Category Archives: Azure Management

Azure Management services: what’s new in May 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Azure Log Analytics improves resilience with workspace replication across regions (preview)

Azure Log Analytics introduces workspace replication, a new feature that enhances resilience against regional incidents. By enabling replication, a copy of the workspace is created in another region. From that moment, new logs in the primary workspace are also replicated to the secondary workspace (existing logs are not copied). The secondary workspace cannot be managed or accessed directly and serves only to create an active-passive configuration: at any time, there is an active instance of the workspace and an inactive one updated in the background. In case of an interruption affecting the primary workspace, failover can be activated to switch to the secondary workspace. This operation redirects all ingestion and query requests to the secondary workspace, allowing continued monitoring of resources and applications. The secondary workspace maintains a copy of all logs from the time replication is enabled, allowing for a smooth transition and continued use of alerts, workbooks, and other services accessing the logs, such as Sentinel. During this period, the secondary workspace also replicates incoming logs to the primary workspace, allowing a return to the primary region when it is operational again and continuing to work normally. Workspace replication is billed per replicated GB, and replication can be applied to a subset of Data Collection Rules (DCRs) to limit the scope of replication and related costs.

Filtering Kubernetes metadata and logs in Azure Monitor Container Insights (preview)

Filtering Kubernetes metadata and logs enriches the ContainerLogsV2 schema with additional Kubernetes metadata such as PodLabels, PodAnnotations, PodUid, Image, ImageID, ImageRepo, and ImageTag. The log filtering feature provides filtering capabilities for both workload and platform logs (e.g., system namespaces) from containers. This feature enhances the Kubernetes metadata experience by leveraging the Grafana dashboard to visualize log levels, volume, rate, records, and more. Users gain a richer context and improved visibility into their workloads.

Monitoring applications with Java metrics in Azure Container Apps (preview)

It is now possible to monitor the performance and health of applications with Java metrics such as garbage collection and memory usage. These metrics are automatically collected and reported in Azure Monitor, where they can be viewed in an integrated dashboard. It is also possible to set alerts and troubleshoot issues based on these metrics.

Data analysis using Log Analytics Simple mode (preview)

Azure Monitor Logs introduces a significant improvement in the log analysis experience: Simple mode. This new feature offers users a powerful set of tools to explore their logs and gain meaningful insights from the data. Until now, Azure Monitor Logs relied on the Kusto Query Language (KQL) to formulate queries, a powerful and easy-to-learn language, but it still requires some knowledge to use effectively. Simple mode was developed to bridge this knowledge gap, allowing the use of the most common KQL operators and actions through a simple and intuitive point-and-click experience that requires no KQL knowledge. For advanced users, KQL mode continues to offer the full potential of the Kusto language to gain deeper insights from the logs. Currently, Simple mode is an optional experience: to try it, just select “Try the new Log Analytics”. It is possible to return to the classic Log Analytics experience at any time.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

Remediate security baseline recommendation: Microsoft Defender for Cloud has enhanced the Center for Internet Security (CIS) benchmarks by offering security baselines supported by Microsoft Defender Vulnerability Management (MDVM). The new recommendation “Machine should be configured securely (powered by MDVM)” helps secure servers by providing suggestions to improve security posture.
Configure email notifications for attack paths: It is now possible to configure email notifications for attack paths in Defender for Cloud. This feature allows receiving email notifications when an attack path with a specified risk level is detected. This update helps security teams respond promptly to potential attacks, improving responsiveness and overall protection.
Integration of Defender for Cloud alerts and incidents with Microsoft Defender XDR: This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender Portal. Providing richer context for investigations involving cloud resources, devices, and identities, this feature improves response capabilities and the effectiveness of security operations.
Checkov integration for IaC scanning in Defender for Cloud (preview): The public preview of Checkov integration for DevOps security in Defender for Cloud has been announced. This integration improves both the quality and the total number of Infrastructure-as-Code (IaC) checks performed by the MSDO CLI command when scanning IaC templates. During the preview, Checkov must be explicitly invoked via the ‘tools’ input parameter for the MSDO CLI command.
Permissions management in Defender for Cloud: The general availability (GA) of permissions management in Defender for Cloud has been announced. This feature enables advanced permissions management, improving security and access control in cloud resources.
Security posture management for AI in Defender for Cloud: This feature provides security posture management capabilities for AI in Azure and AWS.
Threat protection for AI workloads in Azure (preview): Threat protection for AI workloads in Defender for Cloud provides contextual insights into threat protection, integrating with Responsible AI and Microsoft Threat Intelligence. Security alerts for AI workloads are integrated into Defender XDR in the Defender portal. This plan helps monitor Azure OpenAI-powered applications at runtime for malicious activities, identifying and mitigating security risks.
Updated security policy management: Cross-cloud (Azure, AWS, GCP) security policy management is now generally available (GA). This feature allows security teams to manage their security policies consistently and with new characteristics:

A simplified and uniform cross-cloud interface to create and manage the Microsoft Cloud Security Benchmark (MCSB) and custom recommendations based on KQL queries;
Management of regulatory compliance standards in Defender for Cloud across Azure, AWS, and GCP environments;
New filtering and export capabilities for reporting.

Public preview of Defender for open-source databases on AWS: The public preview of Defender for open-source databases on AWS has been announced, adding support for various Amazon Relational Database Service (RDS) instance types. This integration improves the security and management of open-source databases running on AWS instances.

Protect

Azure Backup

Migration of virtual machine backups to enhanced backup policies (preview)

Azure Backup now supports the migration of virtual machine backups from the standard backup policy to the enhanced backup policy. This migration offers several benefits:

Improved RPO: The recovery point objective (RPO) can be reduced to as little as 4 hours.
Retention of recovery points: Recovery points can be retained as snapshots for up to 30 days.
Multi-disk consistency: The enhanced policy ensures multi-disk crash consistency for protected VMs.
Zone-level resilience: Recovery points created with the enhanced policy are zone-resilient.
Trusted Launch security: Protected virtual machines can be converted to Trusted Launch security.
Use of premium SSDv2 or ultra-disk: Migration to the enhanced policy allows the use of premium SSDv2 or ultra-disk without interrupting existing backups.

These improvements make migrating to the enhanced backup policy an excellent choice for optimizing the protection and management of virtual machines on Azure.

Azure Site Recovery

Built-in Azure Monitor alerts for Site Recovery

Built-in Azure Monitor alerts for Azure Site Recovery (ASR) are now generally available. This innovation enables organizations using ASR to benefit from an advanced set of alerting and notification features offered by the Azure Monitor platform. Users can leverage standard Azure Monitor experiences and interfaces to manage ASR alerts at scale, using a single platform. This represents a significant step towards achieving a homogeneous and consistent set of monitoring and alerting experiences for all Business Continuity and Disaster Recovery (BCDR) scenarios on Azure.

Out of Box Reports for Azure Site Recovery (preview)

Out of Box Reports for Azure Site Recovery are now available in preview. This new reporting feature offers organizations using ASR a clear and detailed view of job and health status for protected items. Integrated into the Azure Business Continuity Center and Recovery Services Vault, this feature allows BCDR administrators to effectively monitor and manage all protected items in large-scale backup and site recovery processes.

Support for Azure Trusted Launch VMs (preview)

Microsoft has announced the Public Preview of Azure Site Recovery support for Azure Trusted Launch VMs. Azure Trusted Launch VMs provide security for second-generation Azure virtual machines, enabling Secure Boot and vTPM features. This public preview is currently available only for the Windows operating system.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure Management services: what’s new in April 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant news. The goal is to keep you constantly informed about these developments, giving you the essential information needed to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Managed Identities for Alerts

Azure Monitor alerts are essential tools for monitoring data related to Azure and its applications. These alerts quickly identify issues that could affect service operations. Through log search alert rules, it’s possible to periodically run log data queries to receive notifications or trigger actions when potential problems are detected. A common challenge for developers is managing the credentials of applications accessing different resources. In this context, managed identities prove to be an effective solution, offering an identity automatically managed through Microsoft Entra ID. Applications can use these identities to obtain access tokens without directly managing credentials.

