Category Archives: Announcements and updates

Azure IaaS and Azure Stack: announcements and updates (October 2019 – Weeks: 39 and 40)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Large file shares (100 TiB) Azure FIles standard preview available in new regions

Azure Files standard large file shares (LFS) preview in available in two more regions: North Europe and East Asia. Please see the full region list at this page.

New version of Azure Storage Explorer

This month Microsoft released a new version of Azure Storage Explorer, 1.10.0. This latest version of Storage Explorer introduces several new features and delivers significant updates to existing functionality. These features and changes are all designed to make users more efficient and productive when working with Azure Storage, CosmosDB, ADLS Gen2, and, starting with 1.10.0, managed disks. You can download Storage Explorer 1.10.0 to take advantage of all of these new features.

Increment snapshots of Azure managed disks in preview

The preview of incremental snapshots of Azure managed disks is now available. Incremental snapshots are a cost-effective point-in-time backup of managed disks. Unlike current snapshots, which are billed for the full size, incremental snapshots are billed for the delta changes to disks since the last snapshot. They are always stored on the most cost-effective storage i.e., standard HDD irrespective of the storage type of the parent disks. Additionally, for increased reliability, they are stored on Zone redundant storage (ZRS) by default in regions that support ZRS. They cannot be stored on premium storage. 

Windows Virtual Desktop is generally available

Windows Virtual Desktop is generally available worldwide. It is the only service that delivers simplified management, a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. With Windows Virtual Desktop, you can deploy and scale your Windows desktops and apps on Azure in minutes. It is available in all geographies, customers will be able to deploy scalable Azure-based virtualization solutions with a number of operating systems, including Windows 10 multi-session, Windows Server, and Windows 7 desktops with free Extended Security Updates for up to three years for customers still completing their move to Windows 10.

Azure Lab Service Updates

Azure Lab Services added this new features:

  • Adjust quota per user, enabling instructors to give additional hours to students as needed.
  • An option to install GPU drivers automatically if a GPU size is picked. 
  • An updated and improved UI experience.

Private Link for Azure SQL Database and Data Warehouse is in preview

Private Link enables you to connect to Azure SQL Database and Data Warehouse via a private endpoint. Use it to establish cross-premises access to the private endpoint using ExpressRoute, private peering, or VPN tunneling, or you can choose to disable all access via public endpoint.

Preview of direct-upload to Azure managed disks

You can directly upload your VHD do Azure Managed disks without converting them. The direct-upload is in preview.

Azure File Sync agent version 4.x will expire

On November 5, 2019, Azure File Sync agent version 4.x will be expired and stop syncing. If you have servers with agent version 4.x, update to a supported agent version (5.x or later). If you don’t update your servers before November 5, 2019, they will stop syncing. To resume syncing, the agent must be updated to a support version.

Azure IaaS and Azure Stack: announcements and updates (September 2019 – Weeks: 37 and 38)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

New cloud regions in Germany

Microsoft Azure is available from new cloud regions in Germany. Azure is available in new cloud datacenter regions in Germany, Germany West Central (located in Frankfurt) and Germany North (located in Berlin), to provide greater flexibility, the latest intelligent cloud services, full connectivity to the global cloud network, and data residency within Germany. The new regions with German-specific compliance, including Cloud Computing Compliance Controls Catalogue (C5) attestation, and will remove barriers so in-country companies can benefit from the latest solutions such as containers, IoT, and AI.

Azure Firewall is ISO compliant

Azure Firewall is Payment Card Industry (PCI), Service Organization Controls (SOC), and International Organization for Standardization (ISO) compliant. It currently supports SOC 1 Type 2, SOC 2 Type 2, SOC 3, PCI DSS, and ISO 27001, 27018, 20000-1, 22301, 9001, 27017. For more information, see the Microsoft Compliance Guide.

