Category Archives: Cloud

Azure management services and System Center: What's New in July 2019

Microsoft announces constantly news about Azure management services and System Center. As usual our community releases this monthly summary that provides a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

Azure Log Analytics

Availability in new regions
Azure Log Analytics is now also possible to activate it in these new regions: South Africa North, Brazil South, UK West and North Central US.

New search capabilities in Azure Monitor Log

Azure Log Monitor has introduced the ability to check the logs directly on specific Azure resources, thereby allowing you the ability to filter it more easily on the resource. The logs are also aggregated from all workspaces that contain logs associated with that specific resource.

What's new in the interface

In July there have been several innovations in the interface of Log Analytics, described in detail in this article.

Azure Automation

Azure Update Management: non-targeted in Azure

In Azure Update Management it was introduced the feature that allows dynamic targeting, with systems not in Azure environment, for deployments of patches. The machines not in the Azure environment can be dynamically added to the patch distributions based on the criteria specified in a saved search in Log Analytics.

Azure Site Recovery

Added support for disks of size up to 8 TB

In Azure Site Recovery you can now protect data disks of size up to 8 TB. This functionality is available for all virtual machines with Azure managed disks and also for all the on-premises machines that are replicated on managed disks.

System Center Configuration Manager

New release for the Technical Preview Branch

For Configuration Manager was released the update 1907 that among the main innovations provides the ability to search in the Task Sequence Editor, useful when you have a particularly complex Task Sequence.

To verify the details about what's new in this update you can see this document.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

Desktop Analytics available in Public Preview

The solution Desktop Analytics is available in public preview. It is a tool that can provide useful information and provide the automation necessary to keep update your Windows machines. The possible integration of Desktop Analytics with System Center Configuration Manager, adds the value given by the cloud solution to the local infrastructure.

Released version 1906 for the Current Branch

There are many new features in this release designed to enrich and improve different features of the solution. The main innovation is the integration with Desktop Analytics. To get the complete list of new features introduced with this build, you can consultthis official document. The transition to version 1906 can be done by following theinstallation checklist, at the end of which it is appropriate to continue with theChecklist post-update.

Evaluation of Azure and System Center

To test and evaluate free of charge the service offered by Azure you can access this page, while to try out the various components of System Center you must Access to theEvaluation Center and, after registering, you can start the trial period.

Azure IaaS and Azure Stack: announcements and updates (July 2019 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure File Sync supports the firewall and virtual network setting on storage accounts

To configure your Azure File Sync deployment to work with the firewall and virtual network setting, perform the following steps:

  • Go to the storage account you want to secure.
  • Click on the settings menu called Firewalls and virtual networks.
  • Click on allow access from Selected networks.
  • To enable servers to sync to the Azure file share, verify the server’s IP address or virtual network has been added.
  • To enable the Storage Sync Service to access the storage account and Azure file share, verify the Allow trusted Microsoft services to access this storage account is selected.
  • Click Save to save your settings.

This feature works with any Azure File Sync agent version.

Azure File Sync agent v7.2 update

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes if the proxy configuration is null.
  • Server endpoint will start BCDR (error 0x80c80257 – ECS_E_BCDR_IN_PROGRESS) if multiple endpoints on the server have the same name.
  • Cloud tiering reliability improvements.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

New features to IPv6 support for Azure VNets

In addition to the preview capabilities announced on April 23, IPv6 for Azure VNET public preview now includes:  

  • Standard IPv6 Public Load Balancer support to create resilient, scalable applications which includes:
    • IPv6 health probe to determine which backend pool instances are healthy and thus can receive new connections. 
    • Outbound Rules provide full declarative control over outbound connectivity to precisely tune your network for scale and resiliency.
    • Multiple Front-end Configurations enable a single load balancer to use multiple IPv6 Public IP addresses – the same frontend protocol and port can be reused across frontend addresses.
  • Instance-level Public IP provides IPv6 Internet connectivity directly to Individual VM’s
  • Azure Portal support for the preview now includes interactive create/edit/delete of dual stack (IPv4/IPv6) Virtual Networks and subnets, IPv6 Network Security Group Rules, IPv6 User defined routes, and IPv6 Public IP’s. 

