Category Archives: Microsoft Azure

Azure Management services: What's new in July 2020

Microsoft continuously announces news about Azure management services and as usual our community releases this monthly summary. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor Logs connector

The Azure Monitor Logs connector component has been released and allows you to create automated workflows using hundreds of actions for a variety of services with Azure Logic Apps and Power Automate.

Azure Monitor for SAP Solutions (preview)

Azure Monitor for SAP is a new solution that allows you to natively monitor your SAP environment in Azure. This solution allows you to collect and consolidate telemetry from your Azure infrastructure and SAP databases. This data is used to achieve a correlation between the different components that allows for faster troubleshooting. This feature is currently present in public preview in the following regions: US East, US East 2, US West 2, West Europe.

Azure Monitor Community Repository

The Azure Monitor Community GitHub repository has been made available and provides a collaborative space for community members to share and explore Azure Monitor artifacts as queries [KQL], workbooks and alerts. This repository is public and accepts contributions from any user, for the benefit of the entire Azure Monitor community.

Azure Log Analytics saved searches are moving to Query Explorer

Azure Log Analytics Saved Searches are now available in Query Explorer, which allows you to use and manage different queries. To manage them, access to the section Logs in the Azure Monitor Log Analytics workspace or from Application Insights and select Query explorer from the main menu.

Configure

Azure Automation

Introduced support for Azure Private Link (preview)

Microsoft has introduced support for Azure Private Link, necessary to securely connect virtual networks to Azure Automation through the use of private endpoints. This feature is useful for:

  • Establish a private connection with Azure Automation, without opening access to the public network.
  • Ensure that Azure Automation data is accessible only through authorized private networks.
  • Protect yourself from data extraction by allowing granular access to specific resources.
  • Protect resources from access from the public network.

Govern

Azure Policy

Azure Policy for Azure Kubernetes Service (AKS) pods (preview)

To improve the security of Azure Kubernetes Service clusters (AKS) you can now protect pods by using Azure Policies. This integration allows you to control pod requests and detect requests that violate policies set. At the moment, you can choose from a list of 16 integrated policies and two initiatives (that match the standards set in the Kubernetes pod security policy) .

Azure Cost Management

Azure Cost Management + Billing updates

During the month of July, news was announced regarding the following areas of Azure Cost Management and Billing:

Secure

Azure Security Center

Advanced threat protection for Azure Storage

Advanced threat protection preview for Azure Storage supports Azure Files and Azure Data Lake Storage Gen2 API, helping customers protect data stored in file shares and data stores designed for corporate big data analytics. This protection provides an additional layer of security information by providing alerts when unusual and potentially malicious attempts to access or exploit storage accounts are detected. These security alerts are integrated with the Security Center and are also emailed to subscription administrators, with details about suspicious activity and advice on how to investigate and resolve threats.

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 48 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Support for replication via Private Link

Azure Site Recovery introduced support for private links, These can be used to replicate Azure virtual machines, VMware and Hyper-V systems and physical machines. Using Private Links provides secure connectivity to Azure Site Recovery service URLs. A private endpoint on the network will be required for access to the recovery services vault and a second endpoint for data replication to the cache storage account. This feature will be available in almost all public regions by August 2020.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Security Center: Azure Storage protection

Azure Security Center, the cloud solution that allows you to prevent, detect and respond to security threats affecting hybrid architectures, it also provides enhanced protection for storage resources in Azure. The solution detects unusual and potentially harmful attempts to access or use Azure Storage. This article describes how to effectively protect storage in Azure with this solution, looking at the news recently announced in this area.

Azure Security Center (ASC) is possible to activate it in two different tiers:

  • Free tier. In this tier ASC is totally free and performs a continuous assessment, providing recommendations relating to the security of the Azure environment.
  • Standard tier. Compared to tier free adds enhanced threat detection, using behavioral analysis and machine learning to identify zero-day attacks and exploits. Through machine learning techniques and through the creation of whitelist is possible to control the execution of applications to reduce exposure to network attacks and malware. Furthermore, the standard level adds the ability to perform in an integrated manner a Vulnerability Assessment for virtual machines in Azure. Azure Security Center Standard supports several resources including: VMs, Virtual machine scale sets, App Service, SQL servers, and Storage accounts.

Advanced Threat Protection (ATP) for Azure Storage, it is one of several features in Azure Security Center Standard.

Figure 1 – Comparison of the features of the different tiers of ASC

Enabling the Security Center Standard tier is strongly recommended to improve security postures in your Azure environment.

The Advanced Threat Protection feature (ATP) for Azure Storage was announced last year, allowing you to detect common threats such as malware, access from suspicious sources (including TOR nodes), data exfiltration activities and more, but all limited to blob containers. Support for Azure Files and Azure Data Lake Storage Gen2 has also been included recently. This also helps customers protect data stored in file shares and data stores designed for the analysis of corporate big data.

Enabling this feature from the Azure portal is very simple and can be done at the Security Center-protected subscription level or selectively on individual storage accounts.

To enable this protection on all storage accounts in your subscription, you must go to the "Pricing & Settings” of Security Center and activate the protection of Storage Accounts.

Figure 2 – ATP activation for Azure Storage at the subscription level

If you prefer to enable it only on certain storage accounts, you need to activate it in the respective settings of Advanced security.

Figure 3 – ATP activation on the single storage account

When anomaly occurs on a storage account, security alerts are sent by email to Azure subscription administrators, with details of detected suspicious activity and related recommendations on how to investigate and resolve threats.

Details included in the event notification include::

  • The nature of the anomaly
  • The name of the storage account
  • The time of the event
  • The type of storage
  • Potential causes
  • The recommended steps to investigate what has been found
  • The actions to be taken to remedy what happened

Figure 4 – Example of a security alert sent in the face of a detection of a threat

In this example, the EICAR test file was used to validate that the solution was working correctly.. This is a file developed by the’European Institute for Computer Anti-Virus Research (EICAR) which is used to securely validate security solutions.

Security alerts can be viewed and managed directly from Azure Security Center, where details and actions to investigate current threats and address future threats are displayed..

