Category Archives: Azure Management

Azure Management services: what's new in May 2023

To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements, summarized, accompanied by the necessary references to be able to carry out further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor for SAP solutions

Azure Monitor for SAP Solutions is now available. It is a solution for customers running SAP applications in a Microsoft Azure environment and allows end-to-end monitoring. With Azure Monitor for SAP, customers can centrally collect end-to-end telemetry data from SAP NetWeaver, database, Linux Pacemaker clusters in high availability and Linux operating systems. The solution Azure Monitor for SAP can be configured with no infrastructure to implement and maintain for customers. Some new features of Azure Monitor for SAP include SAP Landscape Monitor, which provides a single destination to understand the health of the entire SAP landscape, and SAP Insights (preview), which allows you to easily identify the root cause of SAP application availability or performance issues. Furthermore, Azure Monitor for SAP Solutions offers Transport Layer Security and new CPU performance alert templates, memory and disk I/O, plus many other features. With the release of this release, the version of Azure Monitor for SAP solutions (Classic) will be collected by 31 may.

Availability of the Azure Monitor managed service for Prometheus

Prometheus, the open-source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running Prometheus in self-managed mode is often a great solution for smaller implementations, but scaling it to handle enterprise workloads can be a challenge.

Azure Monitor's fully managed service for Prometheus offers the best of what we like about the open-source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. It is available as a standalone feature of Azure Monitor or as an integrated component of Container Insights, Azure Monitor Alerts and Azure Managed Grafana.

Azure Monitor Managed Service for Prometheus for Kubernetes enabled for Azure Arc (preview)

The Azure Monitor managed service for Prometheus extends support for monitoring Kubernetes clusters managed by Azure Arc. The Azure Arc-enabled Azure Monitor for Prometheus on Kubernetes managed service allows customers to monitor their Kubernetes clusters running anywhere and maintains the same functionality as monitoring Azure Kubernetes Service (AKS).

Azure Monitor Agent: support for CIS and SELinux hardening

The AMA has introduced support for hardening standards for CIS and SELinux. For SELinux, AMA works by activating a signed built-in policy. Through CIS, AMA supports select distros, also available on the Azure Marketplace.

Alert support for Azure Data Explorer (preview)

Azure Monitor alerts let you monitor Azure and application telemetry to quickly identify issues affecting various services. More specifically, Azure Monitor log alert rules allow you to set up periodic log telemetry queries to identify potential problems and receive notifications or trigger actions.

Until now, these alert rules supported querying Log Analytics and Application Insights data. Now Microsoft is introducing support for querying Azure Data Explorer tables as well (ADX) and to merge data between these data sources into a single query.

Cost optimization with transformations on Log Analytics for troubleshooting of Cosmos DB

Azure Cosmos DB now supports transformations on Log Analytics workspaces. To help reduce costs when you enable Log Analytics to troubleshoot Cosmos DB resources, transformations have been introduced. These transformations in the Log Analytics workspace allow you to filter columns, reduce the number of results returned and create new columns before the data is sent to the destination.

Configure

Azure Automation

Support for Python runbooks 3.8

Azure Automation has introduced support for Python runbooks 3.8. This feature allows you to create and run Python runbooks 3.8 for orchestrating the management tasks of hybrid and multi-cloud environments.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Alert to optimize reservation purchases

Azure Reservations can provide cost savings by committing to annual or three-year plans. However, sometimes reservations can remain unused or underused, resulting in financial losses. As a user of a billing account or a reservation, it is possible to examine the percentage of use of the reservations purchased in the Azure portal, but important changes may be missed. Enabling alerts on the use of reservations, solves the problem by receiving email notifications whenever any of the reservations have low usage. This allows for timely intervention and optimization of reservation purchases to achieve maximum cost efficiency.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • new alerts in Defender for the Key Vault;
  • support encrypted disks in AWS for agentless scanning;
  • inclusion of new AWS Regions;
  • changes to identity recommendations;
  • new recommendations of Defender for DevOps to include Azure DevOps scan results;
  • release of the Vulnerability Assessment of containers based on Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM.

Protect

Azure Backup

Azure Backup Server V4

The V4 version of Microsoft Azure Backup Server (MABS) has been released and introduces the following improvements:

  • Workload support: Azure Backup Server V4 supports installation on Windows Server 2022 using SQL Server 2022 come database MABS. Furthermore, adds support for backup of virtual machines running on Azure Stack HCI 22H2 and VMware 8.0, as well as Windows Server backup 2022 and SQL Server 2022.
  • Performance: Azure Backup Server V4 adds the ability to select and restore individual files/folders from online recovery points for Hyper-V and Azure Stack HCI virtual machines running Windows Server, without having to download the entire restore point. MABS V4 also adds support for parallel restores and features more parallel online backup jobs.
  • Security: with Azure Backup Server V4 you can use private endpoints to send backups to the Recovery Services vault.

Azure Backup Reports: support for more workloads

Azure Backup Reports now includes support for other workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks. Thanks to this update it is now possible to enable the logging of metadata related to the backup (such as job, backup item, policy, usage) for these workloads and retain these records for a customizable period of time depending on compliance and audit requirements. This way you can take advantage of the reporting views, already provided natively by the Backup Reports solution, to view information about protected items corresponding to these workloads.

Soft deletion of recovery points for Azure Backup (preview)

Azure Backup's soft delete feature now supports soft deletion of recovery points. This feature allows you to recover data from recovery points that may have been deleted as a result of backup policy changes. Soft deleting recovery points allows you to keep these recovery points for an additional duration, based on the retention specified for soft delete in the vault settings.

Support for confidential virtual machines using Customer Managed Keys (private preview)

Azure Backup is introducing support for backup of operating system disk encrypted confidential VMs, done using customer managed keys.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 67 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concerns the discovery and assessment of SQL Server.

