Category Archives: Azure Management

Azure Management services: what's new in June 2022

In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

A new version of the Azure Monitor Agent was released this month (AMA) and of Data Collection Rules (DCR) for Linux systems (v1.19.3), which introduces in particular support for recent distros, like Ubuntu 22.04, Rocky Linux, and AlmaLinux.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Azure Arc

Windows Admin Center from the Azure portal for Azure Arc servers (preview)

Using Windows Admin Center from the Azure portal, it is now also possible to manage the Microsoft Azure Arc-enabled infrastructure.

Azure Arc-enabled System Center Virtual Machine Manager (preview)

System Center Virtual Machine Manager (VMM) has been used for several years to configure, manage and transform on-premises data centers. Microsoft has announced the availability of Azure Arc-enabled System Center Virtual Machine Manager. This is a new Azure Arc feature that allows on-premises environments, managed by System Center Virtual Machine Manager, to be connected to Azure, thus unlocking Azure-based self-service. In this way, VMM-controlled on-premises virtual machines can be created, managed and deleted, in on-premises System Center Virtual Machine Manager deployments, via the familiar Azure portal or using ARM templates, thus ensuring a consistent experience.

Machine Learning with Azure Kubernetes Service and Arc-enabled Machine Learning

With a simple distribution of the cluster extension in an AKS environment or on Kubernetes clusters (Arc Kubernetes) Azure Arc enabled, the cluster is supported in Azure ML.

Azure Key Vault secrets provider on cluster Kubernetes Azure Arc enabled

The extension Azure Key Vault (AKV) Secrets Provider allows you to retrieve the secrets, keys and certificates from an Azure Key Vault in a Kubernetes cluster connected to Arc. This feature eliminates the need to store and maintain secrets locally on K8s clusters, relying on AKV as a centralized solution for secret management.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Defender for Azure Cosmos DB
  • Defender for SQL on machines in AWS and GCP environments

Protect

Azure Backup

Multiple backups per day for Azure VMs

Azure Backup allows you to create advanced policies to take multiple snapshots of virtual machines per day. Now, to address the need to protect mission-critical workloads aboard virtual machines, there is the possibility of reducing the RPO parameter up to four hours. Thanks to this feature, you can also get a higher retention with regards to instant restore. Indeed, the policy is designed to offer from seven-day instant recovery retention (default duration) up to a maximum of thirty days.

Multi-user authorization for recovery services vault

Multi-user authorization (MUA – Multi User Authorization) for Azure Backup adds an additional layer of protection for critical operations on recovery service vault, providing greater security regarding backups. To provide multi-user authorization, Azure Backup has introduced a resource protection mechanism that ensures that critical operations are performed only if you have obtained the appropriate permission. In this way, Azure Backup provides better protection against operations that could lead to potential loss of backup data, including:

  • Disabling soft delete and hybrid security settings
  • Disabling the protection of multi-user authorization
  • Edit backup policies (to reduce the conservation)
  • Changing the security (to reduce the conservation)
  • Interruption of protection with the deletion of data
  • Changing the MARS security PIN

The backup administrator, which typically holds the recovery services vault, must obtain the role of contributor in the protection of the resources to be able to perform the above protected operations (critical operations). This also requires the action of the resource protection owner to approve and grant the requested access. Furthermore, it is also possible to use Azure AD Privileged Identity Management to manage just-in-time access in resource protection. Finally, it is allowed to create the resource guard in a subscription or tenant other than the one where the recovery services vault resides, to achieve an additional level of isolation.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Principles and techniques for governing and optimizing Azure costs

What are the main features and potential strengths of the cloud can in some circumstances hide pitfalls if not properly governed. Cost management is one of the fundamental disciplines in cloud governance. This article summarizes the principles and techniques that can be adopted to better manage and minimize the costs to be incurred for the resources created in the Azure environment..

The cloud cost optimization process is certainly a theme very much felt by several customers to the point that, for the sixth consecutive year, appears to be the leading cloud initiative according to the Flexera report:

Figure 1 – Top cloud initiatives for the year 2022

Principles to better manage costs

To better manage Azure costs, it is important to take into consideration the principles described in the following paragraphs.

Design

Only thanks to a structured design process, which includes a careful analysis of business requirements, you are able to customize the use of solutions in the cloud environment. It is therefore important to define the infrastructure to be implemented and how it is used, all through a design process to maximize the efficiency of resources located in the Azure environment.

