This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This week marks a significant milestone with the occurrence of the Microsoft Ignite event, bringing with it a substantial number of important updates and innovations announced by Microsoft. To delve deeper into the specific developments unveiled during this conference in these areas, I invite you to read the dedicated article: Unveiling the future: key insights from Microsoft Ignite on Azure IaaS and Azure Stack.

Azure

General

Azure to End Support for TLS 1.0 and 1.1 by 31 October 2024

Microsoft Azure has announced that it will end support for Transport Layer Security (TLS) versions 1.0 and 1.1 by 31 October 2024. This decision is part of Azure’s ongoing efforts to enhance security and provide best-in-class encryption for customer data. From this date, interactions with Azure services will require TLS 1.2 or later. While the Microsoft implementation of older TLS versions is not known to be vulnerable, TLS 1.2 and subsequent versions offer improved security features, such as perfect forward secrecy and stronger cipher suites. Customers are advised to confirm that their resources interacting with Azure services are using TLS 1.2 or later to avoid potential service disruptions. If resources are already exclusively using TLS 1.2 or later, no further action is required. However, if there is still a dependency on TLS 1.0 or 1.1, it is recommended to transition to TLS 1.2 or later by the specified deadline. Microsoft provides additional resources and support to assist with this transition.

Compute

Ubuntu Server to Ubuntu Pro in-place upgrade now available

Microsoft Azure has announced the general availability of an in-place upgrade from Ubuntu Server to Ubuntu Pro. This upgrade can be added as a subscription to your Azure Virtual Machines (VMs), enabling the transition without the need to redeploy or take VMs offline. Ubuntu Pro offers an extended support period of 10 years for over 2,300 Main and 23,000+ Universe packages, with the 18.04 version recently entering extended support. This upgrade enhances VMs with additional security and compliance features, making it a robust choice for enterprise environments. For detailed instructions on the upgrade process, Azure users can refer to the official documentation, and pricing information for Ubuntu Pro is available on the Azure pricing page.

Introducing NGads V620 Series VMs Optimized for Gaming Scenarios

Microsoft Azure has announced the general availability of the NGads V620 series VMs, a new addition optimized for gaming scenarios. These GPU-enabled virtual machines are powered by AMD Radeon™ PRO V620 GPUs and AMD EPYC 7763 (Milan) CPUs, designed to deliver a high-quality, interactive gaming experience hosted in Azure. The NGads V620 VMs feature GPU Partitioning, allowing VMs to access ¼, ½, or a whole GPU, enabling customers to tailor their performance and cost according to their business needs. Additionally, these VMs come standard with NVMe drives, offering up to 1025 GB of temp storage for rapid local data access. A key component of the NGads V620 series is the AMD Software: Cloud Edition. This software targets optimizations available in the consumer gaming version of the AMD Adrenaline driver, further tested and optimized for cloud environments. It is frequently updated to support the latest game releases. The software also supports accelerated virtual desktop environments, with Radeon PRO optimizations for high-end workstation applications in design or rendering.

Networking

Application Gateway: using a common port for Public and Private listeners

Microsoft Azure has announced the general availability of the feature that allows configuring the same port number for public and private listeners on your Application Gateway. This update simplifies the use of Application Gateway deployments to serve both internet-facing and internal clients without the need for non-standard ports or backend application customizations. The feature is available in all public regions, including Azure China and Azure Government cloud regions. Note that additional configuration may be necessary for inbound rules when using Network Security Groups.

Rate-Limit Rules for Application Gateway Web Application Firewall

Azure has introduced rate-limit custom rules for its regional Web Application Firewall (WAF) on Application Gateway, now generally available. This feature allows the detection and blocking of unusually high levels of traffic aimed at your application. Rate-limiting is instrumental in mitigating various types of denial-of-service attacks, managing misconfigured clients sending excessive requests, or controlling traffic from specific geographical locations. This enhancement bolsters the security and management of your web applications.

