Category Archives: Microsoft Azure

Azure IaaS and Azure Stack: announcements and updates (June 2024 – Weeks: 21 and 22)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

RISE with SAP is Available on ItalyNorth Azure Region

RISE with SAP, a comprehensive Platform-as-a-Service offering, is now accessible in the ItalyNorth Azure Region. This service bundles SAP software licensing, cloud infrastructure, and managed services under a single SAP contract, applicable to R3, SAP Business Suite, and S/4HANA. This availability in the Italy North region aims to provide localized support and optimized performance for enterprises utilizing SAP solutions.

Update on Inter-Availability Zone Data Transfer Pricing

Azure has announced that it will no longer charge for data transfers across availability zones, regardless of whether private or public IPs are used on Azure resources. Availability zones enable Azure services to enhance greater resiliency for customers’ cloud infrastructure. This change aims to further encourage and support customers’ efforts in building more resilient and efficient applications and solutions on Azure.

Activity Log Alerts Can Now Run in EU Data Boundary

Activity log alert rules can now be saved in one of the following EU Data Boundary regions: North Europe and West Europe. This capability is available when creating a new activity log alert rule. Saving the rule in a European region ensures that the alert rule metadata and its processing remain within the EU Data Boundary. In all other cases, users can select the default Global region. Additionally, action groups can also be saved in EU regions, allowing for an end-to-end experience within Europe, encompassing alert evaluation and actions.

Next-Gen Dashboards Experience in Azure Portal (preview

A new Dashboards experience within the Azure Portal has been introduced. This experience includes a richer editing experience, dashboard as a view, mobile support, and works in parallel with the current experience. Currently, dashboards provide a focused and organized view of cloud resources in the Azure portal, allowing users to monitor resources and quickly launch tasks for day-to-day operations. The new experience is accessible through the Dashboard Hub, the Browse experience, and the Azure Mobile app. Users can create new dashboards or transform existing ones into the new experience. Both the new and current experiences will run in parallel to ensure parity and safely roll out new features.

Compute

VM Hibernation for General Purpose VMs

VM hibernation for general-purpose VMs is now generally available in all public regions. Hibernation is supported on both Linux and Windows operating systems. This feature enables users to hibernate their VMs to save compute costs. When a VM is hibernated, Azure persists the VM’s in-memory state in the OS disk and deallocates the VM, so users do not have to pay for the VM during hibernation, only for associated storage and networking resources. When the VM is restarted, applications and processes resume from their previous state, allowing users to quickly pick up from where they left off. This feature can be used on both existing and new VMs.

Azure Cobalt 100 Arm-based Virtual Machines (preview)

Microsoft is announcing the preview of the new Cobalt 100 Arm-based virtual machines (VMs). These are the first generation of VMs that feature the new Cobalt 100 chipset, custom-built using an Arm-based architecture, and optimized for efficiency and performance when running general-purpose and cloud-native workloads. Users can expect up to 40% improved performance compared to the previous generation of Arm-based Azure VMs. These VMs offer performance consistency and linear performance scaling with workloads like web applications, microservices, and open-source databases.

Azure Compute Fleet (preview)

Azure is pleased to announce the public preview of Azure Compute Fleet, a new service that streamlines the provisioning and management of Azure compute capacity across different virtual machine (VM) types, availability zones, and pricing models to achieve desired scale, performance, and cost. Azure Compute Fleet provides features to deploy and manage diverse groups of VMs at scale, including integration of multiple pricing models within a single fleet request, automated configuration of a fleet of VMs, and adjustable settings to prioritize deployment speed, operational cost, or a balance of both. It can manage and deploy up to 10,000 VMs in a region within a single fleet, providing flexibility and reliability through automated spot VMs, VM mix, and cross-zonal deployment features.

Networking

Azure Firewall: New Regions Availability

To meet new workload demands, Azure Firewall Basic, Standard, Premium, and Azure Firewall Manager are now generally available in four new regions: Israel Central, Italy North, Mexico Central, and Spain Central. With these new regions, Azure Firewall is now available in 64 regions worldwide, utilizing the Microsoft global network backbone.

Azure Firewall Integration in Microsoft Copilot for Security (preview)

The public preview of Azure Firewall integration in Microsoft Copilot for Security is now available. This feature allows users to retrieve the top IDPS signature hits for an Azure Firewall, enriching the threat profile of IDPS signatures with additional details. Users can perform fleet-wide searches for threats across all their Firewalls and generate recommendations to secure their environment using Azure Firewall’s IDPS feature.

Azure Web Application Firewall (WAF) Integration in Microsoft Copilot for Security (preview)

Azure Web Application Firewall (WAF) integrated into the Microsoft Copilot for Security standalone experience is now available in public preview. This integration is available with both Azure Front Door WAF and Azure Application Gateway WAF. It provides top WAF rules triggered analysis, generating summaries of WAF requests blocked due to web application and API attacks. Additionally, it includes an analysis of the top offending IPs, highlighting malicious IPs in customer environments along with related WAF rules triggered. The SQL injection and cross-site scripting WAF detection summaries provide contextual details about WAF blocks, including WAF rules, pattern matches, and related IPs.

Azure Application Gateway v2 Basic SKU (preview)

The Application Gateway Basic SKU is a new offering within the Application Gateway family, designed for small and medium-sized customers. It is ideal for applications with lower traffic and SLA requirements that do not need advanced traffic management features. The Basic SKU includes built-in high availability and supports HTTP2/HTTPS and WebSocket protocols. It offers core application-level load balancing features such as URL-based, host-based, and multi-site routing, along with cookie-based affinity. It supports flexible backends, including AKS, VMSS, App Services, and on-premises deployments. Customers can select the Basic SKU either directly from the Azure Portal or through their preferred scripting languages.

Azure Load Balancer Health Event Logs (preview)

Azure Load Balancer health event logs are now available in public preview. These logs enable users to collect, store, and analyze information to understand the health of their Azure Load Balancer resources. They help troubleshoot specific scenarios and identify availability issues affecting the load balancer. Examples include traffic distribution issues, port exhaustion, and the absence of healthy backends. Health event logs allow monitoring of load balancer health without the need for complex metric-based alerts or custom data ingestion pipelines. The preview is currently rolling out to all public regions.

Azure Front Door Server Variable Enhancement Generally Available

Azure Front Door’s rule set and server variable feature, allowing dynamic modification of request and response at the edge, is now generally available. This feature enables the redirection of clients based on request information, URL rewriting, and HTTP header modifications. It supports security headers to prevent browser-based vulnerabilities, routing requests based on geographic or device data, and applying different caching policies. The new enhancement includes support for URL path segment capture and rewrite, adding more flexibility for users needing to manipulate URL paths dynamically.

Azure Virtual Network Manager’s virtual network verifier (preview)

Virtual network verifier enables users to check if their network policies allow or disallow traffic between their Azure network resources, helping them answer simple diagnostic questions, triage why reachability isn’t working as expected, and prove conformance of their Azure setup to their organization’s security compliance requirements. Within their network manager resource, users can access Virtual Network Verifier’s capabilities by creating a verifier workspace, then defining reachability analysis intents that capture the traffic they want to evaluate. Once they run an analysis on their intent, they can visualize the reachability outcome and parse the reachability analysis results’ JSON. Virtual network verifier’s reachability analysis evaluates several Azure policies and resources within the network manager’s scope. Users can even delegate Virtual Network Verifier resources to non-network manager users for troubleshooting reachability.

Azure Bastion Premium (preview)

Azure Bastion Premium is a new SKU targeting customers handling highly sensitive virtual machine workloads. Its mission is to offer enhanced security features that ensure customer virtual machines are connected securely and to monitor VMs for any anomalies that may arise. The first set of features focuses on ensuring private connectivity and graphical recordings of virtual machines connected through Bastion. With the new Azure Bastion Premium SKU, users can now record all virtual machine sessions that are connected via a session-recording Bastion and view the configured session recording. Additionally, users can connect to Bastion via a private endpoint.