Log search alert rules support the use of managed identities for Azure resources, enhancing the visibility and control of permissions associated with these rules. Managed identities can be employed in log search alert rules in two main ways:

System-assigned managed identity: in this case, Azure creates a new identity specifically dedicated to the alert rule. After creating the rule, it is necessary to assign this identity the required permissions to access the workspace and the data sources needed to perform the query.
User-assigned managed identity: before establishing the alert rule, the user creates an identity and assigns the appropriate permissions. This identity can then be used for multiple alert rules, thus optimizing resource management.

This system not only simplifies credential management but also increases security and efficiency in the configuration and monitoring of applications and cloud resources.

Azure Monitor Agent Upload to Storage and Event Hubs (preview)

The Azure Monitor Agent is an advanced solution for collecting telemetry data from IaaS resources, like virtual machines. With the new upload feature, available in this preview version, it is possible to transfer logs directly from Log Analytics workspaces to Event Hubs and Storage services. These data destinations employ specific rules for data collection, allowing for a customized and optimized configuration of the collection infrastructure for agents.

Query Editor for Azure Monitor Metrics (preview)

The public preview of the Query Editor for Azure Metric Explorer within Azure Monitor Workspace (AMW) is now publicly available. This update allows customers to query Prometheus metrics directly from their Azure Monitor Workspace using PromQL. With this feature, users can analyze metric data more effectively by writing and executing PromQL queries directly in the Metric Explorer.

Azure Monitor Pipeline (preview)

Microsoft recently launched the preview version of the Azure Monitor Pipeline for edge environments. This new solution is designed to improve the ingestion and routing of large-scale data from edge environments to Azure Monitor, enhancing observability. Deployable as an extension of the Arc Kubernetes cluster on your own on-premises Kubernetes clusters, the pipeline supports a wide range of resources and can be scaled horizontally to handle large volumes of data. It also offers advanced capabilities for collecting data from resources in segmented networks without continuous cloud connectivity, storing logs locally during outages, and synchronizing them with the cloud once the connection is restored.

Govern

Azure Advisor

Changes to the Display of Savings Estimates on Azure Advisor

From September 30, 2024, Azure Advisor will no longer display the aggregated annual estimates of potential savings. Currently, these estimates are visible on the Azure portal under “Potential yearly savings based on retail pricing” in the cost recommendations pages. This feature will be discontinued on the specified date. Despite the removal of this aggregated display, it will still be possible to calculate specific annual potential savings through alternative procedures. Individual recommendations and their associated potential savings will remain available.

Resiliency Review (preview)

Microsoft has introduced the “Resiliency Review” in public preview on Azure Advisor, a new feature aimed at increasing the resilience of workloads through personalized recommendations. These recommendations, provided by Microsoft’s cloud solution architects, allow users to focus on the most critical aspects to ensure the resilience of their systems. Users have the opportunity to evaluate the recommendations (accepting or rejecting them), manage their lifecycle on Advisor, and collaborate with their Microsoft account team to monitor resolution. It is also possible to request a “Well Architected Reliability Assessment” to optimize the resilience and reliability of workloads by implementing the recommendations and monitoring their lifecycle on Advisor.

Azure Cost Management

Updates related to Microsoft Cost Management

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

General Availability of Microsoft Defender for Containers on AWS and GCP: Microsoft has announced the general availability of Defender for Containers for AWS and GCP platforms. This service enhances container security through real-time threat detection and agentless container discovery. Notably, an advanced authentication feature on AWS optimizes the service provisioning process.
Risk Prioritization: Risk prioritization has become the default experience in Microsoft Defender for Cloud. This feature helps users focus on the most severe threats by organizing security recommendations based on the risk factors of each resource. The assessment criteria include the potential impact of a breach, risk categories, and the attack path associated with each security issue.
Update on Microsoft Defender for Server Plan 2: Microsoft has announced that the Qualys service integrated into Plan 2 of Microsoft Defender for Server will be retired on May 1, 2024. This change is part of a broader initiative to simplify and consolidate vulnerability assessments within Microsoft Defender for Cloud. Following this update, Plan 2 of Defender for Server will integrate Microsoft Defender Vulnerability Management as its new solution for vulnerability assessments.
Defender for Cloud Supports Azure Database for MySQL – Flexible Server: Microsoft Defender for Cloud can now protect Azure Database for MySQL – Flexible Server from threats without compromising the performance of the service. This solution reduces the risk of data breaches, attacks, and unauthorized access by monitoring unusual or suspicious activity in the database. This feature can be easily enabled from the Azure portal, to receive security alerts, insights, and recommendations on how to mitigate potentially harmful threats related to Azure Database for MySQL – Flexible Server.

Protect

Azure Backup

Backup and Restore of Virtual Machines with Private Endpoint Disks

Azure Backup now offers the capability to back up Azure virtual machines using disks with private endpoints. This functionality is available for virtual machines with both standard and advanced backup policies and can be implemented through the standard backup procedures of Azure. Additionally, during the restore process, it is now possible to configure network access settings for the restored disks. Users can choose to maintain the original network configuration of the disks, limit access to specific networks, or allow public access from all networks.

Backup for Azure Database for MySQL – Flexible Server (preview)

Azure Backup, in collaboration with Azure Database Services, has launched a preview backup solution for MySQL-Flexible servers that allows backups to be retained for up to 10 years. Features offered in this preview phase include: comprehensive data protection against various levels of data loss, from accidental deletions to ransomware attacks; the ability for users to control scheduled and ad-hoc backup operations; isolated backups stored in a separate security and fault domain; long-term backup retention; and centralized monitoring of all backup operations and jobs.

Azure Backup Introduces Vault Backups for Azure Files (preview)

Azure Backup now supports transferring backups of Azure Files into vaults to protect critical business data stored in Azure Files against severe data loss scenarios, such as ransomware attacks. These isolated backups ensure trouble-free recovery even if the source data is compromised. It’s easy to switch from snapshot-based backup, which offers protection from accidental deletions, to vault backup to safeguard File data against a broader range of tampering and data deletion scenarios. Capabilities include:

Enhanced backup security with features such as immutability, encryption with customer-managed keys (CMK), soft delete, and multi-user authorization (MUA).
Long-term data retention up to 99 years to meet compliance requirements in regulated sectors.
Business continuity in case of regional disruptions with the ability to restore from a backup copy replicated in the Azure paired region.
Guaranteed data recovery even if the production storage or subscription is compromised, with the option to restore in an alternative subscription.

Selecting the “vault” level in the backup policy can improve the security posture of Azure Files data with a native, managed, and secure offsite backup solution, strengthening the business continuity and disaster recovery strategy for mission-critical applications.

Azure Site Recovery

New Update Rollup

Update Rollup 73 has been released for Azure Site Recovery, bringing significant improvements to the latest service components. Notably, the Mobility Service now supports additional Linux operating systems, including Debian 12 and Ubuntu 18.04 Pro for Azure-to-Azure configurations and VMware/Physical migrations to Azure. This update also includes other optimizations and bug fixes.

Azure Site Recovery for Shared Disks (preview)

The public preview of Azure Site Recovery for managing Shared Disks is now available. This feature enhances the protection and recovery of workloads operating on Windows Server Failover Clusters (WSFC) deployed on Azure VMs. This development paves the way for the use of shared disks for mission-critical applications such as SQL FCI, SAP ASCS, and Scale-out File Servers, ensuring operational continuity and efficient recovery capability in disaster scenarios.

With Azure Site Recovery for shared disks, you can:

Replicate and recover WSFC clusters as a single entity throughout the Disaster Recovery (DR) lifecycle.
Generate cluster-level consistent recovery points.
Monitor the protection and health status of the cluster and its nodes from a single interface.
Manage cluster failover and recovery point selection.
Re-protect and restore the cluster in the main region minimizing data loss and reducing downtime.

