Category Archives: Azure Management

Azure Management services: what’s new in October 2023

This month, Microsoft has introduced a series of significant updates to the Azure management services. Through this series of monthly articles, I aim to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, giving you the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

VM insights: migration to Azure Monitor agent by August 31, 2024

On August 31, 2024, VM insights based on the Log Analytics agent will be retired. It is recommended to migrate to the Azure Monitor agent for VM insights, which offers several improvements, including:

  • Enhanced security and performance.
  • Data collection rules to help reduce costs.
  • A simplified management experience, facilitating troubleshooting.

Integrated Azure Monitor alerts for Azure Site Recovery (preview)

Microsoft recently announced the preview availability of integrated Azure Monitor alerts for Azure Site Recovery. This new feature allows Azure users to more effectively monitor the status and performance of their disaster recovery environments. The integrated alerts enable rapid detection of potential issues, ensuring more efficient and proactive management of resources in emergency recovery situations. With this integration, users can configure custom alerts based on specific performance and status parameters, improving resilience and operational readiness for their systems. This feature is particularly useful for organizations requiring high standards of operational continuity and data integrity.

Govern

Azure Policy

Protection of critical infrastructures from large-scale accidental deletions with Policies

Microsoft has introduced “DenyAction” in Azure Policy. This new feature allows blocking requests based on actions taken on the resource, rather than just its configuration or properties. In practice, with Deny Action, it is possible to protect infrastructures by preventing unwanted deletion calls. While in the past Azure Policy only offered the “deny” function, which blocked requests based on specific resource configurations, now with the addition of Deny Action, the blocking capability has been extended to actions included in the request.

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure Arc-enabled SCVMM (preview)

With the recent introduction of “Azure Arc-enabled System Center Virtual Machine Manager (SCVMM)”, it is now possible to manage SCVMM VMs more efficiently directly from Azure. This innovative solution facilitates the discovery, integration, and management of VMs. Microsoft is expanding the capabilities for SCVMM enabled in Azure Arc. Thanks to this update, Azure Arc-enabled SCVMM VMs receive full support for Azure management services. This includes protection offered by Microsoft Defender for Cloud, monitoring via Azure Monitor, and updates provided by Azure Update Manager. These new features offer customers a simpler and more effective management experience of their System Center-managed assets, all through Azure.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Public preview availability of recommendations for managing DevOps security posture;
  • Release of the CIS Azure Foundations Benchmark v2.0.0 in the Regulatory Compliance dashboard.

Protect

Azure Backup

Backup Vaults with MUA (Multi-User Authorization)

Azure Backup has announced the availability of backup vaults with MUA (Multi-User Authorization). These vaults offer an integrated backup solution that protects business data through a series of advanced access features. With this release, the backup administrator, who is usually the owner of the Backup vault, needs to obtain the collaborator role on the protected resource to perform certain operations. This requires an action by the owner of the protection resource to approve and grant the requested access. Additionally, it is possible to use Azure Active Directory Privileged Identity Management to manage just-in-time access on the protected resource.

Enhanced Soft Delete

Azure has announced the availability of the “Enhanced Soft Delete” feature for Azure Backup. This feature offers additional protection against data loss, ensuring that backup data remains available for recovery, even if the backup source is deleted. The Enhanced Soft Delete feature protects against accidental deletions and malicious activities. This adds an extra layer of security and resilience to backup data.

Regional Disaster Recovery for Azure Backup for AKS (preview)

Azure Backup for AKS allows customers to protect their containerized workloads along with application data deployed on AKS clusters. The solution enables scheduled backups of AKS clusters and their restoration in various scenarios. Customers also want to use their AKS backups to recover applications in the event of a regional disaster, following industry best practices for the 3-2-1 backup strategy. With this in mind, the Azure Backup service is announcing the private preview of the regional disaster recovery capability of AKS Backup. Using this feature, it is possible to recover the AKS cluster from backups in a secondary region, such as an Azure paired region, in the event of a regional disaster.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure Management services: what's new in September 2023

In September there were several news that Microsoft announced regarding Azure management services. This article lists the main announcements, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor VM Insights now available with Azure Monitor Agent

Azure has announced the availability of “Azure Monitor VM Insights” through the use of the Azure Monitor Agent. This service offers a quick and easy way to monitor customer workloads on Azure virtual machines and scale sets, as well as on Azure Arc-enabled servers operating in an on-premises and/or multi-cloud environment.

The new version of the agent offers various benefits, including cost savings, simplified management and improved security and performance. If you were previously using VM Insights using Log Analytics Agent (now deprecated), Microsoft suggests consulting theirs migration guide to switch to the Azure Monitor Agent.

Historical view for Azure Monitor alerts (preview)

Monitoring resources and alerts in Azure is now easier and more intuitive with the new historical preview view of Azure Monitor. This view offers a clear overview of triggered alerts, allowing users to quickly identify problems

OpenTelemetry-based distribution via Node.js from Python

Azure Monitor now offers OpenTelemetry-based distribution for Node.js and Python, allowing developers to easily integrate with Azure Monitor and collect telemetry data. This new feature ensures that developers can effectively monitor their applications, obtaining performance information, on errors and other key metrics.

Configure

Update management

Azure Update Manager: updated and enhanced update management

Azure Update Manager offers a SaaS solution to manage and govern software updates on Windows and Linux machines in Azure environments, on-premises e multi cloud. This is an evolution of the Azure Automation update management solution with new features. Azure Update Manager has been redesigned to provide new capabilities without relying on the Log Analytics agent or Azure Monitor agent. It relies on the Microsoft Azure VM agent to manage update flows on Azure VMs and on the Azure Connected Machine agent to manage Azure Arc-enabled servers.