Figure 5 – Example of a security alert in the ASC Security alerts tile

To get the full list of possible alerts generated by unusual and potentially malicious attempts to log in or use storage accounts, you can access the Threat protection for data services in Azure Security Center.

This protection is very useful even if you have architecture that uses the service Azure File Sync (AFS), which allows you to centralize the network folders of your infrastructure in Azure Files.

Conclusions

Business companies are increasingly moving their data to the cloud, looking for distributed architecture, high performance and cost optimization. All features offered by the public cloud require you to strengthen cybersecurity, particularly given the increasing complexity and sophistication of cyberattacks. By adopting Advanced Threat Protection (ATP) for Azure Storage, you can increase the level of storage security used in your Azure environment easily and effectively.

Azure IaaS and Azure Stack: announcements and updates (July 2020 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Advanced threat protection for Azure Storage

The preview of extending advanced threat protection for Azure Storage is available to support Azure Files and Azure Data Lake Storage Gen2 API, helping customers to protect their data stored in file shares and data stores designed for enterprise big data analytics. With this release, Azure Files customers can benefit from the following capabilities of advanced threat protection for Azure Storage:

  • World-class algorithms that learn, profile, and detect unusual or suspicious activity in your file shares
  • Actionable alerts in a centralized view in Azure Security Center with optional email notifications
  • Integration with Azure Sentinel for efficient threat investigation
  • Azure-native support for Azure Files with one click enablement from the Azure portal and with no need to modify your application code

Allow or disallow blob public access on Azure Storage accounts

Azure Storage now supports anonymous public read access for containers and blobs. By default, all requests to a container and its blobs must be authorized by using either Azure Active Directory (Azure AD) or shared key authorization. When you configure a container’s public access level setting to permit anonymous access, clients can read data in that container without authorizing the request. Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data, but may also present a security risk. It’s important to enable anonymous access judiciously and to understand how to evaluate anonymous access to your data. If your scenario does not require it, you can disable it for the storage account.

Azure Blob versioning public preview region expansion

Azure Blob Versioning automatically maintains previous versions of an object and identifies them with version IDs. You can list both the current blob and previous versions using version ID timestamps. You can also access and restore previous versions as the most recent version of your data if it was erroneously modified or deleted by an application or other users. Microsoft has expanded the preview regions to include East US 2, Central US, West Europe, and North Europe. You can start previewing this feature on any existing or new General-purpose (GPv2) storage accounts in those regions.

Azure shared disks general availability

With shared disks, Azure Disk Storage is the only shared block storage in the cloud that supports both Windows and Linux-based clustered or high-availability applications. This unique offering allows a single disk to be simultaneously attached and used from multiple virtual machines (VMs), enabling you to run your most demanding enterprise applications in the cloud, such as clustered databases, parallel file systems, persistent containers, and machine learning applications, without compromising on well-known deployment patterns for fast failover and high availability.

Improved availability guarantees with single VM SLA for Standard SSD and Standard HDD

To strengthen the availability guarantee of VMs, Microsoft is extending the single-instance VM SLA to all disk types including Standard SSD and Standard HDD. Previously, it offered an SLA of 99.9 percent for single-instance VMs using Premium SSD and Ultra Disks. Now it offer an SLA of 99.5 percent for single-instance VMs using Standard SSD and an SLA of 95 percent for single-instance VMs using Standard HDD, improving the availability guarantee to cover all single-instance VMs.

Azure Disk Storage with Azure Private Link integration is in preview

For enhanced security, you can now restrict access to your data by only allowing import and export from your private Azure virtual network by leveraging the integration with Azure Private Link.

Performance tiers for Azure Disk Storage are in limited preview

Azure Disk Storage now enables you to set performance tiers (in limited preview) of your Premium SSD for a specific duration of time without increasing the capacity of the disk. Performance tiers provide the flexibility to achieve higher performance while controlling costs. This helps to sustain high-performance demands. Your provisioned disk is first set to a baseline performance tier based on its size. When your application has higher performance demands, choose a higher performance tier, then return your provisioned disk to the baseline performance tier when the high-demand period is over.

Networking

Azure Virtual WAN: install network virtual appliances directly into an hub

Several new capabilities for Azure Virtual WAN are now in preview, including the option to install network virtual appliances directly into a virtual WAN hub as an option for SD-WAN connectivity. Microsoft is currently partnering with Barracuda, to be followed by other third-party network virtual appliance partners, to provide this service. This allows you to leverage your vendor’s proprietary path selection and policy management capabilities with Azure infrastructure and virtual WAN routing capabilities.

Azure Application Gateway: URL rewrite and wildcard listener in preview

URL rewrite and wildcard host names in listener for Azure Application Gateway are now available in preview.

Use the URL rewrite capability in Application Gateway to:

  • Rewrite the host name, path, and query string of the request URL.
  • Choose to rewrite the URLs of all requests on a listener or only those requests thta match one or more of the conditions you set. These conditions are based on the request and response properties.
  • Choose to route the request (select the backend pool) based on either the original URL or the rewritten URL.

Use wildcard host names in listener to:

  • Use wildcard characters like asterisk (*) and question mark (?) in the host name, which can accept any incoming request with the host header matching the pattern.
  • Configure up to five host names per multisite listener using the new hostnames field.

Azure Stack

New Azure Stack HCI Preview

Microsoft just announced the new Azure Stack HCI, delivered as an Azure hybrid service, at Microsoft Inspire 2020. Azure Stack HCI Preview is a hyperconverged infrastructure host from Microsoft, now delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that’s IT friendly and managed by you with existing tools, processes, and skillsets. Easily extend your infrastructure with up-to-date Azure hybrid services for monitoring at scale.

Azure IaaS and Azure Stack: announcements and updates (July 2020 – Weeks: 27 and 28)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual machine scale sets: Automatic image upgrades for custom images

Automatically deploy new versions of custom images to scale set virtual machines using the new capabilities of virtual machine scale sets. Automatic OS image upgrade monitors your image gallery and automatically begins scale set upgrades when a new image version is deployed, facilitating faster image deployment without additional overhead. Enabling automatic OS image upgrades will safely upgrade the OS disk for all virtual machines in the scale set, helping to ease update management.

