To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements summarized and accompanied by the necessary references to be able to carry out further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Govern

Azure Arc

Support for private endpoints for Azure Arc-enabled servers

Private endpoints for Azure Arc-enabled servers allow you to manage Windows and Linux servers from Azure without having to send network traffic over the Internet, thus ensuring greater security. The servers can be configured for the use of a private endpoint by associating them with an Azure Arc Private Link Scope and connecting the on-premises network to an Azure virtual network using a site-to-site VPN or Express Route.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• “Azure Cost Management and Billing” now is “Microsoft Cost Management”: an integrated tool to monitor, manage and optimize Microsoft Cloud costs
• Anomaly detection alert: the anomaly detection model has been significantly improved to more accurately predict and detect anomalous situations.
• Display of the cost of child resources in the cost analysis

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Multicloud settings of the Servers plan available at the connector level
• JIT (Just-in-time) access available for AWS EC2 instances (Preview)
• Add and remove Defender profile for AKS clusters using the CLI

Protect

Azure Backup

Support for Azure virtual machines with trusted launch technologies

Trusted launch is a simple method, to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure Backup introduced support for protecting Azure VMs with trusted launch features enabled.

Support for disks that use the Write Accelerator functionality

Azure Backup is now able to protect disks with the Write Accelerator feature enabled. These disks are widely used by Azure customers with virtual machines (VM) M series to improve I / O latency of writes over Azure Premium storage.

Migrate

Azure Migrate

New migration features for applications (preview)

The Azure Migrate tool has been integrated with additional features that simplify the movement of applications from on-premises environments to Azure App Service and to the Azure Kubernetes service. The bulk migration capabilities of Azure App Service allows you to:

• Do the discovery and assessment of ASP.NET Web apps, ranking which apps are ready for migration
• Suggest a destination for migration
• Do the discovery and assessment for the migration of Java Tomcat applications to the Linux App Service services and to the Azure Kubernetes Service.
• Containerize ASP.NET web apps and move them to Windows containers on App Service or Azure Kubernetes Service.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft is constantly announcing news regarding Azure management services. This summary, published monthly, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Windows client support for the Azure Monitor agent (preview)

Azure Monitor agent and data collection rules now support client devices, Windows 10 and Windows 11, via a new installation setup (MSI). This allows you to extend the use of the same agent for telemetry and for security aspects (using Sentinel).

Support for custom logs and IIS logs for the Azure Monitor agent (preview)

The Azure Monitoring Agent (AMA) natively provides the ability to collect log files (custom and IIS logs) in a Log Analytics workspace. This feature is particularly useful for easily consulting the custom logs generated by services or applications and IIS logs and for carrying out specific analyzes..

Integration between Azure Monitor and Azure Managed Grafana(preview)

Microsoft announced Azure Managed Grafana, a service managed by Microsoft that allows customers to run Grafana natively within the Azure platform. Azure Managed Grafana allows you to extend integrations with Azure Monitor, providing the ability to easily view Azure monitor data in Grafana dashboards.

Configure

Azure Automation

Diagnostic audit log for Automation account

Also for Automation Accounts, has been enabled the ability to send audit data to blob storage accounts, Event Hub and workspace of Azure Monitor Log Analytics. This possibility allows you to monitor the main activities that are carried out on the Automation Account for security and compliance purposes. By enabling the Audit event collection mechanism, it is possible to collect telemetry data regarding operations of creation, updating and deleting of Automation Account runbooks and assets.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Totals summarized in the cost analysis (preview)
• Ability to download Azure costs in a ZIP file
• Ability to save through autoscaling mechanisms in Azure

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• New plans for Defender for Servers
• Transfer of custom recommendations
• PowerShell script to send alerts to Splunk and QRadar
• Deprecated recommendations for Azure Cache for Redis
• Viewing the activity logs related to a security alert

Protect

Azure Backup

Support for vault-archive storage for VMs backup, even in the presence of SQL and SAP HANA

Azure Backup announced the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and keep backup data for longer. This feature is available for Azure VMs, even in the presence of SQL Server and SAP HANA installed on board the VMs. When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, through a simple and intuitive process.

