Category Archives: Microsoft Azure

Azure Management services: What's new in June 2021

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

The new Azure Monitor agent and new Data Collection Rules features are available

Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

Support for Azure Arc server(Windows and Linux)
Virtual Machine Scale Set support (VMSS)
Installation via ARM template

With regard to the Data Collection, these innovations have been made:

Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
Single collection and sending to both Log Analytics and Azure Monitor Metrics
Send to multiple workspaces (multi-homing for Linux)
Ability to better filter Windows events
Better extension management

All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).

Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)

Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.

Azure Monitor cost changes to achieve significant savings

Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:

New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.

Govern

Azure Policy

Changes in compliance for Resource Type Policies

Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Display of amortized costs in the cost analysis preview.
Cloudyn is withdrawn from the 30 June.
News regarding Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

TLS 1.2 enforcement per il MARS backup agent

Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.

Cross Region Restore of SQL / SAP HANA running on VM in Azure

In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.

Migrate

Azure Migrate

New Azure Migrate releases and features

Support for new geographies of the public cloud.
The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.

Support for Azure private links

Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (June2021 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Confidential Computing price reduction on DCsv2 virtual machines

DCsv2-series protects the confidentiality and integrity of your data and code while it’s processed in the public cloud. Microsoft is announcing a price reduction on DCsv2-series Azure Virtual Machines by 37%. The new pricing is effective June 1st, 2021, and applies to all the regions where DCsv2-series is available.

New datacenter region in Arizona

Microsoft is launching a new sustainable datacenter region in Arizona, known as “West US 3.” For more details you can read “Expanding cloud services: Microsoft launches its sustainable datacenter region in Arizona“.

Azure Virtual Machines DCsv2-series are available in Australia

Confidential computing DCsv2-series virtual machines (VMs) are now available in Australia East, Austria Southeast will launch in the coming weeks to provide disaster recovery capabilities.

Storage

Azure Blob index tags

Prior to index tags, solutions that required the ability to quickly find specific objects in a blob container would need to keep a secondary catalog. Blob index tags provides a built in capability to add tags and then quickly query for or filter using this information. This provides a simpler solution without requiring a separate query system. This includes the ability to set index tags both upon upload or after upload. You can utilize these indexes as part of lifecycle management that automates deletion and movement between tiers.

Networking

New Azure private MEC solution announced

An evolution of Private Edge Zones, Azure private multi-access edge compute (MEC) expands the scope of possibilities from a single platform and service to a combination of edge compute, multi-access networking stacks, and the application services that run together at the edge. These capabilities help simplify integration complexity and securely manage services from the cloud for high-performance networking and applications.

In addition to the Azure private MEC solution, we are announcing the following Microsoft and partner services and solutions:

New Azure Network Function Manager (public preview) service
Metaswitch Fusion Core third-party services on Azure Stack Edge
Affirmed Private Network Service third-party service on Azure Stage Edge
New Azure Marketplace solutions from our partners’

Default Rule Set 2.0 for Azure Web Application Firewall (preview)

The Default Rule Set 2.0 (DRS 2.0) for Azure Web Application Firewall (WAF) deployments running on Azure Front Door is in preview. This rule set is only available on the Azure Front Door Premium SKU. DRS 2.0 includes the latest changes to our rule set, including the addition of anomaly scoring. With anomaly scoring, incoming requests are assigned an anomaly score when they violate WAF rules and an action is taken only when they breach an anomaly threshold. This helps drastically reduce false positives for customer applications. Also included in DRS2.0 are rules powered by Microsoft Threat Intelligence which offer increased coverage and patches for specific vulnerabilities.

Azure IaaS and Azure Stack: announcements and updates (June 2021 – Weeks: 21 and 22)

Azure

Storage

Azure Storage Blob inventory is now available in all public regions (preview)

Azure blob storage inventory provides you the ability to understand the total number of objects, their size, tier, and other information to gain insight into your object storage estate. Inventory can be used with Azure Synapse to calculate summaries by container. Microsoft has expanded preview to all public regions for blob inventory.

Key Rotation and Expiration Policies

Key rotation is one of the best security practices to reduce the risk of secret leakage for enterprise customers. Customers using Azure Storage account access keys can rotate their keys on demand, in the absence of key expiry dates and policies customers find it difficult to enforce and manage this key rotation automatically. The new feature will allow you to not only set key expiration duration but also add policies that can mandate anyone deploying storage endpoints to specify key rotation duration. Furthermore, you would be able to monitor key expiration and set alerts if a key is about to expire. For accounts that are nearing key expiry, you can rotate the keys using APIs, CLI, Powershell, or Azure Portal.

Networking

ExpressRoute Global Reach Pricing Reduction

Microsoft is annoucing a 50% decrease in the data transfer price for ExpressRoute Global Reach. This pricing change will go into effect as of June 1, 2021. For more information about ExpressRoute Global Reach pricing, visit the ExpressRoute Pricing webpage.

