In November, Microsoft released some important news regarding Azure management services. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Configure

Azure Automation

Support for Availability Zones

Azure Automation has introduced support for Availability Zones so that it can provide greater resiliency and reliability to the service, runbooks and other automation resources. In case a zone is inactive, no user action is required to recover from a zone fault, in fact, the service will be made accessible through the other available areas. In addition to high availability, this feature is useful for implementing a disaster recovery strategy for the Automation Account, often a key component in DR plans in Azure.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Ability to use tag inheritance to group subscriptions and resource groups.
• View cost change over previous period, in the cost analysis preview.

Azure Advisor: new cost recommendations for Virtual Machine Scale Sets

Azure Advisor has expanded the recommendations to include cost optimizations for Virtual Machine Scale Sets as well. Recommendations will include recommendations for shutting down resources that are not being used, recommendations for changing the SKU and downscaling for underutilized resources versus provisioning.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Protecting containers in a GCP environment with Defender for Containers
• Ability to validate Defender for Containers protections via sample alerts
• Governance rules at scale (preview)

Protect

Azure Backup

Cross-subscription recovery for VMs in Azure (preview)

The Cross Subscription Restore feature was announced in preview and allows you to restore Azure virtual machines, by creating or restoring new disks, in any subscription, starting from the restore point created by Azure Backup. By default, Azure Backup restores in the same subscription where the recovery points are available. With this new feature, you get the flexibility to perform restores in any subscription of the tenant. Cross Subscription Restore is also supported for restore with Managed System Identities (MSI), while it is not currently supported for Azure encrypted virtual machines and Trusted Launch VMs.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

• Support for using a sudo account to perform agentless dependency analysis on Linux servers running in environments VMware, Hyper-V and for physical systems or in other cloud environments.
• Support for selecting VNets and Subnets during test migration (Using PowerShell) for the agentless VMware scenario.
• OS disk swap support for agentless VMware scenario.
• Support for pausing and resuming replicas using PowerShell for VMware agentless scenario.

Azure Database Migration

Offline Azure SQL Database migrations with the Azure SQL Migration extension

To perform offline migrations of SQL Server databases running on-premises, SQL Server on Azure virtual machines or any virtual machine running in the cloud (private, public) to Azure SQL Database you can use the extension Azure SQL Migration

New Azure SQL Migration extension migration feature provides an end-to-end experience to modernize SQL Servers in Azure SQL Database. The extension allows you to check the readiness of the migration with actions for: remedying possible migration blocks, export assessment results and get appropriate Azure recommendations.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In October, Microsoft announced a considerable number of news regarding Azure management services, accomplice also the Microsoft Ignite conference 2022. Through these articles, issued on a monthly basis, I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Monitor

Azure Monitor

New migration tools for the Azure Monitor agent

The Azure Monitor Agent (AMA) provides a way that is secure , economical and performing to collect telemetry data from Azure virtual machines, scale set, Azure Arc-enabled servers and Windows client devices. Microsoft has announced that it is necessary to migrate from the log analytics agent (MMA or OMS agent) to this agent before August 2024. To address this migration you can use the following migration tools:

• AMA migration helper: an Azure Monitor workbook-based solution that helps you find out what to migrate and monitor progress in moving from legacy agents to the new Azure Monitor agent.
• DCR config generator: the Azure Monitor agent relies only on data collection rules (data collection rule) for configuration, while the legacy agent extracted all its configuration from the Log Analytics workspaces. Using this script, it is possible to analyze the configuration of the legacy agent from the workspaces and automatically generate the corresponding rules. You will be able to associate these rules with systems running the new agent, using the integrated association criteria.

Support of the Azure Monitor agent also for Windows clients

Azure Monitor agent and data collection rules now support client devices Windows 10 and 11. Client devices running the agent must be connected to AAD or hybrid AAD, since the agent relies on the identity of the AAD device for authentication. For client devices, while deploying the same agent that uses data collection rules to manage the configuration, only association is allowed (or targeting) at the AAD tenant level. Granular device targeting is not yet available. Furthermore, the agent is the same used for virtual machines or servers, that is, it has no specific optimization for client devices (ex. for the battery, the network, etc.).

Azure Service Map retirement announced

Microsoft announced that Azure Service Map will be officially retired on 30 September 2025. To monitor connections between servers, processes and connection latencies need to use Azure MonitorVM insights. The experience provided by VM Insights includes the same features as Service Map, beyond:

• Improved scalability and support for more complex maps.
• More detailed metrics for connections.
• Integrated support for grouping machines.

Azure Monitor predictive autoscale for Azure Virtual Machine Scale Sets

The predictive autoscale uses machine learning to help manage and scale Azure Virtual Machine Scale Sets with cyclical workload models. This feature allows you to predict the overall CPU load for the set of virtual machines based on historical CPU usage patterns. This allows scale-out to be done in time to meet demand.