Azure Security Center launched new network recommendations

There are new and updated Azure Security Center networking recommendations. For more information, see the Network Recommendations section in the Azure Security Center documentation.

Proximity placement groups are in preview

A proximity placement group is an Azure Virtual Machine logical grouping capability that you can use to decrease network latency among VMs. When the VMs are deployed within the same proximity placement group, the VMs are physically located as close as possible to each other. Proximity placement groups are particularly useful to address the requirements of latency-sensitive workloads.

New 48 vCPUs Azure Virtual Machine sizes are available

New 48 vCPUs sizes for the Dv3, Dsv3, Ev3, Esv3, Fsv2, and Lsv2 Azure Virtual Machines (VMs) are available so you can better match your workload requirements.

Azure Mv2-series VMs up to 6 TB of memory are available for the US West 2 region

Azure Mv2-series virtual machines are hyper-threaded and feature Intel® Xeon® Platinum 8180M 2.5 GHz (Skylake) processors, offering up to 208 vCPU in 3 TB and 6 TB memory configurations. Mv2 virtual machines provide unparalleled computational performance to support large in-memory databases and workloads such as SAP HANA and SQL Hekaton. Mv2 VMs are available in US East, US East 2 regions, and US West 2 regions. Mv2 VMs in Europe West, Europe North, and Southeast Asia regions will become available in the coming months.

Availability Zones support is available for Azure Kubernetes Service (AKS) in preview

Availability Zones support is now available for AKS in preview. Protect applications and data from datacenter failures with redundancies across Availability Zones and achieve higher availability and resiliency for worker nodes with Availability Zones, used in conjunction with Azure Standard Load Balancer.

Network Performance Monitor in Central India

Network Performance Monitor is now available in Central India region.

Azure Lab Services updates

  • Azure Lab Services has a new instance size available: Medium (nested virtualization)
  • Azure Lab Services has removed the unlimited option from quota per user so lab owners can intentionally choose a specific number of hours needed for each lab to help save costs.
  • Azure Lab Services supports the ability to reset passwords and to provide added support for Ubuntu images.

Azure Stack

Azure Stack 1907 update

Azure Stack 1907 Update is available. Check the release notes for more details.

Azure Data Share: the service to share data in a safe manner

Microsoft recently announced the availability of the new managed service Azure Data Share, specially designed for sharing data between different organizations. Azure Data Share allows you to share and combine data in an easy way, in order to ensure effective business collaboration between different realities, in respect of safety and governance. In this article are covered the principles of operation and shows the procedure to be followed for the corresponding configuration.

To date, the most commonly used solutions for the exchange and sharing of corporate data are based on the File Transfer Protocol (FTP) or on custom Web API, which in addition to having to manage a specific infrastructure, are unable to adhere to corporate standards in terms of security and governance. Furthermore, these solutions are not suitable for the exchange of large volumes of data. Azure Data Share is a fully managed service with the aim of simplifying, secure and controlled the process of sharing data between different business realities. Is not required to configure any specific infrastructure and service can rapidly scale to meet big data sharing needs. Meanwhile, your safety is critical for a service of this kind and Azure Data Share exploits the main intrinsic safety measures in Azure for data protection.

Activation of the service

The activation of the service Azure Data Share must be carried out primarily by those who must share data, as follows.

Figure 1 - Starting the process of creation

Figure 2 - Parameters required by the creation process

The deployment is very fast and after activating the service you can begin the process of sharing data.

Using the solution

Azure Data Share has an intuitive interface, can be used directly from the Azure portal, and with a few simple steps you can choose what information to share and with whom to share them.

Figure 3 – Start the process of sharing

Figure 4 – Definition of the name and details of the share

It is possible to govern the use of the data by binding specific terms of use for each share that is created. To allow receiving data, recipients must accept the terms of use specified.

Figure 5 – Added the Dataset and the selection of the type

For data sharing today you can use as Dataset Azure Blob Storage and Azure Data Lake Storage, but soon will be introduced also new Azure data sources.