New Azure ExpressRoute sites

The following new ExpressRoute meet-me sites are now live:

  • Copenhagen
  • Stockholm
  • Munich

Azure Private Link in preview

Private Link simplifies the network architecture and secures the connection between endpoints in Azure by keeping data on the Azure network, thus eliminating exposure to the internet. Private Link also enables you to create and render your own services on Azure. During public preview, Private Link supports Azure Storage, Azure Data Lake Storage Gen 2, Azure SQL Database, Azure SQL Data Warehouse, and customer-owned services.

Monitor bandwidth for all peered Azure virtual networks with ExpressRoute

Azure network monitoring solutions including Network Performance Monitor and Network Watcher help monitor your networks in the cloud and in hybrid environments. ExpressRoute Monitoring enables you to monitor network performance over ExpressRoute circuits that are configured to use private peering or Microsoft peering.

Azure Monitor for Azure Virtual Machines is available in additional regions

Monitor for Virtual Machines monitors and analyzes the performance and health of your Windows and Linux virtual machines hosted in Azure, on-premises, or with another cloud provider. Azure Monitor for Azure Virtual Machines is now available in Japan East, North Europe, and East US2.

Service Map feature of Azure Monitor is available in additional regions

Service Map automatically discovers application components on Windows and Linux systems and maps communication between services. The feature enables you to view your servers, processes, inbound and outbound connection latency, and ports as interconnected systems. The Service Map feature of Azure Monitor is available in Japan East, North Europe, and East US2.

Zone Redundant Storage (ZRS) for Azure Files premium tier

Zone Redundant Storage (ZRS) is available for Azure Files premium tier. The ZRS replication provides customers a choice of performant Azure Files services with higher availability. With the release of ZRS support, Azure Files premium tier now offers two durability options:

  • Zone redundant storage (ZRS) for data protection against entire zonal outage.
  • Locally-redundant storage (LRS) for lower cost-effective storage for data protection against hardware failure.

Currently, ZRS option is available in West Europe and we plan to gradually expand the regional coverage.

Azure Lab Services supports new GPU Virtual Machine sizes

Azure Lab Services supports two new 6-core GPU Virtual Machine sizes:

  • Small GPU (Compute): 6 cores, 56 GB RAM, 139 Lab units.
    • Available in US, North Europe, and West Europe regions
    • Best-suited for compute-intensive and network-intensive applications such as Artificial Intelligence and Deep Learning
  • Small GPU (Visualization): 6 cores, 56 GB RAM, 160 Lab units.
    • Available in US, North Europe, West Europe, and Australia regions
    • Best-suited for remote visualization, streaming, gaming, and encoding using frameworks such as OpenGL and DirectX.

M-series virtual machines (VMs) are available in new regions

Azure M-series VMs are now available in: Germany West, Germany North, Switzerland West and Switzerland North. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure IaaS and Azure Stack: announcements and updates (September 2019 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Microsoft Azure available from new cloud regions in Switzerland

Microsoft announced the availability of new Azure Regions in Switzerland. With the Azure Region Switzerland West and Switzerland North, Microsoft addresses the need of customers to have cloud regions and datacenters available in Switzerland. Remember that not all services are available in all Azure regions. You can find more information about the products and services available in the Swiss Azure regions on the Azure website.

31 new Azure edge sites

Microsoft announced the addition of 31 new edge sites, bringing the total to over 150 across more than 50 countries. Microsoft is also adding 14 new meet-me sites to Azure ExpressRoute to further enable and expand access to dedicated private connections between customers’ on-premises environments and Azure.

Azure Firewall in China

Azure Firewall is also available in China.

Azure DevTest Labs now integrates with Azure Bastion

Azure DevTest Labs now integrates with Azure Bastion, enabling you to connect to your virtual machines through a web browser. Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. As a lab owner, it’s possible to enable your lab virtual machines to have browser-based access provided they’re created in a virtual network that has Azure Bastion configured on it.