Migrate

Azure Migrate

New releases and features of Azure Migrate

This month, the main updates include:

New Features for SAP (preview): Azure Migrate has recently expanded its capabilities by including support in preview for discovery and assessment of SAP systems. Thanks to this feature, users can now perform detailed assessments for on-premises SAP workloads.
Assessment of Java Web Applications (Tomcat) for Azure App Service and AKS (preview): Microsoft has introduced a new assessment capability for Java web applications (Tomcat) in preview, aimed at both Azure App Service and Azure Kubernetes Service (AKS). This feature allows developers and IT architects to examine and plan the migration of their existing Tomcat applications, leveraging Azure’s cloud capabilities to enhance the performance and scalability of applications.

Azure Evaluation

Azure Management services: what’s new in March 2024

This month, Microsoft announced a series of significant updates to the Azure management services. Through this sequence of monthly articles, we aim to provide a detailed overview of the most noteworthy new features. The primary goal is to keep readers up-to-date on these advancements, offering the crucial information needed to delve further into these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Expansion and improvements to the Azure Monitor for Prometheus service

The managed Azure Monitor for Prometheus service, which facilitates the collection and analysis of metrics through a monitoring solution compatible with the Prometheus project of the Cloud Native Computing Foundation, has announced significant updates:

The service is now available in 13 additional Azure regions, extending its geographical coverage.
Introduction of support for TLS (Transport Layer Security) and mTLS (Mutual TLS) based metrics scraping, aimed at Prometheus configurations that use TLS. This feature adds a significant layer of security for authenticated and protected communication between Azure Monitor and Prometheus instances, enhancing data protection in transit.

Billing for “stateful” log search alerts in Azure Monitor (preview)

Starting from May 1, 2024, “stateful” log search alerts in Azure Monitor will be subject to charges. These alerts allow for the execution of a log analysis query on monitored resources at regular intervals, triggering an alert based on the results obtained. The distinctive feature of “stateful” alerts is their ability to automatically resolve when the alert condition is no longer true, thus reducing alert noise and focusing on issues that require attention. This feature is currently in preview and will become publicly available in May. Details on the pricing for log search alert rules can be found on the Azure Monitor pricing page.

Govern

Azure Advisor

Assessment of the Well-Architected Framework on Azure Advisor (preview)

The introduction of the Well-Architected Framework (WAF) assessment on Azure Advisor (in preview) represents a significant step forward in providing users with a deep and holistic understanding of their architectures. This assessment allows for the examination and optimization of architectures across multiple crucial aspects, including resilience, security, cost optimization, operational excellence, and performance efficiency. Implementing and monitoring the recommendations from the WAF assessment through Azure Advisor are valuable tools for improving the effectiveness and efficiency of cloud infrastructures.

Azure Policy

New feature: simple assignment of regulatory compliance policies to the Azure Landing Zone (ALZ)

Microsoft has announced a new feature for the Azure Landing Zone portal accelerator that will make large-scale regulatory compliance more consistent and simpler to implement. Azure Policy initiatives can now be assigned to Management Groups at deployment with just a few clicks.

Azure Cost Management

Support for the AWS connector in Cost Management will end on March 31, 2025

The connector for AWS in Microsoft Cost Management, designed to consolidate cost data from Microsoft Azure and AWS, will be retired. Users are encouraged to consider an alternative solution before the retirement date to complete the transition in a timely manner. After March 31, 2024, it will no longer be possible to add new AWS Connectors in Cost Management for all users, and from March 31, 2025, access to the AWS Connector as well as cost reports that include AWS data will be discontinued. In addition, all AWS cost data present on Microsoft Cost Management will be deleted, except for Cost and Usage Report (CUR) files which will remain available in the user’s S3 bucket on the AWS console.

Cost analysis add-on for AKS (General Availability)

The cost analysis add-on for Azure Kubernetes Service (AKS) is now available. This native Azure experience offers visibility into the underlying infrastructure costs associated with AKS workloads, with a cost breakdown based on Kubernetes constructs like clusters and namespaces, as well as Azure asset categories. Additionally, cost allocation data can be viewed directly in the Azure portal’s cost management section. The add-on helps monitor, allocate, and optimize AKS costs.

Updates related to Microsoft Cost Management

Secure

Microsoft Defender for Cloud

Azure Defender for Microsoft Azure Database for PostgreSQL – Flexible Server

Microsoft has made Defender for Cloud available for Azure Database for PostgreSQL – Flexible Server, thus enhancing database security with advanced detection capabilities. This sophisticated solution is designed to detect suspicious activities that may indicate unusual and potentially dangerous attempts to access or compromise databases. With its implementation, Defender for Cloud introduces an additional significant layer of protection for Azure Database for PostgreSQL – Flexible Server, complementary to the already integrated security measures, ensuring an even more robust defense against threats.

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

Agentless scanning for VMs encrypted with CMK in Azure: this functionality, already available for AWS and GCP, is now present for Azure. It uses a unique approach to scan VMs encrypted with CMK without Defender for Cloud managing the keys or the decryption process, which is instead handled transparently by Azure Compute. The unencrypted VM disk data is not copied or re-encrypted with another key, and the original key is not replicated. During the public preview, this capability is not enabled automatically, but is available for those using Defender for Servers P2 or Defender CSPM with VM disks encrypted with CMK.
New recommendations for endpoint detection and response: announced new recommendations that discover and assess the configuration of supported endpoint detection and response solutions. These agentless recommendations are available for those who have activated Defender for Servers Plan 2 or the Defender CSPM plan, but do not support on-premises machines.
Custom security standards and recommendations based on KQL for Azure in public preview: it is now possible to create custom security standards and recommendations based on KQL for Azure, available in public preview and supported in all clouds.
Inclusion of DevOps recommendations in the Microsoft Cloud Security Benchmark (MCSB): it is now possible to monitor the security and compliance posture of DevOps in the MCSB, which provides prescriptive details on how to implement its security recommendations agnostic to the cloud.
General availability (GA) integration with ServiceNow: announced the general availability of the integration with ServiceNow.
Protection of critical assets in Microsoft Defender for Cloud (preview): Defender for Cloud now includes a feature to identify and protect critical assets through risk prioritization, attack path analysis, and cloud security explorer.
Enhanced recommendations for AWS and GCP with automatic remediation scripts: improved recommendations for AWS and GCP with automatic remediation scripts that allow for large-scale application of remedies.
Addition of compliance standards to the compliance dashboard (preview): based on user feedback, new compliance standards have been added in preview to the compliance dashboard for AWS and GCP resources protected by Defender for Cloud.
Retirement of the container vulnerability assessment by Defender for Cloud powered by Qualys: this assessment has been retired. Customers who were using this assessment should switch to the vulnerability assessments for Azure with Microsoft Defender Vulnerability Management.

Protect

Azure Backup

Azure Backup for VMs: agentless backup of multiple disks with crash consistency (preview)

Azure VM backup introduces support for agentless backup of multiple disks with crash consistency, currently in public preview. This feature allows for the backup of VMs without the need to install additional software, such as the VM agent or the snapshot extension, inside the VM itself. This feature can also be used if the operating system is not supported for backup with application-level consistency.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Evaluation

Azure Management services: what’s new in February 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Availability of the Azure Monitor Metrics Data Plane API

As of February, the Azure Monitor Metrics Data Plane API is available for use. This API allows for efficient management and monitoring of Azure resources, improving query efficiency and metric collection capability. It is possible to retrieve metric data for up to 50 resource IDs in the same subscription and region with a single API call, thus optimizing query throughput and reducing the risk of throttling.

Execution of the Azure Monitor Logs connector on an exact time range (preview)

The Azure Monitor Logs connector introduces a new preview feature: the ability to execute queries on an exact time range provided dynamically. This functionality allows for filtering the execution of queries in the Log Analytics workspace or Application Insights components for Logic App triggers or schedules, displaying relevant results. Until now, the time range could be set directly in the query or defined with a relative value, such as the last hour or the last 12 hours. With the exact time range option, it is now possible to dynamically pass the start and end time to respond to scenarios such as alarm diagnostics. When the connector is activated by an alarm, it can receive the alarm’s time range to replicate the results that triggered the alarm and allow for effective investigation.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Azure Arc

Azure SQL migration assessment enabled by Azure Arc (preview)

With the growing adoption of cloud computing, organizations embark on the path of migration to the cloud, facing a complex and articulated challenge that can extend for several months, varying based on the size and complexity of the projects involved. This transition period can result in a delay in accessing the benefits offered by Azure’s capabilities, temporarily limiting operational efficiency and innovation.