Distributed network name for SQL Server on Virtual Machines

Support for distributed network name (DNN) for SQL Server failover cluster instance (SQL FCI) on Azure IaaS with SQL Server 2019 CU2 and higher is now available. Connectivity configuration with DNN increases the availability and robustness of SQL FCI. By using DNN, you don’t need an Azure Load Balancer, and can simply use the same method you’ve been using on-premises for automated failover.

Storage

Azure Data Lake Storage

The following news have been announced for Azure Data Lake Storage:

  • Immutable storage for Azure Data Lake Storage is available in preview. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable, and you can set a retention period so that files can’t be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed.
  • The archive tier for Azure Data Lake Storage is generally available. The archive tier provides an ultra-low cost tier for long term retention of data while keeping your data available for future analytics needs. Tier your data seamlessly among hot, cool, and archive so all your data stays in one storage account. Lifecycle management policies can be set so files are moved automatically to the archive tier when data access becomes rare. When needed, data in the archive tier can be quickly and easily rehydrated so that the data is available for your analytics workloads.
  • File snapshots for Azure Data Lake Storage are available in preview. Use file snapshots to take an unlimited number of point-in-time snapshots of your files. These snapshots can be used to revert a file back to that snapshot in the case of accidental or inadvertent updates. Snapshots can also be retained so you can reference the content of a file at that point in time.
  • Static website for Azure Data Lake Storage is in preview. Use static website to directly host static content from Azure Data Lake Storage, and view that site content from a browser by using the public URL of that website.

Azure Storage 200 TB block blob size in preview

Azure Blob storage provides massively scalable object storage for workloads including application data, HPC, backup, and high-scale workloads. Microsoft has increased the maximum size of a single blob from 5 TB to 200 TB, now available in preview.
The increase in blob size better supports use cases from seismic data processing to genomics that require support for multiple TB object sizes.

Azure Shared Disks for SQL Server failover cluster instance on Azure IaaS (preview)

Preview support is now available for Azure Shared Disks for SQL Server failover cluster instance (SQL FCI) on Azure IaaS with SQL Server 2019 on Windows Server 2019 and higher. Azure Shared Disks for SQL FCI enables lift and shift migrations for the most commonly used HA configuration on-premises to Azure IaaS.

Networking

New Azure Firewall features

The following several new Azure Firewall features have been announced by Microsoft that allow your organization to improve security, have more customization, and manage rules more easily. These new capabilities were added based on customer top feedback:

  • Custom DNS support now in preview.
  • DNS Proxy support now in preview.
  • FQDN filtering in network rules now in preview.
  • IP Groups now generally available.
  • AKS FQDN tag now generally available.
  • Azure Firewall is now HIPAA compliant.

Azure Firewall Manager

Azure Firewall Manager is now generally available and includes Azure Firewall Policy, Azure Firewall in a Virtual WAN Hub (Secure Virtual Hub), and Hub Virtual Network. Microsoft is introducing several new capabilities to Firewall Manager and Firewall Policy to align with the standalone Azure Firewall configuration capabilities:

  • Threat intelligence-based filtering allow list in Firewall Policy is now generally available.
  • Multiple public IP addresses support for Azure Firewall in Secure Virtual Hub is now generally available.
  • Forced tunneling support for Hub Virtual Network is now generally available.
  • Configuring secure virtual hubs with Azure Firewall for east-west traffic (private) and a third-party security as a service (SECaaS) partner of your choice for north-south traffic (internet bound).
  • Integration of third-party SECaaS partners are now generally available in all Azure public cloud regions.
  • Zscaler integration will be generally available on July 3, 2020. Check Point is a supported SECaaS partner and will be in preview on July 3, 2020. iboss integration will be generally available on July 31, 2020.
  • Support for domain name system (DNS) proxy, custom DNS, and fully-qualified domain name (FQDN) filtering in network rules using Firewall Policy are now in preview.

Private endpoints for Azure File Sync

Starting with Azure File Sync agent 10.1, Azure File Sync supports private endpoints in all public and Azure US Government cloud regions where Azure File Sync is available. Private endpoints enable you to assign your Storage Sync Service private IP addresses from within the address space of your virtual network. This allows you to:

  • Securely connect to your Azure resources from on-premises networks using a VPN or ExpressRoute connection with private-peering.
  • Secure your Azure resources by disabling the public endpoints for Azure Files and File Sync.
  • Increase security for your Azure virtual networks by blocking exfiltration of data from your network boundaries.

Azure Virtual WAN: new capabilities

Several key Azure Virtual WAN capabilities are now generally available:

  • Hub to Hub connectivity providing fully meshed virtual hubs.
  • Custom Routing adding advanced routing enhancements: custom route tables and optimization of virtual network routing.
  • Virtual Network Transit with 50 Gbps transit speeds between Virtual Networks (Vnets) connected with Virtual WAN.
  • VPN and ExpressRoute Transit for seamless interconnectivity between VPN/SD-WAN and ExpressRoute connected sites and users.
  • New VPN Capabilities supporting custom BGP IP (also known as APIPA or Automatic Private IP Addressing) for VPN Site connections.
  • New Virtual WAN Partners VMware SD-WAN by Velocloud and Cisco Meraki now supporting automation of IPsec connectivity between their branch VPN/SD-WAN devices and Azure Virtual WAN VPN service.

Azure Load Balancer support for IP-based backend pool management (preview)

Azure Load Balancer now supports load balancing across IP addresses in the backend pool. Previously, you could only add network interfaces associated virtual machines in the backend of a Load Balancer. With this release, you can load balance to resources in Azure via your private IPv4 or IPv6 addresses using Standard Load Balancer.