Azure Load Balancer now supports Admin State (preview)

Azure has announced the public preview of Azure Load Balancer Administrative State (Admin State) to simplify and enhance the management of VMs in the backend pool of Azure Load Balancer. With Admin State, users can override the Load Balancer’s health probe behavior for each individual backend pool instance (usually VMs or VMSS instances) without making changes to network security rules or closing ports on their VM. Users can set the Admin State of the backend instance to be up or down, overriding the Load Balancer health probe. This setting changes how the Load Balancer directs new or existing connections to the backend instance. Admin State allows for easy removal of virtual machines from the backend pool for maintenance, patching, or applying fixes without additional overhead of closing ports or updating security rules. Admin State is available in all Azure public regions, Azure China cloud regions, and Azure Government cloud regions.

Storage

Azure NetApp Files Backup

Azure NetApp Files has enhanced its online snapshots with the addition of backup capabilities. This new feature allows users to offload their Azure NetApp Files snapshots to a Backup Vault efficiently and cost-effectively, protecting data from accidental deletion. The backup mechanism extends Azure NetApp Files’ snapshot technology by only copying and storing changed data blocks relative to previously vaulted snapshots. These vaulted snapshots are represented in full and can be restored individually and directly, which eliminates the need for an iterative full-incremental recovery process.

Azure NetApp Files Support for Large Volumes up to 500TiB in Size

Azure NetApp Files now supports the creation of large volumes ranging from 50TiB to 500TiB, significantly expanding beyond the previous 100TiB limit. This enhancement supports various high-performance computing (HPC), AI/ML, and large file content repositories that require a single namespace. Additionally, these large volumes feature cross-zone and cross-region replication, ensuring data resilience and business continuity. HPC workloads, crucial for simulating processes and electronic design automation, benefit from enhanced data protection and availability. AI/ML workloads, involving extensive datasets, gain improved security and recovery options, while large file repositories enjoy optimized cost and scale with robust data protection.

Azure NetApp Files Application Volume Group for Oracle (preview)

The application volume group (AVG) for Oracle is now in public preview, enabling the deployment of all necessary Azure NetApp Files volumes for Oracle databases in a single, optimized workflow. This feature ensures that all volumes are placed in the same availability zone as the VMs, optimizing latency and performance. With technical improvements that streamline the deployment process, this feature supports various Oracle database layouts from small to multi-hundred TiB sizes. It promises reduced deployment times and enhanced application performance and stability across all Azure NetApp Files enabled regions.

Azure NetApp Files support for Active Directory connection per NetApp account (preview)

The Azure NetApp Files support for Active Directory connection per NetApp account feature now allows each NetApp account to connect to its own Active Directory Forest and Domain, providing the ability to manage more than one Active Directory connection within a single region under a subscription. This enhancement enables distinct Active Directory connections for each NetApp account, facilitating operational isolation and specialized hosting scenarios. Active Directory connections can be configured multiple times for multiple NetApp accounts to make use of it. With the creation of SMB volumes in Azure NetApp Files now tied to these Active Directory connections in the NetApp account, the management of Active Directory environments becomes more scalable, streamlined, and efficient. Additionally, the public preview for the “Shared AD support for multiple accounts to one Active Directory per region per subscription” feature is concluding, and new registrations will no longer be accepted. Customers are recommended to transition to this new capability instead.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in May 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Azure Log Analytics improves resilience with workspace replication across regions (preview)

Azure Log Analytics introduces workspace replication, a new feature that enhances resilience against regional incidents. By enabling replication, a copy of the workspace is created in another region. From that moment, new logs in the primary workspace are also replicated to the secondary workspace (existing logs are not copied). The secondary workspace cannot be managed or accessed directly and serves only to create an active-passive configuration: at any time, there is an active instance of the workspace and an inactive one updated in the background. In case of an interruption affecting the primary workspace, failover can be activated to switch to the secondary workspace. This operation redirects all ingestion and query requests to the secondary workspace, allowing continued monitoring of resources and applications. The secondary workspace maintains a copy of all logs from the time replication is enabled, allowing for a smooth transition and continued use of alerts, workbooks, and other services accessing the logs, such as Sentinel. During this period, the secondary workspace also replicates incoming logs to the primary workspace, allowing a return to the primary region when it is operational again and continuing to work normally. Workspace replication is billed per replicated GB, and replication can be applied to a subset of Data Collection Rules (DCRs) to limit the scope of replication and related costs.

Filtering Kubernetes metadata and logs in Azure Monitor Container Insights (preview)

Filtering Kubernetes metadata and logs enriches the ContainerLogsV2 schema with additional Kubernetes metadata such as PodLabels, PodAnnotations, PodUid, Image, ImageID, ImageRepo, and ImageTag. The log filtering feature provides filtering capabilities for both workload and platform logs (e.g., system namespaces) from containers. This feature enhances the Kubernetes metadata experience by leveraging the Grafana dashboard to visualize log levels, volume, rate, records, and more. Users gain a richer context and improved visibility into their workloads.

Monitoring applications with Java metrics in Azure Container Apps (preview)

It is now possible to monitor the performance and health of applications with Java metrics such as garbage collection and memory usage. These metrics are automatically collected and reported in Azure Monitor, where they can be viewed in an integrated dashboard. It is also possible to set alerts and troubleshoot issues based on these metrics.

Data analysis using Log Analytics Simple mode (preview)

Azure Monitor Logs introduces a significant improvement in the log analysis experience: Simple mode. This new feature offers users a powerful set of tools to explore their logs and gain meaningful insights from the data. Until now, Azure Monitor Logs relied on the Kusto Query Language (KQL) to formulate queries, a powerful and easy-to-learn language, but it still requires some knowledge to use effectively. Simple mode was developed to bridge this knowledge gap, allowing the use of the most common KQL operators and actions through a simple and intuitive point-and-click experience that requires no KQL knowledge. For advanced users, KQL mode continues to offer the full potential of the Kusto language to gain deeper insights from the logs. Currently, Simple mode is an optional experience: to try it, just select “Try the new Log Analytics”. It is possible to return to the classic Log Analytics experience at any time.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Remediate security baseline recommendation: Microsoft Defender for Cloud has enhanced the Center for Internet Security (CIS) benchmarks by offering security baselines supported by Microsoft Defender Vulnerability Management (MDVM). The new recommendation “Machine should be configured securely (powered by MDVM)” helps secure servers by providing suggestions to improve security posture.
  • Configure email notifications for attack paths: It is now possible to configure email notifications for attack paths in Defender for Cloud. This feature allows receiving email notifications when an attack path with a specified risk level is detected. This update helps security teams respond promptly to potential attacks, improving responsiveness and overall protection.
  • Integration of Defender for Cloud alerts and incidents with Microsoft Defender XDR: This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender Portal. Providing richer context for investigations involving cloud resources, devices, and identities, this feature improves response capabilities and the effectiveness of security operations.
  • Checkov integration for IaC scanning in Defender for Cloud (preview): The public preview of Checkov integration for DevOps security in Defender for Cloud has been announced. This integration improves both the quality and the total number of Infrastructure-as-Code (IaC) checks performed by the MSDO CLI command when scanning IaC templates. During the preview, Checkov must be explicitly invoked via the ‘tools’ input parameter for the MSDO CLI command.
  • Permissions management in Defender for Cloud: The general availability (GA) of permissions management in Defender for Cloud has been announced. This feature enables advanced permissions management, improving security and access control in cloud resources.
  • Security posture management for AI in Defender for Cloud: This feature provides security posture management capabilities for AI in Azure and AWS.
  • Threat protection for AI workloads in Azure (preview): Threat protection for AI workloads in Defender for Cloud provides contextual insights into threat protection, integrating with Responsible AI and Microsoft Threat Intelligence. Security alerts for AI workloads are integrated into Defender XDR in the Defender portal. This plan helps monitor Azure OpenAI-powered applications at runtime for malicious activities, identifying and mitigating security risks.
  • Updated security policy management: Cross-cloud (Azure, AWS, GCP) security policy management is now generally available (GA). This feature allows security teams to manage their security policies consistently and with new characteristics:
  • A simplified and uniform cross-cloud interface to create and manage the Microsoft Cloud Security Benchmark (MCSB) and custom recommendations based on KQL queries;
  • Management of regulatory compliance standards in Defender for Cloud across Azure, AWS, and GCP environments;
  • New filtering and export capabilities for reporting.

