Private Link UDR Support

Private Endpoint support for Network Security Groups (NSGs) and Private Endpoint support for User Defined Routes (UDRs) are now in public preview.

• Private Endpoint support for Network Security Groups (NSGs) enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint.
• Private Endpoint support for User Defined Routes (UDRs) enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range. 

At this time, this features are available in the following regions: UsEast2Euap, UsCentralEuap, WestCentralUS, WestUS, WestUS2, EastUS, EastUS2, Asiaeast, Australiaeast, Japaneast, Canadacentral, Europenorth, Koreacentral, Brazilsouth, Uksouth, US South, US North, and France Central.

ExpressRoute IPv6 Support for Private Peering

IPv6 support for ExpressRoute Private Peering is now generally available with ExpressRoute circuits and Azure environments globally. IPv6 support will unlock hybrid connectivity for you as you look to expand into mobile and IoT markets with Azure, or to address IPv4 exhaustion in your on-premise networks.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New centralized management experience for Azure Hybrid Benefit for SQL Server (preview)

Azure Hybrid Benefit for SQL Server helps reduce costs by allowing existing on-premises licenses with active Software Assurance to be assigned to Azure. Now there’s an easier way to manage the benefit, optimize cost savings, and sustain compliance for the entire organization. Instead of assigning the benefit to each individual Azure resource (e.g. virtual machine), billing admins can now assign and manage SQL Server licenses at an Azure subscription or entire Azure account level.

Cross region replication for Azure NetApp Files

With this disaster recovery capability, you can replicate your Azure NetApp Files volumes between select Azure standard and non-standard region pairs continuously in a fast and cost-effective way, protecting your data from unforeseeable regional failures. Azure NetApp Files cross region replication leverages NetApp SnapMirror technology so only changed blocks are sent over the network in a compressed, efficient format. This technology reduces the amount of data required to replicate across the regions with up to 50% or more, therefore saving Azure NetApp Files customers data transfer cost. It also shortens the replication time so you can achieve a smaller Restore Point Objective.

Networking

Azure Firewall Premium now generally available in five new Azure regions

Azure Firewall Premium provides next generation firewall capabilities that are required for highly sensitive and regulated environments, and it is now generally available in the following new Azure Cloud regions: USGov Texas, USGov Arizona, USGov Virginia, China North 2 and China East 2.

Azure Stack

Azure Stack HCI

New feature update

Feature updates for Azure Stack HCI are released periodically to enhance the customer experience.  This month’s feature update for Clusters running Azure Stack HCI, version 21H2 are:

• Use GPUs with clustered VMs: Provide GPU acceleration to workloads running in clustered VMs.
• Dynamic CPU compatibility mode: Processor compatibility mode has been updated to take advantage of new processor capabilities in a clustered environment.
• Storage thin provisioning: Improve storage efficiency and simplify management with thin provisioning.
• Network ATC: Simplify host networking and network configuration management.
• Adjustable storage repair speed: Gain more control over the data resync process by allocating resources to either resiliency or performance to service your clusters more flexibly and efficiently.
• Support for nested virtualization on AMD processors: Improve flexibility in evaluation and testing scenarios with VM-based clusters.
• Manage quick restarts with Kernel Soft Reboot

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

What’s new in Azure VMware Solution

• Azure VMware Landing Zone is now publically available. It is Microsoft’s prescriptive, opinionated and best-practices backed guidance for deploying and managing workloads running on Azure VMware solution.
• It’s soon possible to use Azure NetApp Filesas NFS datastore for Azure VMware Solution. It’s a great option for using the same NetApp VSAN datastores as used in on-premise environments in Azure now.
• It is possible now to do HCX migration over VPN and SD-SWAN. Customers can get an additional option besides Azure ExpressRoute for driving migrations.  
• Azure VMware Solution is now included as part of Azure Workload Acquisition & Nurture incentive Partners can take advantage of multiple benefits available under the program to drive Azure VMware Solution projects.
• New enhancements, global expansion, partner integration are now available as documented here.

Availability Zones now generally available in new regions

Azure Availability Zones are now generally available in the South Africa North, Norway East and Korea Central region. These new zones provide customers with options for additional resiliency and tolerance to infrastructure impact.

Storage

Azure NetApp Files waitlist removal

Azure NetApp Files, one of the fastest growing bare-metal Azure services is now available to Azure customers directly from the Azure portal, CLI, API or with SDK, without having to go through waitlist approval process.