There are several key features released:

• New virtual machine set instances are added when the system expects the CPU percentage to exceed the scale-out limit.
• You can configure how far in advance you want to provision new instances.
• It is possible to view the CPU usage forecasts without activating the scaling action, using the forecast-only mode.

Azure Monitor Logs: functionality to add value to data and reduce costs

For Azure Monitor Logs, interesting log analysis features have been announced that will help increase the cost effectiveness of logs:

• Basic Logs: an economical solution for high-volume verbose logs. It is now possible to configure high-volume verbose log tables as basic logs and reduce the cost of storing data used for debugging, problem solving and auditing.
• Long-term archiving of logs for security and compliance. The archiving of the logs allows you to extend the retention period of the Log Analytic table and to archive the logs up to seven years with a significant reduction in prices.
• Archived logs can be accessed by using a search job or by temporarily restoring a set of logs.
• Search Log: a new tool that asynchronously scans petabytes of data and retrieves all relevant records in a new persistent Log Analytics table.
• Restoration: an operation that makes a specific time interval of table data available in the hot cache, to run high performance queries.

Azure Monitor Logs: RBAC creation in granular way for custom tables
Today, data access control can be managed at the workspace level, resource and table, but only for Azure standard tables. Previously, custom tables only supported one authorization method: “all or nothing”. The Log Analytics product team added the functionality to allow workspace administrators to manage more granular access to data, supporting table-level read permission, for both Azure tables and customer tables.

Integration of the Azure Monitor Agent with Connection Monitor (preview)
Connection Monitor is a multi-agent monitoring solution that can monitor connectivity in Azure and hybrid environments and measure packet loss, latency and jitter. Connection Monitor provides useful information for diagnosing and resolving network problems and provides end-to-end path visibility with a unified topology.

Microsoft's goal is to consolidate multiple monitor agents into a single agent. This feature allows you to meet the needs of collection of monitor logs related to connectivity and metrics on Azure and on on-premises Arc-enabled computers, eliminating the costs of managing and enabling multiple monitor agents. Furthermore, the Azure Monitor Agent offers improved security and performance features, real cost savings and easier problem solving. Thanks to this support, the dependence on the Log Analytics agent is eliminated, while increasing the coverage of on-premises computers with the support of Arc-enabled endpoints.

Azure Monitor Managed Service for Prometheus (preview)

Prometheus, the open source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running self-managed Prometheus is often a great solution for smaller deployments, though scaling to manage workloads can be a major challenge. The new Prometheus-compatible and fully managed Azure Monitor service offers the best of what you like about the open source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. This service is available as a standalone Azure Monitor service or as an integrated component of Container Insights and Azure Managed Grafana.

Rules for Azure Kubernetes Service resources and for Log Analytics (preview)

The Azure portal now allows you to easily enable a set of alert rules pertaining to the best practices recommended for Azure Kubernetes Service resources (AKS) and for Log Analytics workspace.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Azure Arc

Automatic extension update for Azure Arc-enabled servers

Microsoft has made the extension automatic update functionality available for Azure Arc-enabled servers.

Azure Automanage for Azure virtual machines and Arc-enabled servers
Azure Automanage is a service that automates the configuration of virtual machines to Azure services, as well as security operations and management of the entire life cycle of VMs in Azure or hybrid environments (enabled through Azure Arc). This saves time, reduce risks and improve workload uptime, automating daily configuration and management tasks. Azure Automanage is now available for Azure virtual machines and Arc-enabled servers.

Microsoft has added new features to further automate the configuration and management of any virtual machine, including:

• the application of improved backup settings and different auditing modes for server baselines;
• the ability to specify custom Log Analytics workspaces and Azure tags to identify resources;
• support for Windows virtual machines 10;
• support for enabling Microsoft Antimalware.

New features for Azure Arc-enabled SQL Servers

Azure Arc-enabled SQL Servers have several new features that increasingly allow customers to leverage a cloud-like experience, including:

• single sign-on experience that integrates with Azure Active Directory (Azure AD).
• improved security thanks to Microsoft Defender which allows customers to
  evaluate and secure SQL Server properties in hybrid and multicloud environments.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Microsoft Defender for DevOps, a new solution that will provide visibility across multiple DevOps environments. This solution will make it possible to centrally manage security, strengthen cloud resource configurations in code and prioritize critical troubleshooting in code in multi-pipeline and multicloud environments. With this preview, major platforms such as GitHub and Azure DevOps are already supported and other major DevOps platforms will be supported shortly.
• Microsoft cloud security benchmark: the complete multicloud security framework is now available with Microsoft Defender for Cloud, as part of the free Cloud Security Posture Management experience. This integrated benchmark is able to map best practices across different clouds and various industry frameworks, enabling security teams to ensure multicloud security compliance.
• Microsoft Defender for Servers, as well as an agent-based approach to virtual machines (VM) in Azure e AWS, will support agentless scanning.
• Defender for Servers P2 will provide the premium features of Microsoft Defender Vulnerability Management.
• Microsoft Defender for Containers will expand multicloud threat protection with agentless scanning in AWS Elastic Container Registry.