Azure Stack

Azure Stack HCI

Azure Kubernetes Service (AKS) on Azure Stack HCI

Azure Kubernetes Services (AKS) on Azure Stack HCI simplifies the Kubernetes cluster deployment on Azure Stack HCI. It offers hybrid capabilities and consistency with Azure Kubernetes Service for ease of app portability and management. You can take advantage of familiar tools and capabilities to modernize both Linux and Windows .NET apps on-premises. Furthermore, its built-in security enables you to deploy your modern applications anywhere: cloud, on-premises, and edge.

Free Trial Now Available

The Azure Stack HCI team has extended the built-in free software trial from 30 days to 60 days giving more time for customers and partners to evaluate their virtual workloads on Azure Stack HCI in planning their purchase decision. There’s nothing you need to do to enable the trial duration, it’s been automatically extended.

Available in China

Azure Stack HCI is now available in the China cloud – making it very easy to get all the benefits of Azure Stack HCI.

New feature called Network ATC

The next update available to Azure Stack HCI subscribers will be 21H2 which is in preview right now. With this update comes a new feature called Network ATC, which simplifies the deployment and management of networking on your HCI hosts.

If you’ve deployed Azure Stack HCI previously, you know that network deployment can pose a significant challenge. You might be asking yourself:

How do I configure or optimize my adapter?
Did I configure the virtual switch, VMMQ, RDMA, etc. correctly?
Are all nodes in the cluster the same?
Are we following the best practice deployment models?
(And if something goes wrong) What changed!?

So, what does Network ATC actually set out to solve? Network ATC can help:

Reduce host networking deployment time, complexity, and errors
Deploy the latest Microsoft validated and supported best practices
Ensure configuration consistency across the cluster
Eliminate configuration drift

Network ATC does this through some new concepts, namely “intent-based” deployment. If you tell Network ATC how you want to use an adapter, it will translate, deploy, and manage the needed configuration across all nodes in the cluster.

Azure Management services: What's new in May 2021

To stay constantly updated on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

Monitor

Azure Monitor

Log Analytics workspace insights

Microsoft has announced the availability of Log Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: usage, performance, integrity, agents, query and change logs.

These are the main questions to which the solution can provide an answer:

What are the main tables, those where most of the data is imported?
Which resource sends the most logs to the workspace?
How long does it take for the logs to reach the workspace?
How many agents are connected to the work area? How many are in a health state?
Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
Who has set a daily limit? When data retention has changed?
- Useful for keeping a log of changes in workspace settings.

Export of Azure Monitor logs to multiple destinations (preview)

You now have the option to create up to 10 data export rules in each Log Analytics workspace, having the flexibility to decide which tables to export and to which destination (storage accounts oppure event hubs). This configuration possibility makes it possible to address these aspects:

Event hub rate limit
Single storage account rate limit
Different logs can be exported to different destinations.

Updates related to the user interface(UI)

The following user interface updates have been introduced in Log Analytics(UI):

Consultation of custom logs: it is now possible to control and manage the table and the custom fields from a new dedicated panel, offering a new user interface that improves the experience of consulting custom logs.
Azure Dashboard: the parts of Log Analytics added to Azure dashboards support integration with filters.

Query packs in Azure Monitor (preview)

Query packages have been made available in Azure Monitor , which are essentially ARM objects containing several queries. Among the main features we find:

Being ARM objects, precise control of permissions is provided and can be distributed via code and incorporated into policies.
They work in all contexts and in all environments, with the ability to upload them to multiple subscriptions.
They allow organizations to better organize queries based on their taxonomy, thanks to the presence of new metadata.
The clear experience, harmonized and contextual to the environment is incorporated in Log Analytics.

Availability in new regions

Azure Monitor Log Analytics is now also available in the South India region. To check the availability of the service in all the Azure regions you can consult this document.

Secure

Azure Security Center

Integration con GitHub Actions (in public preview)

The integration of Azure Security Center (ASC) with GitHub Actions, in public preview, allows you to easily incorporate security and compliance early in the software development lifecycle. With this integrated experience, you can gain greater visibility into IT operations and IT security, both in the pipeline CI / CD, both in the security scans of container registry within ASC. Furthermore, end-to-end traceability makes it easier for developers to identify issues, improving resolution times and strengthening your cloud security posture.

Re-scanning of containers

Azure Security Center has introduced a new scan for containers that analyzes images to identify vulnerabilities before the push action occurs within the Azure container registries. In the future, ASC will also provide recommendations if you detect workflows that send Docker images without enabling scan actions CI / CD.