Application Gateway Supports IPv6 Frontend (preview)

Azure’s Application Gateway v2 is now in public preview for supporting dual-stack (IPv4 and IPv6) connections at the frontend. This upgrade enables the Application Gateway to manage traffic from both IPv4 and IPv6 clients, enhancing flexibility and connectivity options. This feature is particularly beneficial for addressing IPv4 address exhaustion and meeting various regulatory requirements. Users can now set up a new Application Gateway with both IPv4 and IPv6 addresses, reflecting Azure’s commitment to delivering top-notch service and customer experience.

Storage

Azure NetApp Files Datastores for Azure VMware Solution in US Government Regions

Azure NetApp Files datastores have achieved general availability in US Government Cloud regions to support storage-intensive workloads on Azure VMware Solution (AVS). This advancement allows users to create datastores through the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes, which can be attached to any selected private cloud clusters. With the ability to scale storage independently of compute and surpass the local instance storage limits provided by vSAN, this feature aims to reduce the total cost of ownership. This service is now available in the US Gov Virginia and US Gov Arizona regions.

Azure Elastic SAN Updates – Snapshots, Security, and Usability (preview)

Azure Elastic SAN, currently in preview, has received new updates to enhance its performance and security. The updates include live volume resizing, force delete capabilities, and Server-Side Encryption with Customer Managed Keys (SSE with CMK) for improved security. As a VMware Certified datastore, Elastic SAN offers scalable storage and performance, which optimizes total cost of ownership and scalability. These improvements are part of Azure’s ongoing efforts to provide seamless integration with other native Azure products and a robust, secure storage solution.

Azure Stack

Azure Stack HCI

AKS on Azure Stack HCI and Windows Server 2023-10-30

The AKS HCI management cluster has been updated to Kubernetes version 1.26.6, laying the groundwork for future Kubernetes versions for workload clusters. This release includes security updates to address vulnerabilities, enhancements to Azure Arc onboarding prechecks for better network resilience, and several bug fixes. Users are encouraged to try AKS on Azure Stack HCI or Windows Server using the evaluation guide and to contribute feedback and follow the AKS hybrid roadmap through GitHub.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Integration with Canonical’s Snapshot Service (preview)

Microsoft has announced a public preview of Azure’s integration with Canonical’s Snapshot Service, marking a significant step forward in the deployment of secure and resilient Canonical workloads on Azure. This collaboration positions Azure as the first cloud provider to integrate with Canonical’s snapshot service. The integration aims to streamline the update process for Linux operating systems, enhancing security and reliability across Azure services. The Azure Guest Patching Service (AzGPS) and Azure Kubernetes Service (AKS) will utilize this new feature to apply consistent updates across different regions using Safe Deployment Principles (SDP). This initiative underscores Microsoft’s commitment to providing a secure and up-to-date environment for Linux-based applications on Azure.

Compute

Extension of Azure Compute Reservations Exchange Period

Microsoft Azure has announced a significant extension of the exchange period for Azure Compute Reservations, which includes Azure Reserved Virtual Machine Instances, Azure Dedicated Host reservations, and Azure App Services reservations. Initially set to end on January 1, 2024, the exchange period has been extended until at least July 1, 2024. This extension provides an additional grace period, allowing users to exchange their Azure Compute Reservations to better suit their resource needs and planning. Launched in October 2022, the Azure Savings Plan for Compute aims to offer greater flexibility, accommodating changes such as virtual machine series and regions. After the grace period, it will no longer be possible to exchange instance series or regions for the mentioned reservations. Users can choose to convert their Azure Compute Reservations into a savings plan or continue to use and purchase reservations for predictable and stable workloads.