Azure Management services: What's new in June 2020

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Our community, through these articles released monthly, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

This month was released a new version of the agent of Log Analytics for Linux systems. In addition to fixing a number of bugs, the following new features have been introduced:

  • Support for Red Hat Enterprise Linux 8 (Note: specific requirements regarding python)
  • Azure Arc support for servers
  • FIPS compliance
  • Extension package signed protected
  • Ingestion rate limiting to avoid service degradation in the event of extremely high data volume by an agent
  • Deprecating 32-bit support (1.12.15-0 is the latest release that supports 32-bit)
  • New component versions auoms and OMI

Azure Monitor for VMs on Arc Enabled servers (preview)

Azure Monitor for VM enables you to have a monitor system that can provide a global view of your systems, providing information about virtual machine performance and various dependencies. This service is available for VMs in Azure, Azure scale sets and on-premises VMs. Azure Monitor can now leverage Azure Arc to reach on-premises workloads. Although today it is possible to monitor non-Azure VMs even without Azure Arc, using this integration automatically detects and manages agents on VMs. Once integrated, Azure Arc-enabled servers will fit perfectly into existing Azure portal views along with virtual machines in Azure and Azure scale sets.

Azure Monitor for Containers for Azure Arc (preview)

Azure Monitor for Containers extended monitor support for Kubernetes clusters hosted on Azure Arc (currently in preview), offering functionality similar to the AKS service monitor (Azure Kubernetes).

Key Vault Monitor Support (preview)

Azure Monitor introduces the ability to monitor Azure Key Vault and have a unified view with performance, requests, errors and latency of this component.

Azure Load Balancer Monitor using Azure Monitor for Networks

Azure Monitor for Networks now allows you to monitor health and perform an analysis of Azure Load Balancer configuration. Inside the solution there are topological maps for all Load Balancer configurations and integrity dashboards for standard Load Balancers, suitably configured for the collection of metrics.
This new feature will extend the capabilities of Azure networking monitors. The solution therefore becomes more complete and allows for rapid troubleshooting.

Configure

Azure Automation

Updated DNS records for Azure Automation

To support new Azure Automation features, such as Azure private links, the related URLs have been updated. Instead of region-specific URLs, now the URLs are account-specific. Old Azure Automation URLs still remain functional to provide time for migration. For more information about this, please refer to this document.

Protect

Azure Backup

Update Rollup Released 1 for Microsoft Azure Backup Server (MABS) v3

For Azure Backup Server v3 has been released the’Update Rollup 3, which introduces the following major news:

  • Offline Backup using Azure Data Box (in private preview): thanks to the integration with Microsoft Azure Data Box, customers using MABS are able to face the challenge of moving tera bytes of backup data from on-premises storage to Azure. The user experience for this feature is consistent with DPM 2019 and the MARS agent.
  • Protection for Azure VMware Solution. Microsoft recently announced the Azure VMware solution (AVS) which allows customers to fully extend or migrate on-premises VMware systems to Azure. With this update, you can use MABS to protect virtual machines deployed with Azure's VMware solution.
  • Faster backups with tiered storage using SSD. MABS v3 UR1 introduces improvements to the backup process, adopting tiered storage, allows you to make faster backups until 50-70%. Using a small percentage (4% overall storage) SSD storage as a tiered volume in combination with HDD disks,you get much better performance.
  • Improved performance in backing up VMware systems. MABS helps protect VMware virtual machines. With this upgrade, all VMWare virtual machine backup jobs, within a single protection group, are now being run in parallel, leading to faster VMs backup up to 25%. Furthermore, this update also offers the ability to exclude a specific VMware VM disk from backups.
  • Support for ReFS Volume Protection. With this update, you can use MABS to protect ReFS volumes (with deduplication enabled) workloads (Windows Server, SQL Server, Exchange and SharePoint) distributed over ReFS volumes.
  • Support for an additional level of authentication in deleting online backups. MABS v3 UR1 prompts you to enter a security PIN when performing protection stop operations with data deletion.
  • Deprecated the protection agent 32 bit. With the release of UR1 for MABS v3, support for protecting workloads to 32 bit is deprecated. After you install UR1, you will not be able to protect any data source to 32 bit. If there is a protection agent to 32 bit, after installing UR1, this is disabled and any scheduled backups will fail.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 46 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Evaluate imported servers in Azure Migrate

Azure Migrate introduces the ability to assess imported servers using a CSV file, without the need to deploy an appliance. This system is useful if you want to do a quick pre-evaluation or if you are waiting to deploy the Azure Migrate appliance. You can also perform a performance-based assessment by specifying the system usage values in the CSV file.

Azure Migrate server assessment tool: support for migrating to Azure VMware Solution (Preview)

Azure Migrate has introduced support to manage migration to Azure VMware Solution (Preview), providing an additional option to plan your migration to Azure. Using Azure Migrate server assessment tool, it is possible to analyze on-premises workloads to migrate to Azure's VMware solution, assessing its suitability, planning costs, calculating scaling based on performance and considering application dependencies.

Multiple credential support for physical server discovery (preview)

Azure Migrate included the ability to specify multiple credentials for physical server discovery and assessment. Furthermore, the number of servers that can be found for each individual appliance has been increased by 250 to 1.000. The appliance for physical server can be installed on an existing server and can also be used for the discovery and assessment of virtual machines if you do not have access to the hypervisor, as well as for virtual machines in other cloud environments.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (June 2020 – Weeks: 25 and 26)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New general purpose and memory-optimized Azure Virtual Machines with Intel

New general purpose and memory-optimized Azure Virtual Machines based on the 2nd generation Intel Xeon Platinum 8272CL (Cascade Lake) are available.

With this announcement, Microsoft is introducing two new Azure Virtual Machines families, one of which represents a brand-new product category in the portfolio:

  • The Azure Ddv4 and Ddsv4 and Edv4 and Edsv4 virtual machines, which include a local data temporary disk (now generally available)
  • The Azure Dv4 and Dsv4 and Ev4 and Esv4 virtual machines, a new category of virtual machines, which rely on remote disks and do not provide temporary local storage (now in preview).

The new virtual machine (VM) sizes deliver up to roughly 20 percent CPU performance improvement compared to their predecessors, the Dv3 and Ev3 VM families.

Azure Virtual Machines DCsv2-series is now available in new regions

Confidential computing DCsv2-series virtual machines (VMs) are now available in East US, Canada Central, UK South, and West Europe.

