Recommended alert rules for virtual machines (preview)
The Azure portal experience now allows you to easily enable a set of recommended and out-of-the-box set of alert rules for your Azure resources. Currently in preview for virtual machines, you can simply enable a set of best practice alert rules on an unmonitored VM with just a few clicks.
Storage
Rehydrate an archived blob to a different storage account
You can now rehydrate an archived blob by copying it to a different storage account, as long as the destination account is in the same region as the source account. Rehydration across storage accounts enables you to segregate your production data from your backup data, by maintaining them in separate accounts. Isolating archived data in a separate account can also help to mitigate costs from unintentional rehydration.
Azure Archive Storage now available in Switzerland North
Azure Archive Storage provides a secure, low-cost means for retaining cold data including backup and archival storage. Now, Azure Archive Storage is available in Switzerland North.
Networking
Service tags support for user-defined routing
Specify a service tag as the address prefix parameter in a user-defined route for your route table. You can choose from tags representing over 70 Microsoft and Azure services to simplify and consolidate route creation and maintenance. With this release, using service tags in routing scenarios for containers is also supported. User-defined routes with service tags will update automatically to include any changes that services make to their list of IPs and endpoints.
DNS reservations to prevent subdomain takeover in Cloud Services deployments
Microsoft Azure is a cloud platform integrated with data services, advanced analytics, and developer tools and services. When you build on, or migrate IT assets to Azure, Microsoft provides a secure, consistent application platform to run your workloads. To strengthen your security posture, Microsoft rolled out DNS reservations to prevent subdomain takeover in Cloud Services deployments. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.
Azure Stack
Azure Stack HCI
Windows Server guest licensing offer
To facilitate guest licensing for Azure Stack HCI customers, take advantage of a new offer that brings simplicity and increased flexibility. This licensing is through an all-in-one place Azure subscription and in some cases may be less expensive than the traditional licensing model. The new Windows Server subscription for Azure Stack HCI is generally available as of April 1, 2022. With this offer, you can purchase unlimited Windows Server guest licenses for your Azure Stack HCI cluster through your Azure subscription. You can sign up and cancel anytime. There is a free 60-day trial after which the offer will be charged at $23.30 per physical core per month.
On-demand capacity reservations let you reserve compute capacity for one or more VM size(s) in an Azure region or availability zone for any length of time.
Azure Batch supports Spot Virtual Machines
Azure Batch offers Spot Virtual Machines in user-subscription Batch accounts. The Spot Virtual Machines are available as single-instance virtual machines (VMs) or Virtual Machine Scale Sets. In addition, you get unique Azure pricing and benefits when running Windows Server workloads on Spot Virtual Machine’s.
Azure Virtual Machines increase storage throughput by up to 300%
The new memory optimized Ebs v5 and Ebds v5 Azure Virtual Machines, now generally available, feature the latest 3rd Gen Intel Xeon Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration. These VMs deliver up to 300% increase in VM-to-Disk Storage throughput and IOPS compared to the previous generation D/Ev4 VM series. The new VM series feature sizes from 2 to 64 vCPUs with and without local temporary storage best match your workload requirements. These new VMs offer up to 120,000 IOPS and 4,000 MB/s of remote disk storage throughput. The increased storage throughput is ideal for the most demanding data-intensive workloads, including large relational databases such as SQL Server, high-performance OLTP scenarios, and high-end data analytics applications.
New planned datacenter region in India (India South Central)
Microsoft has announced plans to bring a new datacenter region to India, including availability zones.
Azure Virtual Machines DCsv3 available in Switzerland and West US (preview)
DCsv3-series virtual machines (VMs) are available (in preview) in Switzerland North and West US. The DCsv3 and DCdsv3-series virtual machines help protect the confidentiality and integrity of your code and data while it processes in the public cloud. By leveraging Intel® Software Guard Extensions and Intel® Total Memory Encryption – Multi Key, you can ensure your data is always encrypted and protected in use.
Storage
Cross-region snapshot copy for Azure Disk Storage
Cross-region snapshot copy allows you to copy disk snapshots to any region for disaster recovery. Incremental snapshots are cost-effective point-in-time backups of Azure Disk Storage. They are billed for the changes to disks since the last snapshot and are always stored on the most cost-effective storage, Standard HDD storage, irrespective of the storage type of the parent disk. Now, you can copy incremental snapshots to any region of your choice for disaster recovery using cross-region snapshot copy. Azure manages the copy process and ensures that only changes since the last snapshot in the target region are copied, reducing the data footprint and recovery point objective (RPO).
Copy data directly to Archive Storage with Data Box
You can now use Data Box to copy data directly to Archive tier by indicating this when ordering and then copying to the corresponding share on the Data Box.
Azure Ultra Disk Storage in Sweden Central
Azure Ultra Disk Storage provides high-performance along with sub-millisecond latency for your most-demanding workloads.
Azure storage table access using Azure Active Directory
Azure Active Directory (Azure AD) support to authorize requests for Azure Table Storage is now generally available. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to any security principal, which can include a user, group, application service principal, or managed identity. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Table service. Authorizing requests against Azure Storage Tables with Azure AD provides superior security and ease of use over shared key authorization. Microsoft recommends using Azure AD authorization with your table applications when possible to assure access with minimum required privileges.
Azure File Sync agent v15
Improvements and issues that are fixed:
Reduced transactions when cloud change enumeration job runs
View Cloud Tiering status for a server endpoint or volume
New diagnostic and troubleshooting tool
Immediately run server change enumeration to detect files changes that were missed by USN journal
Miscellaneous improvements
To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.
More information about this release:
This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
The agent version for this release is 15.0.0.0.
Installation instructions are documented in KB5003882.
Networking
Bring your own public IP ranges to Azure
When planning a potential migration of on-premises infrastructure to Azure, you may want to retain your existing public IP addresses due to your customers’ dependencies (for example, firewalls or other IP hardcoding) or to preserve an established IP reputation. Now you can bring your own IP addresses (BYOIP) to Azure in all public regions. Using the Custom IP Prefix resource, you can now bring your own public IPv4 ranges to Azure and use them like any other Azure-owned public IP ranges. Once onboarded, these IPs can be associated with Azure resources, interact with private IPs and VNETs within Azure’s network, and reach external destinations by egressing from Microsoft’s Wide Area Network.
The new Azure Front Door: a modern cloud CDN service
The new Azure Front Door is a Microsoft native, unified, and modern cloud content delivery network (CDN) catering to dynamic and static content acceleration. This service includes built in turnkey security and a simple pricing model built on Microsoft’s massive scale private global network. There are two Azure Front Door tiers: standard and premium. They combine the capabilities of Azure Front Door (classic) and Azure CDN from Microsoft (classic) and attach with Azure Web Application Firewall (WAF). This provides a unified and secure solution for delivering your applications, APIs, and content on Azure or anywhere at scale.
Several key capabilities have been released:
Improved automation and simplified provisioning with DNS TXT based domain validation
Auto generated endpoint host name to prevent subdomain takeover
Expanded Private Link support in all Azure regions with availability zones to secure backends
Web Application Firewall enhancements with DRS 2.0 RuleSet and Bot manager
Expanded rules engine with regular expressions and server variables
Enhanced analytics and logging capabilities
Integration with Azure DNS, Azure Key Vault, Azure Policy and Azure Advisor
A simplified and predictable cost model
Azure Bastion native client support
With the new Azure Bastion native client support, available with Standard SKU, you can now:
Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local machine
Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials
Access the features available with your chosen native client (ex: file transfer)
Azure Bastion support for Kerberos authentication (preview)
In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, published on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
New agent: support for Private Links
The new Azure Monitor agent introduced support for network configurations via private link. This configuration allows you to operate in restricted environments that require special network requirements and a high degree of isolation.
Govern
Azure Cost Management
Automated emails on cost views
To allow you to stay up to date on cost changes in Azure Cost Management and Billing the possibility of sending automated e-mails has been introduced. From the cost analysis, selecting a graphic view, you have the opportunity to subscribe to updates on a daily basis, weekly or monthly and even share those views with people outside the Azure portal.
Updates related toAzure Cost Management and Billing
Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
To protect Azure Files snapshots from accidental deletion, Azure Backup has added an extra layer of security to the snapshot management solution, integrating with the Azure Files platform's ability to acquire a snapshot lease. This lease creates and maintains a lock on snapshots for delete operations. After taking a snapshot of Azure File, Azure Backup acquires it, thus protecting it from accidental elimination. Furthermore, to ensure that the snapshot is not deleted during a restore operation, Azure Backup also checks the lease status at the beginning of the recovery and acquires it if necessary.
Support for Azure virtual machines with technologies trusted launch (preview)
Trusted launch is an easy way to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure introduced support, currently in preview, of Azure VMs with trusted launch features enabled.
Azure Site Recovery
On-demand capacity reservation with Azure Site Recovery to safeguard virtual machine failover
Azure Site Recovery is now integrated with the’on-demand capacity reservation, which allows you to take advantage of the capacity reservation to reserve processing capacity in the disaster recovery region (DR) and thus ensure the execution of workloads during failover processes. By assigning a capacity reservation group (CRG) for protected VMs, Azure Site Recovery will fail over the VMs to that CRG. Furthermore, there is a SLA for the Recovery Time Objective (RTO) of 2 hours.
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 61 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
Trusted launch support for Virtual Machines using Ephemeral OS disks (preview)
Trusted launch is a seamless way to improve the security of generation 2 VMs. It protects against advanced and persistent attack techniques by combining technologies that can be independently enabled like secure boot and virtualized version of trusted platform module (vTPM). Now, Trusted Launch support for VMs using Ephemeral OS disks is available in preview.
Best practices assessment for SQL Server on Azure Virtual Machines
You can now evaluate if your SQL Server on Azure Virtual Machines is following configuration best practices using the SQL best practices assessment feature. You can start or schedule an assessment on the SQL virtual machine blade in the Azure portal. Once the feature is enabled, your SQL Server instance and databases are scanned to provide recommendations for things like indexes, retired features, enabled or missing trace flags, statistics, and more.
Select Azure Dedicated Host SKUs will be retired on 31 March 2023
On 31 March 2023, Azure Dedicated Hosts Dsv3-Type1, Esv3-Type1, Dsv3-Type2, and Esv3-Type2 will be retired. Before that date, you must migrate to the new Dedicated Host SKUs.
Azure HBv3 virtual machines for HPC now upgraded
All Azure HBv3 virtual machine (VM) deployments from 21 March 2022 will include AMD EPYC 3rd Gen processors with 3D V-Cache, codenamed “Milan-X”. The enhanced HBv3 VMs are available in the Azure East US, South Central US, and West Europe regions. All VM deployments from today onward will occur on machines featuring Milan-X processors. Existing HBv3 VMs deployed prior to today’s launch will continue to see AMD EPYC 3rd Gen processors, codenamed “Milan”, until they are de-allocated and you create a new VM in its place.
New planned datacenter region in Finland (Finland Central)
Microsoft will establish a new datacenter region in the country, offering Finnish organizations local data residency and faster access to the cloud, delivering advanced data security and cloud solutions. The new datacenter region will also include availability zones, providing you with high availability and additional tolerance to datacenter failures.
Networking
Inbound NAT rule now supports port management for backend pools
Standard Load Balancer inbound NAT rule now supports specifying a range of ports for the backend instances. Previously, to enable port forwarding, an inbound NAT rule needed to be created for every instance in Load Balancer’s backend pool. This became complex to manage at scale and resulted in management overhead. The addition of port management for backend pool to inbound NAT rules allows you to specify a range of frontend ports pre-allocated for a specific backend pool to enable port forwarding. Upon scaling, Standard Load Balancer will automatically create port mapping from an available frontend port of the specified range to the specified backend port of the new instance. This capability applies to all types of backend pools composed of Virtual Machines, Virtual Machines Scale Sets, or IP addresses across all Azure regions.
Five Azure classic networking services will be retired on 31 August 2024
Azure Cloud Services (classic) will be retired on 31 August 2024. Because classic Azure Virtual Network, reserved IP addresses, Azure ExpressRoute gateway, Azure Application Gateway, and Azure VPN Gateway are dependent on Azure Cloud Services (classic), they’ll be retired on the same date. Before that date, you’ll need to migrate any resources that use these classic networking services to the Azure Resource Manager deployment model.
Azure Stack
Azure Stack Edge
General Availability of Azure Stack Edge Pro 2
Microsoft has announced the general availability of its Azure Stack Edge Pro 2 solution, a new generation of an AI-enabled edge computing device offered as a service from Microsoft. The Azure Stack Edge Pro 2 offers the following benefits over its precursor, the Azure Stack Edge Pro series:
This series offers multiple models that closely align with your compute, storage, and memory needs. Depending on the model you choose, the compute acceleration could be via one or two Graphical Processing Units (GPU) on the device.
This series has flexible form factors with multiple mounting options. These devices can be rack mounted, mounted on a wall, or even placed on a shelf in your office.
These devices have low acoustic emissions and meet the requirements for noise levels in an office environment.
Azure Stack Hub
Azure Kubernetes Service on Azure Stack Hub (preview)
With Azure Stack Hub’s 2108 update, you can preview Azure Kubernetes Service on Azure Stack Hub. The same service that’s currently found in Azure is available in Azure Stack Hub. Manage Kubernetes clusters in the same way you currently do in Azure and utilize a familiar user experience, CLI, and API.
IoT Hub on Azure Stack Hub public preview will be retired on 30 September 2022
On 30 September 2022, the public preview version of IoT Hub on Azure Stack Hub will be retired. Before that date, we recommend you migrate to Azure IoT Edge gateway. Azure IoT Edge gateway is integrated with Azure IoT Hub running in Azure and provides an end-to-end IoT experience with comprehensive diagnostics capabilities. An Azure IoT Edge gateway can be deployed on an Azure Stack Hub Virtual Machine. Alternatively, you can host a VM on another physical hardware of your choice.
Azure Container Registry on Azure Stack Hub (preview)
With Azure Stack Hub’s 2108 update, you can preview Azure Container Registry on Azure Stack Hub. This service uses private container registries on Azure Stack Hub to store and retrieve OCI-compliant images to support both connected and disconnected scenarios for Azure Kubernetes Service (AKS), AKS engine, and other container orchestrator engines.
Azure Stack Edge Pro 2 is a new generation of an AI-enabled edge computing device offered as a service from Microsoft. The Azure Stack Edge Pro 2 offers the following benefits over its precursor, the Azure Stack Edge Pro series:
This series offers multiple models that closely align with your compute, storage, and memory needs. Depending on the model you choose, the compute acceleration could be via one or two Graphical Processing Units (GPU) on the device.
This series has flexible form factors with multiple mounting options. These devices can be rack mounted, mounted on a wall, or even placed on a shelf in your office.
These devices have low acoustic emissions and meet the requirements for noise levels in an office environment.
The Pro 2 series is designed for deployment in edge locations such as retail, telecommunications, manufacturing, or even healthcare. Here are the various scenarios where Azure Stack Edge Pro 2 can be used for rapid Machine Learning (ML) inferencing at the edge and preprocessing data before sending it to Azure:
Inference with Azure Machine Learning: you can run ML models to get quick results that can be acted on before the data is sent to the cloud.
Preprocess data: transform data before sending it to Azure via compute options such as containerized workloads and Virtual Machines to create a more actionable dataset.
Transfer data over network to Azure: use this solution to easily and quickly transfer data to Azure to enable further compute and analytics or for archival purposes.
The month of February was full of news and there are several updates that have affected the Azure management services. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
Azure Monitor Agent: new feature to update the extension automatically
With the new Azure Monitor agent, you can get important updates and security fixes by enabling the automatic extension update function within the agent. Basically, when an update is published, the extension updates and replaces the existing version present in the virtual machine or in the scale set.
The latest version of the Azure Monitor agent is now capable of collecting syslog events from the following vendors, standard device types and formats:
Cisco Meraki, ASA, FTD
Sophos XG
Juniper Networks
Corelight Zeek
CipherTrust
NXLog
McAfee
CEF (Common Event Format)
Azure IoT Edge monitor
Thanks to a deep integration with Azure Monitor it is possible to simplify the monitor of Azure IoT Edge devices, through a set of built-in metrics, the IoT Edge Metrics Collector module and a set of “curated visualization”. Through this integration it is possible:
Analyze the efficiency of the solution
Choose the hardware to meet the performance demands of the devices
Monitor blocked resources
Proactively identify problems
Resolve problems quickly
Create custom metrics and dashboards
Ability to set an exact time range in queries
In the queries on the Log Analytics workspaces it is now possible to specify a specific time range, in this way it is possible to carry out precise and more targeted searches.
TheAzure Monitor ‘action rules’ are now ‘alert processing rules’
Microsoft has renamed the 'action rules” of Azure Monitor in “alert processing rules”, which will continue to provide post-processing capabilities for alerts triggered in Azure Monitor.
Log Analytics data export
The new Azure Monitor Log Analytics data export feature allows you to send log data not only to Log Analytics workspaces, but also to a storage account or Event Hub. Furthermore, data can be streamed continuously from Log Analytics tables to a storage account or to Event Hub if Microsoft has enabled streaming support for those types of tables.
Custom retention for tables AzureActivity and Usage
In Azure Monitor, the ability to set custom retention has been introduced for tables AzureActivity and Usage present in the Log Analytics workspaces . Previously, AzureActivity and Usage had a minimum of retention of 90 days and such data could not be set with a specific retention. Now the minimum retention for those tablesremains of 90 days, useful for audit and troubleshooting purposes, but you can customize the retention period.
Possibility to test the Action Groups (preview)
For Azure Monitor action groups, the ability to test notification settings for alerts has been introduced, in order to:
Check if the notifications work as expected when creating or updating an action group
Self-diagnose the cause of notifications not working as expected
Azure Monitor predictive autoscaling for VM Scale Sets(preview)
Predictive autoscaling, released in preview, uses machine learning algorithms to manage and scale Virtual Machine Scale Sets. This mechanism allows you to predict the overall CPU load on the Virtual Machine Scale Sets, based on historical CPU usage patterns. In this way the scale-out takes place in time to satisfy the demand.
Govern
Azure Cost Management
Anomaly detection
Anomaly detection has been introduced in Azure Cost Management. Thanks to this feature it is possible to consult any anomalies on costs, detected by the tool in the Azure subscriptions, in a specific period.
Enterprise agreement component management in Azure Cost Management and Billing
In Azure Cost Management and Billing you can now create, manage and govern departments, accounts, and subscriptions related to enterprise agreement contracts. In particular, from the Azure portal you can perform the following activities:
Manage the roles of the enterprise agreement contract
Create and manage the hierarchy at the enrollment level(department, account, subscription)
View properties and manage policies
View usage and charges
Download the invoice
View and monitor the Microsoft Azure Consumption Commitment balance (MACC)
Updates related toAzure Cost Management and Billing
Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
Ability to perform multiple Azure File backups throughout the day
In Azure Backup it is now possible to perform multiple backups during the day, with a maximum frequency of four hours, to take multiple snapshots of the file share. This feature allows you to define a backup schedule in line with working hours, useful for frequent updates to Azure File content. Furthermore, you can use Powershell or the Azure command line interface to create backup policies to generate multiple snapshots during the day according to the defined schedule.
Long term retention for Azure PostgreSQL backup
Azure Backup for PostgreSQL is a scalable solution that does not require the presence of an infrastructure, agents or storage accounts, while providing a simple and consistent experience to centrally manage and monitor backups. Support for long-term backup storage was introduced for this solution.
Automatic backup improvements for SQL Server onboard virtual machines
Automatic backup of Azure Backup, a feature given by the extension of the IaaS SQL agent, provides an automatic backup service for SQL Server on board Azure virtual machines. The following improvements have been added to this functionality:
Longer backup retention time in storage account, passing from 30 days to 90 days.
Ability to choose for each Azure virtual machine a specific container of the storage account as a destination for backups. Previously, it was only allowed to specify a storage account and all backups flowed into the same container.
Restore point cross region for virtual machines
The restore points of a virtual machine are snapshots that contain the metadata of the virtual machine and are consistent for all the disks associated with it. These recovery points can be used to protect workloads from data loss and corruption. Now it is possible to restore points of the virtual machine in any region, regardless of the region in which the virtual machine is deployed.
Azure Site Recovery
Recovery point extended to 15 days
Azure Site Recovery through replication policies allows you to adjust the retention history of recovery points. It is now allowed to keep recovery points up to 15 days instead of 72 hours. Recovery points will be stored with a frequency of 5 minutes for the first 2 hours. Later, they will be deleted and archived less frequently. You can enter any value between 0 and 15 days to configure the retention period in a retention policy. Furthermore, if necessary, it is possible to enable type recovery points “application-consistent” (disabled by default).
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 60 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
You can patch and install updates to your Windows Server virtual machines on Azure without requiring a reboot using hotpatch. This capability is available exclusively as part of Azure Automanage for Windows Server for Windows Server Azure Edition core virtual machines, and comes with the following benefits:
Lower workload impact with less reboots
Faster deployment of updates as the packages are smaller, install faster, and have easier patch orchestration with Azure Update Manager
Better protection, as the Hotpatch update packages are scoped to Windows security updates that install faster without rebooting
Virtual Machine level disk bursting supports additional VM types
Virtual Machine level disk bursting supports M-series, Msv2-series Medium Memory, and Mdsv2-series Medium Memory VM families allowing your virtual machine to burst its disk IO and throughput performance for a short time, daily. This enables VMs to handle unforeseen spiky disk traffic smoothly and process batched jobs with speed. There is no additional cost associated with this new capability or adjustments on the VM pricing and it comes enabled by default.