Metrics and related alerts for Azure Blob storage (preview)

In recent months Azure Backup has released the ability to consult the health metrics of backups and restores for Azure virtual machines, SQL/HANA databases on board Azure virtual machines and Azure File. Now, Azure Backup also supports these metrics for storage blobs.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, published on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New agent: support for Private Links

The new Azure Monitor agent introduced support for network configurations via private link. This configuration allows you to operate in restricted environments that require special network requirements and a high degree of isolation.

Govern

Azure Cost Management

Automated emails on cost views

To allow you to stay up to date on cost changes in Azure Cost Management and Billing the possibility of sending automated e-mails has been introduced. From the cost analysis, selecting a graphic view, you have the opportunity to subscribe to updates on a daily basis, weekly or monthly and even share those views with people outside the Azure portal.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Secure Score for AWS and GCP
• Defender for Containers can scan for vulnerabilities in Windows images (preview)
• New alerts for Microsoft Defender for Storage (preview)
• ISO implementations 27001 replaced with the new ISO standard 27001:2013
• Posture management and threat protection for AWS and GCP

Protect

Azure Backup

Azure Files Snapshot Protection

To protect Azure Files snapshots from accidental deletion, Azure Backup has added an extra layer of security to the snapshot management solution, integrating with the Azure Files platform's ability to acquire a snapshot lease. This lease creates and maintains a lock on snapshots for delete operations. After taking a snapshot of Azure File, Azure Backup acquires it, thus protecting it from accidental elimination. Furthermore, to ensure that the snapshot is not deleted during a restore operation, Azure Backup also checks the lease status at the beginning of the recovery and acquires it if necessary.

Support for Azure virtual machines with technologies trusted launch (preview)

Trusted launch is an easy way to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure introduced support, currently in preview, of Azure VMs with trusted launch features enabled.

Azure Site Recovery

On-demand capacity reservation with Azure Site Recovery to safeguard virtual machine failover

Azure Site Recovery is now integrated with the’on-demand capacity reservation, which allows you to take advantage of the capacity reservation to reserve processing capacity in the disaster recovery region (DR) and thus ensure the execution of workloads during failover processes. By assigning a capacity reservation group (CRG) for protected VMs, Azure Site Recovery will fail over the VMs to that CRG. Furthermore, there is a SLA for the Recovery Time Objective (RTO) of 2 hours.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 61 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

The month of February was full of news and there are several updates that have affected the Azure management services. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Azure Monitor Agent: new feature to update the extension automatically

With the new Azure Monitor agent, you can get important updates and security fixes by enabling the automatic extension update function within the agent. Basically, when an update is published, the extension updates and replaces the existing version present in the virtual machine or in the scale set.

Azure Monitor Agent: improved Syslog RFC compliance

The latest version of the Azure Monitor agent is now capable of collecting syslog events from the following vendors, standard device types and formats:

• Cisco Meraki, ASA, FTD
• Sophos XG
• Juniper Networks
• Corelight Zeek
• CipherTrust
• NXLog
• McAfee
• CEF (Common Event Format)

Azure IoT Edge monitor

Thanks to a deep integration with Azure Monitor it is possible to simplify the monitor of Azure IoT Edge devices, through a set of built-in metrics, the IoT Edge Metrics Collector module and a set of “curated visualization”. Through this integration it is possible:

• Analyze the efficiency of the solution
• Choose the hardware to meet the performance demands of the devices
• Monitor blocked resources
• Proactively identify problems
• Resolve problems quickly
• Create custom metrics and dashboards

Ability to set an exact time range in queries

In the queries on the Log Analytics workspaces it is now possible to specify a specific time range, in this way it is possible to carry out precise and more targeted searches.

The Azure Monitor ‘action rules’ are now ‘alert processing rules’

Microsoft has renamed the 'action rules” of Azure Monitor in “alert processing rules”, which will continue to provide post-processing capabilities for alerts triggered in Azure Monitor.

Log Analytics data export

The new Azure Monitor Log Analytics data export feature allows you to send log data not only to Log Analytics workspaces, but also to a storage account or Event Hub. Furthermore, data can be streamed continuously from Log Analytics tables to a storage account or to Event Hub if Microsoft has enabled streaming support for those types of tables.