Extended term reservation for the Azure HBv2 Virtual Machine

Announcing the availability of the 5-year reservation for the Azure HBv2 Virtual Machine. The extended term reservation provides significant cost discount compared to pay-as-you-go rates. The extended term reservation provides continuous access to HBv2 resources for all supported Azure regions.

Storage

Azure Storage account failover

Customer-initiated Storage account failover is now generally available, allowing you to determine when to initiate a failover instead of waiting for Microsoft to do so. When you perform a failover, the secondary replica of the Storage account becomes the new primary, and the DNS records for all Storage service endpoints—blob, file, queue, and table—are updated to point to this new primary. Once the failover is complete, clients will automatically begin reading from the Storage account and writing data to it in the new primary region, with no code changes. Customer initiated failover is available for GRS, RA-GRS, GZRS, and RA-GZRS accounts.

Azure geo-zone-redundant storage is now generally available

Geo-zone-redundant storage (GZRS) and read-access geo-zone-redundant storage (RA-GZRS) are now generally available, offering intra-regional and inter-regional high availability and disaster protection for your applications. GZRS writes three copies of your data synchronously across multiple Azure Availability zones, similar to zone-redundant storage (ZRS), providing you continued read and write access even if a datacenter or availability zone is unavailable. In addition, GZRS asynchronously replicates your data to the secondary geo-pair region to protect against regional unavailability. RA-GZRS exposes a read endpoint on this secondary replica allowing you to read data in the event of primary region unavailability.

Ephemeral OS disks for Azure Virtual Machines (VMs) now support additional VM sizes (preview)

You now have the ability to store ephemeral OS disks on the VM temp or resource disk in addition to the VM cache (in preview). This enables their use with VMs that don’t have a cache, or have insufficient cache, but do have a temp or resource disk to store the ephemeral OS disk such as Dav3, Dav4, Eav4, and Eav3.

Networking

Web Application Firewall for Azure Front Door service logging enhancements

Azure Web Application Firewall for Azure Front Door Service now has a match details field in the logs to provide insights on why a request triggered a Web Application Firewall rule. In addition, you can facilitate further analysis by embedding the unique reference string in a Web Application Firewall custom response message to link the request to a specific entry in the Azure Front Door Service and Web Application Firewall logs.

Rules Engine for Azure Front Door and Azure CDN

The Rules Engine feature on both Azure Front Door and Azure Content Delivery Network (CDN) is now generally available. Rules Engine places the specific routing needs of your customers at the forefront of Azure’s global application delivery services, giving you more control in how you define and enforce what content gets served from where.

Azure IaaS and Azure Stack: announcements and updates (June 2020 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New Azure Virtual Machines with high-performance local SSD are generally available

The new Dd v4-series and Ed v4-series series Azure Virtual Machines provide up to 64 vCPUs and are based on the Intel® Xeon® Platinum 8272CL processor. This custom processor runs at a base speed of 2.5 Ghz and can achieve up to 3.4 Ghz all core turbo frequency. The Dd v4-series and Dds v4 virtual machine (VM) sizes are well suited for applications that benefit from low latency, high-speed local storage (up to 2,400 GiB.) The Edv4-series and Edsv4-series VM sizes are ideal for various memory-intensive enterprise applications and feature up to 504 GiB of RAM, in addition to high-performance local SSD storage (up to 2,400 GiB.)

Azure Dedicated Hosts now support additional Azure Virtual Machines

Deploy M-series, NV v3-series and NV v4-series Azure Virtual Machines on Azure Dedicated Hosts. This will expand the range of workloads you can run on Dedicated Hosts to include memory-intensive and graphics-intensive applications.

Storage

Azure File Sync agent v10.1

The Azure File Sync agent v10.1 update is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed:

  • Azure private endpoint support
  • Files Synced metric will now display progress while a large sync is running, rather than at the end.
  • Miscellaneous reliability improvements for agent installation, cloud tiering, sync and telemetry.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 10.1.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4522411.

Networking

Azure App Service regional virtual network integration for Linux apps is available

The regional virtual network integration feature of Azure App Service, which enables access to resources in your virtual network across service endpoints or ExpressRoute connections, is now available in public regions.

Azure IaaS and Azure Stack: announcements and updates (May 2020 – Weeks: 21 and 22)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure DevTest Labs updates

New updates are available in Azure DevTest Labs:

  • Azure DevTest Labs is now available in the Switzerland North and Switzerland West regions. The support includes full Azure DevTest Labs capabilities.
  • Azure DevTest Labs environments are now available in Azure Government.

Storage

Object replication public preview for Azure Blob storage

Object replication is a new capability for block blobs that lets you replicate your data from your blob container in one storage account to another anywhere in Azure. Object replication unblocks a new set of common replication scenarios:

  • Minimize latency – have your users consume the data locally rather than issuing cross-region read requests.
  • Increase efficiency – have your compute clusters process the same set of objects locally in different regions.
  • Optimize data distribution – have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
  • Minimize cost – tier down your data to Archive upon replication completion using lifecycle management policies to minimize the cost.
Azure File Sync: new version

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes frequently after installing the Azure File Sync v10 agent.

More information about this release:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 10.0.2.0.
  • A restart is required for servers that have an existing Azure File Sync agent installation.
  • Installation instructions are documented in KB4522412.

Azure Ultra Disk Storage available in more regions

Azure Ultra Disks offers high throughput, high IOPS, and consistent low latency disk storage for Azure Virtual Machines (VMs). Azure Ultra Disk Storage is now available in Central US, West US, South Central US, US Gov Virginia, France Central, and Japan East.

Azure server-side encryption with customer-managed keys available for Azure Ultra Disks

Azure Ultra Disk customers already benefit from server-side encription (SSE) with platform-managed keys for Azure Managed Disks enabled by default. SSE with customer-managed keys (CMK) improves on platform-managed keys by giving you control of the encryption keys to meet your compliance needs. SSE with CMK is integrated with Azure Key Vault, which provides highly available and scalable secure storage for your keys backed by hardware security modules (HSM). You can either bring your own keys (BYOK) to your key vault or generate new keys in the Key Vault.