Networking

Default Rule Set 2.1 for Regional WAF with Application Gateway

Microsoft Azure has reached a new milestone with the general availability of Default Rule Set (DRS) 2.1 for the regional Web Application Firewall (WAF) on Azure Application Gateway. This release is based on the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and is enhanced with additional proprietary protection rules developed by the Microsoft Threat Intelligence team. The team’s analysis of Common Vulnerabilities and Exposures (CVEs) has been instrumental in adapting the CRS to address these vulnerabilities while minimizing false positives. This update reflects Microsoft’s dedication to providing robust security measures for applications deployed on Azure, ensuring that they are safeguarded against a wide array of threats.

Azure Bastion for Developers (Preview)

Azure Bastion now offers a developer-focused preview that enables secure and seamless RDP and SSH access to virtual machines over the Azure platform. This service is designed to provide a more integrated and streamlined experience for developers, with features that cater specifically to their workflows and access requirements. The preview aims to enhance productivity and security for development environments hosted on Azure.

Storage

Azure Blob Storage Cold Tier

Azure Blob Storage has announced the general availability of its Cold Tier support for Blob Batch operations as of August 10th, 2023. This new online access tier is the most cost-effective option within Azure Blob Storage for storing infrequently accessed data that requires long-term retention while still providing instant access. Blob Batch operations have been enhanced to support tiering operations for the cold tier, allowing for the efficient management of large volumes of data. For more information on optimizing performance and cost with the Cold Tier, users can refer to the Azure documentation.

TLS 1.2 to Become the Minimum TLS Version for Azure Storage

In a move to align with evolving technology and regulatory standards, Azure Storage is set to deprecate support for TLS versions 1.0 and 1.1. Starting from November 1, 2024, the minimum supported version will be TLS 1.2. This update is crucial as TLS 1.2 offers enhanced security and speed over its predecessors, which do not support modern cryptographic algorithms and cipher suites. The change will affect both existing and new storage accounts that are currently using the older TLS versions across all Azure clouds.

To prevent any service disruptions, users of Azure Storage are required to transition to TLS 1.2 and eliminate any dependencies on the older versions. Azure Storage already supports and defaults to TLS 1.2, so customers using it will not experience any impact due to this update. However, for those utilizing TLS 1.0 or 1.1, it is imperative to update operating systems, development libraries, frameworks, and any other solutions to the latest versions that support TLS 1.2 before October 31, 2024.

Azure has provided a set of recommendations and resources to facilitate this migration. For further details and guidance, users can navigate to the Azure updates page.

Azure Premium SSD v2 Disk Storage Now Available in More Regions

Azure Premium SSD v2 Disk Storage has expanded its availability, now including Poland Central, China North 3, and US Gov Virginia regions. This next-generation storage solution provides sub-millisecond disk latencies and is designed to support IO-intensive workloads at a cost-effective price point. It is ideal for a variety of enterprise production workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, and big data analytics. For more information on Premium SSD v2 Disk Storage and pricing, users can refer to the Azure Managed Disks pricing page.

Azure NetApp Files Standard Storage with Cool Access (preview)

Azure has introduced a new feature in public preview for Azure NetApp Files, standard storage with cool access. This innovative feature allows users to configure a standard capacity pool with cool access, effectively moving cold (infrequently accessed) data transparently to an Azure storage account. This transition aims to reduce the cost of storage while maintaining the same throughput to and from the volume.

However, users should note that there might be a difference in data access latency, as data blocks could be tiered to the Azure storage account. The cool access feature offers options for the “coolness period” to optimize network transfer costs based on specific workload and read/write patterns. This functionality is provided at the volume level.

During the preview phase, this feature is available in several regions, including East US2, East Asia, Central India, Canada Central, Australia East, North Europe, Brazil South, France Central, Australia Southeast, and Canada East. More regions will be added as the preview progresses.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure achieves HITRUST CSF v11.0.1 certification

I am thrilled to announce that Microsoft Azure has achieved HITRUST CSF v11.0.1 certification across 162 Azure services and 115 Azure Government services. This certification covers all GA Azure regions across both Azure and Azure Government clouds. This monumental achievement stands as a testament to Azure’s unwavering commitment to enhancing its security and compliance offerings, especially for valued customers in the healthcare sector.

