Category Archives: Microsoft Azure

Azure IaaS and Azure Stack: announcements and updates (December 2021 – Weeks: 49 and 50)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual Machine restore points (preview)

Public preview of VM restore point is available, a new resource that stores VM configuration and a point-in-time snapshot of one or more managed disks attached to a VM. VM restore points supports multi-disk application consistent snapshots and can be leveraged to easily capture backups of your VM and disks. You can easily restore the VM using VM restore points in cases of data loss, corruption, or disasters. Microsoft is also introducing a new Azure Resource Manager (ARM) resource called Restore Point Collection, which will act as a container for all the restore points of a specific VM.

Placement polices for Azure VMware Solution

Placement policies are used to define constraints for running virtual machines in the Azure VMware Solution Software-Defined Data Center (SDDC). These constraints allow the you to decide where and how the virtual machines should run within the SDDC clusters. Placement polices are used to support performance optimization of virtual machines (VMs) through policy, and help mitigate the impact of maintenance operations to policies within the SDDC cluster.

Storage

Secure access to storage account from a virtual network/subnet in any region (preview)

You can secure access to your storage account by enabling a service endpoint for Storage in the subnet and configuring a virtual network rule for that subnet through the Azure storage firewall. You can now configure your storage account to allow access from virtual networks and subnets in any Azure region. By default, service endpoints enable connectivity from a virtual network to a storage account in the same Azure region as the virtual network or it’s paired Azure region. This preview enables you to register your subnet to allow service endpoint connectivity to storage accounts in any Azure region across the globe.

Attribute-based Access Control (ABAC) conditions with principal attributes (preview)

Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments expressed as a predicate using these attributes. This update to the preview enables the use of Azure AD custom security attributes for principals in role assignment conditions. You can now use combine principal attributes with resource and request attributes in your condition expressions.

Soft delete for blobs capability for Azure Data Lake Storage

Soft delete for blobs capability for Azure Data Lake Storage is now generally available. This feature protects files and directories from accidental deletes by retaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object, i.e. file or directory, to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted. All soft deleted files and directories are billed at the same rate as active ones until the retention period has expired.

Azure Stack

Azure Stack HCI

Windows Server guest licensing offer for Azure Stack HCI (preview)

To facilitate guest licensing for Azure Stack HCI customers, we are pleased to announce a new offer that brings simplicity and more flexibility for licensing. The new Windows Server subscription for Azure Stack HCI is available in public preview as of December 14, 2021. This offer will allow you to purchase unlimited Windows Server guest licenses for your Azure Stack HCI cluster through your Azure subscription. You can sign up and cancel anytime and preview pricing is $0 until general availability (GA). At GA, the offer will be charged at $23.60 per physical core per month. This offer simplifies billing through an all-in-one place Azure subscription and in some cases will be less expensive for customers than the traditional licensing model.

Azure IaaS and Azure Stack: announcements and updates (December 2021 – Weeks: 47 and 48)

Azure

Compute

West Central US: Microsoft expands cloud services with two new datacenters in Wyoming

Microsoft is announcing the launch of two new Microsoft datacenters in Cheyenne – Wyoming, one in Cheyenne Business Parkway and another in Bison Business Park, enabling to expand and support the growth and demand for digital services in West Central US datacenter region. Cheyenne has been home to Microsoft’s cloud infrastructure services since 2012 and this expansion will enable us to continue providing services to current and new customers.

New Azure Virtual Machines DCasv5 and ECasv5-series (preview)

Azure DCasv5/ECasv5 confidential virtual machines (VMs) powered by 3rd Gen AMD EPYC™ processors with SEV-SNP are available in preview.

SQL Server IaaS Agent extension for Linux SQL VMs

Microsoft is making the capabilities of SQL Server IaaS Agent extension available to Linux platforms, starting with Ubuntu with plans for other distributions in time.

If you are already running SQL Server on Azure using an Ubuntu Linux Virtual Machine, the SQL Server IaaS Agent extension now enables you to leverage integration with the Azure portal and unlocks the following benefits for SQL Server on Linux Azure VMs:

Compliance: The extension offers a simplified method to fulfill the requirement of notifying Microsoft that the Azure Hybrid Benefit has been enabled as is specified in the product terms. This process negates needing to manage licensing registration forms for each resource.
Simplified license management: The extension simplifies SQL Server license management, and allows you to quickly identify SQL Server VMs with the Azure Hybrid Benefit enabled using the Azure portal, Azure PowerShell, or the Azure CLI.

IaaS Agent extension full mode no restart for SQL VMs

You can now enable the full mode of SQL Server IaaS Agent extension with no restart, giving you access to more manageability features for SQL Server on Azure Virtual Machines without interruption to your workloads. Previously, you had to restart the SQL Server services to enable these features. The full mode of SQL Server IaaS Agent extension unlocks many benefits such as Automated Backup, Automated Patching, Storage Optimization, and more, along with license management that comes with lightweight mode.

Storage

Azure File Sync: new agent released

The Azure File Sync agent v14.1 is available. Issue that is fixed in the v14.1 release:

Tiered files deleted on Windows Server 2022 are not detected by cloud tiering filter driver. This issue can also impact Windows 2016 and Windows Server 2019 if a tiered file is deleted using the FILE_DISPOSITION_INFORMATION_EX class.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
The agent version for this release is 14.1.0.0.
Installation instructions are documented in KB5001873.

Azure NetApp Files application volume group for SAP HANA (preview)

Application volume group (AVG) for SAP HANA enables you to deploy all volumes required to install and operate an SAP HANA database according to best practices in a single one-step and optimized workflow. The application volume group feature includes the use of proximity placement group (PPG) with VMs to achieve automated, low-latency deployments. Application volume group for SAP HANA has implemented many technical improvements that simplify and standardize the entire process to help you streamline volume deployments for SAP HANA. Instead of creating the SAP HANA volumes (data, log, shared, log-backup, file-backup) individually, the new application volume group for SAP HANA creates these volumes in a single ‘atomic’ operation (GUI, RP, API).

Networking

VPN Gateway NAT

Azure VPN NAT (Network Address Translation) supports overlapping address spaces between your on-premises branch networks and your Azure Virtual Networks. NAT can also enable business-to-business connectivity where address spaces are managed by different organizations and re-numbering networks is not possible. VPN NAT provides support for 1:1 Static NAT and 1-to-many dynamic NAT.

Wildcard listener on Application Gateways

Azure Application Gateway now supports the use of wildcard characters such as asterisk (*) and question mark (?) for hostnames on a multi-site HTTP(S) listener. You can now route requests from multiple host-names such as shop.contoso.com, accounts.contoso.com, pay.contoso.com to the same backend pool through a single listener configured with a wildcard hostname such as *.contoso.com.

Azure Management services: what's new in November 2021

In November, Microsoft unveiled several news regarding Azure management services, accomplice also the Microsoft Ignite conference 2021. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Log Analytics Workspace Insights in Azure Monitor

Microsoft has announced the availability ofLog Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: usage, performance, integrity, agents, query and change logs.

These are the main questions to which the solution can provide an answer:

What are the main tables, those where most of the data is imported?
Which resource sends the most logs to the workspace?
How long does it take for the logs to reach the workspace?
How many agents are connected to the work area? How many are in a health state?
Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
Who has set a daily limit? When data retention has changed?
- Useful for keeping a log of changes in workspace settings.

New troubleshooting experiences in Network Insights for VPN Gateway & Azure Firewall

It is now possible to access detailed information and have a new problem solving experience in Azure Monitor Network Insights for VPN Gateway and Azure Firewall.

In fact,, you have the option of:

Access the resource topology that shows the integrity of the same and the related connections
A workbook showing all the key metrics
Direct links to documentation and troubleshooting guide

Azure Monitor container insights for Azure Arc enabled Kubernetes

In Azure Monitor, you can get detailed information about the containers running in Azure Arc-enabled Kubernetes environments. This allows you to centralize the visualization of infrastructure metrics, of container logs and related recommendations. The main features are:

Simple onboarding directly from the Azure portal
Receipt of automatic updates from the monitoring agent
Performance visibility, collecting memory and processor metrics from controllers, nodes and containers
Views via workbook and in the Azure portal
Alerts and queries on historical data for troubleshooting
Ability to examine Prometheus metrics

Manage Log Analytics data export rules in the Azure portal (preview)

The export of Log Analytics data can now be configured in the Azure portal. This allows you to easily manage data export rules by giving you a clear view of existing rules in the workspace, regardless of whether they are in the enabled or disabled state. It is also possible to modify existing rules and create new rules with a few simple steps.

Azure Monitor for SAP: new telemetry and root cause analysis (RCA)

Azure Monitor for SAP Solutions (AMS) introduced support for new telemetry data of SAP HANA (preview) and SAP NetWeaver

For SAP HANA we find:

License status: provides licensing details for all tenants running with SAP HANA MDC.
Multi-Version Concurrency Control (MVCC): report on the consistency of transactional data, isolating the transactions that access the same data at the same time
Details on save point operation
Details on delta merge
Statistics on HANA Alert

Customers who are using the solution will have available, without carrying out any further activities, the above telemetry data. For new customers who want to activate this solution, you can follow this guide to AMS onboarding and configure at least one SAP HANA provider.

Furthermore, customers using SAP in an Azure environment can view the “root cause analysis (RCA)” when a SAP system becomes unavailable due to an outage of the virtual machine or host. In fact,, AMS allows you to view information about the restart, the analysis of the triggering cause, details on the affected system and recommended steps.

AMS is currently available in the following Azure regions: US East, US East 2, US West 2, Europe West, and Europe North. AMS does not incur any additional licensing fees, but only the consumption costs of Azure Monitor are covered.

Configure

Azure Automation

PowerShell runbook support 7.1 (preview)

Azure Automation support for PowerShell runbooks 7.1 has been made available in preview on Azure, Azure Gov and Azure China. This allows for the development and execution of runbooks using PowerShell 7.1, both for cloud processes and for hybrid processes on Azure and non-Azure systems.

Support for Managed Identities

Support for Managed Identities has been introduced in Azure Automation. System Assigned Managed Identities are supported for cloud and hybrid processes, while User Assigned Managed Identities are only supported for cloud processes. This support allows you to reduce the effort of managing Run As Accounts for runbooks. A User Assigned Managed Identities is an independent Azure resource that can be assigned to the Azure Automation account, which can have multiple associated user-assigned identities. The same identity can be assigned to multiple Azure Automation accounts.

Govern

Update Management

Automatic VM guest patching

The new feature called "Automatic VM guest patching" is now available and helps simplify update management and achieve security compliance. Enabling the feature “Automatic VM guest patching” patches classified as critical and security are automatically downloaded and applied to the system. This feature is available for both Windows and Linux systems.

Azure Cost Management

Azure Advisor: tips to save on Azure Cosmos DB resource costs

Specific recommendations have been included in Azure Advisor to help you achieve possible cost savings for Azure Cosmos DB, obtained based on the historical use of resources.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

Change to the names of Azure solutions in the security field

In November, durante Ignite 2021, changes have been announced to the names of Microsoft Azure solutions in the security field, as below:

Figure 2 - New names for Azure security solutions

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Azure Security Center and Azure Defender have been unified and are called “Microsoft Defender for Cloud”
Native CSPM for AWS and Threat Protection for Amazon EKS and AWS EC2
Prioritizing sensitive data in cloud workloads, using Azure Purview
Improvements to integration with Microsoft Sentinel
Azure Security Benchmark v3 released

Protect

Azure Backup

Multi-user authorization for backups (preview)

Multi-user authorization for Azure Backup provides advanced protection for Recovery Services vaults against unauthorized critical operations. Azure Backup uses a Resource Guard to ensure that critical operations are performed only with the appropriate authorization. With this mechanism, Azure Backup helps provide better protection against operations that could lead to the loss of backup data, including:

Disabling soft delete and hybrid security settings
Disabling MUA protection
Changes to backup policies
Security changes
Stop protection
Changing the MARS security PIN

The backup administrator, which typically accesses the Recovery Services vault, must acquire the role of Contributor on Resource Guard to be able to perform the above protected operations (Critical). To do this, it must also request the action of the Resource Guard owner, who must approve and grant the requested access. It is also possible to use Azure AD Privileged Identity Management to manage just-in-time access on Resource Guard. Furthermore, it is possible to create the Resource Guard resource in a subscription or in a tenant other than that of the Recovery Services vault, for maximum isolation.

Metrics and related alerts for Azure Backup (preview)

Azure Backup now provides built-in metrics to allow you to monitor the integrity of backups and write custom alert rules based on these metrics.

Azure Site Recovery

Support for failover of multiple IP configurations

Azure Site Recovery has been introduced, for virtual machines on Azure, support for failover of secondary IP configurations. This allows you to configure failover and test failover settings for each secondary IP configuration, currently only in the Azure to Azure scenario (A2A).

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 59 which solves several problems and introduces some improvements. Among the most important innovations we find support for Windows Server 2022 for the mobility Service. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 45 and 46)

Azure

Compute

Virtual machines selector now generally available

Microsoft want to simplify the process required for you to identify the right VM based on your needs and budget. To that end, virtual machines selector is a web-based tool localized in 26 languages and available worldwide. Using the virtual machines selector you can specify your requirements, such as the category of workload you plan to run in Azure, and the technical specifications of your VM (e.g., OS disks storage options, data disks storage performance, Operating System, deployment region, etc.). After a few simple steps, the tool identifies the best VM and disk storage combination based on the information you enter. You will then be able to view the details of the recommended VMs and their prices. You can then add the selected VMs to the pricing calculator to perform a more comprehensive cost analysis.

New cloud region in Sweden

The new sustainable datacenter region in Sweden, with presence in Gävle, Sandviken and Staffanstorp is available. It includes Azure Availability Zones, which offer you additional resiliency for your applications by designing the region with unique physical datacenter locations with independent power, network, and cooling for additional tolerance to datacenter failures.

Azure VMware Solution now generally available in the France Central Azure Region and in Japan West Azure Region

Azure VMware Solution has expanded availability to Japan West and to France Central. With this release Japan West is now the second region within the Japan sovereign area to become available (joining Japan East).

SQL Server on Azure Virtual Machines: Multi subnet high availability

You can now simplify your SQL Server on Azure Virtual Machines high availability and disaster recovery configuration by deploying virtual machines in multiple subnets, eliminating the need for an Azure Load Balancer. Multi subnet configuration natively helps you match on-premises experience for connecting to your availability group listener or SQL Server failover cluster instance. Additionally, this feature doesn’t have any limitations on unique port or feature interoperability considerations like distributed network name (DNN) for availability group and failover cluster instance. Multi subnet configuration is natively supported by all versions of SQL Server and Windows Server Failover Cluster to simplify deployment, maintenance and improve failover time.

Azure Virtual Machines DCv3-series now available in Europe West and North (preview)

Announcing public preview expansion of the DCv3-series VMs to Europe West and North.

Storage

SFTP support for Azure Blob Storage (preview)

Starting today, SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is available for public preview in select regions. Azure Blob Storage is the only storage platform that supports SFTP over object storage natively in a serverless fashion, enabling you to leverage object storage economics and features. With multi-protocol support, you can run your applications on a single storage platform with no application rewrites necessary, therefore eliminating data silos.

NFSv4.1 support on Azure Files

Azure Files support for NFS v4.1 on premium tier for both locally-redundant storage and zone-redundant storage is available. Now you can deploy these fully POSIX compliant, distributed NFS file shares in your production environments for a wide variety of Linux and container based workloads. Some example workloads include: highly available SAP application layer, enterprise messaging, user home directories, custom line-of-business applications, database backups, database replication, and devops pipelines. NFS 4.1 is available in all regions where the premium tier of Azure Files exists.

Azure Archive rehydration priority update

Azure Archive Storage provides a secure, low-cost means for retaining cold data, including backups and archival storage. Data stored in Archive Storage is offline and unavailable for read access until it is rehydrated to the hot or cool tier. You can choose to rehydrate data with standard or high priority, depending on the urgency of the retrieval request. Previously, it was not possible to change the retrieval priority after initiating a rehydration operation; priority had to be determined in advance, and there was no flexibility to update the priority if the retrieval urgency subsequently changed.

Archive Storage now supports updating the retrieval priority from standard to high while a rehydration operation is pending. You can simplify rehydration management and improve cost efficiency by initiating the rehydration operation with standard priority for a set of blobs, then updating the priority to high for any blobs that require faster retrieval.

Networking

VPN Gateways: increased connection limit

The max number of Site-to-Site/VNet-to-VNet connections on a VPN Gateway has been increased from 30 to 100 tunnels for SKUs VpnGw4, VpnGw5, VpnGw4AZ, and VpnGw5AZ.
This change does not affect legacy gateways with the High Performance SKU.