Custom retention for tables AzureActivity and Usage

In Azure Monitor, the ability to set custom retention has been introduced for tables AzureActivity and Usage present in the Log Analytics workspaces . Previously, AzureActivity and Usage had a minimum of retention of 90 days and such data could not be set with a specific retention. Now the minimum retention for those tables remains of 90 days, useful for audit and troubleshooting purposes, but you can customize the retention period.

Possibility to test the Action Groups (preview)

For Azure Monitor action groups, the ability to test notification settings for alerts has been introduced, in order to:

• Check if the notifications work as expected when creating or updating an action group
• Self-diagnose the cause of notifications not working as expected

Azure Monitor predictive autoscaling for VM Scale Sets (preview)

Predictive autoscaling, released in preview, uses machine learning algorithms to manage and scale Virtual Machine Scale Sets. This mechanism allows you to predict the overall CPU load on the Virtual Machine Scale Sets, based on historical CPU usage patterns. In this way the scale-out takes place in time to satisfy the demand.

Govern

Azure Cost Management

Anomaly detection

Anomaly detection has been introduced in Azure Cost Management. Thanks to this feature it is possible to consult any anomalies on costs, detected by the tool in the Azure subscriptions, in a specific period.

Enterprise agreement component management in Azure Cost Management and Billing

In Azure Cost Management and Billing you can now create, manage and govern departments, accounts, and subscriptions related to enterprise agreement contracts. In particular, from the Azure portal you can perform the following activities:

• Manage the roles of the enterprise agreement contract
• Create and manage the hierarchy at the enrollment level(department, account, subscription)
• View properties and manage policies
• View usage and charges
• Download the invoice
• View and monitor the Microsoft Azure Consumption Commitment balance (MACC)

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Kubernetes workload protection for Arc enabled clusters
• Native CSPM for Google Cloud Platform (GCP) and threat protection for GCP instances

Protect

Azure Backup

Ability to perform multiple Azure File backups throughout the day

In Azure Backup it is now possible to perform multiple backups during the day, with a maximum frequency of four hours, to take multiple snapshots of the file share. This feature allows you to define a backup schedule in line with working hours, useful for frequent updates to Azure File content. Furthermore, you can use Powershell or the Azure command line interface to create backup policies to generate multiple snapshots during the day according to the defined schedule.

Long term retention for Azure PostgreSQL backup

Azure Backup for PostgreSQL is a scalable solution that does not require the presence of an infrastructure, agents or storage accounts, while providing a simple and consistent experience to centrally manage and monitor backups. Support for long-term backup storage was introduced for this solution.

Automatic backup improvements for SQL Server onboard virtual machines

Automatic backup of Azure Backup, a feature given by the extension of the IaaS SQL agent, provides an automatic backup service for SQL Server on board Azure virtual machines. The following improvements have been added to this functionality:

• Longer backup retention time in storage account, passing from 30 days to 90 days.
• Ability to choose for each Azure virtual machine a specific container of the storage account as a destination for backups. Previously, it was only allowed to specify a storage account and all backups flowed into the same container.

Restore point cross region for virtual machines

The restore points of a virtual machine are snapshots that contain the metadata of the virtual machine and are consistent for all the disks associated with it. These recovery points can be used to protect workloads from data loss and corruption. Now it is possible to restore points of the virtual machine in any region, regardless of the region in which the virtual machine is deployed.

Azure Site Recovery

Recovery point extended to 15 days

Azure Site Recovery through replication policies allows you to adjust the retention history of recovery points. It is now allowed to keep recovery points up to 15 days instead of 72 hours. Recovery points will be stored with a frequency of 5 minutes for the first 2 hours. Later, they will be deleted and archived less frequently. You can enter any value between 0 and 15 days to configure the retention period in a retention policy. Furthermore, if necessary, it is possible to enable type recovery points “application-consistent” (disabled by default).