Standard network features for Azure NetApp Files (preview)

Standard network features for Azure NetApp Files volumes is now in public preview in select regions. This includes support for increased IP limits, Network Security Groups, User-defined routes, and additional connectivity patterns like connectivity over Active/Active VPN gateway and ExpressRoute FastPath.

Azure NetApp Files Backup capability (preview)

Azure NetApp Files backup expands the data protection capabilities of Azure NetApp Files by providing fully managed backup solution for long-term recovery, archive, and compliance.
Azure NetApp Files online snapshots are now enhanced with backup of snapshots. With this new backup capability, you can offload your Azure NetApp Files snapshots to Azure blob storage in a fast and cost-effective way, further protecting your data from accidental deletion.

Enable hierarchical namespace for existing Azure Storage accounts

Accelerating value through data analytics by enabling the Azure Data Lake Storage (ADLS) hierarchical namespace for existing Azure Storage accounts is now generally available. The benefits of the ADLS hierarchical namespace in providing enhanced performance and features that are dedicated to maximizing the value of data analytics is well established. You can now get this benefit for existing accounts and data by enabling the hierarchical namespace in place.

Object replication for Premium Block Blob Storage (preview)

Object replication allows you to replicate your premium block blob data at the blob level from one storage account to another anywhere in the Azure.
Object replication unblocks a new set of common replication scenarios for premium block blobs:

• Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
• Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
• Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution achieves FedRAMP High Authorization

With this certification, U.S. government and public sector customers can now use Azure VMware Solution as a compliant FedRAMP cloud computing environment, ensuring it meets the demanding standards for security and information protection.

JetStream Disaster Recovery for Azure VMware Solution (preview)

JetStream Disaster Recovery is now available on Azure VMware Solution in public preview, enabling DR protection needed for business and mission-critical applications. JetStream Disaster Recovery on Azure VMware Solution is also cost-effective, as it uses minimal resources at the DR site by leveraging cloud storage, such as Azure Blob Storage.

Azure AD-joined VMs support

With this latest update, you can now:

• Join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (Azure AD.)
• Connect to the virtual machine from any device with basic credentials.
•  Automatically enroll the virtual machines with Microsoft Endpoint Manager.

Management Group Scope for Azure Reservations (preview)

You can scope a reservation to a management group. When you set the scope to a management group, the reservation discount is applied to matching resources in the list of subscriptions that are a part of the management group and the billing context.

Storage

Azure Archive Storage now available in three new regions

Azure Archive Storage provides a secure, low-cost means for retaining cold data including backup and archival storage. Now, Azure Archive Storage is available in three new regions: Norway East, UAE North, and Germany West Central.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

On-demand capacity reservations for Azure Virtual Machines (preview)

On-demand capacity reservations for Azure Virtual Machines, now in public preview, enable IT organization to reserve compute capacity for a VM size. The reservation can be for any length of time in any public Azure region or Availability Zone and supports most VM series. You can create and cancel an on-demand capacity reservation at any time, no commitment is required. The ability for you to access compute capacity, with SLA guarantees when on-demand capacity reservations become generally available, ahead of actual VM deployments is particularly important to ensure the availability of business-critical applications running on Azure. On-demand capacity reservations can be combined with Azure Reserved VM Instances (RIs) to significantly reduce costs.

Run Commands for Azure VMware Solution (preview)

Run commands are a collection of PowerShell packages available in the Azure VMware Solution portal that simplify the execution of certain operations on vCenter. With this announcement your cloud administrator can now more easily run management tasks that require elevated privileges.

Automatic scaling with Azure Virtual Machine Scale Sets flexible orchestration mode (preview)

Microsoft has enabled elastic virtual machine profile and automatic scaling for Azure Virtual Machine Scale Sets with flexible orchestration elastic profile and automatic scaling. The features are now in public preview, and provide:  

• Up to 1000 instances in a scale set (general purpose virtual machine sizes only)
• Ability to manually add VM instances to the scale set
• The option to spread instances across fault domains automatically, or specify a fault domain
• Place on demand and Spot VMs in the same scale set
• (New) Define a VM profile and specify instance count
• (New) Automatically scale out and scale in based on metrics, schedule, or AI prediction (private preview)
• (New) In guest patching that respects high availability / FD constraints
• (New) Automatic extension updates
• (New) Automatic instance repair/replacement of unhealthy instances
• (New) Terminate notification for on demand and Spot VMs
• (New) Secure by default networking – customers must explicitly define outbound connectivity
• (New) Improved scale out and scale in reliability, latency, and elasticity