Govern

Azure Cost Management

Export Cost Management data to firewall-protected storage accounts

You can now export Cost Management data to firewall-protected Azure storage accounts. Users can use the Exports API or the Azure portal to create recurring tasks to automatically export cost data to CSV format. This can be scheduled on a daily basis, weekly or monthly, and the exported data can be used for creating dashboards or integrating with financial systems.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Malware scanning in Defender for Storage

Defender for Storage introduces malware scanning functionality, overcoming traditional malware protection challenges and providing an ideal solution for highly regulated industries. This function, available as an add-on, represents a significant enhancement of Microsoft Defender for Storage security solutions. With malware scanning you get the following benefits.

  • Protection, in near real time, without agent: ability to intercept advanced malware such as polymorphic and metamorphic ones.
  • Cost Optimization: thanks to flexible pricing, you can control costs based on the amount of data examined and with resource-level granularity.
  • Enablement at scale: without the need for maintenance, supports automated responses at scale and offers several options for activation via tools and platforms such as Azure policy, Bicep, ARM, Terraform, REST API and the Azure portal.
  • Application versatility: based on feedback from beta users over the last two years, Malware scanning has proven useful in a variety of scenarios, as web applications, content protection, compliance, integrations with third parties, collaborative platforms, data streams and datasets for machine learning (ML).

GitHub Advanced Security per Azure DevOps

It is now possible to view GitHub Advanced Security for Azure DevOps alerts (GHAzDO) related to CodeQL, secrets and dependencies, directly in Defender for Cloud. The results will appear in the DevOps section and Recommendations. To see these results, you need to integrate your GHAzDO-enabled repositories into Defender for Cloud.

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. To find out about the main innovations that characterized Defender for Cloud in the summer 2023, outlining how these innovations can represent added value for companies, you can consult this article.

Protect

Azure Backup

Cross Region Restore (CRR) for Recovery Services Agent (MARS) 

Following the General Availability of Cross Region Recovery for VM backups, SQL and SAP HANA and to strengthen the resilience pillar, Microsoft has announced Cross Region Recovery support for the Recovery Services Agent (MARS) using Azure Backup.

Azure customers leverage Recovery Services Agent to back up their files/folders and system state to an Azure Recovery Services Vault. Backup data in the primary region can also be geo-replicated to a secondary region paired with Azure to ensure durability. Previously, data replicated in the secondary region was available for recovery in the secondary region only if Azure declared a disaster in the primary region. With the introduction of this new support, Customers can enable recovery of Recovery Services Agent backups in the secondary region at any time.

This capability can be leveraged in the following scenarios:

  • when the primary region is available to test restores from backup data in the secondary region for audit/compliance purposes;
  • when the primary region is not available, customers can trigger recovery of data backed up in the secondary region even if the primary Azure region is partially unavailable or completely unavailable without any waiting time.

Saving the Azure Backup Recovery Services Agent passphrase (MARS) in Azure Key Vault (preview)

Data security is a priority for Microsoft, and with the new preview feature that allows you to save the Recovery Services Agent encryption passphrase directly in Azure Key Vault, users can now enjoy an even greater level of security. This integration makes the Recovery Services Agent installation smoother and more secure, eliminating the need for custom scripts.

Azure Files Backup in China regions

Azure Files Backup is now generally available in China regions. This feature allows users to back up their files to Azure securely and reliably.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Learn about foolproof strategies to optimize costs on Azure

The peculiarities and undeniable advantages of cloud computing can, in certain situations, hide pitfalls if not handled with due attention. Wise cost management is one of the crucial aspects of cloud governance. In this article, will be explored and outlined the principles and techniques that can be used to optimize and minimize expenses relating to the resources implemented in the Azure environment.

The issue of optimizing costs related to the cloud is a topic that is attracting increasingly greater interest among numerous customers. So that, for the seventh year in a row, emerges as the leading initiative in the cloud industry, as reported in Flexera's annual report 2023.

Figure 1 – Initiatives reported in the Flexera report of 2023

Principles to better manage costs

For effective management of costs associated with Azure, It is essential to adopt the principles outlined in the following paragraphs.

Design

A well-structured design process, which includes a meticulous analysis of business needs, it is essential to customize the adoption of cloud solutions. It therefore becomes crucial to outline the infrastructure to be implemented and how it will be used, through a design plan that aims to optimize the efficiency of the resources allocated in the Azure environment.

Visibility

It is vital to equip yourself with tools that offer a global view and allow you to receive notifications regarding Azure costs, thus facilitating constant and proactive monitoring of expenses.

Responsibility

Assigning cloud resource costs to the respective organizational units within the company is a smart practice. This ensures that managers are fully aware of the expenses attributable to their team, promoting an in-depth understanding of Azure spending at an organizational level. For this purpose, It is advisable to structure Azure resources in such a way as to facilitate the identification and attribution of costs.

Optimization

It is advisable to undertake periodic reviews of Azure resources with the intention of minimizing expenses where possible. Making use of available information, you can easily identify underutilized resources, eliminate waste and capitalize on cost saving opportunities.

Iteration

It is essential that IT staff are continuously engaged in the iterative processes of optimizing the costs of Azure resources. This represents a key element for responsible and effective management of the cloud environment.

Techniques to optimize costs

Regardless of the specific tools and solutions used, to refine cost management in Azure, you can adhere to the following strategies:

  • Turn off unused resources, given that the pricing of the various Azure services is based on the actual use of the resources. For those resources that do not require uninterrupted operation and that allow, without any loss of configurations or data, a deactivation or suspension, it is possible to implement an automation system. This system, regulated by a predefined schedule, facilitates the optimization of use and, consequentially, more economical management of the resources themselves.
  • Adequately size resources, consolidating workloads and proactively intervening on underutilized resources, allows us to avoid waste and guarantee a more efficient and targeted use of available capacities.
  • For resources used continuously in the Azure environment, evaluate the option of Reservations can prove to be an advantageous strategy. Azure Reservations offer the opportunity to benefit from a significant cost reduction, which can reach up to 72% compared to pay-as-you-go rates. This benefit can be obtained by committing to pay for the use of Azure resources for a period of one or three years. This payment can be made in advance or on a monthly basis, at no additional cost. The purchase of Reservations can be made directly from the Azure portal and is available to customers with the following subscription types: Enterprise Agreement, Pay-As-You-Go and Cloud Solution Provider (CSP).
  • To further mitigate costs associated with Azure, it is appropriate to consider the implementation of’Azure Hybrid Benefit. This advantage allows you to achieve significant savings, as Microsoft only allows you to bear the costs relating to the Azure infrastructure, while the licenses for Windows Server or SQL Server are covered by a Software Assurance contract or an existing subscription.