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 60 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

The new year started with several announcements from Microsoft regarding news related to Azure management services. The monthly release of this summary allows you to have an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

News regarding Azure Monitor alerts

The following changes have been introduced in Azure Monitor regarding alerts:

• Frequency of 1 minute for alert logs. Alert logs allow users to use a Log Analytics query to evaluate, with a set frequency, resource logs and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. Now you have the ability to evaluate the alert query every minute, thus reducing the overall time for activating an alert log. By adopting this frequency of evaluation it should be taken into account that it also has an impact on the costs of Azure Monitor.
• New way of creating alert rules: the experience of creating an alert rule has been transformed from an articulated process into a simple and intuitive wizard.

New agent: support for Private Links

The new Azure Monitor agent introduced support for network configurations via private link. This configuration allows you to operate in restricted environments that require special network requirements and a high degree of isolation.

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems thanks to which several improvements and greater stability are introduced.

Govern

Azure Cost Management

Improvements in Azure Advisor recommendations for virtual machines

Azure has improved the Azure Advisor recommendation named “Shutdown/Resize your virtual machines”. This recommendation offers customers the opportunity to save costs by targeting virtual machines that are not being used efficiently.

Among the main improvements we have made are:

• Resizing of series between different SKUs: up to this new version, the sizing recommendations provided by Azure Advisor were mostly within the same SKU family. This means if you were using a D3 v2 inefficiently, a D2 v2 or a D1 v2 was recommended, or a smaller SKU but within the same family. Now the recommendations take into account, to increase savings, the ability to move to different families by using SKUs that adapt perfectly to the workload based on the data collected.
• Adoption of new versions of SKU families: in general, newer versions of SKU families are more optimized, offer more features and a better performance / cost ratio than previous versions. If the workload is found to be running on an older version and can achieve cost benefits without impacting performance on a newer version, is reported by Azure Advisor.
• Improvements on the quality of reports: Microsoft received feedback that some recommendations were not feasible as they did not take certain criteria into account. In order to improve the quality of the recommendations, they are now generated taking into account even more characteristics, such as accelerated network support, support for premium storage, availability in a region, inclusion in an availability set, etc. . Furthermore, to increase the quality, the robustness and applicability of the recommendations the entire recommendation engine has been completely revamped to base it on new automatic and cutting-edge machine learning algorithms.

Multitasking in cost analysis (preview)

Azure Cost Management introduces a new cost analysis experience that allows you to do them more effectively. The preview includes a new tabbed experience to simplify analysis. Starting with an integrated view list, you can open multiple tabs to explore different cost aspects at the same time.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Microsoft Defender for Resource Manager has been updated with new alerts and a greater emphasis has been introduced on high-risk operations mapped to MITER ATT&CK® Matrix
• Introduced recommendations for enabling Microsoft Defender plans on workspaces (preview)
• Automatic provisioning of the Log Analytics agent on Azure Arc-enabled machines (preview)

Protect

Azure Backup

Changes in security settings

Azure Backup recently released the following changes regarding security settings for workloads protected by Microsoft Azure Recovery Service Agent, Azure Backup Server, or System Center Data Protection Manager:

• Integration with MUA (Multi-user authorization): the operation of “disabling safety functions” is now defined as a critical operation that can be protected by a Resource Guard.
• To provide protection against accidental or harmful elimination, it is no longer possible to unregister a protected server if the security features are enabled for the vault and there are associated backup items, in active or soft delete state.
• Customers will not have to incur any costs for backup data kept in the soft delete state.
• The backup policy is not applied to data kept in the soft delete state and therefore no data is deleted for 14 days.

Azure Site Recovery

Support for Azure Policy

Microsoft has introduced the ability to use Azure Policies to enable Azure Site Recovery for virtual machines (VM) on a large scale, thus allowing you to more easily and quickly adhere to organizational standards. After creating a Disaster Recovery policy for a specific subscription or for a specific resource group, all new virtual machines added to that subscription or to the resource group will have Azure Site Recovery enabled automatically. The policy in question is called "Configure disaster recovery on virtual machines by enabling replication via Azure Site Recovery“. In addition to enabling replication for large-scale virtual machines, the Policies make it possible to maintain control over the achievement of organizational standards. In fact,, compliance with policies can be monitored and, if virtual machines are found to be non-compliant, you can create a remediation activity to make the subscription or resource group compliant with the 100%.