Storage

Azure Files: SMB 3.1.1 support, SMB Multichannel and storage capacity reservation 

Server Message Block (SMB) 3.1.1 is the most recent version of the SMB protocol, released with Windows 10, containing important security and performance updates. Azure Files SMB 3.1.1 ships with two additional encryption modes, AES-128-GCM and AES-256-GCM, in addition to AES-128-CCM which was already supported. In addition to SMB 3.1.1, Azure Files exposes security settings that change the behavior of the SMB protocol. With this release, you may configure allowed SMB protocol versions, SMB channel encryption options, authentication methods, and Kerberos ticket encryption options. By default, Azure Files enables the most compatible options, however these options may be toggled at any time.

Server Message Block (SMB) Multichannel enables you to improve the IO performance of your SMB client 2-4x, increasing performance and decreasing total cost of ownership.

Storage capacity reservations for Azure Files enable you to significantly reduce the total cost of ownership of storage by pre-committing to storage utilization. To achieve the lowest costs in Azure, you should consider reserving capacity for all production workloads.

Zone redundant storage (ZRS) for Azure Disk Storage

Zone redundant storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in West Europe, North Europe, West US 2 and France Central regions. Disks with ZRS provide synchronous replication of data across the zones in a region, enabling disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. They also enable you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software. This means that, if a virtual machine becomes unavailable in an affected zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone. You can also use the ZRS option with shared disks to provide improved availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS, or GFS2.

Automatic key rotation of customer-managed keys for encrypting Azure disks

Azure Disk Storage now enables you to automatically rotate keys for encryption of your data.

Change performance tiers for Azure Premium SSDs with no downtime

On Azure Premium SSDs, you can now change the performance tiers without any downtime to your application (generally available). You can change the performance tier of a disk even when it is attached to running virtual machines. For planned events like a seasonal sales promotion or running a training environment, you need to achieve sustained higher performance for a few hours or days and then return to the normal performance levels. With performance tiers on Premium SSDs, you have the flexibility to scale the disk performance without increasing the disk size by selecting a higher performance tier. You can also change tiers to bring it back to your baseline performance tier, enabling you to achieve higher performance and cost savings.

Networking

New updates to Azure Firewall

New Azure Firewall capabilities:

• Azure Firewall supports US West 3, Jio India West, and Brazil Southeast.
• Auto-generated self-signed certificates for Azure Firewall Premium SKU.
• Secure Hub now supports Availability Zones.
• Deploy Azure Firewall without public IP in Forced Tunnel mode.
• Configure pre-existing Azure Firewalls in Force Tunnel mode using stop or start commands.

Azure Route Server

Azure Route Server simplifies dynamic routing between your network virtual appliance (NVA) and your virtual network. When you establish a Border Gateway Protocol (BGP) peering between your NVA and Azure Router Server, you can advertise IP addresses from your NVA to your virtual network. Your NVA will also learn what IP addresses your virtual network has. Azure Route Server is a fully managed service and is configured with high availability.

Several key Azure Route Server benefits include:

• Simplify network appliance operations
• Deploy it in your existing setup
• Support any network appliance
• Enable new network topology

Private Link Network Security Group Support (preview)

Private Endpoint support for Network Security Groups (NSGs) is now in public preview. This feature enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.

Private Link UDR Support (preview)

Private Endpoint support for User Defined Routes (UDRs) is now in public preview. This feature enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range.  In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.

Address changes on an Azure virtual network that has active peerings (preview)

You can now update your virtual network address space without needing to remove the peering links on their virtual networking and incurring any downtime.

Azure ExpressRoute: new ExpressRoute Direct and Peering locations

New locations are available for ExpressRoute Direct:

• Denver
• Newport (Wales)
• Pune

The new locations support dual 10Gbps or 100Gbps connectivity into Microsoft’s global network.