The Azure Hybrid Benefit can also be extended to Azure SQL Database, to SQL Servers installed on Azure virtual machines and SQL Managed Instances. These benefits facilitate the transition to cloud solutions, bidding up to 180 days of dual use right, and help leverage pre-existing investments in terms of SQL Server licenses. To learn more about how to use the Azure Hybrid Benefit for SQL Server, please consult the FAQs present in this document. It is important to note that this benefit is also applicable to RedHat and SUSE Linux subscriptions, further expanding the opportunities for savings and cost optimization.

The Azure Hybrid Benefit can be combined with Azure Reserved VM Instances, creating an opportunity for significant savings that can reach 80% of the total, especially when you opt for an Azure Reserved Instance purchase for the duration of 3 years. This synergy not only makes the investment cheaper, but also maximizes operational efficiency.

  • Considering the integration of new technologies and the application of architectural optimizations is crucial. This process involves the selection of the most appropriate Azure service for the specific needs of the application in question, ensuring not only optimal technological alignment, but also more efficient cost management.
  • Allocate and de-allocate resources dynamically is critical to meeting fluctuating performance needs. This approach is known as “autoscaling”, a process that facilitates the flexible allocation of resources to meet specific performance needs at any time. As the workload intensifies, an application may require additional resources to maintain desired performance levels and meet SLAs (Service Level Agreement). On the contrary, when demand reduces and additional resources are no longer essential, these can be de-allocated to minimize costs. Autoscaling capitalizes on the elasticity of cloud environments, allowing not only more effective cost management, but also reducing the administrative burden, as resources can be managed more smoothly and with less manual intervention.
  • For test and development environments, it is advisable to consider the use of Dev/Test subscriptions, which offer the opportunity to access significant discounts on Azure fees. These subscriptions can be activated under an Enterprise Agreement, thus facilitating more advantageous cost management and more agile and economical experimentation during the development and testing phases.

Conclusions

The adoption of a methodological approach in managing cloud costs, together with the use of appropriate strategies, represents a fundamental pillar for successfully navigating the complex challenge of cloud economic management. Drawing from the principles and techniques outlined in this article, users can not only optimize expenses, but also make the most of their investment in the cloud, ensuring a balance between costs and benefits.

Azure Management services: what's new in August 2023

Microsoft constantly releases news about Azure management services. By publishing this summary, you want an overview of the most significant innovations introduced in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor container insights offers new cost optimization settings

Container insights expands the public preview of cost optimization settings, now enabling a third dimension for adjusting container insights data collection settings, with one configuration per table. Customers can now individually select which data tables to include in their Log Analytics workspace.
Per-table configurations can be enabled through ARM, CLI and Azure Portal.

Configure

Azure Advisor

Improve VM resiliency with Availability Zone recommendations

One of the recommended practices to achieve high resilience, according to the guidelines of the Well Architected Framework (WAF), is the distribution in different zones of the workloads. By adopting this recommendation, now available in Azure Advisor, you can design your solutions to use VM “zonal”, thus ensuring the isolation of virtual machines from potential failures in other areas.

Govern

Azure Cost Management

New cost optimization opportunities using the new workbook template in Azure Advisor
The Azure Cost Optimization Workbook serves as a centralized hub for some of the most used tools that can help the customer achieve their utilization and efficiency goals. It offers a number of recommendations, including Azure Advisor cost recommendations, the identification of idle resources and the management of virtual machines that are not deallocated correctly. Furthermore, provides insights into using the Azure Hybrid benefit options for Windows, Linux e database SQL.

Exporting data to a firewall-protected storage account

Azure Cost Management now supports exporting data to a firewall-protected storage account, ensuring a high level of security. The export can be scheduled on a daily basis, weekly or monthly and the exported data can be used for dashboard creation or for integration with financial systems.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Defender for Container: agentless discovery for Kubernetes;
  • Preview release of GCP support in Defender CSPM;
  • new security alerts in Defender for Servers Plan 2: detection of potential attacks that abuse Azure VM extensions;
  • business model and pricing updates for Defender for Cloud plans.

Protect

Azure Backup

Cross Subscription Restore for Azure Virtual Machines

Microsoft introduced the ability to restore Azure VMs to another subscription within the same tenant as the subscription where the source VM exists, provided you have the necessary permissions. By default, the recovery occurs in the same subscription where the source virtual machine exists. This feature is only allowed if you have Cross Subscription Restore enabled for the Recovery Services vault. Cross Subscription Restore allows you to restore by creating a VM or restoring disks. You can use Cross Zonal Restore and/or Cross Region Restore in conjunction with this restore option.

Azure Backup introduces Cross Region Recovery for PostgreSQL (preview)

Azure Backup has launched a new preview feature: Cross Region restore for PostgreSQL backups. This feature takes advantage of Geo-Redundant storage with Read access, allowing you to keep data in two different regions. The innovation lies in the fact that now not only can backups be accessed when a problem occurs in an Azure region, but you can do it at any time, ensuring greater flexibility and security. This option is particularly useful for those who want to test the readiness of their backups or for those looking for greater data resilience. Currently, this feature is available for PostgreSQL in select regions, enriching the offer of Azure Backup in terms of data accessibility.

Azure Site Recovery

DR for shared disks (preview)

Microsoft released private preview of Azure Shared Disk DR for workloads running Windows Server Failover Clusters (WSFC) on Azure virtual machines. It is therefore possible to protect, monitor and recover WSFC clusters as a single unit throughout its lifecycle, while generating cluster-consistent recovery points.