Protect

Azure Backup

Smart tiering: automatic move to the vault-archive tier

Azure Backup has introduced the ability to configure policies to automate the use of the vault-archive tier for Azure virtual machines and for SQL Server / SAP HANA on board virtual machines. This ensures that the restore points are suitable and recommended (in the case of Azure virtual machines) are automatically moved to the vault-archive tier. This is done periodically and according to the backup policy settings. Furthermore, you can specify the number of days after which you want the recovery points to be moved to the vault-archive tier.

Support for zone-rendundant storage

In Azure Backup, support for redundant zone type vaults has been introduced. When configuring resource protection using a zone-redundant storage vault (ZRS), backups are synchronously replicated across three Availability Zones within a region. This allows you to perform data restores even in the event of outages in a specific area.

Immutable vaults for Azure Backup

With immutable vaults, Azure Backup offers an option to ensure that the recovery points created cannot be deleted before the expected deadline. Azure Backup does this by preventing any operation that could lead to the loss of backup data. This helps protect backups from threats such as ransomware attacks and malicious actors, preventing operations such as deleting backups or reducing retention in backup policies.

Soft delete functionality enhancements for Azure Backup

It is now possible to ensure better protection of backups against various threats, making soft delete irreversible. Furthermore, the soft delete functionality allows you to provide a customizable retention period for which deleted data must be kept.

Support for HANA System Replication in Azure Backup for HANA (preview)

Azure Backup protects HANA databases on Azure virtual machines with a streaming database backup solution, Backint certified. Previously, if the HANA database had HANA System Replication (HSR) as a disaster recovery solution (DR), after each failover, manual intervention was required to activate the backups. Now, with this new feature in preview, you get instant and continuous protection for your HANA System Replication configuration, without the need for any manual intervention.

Azure Site Recovery

New DR architecture for VMware machines

In ASR it has been made easier, reliable and modern mechanism to protect VMware virtual machines. Among the main improvements it is worth mentioning:

• Stateless ASR Replication Appliance: the Configuration Server and its local components have been converted to a stateless ASR replication appliance. This choice simplifies the discovery and failback process, introducing the option to select any appliance, without having to configure any master target server or process server.
• Automatic updates for the ASR replication appliance and for the mobility agent. A problem felt with the classic architecture was the need to manually update the various components of the Configuration Server and the mobility agents. To make things easier, automatic updates have been introduced.
• More flexible scalability. The replication appliance constitutes a single management unit and all its components have been converted into microservices hosted in an Azure environment. This not only makes it easier to troubleshoot any problems, but managing scalability is also much easier.
• High availability for appliances. With modern architecture, it is no longer necessary to perform regular backups of the appliance. In fact,, just start another appliance and switch all machines to the new appliance. The replicated items will be transferred to the new appliance, without having to repeat the full replication.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 64 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Discovery and assessment aimed at migrating SQL Server to Azure

The new SQL discovery and assessment capabilities in Azure Migrate allow you to map the environment and evaluate availability, the costs and any blocks in moving these instances to Azure IaaS and PaaS. Thanks to this tool it is possible to detect the most valid and convenient Azure target for the analyzed SQL instances. Furthermore, this information can be downloaded in a specific report.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Azure Database Migration

Migration from Oracle to Azure with Database Migration Assessment for Oracle
Database Migration Assessment for Oracle, an Azure Data Studio extension powered by Azure Database Migration Service, now allows you to do an assessment for migration from Oracle Database to Azure Database for PostgreSQL. The assessment includes recommendations for database migration and an assessment of the code complexity of the databases. Through the same tool, customers can get recommendations on targeted sizing for Oracle Database migration to Azure Database for PostgreSQL and Azure SQL, including Azure SQL Database Hyperscale, ideal for large workloads up to 100 TB. With these new features, Migration planning is made easier for Oracle customers who want to modernize their data assets with Azure-managed databases.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In September there were several news that Microsoft announced regarding Azure management services. This article lists the main announcements, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Monitors for VM and AKS clusters based on Arm

Azure Monitor introduced support for Ampere Altra Arm-based Azure virtual machines and Azure Kubernetes service consisting of Arm nodes.

Update required for MMA using SSL v1

Starting November 1st 2022, Azure will no longer accept connections from previous versions of the Operations Manager agent, also known as the Microsoft Monitoring Agent (MMA), using SSL V1. If the Operations Manager agent is configured to send data to Log Analytics, the agent must be updated to the latest version by that date.

Expected retirement of ITSM connector for ServiceNow

Microsoft announced that the 30 September 2025 the Azure Monitor ITSM connector for creating alerts in ServiceNow will be retired. For those who use this integration, it will be possible to create incidents or events using the appropriate Secure Webhook.

Govern

Azure Policy

Azure Policy built-in per Azure NetApp Files

Microsoft has introduced built-in policies related to Azure NetApp Files to allow administrators to restrict the creation of unprotected NFS volumes and to more easily control existing volumes.