HITRUST CSF v11.0.1 is the latest iteration of the framework, incorporating new requirements and updates from authoritative sources such as NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and more. Moreover, HITRUST CSF v11.0.1 introduces innovative features and enhancements, including a maturity scoring model, risk factor analysis, an expanded inheritance program, improved assessment scoping tools, and more. By securing this certification, Azure reinforces its dedication to providing secure and compliant cloud services for customers in the healthcare industry.

Compute

Azure Dedicated Host – Resize

With the introduction of Azure Dedicated Host’s new ‘resize’ feature, users can now effortlessly transition their existing dedicated host to a different Azure Dedicated Host SKU, for instance, moving from Dsv3-Type1 to Dsv3-Type4. This innovative ‘resize’ feature significantly reduces the complexities and efforts associated with reconfiguring VMs when there’s a need to upgrade the foundational dedicated host system. One of the standout features is the ability to automatically create a new host, migrate all pre-existing VMs, and subsequently delete the old host. This eliminates the need for any manual interventions during the upgrade process of the dedicated host. Additionally, this could lead to potential cost savings, as users gain the capability to operate more VMs on the newly introduced dedicated host SKUs.

VMSS Automatic Instance Repairs – Reimage, Restart Repair Actions (preview)

Automatic instance repairs help Virtual Machine Scale Set customers achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime. Microsoft has announced that customers can now choose between Replace, Reimage (Preview), or Restart (Preview) as the default repair action performed in response to an “Unhealthy” application signal. These new options provide a less-impactful repair process, ensuring higher application availability while preserving VM properties and metadata for customers with sensitive workloads.

Networking

Default Outbound Access for VMs in Azure Will Be Retired

Microsoft has recently announced that starting from 30 September 2025, the default outbound access connectivity for all new virtual machines in Azure will be retired. This decision is in line with Azure’s move towards a secure-by-default model, which means that the default outbound access to the internet will be turned off. Consequently, after the mentioned date, Azure will no longer assign a default implicit IP for VMs to communicate with the internet. However, it’s important to note that existing VMs will not be affected by this retirement. For those who require outbound access post this date, Azure will provide an easy way to enable outbound internet access using explicit outbound methods. Additionally, for VMs currently having default outbound access and wishing to transition to a secure configuration after this date, Azure will offer a mechanism for easy opt-in. Users already utilizing explicit outbound connectivity methods will remain unaffected by this retirement. Azure emphasizes the benefits of explicit outbound connectivity methods, including greater control over internet connections, protection from public IP address changes, and traceable IP address resources beneficial for measurement and troubleshooting. Azure will be sending periodic updates to subscription owners impacted by this change in the coming months.

ExpressRoute Traffic Collector now generally available

Microsoft Azure has announced the general availability of the ExpressRoute Traffic Collector. This feature allows users to capture information about IP flows sent over ExpressRoute direct circuits. The ExpressRoute Traffic Collector supports flow logs capture for both Private and Microsoft peering. The captured flow logs data is sent to a Log Analytics workspace, enabling users to create custom log queries for in-depth analysis.

Some of the primary use cases for flow logs include:

• Network Monitoring: gain near real-time visibility into network throughput and performance, perform network diagnosis, and forecast capacity.
• Network Usage and Cost Optimization: analyze traffic trends by filtering sampled flows by IP, port, or applications. Identify top talkers for a source IP, destination IP, or applications. Optimize network traffic expenses by analyzing traffic patterns.
• Network Forensics Analysis: identify potentially compromised IPs by analyzing all associated network flows. Users can also export flow logs to a SIEM tool of their choice to monitor and correlate events.

It’s important to note that the flow logs collected by the ExpressRoute Traffic Collector do not impact network throughput or latency. Users can enable or stop flow logs collection without any risk of affecting the network performance of an ExpressRoute direct circuit.

