This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure Lab Services April 2022 update (preview)
IT departments, administrators, educators, and students can utilize the following updated features in Azure Lab Services:
- Enhanced lab creation and improved backend reliability
- Access performance
- Extended virtual network support
- Easier labs administration via new roles
- Improved cost tracking via Azure Cost Management service
- Availability of PowerShell module
- .NET API SDK for advanced automation and customization
- Integration with Canvas learning management system
Azure File Sync agent v15
Azure File Sync agent v15 is available and it’s now on Microsoft Update and Microsoft Download Center.
Improvements and issues that are fixed:
- Reduced transactions when cloud change enumeration job runs
- View Cloud Tiering status for a server endpoint or volume
- New diagnostic and troubleshooting tool
- Immediately run server change enumeration to detect files changes that were missed by USN journal
- Miscellaneous improvements
More information about this release:
- This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
- A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
- The agent version for this release is 220.127.116.11.
- Installation instructions are documented in KB5003882.
Object replication on premium blob storage and rule limit increased
Object replication now supports premium block blobs to replicate your data from your blob container in one storage account to another anywhere in Azure. The destination storage account can be a premium block blob or a general-purpose v2 storage account.
You can also specify up to 1000 replication rules (increased from 10) for each replication policy for both general-purpose v2 and premium block blob storage accounts.
Object replication unblocks a set of common replication scenarios for block blobs:
- Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
- Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
- Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
- Optimizing costs: after your data has been replicated, you can reduce costs by moving it to the archive tier using life cycle management policies.
Controls to block domain fronting behavior on customer resources
Effective April 29, 2022,you will be able to stop allowing domain fronting behavior on your Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources in alignment with Microsoft’s commitment to secure the approach to domain fronting within Azure.
Virtual Network NAT health checks available via Resource Health
Virtual Network NAT (VNet NAT) is a fully managed and highly resilient network address translation (NAT) service. With Virtual Network NAT, you can simplify your outbound connectivity for virtual networks without worrying about the risk of connectivity failures from port exhaustion or your internet routing configurations.
Support for Resource Health check with Virtual Network NAT helps you monitor the health of your NAT gateway as well as diagnose or troubleshoot outbound connectivity.
With Azure Resource Health, you can:
View a personalized dashboard of the health of your NAT gateway
Set up customizable resource health alerts to notify you in near real-time of when the health status of your NAT gateway changes
See the current and past health history of your NAT gateway to help you mitigate issues
Access technical support when you need help with Azure services, such as diagnosing and solving issues
Virtual Network NAT Resource Health is available in all Azure public regions, Government cloud regions, and China Cloud regions.
Enhancements to Azure Web Application Firewall
Microsoft offers two options, global WAF integrated with Azure Front Door and regional WAF integrated with Azure Application Gateway, for deploying Azure WAF for your applications and APIs.
On March 29, Microsoft announced the general availability of managed Default Rule Set 2.0 with anomaly scoring, Bot Manager 1.0, and security reports on global WAF. Additional features on regional WAF are available, that offer you better security, improved scale, easier deployment, and better management of your applications and APIs:
- Reduced false positives with Core Rule Set 3.2 integrated with Azure Application Gateway. The older CRS 2.2.9 ruleset is being phased out in favor of the newer rulesets.
- Improved performance and scale with the next generation of WAF engine, released with CRS 3.2
- Increased size limits on regional WAF for body inspection up to 2MB and file upload up to 4GB
- Advanced customization with per rule exclusion and attribute by names support on regional WAF
- Native consistent experience with WAF policy, new deployments of Application Gateway v2 WAF SKU now natively utilizes WAF policies instead of configuration
- Advanced analytics capabilities with new Azure Monitor metrics on regional WAF