Visibility

Having tools that allow you to have global visibility and allow you to receive notifications about Azure costs is an important aspect to consider.

Responsibility

A good practice is to attribute the costs of cloud resources, within its own business organization, to ensure that the people responsible are aware of the costs attributable to their working group. This allows you to fully understand the organization's Azure expenses. To do this, you should organize your Azure resources to maximize your understanding of cost allocation.

Optimization

Periodic review processes should act on Azure resources with the goal of reducing spending where possible. Thanks to the set of information available, it is possible to easily identify underutilized resources, remove waste and maximize cost savings opportunities.

Iteration

IT staff should be continuously involved in the iterative cost optimization processes of Azure resources, as it appears to be a key principle for a responsible governance process of the cloud environment.

Techniques to optimize costs

Regardless of the tools and solutions used, to optimize Azure costs you can adopt the following policies:

  • Turn off unused resources since the cost of the various Azure services is calculated based on the use of resources. For resources that do not need continuous execution and that allow, without loss of configurations or data, shutdown or suspension, you can use automation that, based on a default scheduling, optimizes the use and consequently the costs of the same.
  • Size resources appropriately consolidating workloads and addressing underutilized resources.
  • For resources in the Azure environment that are being used continuously, you can evaluate the activation of Reservations. The Azure Reservation allow you to achieve cost savings up to 72% compared to the pay-as-you-go price , simply committing to payment, for one or three years, for the use of Azure resources. The payment can take place in advance or on a monthly basis, at no additional cost. The purchase of these reservations can be made directly from the Azure portal and is contemplated for customers who have the following types of subscriptions: Enterprise agreement, Pay-As-You-Go and Cloud Solution Provider (CSP).  Azure Reserved Instances not only allow you to obtain an important benefit in terms of costs, but they also guarantee to reserve computational resources for their own workloads. One might think that the resources in Azure are almost infinite, but in reality this is not the case. You tend to always have the opportunity to draw on new resources, but in special situations (see for example in the initial period of COVID-19) these may be in short supply and, only in the face of having purchased resources in this mode, you can be sure that the resources necessary for the execution of your workloads are reserved.
  • To reduce Azure costs, it is also possible to evaluate the adoption of’Azure Hybrid Benefit. The savings is given from the fact that Microsoft allows you to pay only the cost of Azure infrastructure, while licensing for Windows Server or SQL Server is covered by an existing Software Assurance or subscription agreement. This benefit is applicable to both the Standard version and the Datacenter version of Windows Server .

Figure 2 – Cost structure for a Windows VM

The Azure Hybrid Benefit can also be used for Azure SQL Database, for SQL Servers installed on Azure virtual machines and for SQL Managed Instance. These benefits facilitate the migration to cloud solutions (180 days of dual use right) and help to maximize the investments already made in terms of SQL Server licenses. For more information on how you can use the Azure Hybrid Benefit for SQL Server you can view FAQ in this document. Furthermore, this advantage also applies to RedHat and SUSE Linux subscriptions.

The Azure Hybrid Benefit can be used in conjunction with the Azure Reserved VM Instance, allowing overall savings that can reach 80% (in the case of purchase of Azure Reserved Instance for 3 years).

Figure 3 – Percentages of savings by adopting RIs and Azure Hybrid Benefit

  • Evaluate the adoption of new serverless technologies and apply optimizations in the architectures by selecting the Azure service most suitable for the specific application.
  • Dynamically allocate and de-allocate resources to meet performance needs. In this case we are talking about “autoscaling” which is the process of dynamically allocating resources to meet performance requirements. With the increase in the volume of work, an application may require additional resources to maintain desired performance levels and meet SLAs (Service Level Agreement). From the moment the demand decreases and the additional resources are no longer needed, they can be deallocated to minimize costs. The autoscaling process takes advantage of the elasticity of cloud-hosted environments while reducing management overhead.
  • For test and development environments it is possible to evaluate the adoption of DevTest subscriptions, which allow you to get considerable discounts on Azure rates. These subscriptions can be activated as part of an Enterprise Agreement.

Conclusions

The use of a methodological approach to cloud cost management and the adoption of the right techniques are fundamental aspects that allow you to better address the cost governance challenge. Taking into consideration the principles and techniques given in this article, you have the ability to optimize expenses and maximize your investment in the cloud.