Networking

Azure Firewall updates

New key features are now available in Azure Firewall:

  • Forced tunneling: configure a default route (0.0.0.0/0) on the AzureFirewallSubnet or publish a default route to the firewall over BGP, to send all traffic to on-premises or nearby NVA.
  • SQL FQDN filtering: filter outbound SQL traffic using application rules. Support is for SQL proxy mode only. Redirect mode support is tentatively planned for later in 2020.
  • The limit for Azure DevTest Labs from 100 to 250 for both DNAT and SNAT.

These features are included in the Azure Firewall standard SKU, so there is no change in the price.

Network service tiers with new Routing Preference option in preview
Using the new “Routing Preference” option in Azure, customers can choose how their traffic is routed between Azure and the internet. Prior to making “routing preferences” customer selectable, Azure exclusively kept and optimized customer traffic over Azure’s global network. The introduction of this new competitive egress tier adds a secondary option for solutions that do not require the premium predictability and performance of Microsoft’s global network. Instead it will allow customers to further architect their traffic to their needs and allow routing to the public internet as quickly as possible. Customers will have the option to select routing preference while creating a public IP address for an IaaS resource such as a Virtual Machine, Virtual Machine Scale Set or internet-facing Load Balancer, and for their Azure storage account.

Azure Peering Service is generally available

Peering Service is a networking capability that enhances customer connectivity to Microsoft cloud services such as Office 365, Dynamics 365, software as a service (SaaS) services, Azure, or any Microsoft services accessible via the public internet. Microsoft has partnered with internet service providers (ISPs), internet exchange partners (IXPs), and software-defined cloud interconnect (SDCI) providers worldwide to provide reliable and high-performing public connectivity with optimal routing from the customer to the Microsoft network.

Enterprises looking for internet-first access to the cloud, or considering SD-WAN architecture, or with high usage of Microsoft SaaS services need robust and high-performing internet connectivity. Customers can work with their Telco/carrier to take advantage of Peering Service, which is now generally available.

Key customer features include:

  • Best public routing (optimum route hops/AS hops) over the internet to Microsoft cloud services for optimal performance and reliability.
  • Ability to select the preferred service provider to connect to the Microsoft cloud.
  • Traffic insights such as latency reporting and prefix monitoring.
  • Route analytics and statistics: Events for (BGP) route anomalies (leak or hijack detection) and suboptimal routing.

Azure Stack

Azure Stack expands solutions and partner ecosystem
A host of new Azure Stack portfolio partners are accelerating time to value for hybrid customers today:

  • The Aware Group, which builds IoT Edge modules that use AI to detect anomalies and perform noise classification, is now delivering modules and
    solutions tailored to the industry.
  • Avanade is offering customers a fully managed Azure Stack Hub leveraging HPE’s Edgeline EL8000, a small form factor that does not require external cooling, making it ideal for locations like retail or manufacturing, where a datacenter may not be available on site.
  • CloudAssert is providing an enterprise cloud-based solution streamlining the management and operations of multiple Azure Stack Hub deployments, including resources located on-premises and public clouds, with a single pane of glass.
  • Microsoft is also launching the open-source Fast Healthcare Interoperability Resources (FHIR) server available now for Azure Stack Hub and Azure Stack Edge. Customers can now quickly connect existing data sources such as electronic health record systems or research databases at the edge while addressing compliance and regulatory requirements.
  • Finally, now available on GitHub, manufacturing customers can get started with an AI solution at the edge that combines the power of Azure Stack Hub and Azure Stack Edge with computer vision to modernize a factory floor.

Azure Stack Hub

Azure Stack Hub updates will simplify fleet and resource management and enable graphic-heavy scenarios
New Azure Stack Hub updates will simplify fleet and resource management, and enable accelerated machine learning scenarios, virtual desktop infrastructure and other graphics-heavy scenarios with GPUs:

  • Azure Stack Hub Fleet Management (private preview): Azure Stack Hub fleet management gives customers a single view and management method from Azure for all their Azure Stack Hub deployments.
  • ManagedIQ (CloudForms) (public preview): ManagedIQ, formerly known as CloudForms, now allows cloud operators to manage their resources on Azure Stack Hub and use RedHat technical tooling to manage the Azure Stack Hub. ManagedIQ is a supported platform from IBM and RedHat.
  • AKS Resource Provider on Azure Stack (private preview): The Azure Kubernetes Service (AKS) Resource Provider (RP) on Azure Stack Hub is a fully managed service for easily managing containerized applications for customers to automatically create and manage Kubernetes clusters on Azure
    Stack Hub.
  • GPU Partitioning using AMD GPUs (private preview): Graphics processing
    unit (GPU) partitioning for visualization using AMD GPUs on Azure Stack
    Hub is now available, enabling virtual desktop infrastructure (VDI) and other
    graphics-heavy scenarios on Azure Stack Hub.

Support for Windows containers Azure Container Networking Interface on Azure Stack Hub coming soon

Windows containers and Azure Container Networking Interface in Azure Kubernetes Service (AKS) engine deployed Kubernetes clusters will soon be in private preview.
The Azure Container Networking Interface plug-in lets you deploy and manage your own Kubernetes clusters with native Azure networking capability by default. This release, which will come as an update to the Azure Kubernetes Service engine, expands the capabilities of Kubernetes clusters on Azure Stack Hub.

Azure Stack Hub supports cross-platform compatibility on PowerShell

Azure Stack Hub now supports cross-platform compatibility on PowerShell and ensures hybrid consistency with Azure. Azure Stack Hub will utilize Az modules with new resource providers from Azure IoT Hub, Azure Stack Edge, and EventHub. This enables full cross-compatibility with Azure and Azure Stack Hub using PowerShell and PowerShell Core. Install PowerShell and connect to Azure Stack Hub on MacOs. This is available through the Az PowerShell installer.

Azure Management services: What's new in May 2020

To stay constantly updated on news regarding Azure management services, our community releases this monthly summary, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems. The main innovations introduced are:

  • Stability and reliability improvements.
  • Improved support for Azure Arc for Server.
  • FIPS Compliance.
  • RHEL support 8.