Azure Database Migration

Database Migration Service Pack for Oracle (preview)

The Database Migration Service Pack for Oracle is a collection of four extensions that provide a complete solution to modernize Oracle workloads and migrate them to databases in the Azure environment. This extension pack offers several benefits, including in-depth end-to-end assessments, correct sizing of Azure resources, code conversion, remediation planning and near real-time data migration in Azure environment (see next paragraph).

Data Migration for Oracle (preview)

The Data Migration for Oracle extension is a powerful tool that allows you to easily migrate Oracle databases to the Azure platform. This solution offers a seamless migration experience, from the source Oracle database to the target platform (SQL), using Azure Database Migration Service. The extension offers both offline and online data migration for critical databases, ensuring minimal downtime for the migration process.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in April 2023

Microsoft is constantly announcing news regarding Azure management services. This summary, published monthly, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor for Prometheus has updated the AKS add-on to support Windows nodes

Azure Monitor for Prometheus managed service has updated the AKS metrics add-on to support collection of Prometheus metrics from Windows nodes in AKS clusters. Azure Monitor Metrics add-on integration allows Windows pod DaemonSets to start running on node pools. Are supported both Windows Server 2019 also Windows Server 2022.

Azure Monitor Metrics Dataplane API released

The Azure Metrics Dataplane API is a new approach to Azure Monitor that improves the collection of resource information enabling greater query capacity and efficiency. With this API it is possible to retrieve data on metrics, for a maximum of 50 ID of resources in the same subscription and region, in one batch API call. This improves query throughput, reduces the risk of throttling and provides a smoother experience for customers who want to gather information about Azure resources.

Configure

Update management center

Hotpatch availability for Windows Server VMs in Azure with Desktop Experience
Hotpatch is now available for preview images of Windows Server Azure Edition virtual machines with the Desktop Experience installation mode.

Hotpatch is a feature that allows you to patch and install updates to Windows Server Azure Edition virtual machines in an Azure environment, without requiring a restart. It was previously available for Server Core installation mode, but now also Windows Server Azure Edition virtual machines installed with Desktop Experience installation mode can take advantage of this security update installation mode, by providing:

  • less impact on workloads by having to do fewer reboots;
  • faster deployment of updates, as the packages are smaller, they install faster and patch orchestration is easier with Azure Update Manager;
  • better protection, because hotpatch update packages are dedicated to Windows security updates that install faster without reboots.

Govern

Azure Cost Management

Azure Advisor: advice for the right sizing of VM/VMSS with a custom reference time

Customers using Azure Advisor can improve the relevance of recommendations to make them more actionable, resulting in additional cost savings. In fact,, right sizing recommendations help optimize costs, identifying idle or underutilized virtual machines based on their CPU activity, storage and network over the default seven-day reporting period. Now, thanks to the latest update, customers can set the reporting period to get recommendations based on 14, 21, 30, 60 or even 90 days of use. The configuration can be applied at the subscription level. This feature is especially useful when workloads peak biweekly or monthly.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Integration between Azure API Management and Microsoft Defender for API (preview)

It is now possible to obtain a higher level of API security thanks to the integration between Azure API Management and Microsoft Defender for APIs. This integration enables a comprehensive defense strategy for:

  • gain visibility into Azure APIs;
  • understand their security posture;
  • prioritize vulnerability fixes;
  • detect and respond to active threats in runtime, using anomalous and suspicious API usage detections based on machine learning.

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.

Protect

Azure Backup

Support for Azure VMs using Premium SSD v2 (preview)

In Azure Backup it is now possible to enable the protection of Azure virtual machines that use Premium SSD v2. Enabling these backups is currently available in select regions, and Microsoft plans to add support in more regions in the coming weeks..

Azure Site Recovery

Large disk support for disaster recovery of Hyper-V virtual machines

In Azure Site Recovery it is now possible to enable disaster recovery of Hyper-V virtual machines with data disks up to 32 TB. This applies to Hyper-V VMs replicating to managed disks in any Azure region.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • possibility to create a business case by importing the list of servers through a .csv file;
  • building a business case using Azure Migrate for:
    • servers and workloads running in Microsoft Hyper-V and physical/bare-metal environments, as well as IaaS services from other public clouds;
    • SQL Server Always On Failover Cluster instances and Always On availability groups.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in March 2023

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, published on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Ingestion client libraries

Microsoft announces the initial release of the Azure Monitor Ingestion client libraries for .NET, Java, JavaScript e Python. Libraries allow you to:

  • Upload custom logs to a Log Analytics workspace.
  • Modernize security standards by requiring Azure Active Directory token-based authentication.
  • Complete Azure Monitor Query libraries, used to query logs in a Log Analytics workspace.

Collecting Syslog from AKS nodes using Azure Monitor Container Insights (preview)

Customers can now use Azure Monitor Container Insights to collect Syslog from their Azure Kubernetes Service cluster nodes (AKS). In combination with SIEM systems (Microsoft Sentinel) and monitor tools (Azure Monitor), syslog collection tracks security and health events of IaaS and containerized workloads.

The Azure Monitor for Prometheus managed service now supports querying PromQL

Thanks to Azure Workbooks support for Azure Monitor Prometheus managed service, users are provided with the ability to use Prometheus workbooks to run PromQL queries in the portal. Furthermore, users have the benefit of creating custom reports for Prometheus workbooks.

Azure Monitor supports Availability Zones in new regions

Azure Monitor continues to expand its availability zone support by adding three regions: Canada Central, France Central and Japan East.

Azure Monitor alerts support cloning

When viewing the details of an alert rule in the Azure portal, a new option is now available “duplicate”, which allows you to duplicate the alert rule. When selecting this option for an existing alert rule, the rule creation wizard starts, pre-populated with the original alert rule configuration, while allowing you to make changes.