Salient features:

  • private preview will support the protection of Windows Server failover clusters. Some applications using this architecture are SQL FCI, SAP ASCS, Scale-out File Servers, etc.
    • OS supported: Windows Server 2016 and later;
    • number of nodes: up to 4 nodes per cluster;
    • shared disks: any number of shared disks can be attached to the cluster;
  • the failover operation supports failover of the entire cluster at the same time;
  • once a failover has been performed, you will need to re-enable replication for reverse direction protection.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 68 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Support in the presence of a higher level of “churn” on the data

Azure Site Recovery now supports scenarios with increased data rotation. This enhancement gives customers the ability to handle scenarios with a high volume of data changes, ensuring greater resiliency and reliability for their critical applications.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Azure Database Migration

Azure portal experience for Azure Database Migration Service (preview)

You can now use DMS to perform migrations from both the Azure portal and the ADS extension. The Azure portal experience allows you to perform tasks such as creating a new database migration service from within the Azure portal, initiating the migration from SQL Server on-premises to various Azure targets and accessing an integration runtime configuration page. The Azure portal experience also offers a list of prerequisites, documentation and links to tutorials, customized according to the selected target.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Revolutionize cloud cost management with AI: discover the new Microsoft Cost Management co-pilot!

In the digital age, cloud computing has become an essential component for many companies, offering flexibility, scalability and agility. However, with the ever more widespread adoption of the cloud, the management of associated costs has become an increasingly complex challenge and companies are looking for innovative solutions to optimize their expenses in the cloud. In this context, Microsoft introduced “Copilot” in Cost Management, a new feature based on artificial intelligence, designed to help businesses navigate this complex landscape. This article shows the main features of this integration, that promises to revolutionize the way businesses manage and optimize their spending on cloud resources.

A clear view of costs with Microsoft Cost Management

Microsoft Cost Management, available directly from the Azure portal, offers a detailed view of operating costs, allowing businesses to better understand how their funds are being spent. This tool provides detailed information about your expenses, highlighting any anomalies and spending patterns. Furthermore, allows you to set budgets, share costs among different teams and identify opportunities for optimization.

AI at the service of cost management

With the introduction of AI in Microsoft Cost Management, users can now ask questions in natural language to quickly get the information they need. For example,, to understand a recent invoice, it is possible to request a detailed breakdown of expenses. The AI ​​will provide an overview of the different spending categories and their impact on the total.

As well as providing an overview of costs, the AI ​​offers suggestions on how to analyze expenses further. Users can compare monthly bills, examine specific expenses or investigate any anomalies. The AI ​​also provides detailed information on any changes in costs and suggests corrective actions.

The AI ​​integrated into Microsoft Cost Management interprets user intentions and retrieves the necessary data from various sources. This information is then presented to an advanced language model which generates a response. It is important to note that the retrieved data is not used to train the model, but only to provide the context needed to generate a relevant response.

Future perspectives

The capabilities of AI in Microsoft Cost Management are constantly evolving. In the future, users will be able to take advantage of simulations and modeling “what-if” to make informed decisions. For example,, will be able to explore how storage costs will vary as the business grows or evaluate the impact of moving resources from one region to another.

Figure 1 – Example of simulation and modeling “what-if”

Benefits

The introduction of AI in Microsoft Cost Management allows to obtain the following benefits:

  • Greater visibility and cost control: with greater visibility and understanding of cloud resource costs, organizations can make more informed decisions and better manage their budgets.
  • Operational efficiency: using AI to analyze and interpret data reduces the time and effort needed to gain valuable insights. Furthermore, users can ask specific questions in natural language and receive detailed answers, customized to their needs.

Figure 2 – Examples of questions

  • Optimization: with AI-driven tips and recommendations, organizations can identify and implement optimization opportunities to further reduce costs.

Conclusion

The integration of Copilot into Microsoft Cost Management represents a significant step forward in cloud cost management. With the help of artificial intelligence, businesses now have a powerful tool to optimize their spending and ensure they operate at peak efficiency. With the constant evolution of artificial intelligence, further and interesting innovations are expected in the field of cloud cost management and beyond.

Azure Management services: what's new in July 2023

Microsoft is constantly announcing news regarding Azure management services and as usual this monthly summary is released. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor Agent Health experience (peview)

The Azure Monitor Agent (AMA) is responsible for collecting monitoring data from the guest operating system of the virtual machines, both in Azure and hybrid environments, which are then transmitted to Azure Monitor. Thanks to the Azure Monitor Agent Health experience, it is now possible to easily monitor the health of agents on a large scale, both on Azure, both locally (on-premise) or on other cloud infrastructures.

Improved table-level RBAC checking in Azure Monitor Logs

Azure Monitor Logs offers advanced role-based access management capabilities (RBAC) to enable secure management of sensitive logs in complex environments. Table-level access allows you to allow only a specific group of people to read the data, limiting access to only a selected set of tables. This new method works by assigning permissions to the sub-resource of the table, enabling granular RBAC even for custom log tables and ensuring the use of well-known standard Azure RBAC tools.

Events from Azure Event Hubs to Azure Monitor Logs

Azure Event Hubs provide a simple and powerful way to bring data into your Azure Monitor environment. Thanks to new feature, you can now send events directly from an Event Hub into the Log Analytics workspace. Azure Event Hubs is a big data streaming platform that allows you to collect events from different sources, ready to be processed by various Azure services and other external platforms. This ability to ingest data is particularly beneficial for those who already use queue messaging mechanisms and have an interest in moving the data into a Log Analytics workspace, in Sentinel, or to route them to multiple destinations.

