In November, Microsoft unveiled several news regarding Azure management services, accomplice also the Microsoft Ignite conference 2021. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
Log Analytics Workspace Insights in Azure Monitor
Microsoft has announced the availability ofLog Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: use, performance, integrity, agents, query and change logs.
These are the main questions to which the solution can provide an answer:
- What are the main tables, those where most of the data is imported?
- Which resource sends the most logs to the workspace?
- How long does it take for the logs to reach the workspace?
- How many agents are connected to the work area? How many are in a health state?
- Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
- Who has set a daily limit? When data retention has changed?
- Useful for keeping a log of changes in workspace settings.
New troubleshooting experiences in Network Insights for VPN Gateway & Azure Firewall
It is now possible to access detailed information and have a new problem solving experience in Azure Monitor Network Insights for VPN Gateway and Azure Firewall.
Indeed, you have the option of:
- Access the resource topology that shows the integrity of the same and the related connections
- A workbook showing all the key metrics
- Direct links to documentation and troubleshooting guide
Azure Monitor container insights for Azure Arc enabled Kubernetes
In Azure Monitor, you can get detailed information about the containers running in Azure Arc-enabled Kubernetes environments. This allows you to centralize the visualization of infrastructure metrics, of container logs and related recommendations. The main features are:
- Simple onboarding directly from the Azure portal
- Receipt of automatic updates from the monitoring agent
- Performance visibility, collecting memory and processor metrics from controllers, nodes and containers
- Views via workbook and in the Azure portal
- Alerts and queries on historical data for troubleshooting
- Ability to examine Prometheus metrics
Manage Log Analytics data export rules in the Azure portal (preview)
The export of Log Analytics data can now be configured in the Azure portal. This allows you to easily manage data export rules by giving you a clear view of existing rules in the workspace, regardless of whether they are in the enabled or disabled state. It is also possible to modify existing rules and create new rules with a few simple steps.
Azure Monitor for SAP: new telemetry and root cause analysis (RCA)
Azure Monitor for SAP Solutions (AMS) introduced support for new telemetry data of SAP HANA (preview) and SAP NetWeaver
For SAP HANA we find:
- License status: provides licensing details for all tenants running with SAP HANA MDC.
- Multi-Version Concurrency Control (MVCC): report on the consistency of transactional data, isolating the transactions that access the same data at the same time
- Details on save point operation
- Details on delta merge
- Statistics on HANA Alert
Customers who are using the solution will have available, without carrying out any further activities, the above telemetry data. For new customers who want to activate this solution, you can follow this guide to AMS onboarding and configure at least one SAP HANA provider.
Furthermore, customers using SAP in an Azure environment can view the “root cause analysis (RCA)” when a SAP system becomes unavailable due to an outage of the virtual machine or host. Indeed, AMS allows you to view information about the restart, the analysis of the triggering cause, details on the affected system and recommended steps.
AMS is currently available in the following Azure regions: US East, US East 2, US West 2, Europe West, and Europe North. AMS does not incur any additional licensing fees, but only the consumption costs of Azure Monitor are covered.
PowerShell runbook support 7.1 (preview)
Azure Automation support for PowerShell runbooks 7.1 has been made available in preview on Azure, Azure Gov and Azure China. This allows for the development and execution of runbooks using PowerShell 7.1, both for cloud processes and for hybrid processes on Azure and non-Azure systems.
Support for Managed Identities
Support for Managed Identities has been introduced in Azure Automation. System Assigned Managed Identities are supported for cloud and hybrid processes, while User Assigned Managed Identities are only supported for cloud processes. This support allows you to reduce the effort of managing Run As Accounts for runbooks. A User Assigned Managed Identities is an independent Azure resource that can be assigned to the Azure Automation account, which can have multiple associated user-assigned identities. The same identity can be assigned to multiple Azure Automation accounts.
Automatic VM guest patching
The new feature called "Automatic VM guest patching" is now available and helps simplify update management and achieve security compliance. Enabling the feature “Automatic VM guest patching” patches classified as critical and security are automatically downloaded and applied to the system. This feature is available for both Windows and Linux systems.
Azure Cost Management
Azure Advisor: tips to save on Azure Cosmos DB resource costs
Specific recommendations have been included in Azure Advisor to help you achieve possible cost savings for Azure Cosmos DB, obtained based on the historical use of resources.
Updates related toAzure Cost Management and Billing
Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Microsoft Defender for Cloud
Change to the names of Azure solutions in the security field
In November, durante Ignite 2021, changes have been announced to the names of Microsoft Azure solutions in the security field, as below:
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
- Azure Security Center and Azure Defender have been unified and are called “Microsoft Defender for Cloud”
- Native CSPM for AWS and Threat Protection for Amazon EKS and AWS EC2
- Prioritizing sensitive data in cloud workloads, using Azure Purview
- Improvements to integration with Microsoft Sentinel
- Azure Security Benchmark v3 released
Multi-user authorization for backups (preview)
Multi-user authorization for Azure Backup provides advanced protection for Recovery Services vaults against unauthorized critical operations. Azure Backup uses a Resource Guard to ensure that critical operations are performed only with the appropriate authorization. With this mechanism, Azure Backup helps provide better protection against operations that could lead to the loss of backup data, including:
- Disabling soft delete and hybrid security settings
- Disabling MUA protection
- Changes to backup policies
- Security changes
- Stop protection
- Changing the MARS security PIN
The backup administrator, which typically accesses the Recovery Services vault, must acquire the role of Contributor on Resource Guard to be able to perform the above protected operations (Critical). To do this, it must also request the action of the Resource Guard owner, who must approve and grant the requested access. It is also possible to use Azure AD Privileged Identity Management to manage just-in-time access on Resource Guard. Furthermore, it is possible to create the Resource Guard resource in a subscription or in a tenant other than that of the Recovery Services vault, for maximum isolation.
Metrics and related alerts for Azure Backup (preview)
Azure Backup now provides built-in metrics to allow you to monitor the integrity of backups and write custom alert rules based on these metrics.
Azure Site Recovery
Support for failover of multiple IP configurations
Azure Site Recovery has been introduced, for virtual machines on Azure, support for failover of secondary IP configurations. This allows you to configure failover and test failover settings for each secondary IP configuration, currently only in the Azure to Azure scenario (A2A).
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 59 which solves several problems and introduces some improvements. Among the most important innovations we find support for Windows Server 2022 for the mobility Service. The details and the procedure to follow for the installation can be found in the specific KB.
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.