Azure Private Link for MySQL – Flexible Server

Azure Private Link allows users to connect to various PaaS services, such as Azure Database for MySQL – Flexible Server, in Azure, via a private endpoint. Private Link brings Azure services inside your private virtual network (VNet). Using the private IP address, the Azure Database for MySQL – Flexible Server becomes accessible just like any other resource within the VNet. This feature is now available for general use.

Storage

Azure Files improved support for Unicode characters

Azure Files has undergone enhancements to now support all valid Unicode characters. This development allows for the creation of SMB File shares with file and directory names that align with the NTFS file system, specifically for valid Unicode characters. This expanded character set support includes:

• Control characters that are supported by NTFS.
• Trailing dot (.) characters at the end of directory and file names.
• Characters that function individually but were previously blocked when used in combination, especially in non-English languages.

Such advancements facilitate tools like AzCopy and Storage mover to migrate all files into Azure Files using the REST protocol. This expanded character support is now accessible in all Azure regions.

Zone Redundant Storage for Azure Disks in More Regions

Microsoft has announced the general availability of Zone Redundant Storage (ZRS) for Azure Disk Storage on Azure Premium SSDs and Standard SSDs in the Norway East and UAE North regions. Disks with ZRS offer synchronous replication of data across three availability zones within a region. This ensures that the disks can withstand zonal failures without disrupting the associated applications. The feature not only enhances the resilience of disks against zonal failures but also eliminates the need for application-level replication of data across zones. Furthermore, ZRS can be combined with shared disks to provide even higher availability for clustered or distributed applications, including SQL FCI, SAP ASCS/SCS, and GFS2.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure Now Available from New Cloud Region in Italy

Microsoft Azure has officially reached General Availability in a new cloud region in Italy. This expansion of Azure’s global presence brings its cloud services closer to businesses and organizations in Italy, enabling them to benefit from Azure’s comprehensive suite of services for their digital transformation initiatives. With this new cloud region, customers in Italy can now take advantage of low-latency, high-performance computing and networking capabilities offered by Azure, while complying with local data residency requirements and ensuring data sovereignty.

Networking

Default outbound access for VMs in Azure will be retired: Transition to a new method of internet access

Azure is retiring the default outbound access for virtual machines (VMs) and recommends transitioning to a new method of internet access. This change is part of Azure’s ongoing commitment to improve the security and performance of its services. Customers are advised to review the documentation and make necessary changes to ensure uninterrupted outbound connectivity for their VMs.

Domain Fronting update on Azure Front Door and Azure CDN

Azure has announced the general availability of the domain fronting update on Azure Front Door and Azure CDN. This update enhances the security and performance of the services. Domain fronting is a technique used to obfuscate the destination of HTTPS traffic. With this update, Azure aims to provide better security and improved performance for its users. The update ensures that the services are more resilient and can handle traffic more efficiently.

Gateway Load Balancer IPv6 support

Azure Gateway Load Balancer now supports IPv6, which allows you to build, deploy, and scale applications that use IPv6 addresses. This enhancement provides a consistent frontend IP for virtual appliances, ensuring that traffic is distributed evenly across multiple instances. With this update, Azure continues to expand its IPv6 capabilities, enabling you to meet the requirements of your IPv6-enabled applications.

Storage

Zone-redundant storage for Azure Disks is now available in more regions

Zone-redundant storage (ZRS) for Azure Disks is now available in more regions. ZRS replicates your data in availability zones, ensuring data resilience and protection against zone failures. This update provides a higher level of resilience for your critical applications and ensures that they remain operational even if one of the availability zones fails.

Customer-Managed Keys for Azure NetApp Files Volume Encryption is Now Available in US Gov Regions (preview)

Azure is excited to announce the availability of Customer-Managed Keys for Azure NetApp Files Volume Encryption in the US Gov Regions, now in public preview. This new feature empowers Azure customers in government sectors to have greater control over their data security and encryption keys when using Azure NetApp Files. With Customer-Managed Keys, customers can manage their own encryption keys using Azure Key Vault, ensuring a higher level of data security and compliance with specific regulatory requirements. This preview provides an opportunity for customers in government regions to evaluate and test this feature before its general availability.