  • Public preview of Defender for open-source databases on AWS: The public preview of Defender for open-source databases on AWS has been announced, adding support for various Amazon Relational Database Service (RDS) instance types. This integration improves the security and management of open-source databases running on AWS instances.

Protect

Azure Backup

Migration of virtual machine backups to enhanced backup policies (preview)

Azure Backup now supports the migration of virtual machine backups from the standard backup policy to the enhanced backup policy. This migration offers several benefits:

  • Improved RPO: The recovery point objective (RPO) can be reduced to as little as 4 hours.
  • Retention of recovery points: Recovery points can be retained as snapshots for up to 30 days.
  • Multi-disk consistency: The enhanced policy ensures multi-disk crash consistency for protected VMs.
  • Zone-level resilience: Recovery points created with the enhanced policy are zone-resilient.
  • Trusted Launch security: Protected virtual machines can be converted to Trusted Launch security.
  • Use of premium SSDv2 or ultra-disk: Migration to the enhanced policy allows the use of premium SSDv2 or ultra-disk without interrupting existing backups.

These improvements make migrating to the enhanced backup policy an excellent choice for optimizing the protection and management of virtual machines on Azure.

Azure Site Recovery

Built-in Azure Monitor alerts for Site Recovery

Built-in Azure Monitor alerts for Azure Site Recovery (ASR) are now generally available. This innovation enables organizations using ASR to benefit from an advanced set of alerting and notification features offered by the Azure Monitor platform. Users can leverage standard Azure Monitor experiences and interfaces to manage ASR alerts at scale, using a single platform. This represents a significant step towards achieving a homogeneous and consistent set of monitoring and alerting experiences for all Business Continuity and Disaster Recovery (BCDR) scenarios on Azure.

Out of Box Reports for Azure Site Recovery (preview)

Out of Box Reports for Azure Site Recovery are now available in preview. This new reporting feature offers organizations using ASR a clear and detailed view of job and health status for protected items. Integrated into the Azure Business Continuity Center and Recovery Services Vault, this feature allows BCDR administrators to effectively monitor and manage all protected items in large-scale backup and site recovery processes.

Support for Azure Trusted Launch VMs (preview)

Microsoft has announced the Public Preview of Azure Site Recovery support for Azure Trusted Launch VMs. Azure Trusted Launch VMs provide security for second-generation Azure virtual machines, enabling Secure Boot and vTPM features. This public preview is currently available only for the Windows operating system.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (May 2024 – Weeks: 19 and 20)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

The Availability of Azure Compute Reservations Will Continue Until Further Notice

Initially planned to end on January 1, 2024, the availability of Azure compute reservation exchanges for Azure Virtual Machine, Azure Dedicated Host, and Azure App Service has been extended indefinitely. Customers can continue exchanging their compute reservations for different instance series and regions until further notice, with a minimum of six months’ notice prior to any changes. Additionally, any compute reservations purchased during this extended period will retain the right to one more exchange after the grace period ends. This extension allows for better cost savings assessments and planning. For more information, see the updated Azure reservation exchange policy.

Microsoft Azure Now Available from New Cloud Region in Mexico

The first cloud region in Mexico is now available, providing organizations across the globe with access to scalable, highly available, and resilient Microsoft Cloud services. With Azure Availability Zones, the Mexico Central region strengthens Microsoft’s commitment to promoting digital transformation and sustainable innovation in the country. This new region connects Mexico to the world’s largest and most trusted global cloud infrastructure, delivering the highest standards of security, privacy, and regulatory-compliant data storage.

Cloud Services (Classic) Deployment Model Retirement (31 August 2024)

The Cloud Services (classic) deployment model will also be retired on 31 August 2024. Users must migrate their services to the Cloud Services (extended support) in Azure Resource Manager to benefit from new features like deployment templates, role-based access control, and regional resiliency. After the retirement date, Cloud Services deployments will be stopped, and data will be permanently lost unless migrated.

Compute

Ubuntu 24.04 LTS for Azure Virtual Machines

Ubuntu 24.04 LTS, also known as “Noble Numbat,” is now available for Azure Virtual Machines. This new release includes Linux kernel version 6.8 and systemd version v255.4, bringing new features, enhanced performance, enterprise security, and expanded support for .NET 8. Ubuntu 24.04 LTS images can be found in the Azure Marketplace, providing users with the latest advancements and improvements for their virtual machines.

Standby Pools for Virtual Machine Scale Sets with Flexible Orchestration (preview)

Azure introduces the public preview of Standby Pools for Virtual Machine Scale Sets with flexible orchestration, a feature designed to enhance scaling performance by establishing a pool of pre-provisioned virtual machines. These standby pools expedite the scale-out process by undergoing initialization tasks such as software installation and data loading in advance. The number of virtual machines in a standby pool is dynamically adjusted based on the maximum ready capacity minus the virtual machines already deployed in the scale set. When scaling down, virtual machines are deleted as per the configured scale-in policy, and the standby pool refills accordingly. Virtual machines within the standby pool can either be kept running—recommended for scenarios with strict latency and reliability requirements—or be deallocated to save costs while still maintaining quick scale-out capabilities.

Networking

ExpressRoute Seamless Gateway Migration

ExpressRoute customers can now benefit from a seamless migration to a new Gateway SKU that supports Availability Zones. This update facilitates the migration of Public IP configurations from Basic to Standard without the need to delete and recreate existing virtual network gateways. The new feature provides a guided experience, allowing for seamless migration of circuit connections by deploying a second gateway to the Gateway Subnet, thus improving the overall migration process and reducing downtime.

Azure Front Door Log Scrubbing of Sensitive Data is Generally Available

Azure Front Door’s log scrubbing tool has reached General Availability, providing a secure way to remove sensitive data such as personally identifiable information (PII) from Azure Front Door access logs. By enabling log scrubbing at the Azure Front Door profile level, users can choose specific log fields to scrub. The tool then replaces sensitive information in the logs with “****,” ensuring sensitive data like customer passwords, client IPs, and socket IPs are protected.

Azure Front Door Server Variable Enhancement Generally Available

Azure Front Door now offers enhanced server variable functionality, allowing dynamic modification of requests and responses at the edge. With this feature, users can redirect clients based on request information, rewrite URLs, paths, and query strings, and insert, modify, or delete HTTP headers. Security headers can be implemented to prevent browser-based vulnerabilities, and requests from different countries or devices can be routed to different origins. Additionally, different caching policies can be applied based on content type. New capabilities include support for URL path segment capture and rewrite, enabling more flexible handling of dynamic URLs. For example, if an incoming URL path includes variable-length GUIDs, these can be extracted and inserted elsewhere in the URL path using URL Rewrite rules. For more details, refer to the Azure Front Door documentation.

Retirement of Five Azure Classic Networking Services (31 August 2024)

As announced in August 2021, Azure will retire its classic networking services—including Azure Cloud Services (classic), Classic Virtual Network, reserved IP addresses, Azure ExpressRoute Gateway, Azure Application Gateway, and Azure VPN Gateway—on 31 August 2024. Users are advised to migrate their resources to the Azure Resource Manager deployment model before this date to avoid any service disruptions. The Azure Resource Manager model offers simplified resource deployment, enhanced resource grouping, and the ability to apply access control policies at a group level.

Azure Application Gateway v2 Basic SKU (preview)

The Application Gateway Basic SKU is a new addition to the Application Gateway family, designed for small and medium-sized customers. This SKU is ideal for applications with lower traffic and SLA requirements that do not require advanced traffic management features. It includes built-in high availability and supports HTTP2/HTTPS and WebSocket protocols. Core application-level load balancing features such as URL-based, host-based, and multi-site routing, along with cookie-based affinity, are also included. The Basic SKU supports flexible backends, including Azure Kubernetes Service (AKS), Virtual Machine Scale Sets (VMSS), App Services, and on-premises deployments. Customers can select the Basic SKU directly from the Azure Portal or through their preferred scripting languages.