New features, bug fixes and deprecated features of Azure Security Center

Protect

Azure Backup

Backup for Azure Blobs

Azure Blob Backup is a managed data protection solution, this helps protect block blobs from various data loss scenarios. The data is stored locally within the source storage account and can be restored from a certain time when necessary. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Enable Azure Site Recovery (ASR) when creating virtual machines

While creating new virtual machines from the Azure portal, you can now also enable the Azure Site Recovery replication process. This possibility is included in the virtual machine management options along with those already available, such as Monitoring, Identity, and Backup.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news is the migration of virtual machines and physical servers with operating system disks up to 4 TB, which is now supported using the migration method based on the presence of the agent.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (May 2021 – Weeks: 19 and 20)

Azure

Storage

Zone redundant storage (ZRS) option for Azure managed disks (preview)

Zone redundant storage (ZRS) option for Azure managed disks is now available on Premium SSDs and Standard SSDs in public preview in: West Europe, North Europe, West US 2 and France Central regions. Disks with ZRS provide synchronous replication of data across the zones in a region, enabling disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. Disks with ZRS maintain three consistent copies of the data in distinct Availability Zones in a region, making them tolerant to outages. They also allow you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software. This means that, if a virtual machine becomes unavailable in an affected Zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone. You can also use the ZRS option with shared disks to provide improved availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS or GFS2.

Lower pricing for provisioned throughput on Azure Ultra Disks

Microsoft is announcing a price reduction on provisioned throughput for Azure Ultra Disks by 65%. The new pricing is effective May 1st, 2021, and applies to all the regions where Ultra Disks are available. Azure Ultra Disks offer high throughput, high IOPS, and consistent low latency disk storage for Azure Virtual Machines (VMs).

Azure NetApp Files: Application Consistent Snapshot tool (AzAcSnap)

The Azure Application Consistent Snapshot tool (AzAcSnap) is a command-line tool enables you to simplify data protection for third-party databases (SAP HANA) in Linux environments (for example, SUSE and RHEL). Since the January 2021 preview announcement, AzAcSnap has seen wide adoption among enterprise customers for fast backup of Azure NetApp Files volumes including multi-TB databases and scale-out scenarios for SAP HANA. Now it is available.

Azure File Sync agent v12.1

The v12.0 agent release had two bugs which are fixed in this release:

Agent auto-update fails to update the agent to a later version.
FileSyncErrorsReport.ps1 script does not provide the list of per-item errors.

If agent version 12.0 is installed on your servers, you will need to update to v12.1 using Microsoft Update or Microsoft Update Catalog (see installation instructions in KB4588751).

More information about this release:

This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations.
The agent version for this release is 12.1.0.0.
A restart may be required if files are in use during the installation.
Installation instructions are documented in KB4588751.

Networking

Virtual Network peering support for Azure Bastion

Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional Bastion host.

Azure VPN Client for macOS (preview)

Azure VPN Client for macOS, with support for native Azure AD, certificate-based, and RADIUS authentication for OpenVPN protocol is in public preview. Native Azure AD authentication support is highly desired by organizations as it enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and the Azure VPN Client to obtain and validate Azure AD tokens. With the Azure VPN Client for macOS, customers can use user-based policies, Conditional Access, as well as Multi-factor Authentication (MFA) for their Mac devices.

Application Gateway Mutual Authentication (preview)

Azure Application Gateway now supports the ability to perform frontend mutual authentication. In addition to the client authenticating Application Gateway in a request, Application Gateway can now also authenticate the client. You can upload multiple client Certificate Authority (CA) certificate chains for Application Gateway to use for client authentication. Additionally, Application Gateway also allows you to configure listener specific SSL policies. You can choose to enable mutual authentication at a per listener level on your gateway, as well as choose to pass client authentication information to the backends through server variables. This feature enables scenarios where Application Gateway needs to authenticate the client in addition to the client authenticating Application Gateway.

Azure ExpressRoute: 5 New Peering Locations Available

New peering locations are now available for ExpressRoute:

Bogota
Madrid
Sao Paulo
Rio de Janeiro
Toronto2

With this announcement, ExpressRoute is now available across 75 global commercial Azure peering locations.

Azure IaaS and Azure Stack: announcements and updates (May 2021 – Weeks: 17 and 18)

Azure

Compute

Azure Hybrid Benefit for Linux with RI and VMSS Support

Azure Hybrid Benefit is available for Linux, extending the ability to easily migrate RHEL and SLES servers to Azure beyond existing pay-as-you-go instances to include support for Azure Reserved Instance (RI) and virtual machine scale set (VMSS).

While previous Bring-Your-Own-Subscription cloud migration options available to Red Hat and SUSE customers allowed them to use their pre-existing RHEL and SLES subscriptions in the cloud, Azure Hybrid Benefit for Linux improves upon this with several capabilities unique to Azure making enterprise Linux cloud migration even easier than before:

Applies to all Red Hat Enterprise Linux and SUSE Linux Enterprise Server pay-as-you-go images available in the Azure Marketplace or Azure Portal. No need to provide your own image.
Save time with seamless post-deployment conversions—production redeployment is unnecessary. Simply convert the pay-as-you-go images used during your proof-of-concept testing to bring-your-own-subscription billing.
Lower ongoing operational costs with automatic image maintenance, updates, and patches: Microsoft maintains the converted RHEL and SLES images for you.
Enjoy the convenience of unified user interface integration with the Azure CLI, providing the same UI as other Azure virtual machines, as well as scalable batch conversions.
Get co-located technical support from Azure, Red Hat, and SUSE with just one ticket.
Combine with recently announced Red Hat and SUSE support for Azure shared disks to lift-and-shift failover clusters and parallel file systems, like Global File System.
Fully compatible with Azure Arc, providing end-to-end hybrid cloud operations management for Windows, RHEL, and SLES servers in one solution.