Azure Stack

Azure App Service on Azure Stack Update 7 (1.7)

This release updates the resource provider and brings the following key capabilities and fixes:

  • Updates to **App Service Tenant, Admin, Functions portals and Kudu tools**. Consistent with Azure Stack Portal SDK version.
  • Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.
  • Access Restrictions now enabled in User Portal

All other fixes and updates are detailed in the App Service on Azure Stack Update Seven Release Notes.

Diagnostic log collection is generally available for Azure Stack

The Azure Stack diagnostic log collection service provides a simplified way for Azure Stack operators to collect and share diagnostic logs with Microsoft Customer Support Services (CSS). A new user experience in the Azure Stack administrator portal is available for operators to set up the automatic upload of diagnostic logs to a storage blob when certain critical alerts are raised, or to perform the same operation on demand.

Azure IaaS and Azure Stack: announcements and updates (August 2019 – Weeks: 33 and 34)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Geo Zone Redundant Storage in Azure in preview

Geo Zone Redundant Storage provides a great balance of high performance, high availability, and disaster recovery and is beneficial when building highly available applications or services in Azure. Geo Zone Redundant Storage helps achieve higher data resiliency by doing the following:

  • Synchronously writing three replicas of your data across multiple Azure Availability Zones, such as zone-redundant storage today, protecting from cluster, datacenter, or entire zone failure.

  • Asynchronously replicating the data to another region within the same geo into a single zone, such as locally redundant storage, protecting from a regional outage.

Ultra Disks generally available

Microsoft Azure Ultra Disks is the new managed disks offering which is now generally available for running data intensive business critical workloads on cloud requiring high IO performance and low latency. With the introduction of Ultra Disk Storage, Azure includes four types of persistent disk: Ultra Disk Storage, Premium SSD, Standard SSD, and Standard HDD. This portfolio gives you price and performance options tailored to meet the requirements of every workload.

Azure File Sync agent v7.2

Azure File Sync agent v7.2 update rollup is on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes if the proxy configuration is null.
  • Server endpoint will start BCDR (error 0x80c80257 – ECS_E_BCDR_IN_PROGRESS) if multiple endpoints on the server have the same name.
  • Cloud tiering reliability improvements.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 7.2.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4490497.

Azure Files Azure Active Directory Domain Services (Azure AD DS) Authentication

General Availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. By enabling integration with Azure AD DS, you can mount your Azure file share over SMB using Azure AD credentials from Azure AD DS domain joined Windows VMs with NTFS ACLs enforced.

Just-in-time (JIT) VM access for Azure Firewall is generally available
Use it to secure your Azure Firewall protected environments in addition to your NSG protected environments.

Azure IaaS and Azure Stack: announcements and updates (August 2019 – Weeks: 31 and 32)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure Dedicated Host

Azure Dedicated Host is a new Azure service that enables you to run your organization’s Linux and Windows virtual machines on single-tenant physical servers. Azure Dedicated Hosts provide you with visibility and control to help address corporate compliance and regulatory requirements. Azure Dedicated Host is in preview in most Azure regions.

Azure marketplace charges are available in Azure Cost Management for Pay-As-You-Go customers

Azure marketplace charges within Cost Analysis tool for Pay-As-You-Go customers are available. As a part of this preview you can analyze marketplace charges alongside Azure service charges within Cost Analysis and reconcile Azure marketplace invoice using both Cost Analysis and a new usage csv download API.

Network security group improvements

New improvements have been added to network security group (NSG), which filters network traffic to and from various Azure resources:

  • Specify ICMP as the protocol in your NSG rules, in addition to TCP, UDP, or Any.
  • Override the default Azure platform considerations by creating an NSG rule with the following service tags. Please exercise caution when using these tags.
    • ​​AzurePlatformDNS for DNS
    • AzurePlatformIMDS for IMDS
    • AzurePlatformLKM for Windows licensing (Key Management Service)
Azure File Sync agent v7.1 update rollup

Azure File Sync agent v7.1 update rollup is on Microsoft Update and Microsoft Download Center. Improvements and issues that are fixed:

  • Accessing or browsing a server endpoint location over SMB is slow on Windows Server 2012 R2.
  • Increased CPU utilization after installing the Azure File Sync v6 agent.
  • Cloud tiering telemetry improvements.
  • Miscellaneous reliability improvements for cloud tiering and sync.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 7.1.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4490496.