Support for Managed Disk of Zone Redundant Storage type (ZRS)

Azure Site Recovery (ASR) introduced support for ZRS type managed disks. Therefore, ASR now allows you to protect virtual machines that take advantage of ZRS managed disks, replicating them in a secondary region of your choice. ASR identifies the source disks as ZRS managed disks and creates equivalent ZRS managed disks in the secondary region. If there is an outage in a region and it is necessary to fail over to the secondary region, ASR will activate the virtual machines in the secondary region with ZRS managed disks, ensuring the same level of resilience.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In December, Microsoft announced news regarding Azure management services. Thanks to the release of this summary, which occurs on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Audit Logs for Azure Monitor queries

Azure Monitor allows you to collect data from the entire ecosystem, including telemetry data at the application and operating system level, security log, network log, diagnostic logs from Azure resources and custom logs. All these data can be queried with the powerful KQL language, useful for obtaining detailed information and making correlations. Microsoft has included the ability to control Azure Monitor queries. In fact,, by enabling this functionality through the Azure diagnostic mechanism, you can collect telemetry data about who ran a query, when it was performed, which tool was used to run the query, the text of the query and performance statistics relating to the execution of the query. This telemetry, like any other Azure Diagnostic-based telemetry, can be sent to an Azure Storage Blob, to an Azure Event Hub, or in the Azure Monitor logs.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Microsoft Defender for Containers adds new features for Kubernetes (preview)

Microsoft Defender for Containers, is a new offering that combines the functionality of Azure Defender for Kubernetes and Azure Defender for Container registries, adding several new features related to Kubernetes on Azure:

• AKS Profile: onboarding and maintenance as an AKS profile, so as to no longer have a dependency on the Log Analytics agent.
• Multi cloud support: multi cloud support for AKS, Amazon EKS, Kubernetes on-prem / IaaS (GCP will be added in the future).
• Visibility of vulnerabilities: a new recommendation monitors Kubernetes clusters and shows a list of running images with any vulnerabilities, based on evaluation scans provided by Qualys. This allows you to focus on the most critical vulnerabilities that expose runtime environments to security threats and attacks.
• Advanced Threat Protection: Kubernetes compatible AI analysis and anomaly detection.
• Improved ACR vulnerability assessment: the Azure Container Registry Vulnerability Assessment Recommendation (ACR) has been improved by adding runtime information to image scan results. This allows for the assignment of priorities and to apply filters based on the distribution status of the image.
• Continuous scanning of images: in addition to periodic scanning of Azure Container Registry images (ACR) over the past 30 days, continuous image scanning periodically scans ACR images running on Kubernetes clusters.

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• New alerts for Microsoft Defender for Storage
• Improved alerts for Microsoft Defender for Storage
• Alert ‘PortSweeping’ has been removed from network-related alerts

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In November, Microsoft unveiled several news regarding Azure management services, accomplice also the Microsoft Ignite conference 2021. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Log Analytics Workspace Insights in Azure Monitor

Microsoft has announced the availability ofLog Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: use, performance, integrity, agents, query and change logs.

These are the main questions to which the solution can provide an answer:

• What are the main tables, those where most of the data is imported?
• Which resource sends the most logs to the workspace?
• How long does it take for the logs to reach the workspace?
• How many agents are connected to the work area? How many are in a health state?
• Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
• Who has set a daily limit? When data retention has changed?
  • Useful for keeping a log of changes in workspace settings.

New troubleshooting experiences in Network Insights for VPN Gateway & Azure Firewall

It is now possible to access detailed information and have a new problem solving experience in Azure Monitor Network Insights for VPN Gateway and Azure Firewall.