Configure

Azure Automation

Announced the retirement of the agent-based Hybrid Worker (Windows and Linux) for the 31 August 2024

Azure Automation is deprecating the agent-based Hybrid Runbook Worker (Windows and Linux) and this will definitely happen on 31 August 2024. You must migrate to extension-based Hybrid Workers by that date (Windows and Linux).

The main advantages of the extension-based Hybrid Runbook Worker are:

  • uses system-assigned managed identities, so you don't need to manage certificates for authentication;
  • offers automatic updating of minor versions;
  • simplify hybrid worker management at scale with native integration with Azure Resource Manager and governance with Azure Policy.

Migrating authentication from Run As account to Managed Identity in ASR

It is now possible to migrate the authentication type of accounts, moving to managed identities, using Azure Site Recovery from the Azure portal. Authentication of runbooks via Run As accounts will be deprecated on 30 September 2023. Before that date, runbooks need to be migrated to enable the use of Managed Identities.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article the latest improvements and updates concerning this solution are reported.

Azure Arc

Improved Azure Arc integration with Datadog

Microsoft is improving the ability to observe and manage IT infrastructure thanks to the integration of Microsoft Azure Arc with Datadog. Based on the consolidated collaboration, Microsoft is integrating Datadog with Azure Arc natively, to meet Datadog customers, providing rich insights from Azure Arc-enabled resources directly into Datadog dashboards. Customers can monitor real-time data during cloud migrations and performance of applications running in both public cloud and hybrid or multicloud environments.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • availability of a new Defender for Storage plan, which includes near real-time scanning for malware and detection of threats to sensitive data;
  • data-aware security posture (preview);
  • new experience for managing Azure default security policies;
  • Defender per CSPM (Cloud Security Posture Management) is now available (GA);
  • ability to create custom security standards and recommendations in Microsoft Defender for Cloud;
  • Microsoft Cloud Security Benchmark (MCSB) version 1.0 is now available (GA);
  • some regulatory compliance standards are now available in government clouds;
  • new preview recommendation for Azure SQL Servers;
  • new notice in Defender for Key Vault.

Protect

Azure Backup

Immutable vaults for Azure Backup

Immutable vaults are now also available for production environments and offer greater security for backups, ensuring that recovery points created once cannot be deleted before they expire. Azure Backup prevents any operation on immutable vaults which could lead to backup data loss. Furthermore, you can lock immutable vault ownership to make it irreversible. This helps protect your backups from threats such as ransomware attacks and malicious actors, preventing operations such as deleting backups or reducing retention in backup policies.

Backup per Azure Kubernetes Service (preview)

Organizations using Azure Kubernetes Services (AKS) increasingly run stateful applications on their clusters, deploying workloads such as Apache Kafka-based messaging queues and databases such as Postgres and MongoDB. With data storage within the cluster, backup and recovery become a major concern of IT managers. Make sure Kubernetes backup capabilities are scalable, flexible and purpose-built for Kubernetes is central to an overall data protection plan. Azure Backup introduced now Backup for AKS. This solution simplifies the backup and recovery of containerized applications and data and allows customers to configure a scheduled backup for both cluster state and application data. Backup for AKS is aligned with the Container Storage Interface (CSI) to offer Kubernetes-aware backup capabilities. The solution allows customers to unlock different scenarios, such as data backup for application security and regulatory requirements, cloning of development/test environments and rollback management.

Azure Backup allows you to keep backups in vaults for Azure Blob and for Azure File (preview)

Azure Backup now supports transferring Azure Blob and Azure File backups to vaults. A vault is a logical entity that stores backups and recovery points created over time. In this regard, you can define a backup schedule for creating recovery points and specify retention settings that determine how long backups will be stored in the vault. Backups in the vault are isolated from the source data and allow you to tap into the data even if the source data has been compromised, performing resets.

Listed below are some of the main features that can be achieved by placing backups in vaults:

  • Offsite copy of data: allows you to restore mission-critical data from backups, regardless of the state of the source data.
  • Long-term retention of backup data, which helps you meet compliance requirements, particularly in the financial and healthcare sectors, with strict guidelines on the data retention period.
  • Recovery in alternate location: allows you to restore data to an alternate account if the source storage account is compromised or create different copies of your data for testing or development purposes.
  • Centralized management through the backup center: backups in vaults can be monitored and analyzed at scale alongside other protected workloads using Azure Backup.
  • Safe backups. The built-in security features of Azure Backup, such as multi-user authorization (MUA) for critical backup operations, data encryption and role-based access control (RBAC), help protect the backups in the vault and meet your backup security needs.

Azure Site Recovery

Improved the ability to rename network interfaces and disks of protected virtual machines

ASR introduces a new, easier way to name and rename network interfaces (NIC) and the virtual machine disks in the recovery service vaults.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, This month, the biggest news is support for web app discovery and assessment for Azure app service for Hyper-V and physical servers.

Azure Database Migration

Offline Azure SQL Database migrations with the Azure SQL Migration extension

Offline migrations of SQL Server databases running on-premises, on Azure virtual machines or any virtual machine running in the cloud (private, public) to Azure SQL Database it is possible to do it through the Azure SQL Migration extension. The new migration feature of the Azure SQL Migration extension for Azure Data Studio provides an end-to-end experience to modernize SQL Server on Azure SQL Database. The extension allows you to prepare for the migration with actions to remediate any blockages and allows you to obtain recommendations to adequately size the Azure SQL Database targets, including hardware configuration in the Hyperscale service tier.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in February 2023

During the month of February some news regarding the Azure management services were announced. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Improved experience for creating and managing private endpoints for Recovery Services vaults

Azure Backup allows you to use private endpoints to perform backups and restores securely, using private IPs of virtual networks. Azure Backup recently introduced several enhancements that provide an easier experience for creating and using private endpoints for Recovery Service vaults. The main improvements made as part of this update are as follows:

  • Ability to create private endpoints without managed identities
  • Use fewer private IPs per vault
  • You no longer need to create separate private endpoints for blob and queue services

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 66 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concerns the discovery and assessment support for SQL Server Always On failover cluster instances and Always On availability groups.