Most cost-effective storage offering

Microsoft has dropped Azure Archive Storage prices by up to 50 percent in some regions. The new pricing is effective immediately.

New AMD-based Azure VMs for general purpose and memory intensive workloads

New Azure virtual machines part of the Dv3 and Ev3-series, optimized for general purpose and memory intensive workloads, are in Preview. The new general purpose Da_v3 and Das_v3 Azure VM-series provide up to 64 vCPUs, 256 GiBs of RAM and 1,600 GiBs of SSD-based temporary storage. Das_v3 Azure VM-series supports Premium SSD disk storage. The new memory optimized Ea_v3 and Eas_v3 Azure VM-series provide up to 64 vCPUs, 432 GiBs of RAM and 1,600 GiBs of SSD-based temporary storage. Eas_v3 Azure VM-series supports Premium SSD disk storage.

M-series virtual machines (VMs) are generally available in the Brazil South Region

Azure M-series VMs are available in the Brazil South region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure Geo and Zone Redundant Storage in public preview

Azure Geo and Zone Redundant Storage (GZRS) helps customers achieve higher data resiliency by Synchronously writing three replicas of your data across multiple Availability Zones and Asynchronously replicating the data to another region within the same geo into a single zone (like LRS today) protecting from a regional outage.

Azure Files Active Directory (Azure AD) authentication with Azure AD domain services is generally available

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard SMB protocol. Integration with Azure AD enables SMB access to Azure file shares using Azure AD credentials from Azure AD domain services domain joined Windows VMs.

Azure Firewall feature updates for July 2019

Here are the Azure Firewall feature updates for July 2019:

  • Multiple public IPs is generally available in all Azure public regions.
  • Availability Zones is now generally available.
  • SQL FQDN filtering is now in preview in all Azure regions.
  • Azure HDInsight FQDN tag is now in preview in all Azure public regions.
  • Central management using partner solutions

Azure IaaS and Azure Stack: announcements and updates (July 2019 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure File Sync supports the firewall and virtual network setting on storage accounts

To configure your Azure File Sync deployment to work with the firewall and virtual network setting, perform the following steps:

  • Go to the storage account you want to secure.
  • Click on the settings menu called Firewalls and virtual networks.
  • Click on allow access from Selected networks.
  • To enable servers to sync to the Azure file share, verify the server’s IP address or virtual network has been added.
  • To enable the Storage Sync Service to access the storage account and Azure file share, verify the Allow trusted Microsoft services to access this storage account is selected.
  • Click Save to save your settings.

This feature works with any Azure File Sync agent version.

Azure File Sync agent v7.2 update

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes if the proxy configuration is null.
  • Server endpoint will start BCDR (error 0x80c80257 – ECS_E_BCDR_IN_PROGRESS) if multiple endpoints on the server have the same name.
  • Cloud tiering reliability improvements.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

New features to IPv6 support for Azure VNets

In addition to the preview capabilities announced on April 23, IPv6 for Azure VNET public preview now includes:  

  • Standard IPv6 Public Load Balancer support to create resilient, scalable applications which includes:
    • IPv6 health probe to determine which backend pool instances are healthy and thus can receive new connections. 
    • Outbound Rules provide full declarative control over outbound connectivity to precisely tune your network for scale and resiliency.
    • Multiple Front-end Configurations enable a single load balancer to use multiple IPv6 Public IP addresses – the same frontend protocol and port can be reused across frontend addresses.
  • Instance-level Public IP provides IPv6 Internet connectivity directly to Individual VM’s
  • Azure Portal support for the preview now includes interactive create/edit/delete of dual stack (IPv4/IPv6) Virtual Networks and subnets, IPv6 Network Security Group Rules, IPv6 User defined routes, and IPv6 Public IP’s. 