In fact,, you have the option of:

• Access the resource topology that shows the integrity of the same and the related connections
• A workbook showing all the key metrics
• Direct links to documentation and troubleshooting guide

Azure Monitor container insights for Azure Arc enabled Kubernetes

In Azure Monitor, you can get detailed information about the containers running in Azure Arc-enabled Kubernetes environments. This allows you to centralize the visualization of infrastructure metrics, of container logs and related recommendations. The main features are:

• Simple onboarding directly from the Azure portal
• Receipt of automatic updates from the monitoring agent
• Performance visibility, collecting memory and processor metrics from controllers, nodes and containers
• Views via workbook and in the Azure portal
• Alerts and queries on historical data for troubleshooting
• Ability to examine Prometheus metrics

Manage Log Analytics data export rules in the Azure portal (preview)

The export of Log Analytics data can now be configured in the Azure portal. This allows you to easily manage data export rules by giving you a clear view of existing rules in the workspace, regardless of whether they are in the enabled or disabled state. It is also possible to modify existing rules and create new rules with a few simple steps.

Azure Monitor for SAP: new telemetry and root cause analysis (RCA)

Azure Monitor for SAP Solutions (AMS) introduced support for new telemetry data of SAP HANA (preview) and SAP NetWeaver

For SAP HANA we find:

• License status: provides licensing details for all tenants running with SAP HANA MDC.
• Multi-Version Concurrency Control (MVCC): report on the consistency of transactional data, isolating the transactions that access the same data at the same time
• Details on save point operation
• Details on delta merge
• Statistics on HANA Alert

Customers who are using the solution will have available, without carrying out any further activities, the above telemetry data. For new customers who want to activate this solution, you can follow this guide to AMS onboarding and configure at least one SAP HANA provider.

Furthermore, customers using SAP in an Azure environment can view the “root cause analysis (RCA)” when a SAP system becomes unavailable due to an outage of the virtual machine or host. In fact,, AMS allows you to view information about the restart, the analysis of the triggering cause, details on the affected system and recommended steps.

AMS is currently available in the following Azure regions: US East, US East 2, US West 2, Europe West, and Europe North. AMS does not incur any additional licensing fees, but only the consumption costs of Azure Monitor are covered.

Configure

Azure Automation

PowerShell runbook support 7.1 (preview)

Azure Automation support for PowerShell runbooks 7.1 has been made available in preview on Azure, Azure Gov and Azure China. This allows for the development and execution of runbooks using PowerShell 7.1, both for cloud processes and for hybrid processes on Azure and non-Azure systems.

Support for Managed Identities

Support for Managed Identities has been introduced in Azure Automation. System Assigned Managed Identities are supported for cloud and hybrid processes, while User Assigned Managed Identities are only supported for cloud processes. This support allows you to reduce the effort of managing Run As Accounts for runbooks. A User Assigned Managed Identities is an independent Azure resource that can be assigned to the Azure Automation account, which can have multiple associated user-assigned identities. The same identity can be assigned to multiple Azure Automation accounts.

Govern

Update Management

Automatic VM guest patching

The new feature called "Automatic VM guest patching" is now available and helps simplify update management and achieve security compliance. Enabling the feature “Automatic VM guest patching” patches classified as critical and security are automatically downloaded and applied to the system. This feature is available for both Windows and Linux systems.

Azure Cost Management

Azure Advisor: tips to save on Azure Cosmos DB resource costs

Specific recommendations have been included in Azure Advisor to help you achieve possible cost savings for Azure Cosmos DB, obtained based on the historical use of resources.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Change to the names of Azure solutions in the security field

In November, durante Ignite 2021, changes have been announced to the names of Microsoft Azure solutions in the security field, as below:

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Azure Security Center and Azure Defender have been unified and are called “Microsoft Defender for Cloud”
• Native CSPM for AWS and Threat Protection for Amazon EKS and AWS EC2
• Prioritizing sensitive data in cloud workloads, using Azure Purview
• Improvements to integration with Microsoft Sentinel
• Azure Security Benchmark v3 released

Protect

Azure Backup

Multi-user authorization for backups (preview)

Multi-user authorization for Azure Backup provides advanced protection for Recovery Services vaults against unauthorized critical operations. Azure Backup uses a Resource Guard to ensure that critical operations are performed only with the appropriate authorization. With this mechanism, Azure Backup helps provide better protection against operations that could lead to the loss of backup data, including:

• Disabling soft delete and hybrid security settings
• Disabling MUA protection
• Changes to backup policies
• Security changes
• Stop protection
• Changing the MARS security PIN

The backup administrator, which typically accesses the Recovery Services vault, must acquire the role of Contributor on Resource Guard to be able to perform the above protected operations (Critical). To do this, it must also request the action of the Resource Guard owner, who must approve and grant the requested access. It is also possible to use Azure AD Privileged Identity Management to manage just-in-time access on Resource Guard. Furthermore, it is possible to create the Resource Guard resource in a subscription or in a tenant other than that of the Recovery Services vault, for maximum isolation.