Azure Database Migration

Database migrations with login and TDE

The new feature of the Azure SQL Migration extension makes the post database migration experience smoother. In fact,, you can have instance-level object migration support, such as SQL and Windows logins, the permissions, server roles and updated user mapping of previously migrated databases.

Furthermore, you can now perform TDE-enabled database migrations with a wizard that automates the backup process, copying and reconfiguring database encryption keys for Azure SQL Managed Instance targets.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in January 2023

The new year started with several announcements from Microsoft regarding news related to Azure management services. The monthly release of this summary allows you to have an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Certificate the IT Service Management Connector (ITSMC) with ServiceNow Tokyo version (preview)

The IT Service Management Connector (ITSMC) is certified on the Tokyo version of ServiceNow. This connector provides a two-way connection between Azure Monitor and ServiceNow, useful to help you track and fix problems faster.

Govern

Azure Cost Management

Management of billing accounts for EA customers

For Enterprise Agreement customers (EA) “indirect” the ability to manage your billing accounts directly from Cost Management and Billing has been introduced. All relevant information regarding department, account and subscription are available directly from the Azure portal. Furthermore, from the same point it is possible to view the properties and manage the policies of the indirect EA enrollments.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Azure Arc

Active Directory Connector for Arc-enabled SQL MI

Azure Arc-enabled data services introduced Active Directory support (AD) for the management of Identity and Access Management (IAM). Indeed, the Arc-enabled SQL Managed instance can use an Active Directory domain (AD) existing on-premises for authentication. To facilitate this, Azure Arc-enabled data services introduce a new Custom Resource Definition (CRD) native Kubernetes called Active Directory Connector. This provides Azure Arc-enabled SQL Managed Instances running on the same data controller the ability to perform Active Directory authentication.

View SQL Server databases using Azure Arc (preview)

Today, customers and partners manage a large number of databases. For each of these databases, it is essential to be able to create an accurate mapping of the configurations. This may be for inventory or reporting purposes. Centralizing database inventory in Azure using Azure Arc allows you to create a unified view of all your databases in one place, regardless of the infrastructure in which they are located: in Azure, in the data center, at edge sites or even other clouds.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • the endpoint protection component (Microsoft Defender for Endpoint) it is now accessible on the Settings and monitors page;
  • new version of the recommendation to find missing system updates;
  • cleanup of deleted Azure Arc machines in linked AWS and GCP accounts.

Protect

Azure Backup

Updates and improvements regarding SAP HANA

The following updates and improvements have been made recently to Azure Backup for SAP HANA, the certified solution Backint for protecting SAP HANA databases residing in Azure virtual machines:

  • Long-term retention for backups “adhoc”: it is now possible to provide customized retention for backups that occur on demand, outside the scheduled policies.
  • Partial restore-as-files: Azure Backup for HANA allows recovery points to be restored as a file. If you download the entire chain for one recovery point and want to repeat the operation for another adjacent recovery point, you don't need to download the entire chain again. It is also possible to restore only the files you want.
  • Integration with native clients and with other tools: previously, for certain scenarios, it was necessary to deactivate backint before the request and reactivate it afterwards, thereby increasing the RPO. With the improvements introduced, these additional steps are no longer necessary and it will be sufficient to activate the requests from the native clients or from the other tools used.

Azure Site Recovery

Ability to use Azure Backup Center for ASR monitor

Azure Backup Center is the point of reference for those who use the native backup features of the Azure platform and allows them to govern, to monitor, manage and analyze backup tasks. Microsoft has extended its capabilities by including monitor capabilities for Azure Site Recovery, which:

  • Viewing the inventory of replicated items, from a single view, for all vaults.
  • Consultation through a control panel of all the replication jobs.

Azure Backup Center supports ASR replication scenarios involving Azure virtual machines, VMware and physical machines.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Possibility to plan savings with the ASP savings option (Azure Savings Plan for compute) with the Azure Migrate business case and assessment.
  • Support for exporting the business case report to an .xlsx workbook from the portal.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in December 2022

In December, several news regarding Azure management were announced by Microsoft services. The release of this summary, which occurs on a monthly basis, want to provide an overview of the main news of the month, in order to stay updated on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor Agent: IIS logs and custom logs

The Azure Monitor agent allows you to collect text files and IIS logs and merge them into a Log Analytics workspace. In this regard, a new feature has been introduced to allow the collection of text logs generated in the application environment, exactly as it happens for Internet Information Service logs (IIS).

Azure Monitor Logs: custom log API and ingestion-time transformation

A new set of features is now available in Azure Monitor that allows you to fully customize the shape of the data that flows into your workspace, plus a new API for custom data merging. Thanks to these new features, it is possible to envisage customized transformations to the data at the time of ingestion. These transformations can be used to set up the extraction of fields during ingestion, obfuscate sensitive data, proceed to remove unnecessary fields or to delete complete events (useful for example to contain costs). Furthermore, it is possible to completely customize the data sent to the new API for custom logs. As well as being able to specify a transformation on the data sent to the new API, you can also explicitly define the schema of your custom table (including dynamic data structures) and leverage AAD authentication and ARM RBAC management.

Configure

Azure Automation

Extension for the Hybrid Runbook Worker

The User Hybrid Worker extension was announced in Azure Automation, which is based on the virtual machine extensions framework and offers an integrated installation experience. There is no dependency on the Log Analytics agent and workspace, and authentication is via System-assigned managed identities, eliminating the need to manage certificates. Furthermore, ensures automatic minor version upgrades by default and simplifies small-scale management of Hybrid Workers through the Azure portal, cmdlet PowerShell, Azure CLI, Bicep, ARM templates and the REST API.

