This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure
Compute
Automatic Azure VM extension upgrade capabilities (preview)
Azure virtual machine extensions are small applications that provide post-deployment configuration and automation on Azure VMs. The ability to automatically upgrade Azure VM extensions is now available in public preview for Azure virtual machines and virtual machine scale sets. If the automatic extension upgrade feature is enabled for an extension on a VM or a VM scale set, the extension is upgraded automatically whenever the extension publisher releases a new version. Azure manages the upgrade rollout and the upgrades are safely applied following availability-first principles, keeping your environments more secure and up to date.
Azure Image Builder Service now generally available
Azure Image Builder service offers unification and simplification for your image building process across Azure and Azure Stack with an automated image building pipeline. Whether you want to build Windows or Linux virtual machine images, you can use existing image security configurations to build compliant images for your organization and patch existing custom images using Linux commands or Windows Update. Azure Image Builder supports images from multiple Linux distributions, Azure Marketplace, and Windows Virtual Desktop environments and you can build images for specialized VM sizes, such as creating images for GPU VMs.
New datacenter region in Indonesia
Microsoft announced plans to establish its first datacenter region in Indonesia to deliver trusted Azure services locally, with world-class data security, privacy, and the ability to store data in the country. In addition, Microsoft announced plans to skill an additional 3 million Indonesians to empower a total of 24 million Indonesians by the end of 2021 through its long-established skilling programs designed to help create inclusive economic opportunities in the digital era.
Storage
Azure NetApp Files: Volume hard quota change
From the beginning Azure NetApp Files has been using a ‘capacity pool’ provisioning and automatic growth mechanism. Azure NetApp Files volumes are thinly provisioned on an underlaying, customer-provisioned ‘capacity pool’ of a selected tier and size. Volume sizes (‘quotas’) are used to provide performance and capacity, and these ‘quotas’ can be adjusted on-the-fly at any time. This behavior means that, currently, the volume quota is a performance lever used to control bandwidth to the volume. Currently, underlaying capacity pools automatically grow when capacity fills up. The Azure NetApp Files behavior of volume and capacity pool provisioning will change to a manual and controllable mechanism. Starting March 15th, 2021, volume sizes (quota) will manage bandwidth performance, as well as provisioned capacity, and underlying capacity pools will no longer grow automatically.
Networking
Azure Firewall Premium (preview)
With the new Azure Firewall Premium now in public preview, you can now perform the following new capabilities:
- Transport Layer Security (TLS) Inspection: Azure Firewall Premium decrypts outbound traffic, performs the required value-added security functions and re-encrypt the traffic which is sent to the original destination.
- Intrusion Detection and Prevention System (IDPS): Azure Firewall Premium provides signature-based IDPS to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
- Web Categories: Allows administrators to allow or deny user access to the Internet based on categories (e.g. social networking, search engines, gambling), reducing the time spent on managing individual FQDNs and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
- URL Filtering: Allow users to access specific URLs for both plain text and encrypted traffic, typically being used in congestion with web categories.
Azure Firewall Premium is utilizing Firewall Policy, a global resource that can be used to centrally manage your firewalls using Azure Firewall Manager. Starting this release, all new features will be configurable via Firewall Policy only. This includes TLS Inspection, IDPS, URL Filtering, web categories and more. Firewall Rules (Classic) continues to be supported and can be used for configuring existing features of Standard Firewall. Firewall Policy can be managed independently or using Azure Firewall manager. Firewall policy associated with a single firewall has no charge.
Azure Front Door: Standard and Premium now in public preview
Microsoft is introducing the preview of two new SKUs to the Azure Front Door family, which combines capabilities of: Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) into a single secure cloud CDN platform with intelligent threat protection and a simple to understand pricing model.
- Azure Front Door standard SKU is content delivery optimized, offering both static and dynamic content acceleration, global load balancing, SSL offload, domain and certificate management, enhanced traffic analytics, and basic security capabilities.
- Azure Front Door premium SKU builds on capabilities of the standard SKU, and adds extensive security capabilities across WAF, BOT protection, Azure Private Link support, integration with Microsoft Threat Intelligence, and security analytics.
Azure Front Door Standard/Premium (Preview) is a secure cloud CDN service that cyber security teams can use to accelerate content delivery while protecting apps, APIs, and websites from cyberthreats. It combines intelligent threat protection and modern CDN technology in a tightly integrated service. Your users get friction-free access to internal apps, and APIs and websites are delivered fast at a global scale. And best of all, implementing Azure Front Door Standard/Premium (Preview) across your internal and external digital assets is quick, easy and cost effective with a simplified billing model.
Web Application Firewall Integration with Azure Front Door Standard and Premium SKU
Azure Web Application Firewall is now integrated into Azure Front Door Standard and Premium SKU (Preview). Azure Front Door Standard supports custom WAF rules only, and the Premium SKU supports custom WAF rules, managed ruleset, and Bot manager.
Azure Front Door: Web Application Firewall ruleset refresh
Azure Web Application Firewall with Azure Front Door has a new version of managed ruleset available: Microsoft_DefaultRuleSet_1.1. Powered by Microsoft Threat Intelligence, Microsoft_DefaultRuleSet_1.1 adds new rules for broader coverage and modifications for some existing rules to reduce false positives.