New peering locations are available for ExpressRoute:

• Chicago2
• Pune
• Seoul2

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Placement polices for Azure VMware Solution (preview)

Placement policies are used to define constraints for running virtual machines in the Azure VMware Solution software-defined data center (SDDC). These constraints allow you to decide where and how the virtual machines should run within the SDDC clusters. Placement polices are used to support performance optimization of virtual Machines (VMs) through policy, and help mitigate the impact of maintenance operations to policies within the SDDC cluster. When you create a placement policy, it creates a vSphere Distributed Resource Scheduler (DRS) rule in the specified vSphere cluster. It also includes additional logic for interoperability with Azure VMware Solution operations.

New VM series supported by Azure Batch

The selection of VMs that can be used by Azure Batch has been expanded, allowing newer Azure VM series to be used. The following additional VM series can now be specified when Batch pools are created:

• FX-series
• ND A100 v4-series
• NP-series

Azure Virtual Machines: retired series

Microsoft is retiring:

• H-series Azure Virtual Machine sizes (H8, H8m, H16, H16r, H16m, H16mr, H8 Promo, H8m Promo, H16 Promo, H16r Promo, H16m Promo, and H16mr Promo) on 31 August 2022.
• ND-series virtual machine sizes on 31 August 2022.
• Basic and Standard A-series VMs on 31 August 2024.

Azure Government Top Secret now generally available for US national security missions

Azure Government Top Secret is available for US and this is a significant milestone in Microsoft commitment to bringing unmatched commercial innovation to US government customers across all data classifications. This announcement, together with new services and functionality in Azure Government Secret, provides further evidence of Microsoft’s relentless commitment to the mission of national security, enabling customers and partners to realize the vision of a multi-cloud strategy and achieve greater agility, interoperability, cost savings, and speed to innovation.

Storage

Azure Blob storage inventory

Inventory provides an easy way to gain insights into the containers and all block, append, and page blobs stored within an account.  Blob Inventory can be selected to provide a full listing of all blobs and containers on a daily or weekly basis. Prior to Inventory, either a separate catalog system or, listing of all blobs and analyzing added complexity and cost to solutions that used blob storage. With inventory, all blobs and containers that match an optional filter will be listed on a daily or weekly basis to a CSV or Parquet file that can then be processed for insights.  

Azure Archive Storage events for easy rehydration of archived blobs

The Azure Archive Storage provides a secure, low-cost means for retaining cold data including backups and archival storage. When your data is stored in Archive Storage, the data is offline and not available for read until it is moved to the hot or cool tier. Previously, the only way to determine when blob rehydration was complete and available to be read was to repeatedly poll the status of the rehydration operation, increasing complexity and cost. Azure Event Grid now supports events that fire when a blob is rehydrated from the archive tier. The Microsoft.Storage.BlobCreated event fires when a blob is copied from the archive tier to a new destination blob in the hot or cool tier. The Microsoft.Storage.BlobTierChanged event fires when the archived blob’s tier is changed to hot or cool. Your application can handle these events in order to respond to blob rehydration.

Azure Blob storage: last access time tracking

Last access time tracking integrates with lifecycle management to allow the automatic tiering and deletion of data based on when individual blobs are last accessed. This allows greater cost control as well as an automatic workflow including deletion of data after it is no longer used. Last access time can also be used without lifecycle management by any solution that needs to understand when individual blobs are last read and then take action. Lifecycle management with last access time tracking is available in all public regions for accounts with flat namespace used.  Azure Data Lake Storage Gen2 will be supported later this year.

Networking

Network Insights: enhanced troubleshooting experiences for additional resources

You now have access to rich insights and enhanced troubleshooting experiences for four additional networking resources in Network Insights: Private Link, NAT Gateway, Public IP, and NIC.

With the onboarding of these resources, customers can access:

• A resource topology showing resource health and connected resources
• A pre-built workbook showing all key metrics along multiple
• Direct links to documentation and troubleshooting help

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Automatic Azure VM extension upgrade capabilities 

Azure Virtual Machine extensions are small applications that provide post-deployment configuration and automation on Azure VMs. The ability to automatically upgrade VM extensions is now available for Azure Virtual Machines and Virtual Machine Scale Sets. If the automatic extension upgrade feature is enabled for an extension on a VM or a VM scale set, the extension is upgraded automatically whenever the extension publisher releases a new version. Azure manages the upgrade rollout and the upgrades are safely applied following availability-first principles, keeping your environments more secure and up to date.