Azure Management services: what's new in May 2022

To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements summarized and accompanied by the necessary references to be able to carry out further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Govern

Azure Arc

Support for private endpoints for Azure Arc-enabled servers

Private endpoints for Azure Arc-enabled servers allow you to manage Windows and Linux servers from Azure without having to send network traffic over the Internet, thus ensuring greater security. The servers can be configured for the use of a private endpoint by associating them with an Azure Arc Private Link Scope and connecting the on-premises network to an Azure virtual network using a site-to-site VPN or Express Route.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Support for Azure virtual machines with trusted launch technologies

Trusted launch is a simple method, to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure Backup introduced support for protecting Azure VMs with trusted launch features enabled.

Support for disks that use the Write Accelerator functionality

Azure Backup is now able to protect disks with the Write Accelerator feature enabled. These disks are widely used by Azure customers with virtual machines (VM) M series to improve I / O latency of writes over Azure Premium storage.

Migrate

Azure Migrate

New migration features for applications (preview)

The Azure Migrate tool has been integrated with additional features that simplify the movement of applications from on-premises environments to Azure App Service and to the Azure Kubernetes service. The bulk migration capabilities of Azure App Service allows you to:

  • Do the discovery and assessment of ASP.NET Web apps, ranking which apps are ready for migration
  • Suggest a destination for migration
  • Do the discovery and assessment for the migration of Java Tomcat applications to the Linux App Service services and to the Azure Kubernetes Service.
  • Containerize ASP.NET web apps and move them to Windows containers on App Service or Azure Kubernetes Service.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in April 2022

Microsoft is constantly announcing news regarding Azure management services. This summary, published monthly, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Windows client support for the Azure Monitor agent (preview)

Azure Monitor agent and data collection rules now support client devices, Windows 10 and Windows 11, via a new installation setup (MSI). This allows you to extend the use of the same agent for telemetry and for security aspects (using Sentinel).

Support for custom logs and IIS logs for the Azure Monitor agent (preview)

The Azure Monitoring Agent (AMA) natively provides the ability to collect log files (custom and IIS logs) in a Log Analytics workspace. This feature is particularly useful for easily consulting the custom logs generated by services or applications and IIS logs and for carrying out specific analyzes..

Integration between Azure Monitor and Azure Managed Grafana(preview)

Microsoft announced Azure Managed Grafana, a service managed by Microsoft that allows customers to run Grafana natively within the Azure platform. Azure Managed Grafana allows you to extend integrations with Azure Monitor, providing the ability to easily view Azure monitor data in Grafana dashboards.

Configure

Azure Automation

Diagnostic audit log for Automation account

Also for Automation Accounts, has been enabled the ability to send audit data to blob storage accounts, Event Hub and workspace of Azure Monitor Log Analytics. This possibility allows you to monitor the main activities that are carried out on the Automation Account for security and compliance purposes. By enabling the Audit event collection mechanism, it is possible to collect telemetry data regarding operations of creation, updating and deleting of Automation Account runbooks and assets.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Support for vault-archive storage for VMs backup, even in the presence of SQL and SAP HANA

Azure Backup announced the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and keep backup data for longer. This feature is available for Azure VMs, even in the presence of SQL Server and SAP HANA installed on board the VMs. When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, through a simple and intuitive process.

Metrics and related alerts for Azure Blob storage (preview)

In recent months Azure Backup has released the ability to consult the health metrics of backups and restores for Azure virtual machines, SQL/HANA databases on board Azure virtual machines and Azure File. Now, Azure Backup also supports these metrics for storage blobs.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in March 2022

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, published on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New agent: support for Private Links

The new Azure Monitor agent introduced support for network configurations via private link. This configuration allows you to operate in restricted environments that require special network requirements and a high degree of isolation.

Govern

Azure Cost Management

Automated emails on cost views

To allow you to stay up to date on cost changes in Azure Cost Management and Billing the possibility of sending automated e-mails has been introduced. From the cost analysis, selecting a graphic view, you have the opportunity to subscribe to updates on a daily basis, weekly or monthly and even share those views with people outside the Azure portal.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Azure Files Snapshot Protection

To protect Azure Files snapshots from accidental deletion, Azure Backup has added an extra layer of security to the snapshot management solution, integrating with the Azure Files platform's ability to acquire a snapshot lease. This lease creates and maintains a lock on snapshots for delete operations. After taking a snapshot of Azure File, Azure Backup acquires it, thus protecting it from accidental elimination. Furthermore, to ensure that the snapshot is not deleted during a restore operation, Azure Backup also checks the lease status at the beginning of the recovery and acquires it if necessary.

