In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
Monitor
Azure Monitor
New version of the agent for Linux systems
A new version of the Azure Monitor Agent was released this month (AMA) and of Data Collection Rules (DCR) for Linux systems (v1.19.3), which introduces in particular support for recent distros, like Ubuntu 22.04, Rocky Linux, and AlmaLinux.
Govern
Azure Cost Management
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:
Azure Arc
Windows Admin Center from the Azure portal for Azure Arc servers (preview)
Using Windows Admin Center from the Azure portal, it is now also possible to manage the Microsoft Azure Arc-enabled infrastructure.
Azure Arc-enabled System Center Virtual Machine Manager (preview)
System Center Virtual Machine Manager (VMM) has been used for several years to configure, manage and transform on-premises data centers. Microsoft has announced the availability of Azure Arc-enabled System Center Virtual Machine Manager. This is a new Azure Arc feature that allows on-premises environments, managed by System Center Virtual Machine Manager, to be connected to Azure, thus unlocking Azure-based self-service. In this way, VMM-controlled on-premises virtual machines can be created, managed and deleted, in on-premises System Center Virtual Machine Manager deployments, via the familiar Azure portal or using ARM templates, thus ensuring a consistent experience.
Machine Learning with Azure Kubernetes Service and Arc-enabled Machine Learning
With a simple distribution of the cluster extension in an AKS environment or on Kubernetes clusters (Arc Kubernetes) Azure Arc enabled, the cluster is supported in Azure ML.
Azure Key Vault secrets provider on cluster Kubernetes Azure Arc enabled
The extension Azure Key Vault (AKV) Secrets Provider allows you to retrieve the secrets, keys and certificates from an Azure Key Vault in a Kubernetes cluster connected to Arc. This feature eliminates the need to store and maintain secrets locally on K8s clusters, relying on AKV as a centralized solution for secret management.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
- Defender for Azure Cosmos DB
- Defender for SQL on machines in AWS and GCP environments
Protect
Azure Backup
Multiple backups per day for Azure VMs
Azure Backup allows you to create advanced policies to take multiple snapshots of virtual machines per day. Now, to address the need to protect mission-critical workloads aboard virtual machines, there is the possibility of reducing the RPO parameter up to four hours. Thanks to this feature, you can also get a higher retention with regards to instant restore. In fact,, the policy is designed to offer from seven-day instant recovery retention (default duration) up to a maximum of thirty days.
Multi-user authorization for recovery services vault
Multi-user authorization (MUA – Multi User Authorization) for Azure Backup adds an additional layer of protection for critical operations on recovery service vault, providing greater security regarding backups. To provide multi-user authorization, Azure Backup has introduced a resource protection mechanism that ensures that critical operations are performed only if you have obtained the appropriate permission. In this way, Azure Backup provides better protection against operations that could lead to potential loss of backup data, including:
- Disabling soft delete and hybrid security settings
- Disabling the protection of multi-user authorization
- Edit backup policies (to reduce the conservation)
- Changing the security (to reduce the conservation)
- Interruption of protection with the deletion of data
- Changing the MARS security PIN
The backup administrator, which typically holds the recovery services vault, must obtain the role of contributor in the protection of the resources to be able to perform the above protected operations (critical operations). This also requires the action of the resource protection owner to approve and grant the requested access. Furthermore, it is also possible to use Azure AD Privileged Identity Management to manage just-in-time access in resource protection. Finally, it is allowed to create the resource guard in a subscription or tenant other than the one where the recovery services vault resides, to achieve an additional level of isolation.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
