The new year began with several announcements from Microsoft regarding news related to Azure management services. The Cloud Community releases this summary monthly, allowing you to have a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
Cross query between Azure Monitor and Azure Data Explorer (preview)
The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.
Among the various features recently released we find the ability to perform queries:
- Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
- On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer
In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.
Monitoring Azure Data Explorer Cluster with Azure Monitor (preview)
Azure Monitor expands its capabilities with Azure Monitor for Azure Data Explorer, which allows you to perform a complete monitor of Azure Data Explorer clusters, providing a single view of performance, of operations, and actual use.
Integration between Azure Monitor workbooks and Application Change Analysis (preview)
The recently released integration between Azure Monitor and Application Change workbooks allows you to create different types of charts, using as a data source the information regarding the changes that are made in the Azure environment. For example,, you can create charts to see when important changes have occurred in the last few 24 hours, or use the ability to merge to see what changed before a spike in memory that occurred on a VM.
ITSM Connector for ServiceNow ITOM with Secure Export (preview)
Secure Export is the new version (in preview) of the’IT Service Management Connector (ITSM) of Azure Monitor, which allows you to automatically create work items in an ITSM tool, when an Azure Monitor alert is activated. As part of the preview, a new integration with ServiceNow IT Operations Management was introduced (ITOM) using Secure Export.
Azure Monitor Network Insights
Azure Monitor Network Insights is now available and allows , through a centralized console, to monitor your Azure network infrastructure. The main features of Network Insights are as follows:
- Unique console for the network monitor.
- Agent configuration is not required.
- Centralized access to traffic and connectivity monitor tools, that allow you to check health state, metrics, alerts, and data.
- Viewing the network topology, with the ability to view functional dependencies. This will make it easier to solve any problems.
- Access resource metrics to debug when needed, without having to write queries or create specific workbooks.
Availability in new regions
Azure Monitor Log Analytics is now available in the following Azure regions: “Germany West Central”, “UAE North”, and “Switzerland West”. Furthermore, Azure Log Analytics is available in preview in two new regions: “UAE Central” and “Japan West”. To check the availability of the service in all the Azure regions you can consult this document.
Availability in new regions
Azure Automation is now available in the “UAE North” and in the region of “Switzerland West”. To check the availability of the service in all the Azure regions you can consult this document.
Support for NSG Flow Logs
TheNSG flow logs in the Azure platform, they allow you to maintain the visibility of network traffic entering and leaving the Network Security Groups. To simplify the deployment experience, NSG flow logs Integrated support has been introduced in the Azure Policy, which allows you to check the enabled status and to force the collection of NSG flow logs when disabled, specifically by using the following policies:
- Audit policy: NSGs flag without Flow logs enabled
- DeployIfNotExists policy: Enable Flow logs on NSGs where it is disabled
Azure Cost Management
Updates related to Azure Cost Management and Billing
Microsoft is constantly looking for new ways to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . In this article some of the latest improvements and updates regarding this solution are reported, including:
- New cost view for resource groups
- Saving the last scope used
- Cost Management Labs News
- Definition of roles and responsibilities
- Cost-saving methodologies by running .NET apps on Azure
- New ways to save money
- New videos to deepen these issues
- Documentation updates
Azure Security Center
Vulnerability assessment for on-premises and multi-cloud systems
The Azure Security Center solution has recently been enriched with the ability to carry out an integrated Vulnerability Assessment, not just virtual machines in Azure, but also systems located on-premises or in multi-cloud environments, as long as Azure Arc has been enabled.
The vulnerability scanning included in Azure Defender for servers is done through the solutionQualys, which is recognized as a leading tool for real-time identification of potential vulnerabilities in the systems.
Thanks to this update, it is possible to harness the power of Azure Defender for server to consolidate the vulnerability management program on all resources in your environment (Azure and not). Among the main features we find:
- Monitoring the VA scan (vulnerability assessment) on Azure Arc machines
- Provisioning the VA agent on Azure Arc Windows and Linux machines (manually and on a large scale)
- Receiving and analyzing vulnerabilities detected by distributed agents (manually and on a large scale)
- Unified experience for Azure VMs and Azure Arc machines
What's new in Azure Security Center
Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
- Azure Security Benchmark becomes the default initiative
- Secure score for management groups (preview)
- Secure score API
- DNS sangling security added to Azure Defender for App Service
- Multi-cloud connectors
- Exemption, for subscriptions and management groups, for recommendations from the secure score
- Users can request visibility “tenant-wide”
- 35 recommendations in previews added
- CSV export of filtered lists of recommendations
- Resources “Not applicable” are reported as “Compliant” in Azure Policy assessments
- Weekly export of secure score and regulatory compliance data through continuous export (preview)
Azure Defender for SQL updates and enhancements
In Azure Security Center, the following updates and improvements have been made to Azure Defender for SQL:
- Azure Defender for SQL servers on board virtual machines is available (generally available)
- Azure Defender for SQL includes support for Azure Synapse Analytics dedicated SQL pool
- Best Security Center Experience for Azure SQL Database & SQL Managed Instance
Azure Managed Disk backups (limited preview)
Azure Backup offers the ability, at the moment by accessing a limited preview, to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.
Encryption at rest with keys “customer-managed”
Azure Backup introduces encryption at rest support using customer-managed keys. This feature encrypts backup data in recovery services vaults using your keys in the Azure Key Vault. Data is protected using a data encryption key (DEK) AES-based 256, which in turn is protected using the keys stored in the Key Vault. Compared to encryption that uses keys managed by the Azure platform (available by default), this support gives you more control over encryption key management, enabling you to best meet your compliance needs.
Azure Site Recovery
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 53 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.