Support for Azure virtual machines with technologies trusted launch (preview)

Trusted launch is an easy way to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure introduced support, currently in preview, of Azure VMs with trusted launch features enabled.

Azure Site Recovery

On-demand capacity reservation with Azure Site Recovery to safeguard virtual machine failover

Azure Site Recovery is now integrated with the’on-demand capacity reservation, which allows you to take advantage of the capacity reservation to reserve processing capacity in the disaster recovery region (DR) and thus ensure the execution of workloads during failover processes. By assigning a capacity reservation group (CRG) for protected VMs, Azure Site Recovery will fail over the VMs to that CRG. Furthermore, there is a SLA for the Recovery Time Objective (RTO) of 2 hours.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 61 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in February 2022

The month of February was full of news and there are several updates that have affected the Azure management services. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor Agent: new feature to update the extension automatically

With the new Azure Monitor agent, you can get important updates and security fixes by enabling the automatic extension update function within the agent. Basically, when an update is published, the extension updates and replaces the existing version present in the virtual machine or in the scale set.

Azure Monitor Agent: improved Syslog RFC compliance

The latest version of the Azure Monitor agent is now capable of collecting syslog events from the following vendors, standard device types and formats:

  • Cisco Meraki, ASA, FTD
  • Sophos XG
  • Juniper Networks
  • Corelight Zeek
  • CipherTrust
  • NXLog
  • McAfee
  • CEF (Common Event Format)

Azure IoT Edge monitor

Thanks to a deep integration with Azure Monitor it is possible to simplify the monitor of Azure IoT Edge devices, through a set of built-in metrics, the IoT Edge Metrics Collector module and a set of “curated visualization”. Through this integration it is possible:

  • Analyze the efficiency of the solution
  • Choose the hardware to meet the performance demands of the devices
  • Monitor blocked resources
  • Proactively identify problems
  • Resolve problems quickly
  • Create custom metrics and dashboards

Ability to set an exact time range in queries

In the queries on the Log Analytics workspaces it is now possible to specify a specific time range, in this way it is possible to carry out precise and more targeted searches.

The Azure Monitor ‘action rules’ are now ‘alert processing rules’

Microsoft has renamed the 'action rules” of Azure Monitor in “alert processing rules”, which will continue to provide post-processing capabilities for alerts triggered in Azure Monitor.

Log Analytics data export

The new Azure Monitor Log Analytics data export feature allows you to send log data not only to Log Analytics workspaces, but also to a storage account or Event Hub. Furthermore, data can be streamed continuously from Log Analytics tables to a storage account or to Event Hub if Microsoft has enabled streaming support for those types of tables.

Custom retention for tables AzureActivity and Usage

In Azure Monitor, the ability to set custom retention has been introduced for tables AzureActivity and Usage present in the Log Analytics workspaces . Previously, AzureActivity and Usage had a minimum of retention of 90 days and such data could not be set with a specific retention. Now the minimum retention for those tables remains of 90 days, useful for audit and troubleshooting purposes, but you can customize the retention period.

Possibility to test the Action Groups (preview)

For Azure Monitor action groups, the ability to test notification settings for alerts has been introduced, in order to:

  • Check if the notifications work as expected when creating or updating an action group
  • Self-diagnose the cause of notifications not working as expected

Azure Monitor predictive autoscaling for VM Scale Sets (preview)

Predictive autoscaling, released in preview, uses machine learning algorithms to manage and scale Virtual Machine Scale Sets. This mechanism allows you to predict the overall CPU load on the Virtual Machine Scale Sets, based on historical CPU usage patterns. In this way the scale-out takes place in time to satisfy the demand.

Govern

Azure Cost Management

Anomaly detection

Anomaly detection has been introduced in Azure Cost Management. Thanks to this feature it is possible to consult any anomalies on costs, detected by the tool in the Azure subscriptions, in a specific period.

Enterprise agreement component management in Azure Cost Management and Billing

In Azure Cost Management and Billing you can now create, manage and govern departments, accounts, and subscriptions related to enterprise agreement contracts. In particular, from the Azure portal you can perform the following activities:

  • Manage the roles of the enterprise agreement contract
  • Create and manage the hierarchy at the enrollment level(department, account, subscription)
  • View properties and manage policies
  • View usage and charges
  • Download the invoice
  • View and monitor the Microsoft Azure Consumption Commitment balance (MACC)

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Ability to perform multiple Azure File backups throughout the day

In Azure Backup it is now possible to perform multiple backups during the day, with a maximum frequency of four hours, to take multiple snapshots of the file share. This feature allows you to define a backup schedule in line with working hours, useful for frequent updates to Azure File content. Furthermore, you can use Powershell or the Azure command line interface to create backup policies to generate multiple snapshots during the day according to the defined schedule.