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Ability to monitor budgets from the Azure app for mobile devices.
• Ability to obtain detailed information on possible savings directly from cost analysis (preview).

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Defender for Servers support for File Integrity Monitoring functionality using the Azure Monitor Agent.
• The addition of identity recommendations.

Protect

Azure Backup

Reserved capacity per Azure Backup Storage

To optimize costs, it is possible to purchase the Azure Backup Storage capacity in reserved capacity mode. The reservation will automatically apply to the selected Backup Storage and will be available on an annual basis with a discount until 16% or on a three-year basis with a discount of 24%.

Alert in Azure Monitor

Thanks to this integration between Azure Monitor and Azure Backup it is possible to generate alerts for critical events related to the security of backups and in case of errors in the protection of resources. To monitor these alerts, you can use the Azure Monitor dashboard or the Backup center. Thanks to this integration it is also possible to route these alerts to different notification channels.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

• The introduction of support for suspending and resuming replicas of VMs in progress, without having to perform a full replication again.
• Advanced notifications regarding migration completion status and migration testing.
• Detection of Java web apps on Apache Tomcat running on Linux servers hosted in VMware environments.
• For ASP.NET web apps the possibility of carrying out an advanced data collection, including detection of database connection strings, directories and authentication mechanisms.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft constantly releases news about Azure management services. By publishing this summary, we want to provide an overall overview of the main news released in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Azure Monitor metric alerts: improvement in learning the thresholds

The “metric alerts” of Azure Monitor with dynamic threshold detection, use machine learning algorithms (ML) advanced tools to learn the historical behavior of metrics and identify patterns and anomalies that indicate possible problems in services. Thanks to the introduction of this new feature, prolonged interruptions are automatically recognized and these interruptions are removed from the trend in order not to distort the results. In this way, much better thresholds are obtained that adapt to the data and can detect problems in services with the same sensitivity before the interruption.

VM insights and the use of the new Azure Monitor agent (preview)

Currently, in order to use Azure Monitor VM insights you need to install, on board each virtual machine or virtual machine scale set to be monitored, the Log Analytics agent and the dependency agent. Thanks to the release of this new feature (preview) VM insights will use the new Azure Monitor agent, instead of the Log Analytics agent.

There are several features that are obtained with this preview:

• Easy configuration, using the data collection rule, to collect the performance counters of VMs and specific data types.
• Ability to enable and disable processes and dependency data that generate the Map view, thus obtaining a consequent cost optimization.
• Improvement of security and performance resulting from the use of the Azure Monitor agent and managed identity.

Managed identity-based authentication to enable Azure Monitor container insights (preview)

Container insights now supports integration through the Azure Monitor agent for AKS clusters (Linux nodes) and for Arc-enabled clusters. This agent collects performance and event data from all cluster nodes and is automatically deployed and registered with the Log Analytics workspace. With the Azure Monitor agent, container insights also supports managed identity authentication for AKS and Arc-enabled clusters. This is a secure and simplified authentication model in which the monitor agent uses the managed identity of the cluster to send data to Azure Monitor. This new authentication mechanism replaces local authentication based on certificates and eliminates the need to add a specific role to the cluster. System-assigned identities and user-assigned identities are supported.

Availability in new regions

Azure Monitor Log Analytics is available in the following new regions:

• China North 3
• China East 3

To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Policy to block the deployment of potential vulnerable images

To protect Kubernetes clusters and their container-based workloads from potential attack attempts, it is now possible to create restrictions in the deployment of images that contain vulnerabilities in their software components. Thanks to this feature it is possible to use Azure Policy and Azure Defender for Containers to identify vulnerabilities and apply related patches before making deployments.

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported. In particular, it should be noted the possibility to consolidate and manage various Azure Active Directory tenants from a single Billing account of the Microsoft Customer Agreement (MCA).

Azure Arc

Azure Arc-enable Servers: availability in new regions

Azure Arc-enable Servers is available in the following new regions:

• China East 2 (preview)
• China North 2 (preview)
• South Africa North

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Automatic deployment of the Azure Monitor agent (preview)
• Deprecated alerts regarding suspicious activity related to a Kubernetes cluster

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 63 that solves several issues and introduces some improvements.

Among the main improvements introduced by this version of the ASR components, we find:

• Oracle Linux support 8.6 for Linux OS/Azure to Azure and for VMware/Physical to Azure
• The ability to migrate existing replication jobs from classic to modern mode for VMware virtual machines (see next paragraph “Upgrade to adopt VMware's modern VM replication experience”)

The details and the procedure to follow for the installation can be found in the specific KB.

Upgrade to adopt VMware's modern VM replication experience

In ASR the possibility of migrating has been introduced, VMware virtual machines protected by Azure Site Recovery, from the classical experience to the modern one recently introduced. The classic mode involves the replication of VMware VMs using the Configuration Server, while the modern mode involves the adoption of the ASR replication appliance. The migration process, towards the modern mode, which was introduced provides:

• A detection mechanism that allows you not to have to repeat the initial replication of protected systems.
• The calculation of the necessary migration times, in order to have all the elements necessary for proper planning.
• A robust rollback mechanism, to restore the initial situation (classic mode) if any problems arise.