To overcome these challenges, Microsoft introduces an innovative solution: SQL Server enabled for Azure Arc. This revolutionary technology allows organizations to begin leveraging the benefits of the cloud from the early stages of the migration process. Through Azure Arc, it is possible to manage SQL Server instances, both on-premise and distributed across multiple clouds, using Azure’s control plane and management services. This approach enables consistent and efficient hybrid management of the SQL Server environment, bringing immediate benefits in terms of operational efficiencies and cost reduction, in addition to ensuring an optimal migration and modernization experience.

In addition to these benefits, Microsoft announces the public preview release of the Azure SQL migration assessment, powered by Azure Arc. This feature, once activated by linking one’s SQL Server to Azure Arc, automatically and continuously provides an assessment of readiness for migration to Azure SQL. This assessment takes into account the evolutions of the work environment and suggests the Azure SQL deployment option best suited to specific needs, optimizing costs. Furthermore, it identifies potential migration risks and proposes mitigation strategies, thus facilitating the transition path to the cloud and improving strategic alignment with business needs.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

Regulatory compliance management: through Defender for Cloud, the management of compliance standards is extended to Azure, AWS, and GCP environments, offering a unified experience in creating and managing personalized recommendations through KQL queries.
Cloud support for Defender for Containers: the threat detection capabilities specific to Azure Kubernetes Service (AKS) in Defender for Container are now extended to commercial clouds, Azure Government, and Azure China 21Vianet, with the list of supported features updated.
Update of the Defender FOR Container agent: a new version of the agent, which brings improvements in terms of performance and security, supports AMD64 and ARM64 architectures (Linux only) and employs Inspektor Gadget for process collection instead of Sysdig. This version is compatible exclusively with Linux kernel version 5.4 or higher, requiring updates for older kernels. ARM64 support is available starting from AKS V1.29.
Support for the OCI image format specification: vulnerability assessment now supports the Open Container Initiative (OCI) image format specification for AWS, Azure, and GCP clouds, thanks to Microsoft Defender Vulnerability Management.
Retirement of the AWS container vulnerability assessment powered by Trivy: this assessment has been replaced by a new solution powered by Microsoft Defender Vulnerability Management.
Recommendations for Azure Stack HCI: four new recommendations specific to Azure Stack HCI, currently in public preview, have been introduced, thus expanding the type of resources manageable through Microsoft Defender for Cloud.

Protect

Azure Backup

Support for Cross-Region recovery of PostgreSQL backups

Support for cross-region recovery of PostgreSQL backups through Azure Backup is now available to all. Using Read-Access Geo-Redundant Storage (RA-GRS), Azure Backup enables a high level of data resilience, allowing access to backups in disaster recovery scenarios and restoration operations from the secondary region at any time. This feature is now available for PostgreSQL backups in all public regions, offering a wide range of durability options for backup data.

Regional Disaster Recovery via Azure Backup for AKS (preview)

Azure Backup for AKS introduces a new feature in preview: Regional Disaster Recovery. This innovation provides advanced protection for containerized application workloads and data through scheduled backups and smooth restorations, ideal for addressing situations such as operational recovery, accidental deletion, and application migration. Thanks to Regional Disaster Recovery, organizations can anticipate and mitigate the impact of catastrophic regional events through the recovery of AKS clusters from backups located in a secondary region, leveraging Azure’s paired regions. This ensures operational continuity even in the face of regional disruptions, complying with the established 3-2-1 backup strategy and providing the resilience needed to ensure data recovery after tenant-compromising events, in addition to meeting compliance requirements imposed by heavily regulated sectors.

Extended support for VMs with Ultra and Premium SSD v2 disks

Azure has announced the general availability launch of extended support of Azure Backup for virtual machines (VMs) that use Ultra and Premium SSD v2 disks. This development represents a significant step forward in strengthening the resilience and recovery capabilities of businesses managing critical enterprise applications and high-intensity I/O in the cloud. Ultra disks, known for their ability to support enterprise-level applications such as SAP HANA, high-end SQL databases, and NoSQL databases, offer organizations the flexibility needed to run demanding workloads with ease. Simultaneously, Premium SSD v2 disks stand out as the most advanced block storage solution, optimized for IO-intensive production workloads that require latencies below one millisecond. The availability of these technologies in Azure Backup meets a fundamental customer demand, eager to ensure operational continuity of their VMs in the event of disasters or ransomware attacks. With the enablement of backup for VMs using both Ultra and Premium SSD v2 disks, Azure positions itself as a robust cloud platform capable of offering solid and efficient recovery solutions. These advanced backup options are designed for a wide spectrum of applications, including SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, and gaming, on virtual machines or stateful containers. The availability of these features in all regions that support the creation of Ultra and Premium SSD v2 disks highlights Azure’s commitment to providing reliable and cutting-edge backup solutions, thus promoting security, resilience, and operational efficiency for businesses globally.

Azure Site Recovery

Enabling replication for data disks added to VMware VMs

Azure Site Recovery now supports enabling replication for data disks added to a VMware VM already enabled for disaster recovery. Thanks to this update, users can ensure greater operational continuity and better data resilience management, extending disaster recovery protection to data disks added after the VM protection is enabled.

Support of Azure Site Recovery for Azure Trusted Launch VMs (preview)

Microsoft has announced the preview of Azure Site Recovery support for Azure Trusted Launch VMs, exclusively for Windows operating systems. These VMs provide basic security for Azure Generation 2 systems, enabling Secure Boot and vTPM capabilities.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Evaluation

Azure Management services: what’s new in January 2024

This month, Microsoft has introduced a series of significant updates for Azure management services. This is part of a series of monthly articles aimed at providing an in-depth and detailed analysis of the most relevant innovations. The goal is to keep users always informed about the ongoing evolutions of Azure, providing the essential information to explore these developments further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Azure Monitor VM Insights Dependency Agent for VM Linux RHEL 8.6

The Dependency Agent of Azure Monitor VM Insights is now supported for Linux Red Hat Enterprise Linux (RHEL) 8.6 VMs. This means that the Dependency Agent can be used to monitor network connections and processes of Linux RHEL 8.6 virtual machines and visualize the dependencies between them in the VM Insights Map function.

Integration of Azure Advisor with Azure Monitor Log Analytics Workspace

Azure Advisor is a cloud tool designed to help users follow best practices in optimizing their workloads in Azure. This solution analyzes resource configurations and telemetry data to provide targeted recommendations to improve four key areas: cost efficiency, performance, reliability, and security of Azure resources. Moreover, to support more effective management of Azure Monitor costs, Microsoft has implemented specific cost optimization recommendations and integrated Azure Advisor into the Log Analytics Workspace management interface.

Dedicated clusters in Azure Monitor logs now support different commitment levels

Microsoft has extended the capabilities of dedicated clusters in Azure Monitor Logs, now supporting any level of commitment, starting from a minimum of 100 GB per day. This new feature offers greater flexibility and customization for users who require specific solutions for their monitoring and logging needs. With this expansion, customers have the option to choose the service level that best fits their needs, ensuring more efficient and tailored data management.

Configure

Update management

Azure Update Manager on Azure Arc-enabled servers: new billing rules

From February 2024, Azure Update Manager will start generating consumption for Azure Arc-enabled servers. Azure Update Manager, formerly known as Azure Automation Update Management, has been available since September 2023. Customers who started using the service from that date will not be subject to costs until February 1, 2024.

Starting February 1, 2024, customers using Azure Update Manager on Azure Arc-enabled servers will be billed daily, with a specific rate per server per day, equivalent to about $5 USD per server per month.

An Azure Arc-enabled server is considered managed by Azure Update Manager on days when it meets both of the following conditions:

it has a connection status with Arc at any time of the day; an update operation is performed on it (patch on demand or via scheduled job, evaluation on demand or via periodic assessment) or it is associated with a schedule.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs.This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Preview of the Azure Arc extension for Visual Studio Code

Microsoft has announced the public preview of the Azure Arc extension for Visual Studio Code. This extension allows developers to easily manage Azure Arc resources and services directly from Visual Studio Code. With this integration, developers can expect greater efficiency and simplified workflows, as they will have the ability to access and manage Azure Arc resources without leaving the Visual Studio Code development environment.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

introduction of agentless container posture for GCP in Defender for Containers and Defender CSPM;
public preview of agentless malware scanning for servers;
integration of Defender for Cloud with Microsoft Defender XDR;
DevOps security annotations for Pull Requests enabled by default for Azure DevOps connectors.

Protect

Azure Site Recovery

Support for Azure VMs with Premium SSD v2

Azure Site Recovery now supports Azure VMs equipped with Premium SSD v2. This feature is available as a private preview in selected Azure regions. Premium SSD v2 disks represent Azure’s most advanced block storage solution, ideal for high I/O intensity enterprise workloads, offering sub-millisecond latencies, high IOPS, and throughput. This addition responds to a frequent customer request to be able to use Azure Site Recovery with Azure VMs on Premium SSD v2. Thanks to this feature, customers can ensure greater data security and operational continuity of applications and workloads, even in case of planned or unplanned interruptions.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Evaluation

Azure Management services: what’s new in December 2023

This month, Microsoft introduced a series of significant updates to the Azure management services. Through this series of monthly articles, the aim is to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Configure

Azure Automation

Retirement of Azure Automation Services – August 31, 2024

Microsoft has announced that on August 31, 2024, two services in Azure Automation will be retired: the Update Management service and the Change Tracking and Inventory service, both using the Log Analytics agent.

Retirement of the Azure Automation Update Management service: This service, currently used for update management and system maintenance, will no longer be available after August 31, 2024. Users are encouraged to migrate to alternative solutions offered by Azure to maintain effectiveness in managing their system updates.
Retirement of the Change Tracking and Inventory service with Log Analytics Agent: Similarly, the Change Tracking and Inventory service, which utilizes the Log Analytics agent in Azure Automation, will end its operations on the same date. Customers are invited to explore and adopt other solutions provided by Azure to effectively manage change tracking and inventory management of IT resources.

Microsoft urges its users to take timely action to ensure a smooth transition to the new proposed solutions, thus ensuring continuity and efficiency in managing their IT infrastructures.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly looking for innovative ways to enhance Microsoft Cost Management, their solution designed to provide greater transparency on cloud costs, identify and prevent inefficient spending patterns, and optimize overall costs. During 2023, numerous improvements and significant updates have been implemented to this solution. These updates aim to make Microsoft Cost Management even more effective in providing its users with the information and tools necessary to manage cloud expenses more efficiently and consciously.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, and improvements are introduced on an ongoing basis. To stay up-to-date on the most recent developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

Defender for Servers at the resource level: it is now possible to manage Defender for Servers on specific resources within one’s subscription, allowing full control over the protection strategy. This capability allows for configuring specific resources with custom settings different from those configured at the subscription level.
Retirement of the classic multi-cloud connectors: the experience of the classic multi-cloud connectors has been retired, and data is no longer transmitted to connectors created through that mechanism. The new native multi-cloud connectors, available for AWS and GCP since March 2022 without additional costs, completely replace the value of these classic connectors.
Release of the coverage workbook: this tool allows monitoring which Defender for Cloud plans are active on which parts of the environment, helping to ensure complete protection of environments and subscriptions.
Vulnerability assessment for Container Images in Azure Government and Azure managed by 21Vianet: vulnerability assessment for Linux container images in Azure is now also available in Azure Government and Azure managed by 21Vianet.
Support for Windows in the Container Vulnerability Assessment (preview): support for Windows images has been released in public preview as part of the vulnerability assessment for Azure and Azure Kubernetes Services container registries.
Agentless container security posture for AWS in Defender for Containers and Defender CSPM (preview): the new agentless capabilities of container security posture are now available for AWS.
Support for PostgreSQL Flexible Server in the Defender plan for open-source relational databases: Microsoft has announced support for PostgreSQL Flexible Server in the Microsoft Defender plan for open-source relational databases.

Protect

Azure Backup

Crash Consistent Multi-Disk VM Restore Points

Microsoft recently announced the introduction of support for the ‘Crash Consistent’ multi-disk mode in virtual machine (VM) restore points. This feature provides an agentless solution that captures and preserves both the VM configuration and write- and timing-consistent snapshots for all managed disks connected to the VM. The captured state is equivalent to that of the data present in the VM in the event of a power outage or system crash. This innovation aims to significantly improve reliability and data management in Azure infrastructures.

Azure Site Recovery

New Update Rollup

Update Rollup 70 has been released for Azure Site Recovery. This update brings significant improvements in terms of functionality and service stability, consolidating Azure Site Recovery’s position as a reliable solution for disaster recovery. The related details and the procedure to follow for installation can be found in the specific KB.

Migrate

Azure Migrate

‘As on-premises’ in Azure Migrate SQL Discovery and Assessment (preview)

Azure Migrate has introduced the new ‘As on-premises’ sizing policy for SQL instance assessments. This feature allows for quick and accurate analysis of SQL instances identified by the Azure Migrate appliance. The ‘As on-premises’ policy is based on the source SQL instance configuration to provide appropriate sizing recommendations for the target Azure SQL service. Additionally, if performance data is available, an assessment can be carried out based on these performances to obtain customized SKU recommendations for the source workload on Azure. In cases where performance data is not available for some specific instances, the ‘As on-premises’ sizing is employed to ensure precise and reliable target sizing.

New releases and features of Azure Migrate

Azure Evaluation

Microsoft Copilot for Azure: how Artificial Intelligence is transforming Azure infrastructure design and management

In an era marked by relentless technological evolution, artificial intelligence (AI) is emerging as a revolutionary force in the cloud computing landscape. At the heart of this transformation is Microsoft, which has recently unveiled Microsoft Copilot for Azure. This innovative solution marks the beginning of a new era in the design, management, and optimization of Azure infrastructure and services. This article provides an overview of Microsoft Copilot for Azure, a true ally for businesses, designed to fully exploit the potential of the cloud through advanced features and AI-guided intuitiveness.

Premise: Copilot’s experience in Microsoft’s Cloud

Microsoft Copilot is a cutting-edge solution in the field of AI-based assistants. It stands out for the use of sophisticated language model algorithms (LLMs) and its perfect integration with Microsoft’s Cloud. This revolutionary tool aims to enhance productivity by facilitating access to critical data and ensuring high standards in security and privacy. Its core is an intuitive conversational interface that simplifies interaction with data and automation, making application creation simpler and more intuitive.

Copilot adapts to different needs: from basic usage that requires minimal effort and customization, to highly customized solutions that require substantial investment in development and data integration.

Figure 1 – Copilot’s Experience in Microsoft’s Cloud

The main ways to take advantage of Microsoft Copilot are:

Adopting Copilot: Microsoft offers various Copilot assistants to increase productivity and creativity. Integrated into various Microsoft products and platforms, Copilot transforms the digital workspace into a more interactive and efficient environment. Among these, Copilot for Azure stands out, which will be examined in detail in this article.
Extending Copilot: Developers have the opportunity to incorporate external data, simplifying user operations and reducing the need to change contexts. This not only improves productivity but also fosters greater collaboration. Through Copilot, it’s easy to integrate these data into common Microsoft products used daily. For example, both companies and ISVs have the ability to develop plugins to insert their own APIs and business data directly into Copilot. By adding these plugins, connectors, or extensions for messages, users can maximize the use of AI capabilities offered by Copilot.
Building your own Copilot: Beyond adoption and extension, it’s possible to create a customized Copilot for a unique conversational experience, using Azure OpenAI, Cognitive Search, Microsoft Copilot Studio, and other Microsoft Cloud technologies. A customized Copilot can integrate business data, access external data in real-time via APIs, and integrate into business applications.