Govern

Azure Cost Management

Use tag inheritance for cost management (preview)

Tag inheritance was announced in a public preview, which allows you to automatically apply subscription and resource group tags to child resources. This mechanism simplifies cost management pipelines.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article the main improvements and updates of this solution are reported for the year 2022.

Azure Arc

Azure Arc enabled Azure Container Apps (preview)

Azure Container Apps enables developers to quickly build and deploy microservices and containerized applications. Deploying an Arc extension on Azure Arc enabled Kubernetes cluster, IT administrators gain control of the underlying hardware and environment, enabling high productivity of Azure PaaS services within a hybrid environment. The cluster can be on-premise or hosted in a third-party cloud. This approach allows developers to leverage the functionality and productivity of Azure Container Apps anywhere, not only in Azure environment. While, IT administrators can maintain corporate compliance by hosting applications in hybrid environments.

Server Azure Arc enabled in Azure China

Azure Arc-enabled servers are now also operable in two regions of Azure China: Est China 2 and North China 2.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.

Protect

Azure Backup

Recovery of Azure virtual machines Cross Zonal

Azure Backup exploits the potential of Zonal Redundant Storage (ZRS), which stores three replicas of backup data in different Availability Zones, synchronously. This allows recovery points stored in the Recovery Services Vault to be used with ZRS storage even if the backup data in one of the Availability Zones is unavailable, ensuring data availability within a region.

The Cross Zonal Restore option can be considered when:

  • Zone-wide availability of backup data is critical, and backup data downtime is unacceptable. This allows you to restore Azure virtual machines and disks to any zone of your choice in the same region.
  • Backup data resilience is needed along with data residency.

Azure Kubernetes Service (AKS) Backup (private preview)

For the Azure Backup service, the private preview of AKS Backup was announced. Using this feature it is possible:

  • Back up and restore containerized applications, both stateless and stateful, running on AKS clusters
  • Back up and restore data stored on persistent volumes attached to clusters.
  • Perform backup orchestration and management from the Backup Center.

Azure Site Recovery

Increased the churn limit (preview)

Azure Site Recovery (ASR) increased the data churn limit by approx 2,5 times, bringing it to 50 MB/s per disk. This way you can configure disaster recovery (DR) for Azure VMs with a data churn of up to 100 MB/s. This allows you to enable DR for IO intensive workloads. This feature is only available for Azure-to-Azure replication scenarios.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 65 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. The main news of this month are described in detail in the following paragraphs.

Software inventory and agentless dependency analysis

Azure Migrate agentless software inventory and dependency analysis is now available for Hyper-V VMs, for bare-metal servers and for servers running on other public clouds such as AWS and GCP. It is therefore possible to inventory the applications, the roles and features installed on those systems. Furthermore, you can run dependency analysis on discovered Windows and Linux servers without installing any agents. Thanks to these features it is possible to build migration plans to Azure more effectively, going to group the servers related to each other.

Building a business case with Azure Migrate (preview)

Azure Migrate's business case feature helps you build business propositions to understand how Azure can drive the most value. In fact,, this solution allows you to understand the return on investment regarding the migration of server systems to Azure, of SQL Server deployments and ASP.NET web applications running in the VMware environment . The business case can be created with just a few clicks and can help you understand:

  • Total cost of ownership on-premises vs Azure and annual cash flow.
  • Resource utilization-based insights to identify ideal servers and workloads for the cloud and recommendations for right sizing in Azure.
  • Benefits for migration and modernization, including the end of support for Windows and SQL versions.
  • Long-term savings by moving from a capital expenditure model to an operating expenditure model, paying only for what you use.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

How to simplify systems management with Azure Automanage

The adoption of cloud solutions has helped to reduce operating expenses (Opex) and the management costs in numerous areas of IT. In fact,, many systems that previously ran on-premises and were complex to maintain are now simple managed services in the cloud.. At the same time though, the execution of systems located in different environments; and the wide range of new Azure services, can make operational management articulated. Microsoft, to better manage the various services and their configuration, provides the solution Azure Automanage, which appropriately integrated with Azure Arc, allows you to automate various operations during the entire life cycle of the machines, regardless of where they reside. This article lists the characteristics of the solution, showing how Azure Automanage, together with Azure Arc, can facilitate the day-to-day tasks of system administrators and ensure optimal adherence to Microsoft best practices.

Simplify the configuration and management of systems wherever they reside

Azure Automanage Automatically implement best practices in machine management while ensuring security compliance, corporate compliance and business continuity. Furthermore, Azure Arc for servers extends the possibilities offered by Azure in the field of governance and management also to physical machines and virtual systems that reside in environments other than Azure. To learn more about the implementation guidelines, Microsoft's proven best practices and tools designed to accelerate your cloud adoption journey should be referenced Microsoft Cloud Adoption Framework.

Quickly configure Windows and Linux server

By adopting this solution, you can detect, integrate and configure different Azure services during the entire life cycle of the machines, making a distinction between Production environments and DevTest environments. Azure services automatically managed by Azure Automanage and related specifications are available in this Microsoft documentation:

Figure 1 – Overview of services managed by Azure Automanage

The inclusion of machines in the service can take place on a large scale or individually, with the certainty that if the systems do not comply with the best practices imposed, Azure Automanage will be able to detect and correct them automatically.

The service can be activated directly from the Azure portal and requires a few simple steps.

The choice of configuration profiles

Azure Automanage uses configuration profiles to determine which Azure services should be enabled on the selected systems. Two configuration profiles are currently available by default, one for the DevTest environment and one for the Production environment. The two profiles are distinguished by the types of services to be enabled on the different workloads. Furthermore, in addition to the standard profiles it is allowed to configure some custom profiles with a certain subset of preferences regarding the various services.

After you enable the service Azure Automanage The process that leads the machines back to the best practices specified in the chosen configuration profile is started.