New Azure VMs for general purpose and memory intensive workloads (preview)

The new Dv5, Dsv5, Ddv5, Ddsv5, and Ev5, Edv5 series Azure Virtual Machines, now in preview, are based on the 3rd Generation Intel® Xeon® Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration. This custom processor can reach an all-core Turbo clock speed of up to 3.5GHz and features Intel® Turbo Boost Technology 2.0, Intel® Advanced Vector Extensions 512 (Intel® AVX-512) and Intel® Deep Learning Boost. These new offerings deliver a better value proposition for general-purpose, and memory intensive workloads compared to the prior generation (e.g., increased scalability and an upgraded CPU class) including better price to performance.

The Dv5, Dsv5, Ddv5, Ddsv5 VM sizes offer a combination of vCPUs and memory able to meet the requirements associated with most general-purpose workloads and can scale up to 96 vCPUs. The Ddv5 and Ddsv5 VM sizes feature high performance, large local SSD storage (up to 2,400 GiB). The Dv5 and Dsv5 VM series offer a lower price of entry since they do not feature any local temporary storage. If you require temporary storage select the latest Ddv5 or Ddsv5 Azure virtual machines, which are also in Preview.

The Ev5 and Edv5 VM sizes feature up to 672 GiB of RAM and are ideal for memory-intensive enterprise applications. You can attach Standard SSDs and Standard HDDs disk storage to these VMs. If you prefer to use Premium SSD or Ultra Disk storage, please select the Esv5 and Edsv5 VM series, which will be in preview in the near future. The Ev5 and Esv5 VMs offer a lower price of entry since they do not feature any local temporary storage. If you require temporary storage select the latest Edv5 VM series which are also in preview, or the Edsv5 VM series, which will be in preview in the near future.

New NPv1 virtual machines

NPv1 series virtual machines are a new addition to the Azure product offering. These instances are powered by Xilinx Alveo U250 FPGAS. These highly-programmable accelerators benefit a variety of computationally intensive workloads such as genomics, image-processing, security, data analysis and more. The NP series offering is based upon the commercially available U250 from Xilinx and uses a standard shell easing the difficulties of migrating existing FPGA workloads & solutions to the cloud. New Xilinx Alveo U250 FPGA NPv1 VMs are now generally available in West US 2, East US, West Europe, and Southeast Asia.

Microsoft acquires Kinvolk to accelerate container-optimized innovation

Microsoft is excited to bring the expertise of the Kinvolk team to Azure and having them become key contributors to the engineering development of Azure Kubernetes Service (AKS), Azure Arc, and future projects that will expand Azure’s hybrid container platform capabilities and increase Microsoft’s upstream open source contributions in the Kubernetes and container space. Microsoft is also committed to maintaining and building upon Kinvolk’s open source culture. The Kinvolk team will continue to remain active in their existing open source projects and will be essential to driving further collaboration between Azure engineering teams and the larger open source container community.

Storage

Azure Blob storage: NFS 3.0 protocol support public preview now expands to all regions

Azure Blob storage is the only public cloud storage platform that supports NFS 3.0 protocol over object storage natively (no gateway or data copying required), with object storage economics. This new level of support is optimized for high-throughput, read-heavy workloads where data will be ingested once and minimally modified further, such as large-scale analytic data, backup and archive, media processing, genomic sequencing, and line-of-business applications. Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts with standard tier performance in all publicly available regions. Further, Microsoft is enabling a set of Azure blob storage features in premium blockblob accounts with NFS 3.0 feature enabled such as blob service REST API and lifecycle management.

Attribute-based Access Control (ABAC) in preview

Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This preview includes support for role assignment conditions on Blobs and ADLS Gen2, and enables you to author conditions based on resource and request attributes.

Prevent Shared Key authorization for an Azure Storage account

Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key. Microsoft is announcing the general availability of the ability to disable Shared Key authorization for Azure Storage.

Append blob support in Azure Data Lake Storage

Append blobs provide a simple and effective way of adding new content to the end of a file or blob when the existing content does not need to be modified. This makes append blobs great for applications such as logging that need to add information to existing files efficiently and continuously. Until now, only block blobs were supported in Azure Data Lake Storage accounts. Applications can now also create append blobs in these accounts and write to them using Append Block operations. These append blobs can be read using existing Blob APIs and Azure Data Lake Storage APIs.

Networking

Multiple features for Azure VPN Gateway

The following features for Azure VPN Gateway are general available:

Multiple authentication types for point-to-site VPN – You can now enable multiple authentication types on a single gateway for OpenVPN tunnel type. Azure AD, certificate-based and RADIUS can all be enabled on a single gateway.
BGP diagnostics – You can now see the Border Gateway Protocol session status, route advertised and routes learnt by the VPN Gateway.
VPN packet capture in Azure portal – Support for packet capture on the VPN Gateway is now availbe in the Azure portal.
VPN connection management – With new enhancements in VPN connection management capabilities, you can now reset an individual connection instead of resseting the whole gateway. You can also set the Internet Key Exchange (IKE) mode of the gateway to responder-only, initiator-only or both and view the Security Association (SA) of a connection.

Azure Management services: What's New in April 2021

Microsoft is constantly announcing news regarding Azure management services. This summary, released on a monthly basis, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

Monitor

Azure Monitor

New agent version for Windows Systems

A new version of the Log Analytics agent has been released this month for Window systemss. The new version includes a new tool for troubleshooting and handles changes to certificates in Azure services differently.

The uniqueness of the name of the Log Analytics workspaces is now per resource group

In the past, the uniqueness of the Azure Monitor Log Analytics workspace was globally for all subscriptions. This meant that when a workspace name was used by a customer, it could not be reused by others. Microsoft has changed the way in which the uniqueness of the workspace name is requested and is now managed in the context of the resource group.

New definitions built-in of the Azure Policy for data encryption in Azure Monitor

Azure Monitor provides built-in policies for data encryption governance and control over the key used for encryption at rest. Here are the new built-in policies available for data encryption:

Azure Monitor logs clusters should be encrypted with customer-managed key – Audit if log analytics cluster is defined with customer-managed key.
Azure Monitor logs clusters should be created with infrastructure-encryption enabled (double encryption) – Audit log analytics cluster is created with Infrastructure enabled.
Azure Monitor logs for application insights should be linked to a log analytics workspace – Audit if application insights is linked to store data in log analytics workspace. Workspace can then be linked to a log analytics cluster for customer-managed key settings.
Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption – Audit if workspace has linked storage account, which allows the encryption using customer-managed key.
Log alert queries in Azure Monitor will be saved in customer storage account, if workspace has linked storage account, which allows the encryption using customer-managed key.

Improvements for Log Alerts

Log Alerts are available in Azure Monitor that allow users to use a Log Analytics query to evaluate the resources logs at a set frequency and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. In this context, two new highly requested features have been released (in preview):

Stateful Log Alert: with this feature enabled, activated alerts are automatically resolved once the condition is no longer satisfied. In this way, the same behavior is adopted as in the alerts related to metrics.
Frequency of 1 minute: with this feature enabled, the alert query is evaluated every minute to verify the specified condition, thus reducing the overall time for activating a Log Alert.

Availability in new regions

Azure Monitor Log Analytics is also available in the region South India.

To check the availability of the service in all the Azure regions you can consult this document.

Container insights: support for the monitor of Kubernetes Azure Arc enabled environment (preview)

Containers insights in Azure Monitor has extended its monitor capabilities to Azure Arc Kubernetes clusters as well, providing the same monitoring capabilities present for the Azure Kubernetes service (AKS), which:

Visibility on the performance of the environment, through the memory and processor metrics for the controllers, nodes and containers.
View information collected through workbooks and in the Azure portal.
Alert and possibility of querying historical data for problem solving.
Ability to verify Prometheus metrics.

Configure

Azure Automation

Availability in new regions

Azure Automation is also available in the region South India.

Support for System Assigned Managed Identities for cloud and Hybrid job (public preview)

Azure Automation has introduced support for System Assigned Managed Identities for cloud and Hybrid jobs. Among the advantages of using Managed Identities we find:

The ability to authenticate to any Azure service that supports Azure AD authentication.
Elimination of the management overhead associated with managing Run As accounts in runbook code. This makes it possible to access resources via the Managed Identity of an Automation account from a runbook, without having to worry about creating RunAsCertificate, RunAsConnection, etc.
It is not necessary to renew the certificate used by the Automation Run As account.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Protect

Azure Backup

Azure Dedicated Host protection support

Azure Backup has introduced support for the backup and recovery of virtual machines residing on Azure Dedicated Host, physical servers dedicated to your organization whose capacity is not shared with other customers. This feature is available in all Azure regions where Azure Dedicated Host can be activated.

Azure VM Scale sets protection with orchestration templates (preview)

Azure Backup now allows you to backup and restore Azure VM Scale sets with orchestration models, which provide a logical grouping of virtual machines managed by the platform.

Improvements in encryption using customer managed keys (preview)

Azure Backup now allows you to use your own keys to encrypt backup data residing in the Recovery Services vaults. This new feature allows you to increase the control of the encryption of your data. Furthermore, you can use the Azure Policy to control and apply encryption using keys managed directly by the customer.

Azure Site Recovery

Support for Azure Policy (preview)

The ability to use Azure Policy is now provided to enable large-scale use of Azure Site Recovery for virtual machines. After creating a disaster recovery policy for a resource group, all new virtual machines that will be added to this resource group will have Site Recovery enabled automatically. Furthermore, through a Remediation process, Site Recovery can also be enabled for all virtual machines already present in the Resource Group.

Support for cross-continental disaster recovery (for 3 region pairs)

Azure Site Recovery introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected. This feature is currently available for the following 3 pairs of intercontinental regions:

Southeast Asia and Australia East
Southeast Asia and Australia Southeast
West Europe and South Central US

Support of “proximity placement groups” in hybrid and cloud disaster recovery scenarios

Azure Site Recovery introduced support for “proximity placement groups (PPG)” in hybrid and cloud disaster recovery scenarios. With this support it will be possible to replicate an on-premises physical or virtual machine or an Azure virtual machine within a PPG, in the chosen Azure target area. Upon activation of the failover plan, Site Recovery will activate the failover VM within the target PPG selected by the user. This functionality is available both through the Azure portal and through PowerShell and REST API, across all Azure regions.

Migrate

Azure Migrate

New Azure Migrate releases and features

The tools Azure Migrate: Discovery and Assessment and Azure Migrate: Server Migration can be used by connecting privately and securely to the Azure Migrate service via ExpressRoute or via a site-to-site VPN, using Azure private links. This connectivity method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (April 2021 – Weeks: 15 and 16)

Azure

Compute

New M-series Msv2/Mdsv2 Medium Memory VMs for memory-optimized workloads

Azure Msv2/Mdsv2 Medium Memory Series offering up to 192vCPU and 4TB memory configurations and running on Cascade Lake processor are now generally available. Msv2/Mdsv2 medium memory VM sizes providing a 20% increase in CPU performance, increased flexibility with local disks, and a new intermediate scale up-option. These virtual machines provide unparalleled computational performance to support large in-memory databases and workloads such as SAP HANA and SQL Hekaton.

Azure Virtual Machines DCsv2-series in Azure Government (public preview)

Azure Government customers can build secure, enclave-based applications to protect code and data while it’s in use, in a dedicated cloud that meets stringent government security and compliance requirements. Confidential computing DCsv2-series virtual machines are now in preview for Azure Government customers (federal, state, local governments, and their partners) in US Government Virginia and Arizona regions. These VMs are backed by Intel XEON E-2288G processors with Intel Software Guard Extensions (SGX) technology.

Microsoft announces plans to establish first datacenter region in Malaysia

The new datacenter region is part of the “Bersama Malaysia” initiative to support inclusive economic growth in Malaysia.

Storage

Azure Blob storage supports objects up to 200 TB in size

Workloads that utilize larger file sizes such as backups, media, and seismic analysis can now utilize Azure Blob storage and ADLS Gen2 without breaking these large files into separate blobs. Each blob is made up of up to 50,000 blocks. Each block can now be 4GB in size for a total of 200 TB per blob or ADLS Gen2 file.

Lustre HSM tools to import from or export to Azure Storage

Lustre HSM (Hierarchical Storage Management) provides the capability to associate a Lustre file system with an external storage system and migrate file data between them.

Now available are the File System Hydrator and Copy Tool, which enables integrating a Lustre file system with an Azure storage account:

The File System Hydrator is used to import a file system namespace from an Azure storage account into a Lustre file system with the imported files left in the ‘released’/’exist’ state.
The Copy Tool is used to hydrate the content of the files in the storage account into the Lustre file system on-demand. The copy tool can also be used to archive content of files back into the storage account, including changed or added files.

Networking

Application Gateway URL Rewrite

Azure Application Gateway now supports the ability to rewrite host name, path and query string of the request URL. In addition to header rewrites, you can now also rewrite URL of all or some of the client requests based on matching one or more conditions as required. You can choose to route the request based on the original URL or the rewritten URL. This feature enables several important scenarios such as allowing path based routing for query string values and support for hosting friendly URLs.

Azure IaaS and Azure Stack: announcements and updates (April 2021 – Weeks: 13 and 14)

Azure

Compute

Virtual machine (VM) level disk bursting available on all Dsv3 and Esv3 families

Virtual machine level disk bursting allows your virtual machine to burst its disk IO and MiB/s throughput performance for a short time daily. This feature is now enabled on all our Dsv3-series and Esv3-series virtual machines, with more virtual machine types and families support soon to come. There is no additional cost associated with this new capability or adjustments on the VM pricing and it comes enabled by default.

Cloud Services (extended support) is generally available

Cloud Services (extended support), which is a new Azure Resource Manager (ARM)-based deployment model for Azure Cloud Services, is generally available. Cloud Services (extended support) has the primary benefit of providing regional resiliency along with feature parity with Azure Cloud Services deployed using Azure Service Manager (ASM). It also offers some ARM capabilities such as role-based access and control (RBAC), tags, policy, private link support, and use of deployment templates. The ASM-based deployment model for Cloud Services has been renamed Cloud Services (classic). Customers retain the ability to build and rapidly deploy web and cloud applications and services. Customers will be able to scale cloud services infrastructure based on current demand and ensure that the performance of applications can keep up while simultaneously reducing costs. The platform-supported tool for migrating existing cloud services to Cloud Services (extended support) also goes into preview. Migrating to ARM will allow customers to set up a robust infrastructure platform for their applications.