Azure Security Center launched new network recommendations

There are new and updated Azure Security Center networking recommendations. For more information, see the Network Recommendations section in the Azure Security Center documentation.

Proximity placement groups are in preview

A proximity placement group is an Azure Virtual Machine logical grouping capability that you can use to decrease network latency among VMs. When the VMs are deployed within the same proximity placement group, the VMs are physically located as close as possible to each other. Proximity placement groups are particularly useful to address the requirements of latency-sensitive workloads.

New 48 vCPUs Azure Virtual Machine sizes are available

New 48 vCPUs sizes for the Dv3, Dsv3, Ev3, Esv3, Fsv2, and Lsv2 Azure Virtual Machines (VMs) are available so you can better match your workload requirements.

Azure Mv2-series VMs up to 6 TB of memory are available for the US West 2 region

Azure Mv2-series virtual machines are hyper-threaded and feature Intel® Xeon® Platinum 8180M 2.5 GHz (Skylake) processors, offering up to 208 vCPU in 3 TB and 6 TB memory configurations. Mv2 virtual machines provide unparalleled computational performance to support large in-memory databases and workloads such as SAP HANA and SQL Hekaton. Mv2 VMs are available in US East, US East 2 regions, and US West 2 regions. Mv2 VMs in Europe West, Europe North, and Southeast Asia regions will become available in the coming months.

Availability Zones support is available for Azure Kubernetes Service (AKS) in preview

Availability Zones support is now available for AKS in preview. Protect applications and data from datacenter failures with redundancies across Availability Zones and achieve higher availability and resiliency for worker nodes with Availability Zones, used in conjunction with Azure Standard Load Balancer.

Network Performance Monitor in Central India

Network Performance Monitor is now available in Central India region.

Azure Lab Services updates

  • Azure Lab Services has a new instance size available: Medium (nested virtualization)
  • Azure Lab Services has removed the unlimited option from quota per user so lab owners can intentionally choose a specific number of hours needed for each lab to help save costs.
  • Azure Lab Services supports the ability to reset passwords and to provide added support for Ubuntu images.

Azure Stack

Azure Stack 1907 update

Azure Stack 1907 Update is available. Check the release notes for more details.

Azure IaaS and Azure Stack: announcements and updates (July 2019 – Weeks: 27 and 28)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Pubic preview for large file shares (100 TiB) on standard tier

Announced the public preview of large file shares for Azure Files standard tier. Azure File Sync, until now, scaling cloud file shares beyond 5 TiB required changing the paradigm for accessing data. The preview of a larger and higher scale standard tier for Azure Files, is available to all Azure customers. This preview significantly improves your experience by increasing standard file shares’ capacity and performance limits. In select regions, standard file shares in general purpose accounts can support the following larger limits:

Azure Files Before (standard tier) New (standard tier)
Capacity per share 5 TiB 100 TiB (20x increase)
Max IOPS per share 1,000 IOPS 10,000 IOPS (10x increase)
Max throughput per share Up to 60 MiB/s Up to 300 MiB/s (5x increase)

Performance limits for a single file remain the same at 1 TiB, 1000 IOPS, and 60 MiB/s. Standard file shares are backed by hard disk drives. If the workload is latency sensitive, you should consider Azure Files premium tier, that is backed by solid-state drives.

New larger B-series VM sizes with flexible CPU usage

Microsoft has released three new B-series sizes: B12ms, B16ms and B20ms. These are lower cost VMs with flexible CPU usage.

Azure Data Box Heavy is generally available

Azure Data Box Heavy has reached general availability in the US and EU. Data Box Heavy is designed for a much larger scale than the original Data Box. Data Box Heavy’s one petabyte of raw capacity and multiple 40 Gbps connectors mean that a datacenter’s worth of data can be moved into Azure in just a few weeks.