Storage

Azure File Sync agent v13

Improvements and issues that are fixed in the v13 release:

• Authoritative upload: authoritative upload is a new mode available when creating the first server endpoint in a sync group. It is useful for the scenario where the cloud (Azure file share) has some/most of the data but is outdated and needs to be caught up with the more recent data on the new server endpoint. This is the case in offline migration scenarios like DataBox, for instance. When a DataBox is filled and sent to Azure, the users of the local server will keep changing / adding / deleting files on the local server. That makes the data in the DataBox and thus the Azure file share, slightly outdated. With Authoritative Upload, you can now tell the server and cloud, how to resolve this case and get the cloud seamlessly updated with the latest changes on the server. No matter how the data got to the cloud, this mode can update the Azure file share if the data stems from the matching location on the server. Be sure to avoid large directory restructures between the initial copy to the cloud and catching up with Authoritative Upload. This will ensure you are only transporting updates. Changes to directory names will cause all files in these renamed directories to be uploaded again. This functionality is comparable to semantics of RoboCopy /MIR = mirror source to target, including removing files on the target that no longer exist on the source. Authoritative Upload replaces the “Offline Data Transfer” feature for DataBox integration with Azure File Sync via a staging share. A staging share is no longer required to use DataBox. New Offline Data Transfer jobs can no longer be started with the AFS V13 agent. Existing jobs on a server will continue even with the upgrade to agent version 13.
• Portal improvements to view cloud change enumeration and sync progress: when a new sync group is created, any connected server endpoint can only begin sync, when cloud change enumeration is complete. In case files already exist in the cloud endpoint (Azure file share) of this sync group, change enumeration of content in the cloud can take some time. The more items (files and folders) exist in the namespace, the longer this process can take. Admins will now be able to obtain cloud change enumeration progress in the Azure portal to estimate an eta for completion / sync to start with servers.
• Support for server rename: if a registered server is renamed, Azure File Sync will now show the new server name in the portal. If the server was renamed prior to the v13 release, the server name in the portal will now be updated to show the correct server name.
• Support for Windows Server 2022 Preview: the Azure File Sync agent is now supported on Windows Server 2022 Preview build 20348 or later. Note: Windows Server 2022 adds support for TLS 1.3 which is not currently supported by Azure File Sync. If the TLS settings are managed via group policy, the server must be configured to support TLS 1.2.
• Miscellaneous improvements:
  • Reliability improvements for sync, cloud tiering and cloud change enumeration.
  • If a large number of files is changed on the server, sync upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
  • The Invoke-StorageSyncFileRecall cmdlet will now recall all tiered files associated with a server endpoint, even if the file has moved outside the server endpoint location.
  • Explorer.exe is now excluded from cloud tiering last access time tracking.
  • New telemetry (Event ID 6664) to monitor the orphaned tiered files cleanup progress after removing a server endpoint with cloud tiering enabled.

More information about this release:

• This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 Preview installations.
• A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
• The agent version for this release is 13.0.0.0.
• Installation instructions are documented in KB4588753.

Networking

Re-size Azure virtual networks that are peered (preview)

Virtual networks in Azure have had a long-standing constraint where any address space change is only allowed if the virtual network does not have any peerings. Microsoft is announcing that this limitation has been lifted, and customers can freely resize their virtual networks without incurring any downtime. With this feature, existing peerings on the virtual network do not need to be deleted prior to adding or deleting an address prefix on the virtual network.

Azure VPN Client for macOS

Azure VPN Client for macOS is available with support for native Azure AD, certificate-based, and RADIUS authentication for OpenVPN protocol.

Native Azure AD authentication support is highly desired by organizations as it enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and the Azure VPN Client to obtain and validate Azure AD tokens. With the Azure VPN Client for macOS, you can use user-based policies, Conditional Access, as well as Multi-factor Authentication (MFA) for your Mac devices.

Azure ExpressRoute Global Reach: 2 new locations

There are 2 new locations for ExpressRoute Global Reach:

• South Africa (Johannesburg only)
• Taiwan

For more information about ExpressRoute Global Reach and available locations, visit ExpressRoute Global Reach webpage. 

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Shared disks on Azure Disk Storage are now generally available on all Premium SSD and Standard SSD sizes

Shared disks can now be leveraged on smaller Premium SSDs from 4GiB to 128 GiB and all Standard SSDs from 4 GiB to 32 TiB. This expands shared disk support to Ultra Disk, Premium SSD, and Standard SSD enabling you to optimize for different price and performance options based on your workload needs.

