This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Create an additional 5000 Azure Storage accounts within your subscription (preview)

Azure Storage is announcing public preview of the ability to create an additional 5000 Azure Storage accounts per subscription per region. This is a 20 times increase from the current limit of 250 and helps you create several hundred or thousand storage accounts to address your storage needs within a single subscription, instead of creating additional subscriptions.

Azure Stack

Azure Stack HCI

Network ATC is now publicly available with Azure Stack HCI 21H2

If you’ve deployed Azure Stack HCI previously, you know that network deployment can pose a significant challenge. You might be asking yourself:

• How do I configure or optimize my adapter?
• Did I configure the virtual switch, VMMQ, RDMA, etc. correctly?
• Are all nodes in the cluster the same?
• Are we following the best practice deployment models?
• (And if something goes wrong) What changed!?

So, what does Network ATC actually set out to solve? Network ATC can help:

• Reduce host networking deployment time, complexity, and errors
• Deploy the latest Microsoft validated and supported best practices
• Ensure configuration consistency across the cluster
• Eliminate configuration drift

Network ATC does this through some new concepts, namely “intent-based” deployment. If you tell Network ATC how you want to use an adapter, it will translate, deploy, and manage the needed configuration across all nodes in the cluster.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Trusted launch support for virtual machines using Ephemeral OS disks

Trusted launch virtual machine (VM) support for VMs using Ephemeral OS disks improves the security of generation 2 VMs in Azure.

Storage

Azure NetApp Files datastores for Azure VMware Solution (preview)

The public preview of Azure NetApp Files datastores for Azure VMware Solution (AVS) is available. This new integration between Azure VMware Solution and Azure NetApp Files will enable you to create datastores via the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes and mount the datastores on your private cloud clusters of choice. Along with the integration of Azure disk pools for Azure VMware Solution, this will provide more choice to scale storage needs independently of compute resources. For your storage-intensive workloads running on Azure VMware Solution, the integration with Azure NetApp Files helps to easily scale storage capacity beyond the limits of the local instance storage for AVS provided by vSAN and lower your overall total cost of ownership for storage-intensive workloads.

Azure NetApp Files: feature general availability and feature expansion of regional availability

To meet the demanding requirements of enterprise mission-critical workloads, new features are constantly added to Azure NetApp Files and previously released preview features are moved into general availability. The following capabilities are recently generally available and no longer need registration for use: AES encryption for AD authentication, Backup policy users, Administrators privilege users, and Dynamic change of service level. Additionally, feature regional coverage continues to expand for Azure NetApp Files cross-region replication. The following are the cross-region replication region pair additions: Brazil South and South Central US, West US 3 and East US, Australia Central and Australia Central 2, France Central and West Europe. Also, regional coverage has expanded for Azure NetApp Files for standard network features. The following regions are standard network feature additions: Australia Central, Australia Central 2, Australia Southeast, East US 2, France Central, Germany West Central, North Europe, West Europe, West US 2, and UK South.

Networking

Azure Firewall updates

The following updates are available for Azure Firewall:

• Intrusion Detection and Prevention System (IDPS) signatures lookup
• TLS inspection (TLSi) Certification Auto-Generation
• Web categories lookup
• Structured Firewall Logs
• IDPS Private IP ranges (preview)

Azure WAF policy and DDoS management in Azure Firewall Manager

Azure Firewall Manager now supports managing DDoS Protection Plans for virtual networks and Azure Web Application Firewall (Azure WAF) policies for application delivery platforms: Azure Front Door and Azure Application Gateway.

Azure Virtual Network Manager in nine new regions (preview)

Azure Virtual Network Manager helps you create your desired topologies like hub and spoke and mesh with just a few clicks. The security admin rules feature allows you to enforce security policies throughout your organization. You can create an Azure Virtual Network Manager instance in nine more regions and manage your virtual networks at scale across regions, subscriptions, management groups, and tenants globally from a single pane of glass.

Private link support in Azure Application Gateway (preview)

With private link support, incoming traffic to an Azure Application Gateway frontend can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link. Traffic between private endpoints in your virtual network and your Application Gateway will traverse a secure and private connection.

ExpressRoute IPv6 Support for Global Reach (preview)

IPv6 support for Global Reach unlocks connectivity between on-premise networks, via the Microsoft backbone, for customers with dual-stack workloads. Establish Global Reach connections between ExpressRoute circuits using IPv4 subnets, IPv6 subnets, or both. This configuration can be done using Azure Portal, PowerShell, or CLI.

Network Watcher packet capture support for virtual machine scale sets (preview)

Azure Network Watcher packet capture announces support for virtual machines scale sets. This is as an out of the box, on-demand capability, enabling faster diagnostics and troubleshooting of networking issues.

Connection Monitor Support for virtual machine scale sets

Azure Network Watcher Connection Monitor announces support for virtual machine scale sets which enables faster performance monitoring and network troubleshooting through connectivity checks.

ExpressRoute Direct and Circuit in different subscriptions (preview)

Generate an authorization for the ExpressRoute Direct resource and redeem the authorization to create an ExpressRoute Circuit in a different subscription and/or Azure Active Directory Tenant. This feature is currently available in public preview.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

DCsv3 and DCdsv3 series Virtual Machines

Confidential computing DCsv3 and DCdsv3-series virtual machines (VMs) are generally available.

Switzerland North Availability Zones

Availability Zones in Switzerland North are made up of three unique, physically separated, locations or “zones” within a single region which bring higher availability and asynchronous replication across Azure regions for disaster recovery protection. Availability Zones give you additional options for high availability for your most demanding applications and services as well as confidence and protection from potential hardware and software failures.

Azure Ebsv5 now available in 13 additional regions

Azure Virtual Machines Ebsv5 and Ebdsv5 are now available in 13 additional regions: South Africa North, France Central, Central India, Korea Central, Germany West Central, UK West, South India, Canada East, Australia Central, Japan West, Switzerland North, Norway East and UAE North.

Azure NC A100 v4 virtual machines for AI

Azure NC A100 v4 series virtual machines (VMs) are now generally available in US East 2, US East, Southeast Asia, and West Europe. These VMs, powered by NVIDIA A100 80GB Tensor Core PCIe GPUs and 3rd Gen AMD EPYC™ Milan processors, improve the performance and cost-effectiveness of a variety of GPU performance-bound real world AI training and inferencing workloads.

Storage

Storage optimized Azure VMs deliver higher performance for data analytics

Microsoft is announcing the general availability of new storage optimized Azure Virtual Machines. The new Lasv3 and Lsv3 VM series have been engineered to run workloads that require high throughput and high IOPS, including big data applications, SQL and NoSQL databases, distributed file systems, data analytics engines, and more.

Networking

Azure Bastion IP based connection

Azure Bastion now supports connectivity to Azure virtual machines or on-premises resources via specified IP address. When IP based connection feature is enabled, Azure Bastion can be used to RDP/SSH into an on-premises resource over ExpressRoute and Site-to-Site VPN.

Manage Azure Web Application Firewall policies in Azure Firewall Manager (preview)

Azure Firewall Manager now supports Azure Web Application Firewall (Azure WAF) policies for application delivery platforms, Azure Front Door, and Azure Application Gateway.

Enhanced IPv6 functionality for MultiValue profiles in Azure Traffic Manager

Azure Traffic Manager now enables you to specify minimum children property separately for IPv4 and IPv6 endpoints for MultiValue profiles.

Azure Private Link support in Azure API Management

With Azure Private Link support in Azure API Management, you can now integrate clients in a virtual network privately.