Network Watcher is Generally Available in South Africa

Network Watcher is a cloud based solution for troubleshooting and monitoring networks in Azure. Azure Network Watcher is generally available in South Africa North region.

Azure Ephemeral OS Disk is Generally Available

Ephemeral OS disks are created on the local virtual machine (VM) storage and not saved to the remote Azure Storage. Ephemeral OS disks work well for stateless workloads, where applications are tolerant of individual VM failures, but are more affected by VM deployment time or reimaging the individual VM instances. With Ephemeral OS disk, you get lower read/write latency to the OS disk and faster VM reimage. Ephemeral OS disk is free i.e., you incur no storage cost for the OS disk. You can still be charged for any data disks attached to the VM. You can use either the Marketplace or Custom or Gallery Images to deploy VM/VM Scale Set (VMSS) with Ephemeral OS Disk. This functionality is available in all Azure regions.

Azure Monitor for VMs is available in East and South East Australia regions

Azure Monitor for VMs is now available in East Australia and South East Australia. Azure Monitor for VMs monitors your Azure virtual machines and virtual machine scale sets. The service analyzes the performance and health of your Windows and Linux VMs, monitoring their processes and their dependencies on other resources and external processes.

Azure Migrate is enhanced

Azure Migrate is now enhanced and can help you discover, assess, and migrate applications, infrastructure, and data from your on-premises environments to Azure. You can centrally track progress of your migration journey across multiple Microsoft and Independent Software Vendor (ISV) tools in Azure Migrate.

This release includes the following functionality:

  • Extensible approach with choice across Microsoft and popular ISV assessment and migration tools

  • Integrated experience for discovery, assessment, and migration with end-to-end progress tracking for servers and databases

  • Server Assessment and Server Migration for large-scale VMware, Hyper-V, and physical server migrations

  • Database Assessment and Database Migration across various database targets including Azure SQL Database and Managed Instance

Azure IaaS and Azure Stack: announcements and updates (June 2019 – Weeks: 25 and 26)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

General availability of Azure Premium Files

Premium Files is a new performance tier for Azure Files and is designed for IO intensive workloads with low latency and higher throughput requirements. Premium tier provides 20x capacity, 100x IOPS, and 170x throughput as compared to the existing standard tier. Premium Files stores data on the latest Solid-State Drives (SSDs), which makes it suitable for wide variety of workloads like file services, databases, persistent storage for containers, content and collaboration repositories, analytics, home directories, high variable and batch workloads, among many others. 

Azure Bastion Public Preview

Azure Bastion enables more secure and seamless RDP and SSH access to Azure Virtual machines directly in the portal (over port 443) without the need of any public IP on the virtual machine. Additional details are available on the Azure Bastion product page, and Azure Bastion product documentation page.

Azure Firewall: public preview for multiple public IPs and Availability Zones

Azure Firewall now supports multiple public IPs and availability zones in public preview using PowerShell and templates:

Just-in-time access supports Azure Firewall

When a user requests access to a VM with a JIT policy, Security Center first checks that the user has Role-Based Access Control (RBAC) permissions to request access to a VM with a JIT policy. If the user has permissions and the request is approved, Security Center automatically configures the NSG and the Azure Firewall rules to allow inbound traffic.

ExpressRoute supports up to 4 circuits from the same peering location into the VNet

ExpressRoute now supports up to 4 circuits from a single peering location connected to an ExpressRoute virtual network gateway, which was previously limited to a single circuit in a peering location. This is generally available in Azure Public.

Preview Refresh for Azure DNS Private Zones

Announced the Refresh release for Azure DNS private zones (preview). The Preview Refresh introduces new functionality and lifts several restrictions that public preview had.

Availability of Microsoft cloud datacenter regions in the Middle East

Microsoft Azure and Office 365 are now generally available from datacenter regions in the United Arab Emirates (UAE), with plans for Dynamics 365 and Power Platform to be available by the end of 2019.