Storage

Azure File Sync Agent v18 Release

The Azure File Sync agent v18 is now available through Microsoft Update Catalog, offering enhanced capabilities for server provisioning and disaster recovery for Azure File Sync server endpoints. Key improvements include faster server provisioning times—significantly reducing the duration from hours or days to much quicker readiness. This is especially beneficial when creating the first server endpoint of a new sync topology after data is transferred to the Azure File Share, or adding a new empty server endpoint to an existing sync topology. Additional upgrades include enhanced sync performance for initial uploads and high-volume file changes, such as ACL adjustments, alongside miscellaneous reliability and telemetry enhancements for cloud tiering and sync. This release supports Windows Server 2016, 2019, and 2022.

Premium SSDv2 Now Available in Italy North Azure Region with Two Availability Zones (3rd AZ Coming Soon)

Microsoft has announced that Premium SSDv2 is now available in the Italy North Azure region, featuring support for two Availability Zones. This offering ensures high performance and availability for users in the region. A third Availability Zone is on the horizon, enhancing redundancy and fault tolerance.

Azure Ultra Disk Storage Now Available in Italy North

Azure Ultra Disk Storage, known for its high throughput, high IOPS, and consistently low latency, is now available in the Italy North region. This storage solution is ideally suited for data-heavy applications such as SAP HANA, top-tier databases, and transaction-intensive workloads, providing robust and reliable disk storage for Azure virtual machines.

Azure Storage Actions (preview)

Azure Storage Actions has expanded its preview to 14 additional Azure public regions. This fully managed platform simplifies data management operations for Azure Blob Storage and Azure Data Lake Storage by merging serverless infrastructure with a no-code user experience. Azure Storage Actions is designed to be high-performing, cost-efficient, and scalable, automatically adjusting to the size and needs of your data management tasks. Now in public preview in regions including Australia East, Brazil South, Canada Central, and several others across the globe, Azure Storage Actions offers a versatile solution for automating data management in Azure environments.

NFS Azure Files Volume Mount Support in Azure Container Apps (preview)

Azure Container Apps now supports mounting Network File System (NFS) Azure Files volumes, currently in public preview. This feature enhances the scalability and performance of file systems used by containerized applications. NFS Azure Files volumes are ideal for sharing data between multiple containers or maintaining data persistence across container restarts, providing a robust solution for application data management and storage needs.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (May 2024 – Weeks: 17 and 18)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Governance Update – Management Groups

Beginning May 3, 2024, Azure will commence enabling the root management group for tenants that have not yet enabled it. This proactive step aligns with best practices for applying Azure Policy and reduces the initial setup work for following governance best practices. Upon creation of the root management group, all subscriptions will become children of this group, facilitating efficient management and compliance enforcement. This update does not alter access permissions or change subscriptions’ configurations; rather, it streamlines governance processes and enhances organizational compliance with Azure Policy standards.

Extensibility Model in Azure Deployment Environments (preview)

Azure Deployment Environments introduces a new extensibility model, now available in public preview, aimed at empowering customers to customize their deployment workflows using various infrastructure-as-code (IaC) frameworks. This model enables users to harness their preferred IaC framework, such as Bicep, Terraform, or Pulumi, to tailor deployment workflows to meet specific organizational needs. With support for Terraform and Bicep, users can seamlessly integrate their chosen IaC framework into Azure Deployment Environments, enhancing flexibility and efficiency in app infrastructure provisioning.

Compute

Azure Dedicated Host – Redeploy (preview)

In a move towards enhancing service resilience and user control, Azure Dedicated Host introduces the “Redeploy” feature, now available in public preview. This feature simplifies the process of moving an Azure Dedicated Host and its associated Virtual Machines (VMs) from one node to another within the same hardware generation. Termed as user-initiated service healing, the redeploy process ensures minimal disruption to services while addressing issues caused by user configurations or underlying host infrastructure. With support available across all regions of the Azure public cloud, users can utilize the Azure Portal or CLI to initiate host redeployment, maintaining host properties while ensuring data integrity on VMs’ temporary disks.

Networking

Application Gateway Web Application Firewall (WAF) Inspection Limit & Size Enforcement

Azure’s Application Gateway v2, integrated with the regional Web Application Firewall (WAF), now provides enhanced control over inspection limits and size enforcement for WAF policies running Core Rule Set (CRS) 3.2 or later. This update enables users to finely tune request body inspection, maximum request body limit, and maximum file upload limit independently. Moreover, users can disable enforcement of these limits without compromising request body inspection. These enhancements empower users to manage WAF policies more effectively, allowing larger requests to pass through without impediment.

Virtual Network Flow Logs

Azure Network Watcher introduces Virtual Network Flow Logs, a new capability enabling users to capture detailed information about IP traffic within their virtual networks. Whether for usage monitoring, optimization, troubleshooting, compliance, or security analysis, flow logs offer valuable insights into network activity. Users can record network traffic at the scope of the virtual network, subnet, or Network Interface Card (NIC), facilitating audit and compliance requirements, identifying traffic patterns, troubleshooting connectivity issues, and detecting malicious activity. Flow data is stored in Azure Storage accounts and can be exported to various analysis tools and security solutions for further examination.

Azure Virtual Network Manager Security Admin Rule Generally Available

The Azure Virtual Network Manager Security Admin Rule is now generally available across all public regions. This rule empowers users to enforce security policies consistently across virtual networks, regardless of subscriptions or regions. By evaluating rules before network security groups (NSGs), organizations can standardize security enforcement, mitigate misconfigurations, and ensure compliance with company policies. With streamlined security management and default settings to prevent errors, users can enhance network security while simplifying operational complexities.

Azure Virtual Network Manager User-Defined Route (UDR) Management (preview)

Azure Virtual Network Manager introduces user-defined route (UDR) management in public preview, offering users the ability to define and apply routing rules across multiple subnets and virtual networks. With this feature, users can easily describe their desired routing behavior within Azure Virtual Network Manager, streamlining the application of routing rules at scale without manual configuration of route tables for each subnet. This capability allows for various scenarios, including routing traffic between spokes across different hubs and directing traffic to specific destinations based on predefined rules, enhancing network management and flexibility within Azure environments.

Storage

Ultra Disks now available on Italy North Azure Region

Azure users in the Italy North region can now leverage the power of Ultra Disks for their virtual machines. Ultra Disks offer high throughput, low latency, and consistent performance, making them ideal for I/O-intensive workloads. With Ultra Disks, users can experience enhanced storage capabilities to meet the demands of their applications while maintaining scalability and reliability.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in April 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant news. The goal is to keep you constantly informed about these developments, giving you the essential information needed to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Managed Identities for Alerts

Azure Monitor alerts are essential tools for monitoring data related to Azure and its applications. These alerts quickly identify issues that could affect service operations. Through log search alert rules, it’s possible to periodically run log data queries to receive notifications or trigger actions when potential problems are detected. A common challenge for developers is managing the credentials of applications accessing different resources. In this context, managed identities prove to be an effective solution, offering an identity automatically managed through Microsoft Entra ID. Applications can use these identities to obtain access tokens without directly managing credentials.

Log search alert rules support the use of managed identities for Azure resources, enhancing the visibility and control of permissions associated with these rules. Managed identities can be employed in log search alert rules in two main ways:

  • System-assigned managed identity: in this case, Azure creates a new identity specifically dedicated to the alert rule. After creating the rule, it is necessary to assign this identity the required permissions to access the workspace and the data sources needed to perform the query.
  • User-assigned managed identity: before establishing the alert rule, the user creates an identity and assigns the appropriate permissions. This identity can then be used for multiple alert rules, thus optimizing resource management.

This system not only simplifies credential management but also increases security and efficiency in the configuration and monitoring of applications and cloud resources.

Azure Monitor Agent Upload to Storage and Event Hubs (preview)

The Azure Monitor Agent is an advanced solution for collecting telemetry data from IaaS resources, like virtual machines. With the new upload feature, available in this preview version, it is possible to transfer logs directly from Log Analytics workspaces to Event Hubs and Storage services. These data destinations employ specific rules for data collection, allowing for a customized and optimized configuration of the collection infrastructure for agents.

