This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant news. The goal is to keep you constantly informed about these developments, giving you the essential information needed to further explore these topics.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Overview of Management Services in Azure
Monitor
Azure Monitor
Support for Managed Identities for Alerts
Azure Monitor alerts are essential tools for monitoring data related to Azure and its applications. These alerts quickly identify issues that could affect service operations. Through log search alert rules, it’s possible to periodically run log data queries to receive notifications or trigger actions when potential problems are detected. A common challenge for developers is managing the credentials of applications accessing different resources. In this context, managed identities prove to be an effective solution, offering an identity automatically managed through Microsoft Entra ID. Applications can use these identities to obtain access tokens without directly managing credentials.
Log search alert rules support the use of managed identities for Azure resources, enhancing the visibility and control of permissions associated with these rules. Managed identities can be employed in log search alert rules in two main ways:
- System-assigned managed identity: in this case, Azure creates a new identity specifically dedicated to the alert rule. After creating the rule, it is necessary to assign this identity the required permissions to access the workspace and the data sources needed to perform the query.
- User-assigned managed identity: before establishing the alert rule, the user creates an identity and assigns the appropriate permissions. This identity can then be used for multiple alert rules, thus optimizing resource management.
This system not only simplifies credential management but also increases security and efficiency in the configuration and monitoring of applications and cloud resources.
Azure Monitor Agent Upload to Storage and Event Hubs (preview)
The Azure Monitor Agent is an advanced solution for collecting telemetry data from IaaS resources, like virtual machines. With the new upload feature, available in this preview version, it is possible to transfer logs directly from Log Analytics workspaces to Event Hubs and Storage services. These data destinations employ specific rules for data collection, allowing for a customized and optimized configuration of the collection infrastructure for agents.
Query Editor for Azure Monitor Metrics (preview)
The public preview of the Query Editor for Azure Metric Explorer within Azure Monitor Workspace (AMW) is now publicly available. This update allows customers to query Prometheus metrics directly from their Azure Monitor Workspace using PromQL. With this feature, users can analyze metric data more effectively by writing and executing PromQL queries directly in the Metric Explorer.
Azure Monitor Pipeline (preview)
Microsoft recently launched the preview version of the Azure Monitor Pipeline for edge environments. This new solution is designed to improve the ingestion and routing of large-scale data from edge environments to Azure Monitor, enhancing observability. Deployable as an extension of the Arc Kubernetes cluster on your own on-premises Kubernetes clusters, the pipeline supports a wide range of resources and can be scaled horizontally to handle large volumes of data. It also offers advanced capabilities for collecting data from resources in segmented networks without continuous cloud connectivity, storing logs locally during outages, and synchronizing them with the cloud once the connection is restored.
Govern
Azure Advisor
Changes to the Display of Savings Estimates on Azure Advisor
From September 30, 2024, Azure Advisor will no longer display the aggregated annual estimates of potential savings. Currently, these estimates are visible on the Azure portal under “Potential yearly savings based on retail pricing” in the cost recommendations pages. This feature will be discontinued on the specified date. Despite the removal of this aggregated display, it will still be possible to calculate specific annual potential savings through alternative procedures. Individual recommendations and their associated potential savings will remain available.
Resiliency Review (preview)
Microsoft has introduced the “Resiliency Review” in public preview on Azure Advisor, a new feature aimed at increasing the resilience of workloads through personalized recommendations. These recommendations, provided by Microsoft’s cloud solution architects, allow users to focus on the most critical aspects to ensure the resilience of their systems. Users have the opportunity to evaluate the recommendations (accepting or rejecting them), manage their lifecycle on Advisor, and collaborate with their Microsoft account team to monitor resolution. It is also possible to request a “Well Architected Reliability Assessment” to optimize the resilience and reliability of workloads by implementing the recommendations and monitoring their lifecycle on Advisor.
Azure Cost Management
Updates related to Microsoft Cost Management
Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.
Secure
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- General Availability of Microsoft Defender for Containers on AWS and GCP: Microsoft has announced the general availability of Defender for Containers for AWS and GCP platforms. This service enhances container security through real-time threat detection and agentless container discovery. Notably, an advanced authentication feature on AWS optimizes the service provisioning process.
- Risk Prioritization: Risk prioritization has become the default experience in Microsoft Defender for Cloud. This feature helps users focus on the most severe threats by organizing security recommendations based on the risk factors of each resource. The assessment criteria include the potential impact of a breach, risk categories, and the attack path associated with each security issue.
- Update on Microsoft Defender for Server Plan 2: Microsoft has announced that the Qualys service integrated into Plan 2 of Microsoft Defender for Server will be retired on May 1, 2024. This change is part of a broader initiative to simplify and consolidate vulnerability assessments within Microsoft Defender for Cloud. Following this update, Plan 2 of Defender for Server will integrate Microsoft Defender Vulnerability Management as its new solution for vulnerability assessments.