The status of the VMs after activation of the service can be of different types, here described.

Azure Automanage also recently introduced new profile customization options and more supported operating systems, including Windows 10/11, Red Hat Enterprise Linux, Canonical Ubuntu and SUSE Linux Enterprise Server.

Configure Windows and Linux servers in Azure environments, hybrid or multi-cloud through Azure Arc

Azure Automanage can be enabled on both Azure VMs and Azure Arc-enabled servers. Furthermore, Azure Automanage for Windows Server offers new features specific to Windows Server Azure Edition, that improve the uptime of Windows Server VMs in Azure and Azure Stack HCI environment. These features include:

  • Hotpatch
  • SMB over QUIC
  • Azure Extended Networking

Advantages of the solution

The adoption of Azure Automanage involves several advantages for the customer that can be summarized in the following points:

  • Cost reduction, automating machine management
  • Optimize workload uptime by performing tasks in an optimized way
  • Control over the implementation of security best practices

Conclusions

Machine life cycle management, especially in heterogeneous and large environments, can be very expensive in terms of time and costs. Furthermore, activities that are repeated frequently can be prone to errors, leading systems to a non-optimal configuration. Thanks to this integration between Azure Automanage and Azure Arc it is possible to simplify and automate all the operations necessary to ensure that the systems adhere to the desired requirements.

Azure Management services: what's new in November 2022

In November, Microsoft released some important news regarding Azure management services. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Configure

Azure Automation

Support for Availability Zones

Azure Automation has introduced support for Availability Zones so that it can provide greater resiliency and reliability to the service, runbooks and other automation resources. In case a zone is inactive, no user action is required to recover from a zone fault, in fact, the service will be made accessible through the other available areas. In addition to high availability, this feature is useful for implementing a disaster recovery strategy for the Automation Account, often a key component in DR plans in Azure.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Ability to use tag inheritance to group subscriptions and resource groups.
  • View cost change over previous period, in the cost analysis preview.

Azure Advisor: new cost recommendations for Virtual Machine Scale Sets

Azure Advisor has expanded the recommendations to include cost optimizations for Virtual Machine Scale Sets as well. Recommendations will include recommendations for shutting down resources that are not being used, recommendations for changing the SKU and downscaling for underutilized resources versus provisioning.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Protecting containers in a GCP environment with Defender for Containers
  • Ability to validate Defender for Containers protections via sample alerts
  • Governance rules at scale (preview)

Protect

Azure Backup

Cross-subscription recovery for VMs in Azure (preview)

The Cross Subscription Restore feature was announced in preview and allows you to restore Azure virtual machines, by creating or restoring new disks, in any subscription, starting from the restore point created by Azure Backup. By default, Azure Backup restores in the same subscription where the recovery points are available. With this new feature, you get the flexibility to perform restores in any subscription of the tenant. Cross Subscription Restore is also supported for restore with Managed System Identities (MSI), while it is not currently supported for Azure encrypted virtual machines and Trusted Launch VMs.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support for using a sudo account to perform agentless dependency analysis on Linux servers running in environments VMware, Hyper-V and for physical systems or in other cloud environments.
  • Support for selecting VNets and Subnets during test migration (Using PowerShell) for the agentless VMware scenario.
  • OS disk swap support for agentless VMware scenario.
  • Support for pausing and resuming replicas using PowerShell for VMware agentless scenario.

Azure Database Migration

Offline Azure SQL Database migrations with the Azure SQL Migration extension

To perform offline migrations of SQL Server databases running on-premises, SQL Server on Azure virtual machines or any virtual machine running in the cloud (private, public) to Azure SQL Database you can use the extension Azure SQL Migration

New Azure SQL Migration extension migration feature provides an end-to-end experience to modernize SQL Servers in Azure SQL Database. The extension allows you to check the readiness of the migration with actions for: remedying possible migration blocks, export assessment results and get appropriate Azure recommendations.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in October 2022

In October, Microsoft announced a considerable number of news regarding Azure management services, accomplice also the Microsoft Ignite conference 2022. Through these articles, issued on a monthly basis, I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New migration tools for the Azure Monitor agent

The Azure Monitor Agent (AMA) provides a way that is secure , economical and performing to collect telemetry data from Azure virtual machines, scale set, Azure Arc-enabled servers and Windows client devices. Microsoft has announced that it is necessary to migrate from the log analytics agent (MMA or OMS agent) to this agent before August 2024. To address this migration you can use the following migration tools:

  • AMA migration helper: an Azure Monitor workbook-based solution that helps you find out what to migrate and monitor progress in moving from legacy agents to the new Azure Monitor agent.
  • DCR config generator: the Azure Monitor agent relies only on data collection rules (data collection rule) for configuration, while the legacy agent extracted all its configuration from the Log Analytics workspaces. Using this script, it is possible to analyze the configuration of the legacy agent from the workspaces and automatically generate the corresponding rules. You will be able to associate these rules with systems running the new agent, using the integrated association criteria.

Support of the Azure Monitor agent also for Windows clients

Azure Monitor agent and data collection rules now support client devices Windows 10 and 11. Client devices running the agent must be connected to AAD or hybrid AAD, since the agent relies on the identity of the AAD device for authentication. For client devices, while deploying the same agent that uses data collection rules to manage the configuration, only association is allowed (or targeting) at the AAD tenant level. Granular device targeting is not yet available. Furthermore, the agent is the same used for virtual machines or servers, that is, it has no specific optimization for client devices (ex. for the battery, the network, etc.).

Azure Service Map retirement announced

Microsoft announced that Azure Service Map will be officially retired on 30 September 2025. To monitor connections between servers, processes and connection latencies need to use Azure MonitorVM insights. The experience provided by VM Insights includes the same features as Service Map, beyond:

  • Improved scalability and support for more complex maps.
  • More detailed metrics for connections.
  • Integrated support for grouping machines.