Metrics and related alerts for Azure Backup (preview)

Azure Backup now provides built-in metrics to allow you to monitor the integrity of backups and write custom alert rules based on these metrics.

Azure Site Recovery

Support for failover of multiple IP configurations

Azure Site Recovery has been introduced, for virtual machines on Azure, support for failover of secondary IP configurations. This allows you to configure failover and test failover settings for each secondary IP configuration, currently only in the Azure to Azure scenario (A2A).

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 59 which solves several problems and introduces some improvements. Among the most important innovations we find support for Windows Server 2022 for the mobility Service. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In October, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released on a monthly basis I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Availability and support of availability zones in new regions

Azure Monitor Log Analytics is available in the following new regions:

• West US 3
• Korea South
• Canada East 

To check the availability of the service in all the Azure regions you can consult this document.

Furthermore, support for Availability Zones was introduced in the region of West US 2 for Azure Monitor Log Analytics and Application Insights, which allows to ensure greater availability for the logs present in the Workspace.

Azure Monitor container insights: updating the user experience from the portal

The user experience from the portal for Azure Monitor container insights has been updated and allows you to:

• Get detailed information about containers more easily
• View resource usage as allocable capacity
• Take advantage of new metrics and new recommended alerts

Azure Monitor Query SDK

Microsoft has released the Azure Monitor Query SDK for .NET, Java, JavaScript/TypeScript e Python. This new SDK allows developers to build applications that perform read-only queries on Azure Monitor logs and metrics, so that they can analyze and visualize the data in customized ways. The SDK has been modernized to follow the Azure SDK guidelines and be idiomatic for each programming language. Furthermore, introduces a number of updates and new features.

Azure Monitor application insights in Azure Spring Cloud

Thanks to this new integration in Azure Monitor Application Insights it is possible to enable the monitoring of Java Spring Boot applications running in Azure Spring Cloud with a few simple steps and without making any changes to the code.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Cost Management now supports Microsoft 365, Dynamics 365, Windows 365, and Power Platform.
• Azure Hybrid Benefit Management for SQL Server from the Azure portal.
• Invoice management for MCA accounts.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Microsoft Threat and Vulnerability Management added as a vulnerability assessment solution (preview)
• Vulnerability assessment solutions can be enabled automatically (preview)
• Added software inventory filters to the asset inventory (preview)
• Changed the prefix of some types of alerts from “ARM_” to “VM_”
• The logic of a security recommendation for Kubernetes clusters has been changed
• New alerts for Azure Defender for Kubernetes (preview)

Protect

Azure Backup

Multiple backups during the day for Azure Files

Keeping RPO low is often a key requirement for Azure Files that contain frequently updated business-critical data. To ensure minimal data loss, in the event of an emergency or unwanted content changes, organizations may need to back up more frequently than once a day. Azure Backup now allows you to create backup policies to take multiple snapshots per day. With this feature it is also possible to define the duration of the backup processes.

Support for Archive storage for the backup of VMs and SQL on board VMs using the Azure portal

Azure Backup announced in August the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and retain backup data for a longer duration. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Initially this possibility was only given using Azure PowerShell, while now it is possible to move these backups from the standard tier to the new archive tier also from the Azure portal.

When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, with a simple and intuitive process.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, This month, the main changes concern support for new geographical areas.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In September there were several news announced by Microsoft regarding Azure management services. In this summary, which I report on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Support for Availability Zones is available

Azure Monitor has introduced support for Availability Zones that help protect applications and data from datacenter failures and can provide resilience for Azure Monitor features such as Application Insights and any other functionality that relies on a Log Analytics workspace. When a workspace is linked to an availability zone, Azure Monitor remains active and operational even if a specific datacenter is not functional or completely inactive. Azure Monitor currently supports Availability Zones for the following regions: East US 2 and West US 2.

