Microsoft constantly releases news about Azure management services. By publishing this summary, we want to provide an overall overview of the main news released in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
Azure Monitor metric alerts: improvement in learning the thresholds
The “metric alerts” of Azure Monitor with dynamic threshold detection, use machine learning algorithms (ML) advanced tools to learn the historical behavior of metrics and identify patterns and anomalies that indicate possible problems in services. Thanks to the introduction of this new feature, prolonged interruptions are automatically recognized and these interruptions are removed from the trend in order not to distort the results. In this way, much better thresholds are obtained that adapt to the data and can detect problems in services with the same sensitivity before the interruption.
VM insights and the use of the new Azure Monitor agent (preview)
Currently, in order to use Azure Monitor VM insights you need to install, on board each virtual machine or virtual machine scale set to be monitored, the Log Analytics agent and the dependency agent. Thanks to the release of this new feature (preview) VM insights will use the new Azure Monitor agent, instead of the Log Analytics agent.
There are several features that are obtained with this preview:
- Easy configuration, using the data collection rule, to collect the performance counters of VMs and specific data types.
- Ability to enable and disable processes and dependency data that generate the Map view, thus obtaining a consequent cost optimization.
- Improvement of security and performance resulting from the use of the Azure Monitor agent and managed identity.
Managed identity-based authentication to enable Azure Monitor container insights (preview)
Container insights now supports integration through the Azure Monitor agent for AKS clusters (Linux nodes) and for Arc-enabled clusters. This agent collects performance and event data from all cluster nodes and is automatically deployed and registered with the Log Analytics workspace. With the Azure Monitor agent, container insights also supports managed identity authentication for AKS and Arc-enabled clusters. This is a secure and simplified authentication model in which the monitor agent uses the managed identity of the cluster to send data to Azure Monitor. This new authentication mechanism replaces local authentication based on certificates and eliminates the need to add a specific role to the cluster. System-assigned identities and user-assigned identities are supported.
Availability in new regions
Azure Monitor Log Analytics is available in the following new regions:
- China North 3
- China East 3
To check the availability of the service in all the Azure regions you can consult this document.
Policy to block the deployment of potential vulnerable images
To protect Kubernetes clusters and their container-based workloads from potential attack attempts, it is now possible to create restrictions in the deployment of images that contain vulnerabilities in their software components. Thanks to this feature it is possible to use Azure Policy and Azure Defender for Containers to identify vulnerabilities and apply related patches before making deployments.
Azure Cost Management
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported. In particular, it should be noted the possibility to consolidate and manage various Azure Active Directory tenants from a single Billing account of the Microsoft Customer Agreement (MCA).
Azure Arc-enable Servers: availability in new regions
Azure Arc-enable Servers is available in the following new regions:
- China East 2 (preview)
- China North 2 (preview)
- South Africa North
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
- Automatic deployment of the Azure Monitor agent (preview)
- Deprecated alerts regarding suspicious activity related to a Kubernetes cluster
Azure Site Recovery
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 63 that solves several issues and introduces some improvements.
Among the main improvements introduced by this version of the ASR components, we find:
- Oracle Linux support 8.6 for Linux OS/Azure to Azure and for VMware/Physical to Azure
- The ability to migrate existing replication jobs from classic to modern mode for VMware virtual machines (see next paragraph “Upgrade to adopt VMware's modern VM replication experience”)
The details and the procedure to follow for the installation can be found in the specific KB.
Upgrade to adopt VMware's modern VM replication experience
In ASR the possibility of migrating has been introduced, VMware virtual machines protected by Azure Site Recovery, from the classical experience to the modern one recently introduced. The classic mode involves the replication of VMware VMs using the Configuration Server, while the modern mode involves the adoption of the ASR replication appliance. The migration process, towards the modern mode, which was introduced provides:
- A detection mechanism that allows you not to have to repeat the initial replication of protected systems.
- The calculation of the necessary migration times, in order to have all the elements necessary for proper planning.
- A robust rollback mechanism, to restore the initial situation (classic mode) if any problems arise.
The adoption of the modern replication mechanism is recommended by Microsoft as it improves security, reduce the management effort and simplify the environment.
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:
- Ability to perform the discovery and assessment of SQL environments in Microsoft Hyper-V and physical / bare-metal systems, as well as on the IaaS services of other public clouds.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.