Figure 6 – Selection of the container that contains the data to be shared

Figure 7 - Added email address of the person you share files

The service also provides the ability to schedule the sharing of new content or changes, while maintaining complete control of any share.

Figure 8 - Scheduling of snapshots

Figure 9 - Review and creation of the share

The recipient will receive at the end of the sharing process a notification by email.

Figure 10 - Notification received via email from the person to whom you want to send data

Figure 11 - Invitation of Data Share from the Azure portal

One who receives the shared data must have a service Azure Data Share to see the shared data.

Figure 12 – Accept invitation to Date Share

In accepts the invitation you must specify the target, in this case the storage account, on which to bring the data received. Such content you can choose to keep it synchronized according to the scheduling specified by the sender.

Figure 13 - Configuration of the storage account target

Figure 14 - Detail of a receipt sharing

In the received shares it is also given the option to manually trigger a snapshot (full or incremental).

Conclusions

In a world where the amount, the type and variety of data is growing, you must have services that enable organizations to work together by sharing information of any kind and size. Thanks to the Azure Data Share you can share data, between different companies, in a simple way, safe and respecting the governance policies. Adding new datasets for data sharing, expected in the short term, will make this service even more complete and effective.

Azure Governance: introduction to Azure Resource Graph

The Azure governance is possible thanks to a series of specially designed services to enable a management and a constant control of the various Azure resources on a large scale. Among these services are Resource Graph, a powerful tool that allows you to quickly obtain via command-line details regarding the different Azure artifacts. Using Resource Graph you can retrieve information that previously required necessarily complex and iterative scripting. This article lists the characteristics of the solution and how you can use it to find out the details of Azure resources on large scale.

Characteristics of the service

In the presence of complex Azure environments who see the presence of many subscriptions, maintain overall visibility of all Azure resources can be complex without the use of tools specifically developed. These requirements which typically need to be addressed:

  • Ability to view resources and their properties in a transversal way among different subscriptions.
  • Be able to efficiently perform queries on resources by setting filters, groupings and by imposing a specific sort order on their properties.
  • Explore iteratively the different resources.
  • Assessing the impact achieved by applying policies on a large number of cloud resources.

The service Azure Resource Graph allows, thanks to the use of an efficient and powerful language to perform the following actions:

  • Query on resources by applying filters, complex groupings and sorts.
  • Explore iteratively resources based on the governance requirements.
  • Assess the impact given by the application of the policy in a vast cloud.
  • Detailing the changes that are made to the Azure resource properties. Recently was introduced the ability to view the last 14 days of history regarding the changes made to resources, to identify which properties have been changed and when. This feature is particularly useful in the process of troubleshooting, to detect any change events in a specific time slot. Furthermore, it is functional to understand the properties that were changed when a resource has changed the status of compliance, to consider adopting Azure Policy to properly manage such properties. For further details please visit the Microsoft's official documentation.

All these actions provide important aspects in order to govern the most of their Azure environment.

When an Azure resource is updated, Resource Graph Resource Manager is notified by the relevant changes and updates its database accordingly. Resource Graph also regularly performs a complete scan of resources to ensure that your information is up to date in case of missing notifications or updates that take place outside of Resource Manager.

How to use Resource Graph

The query of Azure Resource Graph are based on the Kusto language, also used by Azure Data Explorer, Application Insights and Azure Log Analytics. For more details on using the query language of Azure Resource Graph you can see the Microsoft's official documentation, that shows how it is structured and what are the operators and supported features.

Resource Graph supports theAzure CLIAzure PowerShell and Azure SDK for .NET. Querying Resource Graph requires the addition of the relative extension in the Azure CLI environment , while in Azure PowerShell the installation of the Resource Graph module is required. The queries are always structured in an identical manner, regardless of where they are performed.

The use of Resource Graph requires that the user with which it performs the query has at least read permissions, through Role-based access control (RBAC), about resources that you intend to query. If you don't have at least read permission on specific resources, queries will not return results related to them.