The adoption of the modern replication mechanism is recommended by Microsoft as it improves security, reduce the management effort and simplify the environment.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

• Ability to perform the discovery and assessment of SQL environments in Microsoft Hyper-V and physical / bare-metal systems, as well as on the IaaS services of other public clouds.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft is constantly announcing news regarding Azure management services and as usual this monthly summary is released. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Azure Monitor for SAP Solutions (preview)

Azure Monitor has launched a new version, called Azure Monitor for SAP solutions (AMS), for the SAP solutions monitor (preview). This new version allows, for SAP workloads in Azure, to collect SAP information and telemetry. This solution is useful for both SAP BASIS teams and infrastructure teams who can consult the information collected in a single location.

Migration tools for the Azure Monitor Agent (preview)

The Azure Monitor Agent (AMA) offers a secure way, economically convenient, simplified and performing for the collection of telemetry data from Azure virtual machines, from Virtual Machine Scale Set, from Arc-enabled servers and Windows clients. Migration from the Log Analytics agent (MMA or OMS agents) it must take place by August 2024. To make this process easier for you, Microsoft is providing dedicated agent migration tools, that allow you to automate the migration process. For further details you can consult the Microsoft's official documentation.

Azure Monitor Agent: support for User-assigned Managed Identity (preview)

The new Azure Monitor Agent (AMA) now supports User-assigned Managed Identities in preview. Thanks to this support, it is possible to use the policies to distribute the extension of the AMA on virtual machines and on virtual machine scale sets. User-assigned Managed Identities allow for greater scalability and resilience than System Assigned Identities, thus becoming the recommended method for large-scale installations using extensions.

Configure

Update management center (preview)

Update management center is the new solution that helps centrally manage and govern updates of all machines. It works without the need for onboarding, as it is a solution that is natively based on the Azure Compute platform and Azure Arc-enabled servers. This solution will soon take the place of Update Management of Azure Automation, removing any dependency on Azure Automation and Log Analytics. Update management center is, today, able to manage and govern updates on:

• Windows and Linux operating systems
• Machines residing in Azure, locally and on other cloud platforms, thanks to Azure Arc

Among the main strengths of the new solution we find:

• Centralized visibility of updates

• Native integration and zero onboarding

• Integration with Azure roles and identities

• High flexibility in managing updates

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Cloud-native security agent for Kubernetes runtime protection
• Support for language package detection introduced in the VA of Defender for Container (preview)
• Vulnerability protection CVE-2022-29149 of Operations Management Suite

Protect

Azure Backup

Smart tiering: automatic move to the vault-archive tier (preview)

Azure Backup has introduced the ability to configure policies to automate the use of the vault-archive tier for Azure virtual machines and for SQL Server / SAP HANA on board virtual machines. This ensures that the restore points are suitable and recommended (in the case of Azure virtual machines) are automatically moved to the vault-archive tier. This is done periodically and according to the backup policy settings. Furthermore, you can specify the number of days after which you want the recovery points to be moved to the vault-archive tier.

Azure Site Recovery

Mitigated Azure Site Recovery vulnerabilities

Microsoft has corrected a number of Azure Site Recovery vulnerabilities (ASR) releasing updates on 12 July, during Microsoft's regular update cycle. These vulnerabilities affect all customers using ASR in a VMware / Physical to Azure replication scenario. These vulnerabilities have been corrected in the latest version of ASR 9.49. For more information you can consult this bulletin.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 62 which solves various problems and introduces some new features, among which:

• Support for Linux OS / Azure to Azure: RHEL 8.6 and Cent OS 8.6
• Support for VMware / Physical to Azure: RHEL 8.6 and Cent OS 8.6
• Support for configuring “proxy bypass” for VMware and Hyper-V replicas, using private endpoints.

The related details and the procedure to follow for installation can be found in specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New version of the agent for Linux systems

A new version of the Azure Monitor Agent was released this month (AMA) and of Data Collection Rules (DCR) for Linux systems (v1.19.3), which introduces in particular support for recent distros, like Ubuntu 22.04, Rocky Linux, and AlmaLinux.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• View costs in the Azure mobile app
• New APIs for configuring cost alerts

Azure Arc

Windows Admin Center from the Azure portal for Azure Arc servers (preview)

Using Windows Admin Center from the Azure portal, it is now also possible to manage the Microsoft Azure Arc-enabled infrastructure.

