This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Trusted launch support for virtual machines using Ephemeral OS disks
Trusted launch virtual machine (VM) support for VMs using Ephemeral OS disks improves the security of generation 2 VMs in Azure.
Azure NetApp Files datastores for Azure VMware Solution (preview)
The public preview of Azure NetApp Files datastores for Azure VMware Solution (AVS) is available. This new integration between Azure VMware Solution and Azure NetApp Files will enable you to create datastores via the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes and mount the datastores on your private cloud clusters of choice. Along with the integration of Azure disk pools for Azure VMware Solution, this will provide more choice to scale storage needs independently of compute resources. For your storage-intensive workloads running on Azure VMware Solution, the integration with Azure NetApp Files helps to easily scale storage capacity beyond the limits of the local instance storage for AVS provided by vSAN and lower your overall total cost of ownership for storage-intensive workloads.
Azure NetApp Files: feature general availability and feature expansion of regional availability
To meet the demanding requirements of enterprise mission-critical workloads, new features are constantly added to Azure NetApp Files and previously released preview features are moved into general availability. The following capabilities are recently generally available and no longer need registration for use: AES encryption for AD authentication, Backup policy users, Administrators privilege users, and Dynamic change of service level. Additionally, feature regional coverage continues to expand for Azure NetApp Files cross-region replication. The following are the cross-region replication region pair additions: Brazil South and South Central US, West US 3 and East US, Australia Central and Australia Central 2, France Central and West Europe. Also, regional coverage has expanded for Azure NetApp Files for standard network features. The following regions are standard network feature additions: Australia Central, Australia Central 2, Australia Southeast, East US 2, France Central, Germany West Central, North Europe, West Europe, West US 2, and UK South.
Azure Firewall updates
The following updates are available for Azure Firewall:
- Intrusion Detection and Prevention System (IDPS) signatures lookup
- TLS inspection (TLSi) Certification Auto-Generation
- Web categories lookup
- Structured Firewall Logs
- IDPS Private IP ranges (preview)
Azure WAF policy and DDoS management in Azure Firewall Manager
Azure Firewall Manager now supports managing DDoS Protection Plans for virtual networks and Azure Web Application Firewall (Azure WAF) policies for application delivery platforms: Azure Front Door and Azure Application Gateway.
Azure Virtual Network Manager in nine new regions (preview)
Azure Virtual Network Manager helps you create your desired topologies like hub and spoke and mesh with just a few clicks. The security admin rules feature allows you to enforce security policies throughout your organization. You can create an Azure Virtual Network Manager instance in nine more regions and manage your virtual networks at scale across regions, subscriptions, management groups, and tenants globally from a single pane of glass.
Private link support in Azure Application Gateway (preview)
With private link support, incoming traffic to an Azure Application Gateway frontend can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link. Traffic between private endpoints in your virtual network and your Application Gateway will traverse a secure and private connection.
ExpressRoute IPv6 Support for Global Reach (preview)
IPv6 support for Global Reach unlocks connectivity between on-premise networks, via the Microsoft backbone, for customers with dual-stack workloads. Establish Global Reach connections between ExpressRoute circuits using IPv4 subnets, IPv6 subnets, or both. This configuration can be done using Azure Portal, PowerShell, or CLI.
Network Watcher packet capture support for virtual machine scale sets (preview)
Azure Network Watcher packet capture announces support for virtual machines scale sets. This is as an out of the box, on-demand capability, enabling faster diagnostics and troubleshooting of networking issues.
Connection Monitor Support for virtual machine scale sets
Azure Network Watcher Connection Monitor announces support for virtual machine scale sets which enables faster performance monitoring and network troubleshooting through connectivity checks.
ExpressRoute Direct and Circuit in different subscriptions (preview)
Generate an authorization for the ExpressRoute Direct resource and redeem the authorization to create an ExpressRoute Circuit in a different subscription and/or Azure Active Directory Tenant. This feature is currently available in public preview.