Azure Bastion: new features available with Standard SKU (preview)

With the new Azure Bastion native client support you can:

Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local Windows machine
Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials

Also, with the new Azure Bastion IP based connection capability you can now connect to any target resource reachable from your Bastion using its private IP address. This includes any reachable resources hosted on-premises or in other clouds, allowing you to achieve more secure global remote connectivity with Azure Bastion.

ExpressRoute now supports Azure Virtual Desktop Shortpath RDP over Private Peering

ExpressRoute Private Peering now supports Azure Virtual Desktop RDP Shortpath. After establishing the reverse connect transport, the client and session host starts the RDP connection. With RDP Shortpath configured, the client will require a direct connectivity with the session host to establish a secure TLS connection. You can leverage ExpressRoute Private peering to setup the direct connection to support RDP Shortpath.

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 43 and 44)

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite (November 2021) conference.

Azure

Compute

Zerto Disaster Recovery for Azure VMware Solution

Zerto Disaster Recovery is now available and supported with Azure VMware Solution, delivering data protection and disaster recovery services that eliminate data loss and downtime for vSphere virtual machines running on Azure VMware Solution environment.

Zerto Disaster Recovery for Azure VMware Solution supports the following 3 scenarios:

On-premises VMware to Azure VMware Solution for Hybrid disaster recovery
Azure VMware Solution to Azure VMware Solution for cloud-based disaster recovery
Azure VMware Solution to Azure IaaS for cloud-based disaster recovery

Azure Spot Virtual Machines: Try to restore functionality

You can now opt-in and use this feature while deploying Spot VMs using Virtual Machine Scale Sets. This new feature will automatically try to restore an evicted Spot VM to maintain the desired target compute capacity (e.g., number of VMs) in a scale set.

Storage

Azure File Sync agent v14

Improvements and issues that are fixed in the v14 release:

Improved server endpoint deprovisioning guidance in the portal. When removing a server endpoint via the portal, we now provide step by step guidance based on the reason behind deleting the server endpoint, so that you can avoid data loss and ensure your data is where it needs to be (server or Azure file share).
Invoke-AzStorageSyncChangeDetection cmdlet improvements. Microsoft has improved the Invoke-AzStorageSyncChangeDetection cmdlet and the 10,000 item limit no longer applies when scanning the entire share.
Azure File Sync is now supported in West US 3 region.
Reduced transactions when a file consistently fails to upload due to a per-item sync error.
Reliability and telemetry improvements for cloud tiering and sync.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
The agent version for this release is 14.0.0.0.
Installation instructions are documented in KB5001872.

Ephemeral OS disks for Azure VMs support additional VM sizes

You now can choose where to store Ephemeral OS disks, either in VM temp disk or on VM cache. This feature enables Ephemeral OS disks to be created for all the VMs, which don’t have cache or have an insufficient cache (such as Dav3, Dav4, Eav4, and Eav3) but has sufficient temp disk to host the Ephemeral OS disk.

Networking

New Azure Firewall Premium capabilities

Several new Azure Firewall Premium capabilities are available:

Azure Firewall Premium availability in more regions. Azure Firewall Premium is now available in both Microsoft Government Cloud and Azure China 21Vianet. This expansion makes Azure Firewall Premium now available in 44 Azure regions.
Terraform support for Firewall Policy Premium. Azure Firewall Premium supports a range of DevOps tools including Azure CLI, PowerShell, REST API. Customers can now use Terraform, a popular open-source tool used by DevOps for implementing infrastructure as code, to manage their Azure Firewall Premium.
Web categories Category Check (in preview). Web categories lets administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Often customers want to check what categories does a specific URL fall under. Customers can now use the convenience of Azure Portal to determine URL web categories and share feedback if the category is not accurate.
Migrate to Premium SKU using Stop/Start approach. If you use Azure Firewall Standard SKU with Firewall Policy, you can use the Allocate/Deallocate method to upgrade your Firewall SKU to Premium. This migration approach is supported on both VNET Hub and Secure Hub Firewalls. Secure Hub deployments will be upgraded while preserving the public IP of the firewall.

Extended regional availability for Private Link NSG Support and for Private Link UDR Support

Private Endpoint support for Network Security Groups (NSGs) and Private Endpoint support for User Defined Routes (UDRs) are now in public preview.

Private Endpoint support for Network Security Groups (NSGs) enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint.
Private Endpoint support for User Defined Routes (UDRs) enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range.

At this time, this features are available in the following regions: UsEast2Euap, UsCentralEuap, WestCentralUS, WestUS, WestUS2, EastUS, EastUS2, Asiaeast, Australiaeast, Japaneast, Canadacentral, Europenorth, Koreacentral, Brazilsouth, Uksouth, US South, US North, and France Central.

ExpressRoute IPv6 Support for Private Peering

IPv6 support for ExpressRoute Private Peering is now generally available with ExpressRoute circuits and Azure environments globally. IPv6 support will unlock hybrid connectivity for you as you look to expand into mobile and IoT markets with Azure, or to address IPv4 exhaustion in your on-premise networks.

Azure IaaS and Azure Stack: most impactful announcements at Microsoft Ignite – November 2021

This special edition includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft this week during Microsoft Ignite (November 2021) conference. Microsoft announced several important additions to its Azure infrastructure as a service (IaaS) portfolio and the Microsoft infrastructure services continue to evolve to optimize the experience of running business-critical workloads.

Azure

Compute

Azure trusted launch for Virtual Machines

Azure trusted launch protects your virtual machines against boot kits, rootkits, and kernel-level malware. Trusted launch allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and drivers. By leveraging secure and measured boot, administrators gain insights and confidence of the entire boot chain’s integrity. With virtual Trusted Platform Module (vTPM), administrators can securely protect keys, certificates, and secrets in the virtual machines. In addition, administrators can monitor and attest to the integrity of virtual machines as well as reacting to any changes to the attestation policy baseline. Azure Security Center serves as a single pane of glass for integrity alerts, recommendations, and remediations generated by trusted launch. These new features are easily enabled , trusted launch is switched on with a simple change in deployment code or a checkbox within the Azure portal for all virtual machines.

Expansion of the Azure Virtual Machines portfolio

New Azure Virtual Machines, which provide better price-performance for most general-purpose and memory-intensive workloads compared to prior VM generations, are now generally available. This important expansion of the Azure Virtual Machines portfolio now includes:

The general availability of Dv5 and Ev5 Azure VMs, which deliver up to 15% increased performance for many workloads and better price-performance than the previous Dv4 and Ev4-series VMs. These new VMs can scale up to 96 vCPUs and feature the latest 3rd Gen Intel Xeon Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration.
The new Dasv5 and Easv5 Azure VMs are based on the 3rd Generation AMD EPYCTM 7763v (Milan) processor. These new VMs provide options with and without local disk storage for a lower price of entry. Standard SSDs, Standard HDDs, Premium SSDs, and Ultra Disk storage are supported based on regional availability. In addition, support for nested virtualization is also available.
The new DCsv3 and DCdsv3-series Azure Virtual Machines transform the state-of-the-art for confidential workloads. Now with the 3rd Gen Intel Xeon Scalable processors, the capabilities of DC-series have improved substantially.

The Dv5 and Dasv5 Azure VMs, work well for many general computing workloads, e-commerce systems, web front ends, desktop virtualization solutions, customer relationship management applications, entry-level and mid-range databases, application servers, and more. The Ev5 and Easv5 Azure VMs are ideal for memory-intensive enterprise applications, larger relational database servers, data warehousing workloads, business intelligence applications, in-memory analytics workloads, and additional business-critical applications.

Azure Virtual Machine Scale Sets: new orchestration mode

Virtual Machine Scale Sets flexible orchestration mode helps you simplify the deployment, management, and scalability of your applications. These new features also combine the functionality of our previously separate Availability Sets and Virtual Machine Scale Sets offerings. As a result, you will now be able to manage your business-critical applications more effectively while ensuring high availability at massive scale. Additionally, this new capability provides full control of the individual VMs within a scale set while increasing overall performance. IT organizations will now also be able to change VM sizes without redeploying their scale set resulting in greater operational agility. They will also be able to mix Spot Virtual Machines and pay-as-you-go VMs within the same scale set to optimize costs while managing VMs and VM scale sets using the same APIs.

Azure VMware Solution now generally available in the Germany West Central Azure region

Azure VMware Solution has now expanded availability to Germany West Central, this update is in addition to the existing availability multiple Azure regions in US, Europe, Australia, Japan, UK, Canada, Brazil and Southeast Asia (Singapore).

Storage

Centralized management of keys for encrypting Azure disks

Now you can manage your Azure Key Vault centrally in a single subscription and use the keys stored in the Key Vault to encrypt managed disks and snapshots in other subscriptions in your organization. This allows your security team to enforce and easily manage a robust security policy to a single subscription.

On-demand disk bursting for Azure Premium SSDs

Microsoft is announcing the general availability of on-demand bursting on Azure Premium SSDs larger than 512 GiB or larger. Unlike the previous credit-based system where you can only burst if you have accumulated credits, the new on-demand bursting capability allows you to burst up to 6X (up to 30,000 IOPS and 1,000 MB/s of throughput) of the provisioned amount whenever needed. This provides you with the flexibility to scale performance to meet demand and optimize costs. You can easily take advantage of on-demand bursting by enabling it on supported Premium SSD disks. You will pay for a burst enablement fee and burst transaction costs for the additional transactions beyond the provisioned target.

Live resize of Azure Disk Storage (preview)

Resizing a disk on Azure can provide more storage capacity and better performance for your applications. Now, with live resize in preview, you can dynamically increase the size of your disks without any downtime to your application. You can start with smaller disks to keep costs down and increase the size of your disks without any downtime as your data footprint grows.

Cross-region snapshot copy for Azure Disk Storage (preview)

Incremental snapshots are cost-effective point-in-time backups of Azure Managed Disks. They are billed for the changes to disks since the last snapshot and are always stored on the most cost-effective storage, Standard HDD storage, irrespective of the storage type of the parent disk. With cross-region snapshot copy now in preview, you can easily copy of incremental snapshots to any region of your choice. Azure manages the copy process and ensures that only changes since the last snapshot in the target region are copied over, reducing the data footprint and recovery point objective (RPO).

Azure VMware Solution: new capabilities introduced for disk pool (preview)

New capabilities are introduced in Disk Pool (preview) to enable Disk storage as the persistent storage for Azure VMware Solution. Disk Storage integration with Azure VMware Solution combines the power of familiar VMware technology running on Azure, with efficient Azure Disk Storage. Disk Pool enables Azure VMware Solution to access Disk storage by surfacing an Internet Small Computer Systems Interface (iSCSI) endpoint for disks. You can add new or existing disks to disk pool and expose them as datastores in Azure VMware Solution. Microsoft is introducing new capabilities to disk pool across availability, cost-effectiveness, and end-to-end integration:

Improved availability of disk pool with an enhancement to the underlying iSCSI infrastructure to a Highly Availably architecture with dual controller support
Addition of Azure Standard SSDs as a supported disk offering for a more cost-effective option for Disaster Recovery scenarios
Updates to the pricing model to a service-based pricing model. Currently, customers are being billed for the managed resources deployed to support disk pool. With this new pricing model, customers will be charged an hourly service fee, which is based on the performance tier selected (Basic, Standard, Premium SKUs). The pricing model change will be effective on December 1, 2021.
End-to-end portal experience for connecting a disk pool to Azure VMware Solution clusters and managing underlying storage

Networking

Bastion Standard SKU

With the new Azure Bastion Standard SKU, you can now perform/configure the following:

Manually scale Bastion host Virtual Machine instances: Azure Bastion supports manual scaling of the Virtual Machine (VM) instances facilitating Bastion connectivity. You can configure 2-50 instances to manage the number of concurrent SSH and RDP sessions Azure Bastion can support.
Azure Bastion admin panel: Azure Bastion supports enabling/disabling features accessed by the Bastion host.

Azure Virtual Network Manager (preview)

Azure Virtual Network Manager is a highly scalable and available network management solution. It allows you to simplify network management across subscriptions globally. Using the centralized network management capabilities, you can manage your network resources at scale from a single plane of glass.

Key features of Azure Virtual Network Manager include:

Global management of virtual network resources across regions and subscriptions
Automated management and deployment of virtual network topologies such as hub and spoke and mesh
High-priority security rule enforcement at scale to protect your network resources
Simple deployment of network configurations

Gateway Load Balancer (preview)

Gateway Load Balancer is a fully managed service enabling you to deploy, scale, and enhance the availability of third party network virtual appliances (NVAs) in Azure. You can add your favorite third party appliance whether it is a firewall, inline DDoS appliance, deep packet inspection system, or even your own custom appliance into the network path transparently, all with a single click.

With Gateway Load Balancer, you can easily add or remove advanced network functionality without additional management overhead. It provides the bump-in-the-wire technology you need to ensure all traffic to a public endpoint is sent to the appliance before your application. What makes Gateway LB even more powerful is ensuring symmetrical flows or ensuring a consistent route to your network virtual appliance, without having to update routes manually. As a result, packets traverse the same network path in both directions to function are able to do so.

NAT gateway integration with AKS

You can now provision a NAT gateway as part of cluster creation or create an AKS cluster with a NAT gateway on an existing VNET, instead of configuring a NAT gateway manually. A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to external services, but external services cannot initiate a connection. With NAT gateway support, ingress traffic can be handled via the Load Balancer, and egress traffic can be distributed across up to 16 IP addresses, providing the potential for 64,000 concurrent UDP and TCP flows per IP.

New troubleshooting experiences in Network Insights for VPN Gateway & Azure Firewall

Access rich insights and new troubleshooting experiences in Azure Monitor Network Insights for VPN Gateway and Azure Firewall.

With the new resources, you can access:

A resource topology showing resource health and connected resources
A pre-built workbook showing all key metrics along multiple
Direct links to documentation and troubleshooting help

ExpressRoute private peering support for BGP communities and FastPath improvements (preview)

ExpressRoute private peering now supports the use of custom Border Gateway Protocol (BGP) communities with virtual networks connected to your ExpressRoute circuits. Once you configure a custom BGP community for your virtual network, you can view the regional and custom community values on outbound traffic sent over ExpressRoute when originating from that virtual network. These values can be used when applying filters or specifying routing preferences for traffic sent to your on-premises from your Azure environment.

Also, ExpressRoute FastPath now supports a greater variety of scenarios, such as support for traffic sent to peered virtual networks.

Azure Network Function Manager

Azure Network Function Manager, which offers a consistent management experience for pre-validated mobile network functions to enable a private LTE/5G solution, is now generally available. The service also enables a seamless cloud-to-edge experience for Azure Marketplace network functions like SD-WAN and VPN. For a true hybrid experience, customers can use Azure Marketplace to choose from a pre-validated list of marketplace network functions to help ensure proper operation with Azure Stack Edge.

Azure Stack

Azure Stack HCI

Azure Virtual Desktop for Azure Stack HCI (preview)

With Azure Virtual Desktop for Azure Stack HCI, you can maintain full control over your infrastructure and enjoy the advantages of Azure Virtual Desktop in your own datacenter, including a full Windows 10 and 11 desktop experience for users with multi-session or single session support to optimize cost and performance.

Azure benefits for Windows Server

To license and activate Windows Server, Azure Stack HCI already lets you bring your own Datacenter license to enable automatic VM activation (AVMA). Coming soon, if you don’t already have a license, there’s a convenient new option to pay for your Windows Server guests through your Azure subscription, just like in Azure.

Arc-enabled VM management (preview)

In addition to managing your host cluster, you can now use Azure Arc to provision and manage virtual machines running on Azure Stack HCI directly from the Azure Portal. VMs and their associated resources like VM images, disks, and networks are projected into ARM as separate first-class resources by a new cross-platform technology called the Arc resource bridge.

Azure Management services: what's new in October 2021

In October, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released on a monthly basis I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.

Monitor

Azure Monitor

Availability and support of availability zones in new regions

Azure Monitor Log Analytics is available in the following new regions:

West US 3
Korea South
Canada East

To check the availability of the service in all the Azure regions you can consult this document.

Furthermore, support for Availability Zones was introduced in the region of West US 2 for Azure Monitor Log Analytics and Application Insights, which allows to ensure greater availability for the logs present in the Workspace.

Azure Monitor container insights: updating the user experience from the portal

The user experience from the portal for Azure Monitor container insights has been updated and allows you to:

Get detailed information about containers more easily
View resource usage as allocable capacity
Take advantage of new metrics and new recommended alerts

Azure Monitor Query SDK

Microsoft has released the Azure Monitor Query SDK for .NET, Java, JavaScript/TypeScript e Python. This new SDK allows developers to build applications that perform read-only queries on Azure Monitor logs and metrics, so that they can analyze and visualize the data in customized ways. The SDK has been modernized to follow the Azure SDK guidelines and be idiomatic for each programming language. Furthermore, introduces a number of updates and new features.

Azure Monitor application insights in Azure Spring Cloud

Thanks to this new integration in Azure Monitor Application Insights it is possible to enable the monitoring of Java Spring Boot applications running in Azure Spring Cloud with a few simple steps and without making any changes to the code.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Multiple backups during the day for Azure Files

Keeping RPO low is often a key requirement for Azure Files that contain frequently updated business-critical data. To ensure minimal data loss, in the event of an emergency or unwanted content changes, organizations may need to back up more frequently than once a day. Azure Backup now allows you to create backup policies to take multiple snapshots per day. With this feature it is also possible to define the duration of the backup processes.

Support for Archive storage for the backup of VMs and SQL on board VMs using the Azure portal

Azure Backup announced in August the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and retain backup data for a longer duration. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Initially this possibility was only given using Azure PowerShell, while now it is possible to move these backups from the standard tier to the new archive tier also from the Azure portal.

When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, with a simple and intuitive process.

Migrate

Azure Migrate

New Azure Migrate releases and features

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 41 and 42)

Azure

Compute

New centralized management experience for Azure Hybrid Benefit for SQL Server (preview)

Azure Hybrid Benefit for SQL Server helps reduce costs by allowing existing on-premises licenses with active Software Assurance to be assigned to Azure. Now there’s an easier way to manage the benefit, optimize cost savings, and sustain compliance for the entire organization. Instead of assigning the benefit to each individual Azure resource (e.g. virtual machine), billing admins can now assign and manage SQL Server licenses at an Azure subscription or entire Azure account level.

Cross region replication for Azure NetApp Files

With this disaster recovery capability, you can replicate your Azure NetApp Files volumes between select Azure standard and non-standard region pairs continuously in a fast and cost-effective way, protecting your data from unforeseeable regional failures. Azure NetApp Files cross region replication leverages NetApp SnapMirror technology so only changed blocks are sent over the network in a compressed, efficient format. This technology reduces the amount of data required to replicate across the regions with up to 50% or more, therefore saving Azure NetApp Files customers data transfer cost. It also shortens the replication time so you can achieve a smaller Restore Point Objective.

Networking

Azure Firewall Premium now generally available in five new Azure regions

Azure Firewall Premium provides next generation firewall capabilities that are required for highly sensitive and regulated environments, and it is now generally available in the following new Azure Cloud regions: USGov Texas, USGov Arizona, USGov Virginia, China North 2 and China East 2.

Azure Stack

Azure Stack HCI

New feature update

Feature updates for Azure Stack HCI are released periodically to enhance the customer experience. This month’s feature update for Clusters running Azure Stack HCI, version 21H2 are:

Use GPUs with clustered VMs: Provide GPU acceleration to workloads running in clustered VMs.
Dynamic CPU compatibility mode: Processor compatibility mode has been updated to take advantage of new processor capabilities in a clustered environment.
Storage thin provisioning: Improve storage efficiency and simplify management with thin provisioning.
Network ATC: Simplify host networking and network configuration management.
Adjustable storage repair speed: Gain more control over the data resync process by allocating resources to either resiliency or performance to service your clusters more flexibly and efficiently.
Support for nested virtualization on AMD processors: Improve flexibility in evaluation and testing scenarios with VM-based clusters.
Manage quick restarts with Kernel Soft Reboot

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 39 and 40)

Azure

Compute

What’s new in Azure VMware Solution

Azure VMware Landing Zone is now publically available. It is Microsoft’s prescriptive, opinionated and best-practices backed guidance for deploying and managing workloads running on Azure VMware solution.
It’s soon possible to use Azure NetApp Filesas NFS datastore for Azure VMware Solution. It’s a great option for using the same NetApp VSAN datastores as used in on-premise environments in Azure now.
It is possible now to do HCX migration over VPN and SD-SWAN. Customers can get an additional option besides Azure ExpressRoute for driving migrations.
Azure VMware Solution is now included as part of Azure Workload Acquisition & Nurture incentive Partners can take advantage of multiple benefits available under the program to drive Azure VMware Solution projects.
New enhancements, global expansion, partner integration are now available as documented here.

Availability Zones now generally available in new regions

Azure Availability Zones are now generally available in the South Africa North, Norway East and Korea Central region. These new zones provide customers with options for additional resiliency and tolerance to infrastructure impact.

Storage

Azure NetApp Files waitlist removal

Azure NetApp Files, one of the fastest growing bare-metal Azure services is now available to Azure customers directly from the Azure portal, CLI, API or with SDK, without having to go through waitlist approval process.

Standard network features for Azure NetApp Files (preview)

Standard network features for Azure NetApp Files volumes is now in public preview in select regions. This includes support for increased IP limits, Network Security Groups, User-defined routes, and additional connectivity patterns like connectivity over Active/Active VPN gateway and ExpressRoute FastPath.

Azure NetApp Files Backup capability (preview)

Azure NetApp Files backup expands the data protection capabilities of Azure NetApp Files by providing fully managed backup solution for long-term recovery, archive, and compliance.
Azure NetApp Files online snapshots are now enhanced with backup of snapshots. With this new backup capability, you can offload your Azure NetApp Files snapshots to Azure blob storage in a fast and cost-effective way, further protecting your data from accidental deletion.

Enable hierarchical namespace for existing Azure Storage accounts

Accelerating value through data analytics by enabling the Azure Data Lake Storage (ADLS) hierarchical namespace for existing Azure Storage accounts is now generally available. The benefits of the ADLS hierarchical namespace in providing enhanced performance and features that are dedicated to maximizing the value of data analytics is well established. You can now get this benefit for existing accounts and data by enabling the hierarchical namespace in place.