The service Azure Resource Graph is also used when performing research in the search bar of the Azure portal, in the new list of resources (‘All resources’) and in the change history of Azure Policy.

Figure 1 – Experience of ‘All resources’ using Azure Resource Graph

Sample Query

Below are some examples of query of Resource Graph and its result.

Figure 2 - Query to count by resources type (Resource Type)

Figure 3 - Query to count the resources by geographic location

The query of Azure Resource Graph have the advantage that besides being able to achieve the desired result in a simple way, they are also very performant:

Figure 4 - Running time of the query to count the resources based on location

If anyone wanted to achieve this result using the classic PowerShell method in complex Azure environments, should join to the single Azure subscription, search the necessary information and move to the next subscription. This approach was the only possible until the arrival of Resource Graph, but it was more labor intensive and much less powerful.

Figure 5 - List of VMs with the OS disk not Managed

Conclusions

Azure Resource Graph allows you to quickly and efficiently explore and analyze Azure resources, allowing to maintain a total visibility even on particularly complex Azure environments, consisting of several subscriptions, each of which with a large number of elements. Particularly useful is the functionality that allows you to see the history of changes to Azure resources. Azure Resource Graph is a tool that allows you to make a significant contribution for the governance of the Azure environment.

Azure IaaS and Azure Stack: announcements and updates (July 2019 – Weeks: 27 and 28)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Pubic preview for large file shares (100 TiB) on standard tier

Announced the public preview of large file shares for Azure Files standard tier. Azure File Sync, until now, scaling cloud file shares beyond 5 TiB required changing the paradigm for accessing data. The preview of a larger and higher scale standard tier for Azure Files, is available to all Azure customers. This preview significantly improves your experience by increasing standard file shares’ capacity and performance limits. In select regions, standard file shares in general purpose accounts can support the following larger limits:

Azure Files Before (standard tier) New (standard tier)
Capacity per share 5 TiB 100 TiB (20x increase)
Max IOPS per share 1,000 IOPS 10,000 IOPS (10x increase)
Max throughput per share Up to 60 MiB/s Up to 300 MiB/s (5x increase)

Performance limits for a single file remain the same at 1 TiB, 1000 IOPS, and 60 MiB/s. Standard file shares are backed by hard disk drives. If the workload is latency sensitive, you should consider Azure Files premium tier, that is backed by solid-state drives.

New larger B-series VM sizes with flexible CPU usage

Microsoft has released three new B-series sizes: B12ms, B16ms and B20ms. These are lower cost VMs with flexible CPU usage.

Azure Data Box Heavy is generally available

Azure Data Box Heavy has reached general availability in the US and EU. Data Box Heavy is designed for a much larger scale than the original Data Box. Data Box Heavy’s one petabyte of raw capacity and multiple 40 Gbps connectors mean that a datacenter’s worth of data can be moved into Azure in just a few weeks.

Network Watcher is Generally Available in South Africa

Network Watcher is a cloud based solution for troubleshooting and monitoring networks in Azure. Azure Network Watcher is generally available in South Africa North region.

Azure Ephemeral OS Disk is Generally Available

Ephemeral OS disks are created on the local virtual machine (VM) storage and not saved to the remote Azure Storage. Ephemeral OS disks work well for stateless workloads, where applications are tolerant of individual VM failures, but are more affected by VM deployment time or reimaging the individual VM instances. With Ephemeral OS disk, you get lower read/write latency to the OS disk and faster VM reimage. Ephemeral OS disk is free i.e., you incur no storage cost for the OS disk. You can still be charged for any data disks attached to the VM. You can use either the Marketplace or Custom or Gallery Images to deploy VM/VM Scale Set (VMSS) with Ephemeral OS Disk. This functionality is available in all Azure regions.

Azure Monitor for VMs is available in East and South East Australia regions

Azure Monitor for VMs is now available in East Australia and South East Australia. Azure Monitor for VMs monitors your Azure virtual machines and virtual machine scale sets. The service analyzes the performance and health of your Windows and Linux VMs, monitoring their processes and their dependencies on other resources and external processes.