Support for Azure Monitor Sandboxing Pod in Container insights

Container Insights now supports container tracking “Pod Sandboxing”. The concept of Pod Sandboxing represents an effective strategy to protect yourself from situations of “Container Breakout”, where a user, both malicious and legitimate, manages to break through container isolation to access the filesystem, to processes, to network interfaces and other resources on the host machine. In the past, isolation could be achieved through the use of node pools, but this approach generated significant operational overhead and required additional resources, increasing overall costs. Thanks to the adoption of Pod Sandboxing, this issue is addressed through kernel-level workload isolation, providing a more efficient and secure solution.

The Azure Monitor agent supports VM Insights in the Government Cloud (preview)

As part of the public preview, Azure Monitor Agent now supports VM Insights within Azure Government Cloud.

Configure

Update management

Hotpatch available on Windows Server VMs on Azure with Desktop Experience install mode

Hotpatch is now available for Windows Server Azure Edition VMs with Desktop Experience install mode, using the newly released image. Hotpatch is a feature that allows you to patch and install operating system security updates on Windows Server Azure Edition virtual machines on Azure without the need to reboot.
It was previously available for Server Core install mode, but now, Windows Server Azure Edition VMs installed with Desktop Experience installation mode no longer need to reboot every month for security updates, by providing:

  • less impact on workload with fewer reboots;
  • faster deployment of updates as packages are smaller, they install faster and have easier patch orchestration with Azure Update Manager;
  • greater protection, since Hotpatch update packages are limited to Windows security updates that install faster without reboots.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Azure Arc

Deployment of ESU-derived updates on Azure Arc-enabled servers

On the occasion of Inspire, Microsoft has announced Extended Security Updates (ESU) enable Azure Arc. With Azure Arc, organizations will be able to purchase and distribute Extended Security Updates seamlessly (ESU) in on-premises or multicloud environments, direct from the Azure Portal. As well as providing centralized management of security patches, Azure Arc-enabled ESUs offer greater flexibility with a pay-as-you-go subscription model, compared to the classic ESU offered through the Volume Licensing Center which are purchased annually. For more information, please refer to’dedicated article.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • managing automatic updates of Defender for Endpoint for Linux;
  • Agentless scanning of virtual machine secrets in Defender for P2 Servers and DCSPM;
  • new security warning in Defender for Servers plan 2: detection of potential attacks that leverage Azure VM GPU driver extensions;
  • support for disabling detections of specific vulnerabilities;
  • availability of Data Aware Security Posture.

Protect

Azure Backup

Restore points of virtual machines consistent with crashes (preview)

Microsoft has announced support, in public preview, of crash consistent mode (on multiple disks) for VM recovery points. This is a workaround (without agent) to store virtual machine configuration and snapshots, consistent in writing order, at a specific time for all managed disks attached to the virtual machine.

Migrate

Azure Migrate

Updating Windows servers in end of support phase (EOS)

Azure Migrate provides a preview of the feature that allows you to upgrade legacy Windows Server systems without disruption. During the Azure migration process, the ability to upgrade legacy servers is introduced, minimizing efforts, downtime and associated risks. This is accomplished by creating a copy of the server in the Azure environment and later upgrading there. Thanks to this approach, the impact on the original server is minimized, ensuring a safe and efficient transition. For more details and in-depth information, I invite you to refer to’dedicated article.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in June 2023

In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

AKS Network Observability add-on (preview)

The new AKS Network Observability add-on provides the ability to monitor the health of the network and connectivity of the AKS cluster. Integrating seamlessly with Azure-managed Prometheus and Azure-managed Grafana, this add-on provides better monitor capabilities in a unified experience.

These are the main features:

  • access to cluster-level network metrics, such as packet losses, connection statistics and more;
  • access to pod-level metrics and network debugging features;
  • support for all Azure CNIs;
  • support for all AKS node types: Linux and Windows;
  • ease of deployment using native Azure tools: AKS CLI, ARM models, PowerShell, etc.;
  • integration with Azure-managed Prometheus and Grafana offerings.

Azure Monitor Alert resources are now visible in the Azure portal

Historically, alert resources (alert rules, alert processing rules and action groups) have always been hidden resources in the Azure portal. This prevented them from appearing when searching or in the resource list and limited their viewing experience. Now Microsoft is making these resources “first-class citizens” in the Azure portal, so that they become visible in all places where the assets can be viewed in the portal, and more precisely the alerting resources:

  • appear in the search results in the top search bar of the Azure portal;
  • they appear when listing resources within a subscription or resource group;
  • they can now be viewed in a standard resource pane and will soon be editable as well (the same way you edit any other Azure resource).

Azure Monitor container insights for AKS cluster with ARM64 nodes

Container insights is a feature designed to monitor the performance of container workloads deployed in the cloud. Provides performance visibility by collecting processor and memory metrics from controllers, nodes and containers available in Kubernetes through the Metrics API. Azure Monitor container insights is now available for AKS clusters with ARM64 nodes.

Managed identity authentication in Azure Monitor Container Insights

Managed Identity is a secure and streamlined authentication model where the Azure Monitor monitoring agent uses the cluster's managed identity to send data to the Azure Monitor backend. This mechanism replaces the current certificate-based local authentication and eliminates the need to add a monitoring metrics publisher role to the cluster. Managed Identity will now be the default authentication mechanism for Container Insights.

Azure Virtual Desktop Insights powered by Azure Monitor agent (preview)

Administrators working with Azure Virtual Desktop Insights can now use the Azure Monitor Agent (AMA) to collect data from session hosts. This preview introduces the ability to use an updated workbook to help orchestrate configuration and management of all required components.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • simplified onboarding of multicloud accounts;
  • support for private endpoints in malware scanning in Defender for Storage;
  • updates to NIST standards 800-53 in compliance with regulations;
  • cloud migration planning with an Azure Migrate business case now includes Defender for Cloud;
  • express configuration for vulnerability assessments in Defender for SQL is available;
  • added more scopes to Azure DevOps connectors;
  • replacing agent-based detection with agentless detection for container capabilities in Defender CSPM.