Azure Arc-enabled System Center Virtual Machine Manager (preview)

System Center Virtual Machine Manager (VMM) has been used for several years to configure, manage and transform on-premises data centers. Microsoft has announced the availability of Azure Arc-enabled System Center Virtual Machine Manager. This is a new Azure Arc feature that allows on-premises environments, managed by System Center Virtual Machine Manager, to be connected to Azure, thus unlocking Azure-based self-service. In this way, VMM-controlled on-premises virtual machines can be created, managed and deleted, in on-premises System Center Virtual Machine Manager deployments, via the familiar Azure portal or using ARM templates, thus ensuring a consistent experience.

Machine Learning with Azure Kubernetes Service and Arc-enabled Machine Learning

With a simple distribution of the cluster extension in an AKS environment or on Kubernetes clusters (Arc Kubernetes) Azure Arc enabled, the cluster is supported in Azure ML.

Azure Key Vault secrets provider on cluster Kubernetes Azure Arc enabled

The extension Azure Key Vault (AKV) Secrets Provider allows you to retrieve the secrets, keys and certificates from an Azure Key Vault in a Kubernetes cluster connected to Arc. This feature eliminates the need to store and maintain secrets locally on K8s clusters, relying on AKV as a centralized solution for secret management.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Defender for Azure Cosmos DB
• Defender for SQL on machines in AWS and GCP environments

Protect

Azure Backup

Multiple backups per day for Azure VMs

Azure Backup allows you to create advanced policies to take multiple snapshots of virtual machines per day. Now, to address the need to protect mission-critical workloads aboard virtual machines, there is the possibility of reducing the RPO parameter up to four hours. Thanks to this feature, you can also get a higher retention with regards to instant restore. In fact,, the policy is designed to offer from seven-day instant recovery retention (default duration) up to a maximum of thirty days.

Multi-user authorization for recovery services vault

Multi-user authorization (MUA – Multi User Authorization) for Azure Backup adds an additional layer of protection for critical operations on recovery service vault, providing greater security regarding backups. To provide multi-user authorization, Azure Backup has introduced a resource protection mechanism that ensures that critical operations are performed only if you have obtained the appropriate permission. In this way, Azure Backup provides better protection against operations that could lead to potential loss of backup data, including:

• Disabling soft delete and hybrid security settings
• Disabling the protection of multi-user authorization
• Edit backup policies (to reduce the conservation)
• Changing the security (to reduce the conservation)
• Interruption of protection with the deletion of data
• Changing the MARS security PIN

The backup administrator, which typically holds the recovery services vault, must obtain the role of contributor in the protection of the resources to be able to perform the above protected operations (critical operations). This also requires the action of the resource protection owner to approve and grant the requested access. Furthermore, it is also possible to use Azure AD Privileged Identity Management to manage just-in-time access in resource protection. Finally, it is allowed to create the resource guard in a subscription or tenant other than the one where the recovery services vault resides, to achieve an additional level of isolation.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements summarized and accompanied by the necessary references to be able to carry out further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Govern

Azure Arc

Support for private endpoints for Azure Arc-enabled servers

Private endpoints for Azure Arc-enabled servers allow you to manage Windows and Linux servers from Azure without having to send network traffic over the Internet, thus ensuring greater security. The servers can be configured for the use of a private endpoint by associating them with an Azure Arc Private Link Scope and connecting the on-premises network to an Azure virtual network using a site-to-site VPN or Express Route.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• “Azure Cost Management and Billing” now is “Microsoft Cost Management”: an integrated tool to monitor, manage and optimize Microsoft Cloud costs
• Anomaly detection alert: the anomaly detection model has been significantly improved to more accurately predict and detect anomalous situations.
• Display of the cost of child resources in the cost analysis

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Multicloud settings of the Servers plan available at the connector level
• JIT (Just-in-time) access available for AWS EC2 instances (Preview)
• Add and remove Defender profile for AKS clusters using the CLI

Protect

Azure Backup

Support for Azure virtual machines with trusted launch technologies

Trusted launch is a simple method, to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure Backup introduced support for protecting Azure VMs with trusted launch features enabled.

Support for disks that use the Write Accelerator functionality

Azure Backup is now able to protect disks with the Write Accelerator feature enabled. These disks are widely used by Azure customers with virtual machines (VM) M series to improve I / O latency of writes over Azure Premium storage.

Migrate

Azure Migrate

New migration features for applications (preview)

The Azure Migrate tool has been integrated with additional features that simplify the movement of applications from on-premises environments to Azure App Service and to the Azure Kubernetes service. The bulk migration capabilities of Azure App Service allows you to:

• Do the discovery and assessment of ASP.NET Web apps, ranking which apps are ready for migration
• Suggest a destination for migration
• Do the discovery and assessment for the migration of Java Tomcat applications to the Linux App Service services and to the Azure Kubernetes Service.
• Containerize ASP.NET web apps and move them to Windows containers on App Service or Azure Kubernetes Service.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft is constantly announcing news regarding Azure management services. This summary, published monthly, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Windows client support for the Azure Monitor agent (preview)

Azure Monitor agent and data collection rules now support client devices, Windows 10 and Windows 11, via a new installation setup (MSI). This allows you to extend the use of the same agent for telemetry and for security aspects (using Sentinel).