Azure Migrate is enhanced

Azure Migrate is now enhanced and can help you discover, assess, and migrate applications, infrastructure, and data from your on-premises environments to Azure. You can centrally track progress of your migration journey across multiple Microsoft and Independent Software Vendor (ISV) tools in Azure Migrate.

This release includes the following functionality:

  • Extensible approach with choice across Microsoft and popular ISV assessment and migration tools

  • Integrated experience for discovery, assessment, and migration with end-to-end progress tracking for servers and databases

  • Server Assessment and Server Migration for large-scale VMware, Hyper-V, and physical server migrations

  • Database Assessment and Database Migration across various database targets including Azure SQL Database and Managed Instance

Azure Governance: how to organize your resources using the Azure Management Groups

In the presence of environments with a high number of Azure subscriptions it is necessary to have a different level of abstraction in order to effectively manage the accesses, policies and compliance. To this end, Azure Management Groups have been introduced, that allow to organize different subscriptions into logical containers, on which define, implement and verify government policies needed. This article examines in detail the concepts and shows directions to better organize the Azure resources in order to facilitate the process of governance.

To effectively organize Azure resources is fundamental to define a hierarchy of management groups and subscriptions to which you can apply Azure Policy, the service that allows you to create, assign and manage audit policy. The use of the Management Group is also helpful to effectively manage the assignment of permissions via role-based access control (RBAC), for administrative delegation.

Figure 1 - Example of a hierarchy of Management Groups

Each resource Azure is contained within a specific Azure Subscription, which it is associated to a single Azure Active Directory tenant, and inherits the permissions set at that level.

At the moment, a constraint to consider, is that a Management Group can contain multiple subscriptions as long as the same form part of the same Azure Active Directory tenant . In other words,, the Management Groups reside within a tenant and cannot contain subscriptions of different tenants. The security principal that can be used on management group can come only by the tenant for the management group.

Figure 2 – Relationship between Azure AD and organizational structure

Azure resources belonging to a subscription are contained in Resource Groups. The resource groups are containers of resources that, for administrative purposes, allow to obtain the following benefits:

  • They facilitate administrative delegation because resources contained inherit permissions to the resource group level.
  • On the resource group you can set tags, although these are not automatically inherited by the resources, but it is necessary to foresee specific mechanisms if they are deemed necessary.

Figure 3 – Relationship between the levels of the organisational structure

The Azure Policy can be assigned to a subscription or Management Group level and can be defined exceptions for Resource Group. In this regard it is recommended whenever possible, to organize policies in "initiative" and assign them to Management Group level.

The root Management Group is the top level and contains all configured Management Groups and various Azure subscriptions. Root Management Group cannot be removed or moved. The structure can be created with up to six levels deep, without considering the Root level and the level of subscription. Each Management Group can have more children, but supports only one parent for each Management Group and for each subscription.

In the absence of specific requirements, Microsoft recommends that you split production environments than those "DevTest", creating two tiers of management groups. The management group root by default will have fundamental policies, such as those relating to security. On the remaining Management Groups are associated specific policies. The hierarchy of Management Groups provide a model for which the policies that are defined at higher levels in the hierarchy cannot be overwritten by lower levels.

Figure 4 – Management Group & Subscription Modeling Strategy

This approach enables you to manage complex Azure environments, who see the presence of more subscriptions. in a more simple and flexible way, for the following reasons:

  • The concept of inheritance allows with a single association to apply the desired controls and the assignment of roles on different subscriptions.
  • It has a centralized management.
  • You may include additional subscription in the hierarchy, with the knowledge that will adhere to established policies and who will have the assignment of desired roles.

Conclusions

The goverance processes by which an organization can ensure an effective and efficient use of IT resources, in order to achieve their goals, cannot refrain from adopting a model that allows to organize effectively the Azure resources. The use of Management Groups, in environments with a significant number of subscriptions, is essential to meet the common need of standardize, and in some cases impose, how you configure the different resources in the cloud.

Azure management services and System Center: What's New in June 2019

In June have been announced, by Microsoft, a considerable number of news regarding the Azure management services and System Center. From our community, through these articles released monthly, aims to provide a general overview of the main new features of the month, in order to stay up to date on these issues and have the necessary references for further information.

Azure Log Analytics

Azure VMBoundPort Monitor

In Azure Monitor was announced the availability, in all the regions supported by Log Analytics, to consult theVMBoundPort data setVMBoundPort contains information about all ports that accept incoming traffic and that can potentially accept it. This is a very useful feature, to analyze what ports are open and which are active, to carry out analysis of security or for troubleshooting.

New region supported for Azure Monitor for VMs

Azure Monitor for VMs, the service that allows you to analyze the performance and health of both Windows and Linux VMs, by monitoring their processes and ralative dependencies with other resources, is now also available in the region of West US 2. They become so seven Azure regions that currently support Azure Monitor for VMs.

Availability in new regions
Azure Log Analytics is now also possible to activate it in these new regions: South Africa North, Brazil South, UK West and North Central US.

Advanced Data Security available for SQL Server VMs in Azure

Advanced data security is available in preview for SQL Server on Azure VMs. This feature allows you to protect your SQL Server installations made on board of Azure virtual machines. This service currently includes the capabilities necessary to identify and mitigate potential vulnerabilities on databases and detects unusual activity that may indicate the presence of a security threat on the server.

Updates to the User Interface in Azure Monitor Log Analytics

During the month, some elements of the Azure Monitor Log Analytics underwent a change, For more details you can refer this document.

New version of the agent for Linux systems

This month the new agent version of Log Analytics for Linux systems introduces improvements relating in particular to the installation process and performance. To get more information about it you can access the GitHub official page.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was releasedUpdate Rollup 37 solving different problems and introduces some improvements. The details and the procedure to be followed for the installation can be found in the specific KB 4508614.

Data replication of new disk added

Azure Site Recovery introduced the ability to enable replication of data disks, only if managed type, that are added to a Azure VM, that has already enabled the ability to make disaster recovery.

New support limits for the Mobility service for DR scenarios of VMware VMs and physical servers

Azure Site Recovery is now able to support up to five GPT partitions on UEFI, when you use the Mobility service for disaster recovery scenarios of VMware VMs and physical servers.

Using an existing automation account for automatic updates of Mobility service

When you set up automatic updates of the Azure Site Recovery Mobility service extension running on Azure VMs enabled for disaster recovery scenarios, introduced the ability to select an existing automation account to use, instead of using the default created by Site Recovery.

Azure Backup

Support for SQL Server 2008 and 2008 R2 on VMs in Azure

The 9 July 2019 officially ends support for SQL Server 2008 and 2008 R2 and thanks to the Microsoft approach, which guarantees other 3 years of security updates if migrated to Azure environment, many customers are proceeding with its migration. In the event you choose to move the SQL Server on-premises, in a VM in Azure environment, is appropriate to manage the backup and for this reason, Microsoft has decided to introduce in Azure Backup the support (at the time public preview) of SQL Server 2008 and SQL Server 2008 R2 from Windows 2008 R2 SP1.

System Center Configuration Manager

New release for the Technical Preview Branch

For Configuration Manager was released the update 1906 that among the main innovations provides the ability to specify a user category as a filter in the applications that are on the Software Center page.

To verify the details about what's new in this update you can see this document.

Please note that the releases in Technical Preview Branch help you to evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Updates Publisher

Announced the availability of System Center Updates Publisher preview (SCUP) June 2019.

Evaluation of Azure and System Center

To test and evaluate free of charge the service offered by Azure you can access this page, while to try out the various components of System Center you must Access to theEvaluation Center and, after registering, you can start the trial period.

Azure IaaS and Azure Stack: announcements and updates (June 2019 – Weeks: 25 and 26)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

General availability of Azure Premium Files

Premium Files is a new performance tier for Azure Files and is designed for IO intensive workloads with low latency and higher throughput requirements. Premium tier provides 20x capacity, 100x IOPS, and 170x throughput as compared to the existing standard tier. Premium Files stores data on the latest Solid-State Drives (SSDs), which makes it suitable for wide variety of workloads like file services, databases, persistent storage for containers, content and collaboration repositories, analytics, home directories, high variable and batch workloads, among many others. 