Storage

Azure File Sync agent v12

Improvements and issues that are fixed in the v12 release:

New portal experience to configure network access policy and private endpoint connections
- You can now use the portal to disable access to the Storage Sync Service public endpoint and to approve, reject and remove private endpoint connections. To configure the network access policy and private endpoint connections, open the Storage Sync Service portal, go to the Settings section and click Network.
Cloud Tiering support for volume cluster sizes larger than 64KiB
- Cloud Tiering now supports volume cluster sizes up to 2MiB on Server 2019. To learn more, see What is the minimum file size for a file to tier?.
Measure bandwidth and latency to Azure File Sync service and storage account
- The Test-StorageSyncNetworkConnectivity cmdlet can now be used to measure latency and bandwidth to the Azure File Sync service and storage account. Latency to the Azure File Sync service and storage account is measured by default when running the cmdlet. Upload and download bandwidth to the storage account is measured when using the “-MeasureBandwidth” parameter. To learn more, see the release notes.
Improved error messages in the portal when server endpoint creation fails
- We heard your feedback and have improved the error messages and guidance when server endpoint creation fails.
Miscellaneous performance and reliability improvements
- Improved change detection performance to detect files that have changed in the Azure file share.
- Performance improvements for reconciliation sync sessions.
- Sync improvements to reduce ECS_E_SYNC_METADATA_KNOWLEDGE_SOFT_LIMIT_REACHED and ECS_E_SYNC_METADATA_KNOWLEDGE_LIMIT_REACHED errors.
- Files may fail to tier on Server 2019 if Data Deduplication is enabled on the volume.
- AFSDiag fails to compress files if a file is larger than 2GiB.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

This release is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations.
A restart is required for servers that have an existing Azure File Sync agent installation.
The agent version for this release is 12.0.0.0.
Installation instructions are documented in KB4568585.

Encryption scopes in Azure Storage

Encryption scopes introduce the option to provision multiple encryption keys in a storage account for blobs. Previously, customers using a single storage account for multi-tenancy scenarios were limited to using a single account-scoped encryption key for all the data in the account. With encryption scopes, you now can provision multiple encryption keys and choose to apply the encryption scope either at the container level (as the default scope for blobs in that container) or at the blob level.

Azure Data Explorer external tables

An external table is a schema entity that references data stored outside the Azure Data Explorer database. Azure Data Explorer Web UI can create external tables by taking sample files from a storage container and creating schema based on these samples. You can then analyze and query data in external tables without ingestion into Azure Data Explorer.

Azure Management services: what's new in March 2021

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, reported monthly, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

Monitor

Azure Monitor

What's new in Azure Monitor for Windows Virtual Desktop

Azure Monitor for Windows Virtual Desktop, that will be made available in the coming weeks, will allow you to have a centralized view, containing all the monitor information to help you troubleshoot and operate on a large scale. Thanks to the latest updates it is possible to:

View a summary of the status and health of the pool host
Find and resolve deployment issues
Understanding and addressing user feedback
Evaluate resource usage and make scalability decisions, thus achieving optimal cost management

ExpressRoute Monitors in Azure Monitor Network Insights

Azure Monitor Network Insights allows now, through a centralized console, to make the ExpressRoute monitor. The solution displays the following information regarding ExpressRoute connectivity:

Topology of all ExpressRoute circuit components (peering, connections and gateways)
Provisioning and health status of the various components
Circuit metrics (Availability, throughput and packet delivery)
Metrics of the ExpressRoute gateway connected to the circuit

Azure Monitor SQL insights for Azure SQL (preview)

Azure Monitor SQL Insights allows you to collect, the analysis and customized display of telemetry data for SQL Database, SQL Managed Instance and SQL Server on board Azure Virtual Machines. The interactive experience introduced by SQL Insights allows you to customize the collection, the frequency of telemetry and to combine data from multiple sources, providing a unified monitoring experience for the SQL environment. SQL Insights is based on the Azure Monitor platform, giving customers access to all the viewing and notification features in the solution.

Azure Monitor Alerts for Azure Backup (preview)

You can now manage backup alerts through the standard Azure Monitor experience. This integration allows users to have a consistent experience in managing alerts across Azure services, including backup.

Azure monitor for containers: live consultation of pods logs & Replica set

Azure monitor for containers introduced support for real-time access to Azure Kubernetes Service Pods and Replica sets logs (AKS). Thanks to this new feature you can search for, filter and view historical pod logs in Log Analytics, you can also troubleshoot and diagnose pods and replica sets.

Container Insights: Persistent Volume monitoring & Tab reports

Container Insights of Azure Monitor introduces two new features:

Monitoring dei Persistent Volume (PV) for AKS clusters.
A new Reports tab that provides full access to all workbooks related to Kubernetes.