Automatically delete a VM and its associated resources simultaneously
Automatically delete disks, NICs and Public IPs associated with a VM at the same time you delete the VM. With this feature, you can specify the associated resources that should be automatically deleted when you delete a VM. This will allow you to save time and simplify the VM management process.
Storage
Azure NetApp Files: new region and cross-region replication
Azure NetApp Files is now available in Australia Central 2. Additionally, cross-region replication has been enabled between Australia Central and Australia Central 2 region pair.
Application consistent snapshot tool (AzAcSnap) v5.1 is a command-line tool enables you to simplify data protection for third-party databases (SAP HANA) in Linux environments (for example, SUSE and RHEL).
The public preview of application consistent snapshot tool v5.1 supports the following new capabilities:
Oracle Database support
Backint Co-existence
RunBefore and RunAfter capability
These new features can be used with Azure NetApp Files, Azure BareMetal, and now, Azure Managed Disk.
Networking
Application Gateway mutual authentication
Azure Application Gateway is announcing general availability for transport layer security (TLS) mutual authentication. Mutual authentication allows for two-way TLS certificate-based authentication, which allows both client and server to verify each other’s identity. This release strengthens your zero trust networking posture and enables many connected devices, IoT, business to business, and API security scenarios.
You can upload multiple client certificate authority (CA) certificate chains on the Application Gateway to use for client authentication. You can also choose to enable frontend mutual authentication at a per-listener level on Application Gateway. Microsoft is also adding enhancements to server variables supported on Application Gateway to enable you to pass additional client certificate information to backend as HTTP headers.
With this release Microsoft is also extending support for listener specific TLS policies which allows you to configure predefined or custom TLS policies at a per listener granularity, instead of global TLS policies.
Deployment enhancements for SQL Server on Azure Virtual Machines
A great update to our Azure Marketplace image with SQL is you can now configure the instance during deployment. Most companies have standards for their SQL instances and can now make configuration changes during deployment vs keeping the preconfigured image settings. Items like moving the system database to a data disk, configuring tempdb data and log files, configuring the amount of memory and more. During SQL VM deployment under SQL Server Settings, you have the options to change the defaults by clicking Change Configuration for storage or Change SQL Instance settings for customizing memory limits, collation, and ad hoc workloads.
Networking
New Azure Firewall capabilities
New Azure Firewall capabilities are available:
Azure Firewall network rule name logging: previously, the event of a network rule hit would show the source, destination IP/port, and the action, allow or deny. With the new functionality, the event logs for network rules will also contain the policy name, Rule Collection Group, Rule Collection, and the rule name hit.
Azure Firewall premium performance boost: this feature increases the maximum throughput of the Azure Firewall Premium by more than 300 percent (to 100Gbps).
Performance whitepaper: to provide customers with a better visibility into the expected performance of Azure Firewall, Microsoft is releasing the Azure Firewall Performance documentation.
Azure Bastion now supports file transfer via the native client (preview)
With the new Azure Bastion native client support in public preview and included in Standard SKU, you can now:
Use either SSH or RDP to upload files to a VM from your local computer.
Use RDP to download files from a VM to your local computer.
Custom virtual network support in Azure Container Apps (preview)
You can now create Azure Container Apps environments into new or existing virtual networks. This enables Container Apps to receive private IP addresses, maintain outbound internet connectivity, and communicate privately with other resources on the same virtual network.
New features are constantly added to Azure NetApp Files and previously released preview features are moved into general availability. The following capabilities have recently received general availability status and no longer need registration for use:
The new year started with several announcements from Microsoft regarding news related to Azure managementservices. The monthly release of this summary allows you to have an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
News regarding Azure Monitor alerts
The following changes have been introduced in Azure Monitor regarding alerts:
Frequency of 1 minute for alert logs. Alert logs allow users to use a Log Analytics query to evaluate, with a set frequency, resource logs and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. Now you have the ability to evaluate the alert query every minute, thus reducing the overall time for activating an alert log. By adopting this frequency of evaluation it should be taken into account that it also has an impact on the costs of Azure Monitor.
New way of creating alert rules: the experience of creating an alert rule has been transformed from an articulated process into a simple and intuitive wizard.
