Azure Management services: what’s new in July 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Introduction of Agent and Gateway Extensions in Azure Monitor SCOM MI

Microsoft has announced the general availability (GA) of Agent and Gateway Server extensions in Azure Monitor SCOM MI. This new functionality enables large-scale, programmatic monitoring on Windows machines in Azure and Azure Arc-enabled machines. Now, it is possible to monitor virtual machines both in Azure and outside of Azure.

The Agent and Gateway extensions offer the following advantages:

  • Monitoring Anywhere: SCOM MI can monitor virtual machines and guest applications hosted both in and outside Azure through the Arc channel. Managed Gateways can monitor isolated virtual machines.
  • Large-scale Deployment: Users can enable large-scale virtual machine monitoring through the Azure portal or PowerShell scripts, improving operational efficiency.
  • Agile Transition: With multi-homing support, users can transition monitoring from on-premises SCOM to Azure Monitor SCOM MI at their own pace and needs.
  • Security and Automatic Updates: SCOM MI agents use managed identities and certificate-based authentication, providing a significant improvement over legacy Kerberos authentication. Agents are automatically updated, eliminating the need for frequent update management.

Thanks to these capabilities, Azure Monitor SCOM MI becomes easier to operate. During the Public Preview, over 20 customers deployed more than 1,200 agents, and their feedback has helped further streamline the experience.

As more SCOM customers are expected to transition to monitoring with SCOM MI, the goal is to make the process as smooth as possible through the following features:

  • Extended Onboarding Experiences: Onboarding monitoring agents at scale via ARM templates, Azure policies, and Azure Automation.
  • Scheduled Updates: Providing the flexibility to schedule agent updates according to the organization’s change management process.

New Azure Monitor Auxiliary Logs Plan (Preview)

Azure Monitor Logs introduces a new tiered strategy plan for optimal consumption and cost optimization: Auxiliary Logs. Auxiliary Logs are designed for verbose logs and are economical, while providing a range of functionalities to manage and consume data.

Azure Monitor’s multi-tier strategy now supports three plans – Analytics, Basic, and the new Auxiliary – allowing all logs to be stored in one place and different types of data to be retained for the desired time at a cost-effective price.

With Auxiliary Logs, you can:

  • Optimize Costs: Funnel low-value or verbose logs into the Auxiliary table.
  • Long-Term Data Retention: Retain data for up to 12 years at a low cost.
  • Query Access: Use queries to access the last 30 days of data or search for older data using search jobs.
  • Summary Rules (Preview): Aggregate data and ingest the results into a table with an Analytics plan for use in dashboards, alerts, or performing complex analysis on aggregated data.

During the initial preview period, billing for Auxiliary Logs (ingestion, long-term retention, query, and search jobs) is not yet enabled. The billing start date will be announced on Azure Updates, and current feature users will be given advance notice before billing begins. The Auxiliary Logs plan is currently in public preview and subject to certain limitations, including regional availability, as indicated in the Microsoft documentation.

New Features Added to Azure Monitor Basic Logs Plan

The Azure Monitor Basic Logs plan has seen widespread adoption by customers and continues to grow rapidly. To meet the increasing demand and customer needs, Microsoft is enhancing Basic Logs with additional features that provide greater benefits. The following improvements are being introduced for this plan:

  • Extended Interactive Retention Period: The interactive retention period has been increased from 8 to 30 days, with support for interactive queries throughout the period.
  • Enhanced Query Language Capabilities: Support for queries on Basic Logs has been extended from reduced KQL to full KQL on a single table, with the ability to search for additional data in Analytics tables.

VM insights based on Log Analytics agent: Migration Required by August 31, 2024

Microsoft has announced that by August 31, 2024, VM insights based on the Log Analytics agent will be retired. Users are encouraged to migrate to VM insights based on Azure Monitor agent. This new version offers several improvements, including enhanced security and performance, data collection rules that help reduce costs, and a simplified management experience that includes troubleshooting. It is essential to complete the migration by the specified date to continue using a supported version of VM insights

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs.This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure Arc-enabled Kubernetes Available in the Italy North Region

Azure Arc-enabled Kubernetes is now available in the Italy North region of Azure. This service allows users to manage and govern Kubernetes clusters distributed anywhere, leveraging the centralized management capabilities of Azure Arc.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Security Assessments for GitHub Without Additional License: Starting July 22, 2024, GitHub users in Defender for Cloud no longer need a GitHub Advanced Security license to view security assessments. This change covers code vulnerabilities, IaC misconfigurations, and container image vulnerabilities detected during the build phase. Users with a GitHub Advanced Security license will continue to receive additional assessments for exposed credentials, open-source dependency vulnerabilities, and CodeQL results.
  • End of Support for MMA in Defender for Servers Plan 2: The Log Analytics agent will no longer be supported from August 2024. Server protection will rely on integration with Microsoft Defender for Endpoint (MDE) and agentless capabilities provided by the cloud platform. Some functionalities will continue to be supported until November 2024: File Integrity Monitoring (FIM) and Security Baseline.
  • Public Preview of Binary Drift for Containers: The public preview of Binary Drift for Defender for Containers is available, identifying and reporting potentially malicious binary processes in containers.
  • Automatic Remediation Scripts for AWS and GCP: Automatic remediation scripts for AWS and GCP are available in GA, allowing programmatic correction of recommendations on a large scale.
  • Update GitHub Application Permissions: GitHub users need to update the Microsoft Security DevOps application permissions to include read permissions for GitHub Copilot Business.
  • New Compliance Standards: Compliance standards added in preview in March, such as CIS Google Kubernetes Engine Benchmark, ISO/IEC 27001 and 27002, and others, are now available in GA.
  • Inventory Experience Improvements: Starting July 11, 2024, the inventory experience has been improved with updates to the Azure Resource Graph query logic.
  • Default Running Container Mapping Tool in GitHub: From August 12, 2024, the container mapping tool will run by default as part of the Microsoft Security DevOps action in GitHub.

Protect

Azure Backup

Customer-Managed Key Encryption for Backup Vaults

Azure Backup now supports the use of customer-managed keys (CMK) for encrypting backup data in Backup Vaults. This functionality, already available for Recovery Services Vaults, is now accessible for all Backup Vaults in Azure public regions. Users can create new backup vaults or update the encryption settings of existing ones to use CMK.

Backup and Restore of Virtual Machines with Private Endpoint-Enabled Disks

Backup and restore of Azure virtual machines using disks with private endpoints enabled are now available. This support is available for both standard and enhanced backup policies and can be configured through standard Azure Backup experiences. During the restore, users can specify the network access settings for the restored disks, choosing from using the same network configuration as the source disks, access only from specific networks, or public access from all networks.

Azure Site Recovery

Support for Azure Trusted Launch VMs (Windows OS)

Microsoft announces the availability of support for Azure Site Recovery for Azure Trusted Launch VMs. Azure Trusted Launch VMs offer advanced security for Azure Generation 2 VMs, enabling Secure Boot and vTPM capabilities. This availability is specific to Windows operating systems.

Deletion or Reset of Azure Site Recovery Replication Appliance

Microsoft has announced the option to delete or reset the Azure Site Recovery replication appliance. If all components of the appliance are in a healthy state, it is possible to reset the appliance to factory state. If the appliance is in a critical state and there is no connectivity with the appliance, it can be deleted from the Azure portal.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Please follow and like us: