Category Archives: Datacenter Management

Azure Management services: what’s new in October 2023

This month, Microsoft has introduced a series of significant updates to the Azure management services. Through this series of monthly articles, I aim to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, giving you the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

VM insights: migration to Azure Monitor agent by August 31, 2024

On August 31, 2024, VM insights based on the Log Analytics agent will be retired. It is recommended to migrate to the Azure Monitor agent for VM insights, which offers several improvements, including:

  • Enhanced security and performance.
  • Data collection rules to help reduce costs.
  • A simplified management experience, facilitating troubleshooting.

Integrated Azure Monitor alerts for Azure Site Recovery (preview)

Microsoft recently announced the preview availability of integrated Azure Monitor alerts for Azure Site Recovery. This new feature allows Azure users to more effectively monitor the status and performance of their disaster recovery environments. The integrated alerts enable rapid detection of potential issues, ensuring more efficient and proactive management of resources in emergency recovery situations. With this integration, users can configure custom alerts based on specific performance and status parameters, improving resilience and operational readiness for their systems. This feature is particularly useful for organizations requiring high standards of operational continuity and data integrity.

Govern

Azure Policy

Protection of critical infrastructures from large-scale accidental deletions with Policies

Microsoft has introduced “DenyAction” in Azure Policy. This new feature allows blocking requests based on actions taken on the resource, rather than just its configuration or properties. In practice, with Deny Action, it is possible to protect infrastructures by preventing unwanted deletion calls. While in the past Azure Policy only offered the “deny” function, which blocked requests based on specific resource configurations, now with the addition of Deny Action, the blocking capability has been extended to actions included in the request.

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure Arc-enabled SCVMM (preview)

With the recent introduction of “Azure Arc-enabled System Center Virtual Machine Manager (SCVMM)”, it is now possible to manage SCVMM VMs more efficiently directly from Azure. This innovative solution facilitates the discovery, integration, and management of VMs. Microsoft is expanding the capabilities for SCVMM enabled in Azure Arc. Thanks to this update, Azure Arc-enabled SCVMM VMs receive full support for Azure management services. This includes protection offered by Microsoft Defender for Cloud, monitoring via Azure Monitor, and updates provided by Azure Update Manager. These new features offer customers a simpler and more effective management experience of their System Center-managed assets, all through Azure.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Public preview availability of recommendations for managing DevOps security posture;
  • Release of the CIS Azure Foundations Benchmark v2.0.0 in the Regulatory Compliance dashboard.

Protect

Azure Backup

Backup Vaults with MUA (Multi-User Authorization)

Azure Backup has announced the availability of backup vaults with MUA (Multi-User Authorization). These vaults offer an integrated backup solution that protects business data through a series of advanced access features. With this release, the backup administrator, who is usually the owner of the Backup vault, needs to obtain the collaborator role on the protected resource to perform certain operations. This requires an action by the owner of the protection resource to approve and grant the requested access. Additionally, it is possible to use Azure Active Directory Privileged Identity Management to manage just-in-time access on the protected resource.

Enhanced Soft Delete

Azure has announced the availability of the “Enhanced Soft Delete” feature for Azure Backup. This feature offers additional protection against data loss, ensuring that backup data remains available for recovery, even if the backup source is deleted. The Enhanced Soft Delete feature protects against accidental deletions and malicious activities. This adds an extra layer of security and resilience to backup data.

Regional Disaster Recovery for Azure Backup for AKS (preview)

Azure Backup for AKS allows customers to protect their containerized workloads along with application data deployed on AKS clusters. The solution enables scheduled backups of AKS clusters and their restoration in various scenarios. Customers also want to use their AKS backups to recover applications in the event of a regional disaster, following industry best practices for the 3-2-1 backup strategy. With this in mind, the Azure Backup service is announcing the private preview of the regional disaster recovery capability of AKS Backup. Using this feature, it is possible to recover the AKS cluster from backups in a secondary region, such as an Azure paired region, in the event of a regional disaster.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (October 2023 – Weeks: 41 and 42)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure achieves HITRUST CSF v11.0.1 certification

I am thrilled to announce that Microsoft Azure has achieved HITRUST CSF v11.0.1 certification across 162 Azure services and 115 Azure Government services. This certification covers all GA Azure regions across both Azure and Azure Government clouds. This monumental achievement stands as a testament to Azure’s unwavering commitment to enhancing its security and compliance offerings, especially for valued customers in the healthcare sector.

HITRUST CSF v11.0.1 is the latest iteration of the framework, incorporating new requirements and updates from authoritative sources such as NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and more. Moreover, HITRUST CSF v11.0.1 introduces innovative features and enhancements, including a maturity scoring model, risk factor analysis, an expanded inheritance program, improved assessment scoping tools, and more. By securing this certification, Azure reinforces its dedication to providing secure and compliant cloud services for customers in the healthcare industry.

Compute

Azure Dedicated Host – Resize

With the introduction of Azure Dedicated Host’s new ‘resize’ feature, users can now effortlessly transition their existing dedicated host to a different Azure Dedicated Host SKU, for instance, moving from Dsv3-Type1 to Dsv3-Type4. This innovative ‘resize’ feature significantly reduces the complexities and efforts associated with reconfiguring VMs when there’s a need to upgrade the foundational dedicated host system. One of the standout features is the ability to automatically create a new host, migrate all pre-existing VMs, and subsequently delete the old host. This eliminates the need for any manual interventions during the upgrade process of the dedicated host. Additionally, this could lead to potential cost savings, as users gain the capability to operate more VMs on the newly introduced dedicated host SKUs.

VMSS Automatic Instance Repairs – Reimage, Restart Repair Actions (preview)

Automatic instance repairs help Virtual Machine Scale Set customers achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime. Microsoft has announced that customers can now choose between Replace, Reimage (Preview), or Restart (Preview) as the default repair action performed in response to an “Unhealthy” application signal. These new options provide a less-impactful repair process, ensuring higher application availability while preserving VM properties and metadata for customers with sensitive workloads.

Networking

Default Outbound Access for VMs in Azure Will Be Retired

Microsoft has recently announced that starting from 30 September 2025, the default outbound access connectivity for all new virtual machines in Azure will be retired. This decision is in line with Azure’s move towards a secure-by-default model, which means that the default outbound access to the internet will be turned off. Consequently, after the mentioned date, Azure will no longer assign a default implicit IP for VMs to communicate with the internet. However, it’s important to note that existing VMs will not be affected by this retirement. For those who require outbound access post this date, Azure will provide an easy way to enable outbound internet access using explicit outbound methods. Additionally, for VMs currently having default outbound access and wishing to transition to a secure configuration after this date, Azure will offer a mechanism for easy opt-in. Users already utilizing explicit outbound connectivity methods will remain unaffected by this retirement. Azure emphasizes the benefits of explicit outbound connectivity methods, including greater control over internet connections, protection from public IP address changes, and traceable IP address resources beneficial for measurement and troubleshooting. Azure will be sending periodic updates to subscription owners impacted by this change in the coming months.

ExpressRoute Traffic Collector now generally available

Microsoft Azure has announced the general availability of the ExpressRoute Traffic Collector. This feature allows users to capture information about IP flows sent over ExpressRoute direct circuits. The ExpressRoute Traffic Collector supports flow logs capture for both Private and Microsoft peering. The captured flow logs data is sent to a Log Analytics workspace, enabling users to create custom log queries for in-depth analysis.

Some of the primary use cases for flow logs include:

  • Network Monitoring: gain near real-time visibility into network throughput and performance, perform network diagnosis, and forecast capacity.
  • Network Usage and Cost Optimization: analyze traffic trends by filtering sampled flows by IP, port, or applications. Identify top talkers for a source IP, destination IP, or applications. Optimize network traffic expenses by analyzing traffic patterns.
  • Network Forensics Analysis: identify potentially compromised IPs by analyzing all associated network flows. Users can also export flow logs to a SIEM tool of their choice to monitor and correlate events.

It’s important to note that the flow logs collected by the ExpressRoute Traffic Collector do not impact network throughput or latency. Users can enable or stop flow logs collection without any risk of affecting the network performance of an ExpressRoute direct circuit.

Azure Private Link for MySQL – Flexible Server

Azure Private Link allows users to connect to various PaaS services, such as Azure Database for MySQL – Flexible Server, in Azure, via a private endpoint. Private Link brings Azure services inside your private virtual network (VNet). Using the private IP address, the Azure Database for MySQL – Flexible Server becomes accessible just like any other resource within the VNet. This feature is now available for general use.

Storage

Azure Files improved support for Unicode characters

Azure Files has undergone enhancements to now support all valid Unicode characters. This development allows for the creation of SMB File shares with file and directory names that align with the NTFS file system, specifically for valid Unicode characters. This expanded character set support includes:

  • Control characters that are supported by NTFS.
  • Trailing dot (.) characters at the end of directory and file names.
  • Characters that function individually but were previously blocked when used in combination, especially in non-English languages.

Such advancements facilitate tools like AzCopy and Storage mover to migrate all files into Azure Files using the REST protocol. This expanded character support is now accessible in all Azure regions.

Zone Redundant Storage for Azure Disks in More Regions

Microsoft has announced the general availability of Zone Redundant Storage (ZRS) for Azure Disk Storage on Azure Premium SSDs and Standard SSDs in the Norway East and UAE North regions. Disks with ZRS offer synchronous replication of data across three availability zones within a region. This ensures that the disks can withstand zonal failures without disrupting the associated applications. The feature not only enhances the resilience of disks against zonal failures but also eliminates the need for application-level replication of data across zones. Furthermore, ZRS can be combined with shared disks to provide even higher availability for clustered or distributed applications, including SQL FCI, SAP ASCS/SCS, and GFS2.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (October 2023 – Weeks: 39 and 40)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure Now Available from New Cloud Region in Italy

Microsoft Azure has officially reached General Availability in a new cloud region in Italy. This expansion of Azure’s global presence brings its cloud services closer to businesses and organizations in Italy, enabling them to benefit from Azure’s comprehensive suite of services for their digital transformation initiatives. With this new cloud region, customers in Italy can now take advantage of low-latency, high-performance computing and networking capabilities offered by Azure, while complying with local data residency requirements and ensuring data sovereignty.

Networking

Default outbound access for VMs in Azure will be retired: Transition to a new method of internet access

Azure is retiring the default outbound access for virtual machines (VMs) and recommends transitioning to a new method of internet access. This change is part of Azure’s ongoing commitment to improve the security and performance of its services. Customers are advised to review the documentation and make necessary changes to ensure uninterrupted outbound connectivity for their VMs.

Domain Fronting update on Azure Front Door and Azure CDN

Azure has announced the general availability of the domain fronting update on Azure Front Door and Azure CDN. This update enhances the security and performance of the services. Domain fronting is a technique used to obfuscate the destination of HTTPS traffic. With this update, Azure aims to provide better security and improved performance for its users. The update ensures that the services are more resilient and can handle traffic more efficiently.

Gateway Load Balancer IPv6 support

Azure Gateway Load Balancer now supports IPv6, which allows you to build, deploy, and scale applications that use IPv6 addresses. This enhancement provides a consistent frontend IP for virtual appliances, ensuring that traffic is distributed evenly across multiple instances. With this update, Azure continues to expand its IPv6 capabilities, enabling you to meet the requirements of your IPv6-enabled applications.

Storage

Zone-redundant storage for Azure Disks is now available in more regions

Zone-redundant storage (ZRS) for Azure Disks is now available in more regions. ZRS replicates your data in availability zones, ensuring data resilience and protection against zone failures. This update provides a higher level of resilience for your critical applications and ensures that they remain operational even if one of the availability zones fails.

Customer-Managed Keys for Azure NetApp Files Volume Encryption is Now Available in US Gov Regions (preview)

Azure is excited to announce the availability of Customer-Managed Keys for Azure NetApp Files Volume Encryption in the US Gov Regions, now in public preview. This new feature empowers Azure customers in government sectors to have greater control over their data security and encryption keys when using Azure NetApp Files. With Customer-Managed Keys, customers can manage their own encryption keys using Azure Key Vault, ensuring a higher level of data security and compliance with specific regulatory requirements. This preview provides an opportunity for customers in government regions to evaluate and test this feature before its general availability.

Azure Stack

Azure Stack HCI

Premier Solutions for Azure Stack HCI

The introduction of Premier Solutions for Azure Stack HCI represents a significant leap forward in Azure’s offerings for customers seeking enhanced operational efficiency, rapid deployment, and flexible procurement options. This innovative category of products has been developed in close collaboration with industry leaders like Dell Technologies and Lenovo, resulting in a seamless and comprehensive edge infrastructure solution.

Key Benefits of Premier Solutions for Azure Stack HCI:

  • Improved Operational Experience: Premier Solutions are designed to streamline and enhance the operational experience for Azure Stack HCI users. By leveraging the expertise and technology of Azure, customers can expect greater reliability, scalability, and ease of management, ensuring that their infrastructure runs smoothly without interruptions.
  • Faster Time to Value: With Premier Solutions, customers can deploy Azure Stack HCI more quickly and efficiently. The integration of hardware, software, and cloud services simplifies the setup process, reducing the time and effort required to get the system up and running. This means organizations can start realizing the benefits of their HCI infrastructure sooner.
  • Greater Flexibility with as-a-Service Procurement: Premier Solutions offer flexible procurement options, aligning with the as-a-service model that is becoming increasingly popular in the IT industry. This allows organizations to scale their infrastructure as needed, optimizing costs and resources while ensuring they have access to the latest technologies and features.
  • Deep Integration: The collaboration with leading partners, including Dell Technologies and Lenovo, ensures a high level of integration between hardware and software components. This deep integration results in a more cohesive and efficient HCI solution, delivering improved performance and reliability.
  • Seamless Connectivity: Premier Solutions enable seamless connectivity between on-premises infrastructure and the Azure cloud. This connectivity ensures that organizations can leverage the full power of Azure services while maintaining control over their data and resources.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Embracing the future: why Azure Stack HCI is the optimal choice for modernizing On-Premises infrastructure

As the digital landscape evolves, businesses are constantly seeking ways to harness the power of technology to stay competitive and efficient. While cloud computing has emerged as a game-changer, offering unparalleled flexibility and scalability, many enterprises still grapple with the challenge of integrating their on-premises infrastructure with the cloud. Microsoft’s Azure Stack HCI presents a compelling solution to this dilemma, bridging the gap between traditional data centers and the innovative world of the cloud. In this article, we delve into the unique advantages of Azure Stack HCI and why it stands out as the preferred choice for businesses aiming to modernize their IT infrastructure.

Azure Stack HCI is Microsoft’s solution that allows you to create a hyper-converged infrastructure (HCI) for running workloads in an on-premises environment, with a strategic connection to various Azure services. Azure Stack HCI has been specifically designed by Microsoft to help customers modernize their hybrid data center, offering a complete and familiar Azure experience on-premises. If you need more information about the Microsoft Azure Stack HCI solution, I invite you to watch this video.

Figure 1 – Overview of Azure Stack HCI

In my daily interactions with customers, I am often asked why they should choose Azure Stack HCI over other well-known solutions that have been on the market for a long time. In the following paragraphs, I will outline what I believe are the main reasons to opt for Azure Stack HCI.

Modernize your on-premises infrastructure by bringing innovation

Azure Stack HCI is not synonymous with a virtualization environment but allows you to achieve much more. It is ideal if you want to modernize your infrastructure by adopting a hyper-converged architecture that allows you to:

    • Activate virtual machines based on consolidated technologies that make the environment stable and highly available, especially suitable for workloads that require high performance and scalability.
    • Deploy and manage modern applications based on microservices, alongside virtual machines, in the same cluster environment, using Azure Kubernetes Service (AKS). In addition to running Windows and Linux apps in containers, AKS provides the infrastructure to run selected Azure PaaS services on-premises, thanks to Azure Arc.
    • Activate virtual machines with Windows Server 2022 Azure Datacenter edition, which offers specific features not available in the classic Standard and Datacenter editions. To learn more about the features available in this edition, you can consult this article.
    • Create Azure Virtual Desktop session host pools using virtual machines running on-premises. This hybrid scenario becomes interesting in situations where applications are latency-sensitive, such as video editing, or scenarios where users need to use a legacy system on-premises that cannot be easily accessed.
    • Extend the features of the on-premises solution by connecting to various Azure services such as Azure Site Recovery, Azure Backup, Azure Monitor, and Defender for Cloud. This aspect ensures constant innovation, given the continuous evolution of cloud services.

Optimize costs

The Azure Stack HCI cost model, detailed in this article, is straightforward. Specifically, for customers with a Software Assurance contract, adopting Azure Stack HCI results in a drastic reduction in the costs of modernizing the virtualization environment, making this solution even more cost-competitive compared to competitors in the market. Recently, when comparing the costs between Azure Stack HCI and VMware vSphere + vSAN over a 3-year projection, it emerged that Azure Stack HCI allows savings of up to 40%.

Increase the level of security

Azure Stack HCI offers cross-cutting security on hardware and firmware, integrated into the operating system’s features, capable of helping protect servers from advanced threats. Azure Stack HCI systems can adopt Secured-core security features, all through an easy configuration experience from Windows Admin Center. Additionally, Azure Stack HCI allows you to obtain important security patches for legacy Microsoft products that have passed the support deadline, through the Extended Security Update (ESU) program. Considering that October 10, 2023, marks the end of extended support for Windows Server 2012 and Windows Server 2012 R2, Azure Stack HCI allows more time to embark on an application modernization path without neglecting security aspects.

Maximize existing investments

Azure Stack HCI can integrate with the existing environment and the most popular third-party solutions. Therefore, adopting this solution does not require new investments to introduce or adapt management, identity, security, and protection solutions. Specifically, the administrative management of Azure Stack HCI does not require specific software, but existing management tools such as Admin Center, PowerShell, System Center Virtual Machine Manager, and even third-party tools can be used. Furthermore, by adopting Azure Stack HCI and Azure Arc, it is possible to apply cloud management models to the on-premises environment, greatly simplifying the user experience. Azure Stack HCI allows you to fully exploit not only the investments already made concerning tools but also the skills of IT staff.

Conclusions

In today’s fast-paced technological era, the choice of IT infrastructure can significantly influence a business’s agility, security, and overall growth. While there are numerous solutions available, Azure Stack HCI emerges as a frontrunner, seamlessly merging the reliability of on-premises systems with the innovation of the cloud. Its unique features, cost-effectiveness, and robust security measures make it an invaluable asset for companies aiming to stay ahead of the curve. By choosing Azure Stack HCI, businesses not only safeguard their current investments but also pave the way for a future-ready, integrated, and efficient IT environment.

Azure Management services: what's new in September 2023

In September there were several news that Microsoft announced regarding Azure management services. This article lists the main announcements, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor VM Insights now available with Azure Monitor Agent

Azure has announced the availability of “Azure Monitor VM Insights” through the use of the Azure Monitor Agent. This service offers a quick and easy way to monitor customer workloads on Azure virtual machines and scale sets, as well as on Azure Arc-enabled servers operating in an on-premises and/or multi-cloud environment.

The new version of the agent offers various benefits, including cost savings, simplified management and improved security and performance. If you were previously using VM Insights using Log Analytics Agent (now deprecated), Microsoft suggests consulting theirs migration guide to switch to the Azure Monitor Agent.

Historical view for Azure Monitor alerts (preview)

Monitoring resources and alerts in Azure is now easier and more intuitive with the new historical preview view of Azure Monitor. This view offers a clear overview of triggered alerts, allowing users to quickly identify problems

OpenTelemetry-based distribution via Node.js from Python

Azure Monitor now offers OpenTelemetry-based distribution for Node.js and Python, allowing developers to easily integrate with Azure Monitor and collect telemetry data. This new feature ensures that developers can effectively monitor their applications, obtaining performance information, on errors and other key metrics.

Configure

Update management

Azure Update Manager: updated and enhanced update management

Azure Update Manager offers a SaaS solution to manage and govern software updates on Windows and Linux machines in Azure environments, on-premises e multi cloud. This is an evolution of the Azure Automation update management solution with new features. Azure Update Manager has been redesigned to provide new capabilities without relying on the Log Analytics agent or Azure Monitor agent. It relies on the Microsoft Azure VM agent to manage update flows on Azure VMs and on the Azure Connected Machine agent to manage Azure Arc-enabled servers.

Govern

Azure Cost Management

Export Cost Management data to firewall-protected storage accounts

You can now export Cost Management data to firewall-protected Azure storage accounts. Users can use the Exports API or the Azure portal to create recurring tasks to automatically export cost data to CSV format. This can be scheduled on a daily basis, weekly or monthly, and the exported data can be used for creating dashboards or integrating with financial systems.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Malware scanning in Defender for Storage

Defender for Storage introduces malware scanning functionality, overcoming traditional malware protection challenges and providing an ideal solution for highly regulated industries. This function, available as an add-on, represents a significant enhancement of Microsoft Defender for Storage security solutions. With malware scanning you get the following benefits.

  • Protection, in near real time, without agent: ability to intercept advanced malware such as polymorphic and metamorphic ones.
  • Cost Optimization: thanks to flexible pricing, you can control costs based on the amount of data examined and with resource-level granularity.
  • Enablement at scale: without the need for maintenance, supports automated responses at scale and offers several options for activation via tools and platforms such as Azure policy, Bicep, ARM, Terraform, REST API and the Azure portal.
  • Application versatility: based on feedback from beta users over the last two years, Malware scanning has proven useful in a variety of scenarios, as web applications, content protection, compliance, integrations with third parties, collaborative platforms, data streams and datasets for machine learning (ML).

GitHub Advanced Security per Azure DevOps

It is now possible to view GitHub Advanced Security for Azure DevOps alerts (GHAzDO) related to CodeQL, secrets and dependencies, directly in Defender for Cloud. The results will appear in the DevOps section and Recommendations. To see these results, you need to integrate your GHAzDO-enabled repositories into Defender for Cloud.

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. To find out about the main innovations that characterized Defender for Cloud in the summer 2023, outlining how these innovations can represent added value for companies, you can consult this article.

Protect

Azure Backup

Cross Region Restore (CRR) for Recovery Services Agent (MARS) 

Following the General Availability of Cross Region Recovery for VM backups, SQL and SAP HANA and to strengthen the resilience pillar, Microsoft has announced Cross Region Recovery support for the Recovery Services Agent (MARS) using Azure Backup.

Azure customers leverage Recovery Services Agent to back up their files/folders and system state to an Azure Recovery Services Vault. Backup data in the primary region can also be geo-replicated to a secondary region paired with Azure to ensure durability. Previously, data replicated in the secondary region was available for recovery in the secondary region only if Azure declared a disaster in the primary region. With the introduction of this new support, Customers can enable recovery of Recovery Services Agent backups in the secondary region at any time.

This capability can be leveraged in the following scenarios:

  • when the primary region is available to test restores from backup data in the secondary region for audit/compliance purposes;
  • when the primary region is not available, customers can trigger recovery of data backed up in the secondary region even if the primary Azure region is partially unavailable or completely unavailable without any waiting time.

Saving the Azure Backup Recovery Services Agent passphrase (MARS) in Azure Key Vault (preview)

Data security is a priority for Microsoft, and with the new preview feature that allows you to save the Recovery Services Agent encryption passphrase directly in Azure Key Vault, users can now enjoy an even greater level of security. This integration makes the Recovery Services Agent installation smoother and more secure, eliminating the need for custom scripts.

Azure Files Backup in China regions

Azure Files Backup is now generally available in China regions. This feature allows users to back up their files to Azure securely and reliably.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (September 2023 – Weeks: 37 and 38)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Latest generation burstable VMs – Bsv2, Basv2, and Bpsv2

The Bsv2, Basv2, and Bpsv2 series virtual machines represent the latest generation of Azure burstable general-purpose VMs. These VMs provide a baseline level of CPU utilization and can expand to higher CPU utilization as workload volume increases. They are ideal for various applications, including development and test servers, low-traffic web servers, small databases, microservices, proof-of-concept servers, build servers, and code repositories. Compared to the B series v1, these new B series v2 virtual machines offer up to 15% better price-performance, up to 5X higher network bandwidth with accelerated networking, and 10X higher remote storage throughput.

Networking

Sensitive Data Protection for Application Gateway Web Application Firewall

Azure’s regional Web Application Firewall (WAF) running on Application Gateway has introduced support for sensitive data protection through log scrubbing. When a request aligns with the criteria of a rule and activates a WAF action, the event is documented within the WAF logs. These logs are maintained as plain text for easier debugging. However, this means that any patterns matching sensitive customer data, such as IP addresses, passwords, and other personally identifiable information, could potentially be recorded in the logs as plain text. To enhance the security of this sensitive data, users can now establish log scrubbing rules that substitute the sensitive data with “******”. The sensitive data protection feature using log scrubbing facilitates the creation of rules using various variables, including Request Header Names, Request Cookie Names, Request Arg Names, Request Post Arg Names, Request JSON Arg Names, and Request IP Address.

Azure Front Door Standard and Premium support Bring Your Own Certificates (BYOC) based domain ownership validation (preview)

Azure Front Door Standard and Premium now support Bring Your Own Certificates (BYOC) based domain ownership validation. With this feature, Azure Front Door can automatically approve domain ownership if the Certificate Name (CN) or Subject Alternative Name (SAN) of the provided certificate matches the custom domain. This reduces the steps and efforts required to prove domain ownership, streamlining the Dev-Ops experience. For domains created before this feature’s support and whose validation status is not yet approved, users will need to trigger the auto-approval of domain ownership validation manually.

Storage

Azure Premium SSD v2 Disk Storage now available in multiple regions

Azure Premium SSD v2 Disk Storage is now generally available in the Australia East, France Central, Norway East, and UAE North regions. This expansion offers customers in these regions the opportunity to leverage the benefits of Azure Premium SSD v2 Disk Storage for their workloads. Azure Premium SSD v2 Disk Storage provides high-performance and low-latency disk support for virtual machines running I/O-intensive workloads. By utilizing this storage solution, users can expect consistent performance, enhanced durability, and availability.

Learn about foolproof strategies to optimize costs on Azure

The peculiarities and undeniable advantages of cloud computing can, in certain situations, hide pitfalls if not handled with due attention. Wise cost management is one of the crucial aspects of cloud governance. In this article, will be explored and outlined the principles and techniques that can be used to optimize and minimize expenses relating to the resources implemented in the Azure environment.

The issue of optimizing costs related to the cloud is a topic that is attracting increasingly greater interest among numerous customers. So that, for the seventh year in a row, emerges as the leading initiative in the cloud industry, as reported in Flexera's annual report 2023.

Figure 1 – Initiatives reported in the Flexera report of 2023

Principles to better manage costs

For effective management of costs associated with Azure, It is essential to adopt the principles outlined in the following paragraphs.

Design

A well-structured design process, which includes a meticulous analysis of business needs, it is essential to customize the adoption of cloud solutions. It therefore becomes crucial to outline the infrastructure to be implemented and how it will be used, through a design plan that aims to optimize the efficiency of the resources allocated in the Azure environment.

Visibility

It is vital to equip yourself with tools that offer a global view and allow you to receive notifications regarding Azure costs, thus facilitating constant and proactive monitoring of expenses.

Responsibility

Assigning cloud resource costs to the respective organizational units within the company is a smart practice. This ensures that managers are fully aware of the expenses attributable to their team, promoting an in-depth understanding of Azure spending at an organizational level. For this purpose, It is advisable to structure Azure resources in such a way as to facilitate the identification and attribution of costs.

Optimization

It is advisable to undertake periodic reviews of Azure resources with the intention of minimizing expenses where possible. Making use of available information, you can easily identify underutilized resources, eliminate waste and capitalize on cost saving opportunities.

Iteration

It is essential that IT staff are continuously engaged in the iterative processes of optimizing the costs of Azure resources. This represents a key element for responsible and effective management of the cloud environment.

Techniques to optimize costs

Regardless of the specific tools and solutions used, to refine cost management in Azure, you can adhere to the following strategies:

  • Turn off unused resources, given that the pricing of the various Azure services is based on the actual use of the resources. For those resources that do not require uninterrupted operation and that allow, without any loss of configurations or data, a deactivation or suspension, it is possible to implement an automation system. This system, regulated by a predefined schedule, facilitates the optimization of use and, consequentially, more economical management of the resources themselves.
  • Adequately size resources, consolidating workloads and proactively intervening on underutilized resources, allows us to avoid waste and guarantee a more efficient and targeted use of available capacities.
  • For resources used continuously in the Azure environment, evaluate the option of Reservations can prove to be an advantageous strategy. Azure Reservations offer the opportunity to benefit from a significant cost reduction, which can reach up to 72% compared to pay-as-you-go rates. This benefit can be obtained by committing to pay for the use of Azure resources for a period of one or three years. This payment can be made in advance or on a monthly basis, at no additional cost. The purchase of Reservations can be made directly from the Azure portal and is available to customers with the following subscription types: Enterprise Agreement, Pay-As-You-Go and Cloud Solution Provider (CSP).
  • To further mitigate costs associated with Azure, it is appropriate to consider the implementation of’Azure Hybrid Benefit. This advantage allows you to achieve significant savings, as Microsoft only allows you to bear the costs relating to the Azure infrastructure, while the licenses for Windows Server or SQL Server are covered by a Software Assurance contract or an existing subscription.

The Azure Hybrid Benefit can also be extended to Azure SQL Database, to SQL Servers installed on Azure virtual machines and SQL Managed Instances. These benefits facilitate the transition to cloud solutions, bidding up to 180 days of dual use right, and help leverage pre-existing investments in terms of SQL Server licenses. To learn more about how to use the Azure Hybrid Benefit for SQL Server, please consult the FAQs present in this document. It is important to note that this benefit is also applicable to RedHat and SUSE Linux subscriptions, further expanding the opportunities for savings and cost optimization.

The Azure Hybrid Benefit can be combined with Azure Reserved VM Instances, creating an opportunity for significant savings that can reach 80% of the total, especially when you opt for an Azure Reserved Instance purchase for the duration of 3 years. This synergy not only makes the investment cheaper, but also maximizes operational efficiency.

  • Considering the integration of new technologies and the application of architectural optimizations is crucial. This process involves the selection of the most appropriate Azure service for the specific needs of the application in question, ensuring not only optimal technological alignment, but also more efficient cost management.
  • Allocate and de-allocate resources dynamically is critical to meeting fluctuating performance needs. This approach is known as “autoscaling”, a process that facilitates the flexible allocation of resources to meet specific performance needs at any time. As the workload intensifies, an application may require additional resources to maintain desired performance levels and meet SLAs (Service Level Agreement). On the contrary, when demand reduces and additional resources are no longer essential, these can be de-allocated to minimize costs. Autoscaling capitalizes on the elasticity of cloud environments, allowing not only more effective cost management, but also reducing the administrative burden, as resources can be managed more smoothly and with less manual intervention.
  • For test and development environments, it is advisable to consider the use of Dev/Test subscriptions, which offer the opportunity to access significant discounts on Azure fees. These subscriptions can be activated under an Enterprise Agreement, thus facilitating more advantageous cost management and more agile and economical experimentation during the development and testing phases.

Conclusions

The adoption of a methodological approach in managing cloud costs, together with the use of appropriate strategies, represents a fundamental pillar for successfully navigating the complex challenge of cloud economic management. Drawing from the principles and techniques outlined in this article, users can not only optimize expenses, but also make the most of their investment in the cloud, ensuring a balance between costs and benefits.

Azure IaaS and Azure Stack: announcements and updates (September 2023 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Trusted launch as default for VMs deployed through the Azure portal

Azure has introduced “Trusted launch” as a default feature for virtual machines deployed through the Azure portal. Trusted launch hardens Azure virtual machines with security features, ensuring that administrators deploy VMs with verified and signed bootloaders, OS kernels, and a boot policy. The feature encompasses secure boot, vTPM, and boot integrity monitoring, offering protection against boot kits, rootkits, and kernel-level malware. Secure Boot ensures that only signed OSes and drivers boot, while the Virtual TPM (vTPM) safeguards keys, certificates, and secrets within the virtual machine. Additionally, Boot integrity monitoring, in conjunction with Microsoft Azure Attestation and Azure Security Center, provides integrity alerts, recommendations, and remediation actions if remote attestation fails.

Networking

Azure Firewall Single-Click Upgrade and Downgrade Now in General Availability

Azure has introduced a new capability for its Firewall service, allowing users to seamlessly upgrade from the Standard SKU to the Premium SKU, and vice versa. This enhancement simplifies the upgrade and downgrade process, ensuring that users can make these changes without any service interruptions. With just a single click, Azure customers can now easily transition between the two firewall versions. This feature is especially beneficial for those looking to leverage the advanced functionalities of the Premium SKU or revert to the Standard SKU based on their requirements. The Azure Firewall Single-Click Upgrade and Downgrade feature was officially made available on August 31, 2023.

Azure Container Apps support for UDR, NAT Gateway, and smaller subnets

Azure has announced the general availability of Azure Container Apps support for User Defined Routes (UDR), NAT Gateway, and smaller subnets. This enhancement provides users with more flexibility and control over their networking configurations, allowing for more customized and optimized network setups. Azure Container Apps is a fully managed platform for building and running microservices and APIs. With this update, users can now leverage UDR to define custom routes, utilize NAT Gateway for outbound connectivity, and deploy in smaller subnets for more granular network segmentation.

Azure Firewall: Explicit Proxy (preview)

Microsoft Azure has recently introduced a public preview of the Azure Firewall Explicit Proxy. This new feature is designed to enhance the security and performance of Azure’s firewall services. As it is currently in public preview, users can explore its functionalities and provide feedback to help improve the service before its general release. For more details and to stay updated on further developments, you can visit the official announcement page.

Azure Firewall: Auto-Learn SNAT Routes Feature Now in Public Preview (preview)

Azure has introduced a new feature in public preview, named “Auto-Learn SNAT Routes”, promising to simplify and expedite network configurations. This feature allows the Azure Firewall to automatically learn address ranges and configure them to be excluded from SNAT, thereby reducing the time and complexity spent on manually defining private SNAT ranges. To utilize this feature, the Azure Route Server needs to be deployed in the same virtual network as the Azure Firewall. Released on August 31, 2023, this feature promises to be a valuable tool for network administrators seeking to optimize their processes. For more information, you can visit the official page.

Storage

Azure Premium SSD v2 Disk Storage Now Available in Select Regions

Microsoft has announced the general availability of Azure Premium SSD v2 Disk Storage in several regions, including Australia East, France Central, Norway East, and UAE North. This new offering promises to deliver high-quality storage performance while ensuring security and reliability. Users in these regions can now benefit from the advanced storage features offered by Azure, helping to enhance the efficiency and resilience of their systems. For further details, you can visit the official page.

Azure Management services: what's new in August 2023

Microsoft constantly releases news about Azure management services. By publishing this summary, you want an overview of the most significant innovations introduced in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor container insights offers new cost optimization settings

Container insights expands the public preview of cost optimization settings, now enabling a third dimension for adjusting container insights data collection settings, with one configuration per table. Customers can now individually select which data tables to include in their Log Analytics workspace.
Per-table configurations can be enabled through ARM, CLI and Azure Portal.

Configure

Azure Advisor

Improve VM resiliency with Availability Zone recommendations

One of the recommended practices to achieve high resilience, according to the guidelines of the Well Architected Framework (WAF), is the distribution in different zones of the workloads. By adopting this recommendation, now available in Azure Advisor, you can design your solutions to use VM “zonal”, thus ensuring the isolation of virtual machines from potential failures in other areas.

Govern

Azure Cost Management

New cost optimization opportunities using the new workbook template in Azure Advisor
The Azure Cost Optimization Workbook serves as a centralized hub for some of the most used tools that can help the customer achieve their utilization and efficiency goals. It offers a number of recommendations, including Azure Advisor cost recommendations, the identification of idle resources and the management of virtual machines that are not deallocated correctly. Furthermore, provides insights into using the Azure Hybrid benefit options for Windows, Linux e database SQL.

Exporting data to a firewall-protected storage account

Azure Cost Management now supports exporting data to a firewall-protected storage account, ensuring a high level of security. The export can be scheduled on a daily basis, weekly or monthly and the exported data can be used for dashboard creation or for integration with financial systems.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Defender for Container: agentless discovery for Kubernetes;
  • Preview release of GCP support in Defender CSPM;
  • new security alerts in Defender for Servers Plan 2: detection of potential attacks that abuse Azure VM extensions;
  • business model and pricing updates for Defender for Cloud plans.

Protect

Azure Backup

Cross Subscription Restore for Azure Virtual Machines

Microsoft introduced the ability to restore Azure VMs to another subscription within the same tenant as the subscription where the source VM exists, provided you have the necessary permissions. By default, the recovery occurs in the same subscription where the source virtual machine exists. This feature is only allowed if you have Cross Subscription Restore enabled for the Recovery Services vault. Cross Subscription Restore allows you to restore by creating a VM or restoring disks. You can use Cross Zonal Restore and/or Cross Region Restore in conjunction with this restore option.

Azure Backup introduces Cross Region Recovery for PostgreSQL (preview)

Azure Backup has launched a new preview feature: Cross Region restore for PostgreSQL backups. This feature takes advantage of Geo-Redundant storage with Read access, allowing you to keep data in two different regions. The innovation lies in the fact that now not only can backups be accessed when a problem occurs in an Azure region, but you can do it at any time, ensuring greater flexibility and security. This option is particularly useful for those who want to test the readiness of their backups or for those looking for greater data resilience. Currently, this feature is available for PostgreSQL in select regions, enriching the offer of Azure Backup in terms of data accessibility.

Azure Site Recovery

DR for shared disks (preview)

Microsoft released private preview of Azure Shared Disk DR for workloads running Windows Server Failover Clusters (WSFC) on Azure virtual machines. It is therefore possible to protect, monitor and recover WSFC clusters as a single unit throughout its lifecycle, while generating cluster-consistent recovery points.

Salient features:

  • private preview will support the protection of Windows Server failover clusters. Some applications using this architecture are SQL FCI, SAP ASCS, Scale-out File Servers, etc.
    • OS supported: Windows Server 2016 and later;
    • number of nodes: up to 4 nodes per cluster;
    • shared disks: any number of shared disks can be attached to the cluster;
  • the failover operation supports failover of the entire cluster at the same time;
  • once a failover has been performed, you will need to re-enable replication for reverse direction protection.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 68 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Support in the presence of a higher level of “churn” on the data

Azure Site Recovery now supports scenarios with increased data rotation. This enhancement gives customers the ability to handle scenarios with a high volume of data changes, ensuring greater resiliency and reliability for their critical applications.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Azure Database Migration

Azure portal experience for Azure Database Migration Service (preview)

You can now use DMS to perform migrations from both the Azure portal and the ADS extension. The Azure portal experience allows you to perform tasks such as creating a new database migration service from within the Azure portal, initiating the migration from SQL Server on-premises to various Azure targets and accessing an integration runtime configuration page. The Azure portal experience also offers a list of prerequisites, documentation and links to tutorials, customized according to the selected target.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (August 2023 – Weeks: 33 and 34)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Mv3 Medium Memory (MM) Virtual Machines (preview)

Microsoft announced the public preview of the next generation Mv3 Medium Memory (MM) virtual machine series. These virtual machines are designed to offer improved performance and higher reliability compared to their predecessors. Some of the key features of the new Mv3 MM VMs include:

  • Powered by the 4th Generation Intel® Xeon® Scalable Processor and DDR5 DRAM technology.
  • Capability to scale for SAP workloads ranging from 250GB to 4TB, ensuring faster performance and a lower total cost of ownership (TCO).
  • With Azure Boost, the Mv3 MM VMs deliver approximately a 25% improvement in network throughput and up to a 1.5X boost in remote storage throughput compared to the previous M-series families.
  • Azure Boost’s isolated architecture enhances security for the Mv3 MM virtual machines by processing storage and networking separately on dedicated hardware, rather than on the host server.
  • Enhanced resilience against failures in memory, disks, and networking, leveraging insights from previous generations.
  • Availability in both disk and diskless configurations, providing customers with the flexibility to select the option that best suits their workload requirements.

For a more detailed exploration of this release, you can read their blog.

Networking

New Monitoring and Logging Updates in Azure Firewall

New Monitoring and Logging Updates in Azure Firewall are available:

  • Structured Logs: new logging format that provides a more detailed view of firewall events. Structured Logs provide the following benefits: they are easier to work with data in log queries and help discover schemas; they improves performance and reduce latency; they allow ability to grant Azure RBAC rights on specific tables.
  • Latency Probe: The Latency Probe metric is designed to measure the overall latency of Azure Firewall and provide insight into the health of the service.
  • Resource Health (preview): monitor that provides visibility into Azure Firewall health status and allows you to address service problems that may affect your Azure Firewall resource.
  • Embedded Firewall Workbooks (preview): Integrated workbooks into the Azure Firewall Portal that provide valuable insights and statistics regarding your firewall activities and events.

Illumio for Microsoft Azure Firewall

Illumio has joined forces with Microsoft to introduce microsegmentation support for Microsoft Azure Firewall, which is now generally available. This collaboration allows Azure customers to enforce Zero Trust Segmentation, going beyond mere network and application filtering. The integration aids firewall operations teams in understanding rules with a richer context of the resources they are safeguarding. With this enriched context, administrators can effortlessly identify which resource is secured by a particular rule, determine its owner, and confidently manage the rule’s lifecycle.

For a more detailed exploration of this integration and its benefits, you can learn more here.

Quick create Azure Front Door endpoints for Azure Storage accounts

You can now create Azure Front Door Standard and Azure Front Door Premium endpoints directly from the Azure portal, similar to any other Azure CDN endpoint. This integration facilitates the management of all Azure Front Door and/or Azure CDN profiles linked to a storage account from a unified interface. Setting up a new Azure Front Door Service and endpoint for a storage account is straightforward. Users can simply browse to their storage account in the Azure portal and navigate to the Front Door and CDN profiles section. From this location, it’s possible to establish new endpoints, swiftly access the endpoint profiles, manage custom domains for the endpoints, and activate security features such as the Web Application Firewall and/or Private Link. For a more detailed understanding, you can read the documentation.

Azure Front Door Standard/Premium in Azure Government

Azure Front Door (AFD) Standard and Premium tier is now generally available in Azure Government, specifically in the regions of Arizona and Texas. With this release, Local Government (US) customers and their partners can leverage the new and enhanced capabilities offered in the standard and premium tiers. Some of these capabilities include improved reporting and diagnostic tools, an expanded rules engine with server variables, an enhanced Web Application Firewall with features like the latest DRS rule set, Bot protection, and more. The integration with Microsoft Sentinel Analytics and other security features such as Private Link connectivity and subdomain takeover prevention further enhance the offering. However, it’s important to note that the managed certificate for enabling HTTPS is currently not supported in Azure Government, and users are advised to utilize their own certificates.

Rate-limit rules for Application Gateway Web Application Firewall (preview)

Azure’s regional Web Application Firewall (WAF) running on Application Gateway has introduced support for rate-limit custom rules. These rules are designed to detect and block unusually high traffic levels aimed at your application. By implementing rate limiting, users can counteract various denial-of-service attacks, safeguard against clients that might have been mistakenly set up to send a large number of requests in a brief period, and manage traffic rates to their site from specific regions.

For more details, you can learn more here.

Storage

Incremental Snapshots for Premium SSD v2 Disk and Ultra Disk Storage

Azure has announced the general availability of incremental snapshots support for Premium SSD v2 and Ultra Disk. This feature comes with an instant restore capability and is available in all regions where Premium SSD v2 and Ultra Disk are supported. With this update, users can instantly restore Premium SSD v2 and Ultra Disks from snapshots and attach them to a running VM without waiting for any background data copy. This new capability allows immediate read and write access to disks after their creation from snapshots. This ensures a quick recovery of data from accidental deletions or disasters.

For more information and a deeper understanding of this feature, you can refer to the documentation.

Custom NFSv4.1 ID domain in Azure NetApp Files (preview)

Azure NetApp Files now supports custom NFSv4.1 ID domains in public preview. This feature allows users to customize the NFSv4.1 ID domain for their volume, ensuring a seamless migration of NFSv4.1 workloads to Azure NetApp Files. This enhancement provides flexibility and aids in the migration of workloads without the need to modify the client configuration.

Azure NetApp Files Cloud Backup for Virtual Machines (preview)

Azure NetApp Files introduces Cloud Backup for Virtual Machines in public preview. This feature provides an integrated, native backup solution for Azure Virtual Machines, ensuring data protection and business continuity. With Cloud Backup for Virtual Machines, you can now create VM consistent snapshot backups of VMs on Azure NetApp Files datastores. The associated virtual appliance installs in the Azure VMware Solution cluster and provides policy based automated and consistent backup of VMs integrated with Azure NetApp Files snapshot technology for fast backups and restores of VMs, groups of VMs (organized in resource groups) or complete datastores lowering RTO, RPO, and improving total cost of ownership.

Azure Elastic SAN Updates: Private Endpoints & Shared Volumes (preview)

As Azure approaches the general availability of Azure Elastic SAN, they have been continuously enhancing the service and introducing new features based on feedback from Azure customers. Recently, they have released support for private endpoints and volume sharing via SCSI (Small Computer System Interface) Persistent Reservation.

With the introduction of private endpoint support, users can now access Elastic SAN volumes either through private endpoints or via public endpoints that are restricted to specific virtual network subnets. This update is crucial for those who need the added layer of security that private endpoints provide. Additionally, the shared volume support allows users to connect and utilize an Elastic SAN volume from multiple compute clients, such as virtual machines. This is done while using SCSI reservation commands to select from various supported access modes to read or write to the volume. Furthermore, persistent reservations are supported, ensuring uninterrupted access to data even across reboots.

For a deeper understanding and more details on these features, you can read the blog and refer to the documentation about Azure Elastic SAN.