Microsoft Copilot for Azure: the assistant revolutionizing the design, management, and optimization of Azure infrastructure and services via AI

Microsoft Copilot for Azure is an innovative AI-based tool designed to maximize the potential of Azure. Using LLMs (Large Language Models), Azure’s control plane, and detailed analysis of the Azure environment, Copilot makes work more effective and productive.

This assistant helps users navigate Azure’s numerous offerings, which include hundreds of services and thousands of resource types. It combines data and insights to increase productivity, minimize costs, and provide specific insights. Its ability to interpret natural language greatly simplifies managing Azure, responding to questions and providing personalized information about the user’s Azure environment.

Available directly through the Azure portal, Microsoft Copilot for Azure facilitates user interaction, responding to questions, generating queries, and performing tasks. Moreover, Copilot for Azure provides personalized, high-quality recommendations, respecting the organization’s policies and privacy.

The following paragraphs report the main features for which Microsoft Copilot for Azure can be used.

Performing tasks with improved efficiency

Copilot for Azure is designed to manage a wide range of basic operations that constitute the daily routine in managing Azure environments. These operations, essential for the maintenance and efficiency of architectures in Azure, can often be repetitive and time-consuming. However, with Copilot, it’s possible to manage these basic operations, saving valuable time and reducing the likelihood of human errors.

Interpreting and assessing the Azure environment:

Obtain information about resources through Azure Resource Graph queries.
Understand events and the health status of services.
Analyze, estimate, and optimize costs.

Working smarter with Azure services:

Deploy virtual machines effectively.
Build infrastructures and deploy workloads.
Obtain information about Azure Monitor metrics and logs.
Work more productively using Azure Stack HCI.
Secure and protect storage accounts.

Writing and optimizing code:

Generate Azure CLI scripts.
Discover performance recommendations.
Create API Management policies.
Generate YAML files for Kubernetes.
Resolve app issues more quickly with App Service.

Obtaining specific and detailed information and advice

Within the Azure portal, Copilot emerges as a useful tool for delving into a wide range of Azure concepts, services, or offerings. Its ability to provide answers is based on constantly updated documentation, ensuring users get up-to-date advice and valuable help in solving problems. This not only improves efficiency but also ensures that decisions are based on the most recent and relevant information.

Navigating the portal with greater ease

Navigating the Azure portal, often perceived as complex due to the vastness of services offered, is made simple and intuitive with Copilot’s assistance. Instead of manually searching among the numerous services, users can simply ask Copilot to guide them. Copilot not only responds by opening the requested service but also offers suggestions on service names and provides detailed explanations, making the navigation process smoother.

Simplified management of portal settings

Another notable aspect is Copilot’s ability to simplify the management of Azure portal settings. Users can now confirm or change settings directly through Copilot, without the need to access the control panel. For example, it’s possible to select and customize Azure themes directly through Copilot, making interaction with the portal not only more efficient but also more personalized.

Limitations as of December 2023

As of December 2023, Microsoft Copilot for Azure is in preview and has the following limitations:

Each user has a limit of ten questions per conversation and a maximum of five conversations per day.
Responses that include lists are limited to the first five items.
For some requests and queries, using the name of a resource may not be sufficient; it may be necessary to provide the Azure resource ID.
Available only in English.

Conclusions

Microsoft Copilot for Azure represents a revolutionary turn in cloud computing, leveraging artificial intelligence to significantly transform the management and optimization of Azure architectures. This tool elevates productivity and security, simplifying daily operations, providing detailed analysis, and assisting users in managing the Azure environment. Although we are still at the dawn of this technology, Copilot for Azure represents a significant advancement. This tool not only provides an intuitive and efficient user experience but also lays the groundwork for a future where artificial intelligence and cloud computing will be increasingly interconnected and synergistic.

Azure Management services: what’s new in November 2023

November has brought a series of significant updates in the Azure management services landscape. In this monthly recap, the most relevant innovations are highlighted, thus allowing for a specific deep dive into the new functionalities and optimizations introduced.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Azure Monitor System Center Operations Manager (SCOM) Managed Instance

Azure Monitor SCOM Managed Instance brings the capabilities of SCOM monitoring and configurable health models to Azure Monitor. As an integrated feature in Azure Monitor, SCOM Managed Instance provides a cloud-based alternative for SCOM customers, ensuring continuity of monitoring for both cloud and on-premises environments. SCOM Managed Instance is now available to everyone and since its preview, it has added multiple features, such as the integration of SCOM alerts with Azure Monitor alerts, the ability to send integrated alerts to IT service management tools, the capability to view service health from the Azure portal, and an improved onboarding experience.

Azure Monitor Agent integrated with Connection Monitor

Azure Monitor Agent, integrated with Connection Monitor, offers an effective solution for network connectivity monitoring. This integration simplifies the management of monitoring agents by consolidating multiple functions into a single agent. It enables the collection of network connectivity and performance data for both Azure and on-premises environments enabled with Azure Arc. New features include improved support for Azure Arc on-premises endpoints and simpler management of monitoring extensions. Additionally, there are plans to expand support for additional Azure resources and enhance performance metrics.

Azure Monitor Log Storage up to 12 Years

More than a year ago, Azure Monitor Logs launched a log storage solution that allows logs to be retained for up to seven years at a reduced cost. This feature has been valuable for many customers with regulations requiring long-term data retention. Since the introduction of this storage capability, there has been a steady increase in the number of customers utilizing log storage and in the duration of data retention. There has also been demand from many customers for longer storage periods beyond the supported seven years. Examples include tax authorities and healthcare regulations in some countries, which require data retention for 10-12 years. After extensive technical discussions and evaluations, Microsoft has extended the supported retention period, and Azure Monitor Logs now supports up to 12 years of data retention.

Adding dynamic values in custom alert fields

Microsoft recently introduced a new feature for Azure Monitor alerts, which now allows the addition of dynamic values in custom fields. This feature is particularly useful for customizing alarm notifications, allowing users to include values dynamically extracted from the alert payload or a combination of both. This update significantly improves the flexibility and effectiveness of alarm notifications, allowing for more customization in actions triggered by action groups, such as webhook actions, Azure function, or logic app. This new capability enhances the precision and relevance of alarm notifications, improving the management and monitoring of infrastructure and applications on Azure.

OpenTelemetry deployment for ASP.NET Core Applications

Microsoft announced the general availability of Azure Monitor’s OpenTelemetry deployment for ASP.NET Core applications. Part of the Azure Monitor ecosystem, this offering is designed for native cloud application monitoring, enabling customers to observe failures, bottlenecks, and usage patterns to more quickly resolve incidents and reduce downtime. The OpenTelemetry deployment of Azure Monitor includes a thin wrapper for easy implementation with a single line of code, along with specific Azure features for an optimized experience on the platform. This deployment is open and extensible, allowing data to be sent to multiple destinations and extended with a rich set of OpenTelemetry instrumentation libraries that collect data from a wide range of frameworks and environments.

Latency Metrics for Azure Disks and Performance Metrics for Temporary Disks on Azure Virtual Machines (preview)

Microsoft recently announced the introduction of the capability to monitor latency across OS, data, and temporary disks using the SCSI protocol, with support for the NVMe protocol coming soon. This improvement is particularly important for high-performance applications such as SAP Hana and OLTP databases, where latency plays a crucial role in read and write operations. It is now possible to track latency operations on OS, data, and temporary disks using Azure Monitor metrics. Additionally, temporary disks, which are by nature non-persistent and typically found in Virtual Machine (VM) families marked with a ‘d’ in their name, are now accessible for performance monitoring on Azure Monitor. It is now easy to monitor queue depth, IOPS, and throughput for these temporary disks, even though their storage does not persist beyond the lifecycle of the associated VM.

