This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Monitor
Azure Monitor
Azure Log Analytics improves resilience with workspace replication across regions (preview)
Azure Log Analytics introduces workspace replication, a new feature that enhances resilience against regional incidents. By enabling replication, a copy of the workspace is created in another region. From that moment, new logs in the primary workspace are also replicated to the secondary workspace (existing logs are not copied). The secondary workspace cannot be managed or accessed directly and serves only to create an active-passive configuration: at any time, there is an active instance of the workspace and an inactive one updated in the background. In case of an interruption affecting the primary workspace, failover can be activated to switch to the secondary workspace. This operation redirects all ingestion and query requests to the secondary workspace, allowing continued monitoring of resources and applications. The secondary workspace maintains a copy of all logs from the time replication is enabled, allowing for a smooth transition and continued use of alerts, workbooks, and other services accessing the logs, such as Sentinel. During this period, the secondary workspace also replicates incoming logs to the primary workspace, allowing a return to the primary region when it is operational again and continuing to work normally. Workspace replication is billed per replicated GB, and replication can be applied to a subset of Data Collection Rules (DCRs) to limit the scope of replication and related costs.
Filtering Kubernetes metadata and logs in Azure Monitor Container Insights (preview)
Filtering Kubernetes metadata and logs enriches the ContainerLogsV2 schema with additional Kubernetes metadata such as PodLabels, PodAnnotations, PodUid, Image, ImageID, ImageRepo, and ImageTag. The log filtering feature provides filtering capabilities for both workload and platform logs (e.g., system namespaces) from containers. This feature enhances the Kubernetes metadata experience by leveraging the Grafana dashboard to visualize log levels, volume, rate, records, and more. Users gain a richer context and improved visibility into their workloads.
Monitoring applications with Java metrics in Azure Container Apps (preview)
It is now possible to monitor the performance and health of applications with Java metrics such as garbage collection and memory usage. These metrics are automatically collected and reported in Azure Monitor, where they can be viewed in an integrated dashboard. It is also possible to set alerts and troubleshoot issues based on these metrics.
Data analysis using Log Analytics Simple mode (preview)
Azure Monitor Logs introduces a significant improvement in the log analysis experience: Simple mode. This new feature offers users a powerful set of tools to explore their logs and gain meaningful insights from the data. Until now, Azure Monitor Logs relied on the Kusto Query Language (KQL) to formulate queries, a powerful and easy-to-learn language, but it still requires some knowledge to use effectively. Simple mode was developed to bridge this knowledge gap, allowing the use of the most common KQL operators and actions through a simple and intuitive point-and-click experience that requires no KQL knowledge. For advanced users, KQL mode continues to offer the full potential of the Kusto language to gain deeper insights from the logs. Currently, Simple mode is an optional experience: to try it, just select “Try the new Log Analytics”. It is possible to return to the classic Log Analytics experience at any time.
Govern
Azure Cost Management
Updates related to Microsoft Cost Management
Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.
Secure
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- Remediate security baseline recommendation: Microsoft Defender for Cloud has enhanced the Center for Internet Security (CIS) benchmarks by offering security baselines supported by Microsoft Defender Vulnerability Management (MDVM). The new recommendation “Machine should be configured securely (powered by MDVM)” helps secure servers by providing suggestions to improve security posture.
- Configure email notifications for attack paths: It is now possible to configure email notifications for attack paths in Defender for Cloud. This feature allows receiving email notifications when an attack path with a specified risk level is detected. This update helps security teams respond promptly to potential attacks, improving responsiveness and overall protection.
- Integration of Defender for Cloud alerts and incidents with Microsoft Defender XDR: This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender Portal. Providing richer context for investigations involving cloud resources, devices, and identities, this feature improves response capabilities and the effectiveness of security operations.