Long term retention for Azure PostgreSQL backup

Azure Backup for PostgreSQL is a scalable solution that does not require the presence of an infrastructure, agents or storage accounts, while providing a simple and consistent experience to centrally manage and monitor backups. Support for long-term backup storage was introduced for this solution.

Automatic backup improvements for SQL Server onboard virtual machines

Automatic backup of Azure Backup, a feature given by the extension of the IaaS SQL agent, provides an automatic backup service for SQL Server on board Azure virtual machines. The following improvements have been added to this functionality:

  • Longer backup retention time in storage account, passing from 30 days to 90 days.
  • Ability to choose for each Azure virtual machine a specific container of the storage account as a destination for backups. Previously, it was only allowed to specify a storage account and all backups flowed into the same container.

Restore point cross region for virtual machines

The restore points of a virtual machine are snapshots that contain the metadata of the virtual machine and are consistent for all the disks associated with it. These recovery points can be used to protect workloads from data loss and corruption. Now it is possible to restore points of the virtual machine in any region, regardless of the region in which the virtual machine is deployed.

Azure Site Recovery

Recovery point extended to 15 days

Azure Site Recovery through replication policies allows you to adjust the retention history of recovery points. It is now allowed to keep recovery points up to 15 days instead of 72 hours. Recovery points will be stored with a frequency of 5 minutes for the first 2 hours. Later, they will be deleted and archived less frequently. You can enter any value between 0 and 15 days to configure the retention period in a retention policy. Furthermore, if necessary, it is possible to enable type recovery points “application-consistent” (disabled by default).

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 60 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in January 2022

The new year started with several announcements from Microsoft regarding news related to Azure management services. The monthly release of this summary allows you to have an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

News regarding Azure Monitor alerts

The following changes have been introduced in Azure Monitor regarding alerts:

  • Frequency of 1 minute for alert logs. Alert logs allow users to use a Log Analytics query to evaluate, with a set frequency, resource logs and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. Now you have the ability to evaluate the alert query every minute, thus reducing the overall time for activating an alert log. By adopting this frequency of evaluation it should be taken into account that it also has an impact on the costs of Azure Monitor.
  • New way of creating alert rules: the experience of creating an alert rule has been transformed from an articulated process into a simple and intuitive wizard.

New agent: support for Private Links

The new Azure Monitor agent introduced support for network configurations via private link. This configuration allows you to operate in restricted environments that require special network requirements and a high degree of isolation.

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems thanks to which several improvements and greater stability are introduced.

Govern

Azure Cost Management

Improvements in Azure Advisor recommendations for virtual machines

Azure has improved the Azure Advisor recommendation named “Shutdown/Resize your virtual machines”. This recommendation offers customers the opportunity to save costs by targeting virtual machines that are not being used efficiently.

Among the main improvements we have made are:

  • Resizing of series between different SKUs: up to this new version, the sizing recommendations provided by Azure Advisor were mostly within the same SKU family. This means if you were using a D3 v2 inefficiently, a D2 v2 or a D1 v2 was recommended, or a smaller SKU but within the same family. Now the recommendations take into account, to increase savings, the ability to move to different families by using SKUs that adapt perfectly to the workload based on the data collected.
  • Adoption of new versions of SKU families: in general, newer versions of SKU families are more optimized, offer more features and a better performance / cost ratio than previous versions. If the workload is found to be running on an older version and can achieve cost benefits without impacting performance on a newer version, is reported by Azure Advisor.
  • Improvements on the quality of reports: Microsoft received feedback that some recommendations were not feasible as they did not take certain criteria into account. In order to improve the quality of the recommendations, they are now generated taking into account even more characteristics, such as accelerated network support, support for premium storage, availability in a region, inclusion in an availability set, etc. . Furthermore, to increase the quality, the robustness and applicability of the recommendations the entire recommendation engine has been completely revamped to base it on new automatic and cutting-edge machine learning algorithms.