Object replication for Premium Block Blob Storage (preview)

Object replication allows you to replicate your premium block blob data at the blob level from one storage account to another anywhere in the Azure.
Object replication unblocks a new set of common replication scenarios for premium block blobs:

Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.

Azure China: the aspects to know for a successful choice

For European and US companies with part of their business in China, the adoption of cloud solutions is becoming increasingly attractive. Microsoft offers the possibility of adopting Azure solutions also in China and a large number of important companies of the caliber of Coca Cola, BMW and Heineken have already landed on the Azure platform in China. However, there are important aspects and some peculiarities, covered in this article, which is good to take into consideration to make an informed choice when you intend to proceed with the deployment of line of business applications in the areas from China to Azure.

What is Azure China?

To offer cloud services in China and ensure consistent quality of service globally, you have the option to adopt Azure China, which has the following characteristics:

It is independently managed and sold by 21Vianet in mainland China. Shanghai Blue Cloud Technology Co., Ltd. (“21Vianet”) is a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd.
This is a physically separate instance of cloud services located in China.
Compared to Microsoft-managed Azure Public Areas, Azure subscriptions from Chinese regions can only be created by a Chinese entity. This means that to activate Azure services in these geographic areas it is necessary to collaborate with a local organization in mainland China. In fact,, during the registration process, you are asked to specify a telephone number and an address in China. After creating the account, subscription management is the same as for any other Azure region, using a dedicated Azure portal.

To allow customers and partners to examine all important aspects, before activating workloads in Azure China, Microsoft has published this list of activities.

Datacenter

Azure China datacenters are located in eastern and northern China and are geographically separated by more 1.000 kilometres. Also for these datacenters there is support for geographic replication and business continuity, allowing to obtain high data reliability for Azure services. The following regions are currently available on the Chinese territory: China North, China North 2, China East e China East 2.

New Azure region coming to China in 2022

To meet the growing public cloud service needs of the Chinese market, Microsoft announced that in the 2022 a new Azure region will be available in North China, always managed by its local operating partner 21Vianet. This expansion is expected to double the capacity of Microsoft's cloud portfolio in China in the coming years, which in addition to Azure includes Microsoft Office 365, Dynamics 365 and Power Platform. All of this will help fuel further innovation and digital transformation for developers, partner, and customers in China and around the world.

Availability of services

There is a gap between the services that can be activated in Azure China and the global services of Azure. Taking this into account, you can check the services available in the regions of China in this page. Furthermore, releases of new services, Azure versions and new features have their own history in China.

Connectivity and access to resources

First of all, It is good to specify that the workloads distributed in Azure China are potentially accessible anywhere globally.

However, please note that Azure Global Regions and Azure Chinese Regions are physically disconnected. Therefore, to privately connect the resources located in the subscriptions in Azure China with those in the global areas of Azure, it is necessary to provide the activation of VPN site-to- site or ExpressRoute.

The adoption of a hybrid architecture allows you to extend applications and workloads located in Azure China and provide connectivity and interoperability globally.

The following connections are supported:

VPN or Azure ExpressRoute to create a direct network connection between Azure China and the on-premises environment located in China.
Site-to-site VPN to connect an Azure site in China to the on-premises environment outside China. ExpressRoute is not supported for direct network connectivity to an external site outside of China (Azure global is also considered external).

Figure 1 – Cross-border connectivity

In this regard, it is necessary to consider that the purchase of the connectivity service must be done by contacting qualified telecommunications operators who have a license issued by the Ministry of Industry and Information Technology (MIIT).

Free ExpressRoute circuit for China

Azure China ExpressRoute offers a free circuit among the following paired regions: China North (N1) – China North 2 (N2) e China East (E1) – China East 2 (E2). This allows for minimal network latency, similar to being within the same region. The ExpressRoute crossover N1-E2, E1-N2 requires ExpressRoute Premium and is subject to a cross-data transfer charge.

Network latency

Between China and the rest of the world, high network latencies, low bandwidth, unstable connections and high costs are situations that occur in most cases.

All of this happens because of the intermediary technologies that regulate internet traffic that crosses the border. Among these the “Great Firewall of China” which protects Chinese Internet access and filters traffic to China. In fact,, almost all traffic going from the Republic of China outside of China, with the exception of special administration areas such as Hong Kong and Macao, go through the Great Firewall. Traffic passing through Hong Kong and Macao does not fully hit the Great Firewall, but it is managed by a subset of the Great Firewall.

Figure 2 - Interconnections with China

To improve interconnections with China, it is also possible to use the Azure Virtual WAN service, as detailed in this Microsoft documentation.

Figure 3 - Example of architecture with Azure Virtual WAN

Furthermore, to improve the performance and responsiveness of websites with streaming media and other rich media content, it is possible to evaluate the adoption of an Azure CDN (Azure Content Delivery Network). According to Chinese law, the use of the CDN service in China could also subject an offshore website to the ICP registration. It is not recommended to use a global CDN service that does not have a point of presence (PoP) within mainland China.

Purchase options, costs and support

For information regarding the purchasing process and end-to-end onboarding for both Chinese and foreign users who are considering the adoption of Microsoft Azure services managed by 21Vianet in China (“Azure Services in China”) you can consult this guide, made following the customer's perspective.

The details on the costs of the various Azure China services can be found in this dedicated portal.

To get a complete view of the support plans in Azure China you can consult this page.

Conclusions

To ensure an effective distribution of your workloads in Azure China there are several aspects to consider such as which legal entity will manage your Azure China account, the level of compatibility of your applications with Azure services running in China, the Great Firewall and the migration and replication strategy to use. However, there are several companies that have long relied on Azure China and it is possible to consult the many success stories in this page.