Immutable storage with versioning for Blob Storage (preview)

Immutable storage with versioning for Blob Storage is now available in preview. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable, and you can set a retention period so that files can’t be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed. Immutable storage with versioning adds the capability to set an immutable policy on the container or object level. It also allows for the immutable protection of all past and current versions of any blob. 

Networking

Next-generation firewall capabilities with Azure Firewall Premium

Microsoft Azure Firewall Premium is now available with this key features:

• TLS inspection: Azure Firewall Premium terminates outbound and east-west transport layer security (TLS) connections. Inbound TLS inspection is supported in conjunction with Azure Application Gateway allowing end-to-end encryption. Azure Firewall performs the required value-added security functions and re-encrypts the traffic which is sent to the original destination.
• IDPS: Azure Firewall Premium provides signature-based intrusion detection and prevention system (IDPS) to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic or known malicious instruction sequences used by malware.
• Web categories: Allows administrators to filter outbound user access to the internet based on categories (for example, social networking, search engines, gambling, and so on), reducing the time spent on managing individual fully qualified domain names (FQDNs) and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
• URL filtering: Allow administrators to filter outbound access to specific URLs, not just FQDNs. This capability works for both plain text and encrypted traffic if TLS inspection is enabled.

Application Gateway: new features for Web Application Firewall (WAF)

• Bot protection: Web Application Firewall (WAF) bot protection feature on Application Gateway allows users to enable a managed bot protection rule set for their WAF to block or log requests from known malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed. This rule set can be used alongside the OWASP core rule sets (CRS) to provide additional protection. 

• Geomatch custom rules: Web Application Firewall (WAF) geomatch custom rule feature on Application Gateway allows users to restrict access to their web applications by country/region. As with all custom rules, this logic can be compounded with other rules to suit the needs of your application. 

Azure ExpressRoute: 3 New Peering Locations Available

Three new peering locations are available for ExpressRoute:

• Campinas
• Sao Paulo2
• Dublin2

With this announcement, ExpressRoute is now available across 79 global commercial Azure peering locations.

New insights in Traffic Analytics

Azure Network Watcher Traffic Analytics solutions is used to monitor network traffic. It now provides WHOIS and Geographic data for all Public IPs interacting with your deployments and further adds DNS domain, threat type & threat description for Malicious IPs. Now, it also supports inter-zone traffic and VMSS level traffic insights.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Free Extended Security Updates only on Azure for Windows Server 2012/R2and SQL Server 2012

On-premises Windows Server and SQL Server customers looking to migrate and modernize can take advantage of the extension of free Extended Security Updates (ESUs) for Windows Server 2012/R2 and SQL Server 2012, as follows:

• Windows Server 2012 and 2012 R2 Extended Support (ESU) will end on October 10, 2023. Extended Support for SQL Server 2012 ends July 12, 2022. Customers that cannot meet this deadline can protect their apps and data running on these releases for three additional years when they migrate to Windows Server and SQL Server on Azure and take advantage of free ESUs on Azure. Customers running Windows Server and SQL Server on these releases and on-premises will have the option to purchase ESUs.
• Windows Server and SQL Server 2008 and 2008 R2 three-year ESUs are coming to an end on January 10, 2023, and July 12, 2022, respectively. Customers who need more time to migrate and modernize will be able to take advantage of a Windows Server and SQL Server 2008 and 2008 R2 on Azure, we will now provide one addiitonal year of extended security updates only on Azure.

Virtual Machine (VM) bursting is now generally available on more VM types

Virtual machine level disk bursting is a now enabled for our Dsv4, Dasv4, Ddsv4, Esv4, Easv4, Edsv4, Fsv2 and B-series VM families, which allows your virtual machine to burst its disk IO and MiB/s throughput performance for a short time daily. This enables your VMs to handle unforeseen spikey disk traffic smoothly and process batched jobs with speed. There is no additional cost associated with this new capability or adjustments on the VM pricing and it comes enabled by default.

HPC Cache on E-Series VMs Support of Blob NFS 3.0

The Azure Blob team recently announced that Blob NFS 3.0 protocol support is generally available and now, Azure HPC Cache will follow suit with general availability using E-Series VMs.