Multitasking in cost analysis (preview)

Azure Cost Management introduces a new cost analysis experience that allows you to do them more effectively. The preview includes a new tabbed experience to simplify analysis. Starting with an integrated view list, you can open multiple tabs to explore different cost aspects at the same time.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Microsoft Defender for Resource Manager has been updated with new alerts and a greater emphasis has been introduced on high-risk operations mapped to MITER ATT&CK® Matrix
  • Introduced recommendations for enabling Microsoft Defender plans on workspaces (preview)
  • Automatic provisioning of the Log Analytics agent on Azure Arc-enabled machines (preview)

Protect

Azure Backup

Changes in security settings

Azure Backup recently released the following changes regarding security settings for workloads protected by Microsoft Azure Recovery Service Agent, Azure Backup Server, or System Center Data Protection Manager:

  • Integration with MUA (Multi-user authorization): the operation of “disabling safety functions” is now defined as a critical operation that can be protected by a Resource Guard.
  • To provide protection against accidental or harmful elimination, it is no longer possible to unregister a protected server if the security features are enabled for the vault and there are associated backup items, in active or soft delete state.
  • Customers will not have to incur any costs for backup data kept in the soft delete state.
  • The backup policy is not applied to data kept in the soft delete state and therefore no data is deleted for 14 days.

Azure Site Recovery

Support for Azure Policy

Microsoft has introduced the ability to use Azure Policies to enable Azure Site Recovery for virtual machines (VM) on a large scale, thus allowing you to more easily and quickly adhere to organizational standards. After creating a Disaster Recovery policy for a specific subscription or for a specific resource group, all new virtual machines added to that subscription or to the resource group will have Azure Site Recovery enabled automatically. The policy in question is called "Configure disaster recovery on virtual machines by enabling replication via Azure Site Recovery“. In addition to enabling replication for large-scale virtual machines, the Policies make it possible to maintain control over the achievement of organizational standards. Indeed, compliance with policies can be monitored and, if virtual machines are found to be non-compliant, you can create a remediation activity to make the subscription or resource group compliant with the 100%.

Support for Managed Disk of Zone Redundant Storage type (ZRS)

Azure Site Recovery (ASR) introduced support for ZRS type managed disks. Therefore, ASR now allows you to protect virtual machines that take advantage of ZRS managed disks, replicating them in a secondary region of your choice. ASR identifies the source disks as ZRS managed disks and creates equivalent ZRS managed disks in the secondary region. If there is an outage in a region and it is necessary to fail over to the secondary region, ASR will activate the virtual machines in the secondary region with ZRS managed disks, ensuring the same level of resilience.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in December 2021

In December, Microsoft announced news regarding Azure management services. Thanks to the release of this summary, which occurs on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Audit Logs for Azure Monitor queries

Azure Monitor allows you to collect data from the entire ecosystem, including telemetry data at the application and operating system level, security log, network log, diagnostic logs from Azure resources and custom logs. All these data can be queried with the powerful KQL language, useful for obtaining detailed information and making correlations. Microsoft has included the ability to control Azure Monitor queries. Indeed, by enabling this functionality through the Azure diagnostic mechanism, you can collect telemetry data about who ran a query, when it was performed, which tool was used to run the query, the text of the query and performance statistics relating to the execution of the query. This telemetry, like any other Azure Diagnostic-based telemetry, can be sent to an Azure Storage Blob, to an Azure Event Hub, or in the Azure Monitor logs.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Microsoft Defender for Containers adds new features for Kubernetes (preview)

Microsoft Defender for Containers, is a new offering that combines the functionality of Azure Defender for Kubernetes and Azure Defender for Container registries, adding several new features related to Kubernetes on Azure:

  • AKS Profile: onboarding and maintenance as an AKS profile, so as to no longer have a dependency on the Log Analytics agent.
  • Multi cloud support: multi cloud support for AKS, Amazon EKS, Kubernetes on-prem / IaaS (GCP will be added in the future).
  • Visibility of vulnerabilities: a new recommendation monitors Kubernetes clusters and shows a list of running images with any vulnerabilities, based on evaluation scans provided by Qualys. This allows you to focus on the most critical vulnerabilities that expose runtime environments to security threats and attacks.
  • Advanced Threat Protection: Kubernetes compatible AI analysis and anomaly detection.
  • Improved ACR vulnerability assessment: the Azure Container Registry Vulnerability Assessment Recommendation (ACR) has been improved by adding runtime information to image scan results. This allows for the assignment of priorities and to apply filters based on the distribution status of the image.
  • Continuous scanning of images: in addition to periodic scanning of Azure Container Registry images (ACR) over the past 30 days, continuous image scanning periodically scans ACR images running on Kubernetes clusters.