- Checkov integration for IaC scanning in Defender for Cloud (preview): The public preview of Checkov integration for DevOps security in Defender for Cloud has been announced. This integration improves both the quality and the total number of Infrastructure-as-Code (IaC) checks performed by the MSDO CLI command when scanning IaC templates. During the preview, Checkov must be explicitly invoked via the ‘tools’ input parameter for the MSDO CLI command.
- Permissions management in Defender for Cloud: The general availability (GA) of permissions management in Defender for Cloud has been announced. This feature enables advanced permissions management, improving security and access control in cloud resources.
- Security posture management for AI in Defender for Cloud: This feature provides security posture management capabilities for AI in Azure and AWS.
- Threat protection for AI workloads in Azure (preview): Threat protection for AI workloads in Defender for Cloud provides contextual insights into threat protection, integrating with Responsible AI and Microsoft Threat Intelligence. Security alerts for AI workloads are integrated into Defender XDR in the Defender portal. This plan helps monitor Azure OpenAI-powered applications at runtime for malicious activities, identifying and mitigating security risks.
- Updated security policy management: Cross-cloud (Azure, AWS, GCP) security policy management is now generally available (GA). This feature allows security teams to manage their security policies consistently and with new characteristics:
- A simplified and uniform cross-cloud interface to create and manage the Microsoft Cloud Security Benchmark (MCSB) and custom recommendations based on KQL queries;
- Management of regulatory compliance standards in Defender for Cloud across Azure, AWS, and GCP environments;
- New filtering and export capabilities for reporting.
- Public preview of Defender for open-source databases on AWS: The public preview of Defender for open-source databases on AWS has been announced, adding support for various Amazon Relational Database Service (RDS) instance types. This integration improves the security and management of open-source databases running on AWS instances.
Protect
Azure Backup
Migration of virtual machine backups to enhanced backup policies (preview)
Azure Backup now supports the migration of virtual machine backups from the standard backup policy to the enhanced backup policy. This migration offers several benefits:
- Improved RPO: The recovery point objective (RPO) can be reduced to as little as 4 hours.
- Retention of recovery points: Recovery points can be retained as snapshots for up to 30 days.
- Multi-disk consistency: The enhanced policy ensures multi-disk crash consistency for protected VMs.
- Zone-level resilience: Recovery points created with the enhanced policy are zone-resilient.
- Trusted Launch security: Protected virtual machines can be converted to Trusted Launch security.
- Use of premium SSDv2 or ultra-disk: Migration to the enhanced policy allows the use of premium SSDv2 or ultra-disk without interrupting existing backups.
These improvements make migrating to the enhanced backup policy an excellent choice for optimizing the protection and management of virtual machines on Azure.
Azure Site Recovery
Built-in Azure Monitor alerts for Site Recovery
Built-in Azure Monitor alerts for Azure Site Recovery (ASR) are now generally available. This innovation enables organizations using ASR to benefit from an advanced set of alerting and notification features offered by the Azure Monitor platform. Users can leverage standard Azure Monitor experiences and interfaces to manage ASR alerts at scale, using a single platform. This represents a significant step towards achieving a homogeneous and consistent set of monitoring and alerting experiences for all Business Continuity and Disaster Recovery (BCDR) scenarios on Azure.
Out of Box Reports for Azure Site Recovery (preview)
Out of Box Reports for Azure Site Recovery are now available in preview. This new reporting feature offers organizations using ASR a clear and detailed view of job and health status for protected items. Integrated into the Azure Business Continuity Center and Recovery Services Vault, this feature allows BCDR administrators to effectively monitor and manage all protected items in large-scale backup and site recovery processes.
Support for Azure Trusted Launch VMs (preview)
Microsoft has announced the Public Preview of Azure Site Recovery support for Azure Trusted Launch VMs. Azure Trusted Launch VMs provide security for second-generation Azure virtual machines, enabling Secure Boot and vTPM features. This public preview is currently available only for the Windows operating system.
Migrate
Azure Migrate
New releases and features of Azure Migrate
Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.
Azure Evaluation
For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.