Query Editor for Azure Monitor Metrics (preview)

The public preview of the Query Editor for Azure Metric Explorer within Azure Monitor Workspace (AMW) is now publicly available. This update allows customers to query Prometheus metrics directly from their Azure Monitor Workspace using PromQL. With this feature, users can analyze metric data more effectively by writing and executing PromQL queries directly in the Metric Explorer.

Azure Monitor Pipeline (preview)

Microsoft recently launched the preview version of the Azure Monitor Pipeline for edge environments. This new solution is designed to improve the ingestion and routing of large-scale data from edge environments to Azure Monitor, enhancing observability. Deployable as an extension of the Arc Kubernetes cluster on your own on-premises Kubernetes clusters, the pipeline supports a wide range of resources and can be scaled horizontally to handle large volumes of data. It also offers advanced capabilities for collecting data from resources in segmented networks without continuous cloud connectivity, storing logs locally during outages, and synchronizing them with the cloud once the connection is restored.

Govern

Azure Advisor


Changes to the Display of Savings Estimates on Azure Advisor

From September 30, 2024, Azure Advisor will no longer display the aggregated annual estimates of potential savings. Currently, these estimates are visible on the Azure portal under “Potential yearly savings based on retail pricing” in the cost recommendations pages. This feature will be discontinued on the specified date. Despite the removal of this aggregated display, it will still be possible to calculate specific annual potential savings through alternative procedures. Individual recommendations and their associated potential savings will remain available.

Resiliency Review (preview)

Microsoft has introduced the “Resiliency Review” in public preview on Azure Advisor, a new feature aimed at increasing the resilience of workloads through personalized recommendations. These recommendations, provided by Microsoft’s cloud solution architects, allow users to focus on the most critical aspects to ensure the resilience of their systems. Users have the opportunity to evaluate the recommendations (accepting or rejecting them), manage their lifecycle on Advisor, and collaborate with their Microsoft account team to monitor resolution. It is also possible to request a “Well Architected Reliability Assessment” to optimize the resilience and reliability of workloads by implementing the recommendations and monitoring their lifecycle on Advisor.

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • General Availability of Microsoft Defender for Containers on AWS and GCP: Microsoft has announced the general availability of Defender for Containers for AWS and GCP platforms. This service enhances container security through real-time threat detection and agentless container discovery. Notably, an advanced authentication feature on AWS optimizes the service provisioning process.
  • Risk Prioritization: Risk prioritization has become the default experience in Microsoft Defender for Cloud. This feature helps users focus on the most severe threats by organizing security recommendations based on the risk factors of each resource. The assessment criteria include the potential impact of a breach, risk categories, and the attack path associated with each security issue.
  • Update on Microsoft Defender for Server Plan 2: Microsoft has announced that the Qualys service integrated into Plan 2 of Microsoft Defender for Server will be retired on May 1, 2024. This change is part of a broader initiative to simplify and consolidate vulnerability assessments within Microsoft Defender for Cloud. Following this update, Plan 2 of Defender for Server will integrate Microsoft Defender Vulnerability Management as its new solution for vulnerability assessments.
  • Defender for Cloud Supports Azure Database for MySQL – Flexible Server: Microsoft Defender for Cloud can now protect Azure Database for MySQL – Flexible Server from threats without compromising the performance of the service. This solution reduces the risk of data breaches, attacks, and unauthorized access by monitoring unusual or suspicious activity in the database. This feature can be easily enabled from the Azure portal, to receive security alerts, insights, and recommendations on how to mitigate potentially harmful threats related to Azure Database for MySQL – Flexible Server.

Protect

Azure Backup

Backup and Restore of Virtual Machines with Private Endpoint Disks

Azure Backup now offers the capability to back up Azure virtual machines using disks with private endpoints. This functionality is available for virtual machines with both standard and advanced backup policies and can be implemented through the standard backup procedures of Azure. Additionally, during the restore process, it is now possible to configure network access settings for the restored disks. Users can choose to maintain the original network configuration of the disks, limit access to specific networks, or allow public access from all networks.

Backup for Azure Database for MySQL – Flexible Server (preview)

Azure Backup, in collaboration with Azure Database Services, has launched a preview backup solution for MySQL-Flexible servers that allows backups to be retained for up to 10 years. Features offered in this preview phase include: comprehensive data protection against various levels of data loss, from accidental deletions to ransomware attacks; the ability for users to control scheduled and ad-hoc backup operations; isolated backups stored in a separate security and fault domain; long-term backup retention; and centralized monitoring of all backup operations and jobs.

Azure Backup Introduces Vault Backups for Azure Files (preview)

Azure Backup now supports transferring backups of Azure Files into vaults to protect critical business data stored in Azure Files against severe data loss scenarios, such as ransomware attacks. These isolated backups ensure trouble-free recovery even if the source data is compromised. It’s easy to switch from snapshot-based backup, which offers protection from accidental deletions, to vault backup to safeguard File data against a broader range of tampering and data deletion scenarios. Capabilities include:

  • Enhanced backup security with features such as immutability, encryption with customer-managed keys (CMK), soft delete, and multi-user authorization (MUA).
  • Long-term data retention up to 99 years to meet compliance requirements in regulated sectors.
  • Business continuity in case of regional disruptions with the ability to restore from a backup copy replicated in the Azure paired region.
  • Guaranteed data recovery even if the production storage or subscription is compromised, with the option to restore in an alternative subscription.

Selecting the “vault” level in the backup policy can improve the security posture of Azure Files data with a native, managed, and secure offsite backup solution, strengthening the business continuity and disaster recovery strategy for mission-critical applications.

Azure Site Recovery

New Update Rollup

Update Rollup 73 has been released for Azure Site Recovery, bringing significant improvements to the latest service components. Notably, the Mobility Service now supports additional Linux operating systems, including Debian 12 and Ubuntu 18.04 Pro for Azure-to-Azure configurations and VMware/Physical migrations to Azure. This update also includes other optimizations and bug fixes.

Azure Site Recovery for Shared Disks (preview)

The public preview of Azure Site Recovery for managing Shared Disks is now available. This feature enhances the protection and recovery of workloads operating on Windows Server Failover Clusters (WSFC) deployed on Azure VMs. This development paves the way for the use of shared disks for mission-critical applications such as SQL FCI, SAP ASCS, and Scale-out File Servers, ensuring operational continuity and efficient recovery capability in disaster scenarios.

With Azure Site Recovery for shared disks, you can:

  • Replicate and recover WSFC clusters as a single entity throughout the Disaster Recovery (DR) lifecycle.
  • Generate cluster-level consistent recovery points.
  • Monitor the protection and health status of the cluster and its nodes from a single interface.
  • Manage cluster failover and recovery point selection.
  • Re-protect and restore the cluster in the main region minimizing data loss and reducing downtime.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

This month, the main updates include:

  • New Features for SAP (preview): Azure Migrate has recently expanded its capabilities by including support in preview for discovery and assessment of SAP systems. Thanks to this feature, users can now perform detailed assessments for on-premises SAP workloads.
  • Assessment of Java Web Applications (Tomcat) for Azure App Service and AKS (preview): Microsoft has introduced a new assessment capability for Java web applications (Tomcat) in preview, aimed at both Azure App Service and Azure Kubernetes Service (AKS). This feature allows developers and IT architects to examine and plan the migration of their existing Tomcat applications, leveraging Azure’s cloud capabilities to enhance the performance and scalability of applications.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (April 2024 – Weeks: 15 and 16)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Announcing New Cloud Governance Guidance in the Microsoft Cloud Adoption Framework for Azure

Microsoft is pleased to announce a significant update to the Cloud Adoption Framework (CAF) for Azure, introducing new and enhanced cloud governance guidance. This update is a pivotal part of Microsoft’s dedication to facilitating effective cloud adoption strategies across various organizations. The revised governance guidance covers critical areas such as identity, cost, resource, data, and AI governance, aiming to provide a comprehensive and accessible roadmap for organizations at any stage of their cloud journey. Whether it’s a startup aiming to scale operations efficiently or a large enterprise refining its governance practices, the new guidance is structured to support their evolving needs.