Protect

Azure Backup

Multiple backups per day for Azure virtual machines

Azure Virtual Machine Backup allows you to create advanced policies to take multiple snapshots per day. This allows you to protect virtual machines with an RPO as low as four hours.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • security cost savings with Microsoft Defender for Cloud (MDC), using the Azure Migrate business case;
  • troubleshooting issues affecting performance data collection and accuracy of Azure VM and Azure VMware Solution evaluation recommendations.

Azure Database Migration

Online migrations for Azure Database for MySQL instances

Azure Database Migration Service Online Migration for Azure Database for MySQL now allows you to migrate an Azure Database for MySQL instance – Single Server, a MySQL on-premises instance or MySQL servers in other clouds to Azure Database for MySQL – Flexible Server. This new feature helps minimize the downtime of critical applications and limit the impact on the availability of service levels.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in May 2023

To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements, summarized, accompanied by the necessary references to be able to carry out further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor for SAP solutions

Azure Monitor for SAP Solutions is now available. It is a solution for customers running SAP applications in a Microsoft Azure environment and allows end-to-end monitoring. With Azure Monitor for SAP, customers can centrally collect end-to-end telemetry data from SAP NetWeaver, database, Linux Pacemaker clusters in high availability and Linux operating systems. The solution Azure Monitor for SAP can be configured with no infrastructure to implement and maintain for customers. Some new features of Azure Monitor for SAP include SAP Landscape Monitor, which provides a single destination to understand the health of the entire SAP landscape, and SAP Insights (preview), which allows you to easily identify the root cause of SAP application availability or performance issues. Furthermore, Azure Monitor for SAP Solutions offers Transport Layer Security and new CPU performance alert templates, memory and disk I/O, plus many other features. With the release of this release, the version of Azure Monitor for SAP solutions (Classic) will be collected by 31 may.

Availability of the Azure Monitor managed service for Prometheus

Prometheus, the open-source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running Prometheus in self-managed mode is often a great solution for smaller implementations, but scaling it to handle enterprise workloads can be a challenge.

Azure Monitor's fully managed service for Prometheus offers the best of what we like about the open-source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. It is available as a standalone feature of Azure Monitor or as an integrated component of Container Insights, Azure Monitor Alerts and Azure Managed Grafana.

Azure Monitor Managed Service for Prometheus for Kubernetes enabled for Azure Arc (preview)

The Azure Monitor managed service for Prometheus extends support for monitoring Kubernetes clusters managed by Azure Arc. The Azure Arc-enabled Azure Monitor for Prometheus on Kubernetes managed service allows customers to monitor their Kubernetes clusters running anywhere and maintains the same functionality as monitoring Azure Kubernetes Service (AKS).

Azure Monitor Agent: support for CIS and SELinux hardening

The AMA has introduced support for hardening standards for CIS and SELinux. For SELinux, AMA works by activating a signed built-in policy. Through CIS, AMA supports select distros, also available on the Azure Marketplace.

Alert support for Azure Data Explorer (preview)

Azure Monitor alerts let you monitor Azure and application telemetry to quickly identify issues affecting various services. More specifically, Azure Monitor log alert rules allow you to set up periodic log telemetry queries to identify potential problems and receive notifications or trigger actions.

Until now, these alert rules supported querying Log Analytics and Application Insights data. Now Microsoft is introducing support for querying Azure Data Explorer tables as well (ADX) and to merge data between these data sources into a single query.

Cost optimization with transformations on Log Analytics for troubleshooting of Cosmos DB

Azure Cosmos DB now supports transformations on Log Analytics workspaces. To help reduce costs when you enable Log Analytics to troubleshoot Cosmos DB resources, transformations have been introduced. These transformations in the Log Analytics workspace allow you to filter columns, reduce the number of results returned and create new columns before the data is sent to the destination.

Configure

Azure Automation

Support for Python runbooks 3.8

Azure Automation has introduced support for Python runbooks 3.8. This feature allows you to create and run Python runbooks 3.8 for orchestrating the management tasks of hybrid and multi-cloud environments.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Alert to optimize reservation purchases

Azure Reservations can provide cost savings by committing to annual or three-year plans. However, sometimes reservations can remain unused or underused, resulting in financial losses. As a user of a billing account or a reservation, it is possible to examine the percentage of use of the reservations purchased in the Azure portal, but important changes may be missed. Enabling alerts on the use of reservations, solves the problem by receiving email notifications whenever any of the reservations have low usage. This allows for timely intervention and optimization of reservation purchases to achieve maximum cost efficiency.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • new alerts in Defender for the Key Vault;
  • support encrypted disks in AWS for agentless scanning;
  • inclusion of new AWS Regions;
  • changes to identity recommendations;
  • new recommendations of Defender for DevOps to include Azure DevOps scan results;
  • release of the Vulnerability Assessment of containers based on Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM.

Protect

Azure Backup

Azure Backup Server V4

The V4 version of Microsoft Azure Backup Server (MABS) has been released and introduces the following improvements:

  • Workload support: Azure Backup Server V4 supports installation on Windows Server 2022 using SQL Server 2022 come database MABS. Furthermore, adds support for backup of virtual machines running on Azure Stack HCI 22H2 and VMware 8.0, as well as Windows Server backup 2022 and SQL Server 2022.
  • Performance: Azure Backup Server V4 adds the ability to select and restore individual files/folders from online recovery points for Hyper-V and Azure Stack HCI virtual machines running Windows Server, without having to download the entire restore point. MABS V4 also adds support for parallel restores and features more parallel online backup jobs.
  • Security: with Azure Backup Server V4 you can use private endpoints to send backups to the Recovery Services vault.

Azure Backup Reports: support for more workloads

Azure Backup Reports now includes support for other workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks. Thanks to this update it is now possible to enable the logging of metadata related to the backup (such as job, backup item, policy, usage) for these workloads and retain these records for a customizable period of time depending on compliance and audit requirements. This way you can take advantage of the reporting views, already provided natively by the Backup Reports solution, to view information about protected items corresponding to these workloads.