Azure Stack

Azure Stack HCI

Premier Solutions for Azure Stack HCI

The introduction of Premier Solutions for Azure Stack HCI represents a significant leap forward in Azure’s offerings for customers seeking enhanced operational efficiency, rapid deployment, and flexible procurement options. This innovative category of products has been developed in close collaboration with industry leaders like Dell Technologies and Lenovo, resulting in a seamless and comprehensive edge infrastructure solution.

Key Benefits of Premier Solutions for Azure Stack HCI:

• Improved Operational Experience: Premier Solutions are designed to streamline and enhance the operational experience for Azure Stack HCI users. By leveraging the expertise and technology of Azure, customers can expect greater reliability, scalability, and ease of management, ensuring that their infrastructure runs smoothly without interruptions.
• Faster Time to Value: With Premier Solutions, customers can deploy Azure Stack HCI more quickly and efficiently. The integration of hardware, software, and cloud services simplifies the setup process, reducing the time and effort required to get the system up and running. This means organizations can start realizing the benefits of their HCI infrastructure sooner.
• Greater Flexibility with as-a-Service Procurement: Premier Solutions offer flexible procurement options, aligning with the as-a-service model that is becoming increasingly popular in the IT industry. This allows organizations to scale their infrastructure as needed, optimizing costs and resources while ensuring they have access to the latest technologies and features.
• Deep Integration: The collaboration with leading partners, including Dell Technologies and Lenovo, ensures a high level of integration between hardware and software components. This deep integration results in a more cohesive and efficient HCI solution, delivering improved performance and reliability.
• Seamless Connectivity: Premier Solutions enable seamless connectivity between on-premises infrastructure and the Azure cloud. This connectivity ensures that organizations can leverage the full power of Azure services while maintaining control over their data and resources.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Latest generation burstable VMs – Bsv2, Basv2, and Bpsv2

The Bsv2, Basv2, and Bpsv2 series virtual machines represent the latest generation of Azure burstable general-purpose VMs. These VMs provide a baseline level of CPU utilization and can expand to higher CPU utilization as workload volume increases. They are ideal for various applications, including development and test servers, low-traffic web servers, small databases, microservices, proof-of-concept servers, build servers, and code repositories. Compared to the B series v1, these new B series v2 virtual machines offer up to 15% better price-performance, up to 5X higher network bandwidth with accelerated networking, and 10X higher remote storage throughput.

Networking

Sensitive Data Protection for Application Gateway Web Application Firewall

Azure’s regional Web Application Firewall (WAF) running on Application Gateway has introduced support for sensitive data protection through log scrubbing. When a request aligns with the criteria of a rule and activates a WAF action, the event is documented within the WAF logs. These logs are maintained as plain text for easier debugging. However, this means that any patterns matching sensitive customer data, such as IP addresses, passwords, and other personally identifiable information, could potentially be recorded in the logs as plain text. To enhance the security of this sensitive data, users can now establish log scrubbing rules that substitute the sensitive data with “******”. The sensitive data protection feature using log scrubbing facilitates the creation of rules using various variables, including Request Header Names, Request Cookie Names, Request Arg Names, Request Post Arg Names, Request JSON Arg Names, and Request IP Address.

Azure Front Door Standard and Premium support Bring Your Own Certificates (BYOC) based domain ownership validation (preview)

Azure Front Door Standard and Premium now support Bring Your Own Certificates (BYOC) based domain ownership validation. With this feature, Azure Front Door can automatically approve domain ownership if the Certificate Name (CN) or Subject Alternative Name (SAN) of the provided certificate matches the custom domain. This reduces the steps and efforts required to prove domain ownership, streamlining the Dev-Ops experience. For domains created before this feature’s support and whose validation status is not yet approved, users will need to trigger the auto-approval of domain ownership validation manually.