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in November 2021

In November, Microsoft unveiled several news regarding Azure management services, accomplice also the Microsoft Ignite conference 2021. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Log Analytics Workspace Insights in Azure Monitor

Microsoft has announced the availability ofLog Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: use, performance, integrity, agents, query and change logs.

These are the main questions to which the solution can provide an answer:

  • What are the main tables, those where most of the data is imported?
  • Which resource sends the most logs to the workspace?
  • How long does it take for the logs to reach the workspace?
  • How many agents are connected to the work area? How many are in a health state?
  • Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
  • Who has set a daily limit? When data retention has changed?
    • Useful for keeping a log of changes in workspace settings.

New troubleshooting experiences in Network Insights for VPN Gateway & Azure Firewall

It is now possible to access detailed information and have a new problem solving experience in Azure Monitor Network Insights for VPN Gateway and Azure Firewall.

Indeed, you have the option of:

  • Access the resource topology that shows the integrity of the same and the related connections
  • A workbook showing all the key metrics
  • Direct links to documentation and troubleshooting guide

Azure Monitor container insights for Azure Arc enabled Kubernetes

In Azure Monitor, you can get detailed information about the containers running in Azure Arc-enabled Kubernetes environments. This allows you to centralize the visualization of infrastructure metrics, of container logs and related recommendations. The main features are:

  • Simple onboarding directly from the Azure portal
  • Receipt of automatic updates from the monitoring agent
  • Performance visibility, collecting memory and processor metrics from controllers, nodes and containers
  • Views via workbook and in the Azure portal
  • Alerts and queries on historical data for troubleshooting
  • Ability to examine Prometheus metrics

Manage Log Analytics data export rules in the Azure portal (preview)

The export of Log Analytics data can now be configured in the Azure portal. This allows you to easily manage data export rules by giving you a clear view of existing rules in the workspace, regardless of whether they are in the enabled or disabled state. It is also possible to modify existing rules and create new rules with a few simple steps.

Azure Monitor for SAP: new telemetry and root cause analysis (RCA)

Azure Monitor for SAP Solutions (AMS) introduced support for new telemetry data of SAP HANA (preview) and SAP NetWeaver

For SAP HANA we find:

  • License status: provides licensing details for all tenants running with SAP HANA MDC.
  • Multi-Version Concurrency Control (MVCC): report on the consistency of transactional data, isolating the transactions that access the same data at the same time
  • Details on save point operation
  • Details on delta merge
  • Statistics on HANA Alert

Customers who are using the solution will have available, without carrying out any further activities, the above telemetry data. For new customers who want to activate this solution, you can follow this guide to AMS onboarding and configure at least one SAP HANA provider.

Furthermore, customers using SAP in an Azure environment can view the “root cause analysis (RCA)” when a SAP system becomes unavailable due to an outage of the virtual machine or host. Indeed, AMS allows you to view information about the restart, the analysis of the triggering cause, details on the affected system and recommended steps.

AMS is currently available in the following Azure regions: US East, US East 2, US West 2, Europe West, and Europe North. AMS does not incur any additional licensing fees, but only the consumption costs of Azure Monitor are covered.

Configure

Azure Automation

PowerShell runbook support 7.1 (preview)

Azure Automation support for PowerShell runbooks 7.1 has been made available in preview on Azure, Azure Gov and Azure China. This allows for the development and execution of runbooks using PowerShell 7.1, both for cloud processes and for hybrid processes on Azure and non-Azure systems.

Support for Managed Identities

Support for Managed Identities has been introduced in Azure Automation. System Assigned Managed Identities are supported for cloud and hybrid processes, while User Assigned Managed Identities are only supported for cloud processes. This support allows you to reduce the effort of managing Run As Accounts for runbooks. A User Assigned Managed Identities is an independent Azure resource that can be assigned to the Azure Automation account, which can have multiple associated user-assigned identities. The same identity can be assigned to multiple Azure Automation accounts.

Govern

Update Management

Automatic VM guest patching

The new feature called "Automatic VM guest patching" is now available and helps simplify update management and achieve security compliance. Enabling the feature “Automatic VM guest patching” patches classified as critical and security are automatically downloaded and applied to the system. This feature is available for both Windows and Linux systems.