Azure Bastion Public Preview

Azure Bastion enables more secure and seamless RDP and SSH access to Azure Virtual machines directly in the portal (over port 443) without the need of any public IP on the virtual machine. Additional details are available on the Azure Bastion product page, and Azure Bastion product documentation page.

Azure Firewall: public preview for multiple public IPs and Availability Zones

Azure Firewall now supports multiple public IPs and availability zones in public preview using PowerShell and templates:

Just-in-time access supports Azure Firewall

When a user requests access to a VM with a JIT policy, Security Center first checks that the user has Role-Based Access Control (RBAC) permissions to request access to a VM with a JIT policy. If the user has permissions and the request is approved, Security Center automatically configures the NSG and the Azure Firewall rules to allow inbound traffic.

ExpressRoute supports up to 4 circuits from the same peering location into the VNet

ExpressRoute now supports up to 4 circuits from a single peering location connected to an ExpressRoute virtual network gateway, which was previously limited to a single circuit in a peering location. This is generally available in Azure Public.

Preview Refresh for Azure DNS Private Zones

Announced the Refresh release for Azure DNS private zones (preview). The Preview Refresh introduces new functionality and lifts several restrictions that public preview had.

Availability of Microsoft cloud datacenter regions in the Middle East

Microsoft Azure and Office 365 are now generally available from datacenter regions in the United Arab Emirates (UAE), with plans for Dynamics 365 and Power Platform to be available by the end of 2019.

VM Health feature now supports new OS’ and is available in new regions

VM Health feature now supports new OS’ and is available in new regions

VM Health feature included in Azure monitor for VMs is now available for VMs that are running on Windows 2012 R2 and 2019. Additionally, VM Health feature is also available in cases where the associated workspace is in SEA (South East Asia), UKS (UK South), and CCAN (Canada Central) regions.

Public preview of monitoring VM scale sets

Public preview of monitoring Windows and Linux VM scale sets from within the scale set resource blade.

Update rollup for Azure File Sync Agent

An update rollup for the Azure File Sync agent was released.

Improvements and issues that are fixed:

  • Accessing or browsing a server endpoint location over SMB is slow on Windows Server 2012 R2.
  • Increased CPU utilization after installing the Azure File Sync v6 agent.
  • Cloud tiering telemetry improvements.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 6.3.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4489739.

M-series VMs are available in the South Africa North region

Azure M-series VMs are now available in the US South Central region. M-series VMs offer configurations with memory from 192 GB to 3.8TiB (4TB) RAM and are certified for SAP HANA.

GPU Optimized Visualization VMs now available in new regions

NVv3-Series VMs are now available in South Central US, West US, West Europe and North Europe Azure regions.

Azure Stack

Azure Stack update

This update includes new improvements, and fixes for Azure Stack. This article describes the contents of the 1906 update package.

Azure IaaS and Azure Stack: announcements and updates (June 2019 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Web Application Firewall (WAF) for Azure Front Door service is generally available

Customers can use WAF to define security policies that allow, block, forward or rate limit access to their web applications delivered through Azure Front Door.

  • A WAF security policy may consist of an ordered list of custom rules and Azure managed pre-configured rulesets.
  • Custom rules are based on a combination of client IP addresses, geolocation, http parameters, request methods and size constraints.
  • The pre-configured default rule set can be enabled to protect your applications from OWASP top 10 threats.
  • New or updated WAF configurations are deployed globally within minutes, letting you respond quickly to changing attack patterns.
  • WAF for Azure Front Door is integrated with Azure Monitor and the logs can be accessed through an Azure storage account, Azure Event Hub or Azure Log Analytics.

DevTest Labs supports the Shared Image Gallery feature

It enables lab users to access images from a shared location while creating lab resources. It also helps you build structure and organization around your custom-managed VM images.

High-Performance Computing Virtual Machines are available in West US 2, East US

HC-series Virtual Machines, designed to provide supercomputer-grade performance and scalability with the best price-performance on the public cloud, are generally available in West US 2 and East US.