New agent: support for Private Links
The new Azure Monitor agent introduced support for network configurations via private link. This configuration allows you to operate in restricted environments that require special network requirements and a high degree of isolation.
New version of the agent for Linux systems
A new version of the Log Analytics agent has been released this month for Linux systems thanks to which several improvements and greater stability are introduced.
Govern
Azure Cost Management
Improvements in Azure Advisor recommendations for virtual machines
Azure has improved the Azure Advisor recommendation named “Shutdown/Resize your virtual machines”. This recommendation offers customers the opportunity to save costs by targeting virtual machines that are not being used efficiently.
Among the main improvements we have made are:
Resizing of series between different SKUs: up to this new version, the sizing recommendations provided by Azure Advisor were mostly within the same SKU family. This means if you were using a D3 v2 inefficiently, a D2 v2 or a D1 v2 was recommended, or a smaller SKU but within the same family. Now the recommendations take into account, to increase savings, the ability to move to different families by using SKUs that adapt perfectly to the workload based on the data collected.
Adoption of new versions of SKU families: in general, newer versions of SKU families are more optimized, offer more features and a better performance / cost ratio than previous versions. If the workload is found to be running on an older version and can achieve cost benefits without impacting performance on a newer version, is reported by Azure Advisor.
Improvements on the quality of reports: Microsoft received feedback that some recommendations were not feasible as they did not take certain criteria into account. In order to improve the quality of the recommendations, they are now generated taking into account even more characteristics, such as accelerated network support, support for premium storage, availability in a region, inclusion in an availability set, etc. . Furthermore, to increase the quality, the robustness and applicability of the recommendations the entire recommendation engine has been completely revamped to base it on new automatic and cutting-edge machine learning algorithms.
Multitasking in cost analysis (preview)
Azure Cost Management introduces a new cost analysis experience that allows you to do them more effectively. The preview includes a new tabbed experience to simplify analysis. Starting with an integrated view list, you can open multiple tabs to explore different cost aspects at the same time.
Updates related toAzure Cost Management and Billing
Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
Microsoft Defender for Resource Manager has been updated with new alerts and a greater emphasis has been introduced on high-risk operations mapped to MITER ATT&CK® Matrix
Introduced recommendations for enabling Microsoft Defender plans on workspaces (preview)
Automatic provisioning of the Log Analytics agent on Azure Arc-enabled machines (preview)
Protect
Azure Backup
Changes in security settings
Azure Backup recently released the following changes regarding security settings for workloads protected by Microsoft Azure Recovery Service Agent, Azure Backup Server, or System Center Data Protection Manager:
Integration with MUA (Multi-user authorization): the operation of “disabling safety functions” is now defined as a critical operation that can be protected by a Resource Guard.
To provide protection against accidental or harmful elimination, it is no longer possible to unregister a protected server if the security features are enabled for the vault and there are associated backup items, in active or soft delete state.
Customers will not have to incur any costs for backup data kept in the soft delete state.
The backup policy is not applied to data kept in the soft delete state and therefore no data is deleted for 14 days.
Azure Site Recovery
Support for Azure Policy
Microsoft has introduced the ability to use Azure Policies to enable Azure Site Recovery for virtual machines (VM) on a large scale, thus allowing you to more easily and quickly adhere to organizational standards. After creating a Disaster Recovery policy for a specific subscription or for a specific resource group, all new virtual machines added to that subscription or to the resource group will have Azure Site Recovery enabled automatically. The policy in question is called "Configure disaster recovery on virtual machines by enabling replication via Azure Site Recovery“. In addition to enabling replication for large-scale virtual machines, the Policies make it possible to maintain control over the achievement of organizational standards. In fact,, compliance with policies can be monitored and, if virtual machines are found to be non-compliant, you can create a remediation activity to make the subscription or resource group compliant with the 100%.
Support for Managed Diskof Zone Redundant Storage type (ZRS)
Azure Site Recovery (ASR) introduced support for ZRS type managed disks. Therefore, ASR now allows you to protect virtual machines that take advantage of ZRS managed disks, replicating them in a secondary region of your choice. ASR identifies the source disks as ZRS managed disks and creates equivalent ZRS managed disks in the secondary region. If there is an outage in a region and it is necessary to fail over to the secondary region, ASR will activate the virtual machines in the secondary region with ZRS managed disks, ensuring the same level of resilience.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