Azure SQL auditing in Log Analytics

It is now possible to merge the audit logs of Azure SQL Database and Azure Synapse Analytics to a Log Analytics workspace and to the Event Hub. This way you can centralize SQL audit logs in one location and do large-scale analysis.

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems, which introduces several improvements and greater stability.

Availability in new regions

Azure Monitor Log Analytics is available in the following new regions:

Australia Central 2

To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in new regions

Azure Automation is available in the following new regions:

UK West

Azure Automanage

New features for Windows systems and extension to Linux distro

Azure Automanage is a new solution that automates several operations throughout the entire lifecycle of virtual machines located in Azure. It allows you to automatically implement best practices in virtual machine management ensuring compliance regarding security aspects, corporate compliance and business continuity. In this solution, new features have been added to simplify operations on virtual machines (VM) Windows Server, such as installing security patches without restarting. This feature allows security patches to be deployed in seconds, this makes it easier to protect servers from critical threats. Azure Automanage has also been extended to major Linux distributions.

Govern

Azure Policy

Azure Cost Management

Updates related toAzure Cost Management and Billing

Ability to monitor spending through alerts on expected costs (forecasted cost alerts)
New view of subscription costs
What's New in Cost Management Labs

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Integrating Azure Firewall management into Security Center
Inclusion of the “Disable rule” experience in SQL vulnerability assessment (preview)
Azure Monitor Workbooks built into Security Center
Azure Audit reports included in the regulatory compliance dashboard (preview)
Ability to view recommendation data in Azure Resource Graph with “Explore in ARG”
Workflow Automation Deployment Policy Updates
Improvements in the recommendations page

Protect

Azure Backup

Backup Center

The new Backup Center solution is now available and offers a unique experience designed for centralized management of large-scale backups. With Backup Center, you can dynamically explore large backup inventories between vaults, subscriptions, different locations and even tenants using Azure Lighthouse. The Backup Center can also govern any actions related to backups. Thanks to integration with Azure Policies and recent additional features for tag-based Azure Policies, large-scale governance can be implemented and compliance monitoring simplified. Backup Center also provides useful information to detect resources that are not protected from backups.

Backup Center supports the following types of workloads:

Azure Virtual Machines
SQL in Azure Virtual Machines
HANA in Azure VMs
Azure Files

Furthermore, the following workloads are supported in preview:

Azure Disks
Azure Blobs
Azure Database for PostgreSQL Servers

Azure Managed Disk backups

Azure Backup offers the ability to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.

SAP HANA Incremental Backup Support

Azure Backup introduces support for creating incremental SAP HANA backups (at the moment in all regions, except Germany Northeast, Germany Central, France South, and US Gov IOWA). Sap HANA's large DB protection is faster and cheaper with this feature.

Support for Archive storage for backup of VMs and SQL on board VMs (preview)

In Azure Backup, you can now move recovery points to save costs and keep your backup data longer. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Using Azure PowerShell, you can move these backups from the standard tier to the new archive tier. Restores can be done in an integrated way from the Azure portal, with a simple and intuitive process. In addition to this, Azure Backup will provide, using a specific API, recommendations for moving recovery points to the tier archive.

Backup for Azure Blobs (preview)

Azure Blob backup is an on-premises and managed data protection solution, this helps protect block blobs from various data loss scenarios. Data is stored locally within the source storage account and can be restored from a certain selected time when needed. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Expanding DR scenarios to Availability Zones from Azure

Although Availability Zones are traditionally used by customers for high-availability configurations of environments, can now also be leveraged to implement specific disaster recovery scenarios. This feature allows you to define DR plans for scenarios where the maintenance of data residency and local compliance is required, improving the Recovery Point Objective (RPO). This configuration also reduces the complexity of the configurations required to implement a DR strategy in a secondary region.

Migrate

Azure Migrate

New Azure Migrate releases and features

Support to provide multiple server credentials on the Azure Migrate appliance needed to detect installed applications (software inventory), perform agentless dependency analysis and discover SQL Server instances and databases in the VMware environment.
Agentless VMware migration now supports simultaneous replication of 500 VMs for vCenter.
Azure Migrate automatically installs the Azure VM agent during migration (using the agentless migration method).
Azure Migrate Hub now includes an app containerization tool (preview), with support for ASP.NET and Java web applications, which allows you to facilitate the migration of containerized applications running on Azure Kubernetes Service (AKS).
Ability to perform assessment for migration to Azure VMware Solution.
The new Azure Migrate PowerShell module (preview) adds support for Server Migration agentless tools for migrating VMware virtual machines (VM) in Azure. Furthermore, you can configure and manage server replication to Azure and migrate them, using Azure PowerShell cmdlets in an automated and repeatable way.

Azure Database Migration

SQL Server discovery and assessment agentless

With Azure Migrate, you can now discover SQL Server instances and databases running in a VMware environment, analyze their configuration, application performance and dependencies to migrate to Azure SQL databases and Azure SQL Managed Instances. The solution can provide information regarding the possibility of migration, correct sizing and SQL Azure cost projections.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.