Azure Monitor Agent and JSON Log Collection (preview)

Azure Monitor Agent (AMA) now supports the collection of logs in JSON format for ingestion into Log Analytics. This new feature is designed to enable customers to collect their JSON-formatted logs generated in their services or applications and insert them into a Log Analytics workspace table for analysis. The AMA agent is required to use custom JSON logs.

Integration of Azure Monitor alerts with Event Grid for Azure Key Vault System Events (preview)

Microsoft recently announced a new feature in public preview: the integration of Azure Monitor Alerts with Event Grid for Azure Key Vault system events. This integration represents a significant step in the evolution of event and alert management services in Azure. Azure Monitor alerts are essential for detecting and addressing issues before users become aware, proactively notifying when Azure Monitor data indicates there might be a problem with the infrastructure or application. The integration with Event Grid enables efficient communication of events that indicate changes in the system state. This approach is common in decoupled architectures, such as those using microservices. With Azure Monitor alerts as a destination in Event Grid event subscriptions, it is possible to receive critical event notifications through action groups such as SMS, email, push notifications, and more. This feature, currently available only for Azure Key Vault system events, combines Event Grid’s low-latency event delivery with the flexibility and direct-to-customer notifications of Azure Monitor alerts.

Configure

Azure Automation

Azure Automation now supports PowerShell 7.2

Azure Automation has announced the general availability of PowerShell 7.2 runbooks. Users can now create runbooks in the long-term supported version of PowerShell, using the Azure Automation extension for Visual Studio Code, enhanced by GitHub Copilot, and run them on a secure and reliable platform.

Govern

Azure Advisor

Enhancing the reliability of Azure Disks with the introduction of Zone Redundant Storage

Microsoft has announced the general availability of a new Azure Advisor recommendation that enhances the reliability of Azure disks through the use of Zone Redundant Storage (ZRS). Disks with ZRS offer synchronous data replication across three Availability Zones within a region, significantly increasing resilience. By adopting this recommendation, users can now design their solutions using ZRS disks, ensuring that their disks can withstand a zonal outage. This update brings a notable improvement in the resilience of solutions, preventing downtime and interruptions.

Azure Cost Management

Exporting costs via the FOCUS Schema (preview)

The FinOps Open Cost and Usage Specification (FOCUS) is an innovative initiative aimed at establishing a common, provider- and service-agnostic format for billing data. This format allows organizations to better understand cost and usage patterns and optimize spending and performance across multiple cloud offerings, software as a service (SaaS), and even on-premises solutions. Microsoft Cost Management is introducing support for exporting cost and usage data aligned with the FOCUS schema as part of a limited preview ahead of the upcoming major release of FOCUS.

Updates related to Microsoft Cost Management

Microsoft is continually seeking new methods to enhance Microsoft Cost Management, the solution for providing greater visibility into where costs are accumulating in the cloud, identifying and preventing incorrect spending patterns, and optimizing costs. This article details some of the latest improvements and updates regarding this solution.

Azure Arc

VMware vSphere rnabled by Azure Arc

VMware vSphere enabled by Azure Arc helps users simplify the management of their hybrid IT environment spread across VMware vSphere and Azure. Customers can begin by connecting Azure Arc to resources in VMware vSphere deployments, thus facilitating the large-scale installation of agents and enabling Azure’s management, monitoring, and security solutions on on-premises systems.

Self-Service capabilities of System Center Virtual Machine Manager (SCVMM) in Azure with Azure Arc

The self-service capabilities of System Center Virtual Machine Manager (SCVMM) are now generally available in Azure through Azure Arc. Once connected with Azure Arc, customers can manage and control their SCVMM environments on Azure and perform self-service operations on virtual machines (VMs) directly from the Azure portal. This provides customers with a consistent management experience across Azure for both cloud and hybrid environments.

New features for SQL Server enabled by Azure Arc

The enhancements to SQL Server enabled by Azure Arc provide additional management capabilities for SQL Server systems operating outside of Azure:

Monitoring for SQL Server Enabled by Azure Arc (preview). The monitoring for SQL Server enabled by Azure Arc, now in preview, will allow customers to gain visibility across their entire SQL Server infrastructure, both in on-premises data centers and in the cloud. This enhances the performance of databases and allows for quicker diagnosis of issues.
Improved High Availability and Disaster Recovery (HA/DR) Management for SQL Server Enabled by Azure Arc (Preview). With Azure Arc, customers can now improve operational continuity and the availability of SQL Server by viewing and managing Always On availability groups, failover cluster instances, and backups directly from the Azure portal.
Extended Security Updates for SQL Server Enabled by Azure Arc. These updates, which provide critical security updates for up to three years after the end of extended support, are now available as a service through Azure Arc.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updatesthis page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

DevOps Security Insights for GitHub, Azure DevOps, and GitLab. Users will gain deep visibility into the security posture of their applications on GitHub, Azure DevOps, and GitLab within Defender for Cloud. In addition to advanced security for GitHub and Azure DevOps, with the preview of GitLab Ultimate integration, Defender for Cloud now supports the three main development platforms.
Integration with Microsoft Entra Permissions Management. Users will get a centralized view of the Permissions Creep Index, implement access controls based on the principle of least privilege for cloud resources, and proactively analyze attack paths by linking access permissions to other potential vulnerabilities on Azure, Amazon Web Services (AWS), and Google Cloud.
Enhanced Container Security in Multicloud Environments. Users will be able to anticipate risks in containerized applications and prioritize misconfigurations and exposures in their Kubernetes deployments with the expansion of contextual graph-based capabilities of the Defender Cloud Security Posture Management (CSPM) to Amazon Elastic Kubernetes Service (Amazon EKS) and Google Kubernetes Engine (NGO) clusters.
Proactive Attack Path Analysis and Faster Risk Mitigation. Users can efficiently remediate critical risks with a risk-based attack path analysis engine to identify and prioritize the resolution of more complex risks, such as cross-cloud attack paths.
Improved Security Posture for APIs. With the general availability of the Defender for APIs plan in Defender for Cloud, administrators will be able to gain visibility into critical business APIs, prioritize the remediation of vulnerabilities, and rapidly detect active real-time threats for APIs published in Azure API Management. New preview capabilities aimed at sensitive data classification supported by Microsoft Purview and curated attack paths will further assist security administrators in protecting data from API risks.
Microsoft Security Copilot. Users will be able to gain efficiency in discovering and resolving risks with the power of AI-generated guidance.

Protect

Azure Backup

Azure Backup for AKS

Microsoft has announced the general availability of Azure Backup for Azure Kubernetes Service (AKS). This native Azure solution provides simple and secure protection for containerized applications deployed on AKS, enabling customers to protect their mission-critical workloads.

Customer-Managed Key Encryption for Backup Vaults (Preview)

Microsoft Azure has introduced the capability to use customer-managed encryption keys (CMKs) for backing up data security. This feature, supported for Recovery Services Vaults, has been extended to Backup Vaults. It is now possible to use CMKs when creating a new backup vault or updating the encryption settings of an existing vault to use CMKs.

Migrate

New releases and features of Azure Migrate

Azure Evaluation

Azure Management services: what’s new in October 2023

This month, Microsoft has introduced a series of significant updates to the Azure management services. Through this series of monthly articles, I aim to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, giving you the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

VM insights: migration to Azure Monitor agent by August 31, 2024

On August 31, 2024, VM insights based on the Log Analytics agent will be retired. It is recommended to migrate to the Azure Monitor agent for VM insights, which offers several improvements, including:

Enhanced security and performance.
Data collection rules to help reduce costs.
A simplified management experience, facilitating troubleshooting.

Integrated Azure Monitor alerts for Azure Site Recovery (preview)

Microsoft recently announced the preview availability of integrated Azure Monitor alerts for Azure Site Recovery. This new feature allows Azure users to more effectively monitor the status and performance of their disaster recovery environments. The integrated alerts enable rapid detection of potential issues, ensuring more efficient and proactive management of resources in emergency recovery situations. With this integration, users can configure custom alerts based on specific performance and status parameters, improving resilience and operational readiness for their systems. This feature is particularly useful for organizations requiring high standards of operational continuity and data integrity.

