This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figures 1 – Overview of Management Services in Azure
Monitor
Azure Monitor
Support for Operator and CRD with Azure Monitor managed service for Prometheus (preview)
Azure Monitor managed service for Prometheus introduces support for CRD (Custom Resource Definition) based configurations for scrape jobs, useful for collecting metrics from workloads running in the AKS cluster. With this update, the Managed Prometheus service configuration will distribute custom resource definitions for Pod and Service Monitor, allowing the creation of resources similar to the OSS Prometheus Operator. This functionality simplifies the configuration of scrape jobs in any namespace, eliminating the need to update the common ConfigMap in the kube-system namespace.
Dedicated Log Analytics tables for Application Gateway
Application Gateway now allows storing logs in dedicated Log Analytics tables. With this new feature, customers can choose to use resource-specific tables instead of the existing Azure Diagnostic table. In resource-specific mode, individual tables are created in the selected workspace for each category defined in the diagnostic settings. This new approach significantly improves log query capabilities while reducing ingestion latencies and query response times.
High Scale mode for Azure Monitor – Container Insights (preview)
The public preview of High Scale mode in Container Insights is designed to increase the log collection capacity from Azure Kubernetes Service (AKS) clusters. By enabling High Scale mode, Container Insights automatically makes configuration changes, significantly improving overall throughput. These optimizations occur in the background without requiring customer intervention or configuration, offering more efficient large-scale container log management.
Retirement of Azure Monitor Experience (preview) in HDInsight by February 1, 2025
As of February 1, 2025, Azure HDInsight will retire the use of Log Analytics in its Azure Monitor Experience (preview). Users who have already migrated from Classic Log Analytics to the new Azure Monitor Experience (preview) will have already made the necessary adjustments to the new table formats. In this case, it will be sufficient to recreate the cluster using image 2407260448 to switch to the Azure Monitor Agent (AMA) by January 31, 2025. Those who are migrating from Classic Log Analytics to Azure Monitor Agent (AMA), which replaces the Log Analytics agent, will need to make some changes to the new table formats to complete the transition.
Govern
Azure Policy
Azure Policy support for Azure Database for PostgreSQL – Flexible Server
Azure Policy now supports Azure PostgreSQL – Flexible Server, allowing you to easily apply and verify the compliance of Azure resources. With this functionality, it is possible to define, assign, and manage rules applicable to instances of Azure Database for PostgreSQL – Flexible Server, facilitating governance, improving security, and offering greater control over databases. Users can leverage predefined policies provided by Microsoft or create custom policies to meet specific business requirements.
Azure Cost Management
Updates related to Microsoft Cost Management
Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.
Secure
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month, the main updates include:
- Enabling Microsoft Defender for SQL Server at scale: It is now possible to enable Microsoft Defender for SQL Server at scale. This feature allows enabling Microsoft Defender for SQL on multiple servers simultaneously, simplifying the protection of SQL servers.
- New version of File Integrity Monitoring (FIM) based on Microsoft Defender for Endpoint (preview): The new version of File Integrity Monitoring, based on Microsoft Defender for Endpoint, is now available in public preview. Part of the Defender for Servers Plan 2, this version helps meet compliance requirements by monitoring critical files and logs in real-time and auditing changes made. Additionally, it allows for identifying potential security issues by detecting suspicious changes in file contents. With the release of this version, the FIM experience via AMA will no longer be available in the Defender for Cloud portal, while the FIM experience on MMA will remain supported until the end of November 2024. Starting in September, an integrated experience will be released, allowing the migration of the FIM configuration from MMA to the new FIM version on Defender for Endpoint.
- Retirement of the integration of Defender for Cloud alerts with Azure WAF: The integration of Defender for Cloud alerts with those of Azure WAF will be retired on September 25, 2024. No action is required from users. Sentinel customers can configure the connector for the Azure Web Application Firewall to continue monitoring their systems.
Protect
Azure Backup
Vaulted backup for Azure Blob Storage
The Vaulted Backup functionality for Azure Blob Storage is now generally available. This native, secure, managed backup solution offers an isolated copy of data, protecting critical business information stored in Azure Blob Storage from accidental deletions, corruption, and malicious attacks. With Vaulted Backup, customers can ensure rapid data recovery and maintain operational continuity, minimizing the impact of potential losses. Additionally, the solution supports regulatory compliance through long-term retention and improves backup security, making recovery possible even in the event of cyberattacks. Vaulted Backup uses blob object replication (OR) to copy data and create recovery points in storage accounts managed by Microsoft. These recovery points can be used by customers to restore data in case of loss. General availability includes new features such as prefix-based granular restores, automation tools for managing backups via PowerShell, CLI, REST API, or Bicep templates, and the ability to limit data replication exclusively to the Microsoft tenant for backup purposes, reducing the risk of data exfiltration.
Azure Evaluation
For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.