Azure Stack

Azure Stack HCI single-node

At Build 2022, Microsoft announces the new single-node offering that provides additional options for business scenarios with different requirements. The new single-node Azure Stack HCI fulfills growing hybrid infrastructure needs in remote locations while maintaining the innovation of native integration with Azure Arc. Specifically, this new configuration offers flexibility to deploy the stack in smaller spaces and with less processing needs, optimizing resources while still delivering quality and consistency.

Additional benefits of Azure Stack HCI single-node include:

• Smaller Azure Stack HCI solutions for environments with physical space constraints or that don’t require built-in resiliency, like retail stores and branch offices.
• A smaller footprint reduces hardware and operational costs.
• Solutions can be built to scale, ranging from single-node up to 16 nodes if needed.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Lab Services April 2022 update (preview)

IT departments, administrators, educators, and students can utilize the following updated features in Azure Lab Services:

• Enhanced lab creation and improved backend reliability
• Access performance
• Extended virtual network support
• Easier labs administration via new roles
• Improved cost tracking via Azure Cost Management service
• Availability of PowerShell module
• .NET API SDK for advanced automation and customization
• Integration with Canvas learning management system

Storage

Azure File Sync agent v15

Azure File Sync agent v15 is available and it’s now on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

• Reduced transactions when cloud change enumeration job runs
• View Cloud Tiering status for a server endpoint or volume
• New diagnostic and troubleshooting tool
• Immediately run server change enumeration to detect files changes that were missed by USN journal
• Miscellaneous improvements

More information about this release:

• This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
• A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
• The agent version for this release is 15.0.0.0.
• Installation instructions are documented in KB5003882.

Object replication on premium blob storage and rule limit increased

Object replication now supports premium block blobs to replicate your data from your blob container in one storage account to another anywhere in Azure. The destination storage account can be a premium block blob or a general-purpose v2 storage account.

You can also specify up to 1000 replication rules (increased from 10) for each replication policy for both general-purpose v2 and premium block blob storage accounts.

Object replication unblocks a set of common replication scenarios for block blobs:

• Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
• Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
• Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
• Optimizing costs: after your data has been replicated, you can reduce costs by moving it to the archive tier using life cycle management policies.

Networking

Controls to block domain fronting behavior on customer resources

Effective April 29, 2022,you will be able to stop allowing domain fronting behavior on your Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources in alignment with Microsoft’s commitment to secure the approach to domain fronting within Azure.

Virtual Network NAT health checks available via Resource Health

Virtual Network NAT (VNet NAT) is a fully managed and highly resilient network address translation (NAT) service. With Virtual Network NAT, you can simplify your outbound connectivity for virtual networks without worrying about the risk of connectivity failures from port exhaustion or your internet routing configurations.

Support for Resource Health check with Virtual Network NAT helps you monitor the health of your NAT gateway as well as diagnose or troubleshoot outbound connectivity.

With Azure Resource Health, you can:

• View a personalized dashboard of the health of your NAT gateway

• Set up customizable resource health alerts to notify you in near real-time of when the health status of your NAT gateway changes

• See the current and past health history of your NAT gateway to help you mitigate issues

• Access technical support when you need help with Azure services, such as diagnosing and solving issues

Virtual Network NAT Resource Health is available in all Azure public regions, Government cloud regions, and China Cloud regions.

Enhancements to Azure Web Application Firewall

Microsoft offers two options, global WAF integrated with Azure Front Door and regional WAF integrated with Azure Application Gateway, for deploying Azure WAF for your applications and APIs.

On March 29, Microsoft announced the general availability of managed Default Rule Set 2.0 with anomaly scoring, Bot Manager 1.0, and security reports on global WAF. Additional features on regional WAF are available, that offer you better security, improved scale, easier deployment, and better management of your applications and APIs:

• Reduced false positives with Core Rule Set 3.2 integrated with Azure Application Gateway. The older CRS 2.2.9 ruleset is being phased out in favor of the newer rulesets.
• Improved performance and scale with the next generation of WAF engine, released with CRS 3.2
• Increased size limits on regional WAF for body inspection up to 2MB and file upload up to 4GB
• Advanced customization with per rule exclusion and attribute by names support on regional WAF
• Native consistent experience with WAF policy, new deployments of Application Gateway v2 WAF SKU now natively utilizes WAF policies instead of configuration
• Advanced analytics capabilities with new Azure Monitor metrics on regional WAF

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Storage

Rehydrate an archived blob to a different storage account

You can now rehydrate an archived blob by copying it to a different storage account, as long as the destination account is in the same region as the source account. Rehydration across storage accounts enables you to segregate your production data from your backup data, by maintaining them in separate accounts. Isolating archived data in a separate account can also help to mitigate costs from unintentional rehydration.

Azure Archive Storage now available in Switzerland North

Azure Archive Storage provides a secure, low-cost means for retaining cold data including backup and archival storage. Now, Azure Archive Storage is available in Switzerland North.

Networking

Service tags support for user-defined routing

Specify a service tag as the address prefix parameter in a user-defined route for your route table. You can choose from tags representing over 70 Microsoft and Azure services to simplify and consolidate route creation and maintenance. With this release, using service tags in routing scenarios for containers is also supported. User-defined routes with service tags will update automatically to include any changes that services make to their list of IPs and endpoints.

DNS reservations to prevent subdomain takeover in Cloud Services deployments

Microsoft Azure is a cloud platform integrated with data services, advanced analytics, and developer tools and services. When you build on, or migrate IT assets to Azure, Microsoft provides a secure, consistent application platform to run your workloads. To strengthen your security posture, Microsoft rolled out DNS reservations to prevent subdomain takeover in Cloud Services deployments. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.

Azure Stack

Azure Stack HCI

Windows Server guest licensing offer

To facilitate guest licensing for Azure Stack HCI customers, take advantage of a new offer that brings simplicity and increased flexibility. This licensing is through an all-in-one place Azure subscription and in some cases may be less expensive than the traditional licensing model. The new Windows Server subscription for Azure Stack HCI is generally available as of April 1, 2022. With this offer, you can purchase unlimited Windows Server guest licenses for your Azure Stack HCI cluster through your Azure subscription. You can sign up and cancel anytime. There is a free 60-day trial after which the offer will be charged at $23.30 per physical core per month.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

On-demand capacity reservations

On-demand capacity reservations let you reserve compute capacity for one or more VM size(s) in an Azure region or availability zone for any length of time.

Azure Batch supports Spot Virtual Machines

Azure Batch offers Spot Virtual Machines in user-subscription Batch accounts. The Spot Virtual Machines are available as single-instance virtual machines (VMs) or Virtual Machine Scale Sets. In addition, you get unique Azure pricing and benefits when running Windows Server workloads on Spot Virtual Machine’s.

Azure Virtual Machines increase storage throughput by up to 300%

The new memory optimized Ebs v5 and Ebds v5 Azure Virtual Machines, now generally available, feature the latest 3rd Gen Intel Xeon Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration. These VMs deliver up to 300% increase in VM-to-Disk Storage throughput and IOPS compared to the previous generation D/Ev4 VM series. The new VM series feature sizes from 2 to 64 vCPUs with and without local temporary storage best match your workload requirements. These new VMs offer up to 120,000 IOPS and 4,000 MB/s of remote disk storage throughput. The increased storage throughput is ideal for the most demanding data-intensive workloads, including large relational databases such as SQL Server, high-performance OLTP scenarios, and high-end data analytics applications.

New planned datacenter region in India (India South Central)

Microsoft has announced plans to bring a new datacenter region to India, including availability zones.

Azure Virtual Machines DCsv3 available in Switzerland and West US (preview)

DCsv3-series virtual machines (VMs) are available (in preview) in Switzerland North and West US. The DCsv3 and DCdsv3-series virtual machines help protect the confidentiality and integrity of your code and data while it processes in the public cloud. By leveraging Intel® Software Guard Extensions and Intel® Total Memory Encryption – Multi Key, you can ensure your data is always encrypted and protected in use.

Storage

Cross-region snapshot copy for Azure Disk Storage

Cross-region snapshot copy allows you to copy disk snapshots to any region for disaster recovery.
Incremental snapshots are cost-effective point-in-time backups of Azure Disk Storage. They are billed for the changes to disks since the last snapshot and are always stored on the most cost-effective storage, Standard HDD storage, irrespective of the storage type of the parent disk. Now, you can copy incremental snapshots to any region of your choice for disaster recovery using cross-region snapshot copy. Azure manages the copy process and ensures that only changes since the last snapshot in the target region are copied, reducing the data footprint and recovery point objective (RPO).

Copy data directly to Archive Storage with Data Box

You can now use Data Box to copy data directly to Archive tier by indicating this when ordering and then copying to the corresponding share on the Data Box.

Azure Ultra Disk Storage in Sweden Central

Azure Ultra Disk Storage provides high-performance along with sub-millisecond latency for your most-demanding workloads.

Azure storage table access using Azure Active Directory

Azure Active Directory (Azure AD) support to authorize requests for Azure Table Storage is now generally available. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to any security principal, which can include a user, group, application service principal, or managed identity. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Table service. Authorizing requests against Azure Storage Tables with Azure AD provides superior security and ease of use over shared key authorization. Microsoft recommends using Azure AD authorization with your table applications when possible to assure access with minimum required privileges.

Azure File Sync agent v15

Improvements and issues that are fixed:

• Reduced transactions when cloud change enumeration job runs
• View Cloud Tiering status for a server endpoint or volume
• New diagnostic and troubleshooting tool
• Immediately run server change enumeration to detect files changes that were missed by USN journal
• Miscellaneous improvements

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

• This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
• A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
• The agent version for this release is 15.0.0.0.
• Installation instructions are documented in KB5003882.

Networking

Bring your own public IP ranges to Azure

When planning a potential migration of on-premises infrastructure to Azure, you may want to retain your existing public IP addresses due to your customers’ dependencies (for example, firewalls or other IP hardcoding) or to preserve an established IP reputation. Now you can bring your own IP addresses (BYOIP) to Azure in all public regions. Using the Custom IP Prefix resource, you can now bring your own public IPv4 ranges to Azure and use them like any other Azure-owned public IP ranges. Once onboarded, these IPs can be associated with Azure resources, interact with private IPs and VNETs within Azure’s network, and reach external destinations by egressing from Microsoft’s Wide Area Network.

The new Azure Front Door: a modern cloud CDN service

The new Azure Front Door is a Microsoft native, unified, and modern cloud content delivery network (CDN) catering to dynamic and static content acceleration. This service includes built in turnkey security and a simple pricing model built on Microsoft’s massive scale private global network. There are two Azure Front Door tiers: standard and premium. They combine the capabilities of Azure Front Door (classic) and Azure CDN from Microsoft (classic) and attach with Azure Web Application Firewall (WAF). This provides a unified and secure solution for delivering your applications, APIs, and content on Azure or anywhere at scale.

Several key capabilities have been released:

• Improved automation and simplified provisioning with DNS TXT based domain validation
• Auto generated endpoint host name to prevent subdomain takeover
• Expanded Private Link support in all Azure regions with availability zones to secure backends
• Web Application Firewall enhancements with DRS 2.0 RuleSet and Bot manager
• Expanded rules engine with regular expressions and server variables
• Enhanced analytics and logging capabilities
• Integration with Azure DNS, Azure Key Vault, Azure Policy and Azure Advisor
• A simplified and predictable cost model

Azure Bastion native client support

With the new Azure Bastion native client support, available with Standard SKU, you can now:

• Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local machine
• Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials
• Access the features available with your chosen native client (ex: file transfer)