- Defender for Cloud Supports Azure Database for MySQL – Flexible Server: Microsoft Defender for Cloud can now protect Azure Database for MySQL – Flexible Server from threats without compromising the performance of the service. This solution reduces the risk of data breaches, attacks, and unauthorized access by monitoring unusual or suspicious activity in the database. This feature can be easily enabled from the Azure portal, to receive security alerts, insights, and recommendations on how to mitigate potentially harmful threats related to Azure Database for MySQL – Flexible Server.
Protect
Azure Backup
Backup and Restore of Virtual Machines with Private Endpoint Disks
Azure Backup now offers the capability to back up Azure virtual machines using disks with private endpoints. This functionality is available for virtual machines with both standard and advanced backup policies and can be implemented through the standard backup procedures of Azure. Additionally, during the restore process, it is now possible to configure network access settings for the restored disks. Users can choose to maintain the original network configuration of the disks, limit access to specific networks, or allow public access from all networks.
Backup for Azure Database for MySQL – Flexible Server (preview)
Azure Backup, in collaboration with Azure Database Services, has launched a preview backup solution for MySQL-Flexible servers that allows backups to be retained for up to 10 years. Features offered in this preview phase include: comprehensive data protection against various levels of data loss, from accidental deletions to ransomware attacks; the ability for users to control scheduled and ad-hoc backup operations; isolated backups stored in a separate security and fault domain; long-term backup retention; and centralized monitoring of all backup operations and jobs.
Azure Backup Introduces Vault Backups for Azure Files (preview)
Azure Backup now supports transferring backups of Azure Files into vaults to protect critical business data stored in Azure Files against severe data loss scenarios, such as ransomware attacks. These isolated backups ensure trouble-free recovery even if the source data is compromised. It’s easy to switch from snapshot-based backup, which offers protection from accidental deletions, to vault backup to safeguard File data against a broader range of tampering and data deletion scenarios. Capabilities include:
- Enhanced backup security with features such as immutability, encryption with customer-managed keys (CMK), soft delete, and multi-user authorization (MUA).
- Long-term data retention up to 99 years to meet compliance requirements in regulated sectors.
- Business continuity in case of regional disruptions with the ability to restore from a backup copy replicated in the Azure paired region.
- Guaranteed data recovery even if the production storage or subscription is compromised, with the option to restore in an alternative subscription.
Selecting the “vault” level in the backup policy can improve the security posture of Azure Files data with a native, managed, and secure offsite backup solution, strengthening the business continuity and disaster recovery strategy for mission-critical applications.
Azure Site Recovery
New Update Rollup
Update Rollup 73 has been released for Azure Site Recovery, bringing significant improvements to the latest service components. Notably, the Mobility Service now supports additional Linux operating systems, including Debian 12 and Ubuntu 18.04 Pro for Azure-to-Azure configurations and VMware/Physical migrations to Azure. This update also includes other optimizations and bug fixes.
Azure Site Recovery for Shared Disks (preview)
The public preview of Azure Site Recovery for managing Shared Disks is now available. This feature enhances the protection and recovery of workloads operating on Windows Server Failover Clusters (WSFC) deployed on Azure VMs. This development paves the way for the use of shared disks for mission-critical applications such as SQL FCI, SAP ASCS, and Scale-out File Servers, ensuring operational continuity and efficient recovery capability in disaster scenarios.
With Azure Site Recovery for shared disks, you can:
- Replicate and recover WSFC clusters as a single entity throughout the Disaster Recovery (DR) lifecycle.
- Generate cluster-level consistent recovery points.
- Monitor the protection and health status of the cluster and its nodes from a single interface.
- Manage cluster failover and recovery point selection.
- Re-protect and restore the cluster in the main region minimizing data loss and reducing downtime.
Migrate
Azure Migrate
New releases and features of Azure Migrate
Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.
This month, the main updates include:
- New Features for SAP (preview): Azure Migrate has recently expanded its capabilities by including support in preview for discovery and assessment of SAP systems. Thanks to this feature, users can now perform detailed assessments for on-premises SAP workloads.
- Assessment of Java Web Applications (Tomcat) for Azure App Service and AKS (preview): Microsoft has introduced a new assessment capability for Java web applications (Tomcat) in preview, aimed at both Azure App Service and Azure Kubernetes Service (AKS). This feature allows developers and IT architects to examine and plan the migration of their existing Tomcat applications, leveraging Azure’s cloud capabilities to enhance the performance and scalability of applications.
Azure Evaluation
For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.