Retirement of Cloud Services (classic) Deployment Model (31 August 2024)

On 31 August 2024, Microsoft will retire the Cloud Services (classic) deployment model. Customers are advised to migrate their services to Cloud Services (extended support) in Azure Resource Manager before this date to avoid service disruption. The new deployment model offers significant improvements including deployment templates, role-based access control, and regional resiliency. Note that related services like Azure Virtual Network and Azure ExpressRoute gateway will also be retired, necessitating a migration to the Azure Resource Manager model which features enhanced resource deployment and management capabilities.

Compute

NVv4 Series VMs Now Available in Italy North Azure Region

Microsoft Azure has expanded its infrastructure offerings by making NVv4 Series Virtual Machines (VMs) available in the Italy North region. These VMs feature the AMD Radeon Instinct MI25 GPU and AMD EPYC 7V12 (Rome) CPU, offering robust performance options for computational and graphic-intensive applications. This deployment in Italy North provides local customers enhanced capabilities for graphics rendering, virtual desktop infrastructure (VDI), and AI workloads, further supporting the demands of diverse business environments in the region.

HBv4-series & HX-series VMs Now Available in Sweden Central

The HBv4-series and HX-series VMs are now available in the Sweden Central region. These VMs are equipped with up to 176 AMD EPYC™ 9V33X (“Genoa-X”) CPU cores and provide impressive memory and storage capacities. The HBv4-series VMs come with 768 GB of RAM, while the HX-series offers 1.4 TB of RAM. Both series feature a 2.3 GB L3 cache per VM, delivering substantial bandwidth capabilities. These VMs are particularly suitable for high-performance computing needs, featuring 400 Gb/s NDR InfiniBand from NVIDIA Networking to support supercomputer-scale workloads.

Networking

Azure Virtual Network Encryption Available in All Regions

Azure Virtual Network encryption is now available across all Azure regions, enabling encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network, as well as between regionally and globally peered virtual networks. This rollout enhances the already robust encryption-in-transit capabilities of Azure, providing an additional layer of security for data traveling within the cloud infrastructure.

Azure Virtual Network Manager Network Groups in Public Preview

The use of Azure Virtual Network Manager network groups in security admin rules is now available in public preview. This feature allows administrators to use network groups in the source and/or destination of security rules, facilitating easier network isolation and management. With network groups, administrators can logically group virtual networks or subnets, enabling scenarios like segregating production from non-production environments. This capability simplifies the enforcement of traffic control, eliminating the need to manually identify CIDR ranges or resource IDs, thereby enhancing security administration across Azure environments.

Storage

Azure Data Box Disk Now Available with Hardware Encryption

Azure Data Box Disk is now generally available with AES-256 hardware encryption for Linux-based hosts. This new offering is available to customers in the US, EU, and Japan, providing an option to choose between software encryption (BitLocker) and hardware encryption (self-encrypted). These self-encrypted disks offer copy performance on Linux that is on par with BitLocker encrypted disks on Windows, enhancing data security and performance for Azure users.

New Disk Property: LastOwnershipUpdateTime

Microsoft Azure introduces a new property for Disks, named LastOwnershipUpdateTime, available in the Azure Portal, PowerShell (PS), and Command-Line Interface (CLI). This property indicates the time when the Disk’s ownership or state was last updated, providing a clear timeline of changes. It is particularly useful when used alongside the diskState to monitor and verify the current state of the Disk and its recent updates. This addition aims to enhance transparency and control for Azure users managing disk resources.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (April 2024 – Weeks: 13 and 14)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Compute

Some Virtual Machines Size Will Be Retired

Microsoft Azure has announced the upcoming retirement of several virtual machine (VM) sizes within the NCv3-series, specifically the Standard_NC6s_v3, Standard_NC12s_v3, and Standard_NC24s_v3 VMs, scheduled for September 30th, 2025. Additionally, the Standard_NC24rs_v3 VM size will retire on March 31st, 2025. To ensure continuity and prevent service disruption, users are advised to transition their workloads to newer VM series within the same NC product line. In a related update, support for Basic and Standard A-series VMs in Batch pools will conclude on August 31, 2024. Users are encouraged to migrate their Batch pools to Av2-series VMs or other supported VM sizes to benefit from enhanced memory per vCPU and faster SSD storage.

On-demand capacity reservations for Specialty SKUs (preview)

Azure now offers on-demand capacity reservations for specialty VM sizes, currently in Public Preview. This feature allows for the reservation of compute capacity with SLA for specific VM sizes including Mv3, NC-series (v3 and newer), NV-series (v2 and newer), and Lsv2 series. It introduces the ability to ensure compute capacity—with SLA guarantees—is available ahead of VM deployments, crucial for maintaining the availability of business-critical applications. On-demand capacity reservations can be used in any public Azure region or availability zone, for any length of time, without commitment. These reservations can also be combined with Azure Reserved VM Instances (RIs) to further reduce costs.

Networking

Azure Virtual Network Manager Security Admin Rule Generally Available in 45 Regions

Azure Virtual Network Manager’s security admin rule configuration feature is now generally available in 45 regions. This pivotal update empowers users to enforce security policies for their virtual networks comprehensively across subscriptions and regions globally. Positioned to be evaluated before network security groups (NSGs), these rules underscore a commitment to standardized security enforcement. They are designed to mitigate potential misconfigurations and oversights, thereby safeguarding critical services and ensuring adherence to company policies. The feature highlights the ease of managing security with reduced operational complexities and introduces a default setting to minimize errors in NSG setups. For detailed insights and use cases, the virtual network flow logs documentation offers guidance on monitoring traffic allowed or denied by these rules.

Rate Limiting on ExpressRoute Direct Circuits

The general availability of Rate Limiting for ExpressRoute Direct port circuits brings a significant Quality of Service (QoS) enhancement, allowing for precise control over bandwidth usage. This feature helps prevent performance and reliability issues by enabling throttling of traffic throughput in accordance with the configured bandwidth, thus avoiding the potential for circuits to burst beyond their allocated bandwidth. Rate Limiting is available for both Private Peering and Microsoft Peering, in all Azure public cloud regions, and can be enabled for individual circuits during or after their creation process.

ExpressRoute Metro for High Resiliency (preview)

In a significant advancement for network resilience, Azure announces the public preview of ExpressRoute Metro. This high-resiliency configuration is designed to provide multi-site redundancy through a dual-homed setup, allowing for diverse connections to two distinct edge sites within a city. Initially available in Amsterdam, Singapore, and Zurich, ExpressRoute Metro enhances the reliability and uptime of connectivity from on-premises networks to Azure. This addition introduces three tiers of resiliency for ExpressRoute – Standard, High, and Maximum – enabling customers to tailor their connectivity according to desired resilience levels.

Azure Front Door (classic) will be retired on 31 March 2027

On 31 March 2027, Azure Front Door (classic) will be retired for the public cloud. Users are encouraged to migrate to Front Door Standard or Premium by that date. Starting 1 April 2025, creation of new Front Door (classic) resources will no longer be possible via the Azure portal, Terraform, or any command line tools. However, modifications to existing resources will be allowed until its retirement. Azure Front Door Standard and Premium offer enhanced capabilities for static and dynamic content delivery, along with improved security, DevOps experiences, and pricing. Migration to these newer versions is recommended to avoid service disruptions and to take advantage of better integration with Azure services.

Storage

Azure File Sync Extension on Windows Admin Center Version 4.13.0 Now Available

The release of version 4.13.0 of the Azure File Sync extension for Windows Admin Center has been announced, marking a significant update that went live on March 20th. This version brings a series of enhancements and fixes aimed at improving the Azure File Sync experience within the Windows Admin Center platform. The key improvements include an optimized setup process designed to reduce unexpected failures, facilitating smoother and more efficient deployments of Azure File Sync. Additionally, the update introduces enhanced status checks, offering a proactive approach to verify compatibility and ensure full support for the selected configurations. Furthermore, the error reporting mechanism has been overhauled to provide more detailed and actionable insights. In case of issues during the Azure File Sync setup, users will now receive comprehensive error messages, enabling them to swiftly and effectively resolve any problems. Users are encouraged to update to version 4.13.0 of the Azure File Sync extension via the Windows Admin Center public extension feed to take advantage of these improvements.