Azure Cost Management

Azure Advisor: tips to save on Azure Cosmos DB resource costs

Specific recommendations have been included in Azure Advisor to help you achieve possible cost savings for Azure Cosmos DB, obtained based on the historical use of resources.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Change to the names of Azure solutions in the security field

In November, durante Ignite 2021, changes have been announced to the names of Microsoft Azure solutions in the security field, as below:

Figure 2 - New names for Azure security solutions

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Azure Security Center and Azure Defender have been unified and are called “Microsoft Defender for Cloud”
  • Native CSPM for AWS and Threat Protection for Amazon EKS and AWS EC2
  • Prioritizing sensitive data in cloud workloads, using Azure Purview
  • Improvements to integration with Microsoft Sentinel
  • Azure Security Benchmark v3 released

Protect

Azure Backup

Multi-user authorization for backups (preview)

Multi-user authorization for Azure Backup provides advanced protection for Recovery Services vaults against unauthorized critical operations. Azure Backup uses a Resource Guard to ensure that critical operations are performed only with the appropriate authorization. With this mechanism, Azure Backup helps provide better protection against operations that could lead to the loss of backup data, including:

  • Disabling soft delete and hybrid security settings
  • Disabling MUA protection
  • Changes to backup policies
  • Security changes
  • Stop protection
  • Changing the MARS security PIN

The backup administrator, which typically accesses the Recovery Services vault, must acquire the role of Contributor on Resource Guard to be able to perform the above protected operations (Critical). To do this, it must also request the action of the Resource Guard owner, who must approve and grant the requested access. It is also possible to use Azure AD Privileged Identity Management to manage just-in-time access on Resource Guard. Furthermore, it is possible to create the Resource Guard resource in a subscription or in a tenant other than that of the Recovery Services vault, for maximum isolation.

Metrics and related alerts for Azure Backup (preview)

Azure Backup now provides built-in metrics to allow you to monitor the integrity of backups and write custom alert rules based on these metrics.

Azure Site Recovery

Support for failover of multiple IP configurations

Azure Site Recovery has been introduced, for virtual machines on Azure, support for failover of secondary IP configurations. This allows you to configure failover and test failover settings for each secondary IP configuration, currently only in the Azure to Azure scenario (A2A).

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 59 which solves several problems and introduces some improvements. Among the most important innovations we find support for Windows Server 2022 for the mobility Service. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in October 2021

In October, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released on a monthly basis I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Availability and support of availability zones in new regions

Azure Monitor Log Analytics is available in the following new regions:

  • West US 3
  • Korea South
  • Canada East 

To check the availability of the service in all the Azure regions you can consult this document.

Furthermore, support for Availability Zones was introduced in the region of West US 2 for Azure Monitor Log Analytics and Application Insights, which allows to ensure greater availability for the logs present in the Workspace.

Azure Monitor container insights: updating the user experience from the portal

The user experience from the portal for Azure Monitor container insights has been updated and allows you to:

  • Get detailed information about containers more easily
  • View resource usage as allocable capacity
  • Take advantage of new metrics and new recommended alerts

Azure Monitor Query SDK

Microsoft has released the Azure Monitor Query SDK for .NET, Java, JavaScript/TypeScript e Python. This new SDK allows developers to build applications that perform read-only queries on Azure Monitor logs and metrics, so that they can analyze and visualize the data in customized ways. The SDK has been modernized to follow the Azure SDK guidelines and be idiomatic for each programming language. Furthermore, introduces a number of updates and new features.

Azure Monitor application insights in Azure Spring Cloud

Thanks to this new integration in Azure Monitor Application Insights it is possible to enable the monitoring of Java Spring Boot applications running in Azure Spring Cloud with a few simple steps and without making any changes to the code.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Multiple backups during the day for Azure Files

Keeping RPO low is often a key requirement for Azure Files that contain frequently updated business-critical data. To ensure minimal data loss, in the event of an emergency or unwanted content changes, organizations may need to back up more frequently than once a day. Azure Backup now allows you to create backup policies to take multiple snapshots per day. With this feature it is also possible to define the duration of the backup processes.

Support for Archive storage for the backup of VMs and SQL on board VMs using the Azure portal

Azure Backup announced in August the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and retain backup data for a longer duration. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Initially this possibility was only given using Azure PowerShell, while now it is possible to move these backups from the standard tier to the new archive tier also from the Azure portal.

When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, with a simple and intuitive process.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features. In particular, This month, the main changes concern support for new geographical areas.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.