SHA-2 signing for the Log Analytics agent

The Log Analytics agent for Windows will start enforcing SHA-2 signings from 17 August 2020, postponing the date previously set to 18 may 2020. This change requires action if you are running the agent on a legacy version of the operating system (Windows 7, Windows Server 2008 R2, or Windows Server 2008) . Customers who are in this condition should apply the latest updates and patches on these operating systems before 17 August 2020, otherwise their agents will stop sending data to Log Analytics workspaces. The following Azure services will be affected by this change: Azure Monitor, Azure Automation, Azure Update Management, Azure Change Tracking, Azure Security Center, Azure Sentinel, Windows Defender ATP.

Feature extensions of Azure Monitor

The following enhancements have been made in Azure Monitor that expand its functionality and make it an increasingly complete solution:

  • Azure Monitor availability for Azure Storage and Azure Monitor for Azure Cosmos DB.
  • Azure Monitor preview for Azure Key Vault and Azure Monitor for Redis Cache.
  • Preview of Azure Monitor Application Insights in Azure Monitor Logs workspaces.
  • Capacity reservation and CMK encryption with Azure Monitor Logs clusters dedicated to large-scale deployments.

Azure Private Link Availability for Azure Monitor
The Azure Private Link feature is now also available for Azure Monitor and allows you to have the following features:

  • Private connectivity to Azure Monitor Logs workspaces and to Azure Application Insights.
  • Exfiltration data protection with granular access to specific resources.
  • Protecting resources from access from the public network.

At the moment you need to make a request explicitly to access these features.

Improve the experience when deleting and restoring Azure Monitor Logs workspaces

Microsoft has added soft-delete workspace functionality to make it easier to recover if necessary. In fact, in the event of a cancellation, the workspace will go into a soft-delete state to allow it to be restored if necessary, including data and connected agents, within 14 days. This behavior can be circumvented and permanently deleted the workspace. To avoid the incorrect elimination of the workspaces from the Azure portal, a specific section has been added where you can consult how many solutions are installed and the relative daily data volume received in the last 7 days by data type.
Restoring the workspace, can now take place directly from the Azure portal.

Azure Advisor recommendation digests

Azure Advisor introduces the ability to receive a periodic summary of the available best practice recommendations developed by the solution. Advisor Digest Recommendations keep you up-to-date on Azure optimization opportunities outside the Azure portal. Notifications are customizable and handled through Azure Monitor Action Group.

Azure Service Health also includes emerging issues

Azure Service Health now also reports emerging issues in the Azure portal. An emerging problem is a situation in which Azure is aware of a widespread outage but may not yet be fully aware of the extent and amplitude. Previously, emerging problems were only available in the Azure Status page.

Configure

Azure Automation

TLS 1.2 Enforcement

Starting from September 1st 2020, Azure Automation will impose the presence of Transport Layer Security (TLS) version 1.2 or later, for all external HTTPS endpoints.

Secure

Azure Security Center

Changes to the just-in-time service (JIT) virtual machine (VM) Access

In the just-in-time service (JIT) virtual machine (VM) access have been made the following changes:

  • The recommendation advising to enable JIT on a VM has been renamed by “Just-in-time network access control should be applied on virtual machines” in “Management ports of virtual machines should be protected with just-in-time network access control”.
  • The recommendation is now activated only if open management ports are detected.

Custom recommendations placed in a separate panel

All the custom recommendations created for your subscriptions are now positioned in the dedicated section “Custom recommendations”.

Account security recommendations moved to the section “Security best practices”

The following recommendations have been included in the section “Security best practices” and therefore do not impact on the secure score:

  • MFA should be enabled on accounts with read permissions on your subscription (originally in the “Enable MFA” control)
  • External accounts with read permissions should be removed from your subscription (originally in the “Manage access and permissions” control)
  • A maximum of 3 owners should be designated for your subscription (originally in the “Manage access and permissions” control)

Microsoft has decided to apply this change as it has determined that the risk of these three recommendations is lower than initially thought.

Protect

Azure Backup

SAP HANA backup for Red Hat Enterprise Linux VM

Azure Backup includes protecting SAP HANA databases on Red Hat Enterprise Linux virtual machines (RHEL). This feature allows to have in an integrated way and without having to provide a specific backup infrastructure, the protection of SAP HANA databases on RHEL, one of the most commonly used operating systems in these scenarios.

Protect against accidental deletion of Azure file shares

To provide greater protection against cyberattacks and accidental deletion, Azure Backup has added an extra layer of security to the Azure file shares snapshot management solution. If you delete File Shares, content and its recovery points (Snapshots) are retained for a configurable period of time, enabling full recovery without data loss. When you configure protection for a file share, Azure Backup enables soft-delete functionality at the account storage level with a retention period of 14 days, which is configurable according to your needs. This setting determines the time window in which you can restore the contents and snapshots of your file shares after any accidental deletion operations. Once the share file is restored, backups resume working without the need for additional configurations.

Azure Site Recovery

Zone-to-zone disaster recovery available in new regions

Zone-to-Zone DR is now also available in the Southeast Asia and UK South regions. With this Azure Site Recovery feature, called zone-to-zone DR, there's an opportunity to create disaster recovery plans (DR) for virtual machines (VM), replicating them between different Azure Availability Zones. If a single Azure Availability Zone is compromised, you will be able to fail over virtual machines to a different zone within the same region and access them from the Secondary Availability Zone.

Introduced support for proximity groups

Azure Site Recovery has introduced support for proximity placement groups (PPGs). Thanks to this feature, any virtual machine (VM) hosted within a PPG can be secured using Azure Site Recovery. By enabling replication of that VM, you can provide a PPG in the secondary region as an additional parameter. When a failover process is activated, Site Recovery will place the VM in the user-supplied target PPG.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (May 2020 – Weeks: 19 and 20)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New Azure VMware Solution in preview

Azure VMware Solution empowers customers to seamlessly extend or migrate their existing on-premises VMware applications to Azure without the cost, effort or risk of re-architecting applications or retooling operations. Preview of the new solution is initially available in US East and West Europe Azure regions. The new Azure VMware Solution is expected to be generally available in the second half of 2020 and at that time, availability will be extended across more regions.