Storage

Azure File Sync agent v13

The Azure File Sync agent v13 release is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed in the v13 release:

• Authoritative upload. Authoritative upload is a new mode available when creating the first server endpoint in a sync group. It is useful for the scenario where the cloud (Azure file share) has some/most of the data but is outdated and needs to be caught up with the more recent data on the new server endpoint. This is the case in offline migration scenarios like DataBox, for instance. When a DataBox is filled and sent to Azure, the users of the local server will keep changing / adding / deleting files on the local server. That makes the data in the DataBox and thus the Azure file share, slightly outdated. With Authoritative Upload, you can now tell the server and cloud, how to resolve this case and get the cloud seamlessly updated with the latest changes on the server. No matter how the data got to the cloud, this mode can update the Azure file share if the data stems from the matching location on the server. Be sure to avoid large directory restructures between the initial copy to the cloud and catching up with Authoritative Upload. This will ensure you are only transporting updates. Changes to directory names will cause all files in these renamed directories to be uploaded again. This functionality is comparable to semantics of RoboCopy /MIR = mirror source to target, including removing files on the target that no longer exist on the source. Authoritative Upload replaces the “Offline Data Transfer” feature for DataBox integration with Azure File Sync via a staging share. A staging share is no longer required to use DataBox. New Offline Data Transfer jobs can no longer be started with the AFS V13 agent. Existing jobs on a server will continue even with the upgrade to agent version 13.
• Portal improvements to view cloud change enumeration and sync progress. When a new sync group is created, any connected server endpoint can only begin sync, when cloud change enumeration is complete. In case files already exist in the cloud endpoint (Azure file share) of this sync group, change enumeration of content in the cloud can take some time. The more items (files and folders) exist in the namespace, the longer this process can take. Admins will now be able to obtain cloud change enumeration progress in the Azure portal to estimate an eta for completion / sync to start with servers.
• Support for server rename. If a registered server is renamed, Azure File Sync will now show the new server name in the portal. If the server was renamed prior to the v13 release, the server name in the portal will now be updated to show the correct server name.
• Support for Windows Server 2022 Preview. The Azure File Sync agent is now supported on Windows Server 2022 Preview build 20348 or later. Note: Windows Server 2022 adds support for TLS 1.3 which is not currently supported by Azure File Sync. If the TLS settings are managed via group policy, the server must be configured to support TLS 1.2.
• Miscellaneous improvements:
  • Reliability improvements for sync, cloud tiering and cloud change enumeration.
  • If a large number of files is changed on the server, sync upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
  • The Invoke-StorageSyncFileRecall cmdlet will now recall all tiered files associated with a server endpoint, even if the file has moved outside the server endpoint location.
  • Explorer.exe is now excluded from cloud tiering last access time tracking.
  • New telemetry (Event ID 6664) to monitor the orphaned tiered files cleanup progress after removing a server endpoint with cloud tiering enabled.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

• This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 Preview installations.
• A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
• The agent version for this release is 13.0.0.0.
• Installation instructions are documented in KB4588753.

Azure Blob storage: container Soft Delete

Administrators can set a retention policy and recover data from a deletion of a blob container without contacting support.

HPC Cache for NVME-based Storage, Storage Target Management, and HIPAA Compliance

The latest release of HPC Cache adds support for high throughput VMs as well as enhancements to storage target operations.

Disk pool for Azure VMware Solution (preview)

With disk pool, Azure VMware Solution customers can now access Azure Disk Storage for high-performance, durable block storage. Customer can scale their storage independent of compute and handle their growing data needs more cost-effectively.

Networking

Azure Bastion Standard SKU public (preview)

With the new Azure Bastion Standard SKU, you can now perform/configure the following: 

• Manually scale Bastion host Virtual Machine instances: Azure Bastion supports manual scaling of the Virtual Machine (VM) instances facilitating Bastion connectivity. You can configure 2-50 instances to manage the number of concurrent SSH and RDP sessions Azure Bastion can support. 

• Azure Bastion admin panel: Azure Bastion supports enabling/disabling features accessed by the Bastion host. 

Azure Web Application Firewall: OWASP ModSecurity Core Rule Set 3.2 (preview)

Open Web Application Security Project (OWASP) ModSecurity Core Rule Set 3.2 (CRS 3.2) for Azure Web Application Firewall (WAF) deployments running on Application Gateway is in preview. This release offers improved security from web vulnerabilities, reduced false positives, and improvements to performance. Microsoft is also announcing an increase in the file upload limit and request body size limit to 4GB and 2MB respectively.