Azure Files geo-redundancy for standard large file shares

Azure Files has expanded its offerings to include geo-redundancy for 100 TiB standard SMB file shares, now generally available. Previously capped at 5TiB, these geo-redundant file shares can now scale up to 100TiB with enhanced IOPS and throughput limits. This update brings a significant improvement to the performance and scalability of Azure Files, making it more viable for larger and more demanding storage needs. Geo-redundant standard large file shares are available in 30 regions, with plans to extend this to all regions in the future.

Improved Throughput Performance on Azure Disks’ Standard SSD

Azure unveils increased throughput limits for Standard SSD Disks sizes E50 and below, now offering 100 MB/s, up from 60 MB/s. This enhancement benefits workloads requiring higher throughput, including big data processing, online analytical processing (OLAP), high-performance computing (HPC), and artificial intelligence/machine learning (AI/ML). The improved performance is accessible across all regions without requiring additional steps, while the bursting performance for Standard SSD Disk tiers remains unchanged.

Availability Zone Volume Placement for Azure NetApp Files

The availability zone volume placement feature for Azure NetApp Files has reached general availability. This enhancement enables the deployment of new volumes in the selected logical availability zone, bolstering support for enterprise-level, high availability (HA) deployments across multiple availability zones. It facilitates cross-zone replication of volumes, enhancing resilience against zonal failures. Now available in all regions with Azure NetApp Files presence that support availability zones, this feature marks a significant step forward in cloud storage flexibility and reliability.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in March 2024

This month, Microsoft announced a series of significant updates to the Azure management services. Through this sequence of monthly articles, we aim to provide a detailed overview of the most noteworthy new features. The primary goal is to keep readers up-to-date on these advancements, offering the crucial information needed to delve further into these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Expansion and improvements to the Azure Monitor for Prometheus service

The managed Azure Monitor for Prometheus service, which facilitates the collection and analysis of metrics through a monitoring solution compatible with the Prometheus project of the Cloud Native Computing Foundation, has announced significant updates:

  • The service is now available in 13 additional Azure regions, extending its geographical coverage.
  • Introduction of support for TLS (Transport Layer Security) and mTLS (Mutual TLS) based metrics scraping, aimed at Prometheus configurations that use TLS. This feature adds a significant layer of security for authenticated and protected communication between Azure Monitor and Prometheus instances, enhancing data protection in transit.

Billing for “stateful” log search alerts in Azure Monitor (preview)

Starting from May 1, 2024, “stateful” log search alerts in Azure Monitor will be subject to charges. These alerts allow for the execution of a log analysis query on monitored resources at regular intervals, triggering an alert based on the results obtained. The distinctive feature of “stateful” alerts is their ability to automatically resolve when the alert condition is no longer true, thus reducing alert noise and focusing on issues that require attention. This feature is currently in preview and will become publicly available in May. Details on the pricing for log search alert rules can be found on the Azure Monitor pricing page.

Govern

Azure Advisor

Assessment of the Well-Architected Framework on Azure Advisor (preview)

The introduction of the Well-Architected Framework (WAF) assessment on Azure Advisor (in preview) represents a significant step forward in providing users with a deep and holistic understanding of their architectures. This assessment allows for the examination and optimization of architectures across multiple crucial aspects, including resilience, security, cost optimization, operational excellence, and performance efficiency. Implementing and monitoring the recommendations from the WAF assessment through Azure Advisor are valuable tools for improving the effectiveness and efficiency of cloud infrastructures.

Azure Policy

New feature: simple assignment of regulatory compliance policies to the Azure Landing Zone (ALZ)

Microsoft has announced a new feature for the Azure Landing Zone portal accelerator that will make large-scale regulatory compliance more consistent and simpler to implement. Azure Policy initiatives can now be assigned to Management Groups at deployment with just a few clicks.

Azure Cost Management

Support for the AWS connector in Cost Management will end on March 31, 2025

The connector for AWS in Microsoft Cost Management, designed to consolidate cost data from Microsoft Azure and AWS, will be retired. Users are encouraged to consider an alternative solution before the retirement date to complete the transition in a timely manner. After March 31, 2024, it will no longer be possible to add new AWS Connectors in Cost Management for all users, and from March 31, 2025, access to the AWS Connector as well as cost reports that include AWS data will be discontinued. In addition, all AWS cost data present on Microsoft Cost Management will be deleted, except for Cost and Usage Report (CUR) files which will remain available in the user’s S3 bucket on the AWS console.

Cost analysis add-on for AKS (General Availability)

The cost analysis add-on for Azure Kubernetes Service (AKS) is now available. This native Azure experience offers visibility into the underlying infrastructure costs associated with AKS workloads, with a cost breakdown based on Kubernetes constructs like clusters and namespaces, as well as Azure asset categories. Additionally, cost allocation data can be viewed directly in the Azure portal’s cost management section. The add-on helps monitor, allocate, and optimize AKS costs.

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Secure

Microsoft Defender for Cloud

Azure Defender for Microsoft Azure Database for PostgreSQL – Flexible Server

Microsoft has made Defender for Cloud available for Azure Database for PostgreSQL – Flexible Server, thus enhancing database security with advanced detection capabilities. This sophisticated solution is designed to detect suspicious activities that may indicate unusual and potentially dangerous attempts to access or compromise databases. With its implementation, Defender for Cloud introduces an additional significant layer of protection for Azure Database for PostgreSQL – Flexible Server, complementary to the already integrated security measures, ensuring an even more robust defense against threats.

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Agentless scanning for VMs encrypted with CMK in Azure: this functionality, already available for AWS and GCP, is now present for Azure. It uses a unique approach to scan VMs encrypted with CMK without Defender for Cloud managing the keys or the decryption process, which is instead handled transparently by Azure Compute. The unencrypted VM disk data is not copied or re-encrypted with another key, and the original key is not replicated. During the public preview, this capability is not enabled automatically, but is available for those using Defender for Servers P2 or Defender CSPM with VM disks encrypted with CMK.
  • New recommendations for endpoint detection and response: announced new recommendations that discover and assess the configuration of supported endpoint detection and response solutions. These agentless recommendations are available for those who have activated Defender for Servers Plan 2 or the Defender CSPM plan, but do not support on-premises machines.
  • Custom security standards and recommendations based on KQL for Azure in public preview: it is now possible to create custom security standards and recommendations based on KQL for Azure, available in public preview and supported in all clouds.
  • Inclusion of DevOps recommendations in the Microsoft Cloud Security Benchmark (MCSB): it is now possible to monitor the security and compliance posture of DevOps in the MCSB, which provides prescriptive details on how to implement its security recommendations agnostic to the cloud.
  • General availability (GA) integration with ServiceNow: announced the general availability of the integration with ServiceNow.
  • Protection of critical assets in Microsoft Defender for Cloud (preview): Defender for Cloud now includes a feature to identify and protect critical assets through risk prioritization, attack path analysis, and cloud security explorer.
  • Enhanced recommendations for AWS and GCP with automatic remediation scripts: improved recommendations for AWS and GCP with automatic remediation scripts that allow for large-scale application of remedies.
  • Addition of compliance standards to the compliance dashboard (preview): based on user feedback, new compliance standards have been added in preview to the compliance dashboard for AWS and GCP resources protected by Defender for Cloud.
  • Retirement of the container vulnerability assessment by Defender for Cloud powered by Qualys: this assessment has been retired. Customers who were using this assessment should switch to the vulnerability assessments for Azure with Microsoft Defender Vulnerability Management.