The new Azure VMware Solution is:

  • First Party Microsoft Azure service, endorsed by VMware. The new release of Azure VMware Solution is built on Microsoft Azure without the use of a third-party technology. The solution is also cloud verified by VMware and leverages components of the VMware Cloud Foundation framework including vSphere, vCenter, NSX-T, vSAN and HCX.
  • Seamless integrated Azure experience. In the new solution Microsoft has rearchitected the Software Defined Datacenter (SDDC) layer that underpins the Private Cloud, ensuring a truly seamless Azure experience for customers.
  • VMware HCX Enterprise now available. The new Azure VMware Solution includes HCX Enterprise edition as an option. With additional features from HCX Enterprise, customers can further simplify their migration efforts to Azure including support for bulk live migrations.
  • Leverage pricing benefits for Microsoft workloads. Azure VMware Solutions supports the Azure Hybrid Benefit and Azure VMware Solution customers are also eligible for three years of free Extended Security Updates on 2008 versions of Windows Server and SQL Server.

New cloud regions in Italy, New Zealand and Poland

Microsoft announced plans for new cloud datacenter regions in three countries: Italy, New Zealand and Poland. In Italy, Microsoft is building a new datacenter region in Milan, which will provide access to Azure, Microsoft 365/Office 365 and Dynamics 365 and the Power Platform set of tools.

Virtual machine (VM)-level disk bursting

Virtual machine-level disk bursting is a new feature that allows your virtual machine to burst its disk IO and MiB/s throughput performance for a short time daily to handle unforeseen spikey disk traffic smoothly and process batched jobs with speed. The feature is now enabled on all Azure Lsv2-series virtual machines, with support for more virtual machine types and families to come soon. This feature doesn’t cost anything extra and comes enabled by default.

General availability of Azure Spot Virtual Machines

Azure Spot VMs provide access to unused Azure compute capacity at deep discounts. Spot pricing is available on single VMs in addition to VM scale sets (VMSS). This enables you to deploy a broader variety of workloads on Azure while enjoying access to discounted pricing compared to pay-as-you-go rates. Spot VMs offer the same characteristics as a pay-as-you-go virtual machine, the differences being pricing and evictions. Spot VMs can be evicted at any time if Azure needs capacity.

Storage

Azure Blob versioning public preview

Applications and users create, update, and delete data in Azure Blob storage continuously. A common requirement is the ability to manage and access both current and historical versions of the data. As the next step to enhance data management and protection, the Blob storage versioning preview is available. Azure Blob Versioning automatically maintains previous versions of an object and identifies them with version IDs. You can list both the current blob and previous versions using version ID timestamps. You can also access and restore previous versions as the most recent version of your data if it was erroneously modified or deleted by an application or other users.

Blob Index for Azure Storage in preview

Blob Index, a managed secondary index, allowing you to store multi-dimensional object attributes to describe your data objects for Azure Blob storage. It is now available in preview. Built on top of blob storage, Blob Index offers consistent reliability, availability, and performance for all your workloads. Blob Index provides native object management and filtering capabilities, which allows you to categorize and find data based on attribute tags set on the data.

General availability of geo-zone-redundant storage (GZRS)

GZRS helps achieve higher data resiliency by:

  • Synchronously writing three replicas of your data across multiple availability zones (like ZRS today) protecting from cluster, datacenter or entire zone failure.
  • Asynchronously replicating the data to another region within the same geo into a single zone (like LRS today) protecting from a regional outage.

When using GZRS, you can continue to read and write the data even if one of the availability zones in the primary region is unavailable. In the event of a regional failure you can also use read-access geo-zone-redundant storage (RA-GZRS) to continue having read access to your data or execute account failover to also restore write accessibility. GZRS provides a great balance of high performance, high availability and disaster recovery and is beneficial when building highly available applications/services in Azure.

Azure File Sync is removing support for TLS 1.0 and 1.1

Azure File Sync service will remove support for TLS 1.0 and 1.1 in August 2020.

Networking

Azure Virtual Network NAT in Azure Government and Azure China

Azure Virtual Network NAT (network address translation) is now generally available in the Azure Government and Azure China regions. NAT simplifies outbound-only internet connectivity for virtual networks and can be configured for one or more subnets of a virtual network.

Azure Firewall Updates

Two new key features in Azure Firewall are generally available:

Additionally, Microsoft is increasing the limit for multiple public IP addresses from 100 to 250 for both DNAT and SNAT.

Rules Engine for Azure Front Door Service is now in preview

Rules Engine on Azure Front Door Service brings your specific routing needs to the forefront of its application delivery experience, giving you more control over how you define and enforce what content gets served from where. Rules Engine empowers you to modify request and response headers, or dynamically override your existing route behavior based on incoming requests.

Private Link is now available on Event Grid

Azure Event Grid now has Private Link integration for custom topics and event domains, generally available in all Azure regions, allowing virtual network resources within their production workloads to communicate directly to their Event Grid topics without accessing the public internet. This enables enterprise workloads to take advantage of event-driven architectures securely for mission-critical workloads that require network isolation.

Azure Stack

Azure Stack Hub

Azure App Service and Azure Functions on Azure Stack Hub update available

A major update to Azure App Service on Azure Stack Hub is now available. The update build number is 87.0.2.10. All fixes and updates are detailed in the release notes.

This release updates the resource provider and brings new key capabilities and fixes:

  • Updates to App Service Tenant, Admin, Azure Functions portals, and Kudu tools.
  • Updates Azure Functions runtime to v1.0.13021.
  • Updates to core service to improve reliability and error messaging will enable easier diagnosis of common issues.
  • Updates to the application frameworks and tools including .NET Framework, ASP.NET Core, PHP, NodeJS, and NPM.
  • Windows Server updates to underlying operating system of all roles.
  • Cumulative updates for Windows Server are now applied to controller roles as part of deployment and upgrade.
  • Updated default virtual machine and scale set SKUs for new deployments.