Soft deletion of recovery points for Azure Backup (preview)

Azure Backup's soft delete feature now supports soft deletion of recovery points. This feature allows you to recover data from recovery points that may have been deleted as a result of backup policy changes. Soft deleting recovery points allows you to keep these recovery points for an additional duration, based on the retention specified for soft delete in the vault settings.

Support for confidential virtual machines using Customer Managed Keys (private preview)

Azure Backup is introducing support for backup of operating system disk encrypted confidential VMs, done using customer managed keys.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 67 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concerns the discovery and assessment of SQL Server.

Azure Database Migration

Database Migration Service Pack for Oracle (preview)

The Database Migration Service Pack for Oracle is a collection of four extensions that provide a complete solution to modernize Oracle workloads and migrate them to databases in the Azure environment. This extension pack offers several benefits, including in-depth end-to-end assessments, correct sizing of Azure resources, code conversion, remediation planning and near real-time data migration in Azure environment (see next paragraph).

Data Migration for Oracle (preview)

The Data Migration for Oracle extension is a powerful tool that allows you to easily migrate Oracle databases to the Azure platform. This solution offers a seamless migration experience, from the source Oracle database to the target platform (SQL), using Azure Database Migration Service. The extension offers both offline and online data migration for critical databases, ensuring minimal downtime for the migration process.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in April 2023

Microsoft is constantly announcing news regarding Azure management services. This summary, published monthly, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor for Prometheus has updated the AKS add-on to support Windows nodes

Azure Monitor for Prometheus managed service has updated the AKS metrics add-on to support collection of Prometheus metrics from Windows nodes in AKS clusters. Azure Monitor Metrics add-on integration allows Windows pod DaemonSets to start running on node pools. Are supported both Windows Server 2019 also Windows Server 2022.

Azure Monitor Metrics Dataplane API released

The Azure Metrics Dataplane API is a new approach to Azure Monitor that improves the collection of resource information enabling greater query capacity and efficiency. With this API it is possible to retrieve data on metrics, for a maximum of 50 ID of resources in the same subscription and region, in one batch API call. This improves query throughput, reduces the risk of throttling and provides a smoother experience for customers who want to gather information about Azure resources.

Configure

Update management center

Hotpatch availability for Windows Server VMs in Azure with Desktop Experience
Hotpatch is now available for preview images of Windows Server Azure Edition virtual machines with the Desktop Experience installation mode.

Hotpatch is a feature that allows you to patch and install updates to Windows Server Azure Edition virtual machines in an Azure environment, without requiring a restart. It was previously available for Server Core installation mode, but now also Windows Server Azure Edition virtual machines installed with Desktop Experience installation mode can take advantage of this security update installation mode, by providing:

  • less impact on workloads by having to do fewer reboots;
  • faster deployment of updates, as the packages are smaller, they install faster and patch orchestration is easier with Azure Update Manager;
  • better protection, because hotpatch update packages are dedicated to Windows security updates that install faster without reboots.

Govern

Azure Cost Management

Azure Advisor: advice for the right sizing of VM/VMSS with a custom reference time

Customers using Azure Advisor can improve the relevance of recommendations to make them more actionable, resulting in additional cost savings. In fact,, right sizing recommendations help optimize costs, identifying idle or underutilized virtual machines based on their CPU activity, storage and network over the default seven-day reporting period. Now, thanks to the latest update, customers can set the reporting period to get recommendations based on 14, 21, 30, 60 or even 90 days of use. The configuration can be applied at the subscription level. This feature is especially useful when workloads peak biweekly or monthly.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Integration between Azure API Management and Microsoft Defender for API (preview)

It is now possible to obtain a higher level of API security thanks to the integration between Azure API Management and Microsoft Defender for APIs. This integration enables a comprehensive defense strategy for:

  • gain visibility into Azure APIs;
  • understand their security posture;
  • prioritize vulnerability fixes;
  • detect and respond to active threats in runtime, using anomalous and suspicious API usage detections based on machine learning.

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.

Protect

Azure Backup

Support for Azure VMs using Premium SSD v2 (preview)

In Azure Backup it is now possible to enable the protection of Azure virtual machines that use Premium SSD v2. Enabling these backups is currently available in select regions, and Microsoft plans to add support in more regions in the coming weeks..

Azure Site Recovery

Large disk support for disaster recovery of Hyper-V virtual machines

In Azure Site Recovery it is now possible to enable disaster recovery of Hyper-V virtual machines with data disks up to 32 TB. This applies to Hyper-V VMs replicating to managed disks in any Azure region.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • possibility to create a business case by importing the list of servers through a .csv file;
  • building a business case using Azure Migrate for:
    • servers and workloads running in Microsoft Hyper-V and physical/bare-metal environments, as well as IaaS services from other public clouds;
    • SQL Server Always On Failover Cluster instances and Always On availability groups.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in March 2023

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, published on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Ingestion client libraries

Microsoft announces the initial release of the Azure Monitor Ingestion client libraries for .NET, Java, JavaScript e Python. Libraries allow you to:

  • Upload custom logs to a Log Analytics workspace.
  • Modernize security standards by requiring Azure Active Directory token-based authentication.
  • Complete Azure Monitor Query libraries, used to query logs in a Log Analytics workspace.

Collecting Syslog from AKS nodes using Azure Monitor Container Insights (preview)

Customers can now use Azure Monitor Container Insights to collect Syslog from their Azure Kubernetes Service cluster nodes (AKS). In combination with SIEM systems (Microsoft Sentinel) and monitor tools (Azure Monitor), syslog collection tracks security and health events of IaaS and containerized workloads.

The Azure Monitor for Prometheus managed service now supports querying PromQL

Thanks to Azure Workbooks support for Azure Monitor Prometheus managed service, users are provided with the ability to use Prometheus workbooks to run PromQL queries in the portal. Furthermore, users have the benefit of creating custom reports for Prometheus workbooks.