Support for custom logs and IIS logs for the Azure Monitor agent (preview)

The Azure Monitoring Agent (AMA) natively provides the ability to collect log files (custom and IIS logs) in a Log Analytics workspace. This feature is particularly useful for easily consulting the custom logs generated by services or applications and IIS logs and for carrying out specific analyzes..

Integration between Azure Monitor and Azure Managed Grafana(preview)

Microsoft announced Azure Managed Grafana, a service managed by Microsoft that allows customers to run Grafana natively within the Azure platform. Azure Managed Grafana allows you to extend integrations with Azure Monitor, providing the ability to easily view Azure monitor data in Grafana dashboards.

Configure

Azure Automation

Diagnostic audit log for Automation account

Also for Automation Accounts, has been enabled the ability to send audit data to blob storage accounts, Event Hub and workspace of Azure Monitor Log Analytics. This possibility allows you to monitor the main activities that are carried out on the Automation Account for security and compliance purposes. By enabling the Audit event collection mechanism, it is possible to collect telemetry data regarding operations of creation, updating and deleting of Automation Account runbooks and assets.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Totals summarized in the cost analysis (preview)
• Ability to download Azure costs in a ZIP file
• Ability to save through autoscaling mechanisms in Azure

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• New plans for Defender for Servers
• Transfer of custom recommendations
• PowerShell script to send alerts to Splunk and QRadar
• Deprecated recommendations for Azure Cache for Redis
• Viewing the activity logs related to a security alert

Protect

Azure Backup

Support for vault-archive storage for VMs backup, even in the presence of SQL and SAP HANA

Azure Backup announced the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and keep backup data for longer. This feature is available for Azure VMs, even in the presence of SQL Server and SAP HANA installed on board the VMs. When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, through a simple and intuitive process.

Metrics and related alerts for Azure Blob storage (preview)

In recent months Azure Backup has released the ability to consult the health metrics of backups and restores for Azure virtual machines, SQL/HANA databases on board Azure virtual machines and Azure File. Now, Azure Backup also supports these metrics for storage blobs.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, published on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New agent: support for Private Links

The new Azure Monitor agent introduced support for network configurations via private link. This configuration allows you to operate in restricted environments that require special network requirements and a high degree of isolation.

Govern

Azure Cost Management

Automated emails on cost views

To allow you to stay up to date on cost changes in Azure Cost Management and Billing the possibility of sending automated e-mails has been introduced. From the cost analysis, selecting a graphic view, you have the opportunity to subscribe to updates on a daily basis, weekly or monthly and even share those views with people outside the Azure portal.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Secure Score for AWS and GCP
• Defender for Containers can scan for vulnerabilities in Windows images (preview)
• New alerts for Microsoft Defender for Storage (preview)
• ISO implementations 27001 replaced with the new ISO standard 27001:2013
• Posture management and threat protection for AWS and GCP

Protect

Azure Backup

Azure Files Snapshot Protection

To protect Azure Files snapshots from accidental deletion, Azure Backup has added an extra layer of security to the snapshot management solution, integrating with the Azure Files platform's ability to acquire a snapshot lease. This lease creates and maintains a lock on snapshots for delete operations. After taking a snapshot of Azure File, Azure Backup acquires it, thus protecting it from accidental elimination. Furthermore, to ensure that the snapshot is not deleted during a restore operation, Azure Backup also checks the lease status at the beginning of the recovery and acquires it if necessary.

Support for Azure virtual machines with technologies trusted launch (preview)

Trusted launch is an easy way to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure introduced support, currently in preview, of Azure VMs with trusted launch features enabled.

Azure Site Recovery

On-demand capacity reservation with Azure Site Recovery to safeguard virtual machine failover

Azure Site Recovery is now integrated with the’on-demand capacity reservation, which allows you to take advantage of the capacity reservation to reserve processing capacity in the disaster recovery region (DR) and thus ensure the execution of workloads during failover processes. By assigning a capacity reservation group (CRG) for protected VMs, Azure Site Recovery will fail over the VMs to that CRG. Furthermore, there is a SLA for the Recovery Time Objective (RTO) of 2 hours.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 61 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

The month of February was full of news and there are several updates that have affected the Azure management services. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Azure Monitor Agent: new feature to update the extension automatically

With the new Azure Monitor agent, you can get important updates and security fixes by enabling the automatic extension update function within the agent. Basically, when an update is published, the extension updates and replaces the existing version present in the virtual machine or in the scale set.