Govern

Azure Policy

Protection of critical infrastructures from large-scale accidental deletions with Policies

Microsoft has introduced “DenyAction” in Azure Policy. This new feature allows blocking requests based on actions taken on the resource, rather than just its configuration or properties. In practice, with Deny Action, it is possible to protect infrastructures by preventing unwanted deletion calls. While in the past Azure Policy only offered the “deny” function, which blocked requests based on specific resource configurations, now with the addition of Deny Action, the blocking capability has been extended to actions included in the request.

Azure Cost Management

Updates related to Microsoft Cost Management

Azure Arc

Azure Arc-enabled SCVMM (preview)

With the recent introduction of “Azure Arc-enabled System Center Virtual Machine Manager (SCVMM)”, it is now possible to manage SCVMM VMs more efficiently directly from Azure. This innovative solution facilitates the discovery, integration, and management of VMs. Microsoft is expanding the capabilities for SCVMM enabled in Azure Arc. Thanks to this update, Azure Arc-enabled SCVMM VMs receive full support for Azure management services. This includes protection offered by Microsoft Defender for Cloud, monitoring via Azure Monitor, and updates provided by Azure Update Manager. These new features offer customers a simpler and more effective management experience of their System Center-managed assets, all through Azure.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

Public preview availability of recommendations for managing DevOps security posture;
Release of the CIS Azure Foundations Benchmark v2.0.0 in the Regulatory Compliance dashboard.

Protect

Azure Backup

Backup Vaults with MUA (Multi-User Authorization)

Azure Backup has announced the availability of backup vaults with MUA (Multi-User Authorization). These vaults offer an integrated backup solution that protects business data through a series of advanced access features. With this release, the backup administrator, who is usually the owner of the Backup vault, needs to obtain the collaborator role on the protected resource to perform certain operations. This requires an action by the owner of the protection resource to approve and grant the requested access. Additionally, it is possible to use Azure Active Directory Privileged Identity Management to manage just-in-time access on the protected resource.

Enhanced Soft Delete

Azure has announced the availability of the “Enhanced Soft Delete” feature for Azure Backup. This feature offers additional protection against data loss, ensuring that backup data remains available for recovery, even if the backup source is deleted. The Enhanced Soft Delete feature protects against accidental deletions and malicious activities. This adds an extra layer of security and resilience to backup data.

Regional Disaster Recovery for Azure Backup for AKS (preview)

Azure Backup for AKS allows customers to protect their containerized workloads along with application data deployed on AKS clusters. The solution enables scheduled backups of AKS clusters and their restoration in various scenarios. Customers also want to use their AKS backups to recover applications in the event of a regional disaster, following industry best practices for the 3-2-1 backup strategy. With this in mind, the Azure Backup service is announcing the private preview of the regional disaster recovery capability of AKS Backup. Using this feature, it is possible to recover the AKS cluster from backups in a secondary region, such as an Azure paired region, in the event of a regional disaster.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Evaluation

Azure Management services: what's new in September 2023

In September there were several news that Microsoft announced regarding Azure management services. This article lists the main announcements, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor VM Insights now available with Azure Monitor Agent

Azure has announced the availability of “Azure Monitor VM Insights” through the use of the Azure Monitor Agent. This service offers a quick and easy way to monitor customer workloads on Azure virtual machines and scale sets, as well as on Azure Arc-enabled servers operating in an on-premises and/or multi-cloud environment.

The new version of the agent offers various benefits, including cost savings, simplified management and improved security and performance. If you were previously using VM Insights using Log Analytics Agent (now deprecated), Microsoft suggests consulting theirs migration guide to switch to the Azure Monitor Agent.

Historical view for Azure Monitor alerts (preview)

Monitoring resources and alerts in Azure is now easier and more intuitive with the new historical preview view of Azure Monitor. This view offers a clear overview of triggered alerts, allowing users to quickly identify problems

OpenTelemetry-based distribution via Node.js from Python

Azure Monitor now offers OpenTelemetry-based distribution for Node.js and Python, allowing developers to easily integrate with Azure Monitor and collect telemetry data. This new feature ensures that developers can effectively monitor their applications, obtaining performance information, on errors and other key metrics.

Configure

Update management

Azure Update Manager: updated and enhanced update management

Azure Update Manager offers a SaaS solution to manage and govern software updates on Windows and Linux machines in Azure environments, on-premises e multi cloud. This is an evolution of the Azure Automation update management solution with new features. Azure Update Manager has been redesigned to provide new capabilities without relying on the Log Analytics agent or Azure Monitor agent. It relies on the Microsoft Azure VM agent to manage update flows on Azure VMs and on the Azure Connected Machine agent to manage Azure Arc-enabled servers.

Govern

Azure Cost Management

Export Cost Management data to firewall-protected storage accounts

You can now export Cost Management data to firewall-protected Azure storage accounts. Users can use the Exports API or the Azure portal to create recurring tasks to automatically export cost data to CSV format. This can be scheduled on a daily basis, weekly or monthly, and the exported data can be used for creating dashboards or integrating with financial systems.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Malware scanning in Defender for Storage

Defender for Storage introduces malware scanning functionality, overcoming traditional malware protection challenges and providing an ideal solution for highly regulated industries. This function, available as an add-on, represents a significant enhancement of Microsoft Defender for Storage security solutions. With malware scanning you get the following benefits.

Protection, in near real time, without agent: ability to intercept advanced malware such as polymorphic and metamorphic ones.
Cost Optimization: thanks to flexible pricing, you can control costs based on the amount of data examined and with resource-level granularity.
Enablement at scale: without the need for maintenance, supports automated responses at scale and offers several options for activation via tools and platforms such as Azure policy, Bicep, ARM, Terraform, REST API and the Azure portal.
Application versatility: based on feedback from beta users over the last two years, Malware scanning has proven useful in a variety of scenarios, as web applications, content protection, compliance, integrations with third parties, collaborative platforms, data streams and datasets for machine learning (ML).

GitHub Advanced Security per Azure DevOps

It is now possible to view GitHub Advanced Security for Azure DevOps alerts (GHAzDO) related to CodeQL, secrets and dependencies, directly in Defender for Cloud. The results will appear in the DevOps section and Recommendations. To see these results, you need to integrate your GHAzDO-enabled repositories into Defender for Cloud.

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. To find out about the main innovations that characterized Defender for Cloud in the summer 2023, outlining how these innovations can represent added value for companies, you can consult this article.

Protect

Azure Backup

Cross Region Restore (CRR) for Recovery Services Agent (MARS)

Following the General Availability of Cross Region Recovery for VM backups, SQL and SAP HANA and to strengthen the resilience pillar, Microsoft has announced Cross Region Recovery support for the Recovery Services Agent (MARS) using Azure Backup.

Azure customers leverage Recovery Services Agent to back up their files/folders and system state to an Azure Recovery Services Vault. Backup data in the primary region can also be geo-replicated to a secondary region paired with Azure to ensure durability. Previously, data replicated in the secondary region was available for recovery in the secondary region only if Azure declared a disaster in the primary region. With the introduction of this new support, Customers can enable recovery of Recovery Services Agent backups in the secondary region at any time.

This capability can be leveraged in the following scenarios:

when the primary region is available to test restores from backup data in the secondary region for audit/compliance purposes;
when the primary region is not available, customers can trigger recovery of data backed up in the secondary region even if the primary Azure region is partially unavailable or completely unavailable without any waiting time.

Saving the Azure Backup Recovery Services Agent passphrase (MARS) in Azure Key Vault (preview)

Data security is a priority for Microsoft, and with the new preview feature that allows you to save the Recovery Services Agent encryption passphrase directly in Azure Key Vault, users can now enjoy an even greater level of security. This integration makes the Recovery Services Agent installation smoother and more secure, eliminating the need for custom scripts.

Azure Files Backup in China regions

Azure Files Backup is now generally available in China regions. This feature allows users to back up their files to Azure securely and reliably.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.