Azure File Sync is GA for Azure Government cloud

Azure File Sync is generally available for Azure Government cloud. Azure File Sync in Government Cloud can be used with the same v6 agent that a customer would use in public cloud. It is at feature parity with what’s available publicly.

Azure Shared Image Gallery are generally available

Shared Image Gallery provides a simple way to share your applications with others in your organization, within or across Azure Active Directory (AD) tenants and regions. This enables you to expedite regional expansion or DevOps processes and simplify your cross-region HA/DR setup.

Azure DevTest Labs: PowerShell module to simplify management of labs

You can now make use of Az.DevTestLabs, a PowerShell module to simplify the management of Azure DevTest Labs. It provides composable functions to create, query, update and delete labs, virtual machines, custom images and environments.

Advanced data security for SQL servers on IaaS

Advanced data security is now available for SQL Server on Azure Virtual Machines. Advanced data security for SQL Server on Azure Virtual Machines currently includes functionality for surfacing and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate a threat to your server.

Adaptive Network Hardening in Security Center id generally available

Security Center learns the network traffic and connectivity patterns of Azure workloads and provides NSG rule recommendations, for Internet facing virtual machines. This helps our customer better configure their network access policies and limit their exposure to attacks.

Azure Application Gateway Web Application Firewall custom rules are Generally Available

Custom rules for WAF_v2 allow customers to create their own rules with IP/IP range or String based matching conditions. For example, customers will be able to create rules which block requests from a specific IP range, or those matching a specific regular expression in the request’s header/cookie/URI/queryString/form elements. Users can also join multiple matching conditions into a single custom rule. More details can be found here.

Update rollup for Azure File Sync Agent

Improvements and issues that are fixed
  • After creating a server endpoint, High CPU usage may occur when background recall is downloading files to the server.
  • Sync and cloud tiering operations may fail with error ECS_E_SERVER_CREDENTIAL_NEEDED due to token expiration.
  • Recalling a file may fail if the URL to download the file contains reserved characters.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 6.2.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4489738.

Azure management services and System Center: What's New in May 2019

To stay up to date on news about Azure management services and System Center, our community releases this monthly summary, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

Azure Log Analytics

New version Agent for Linux systems

This month the new agent version of Log Analytics for Linux systems introduces improvements concerning the stability and reliability. For more information about this, you can access the GitHub official page.

Availability in new regions

The availability of Azure Log Analytics has been extended for another five new regions: Central US, East US 2, East Asia, West US and South Central US.

Azure Site Recovery

Improvements in the monitor of VMware and physical systems

In the replication scenario of VMware systems and physical machines , the role Process Server acts as replication gateway, then receives replication data, performs an optimization through caching and compression mechanisms, provides encryption and sends them to the storage in the Azure environment. This role is also responsible to make the discovery of virtual machines on VMware systems. There are several factors that may impact on the smooth functioning of this component: high data change rate (churn), network connectivity, bandwidth availability, undersizing of the computing capacity required. In ASR were added different States of health that facilitate troubleshooting for this component. For each alert is also proposed corrective action deemed necessary, in order to better manage this role, essential for the proper functioning of the replication process.

Azure Backup

Network Security Group service tags for Azure Backup

Microsoft announced the ability to use within the Network Security Groups (NSGs) the service tag for Azure Backup. Using the tag AzureBackup it is possible to allow in the NSG outbound access to the Azure Backup service, so you can protect your workloads (SQL Server) on board of the virtual machines, instead of having to manage a whithelist that contains the IP addresses of the service. This is useful, in addition in the presence of the SQL Server workloads to be protected, also to make VM backup via MARS agent.

System Center Configuration Manager

New release for the Technical Preview Branch

For Configuration Manager was released the update 1905 that among the main innovations provides the ability to create application groups to be sent to collection of users or devices into a single deployment. The applications in the group can be installed with a specific order and the group will be displayed in Software Center as a single entity (suite of products).

To verify the details about what's new in this update you can see this document.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.