Azure Monitor Agent: improved Syslog RFC compliance

The latest version of the Azure Monitor agent is now capable of collecting syslog events from the following vendors, standard device types and formats:

• Cisco Meraki, ASA, FTD
• Sophos XG
• Juniper Networks
• Corelight Zeek
• CipherTrust
• NXLog
• McAfee
• CEF (Common Event Format)

Azure IoT Edge monitor

Thanks to a deep integration with Azure Monitor it is possible to simplify the monitor of Azure IoT Edge devices, through a set of built-in metrics, the IoT Edge Metrics Collector module and a set of “curated visualization”. Through this integration it is possible:

• Analyze the efficiency of the solution
• Choose the hardware to meet the performance demands of the devices
• Monitor blocked resources
• Proactively identify problems
• Resolve problems quickly
• Create custom metrics and dashboards

Ability to set an exact time range in queries

In the queries on the Log Analytics workspaces it is now possible to specify a specific time range, in this way it is possible to carry out precise and more targeted searches.

The Azure Monitor ‘action rules’ are now ‘alert processing rules’

Microsoft has renamed the 'action rules” of Azure Monitor in “alert processing rules”, which will continue to provide post-processing capabilities for alerts triggered in Azure Monitor.

Log Analytics data export

The new Azure Monitor Log Analytics data export feature allows you to send log data not only to Log Analytics workspaces, but also to a storage account or Event Hub. Furthermore, data can be streamed continuously from Log Analytics tables to a storage account or to Event Hub if Microsoft has enabled streaming support for those types of tables.

Custom retention for tables AzureActivity and Usage

In Azure Monitor, the ability to set custom retention has been introduced for tables AzureActivity and Usage present in the Log Analytics workspaces . Previously, AzureActivity and Usage had a minimum of retention of 90 days and such data could not be set with a specific retention. Now the minimum retention for those tables remains of 90 days, useful for audit and troubleshooting purposes, but you can customize the retention period.

Possibility to test the Action Groups (preview)

For Azure Monitor action groups, the ability to test notification settings for alerts has been introduced, in order to:

• Check if the notifications work as expected when creating or updating an action group
• Self-diagnose the cause of notifications not working as expected

Azure Monitor predictive autoscaling for VM Scale Sets (preview)

Predictive autoscaling, released in preview, uses machine learning algorithms to manage and scale Virtual Machine Scale Sets. This mechanism allows you to predict the overall CPU load on the Virtual Machine Scale Sets, based on historical CPU usage patterns. In this way the scale-out takes place in time to satisfy the demand.

Govern

Azure Cost Management

Anomaly detection

Anomaly detection has been introduced in Azure Cost Management. Thanks to this feature it is possible to consult any anomalies on costs, detected by the tool in the Azure subscriptions, in a specific period.

Enterprise agreement component management in Azure Cost Management and Billing

In Azure Cost Management and Billing you can now create, manage and govern departments, accounts, and subscriptions related to enterprise agreement contracts. In particular, from the Azure portal you can perform the following activities:

• Manage the roles of the enterprise agreement contract
• Create and manage the hierarchy at the enrollment level(department, account, subscription)
• View properties and manage policies
• View usage and charges
• Download the invoice
• View and monitor the Microsoft Azure Consumption Commitment balance (MACC)

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Kubernetes workload protection for Arc enabled clusters
• Native CSPM for Google Cloud Platform (GCP) and threat protection for GCP instances

Protect

Azure Backup

Ability to perform multiple Azure File backups throughout the day

In Azure Backup it is now possible to perform multiple backups during the day, with a maximum frequency of four hours, to take multiple snapshots of the file share. This feature allows you to define a backup schedule in line with working hours, useful for frequent updates to Azure File content. Furthermore, you can use Powershell or the Azure command line interface to create backup policies to generate multiple snapshots during the day according to the defined schedule.

Long term retention for Azure PostgreSQL backup

Azure Backup for PostgreSQL is a scalable solution that does not require the presence of an infrastructure, agents or storage accounts, while providing a simple and consistent experience to centrally manage and monitor backups. Support for long-term backup storage was introduced for this solution.

Automatic backup improvements for SQL Server onboard virtual machines

Automatic backup of Azure Backup, a feature given by the extension of the IaaS SQL agent, provides an automatic backup service for SQL Server on board Azure virtual machines. The following improvements have been added to this functionality:

• Longer backup retention time in storage account, passing from 30 days to 90 days.
• Ability to choose for each Azure virtual machine a specific container of the storage account as a destination for backups. Previously, it was only allowed to specify a storage account and all backups flowed into the same container.

Restore point cross region for virtual machines

The restore points of a virtual machine are snapshots that contain the metadata of the virtual machine and are consistent for all the disks associated with it. These recovery points can be used to protect workloads from data loss and corruption. Now it is possible to restore points of the virtual machine in any region, regardless of the region in which the virtual machine is deployed.

Azure Site Recovery

Recovery point extended to 15 days

Azure Site Recovery through replication policies allows you to adjust the retention history of recovery points. It is now allowed to keep recovery points up to 15 days instead of 72 hours. Recovery points will be stored with a frequency of 5 minutes for the first 2 hours. Later, they will be deleted and archived less frequently. You can enter any value between 0 and 15 days to configure the retention period in a retention policy. Furthermore, if necessary, it is possible to enable type recovery points “application-consistent” (disabled by default).

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 60 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.