Azure Monitor supports Availability Zones in new regions

Azure Monitor continues to expand its availability zone support by adding three regions: Canada Central, France Central and Japan East.

Azure Monitor alerts support cloning

When viewing the details of an alert rule in the Azure portal, a new option is now available “duplicate”, which allows you to duplicate the alert rule. When selecting this option for an existing alert rule, the rule creation wizard starts, pre-populated with the original alert rule configuration, while allowing you to make changes.

Configure

Azure Automation

Announced the retirement of the agent-based Hybrid Worker (Windows and Linux) for the 31 August 2024

Azure Automation is deprecating the agent-based Hybrid Runbook Worker (Windows and Linux) and this will definitely happen on 31 August 2024. You must migrate to extension-based Hybrid Workers by that date (Windows and Linux).

The main advantages of the extension-based Hybrid Runbook Worker are:

  • uses system-assigned managed identities, so you don't need to manage certificates for authentication;
  • offers automatic updating of minor versions;
  • simplify hybrid worker management at scale with native integration with Azure Resource Manager and governance with Azure Policy.

Migrating authentication from Run As account to Managed Identity in ASR

It is now possible to migrate the authentication type of accounts, moving to managed identities, using Azure Site Recovery from the Azure portal. Authentication of runbooks via Run As accounts will be deprecated on 30 September 2023. Before that date, runbooks need to be migrated to enable the use of Managed Identities.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article the latest improvements and updates concerning this solution are reported.

Azure Arc

Improved Azure Arc integration with Datadog

Microsoft is improving the ability to observe and manage IT infrastructure thanks to the integration of Microsoft Azure Arc with Datadog. Based on the consolidated collaboration, Microsoft is integrating Datadog with Azure Arc natively, to meet Datadog customers, providing rich insights from Azure Arc-enabled resources directly into Datadog dashboards. Customers can monitor real-time data during cloud migrations and performance of applications running in both public cloud and hybrid or multicloud environments.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • availability of a new Defender for Storage plan, which includes near real-time scanning for malware and detection of threats to sensitive data;
  • data-aware security posture (preview);
  • new experience for managing Azure default security policies;
  • Defender per CSPM (Cloud Security Posture Management) is now available (GA);
  • ability to create custom security standards and recommendations in Microsoft Defender for Cloud;
  • Microsoft Cloud Security Benchmark (MCSB) version 1.0 is now available (GA);
  • some regulatory compliance standards are now available in government clouds;
  • new preview recommendation for Azure SQL Servers;
  • new notice in Defender for Key Vault.

Protect

Azure Backup

Immutable vaults for Azure Backup

Immutable vaults are now also available for production environments and offer greater security for backups, ensuring that recovery points created once cannot be deleted before they expire. Azure Backup prevents any operation on immutable vaults which could lead to backup data loss. Furthermore, you can lock immutable vault ownership to make it irreversible. This helps protect your backups from threats such as ransomware attacks and malicious actors, preventing operations such as deleting backups or reducing retention in backup policies.

Backup per Azure Kubernetes Service (preview)

Organizations using Azure Kubernetes Services (AKS) increasingly run stateful applications on their clusters, deploying workloads such as Apache Kafka-based messaging queues and databases such as Postgres and MongoDB. With data storage within the cluster, backup and recovery become a major concern of IT managers. Make sure Kubernetes backup capabilities are scalable, flexible and purpose-built for Kubernetes is central to an overall data protection plan. Azure Backup introduced now Backup for AKS. This solution simplifies the backup and recovery of containerized applications and data and allows customers to configure a scheduled backup for both cluster state and application data. Backup for AKS is aligned with the Container Storage Interface (CSI) to offer Kubernetes-aware backup capabilities. The solution allows customers to unlock different scenarios, such as data backup for application security and regulatory requirements, cloning of development/test environments and rollback management.

Azure Backup allows you to keep backups in vaults for Azure Blob and for Azure File (preview)

Azure Backup now supports transferring Azure Blob and Azure File backups to vaults. A vault is a logical entity that stores backups and recovery points created over time. In this regard, you can define a backup schedule for creating recovery points and specify retention settings that determine how long backups will be stored in the vault. Backups in the vault are isolated from the source data and allow you to tap into the data even if the source data has been compromised, performing resets.

Listed below are some of the main features that can be achieved by placing backups in vaults:

  • Offsite copy of data: allows you to restore mission-critical data from backups, regardless of the state of the source data.
  • Long-term retention of backup data, which helps you meet compliance requirements, particularly in the financial and healthcare sectors, with strict guidelines on the data retention period.
  • Recovery in alternate location: allows you to restore data to an alternate account if the source storage account is compromised or create different copies of your data for testing or development purposes.
  • Centralized management through the backup center: backups in vaults can be monitored and analyzed at scale alongside other protected workloads using Azure Backup.
  • Safe backups. The built-in security features of Azure Backup, such as multi-user authorization (MUA) for critical backup operations, data encryption and role-based access control (RBAC), help protect the backups in the vault and meet your backup security needs.

Azure Site Recovery

Improved the ability to rename network interfaces and disks of protected virtual machines

ASR introduces a new, easier way to name and rename network interfaces (NIC) and the virtual machine disks in the recovery service vaults.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, This month, the biggest news is support for web app discovery and assessment for Azure app service for Hyper-V and physical servers.

Azure Database Migration

Offline Azure SQL Database migrations with the Azure SQL Migration extension

Offline migrations of SQL Server databases running on-premises, on Azure virtual machines or any virtual machine running in the cloud (private, public) to Azure SQL Database it is possible to do it through the Azure SQL Migration extension. The new migration feature of the Azure SQL Migration extension for Azure Data Studio provides an end-to-end experience to modernize SQL Server on Azure SQL Database. The extension allows you to prepare for the migration with actions to remediate any blockages and allows you to obtain recommendations to adequately size the Azure SQL Database targets, including hardware configuration in the Hyperscale service tier.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.