VM Health feature now supports new OS’ and is available in new regions

VM Health feature now supports new OS’ and is available in new regions

VM Health feature included in Azure monitor for VMs is now available for VMs that are running on Windows 2012 R2 and 2019. Additionally, VM Health feature is also available in cases where the associated workspace is in SEA (South East Asia), UKS (UK South), and CCAN (Canada Central) regions.

Public preview of monitoring VM scale sets

Public preview of monitoring Windows and Linux VM scale sets from within the scale set resource blade.

Update rollup for Azure File Sync Agent

An update rollup for the Azure File Sync agent was released.

Improvements and issues that are fixed:

  • Accessing or browsing a server endpoint location over SMB is slow on Windows Server 2012 R2.
  • Increased CPU utilization after installing the Azure File Sync v6 agent.
  • Cloud tiering telemetry improvements.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 6.3.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4489739.

M-series VMs are available in the South Africa North region

Azure M-series VMs are now available in the US South Central region. M-series VMs offer configurations with memory from 192 GB to 3.8TiB (4TB) RAM and are certified for SAP HANA.

GPU Optimized Visualization VMs now available in new regions

NVv3-Series VMs are now available in South Central US, West US, West Europe and North Europe Azure regions.

Azure Stack

Azure Stack update

This update includes new improvements, and fixes for Azure Stack. This article describes the contents of the 1906 update package.

Azure IaaS and Azure Stack: announcements and updates (June 2019 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Web Application Firewall (WAF) for Azure Front Door service is generally available

Customers can use WAF to define security policies that allow, block, forward or rate limit access to their web applications delivered through Azure Front Door.

  • A WAF security policy may consist of an ordered list of custom rules and Azure managed pre-configured rulesets.
  • Custom rules are based on a combination of client IP addresses, geolocation, http parameters, request methods and size constraints.
  • The pre-configured default rule set can be enabled to protect your applications from OWASP top 10 threats.
  • New or updated WAF configurations are deployed globally within minutes, letting you respond quickly to changing attack patterns.
  • WAF for Azure Front Door is integrated with Azure Monitor and the logs can be accessed through an Azure storage account, Azure Event Hub or Azure Log Analytics.

DevTest Labs supports the Shared Image Gallery feature

It enables lab users to access images from a shared location while creating lab resources. It also helps you build structure and organization around your custom-managed VM images.

High-Performance Computing Virtual Machines are available in West US 2, East US

HC-series Virtual Machines, designed to provide supercomputer-grade performance and scalability with the best price-performance on the public cloud, are generally available in West US 2 and East US.

Azure File Sync is GA for Azure Government cloud

Azure File Sync is generally available for Azure Government cloud. Azure File Sync in Government Cloud can be used with the same v6 agent that a customer would use in public cloud. It is at feature parity with what’s available publicly.

Azure Shared Image Gallery are generally available

Shared Image Gallery provides a simple way to share your applications with others in your organization, within or across Azure Active Directory (AD) tenants and regions. This enables you to expedite regional expansion or DevOps processes and simplify your cross-region HA/DR setup.

Azure DevTest Labs: PowerShell module to simplify management of labs

You can now make use of Az.DevTestLabs, a PowerShell module to simplify the management of Azure DevTest Labs. It provides composable functions to create, query, update and delete labs, virtual machines, custom images and environments.

Advanced data security for SQL servers on IaaS

Advanced data security is now available for SQL Server on Azure Virtual Machines. Advanced data security for SQL Server on Azure Virtual Machines currently includes functionality for surfacing and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate a threat to your server.

Adaptive Network Hardening in Security Center id generally available

Security Center learns the network traffic and connectivity patterns of Azure workloads and provides NSG rule recommendations, for Internet facing virtual machines. This helps our customer better configure their network access policies and limit their exposure to attacks.