Cross query between Azure Monitor and Azure Data Explorer

The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.

Among the various features recently released we find the ability to perform queries:

• Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
• On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer

In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.

Support for Windows Server 2022 for the Azure Monitor Agent

The Azure Monitor Agent is now also supported for Windows Server 2022 such as virtual machines, virtual machine scale sets and Arc enabled servers (in on-premise environments and / or non-Azure servers).

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems where several improvements and greater stability are introduced. Furthermore, the OMI component has been updated to version 1.6.8 and introduced support for AWS 2 / Centos 8.4 Linux.

Configure

Azure Automation

Support for the Az module

Azure Automation introduces support for the module “Az”, available by default for all new Automation Accounts. Furthermore, the option is present in the Azure portal “Update Az Modules” which allows you to update the modules to “Az” for existing Automation Accounts.

Govern

Azure Policy

Support for AKS custom policy (preview)

Microsoft has announced in preview support for custom policies for Azure Kubernetes Service clusters (AKS). With this feature, it is possible to create and assign custom policy definitions and constraint templates to AKS clusters, see advanced information about any errors, use the embedded constraint template embedded within the policy definition and more.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Sharing reservations between different subscriptions through management groups.
• New cost view for services and products.
• What's New in Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.

Protect

Azure Backup

New alerts and management in the Backup center (preview)

Azure Backup has released a new Azure Monitor based alerting solution, which allows you to take advantage of the notification capabilities offered by Azure to monitor and effectively act on critical backup incidents. These alerts can also be managed directly by Azure Backup center.

Oracle snapshot with Azure Backup

Azure Backup now allows you to run pre-post scripts to deactivate and reactivate Oracle databases. This allows you to have consistent backups and take advantage of all the advantages of Azure VM backup also for Oracle systems. Database-consistent snapshots can be used for restores from Oracle, they are verifiable by Oracle database clients such as RMAN and have economic advantages as the backup of Azure VMs is intrinsically incremental. The ability to take consistent snapshots at the Oracle database level also means there is no need to stream the full daily data to a storage target, therefore it is possible to significantly reduce the I / O demand on the machine and on the network, as well as reducing the need for large storage spaces. Furthermore, the use of these snapshots guarantees the ability to quickly create clones of Oracle production VMs and it is not necessary to perform intensive I / O operations such as a datapump.

Offline backup with Azure Data Box

Microsoft has made the Azure Offline Backup functionality available using Azure Data Box, which allows you to use Azure Data Box to seed large initial backups offline in an Azure Recovery Service vault.

Azure Site Recovery

New features to simplify the DR scenarios of VMs in a VMware environment (preview)

The following changes have been released in preview in ASR to help improve the activation of Disaster Recovery scenarios for VMware environments:

• Automatic updates for the ASR replication appliance and for the Mobility agent. A limitation of the current ASR architecture is the need to manually update the various components of the configuration server and the Mobility service. To make things easier, Microsoft has introduced the ability to update automatically: when an update is made available, both the appliance (configuration server) and the Mobility service can be updated automatically. Furthermore, to perform automatic updates, the machine's root / admin credentials are no longer required.
• Scalability improvements. The appliance becomes a single management unit where all its components have been converted into microservices hosted in an Azure environment. Not only will this make troubleshooting a lot easier, but managing the scalability of the solution will also be easier.
• High availability for the appliance. Appliance resilience is a required feature and, thanks to this review, it is no longer necessary to perform regular backups of the appliance, but just start a new appliance and transfer all protected machines to the new appliance, without having to repeat a full replication.

Upgrade al TLS 1.2 or later

As part of the Microsoft initiative that provides for Azure to use TLS 1.2 by default and removing dependencies from previous versions, Azure Site Recovery is moving away from legacy protocols to ensure greater security for replication data. Therefore, TLS 1.0 e TLS 1.1 they will no longer be supported. These changes will take effect on 15 November 2021. To continue using Azure Site Recovery without interruption, you should make sure that all the resources that use the Microsoft Azure Recovery Services agent (MARS) are enabled for the use of TLS 1.2 or later.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.