Storage

Azure Premium SSD v2 Disk Storage now available in multiple regions

Azure Premium SSD v2 Disk Storage is now generally available in the Australia East, France Central, Norway East, and UAE North regions. This expansion offers customers in these regions the opportunity to leverage the benefits of Azure Premium SSD v2 Disk Storage for their workloads. Azure Premium SSD v2 Disk Storage provides high-performance and low-latency disk support for virtual machines running I/O-intensive workloads. By utilizing this storage solution, users can expect consistent performance, enhanced durability, and availability.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Trusted launch as default for VMs deployed through the Azure portal

Azure has introduced “Trusted launch” as a default feature for virtual machines deployed through the Azure portal. Trusted launch hardens Azure virtual machines with security features, ensuring that administrators deploy VMs with verified and signed bootloaders, OS kernels, and a boot policy. The feature encompasses secure boot, vTPM, and boot integrity monitoring, offering protection against boot kits, rootkits, and kernel-level malware. Secure Boot ensures that only signed OSes and drivers boot, while the Virtual TPM (vTPM) safeguards keys, certificates, and secrets within the virtual machine. Additionally, Boot integrity monitoring, in conjunction with Microsoft Azure Attestation and Azure Security Center, provides integrity alerts, recommendations, and remediation actions if remote attestation fails.

Networking

Azure Firewall Single-Click Upgrade and Downgrade Now in General Availability

Azure has introduced a new capability for its Firewall service, allowing users to seamlessly upgrade from the Standard SKU to the Premium SKU, and vice versa. This enhancement simplifies the upgrade and downgrade process, ensuring that users can make these changes without any service interruptions. With just a single click, Azure customers can now easily transition between the two firewall versions. This feature is especially beneficial for those looking to leverage the advanced functionalities of the Premium SKU or revert to the Standard SKU based on their requirements. The Azure Firewall Single-Click Upgrade and Downgrade feature was officially made available on August 31, 2023.

Azure Container Apps support for UDR, NAT Gateway, and smaller subnets

Azure has announced the general availability of Azure Container Apps support for User Defined Routes (UDR), NAT Gateway, and smaller subnets. This enhancement provides users with more flexibility and control over their networking configurations, allowing for more customized and optimized network setups. Azure Container Apps is a fully managed platform for building and running microservices and APIs. With this update, users can now leverage UDR to define custom routes, utilize NAT Gateway for outbound connectivity, and deploy in smaller subnets for more granular network segmentation.

Azure Firewall: Explicit Proxy (preview)

Microsoft Azure has recently introduced a public preview of the Azure Firewall Explicit Proxy. This new feature is designed to enhance the security and performance of Azure’s firewall services. As it is currently in public preview, users can explore its functionalities and provide feedback to help improve the service before its general release. For more details and to stay updated on further developments, you can visit the official announcement page.

Azure Firewall: Auto-Learn SNAT Routes Feature Now in Public Preview (preview)

Azure has introduced a new feature in public preview, named “Auto-Learn SNAT Routes”, promising to simplify and expedite network configurations. This feature allows the Azure Firewall to automatically learn address ranges and configure them to be excluded from SNAT, thereby reducing the time and complexity spent on manually defining private SNAT ranges. To utilize this feature, the Azure Route Server needs to be deployed in the same virtual network as the Azure Firewall. Released on August 31, 2023, this feature promises to be a valuable tool for network administrators seeking to optimize their processes. For more information, you can visit the official page.

Storage

Azure Premium SSD v2 Disk Storage Now Available in Select Regions

Microsoft has announced the general availability of Azure Premium SSD v2 Disk Storage in several regions, including Australia East, France Central, Norway East, and UAE North. This new offering promises to deliver high-quality storage performance while ensuring security and reliability. Users in these regions can now benefit from the advanced storage features offered by Azure, helping to enhance the efficiency and resilience of their systems. For further details, you can visit the official page.