Azure Application Gateway Web Application Firewall custom rules are Generally Available

Custom rules for WAF_v2 allow customers to create their own rules with IP/IP range or String based matching conditions. For example, customers will be able to create rules which block requests from a specific IP range, or those matching a specific regular expression in the request’s header/cookie/URI/queryString/form elements. Users can also join multiple matching conditions into a single custom rule. More details can be found here.

Update rollup for Azure File Sync Agent

Improvements and issues that are fixed
  • After creating a server endpoint, High CPU usage may occur when background recall is downloading files to the server.
  • Sync and cloud tiering operations may fail with error ECS_E_SERVER_CREDENTIAL_NEEDED due to token expiration.
  • Recalling a file may fail if the URL to download the file contains reserved characters.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 6.2.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4489738.

Azure IaaS and Azure Stack: announcements and updates (June 2019 – Weeks: 21 and 22)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Generation 2 virtual machines in Azure in Public Preview

Generation 2 virtual machines use the new UEFI-based boot architecture vs. the BIOS-based architecture used by Generation 1 VMs. The new architecture enables customers to:

  • Build large virtual machines (up to 12TB)
  • Provision OS disks sizes that exceed 2TB, and
  • Leverage advanced security capabilities like SecureBoot and Virtual Trusted Platform Module (vTPM) to secure their Virtual Machines.

If you want to take advantage of these features, you can now create Generation 2 virtual machines in Azure. For a complete list of capabilities, limitations and details associated with the deployment of Generation 2 virtual machines on Azure, please refer to this documentation.

Azure DDoS Protection Standard introduces DDoS Alert integration with Azure Security Center

DDoS Protection Standard customers can view DDoS Alerts in Azure Security Center (ASC) and this capability is generally available for all ASC and DDoS Standard customers. These DDoS alerts will be available for review in the Security Center in near real-time without any setup or manual integrations required and will provide details on DDoS attacks detected and automatically mitigated by the service.

General availability of Azure NetApp Files

Azure NetApp Files, the industry’s first bare-metal cloud file storage and data management service, is general availability (GA). Azure NetApp Files is an Azure first-party service for migrating and running the most demanding enterprise file-workloads in the cloud including databases, SAP, and high-performance computing applications with no code changes. Azure NetApp Files is a fully managed cloud service with full Azure portal integration. It’s sold and supported exclusively by Microsoft. Customers can seamlessly migrate and run applications in the cloud without worrying about procuring or managing storage infrastructure. Additionally, customers can purchase Azure NetApp Files and get support through existing Azure agreements, with no up-front or separate term agreement.

OpenVPN support in Azure VPN gateways

Microsoft announced the General Availability (GA) of OpenVPN protocol in Azure VPN gateways for P2S connectivity. Form more details you can read this article.

Azure Mv2 Virtual Machines are generally available

Azure Mv2-series virtual machines are hyper-threaded and feature Intel® Xeon® Platinum 8180M 2.5GHz (Skylake) processor, offering up to 208 vCPU in 3TB and 6 TB memory configurations. Mv2 virtual machines provide unparalleled computational performance to support large in-memory databases and workloads such as SAP HANA and SQL Hekaton. Mv2-series VMs are certified by SAP for SAP HANA OLTP and OLAP production workloads. Mv2 VMs are available in US East and US East 2 regions. Mv2 VMs in U.S. West 2, Europe West, Europe North and Southeast Asia regions will become available in the coming months.

Azure Stack

Azure App Service on Azure Stack 1.6 (Update 6) Released

This release updates the resource provider and brings the following key capabilities and fixes:

  • Updates to App Service Tenant, Admin, Functions portals and Kudu tools. Consistent with Azure Stack Portal SDK version.
  • Updates to Kudu tools to resolve issues with styling and functionality for customers operating disconnected Azure Stack.
  • Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.

All other fixes and updates are detailed in the App Service on Azure Stack Update Six Release Notes. The App Service on Azure Stack Update 6 build number is 82.0.1.50.