Azure Monitor predictive autoscale for Azure Virtual Machine Scale Sets

The predictive autoscale uses machine learning to help manage and scale Azure Virtual Machine Scale Sets with cyclical workload models. This feature allows you to predict the overall CPU load for the set of virtual machines based on historical CPU usage patterns. This allows scale-out to be done in time to meet demand.

There are several key features released:

  • New virtual machine set instances are added when the system expects the CPU percentage to exceed the scale-out limit.
  • You can configure how far in advance you want to provision new instances.
  • It is possible to view the CPU usage forecasts without activating the scaling action, using the forecast-only mode.

Azure Monitor Logs: functionality to add value to data and reduce costs

For Azure Monitor Logs, interesting log analysis features have been announced that will help increase the cost effectiveness of logs:

  • Basic Logs: an economical solution for high-volume verbose logs. It is now possible to configure high-volume verbose log tables as basic logs and reduce the cost of storing data used for debugging, problem solving and auditing.
  • Long-term archiving of logs for security and compliance. The archiving of the logs allows you to extend the retention period of the Log Analytic table and to archive the logs up to seven years with a significant reduction in prices.
  • Archived logs can be accessed by using a search job or by temporarily restoring a set of logs.
  • Search Log: a new tool that asynchronously scans petabytes of data and retrieves all relevant records in a new persistent Log Analytics table.
  • Restoration: an operation that makes a specific time interval of table data available in the hot cache, to run high performance queries.

Azure Monitor Logs: RBAC creation in granular way for custom tables
Today, data access control can be managed at the workspace level, resource and table, but only for Azure standard tables. Previously, custom tables only supported one authorization method: “all or nothing”. The Log Analytics product team added the functionality to allow workspace administrators to manage more granular access to data, supporting table-level read permission, for both Azure tables and customer tables.

Integration of the Azure Monitor Agent with Connection Monitor (preview)
Connection Monitor is a multi-agent monitoring solution that can monitor connectivity in Azure and hybrid environments and measure packet loss, latency and jitter. Connection Monitor provides useful information for diagnosing and resolving network problems and provides end-to-end path visibility with a unified topology.

Microsoft's goal is to consolidate multiple monitor agents into a single agent. This feature allows you to meet the needs of collection of monitor logs related to connectivity and metrics on Azure and on on-premises Arc-enabled computers, eliminating the costs of managing and enabling multiple monitor agents. Furthermore, the Azure Monitor Agent offers improved security and performance features, real cost savings and easier problem solving. Thanks to this support, the dependence on the Log Analytics agent is eliminated, while increasing the coverage of on-premises computers with the support of Arc-enabled endpoints.

Azure Monitor Managed Service for Prometheus (preview)

Prometheus, the open source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running self-managed Prometheus is often a great solution for smaller deployments, though scaling to manage workloads can be a major challenge. The new Prometheus-compatible and fully managed Azure Monitor service offers the best of what you like about the open source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. This service is available as a standalone Azure Monitor service or as an integrated component of Container Insights and Azure Managed Grafana.

Rules for Azure Kubernetes Service resources and for Log Analytics (preview)

The Azure portal now allows you to easily enable a set of alert rules pertaining to the best practices recommended for Azure Kubernetes Service resources (AKS) and for Log Analytics workspace.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Azure Arc

Automatic extension update for Azure Arc-enabled servers

Microsoft has made the extension automatic update functionality available for Azure Arc-enabled servers.

Azure Automanage for Azure virtual machines and Arc-enabled servers
Azure Automanage is a service that automates the configuration of virtual machines to Azure services, as well as security operations and management of the entire life cycle of VMs in Azure or hybrid environments (enabled through Azure Arc). This saves time, reduce risks and improve workload uptime, automating daily configuration and management tasks. Azure Automanage is now available for Azure virtual machines and Arc-enabled servers.

Microsoft has added new features to further automate the configuration and management of any virtual machine, including:

  • the application of improved backup settings and different auditing modes for server baselines;
  • the ability to specify custom Log Analytics workspaces and Azure tags to identify resources;
  • support for Windows virtual machines 10;
  • support for enabling Microsoft Antimalware.

New features for Azure Arc-enabled SQL Servers

Azure Arc-enabled SQL Servers have several new features that increasingly allow customers to leverage a cloud-like experience, including:

  • single sign-on experience that integrates with Azure Active Directory (Azure AD).
  • improved security thanks to Microsoft Defender which allows customers to
    evaluate and secure SQL Server properties in hybrid and multicloud environments.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Microsoft Defender for DevOps, a new solution that will provide visibility across multiple DevOps environments. This solution will make it possible to centrally manage security, strengthen cloud resource configurations in code and prioritize critical troubleshooting in code in multi-pipeline and multicloud environments. With this preview, major platforms such as GitHub and Azure DevOps are already supported and other major DevOps platforms will be supported shortly.
  • Microsoft cloud security benchmark: the complete multicloud security framework is now available with Microsoft Defender for Cloud, as part of the free Cloud Security Posture Management experience. This integrated benchmark is able to map best practices across different clouds and various industry frameworks, enabling security teams to ensure multicloud security compliance.
  • Microsoft Defender for Servers, as well as an agent-based approach to virtual machines (VM) in Azure e AWS, will support agentless scanning.
  • Defender for Servers P2 will provide the premium features of Microsoft Defender Vulnerability Management.
  • Microsoft Defender for Containers will expand multicloud threat protection with agentless scanning in AWS Elastic Container Registry.

Protect

Azure Backup

Smart tiering: automatic move to the vault-archive tier

Azure Backup has introduced the ability to configure policies to automate the use of the vault-archive tier for Azure virtual machines and for SQL Server / SAP HANA on board virtual machines. This ensures that the restore points are suitable and recommended (in the case of Azure virtual machines) are automatically moved to the vault-archive tier. This is done periodically and according to the backup policy settings. Furthermore, you can specify the number of days after which you want the recovery points to be moved to the vault-archive tier.

