Azure Management services: what’s new in September 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Monitor

Azure Monitor

Azure Monitor Metrics Export (preview)

Azure Monitor Metrics Export is now available in Public Preview and configurable via Data Collection Rules (DCR), allowing Azure resource metric data to be directed to Azure Storage Accounts, Azure Event Hubs, and Azure Log Analytics Workspaces for 18 types of resources and in 10 public Azure regions. Some of the key benefits of Azure Monitor Metrics Export include:

• Scalability: DCR, the data collection configuration mechanism in Azure Monitor, allows you to configure collection once and apply it at scale to many resources, supporting management across multiple subscriptions.
• Flexibility in data collection: Customers can select specific metrics or all metrics for a given set of resources, thus controlling volumes and associated costs.
• Full-fidelity, low-latency export: Metric data is exported with dimensional information to facilitate correlation, significantly improving export latency (~70%) compared to diagnostic settings.

Configure

Update management

Retirement of Automated Patching and introduction of Azure Update Manager

As of September 15, 2027, the Automated Patching feature has been retired and replaced with Azure Update Manager. This decision was made to ensure a more efficient and centralized update management process. Azure Update Manager is an enterprise-level tool that offers several advanced features:

• Centralized update management: Provides a unified dashboard to view and manage updates across the entire environment, including virtual machines, on-premises servers, and hybrid scenarios.
• Custom scheduling: You can create custom update schedules based on business needs, whether they are weekly, monthly, or scheduled on specific dates.
• Patch compliance reports: Azure Update Manager generates detailed reports on patch compliance, keeping users informed about the status of updates across the entire infrastructure.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure Container Storage enabled by Azure Arc Edge Volumes (preview)

Microsoft has announced the Public Preview of Azure Container Storage enabled by Azure Arc Edge Volumes, a versatile new feature designed to improve data management in edge environments. Azure Arc Edge Volumes offers two main functionalities: Local Shared Volume and Cloud Ingest Volume. Local Shared Volume provides high-availability storage with failover capabilities, remaining operational even without cloud connectivity, making it ideal for temporary storage and local application state data. Cloud Ingest Volume, on the other hand, allows transparent ingestion of unlimited file data from edge environments into Blob Storage, including ADLSgen2 and OneLake. The storage capacity for ingestion is user-defined, ensuring available space even during disconnections, with the option to delete local data once uploading to Blob is complete. Both solutions are based on advanced features to maintain data integrity, optimize the use of local resources, and are ideal for IoT applications. With Edge Volumes, it is possible to write to a local file system using standard I/O APIs, simplifying application code.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

• Improvements to Cloud Security Explorer experience: Increased performance, enriched data for each cloud asset, and enhanced CSV export with more details on exported assets.
• General Availability of File Integrity Monitoring (FIM): Now available as part of Defender for Servers Plan 2, allowing real-time monitoring of critical files and logs to comply with regulations and detect suspicious changes.
• FIM migration experience: A new in-product feature has been released to migrate FIM configurations from the Log Analytics Agent (MMA) to Defender for Endpoint, easing the transition.
• Deprecation of MMA auto-provisioning: Starting in September 2024, MMA auto-provisioning will be progressively disabled, with full deactivation by November 2024.
• Integration with Power BI: Allows the creation of custom reports and dashboards to analyze security posture and compliance recommendations.
• Updates to multicloud CSPM requirements: New IP addresses to improve multicloud discovery services, requiring IP whitelist updates by October 2024.
• Deprecation of Defender for Servers features: Adaptive application controls and Adaptive network hardening are now deprecated.
• Compliance with the Spanish ENS standard: Added the ability to monitor compliance with the National Security Scheme (ENS) standard in Defender for Cloud’s compliance dashboard.
• Remediation of system updates and patches: It is now possible to apply update recommendations to Azure Arc machines and Azure VMs via Azure Update Manager.
• Integration with ServiceNow: The integration now includes the configuration compliance module, enabling the identification and resolution of cloud asset configuration issues.
• Deprecation of Defender for Storage (classic): As of February 5, 2025, transaction protection plans will no longer be available for new subscriptions.
• General availability of Azure Policy guest configuration: Now available for multicloud customers of Defender for Servers Plan 2, offering unified management of security configurations on Windows and Linux machines.
• Support for Docker Hub in Defender for Containers: In public preview, enabling the scanning of Docker Hub images to identify and mitigate security threats.

Protect

Azure Backup

Backup Center will no longer be available in Azure portal’s global search

The new Azure Business Continuity Center (ABCC), introduced in Public Preview in November 2023, offers centralized and simplified management for data protection and recovery in Azure and hybrid environments, progressively replacing the previous Backup Center. Designed as an advanced evolution of Backup Center, ABCC allows unified management of solutions like Azure Backup and Azure Site Recovery. Access to the service is immediate, with no prerequisites or additional costs. Even for Backup Center users, no specific actions are required: Azure Business Continuity Center is already available directly from the Azure portal.

Azure Site Recovery

Update Rollup 75 for Azure Site Recovery has been released, addressing various issues and introducing some improvements. The relevant details and procedure for installation can be found in the specific KB.

Automatic certificate renewal for Azure Site Recovery from on-premises to Azure

Azure Site Recovery has introduced a new feature that enables automatic certificate renewal for data protection from on-premises to Azure in disaster recovery scenarios. Certificates are crucial to ensure communication between the various components involved in the recovery process and must be regularly renewed to avoid interruptions in Azure Site Recovery operations, such as data replication. As of August 2024, certificates used for replication from VMware to Azure, introduced in the 2021 Public Preview, will begin to expire. Thanks to this new automatic renewal capability, customers can avoid interruptions during data replication as long as the mobility agent and components within the appliance are updated to the latest available version. If communications or updates are missed, automatic renewal may fail, generating errors in the health of the appliance or agent. Customers are encouraged to follow official documentation to manually renew certificates if needed.

Support for Azure Trusted Launch VMs – Linux OS (preview)

Support for Azure Site Recovery for Azure Trusted Launch virtual machines running Linux operating systems is available in Private Preview. Azure Trusted Launch VMs offer advanced security for Azure generation 2 VMs, enabling features such as Secure Boot and vTPM. This Private Preview focuses exclusively on supporting virtual machines with Linux operating systems, while support for Windows OS VMs is already in General Availability. This new feature provides enhanced protection and recovery options for businesses using virtual machines with advanced security requirements in Linux environments.

Retirement of Classic Alerts

Azure Site Recovery recently introduced a new and improved alert management solution based on Azure Monitor. This solution offers several advantages, including:

• Notification configuration: Allows notifications to be sent using a wide range of channels.
• Notification scenario selection: Enables you to choose which scenarios to receive notifications for.
• Programmable alert management: Offers the ability to programmatically manage alerts and notifications.
• Consistent alert management experience: Ensures consistent alert management across various Azure services, including backup.

The next step involves retiring the previous Classic Alerts solution for Azure Site Recovery, set for September 23, 2027. If you are using the old classic alert solution, it is recommended to migrate to Azure Monitor Alerts. A guided experience is available through the Business Continuity Center and the Recovery Services Vault to migrate to Azure Monitor Alerts in a few clicks.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.