Support for zone-rendundant storage

In Azure Backup, support for redundant zone type vaults has been introduced. When configuring resource protection using a zone-redundant storage vault (ZRS), backups are synchronously replicated across three Availability Zones within a region. This allows you to perform data restores even in the event of outages in a specific area.

Immutable vaults for Azure Backup

With immutable vaults, Azure Backup offers an option to ensure that the recovery points created cannot be deleted before the expected deadline. Azure Backup does this by preventing any operation that could lead to the loss of backup data. This helps protect backups from threats such as ransomware attacks and malicious actors, preventing operations such as deleting backups or reducing retention in backup policies.

Soft delete functionality enhancements for Azure Backup

It is now possible to ensure better protection of backups against various threats, making soft delete irreversible. Furthermore, the soft delete functionality allows you to provide a customizable retention period for which deleted data must be kept.

Support for HANA System Replication in Azure Backup for HANA (preview)

Azure Backup protects HANA databases on Azure virtual machines with a streaming database backup solution, Backint certified. Previously, if the HANA database had HANA System Replication (HSR) as a disaster recovery solution (DR), after each failover, manual intervention was required to activate the backups. Now, with this new feature in preview, you get instant and continuous protection for your HANA System Replication configuration, without the need for any manual intervention.

Azure Site Recovery

New DR architecture for VMware machines

In ASR it has been made easier, reliable and modern mechanism to protect VMware virtual machines. Among the main improvements it is worth mentioning:

  • Stateless ASR Replication Appliance: the Configuration Server and its local components have been converted to a stateless ASR replication appliance. This choice simplifies the discovery and failback process, introducing the option to select any appliance, without having to configure any master target server or process server.
  • Automatic updates for the ASR replication appliance and for the mobility agent. A problem felt with the classic architecture was the need to manually update the various components of the Configuration Server and the mobility agents. To make things easier, automatic updates have been introduced.
  • More flexible scalability. The replication appliance constitutes a single management unit and all its components have been converted into microservices hosted in an Azure environment. This not only makes it easier to troubleshoot any problems, but managing scalability is also much easier.
  • High availability for appliances. With modern architecture, it is no longer necessary to perform regular backups of the appliance. In fact,, just start another appliance and switch all machines to the new appliance. The replicated items will be transferred to the new appliance, without having to repeat the full replication.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 64 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Discovery and assessment aimed at migrating SQL Server to Azure

The new SQL discovery and assessment capabilities in Azure Migrate allow you to map the environment and evaluate availability, the costs and any blocks in moving these instances to Azure IaaS and PaaS. Thanks to this tool it is possible to detect the most valid and convenient Azure target for the analyzed SQL instances. Furthermore, this information can be downloaded in a specific report.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Azure Database Migration

Migration from Oracle to Azure with Database Migration Assessment for Oracle
Database Migration Assessment for Oracle, an Azure Data Studio extension powered by Azure Database Migration Service, now allows you to do an assessment for migration from Oracle Database to Azure Database for PostgreSQL. The assessment includes recommendations for database migration and an assessment of the code complexity of the databases. Through the same tool, customers can get recommendations on targeted sizing for Oracle Database migration to Azure Database for PostgreSQL and Azure SQL, including Azure SQL Database Hyperscale, ideal for large workloads up to 100 TB. With these new features, Migration planning is made easier for Oracle customers who want to modernize their data assets with Azure-managed databases.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in September 2022

In September there were several news that Microsoft announced regarding Azure management services. This article lists the main announcements, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Monitors for VM and AKS clusters based on Arm

Azure Monitor introduced support for Ampere Altra Arm-based Azure virtual machines and Azure Kubernetes service consisting of Arm nodes.

Update required for MMA using SSL v1

Starting November 1st 2022, Azure will no longer accept connections from previous versions of the Operations Manager agent, also known as the Microsoft Monitoring Agent (MMA), using SSL V1. If the Operations Manager agent is configured to send data to Log Analytics, the agent must be updated to the latest version by that date.

Expected retirement of ITSM connector for ServiceNow

Microsoft announced that the 30 September 2025 the Azure Monitor ITSM connector for creating alerts in ServiceNow will be retired. For those who use this integration, it will be possible to create incidents or events using the appropriate Secure Webhook.

Govern

Azure Policy

Azure Policy built-in per Azure NetApp Files

Microsoft has introduced built-in policies related to Azure NetApp Files to allow administrators to restrict the creation of unprotected NFS volumes and to more easily control existing volumes.

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Ability to monitor budgets from the Azure app for mobile devices.
  • Ability to obtain detailed information on possible savings directly from cost analysis (preview).

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Defender for Servers support for File Integrity Monitoring functionality using the Azure Monitor Agent.
  • The addition of identity recommendations.

Protect

Azure Backup

Reserved capacity per Azure Backup Storage

To optimize costs, it is possible to purchase the Azure Backup Storage capacity in reserved capacity mode. The reservation will automatically apply to the selected Backup Storage and will be available on an annual basis with a discount until 16% or on a three-year basis with a discount of 24%.

Alert in Azure Monitor

Thanks to this integration between Azure Monitor and Azure Backup it is possible to generate alerts for critical events related to the security of backups and in case of errors in the protection of resources. To monitor these alerts, you can use the Azure Monitor dashboard or the Backup center. Thanks to this integration it is also possible to route these alerts to different notification channels.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • The introduction of support for suspending and resuming replicas of VMs in progress, without having to perform a full replication again.
  • Advanced notifications regarding migration completion status and migration testing.
  • Detection of Java web apps on Apache Tomcat running on Linux servers hosted in VMware environments.
  • For ASP.NET web apps the possibility of carrying out an advanced data collection, including detection of database connection strings, directories and authentication mechanisms.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.