Protect

Azure Backup

Azure Backup for VMs: agentless backup of multiple disks with crash consistency (preview)

Azure VM backup introduces support for agentless backup of multiple disks with crash consistency, currently in public preview. This feature allows for the backup of VMs without the need to install additional software, such as the VM agent or the snapshot extension, inside the VM itself. This feature can also be used if the operating system is not supported for backup with application-level consistency.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (March 2024 – Weeks: 11 and 12)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Free Data Transfer Out to Internet for Azure Departures

In a bold move to support customer freedom, Azure has introduced free egress for data transfers out of Azure infrastructure to other cloud providers or on-premises data centers. This policy, which aligns with the European Data Act, applies globally across all Azure regions, further facilitating customer transitions and migrations with financial and operational ease. Azure already offers the first 100GB/month of egressed data for free to all customers in all Azure regions around the world. If you need to egress more than 100GB/month, follow these steps to claim your credit.

Azure Classic Administrator Roles Retiring

On 31 August 2024, Azure will retire its classic administrator roles. Organizations using Co-Administrator or Service Admin roles are advised to transition to Azure Role-Based Access Control (RBAC) roles before this date. The retirement also applies to all Azure classic resources and the Azure Service Manager. From 3 April 2024, adding new Co-Administrator roles through the Azure portal will not be possible. Transitioning to Azure RBAC roles is necessary to avoid service disruptions

Modernized Azure Resource Manager Throttling (preview)

Azure Resource Manager’s throttling mechanism is set for a major overhaul in 2024, implementing a token bucket algorithm to manage API requests more efficiently. This update will significantly increase throttling limits and offer a smoother, more scalable experience for managing Azure resources, benefiting developers and administrators alike.

Networking

IPv6 Support for Azure Application Gateway (v2)

IPv6 support for Azure Application Gateway (v2) is now generally available, addressing the growing need for larger address spaces and improved routing efficiency. This update facilitates the support for IPv6 clients and helps customers dealing with IPv4 address scarcity, reinforcing Azure’s commitment to advanced networking solutions.

App Service Backup and Restore over Azure Virtual Network

Azure now enables customers to conduct custom backups for web apps directly to a firewall-protected storage account, provided the app is either integrated with a virtual network or resides in a v3 App Service environment, and the storage account permits access from the connected virtual network. This feature enhances the security and flexibility of web app data management within Azure’s ecosystem.

Retirement of Application Gateway WAF v2 Configuration

The retirement date for Application Gateway WAF v2 Configuration is set for March 15, 2027. Customers are encouraged to migrate to the Application Gateway WAF v2 Policy for enhanced security features and performance without downtime. This transition underscores Azure’s ongoing efforts to streamline and improve security offerings.

Listener TLS Certificates Management in Azure Portal

Azure Application Gateway now supports TLS certificate management directly within the Azure portal, simplifying the management of .PFX certificates for HTTPS or TLS listeners. This enhancement makes it easier for administrators to handle certificate details, such as expiry and issuer name, improving operational efficiency in secure application delivery.

Microsoft Open Sources Retina: Container Networking Observability

Microsoft has open-sourced Retina, a cloud-native container networking observability platform designed by the Azure Container Networking team. Retina provides comprehensive network insights for cloud-native applications, facilitating non-intrusive troubleshooting and supporting diverse environments. This initiative reflects Azure’s commitment to community-driven innovation and enhanced cloud application management.

Host Network Security Group (NSG) Control in AKS

Azure Kubernetes Service (AKS) now offers enhanced security through Host Network Security Group (NSG) control, allowing for precise traffic management on AKS nodes with public IPs. By specifying allowed host ports in node pool settings, administrators can automatically generate allow rules in the cluster’s NSG, bolstering security for public-facing services.

Public IP Domain Name Label Scope (preview)

Azure introduces a public preview of a new capability for Public IP addresses to prevent DNS subdomain takeover while allowing DNS name re-use. The Domain Name Label Scope parameter ensures that a public IP address retains a consistent, hashed string within a specified scope, enhancing security against malicious attempts to hijack DNS subdomains.

Storage

Azure Blob Storage Cold Tier Expansion

Azure Blob Storage Cold Tier, a cost-efficient solution for storing infrequently accessed data, has expanded its availability to Poland Central, Qatar Central, and all regions in Azure China since its general availability on August 10th, 2023. This expansion provides more geographical options for users seeking long-term data retention with instant access, highlighting Azure’s dedication to global accessibility and data storage optimization.

Azure NetApp Files Support for 1 TiB Capacity Pools

Azure NetApp Files now supports creating capacity pools with a minimum size of 1TiB, offering more flexibility and cost savings for customers with smaller data storage needs. This update allows for incremental pool size adjustments, catering to diverse customer requirements and optimizing storage resource allocation.

Force Detach Zone Redundant Disks During Zone Outage (Private Preview)

Azure introduces a private preview feature allowing the force detachment of zone redundant disks during zone outages. This capability ensures business continuity by enabling disks to be detached from VMs in the impacted zone and reattached to VMs in active zones, leveraging Azure’s robust disaster recovery solutions.

Azure Stack

Azure Stack HCI

Introducing Azure Virtual Desktop workload in Azure Stack HCI Sizer

Earlier in February 2024, Microsoft announced the general availability of Azure Virtual Desktop for Azure Stack HCI, a significant enhancement that extends the capabilities of the Microsoft Cloud to datacenters and edge locations. Following this advancement, Microsoft has now integrated ‘Azure Virtual Desktop’ as a new workload category within the Azure Stack HCI sizer. This integration facilitates organizations in efficiently planning and sizing their Azure Virtual Desktop deployments on Azure Stack HCI. By calculating the number of VMs required, suggesting per VM configuration, and advising on hardware procurement, the Azure Stack HCI Sizer, a comprehensive web-based tool, supports organizations in accurately estimating hardware needs for their deployments. The synergy of Azure Virtual Desktop and Azure Stack HCI empowers organizations to securely operate virtualized desktops and applications on-premises, whether at the edge or in their datacenter. This is especially beneficial for organizations with strict data residency requirements, latency-sensitive workloads, or those needing proximity to their data.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (March 2024 – Weeks: 09 and 10)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Retirement of Cloud Services (classic) Deployment Model

Azure has announced the retirement of the Cloud Services (classic) deployment model on August 31, 2024. Users are encouraged to migrate their services to Cloud Services (extended support) within Azure Resource Manager before this date to avoid service disruption. This transition enables access to new capabilities such as deployment templates, role-based access control, and regional resiliency.

Change Actor in Azure Resource Graph (preview)

Azure introduces the public preview of Change Actor in Azure Resource Graph, a tool that enhances audit, troubleshooting, and governance capabilities. This feature allows users to identify who made changes to resources, the client used for the change, and the operation called. By integrating Change Actor functionality, Azure offers improved visibility and control over resource changes, facilitating better management across tenants and subscriptions.

Compute

New Generation AMD VMs – Dasv6/Easv6/Fasv6 (preview)

Azure announces the public preview of the new generation AMD-based VMs, leveraging the 4th Generation AMD EPYC™ 9004 (Genoa) CPU. These VMs, available in Dasv6, Easv6, and Fasv6 series, offer enhanced performance and reliability. They support various memory to core ratios, catering to general-purpose, memory-optimized, and compute-optimized needs. Equipped with Azure Boost and NVMe interfaces, these VMs promise up to 80% better remote storage performance, faster local storage speeds, and improved networking bandwidth. Initially available in the East US 2 region, these VMs represent a significant expansion in Azure’s AMD VM offerings.

Networking

Azure Route Server Now Available in ItalyNorth Azure Region

Azure Route Server has been introduced to the ItalyNorth Azure Region, offering simplified dynamic routing between network virtual appliances (NVAs) and Azure virtual networks. This service facilitates the direct exchange of routing information via the Border Gateway Protocol (BGP) without the manual configuration of route tables. Azure Route Server, as a fully managed service, ensures high availability and seamless integration with the Azure Software Defined Network (SDN), enhancing network management and efficiency.

Azure Virtual Network Encryption Expanded to Additional Regions

Azure has extended its Virtual Network encryption feature to additional regions, including West US, East US, Europe, and more. This enhancement allows for the encryption of traffic within the same virtual network and across peered networks, bolstering security for data in transit. The expansion of this feature underscores Azure’s commitment to providing robust security options for its users.

Application Gateway for Containers

Microsoft Azure has announced the general availability of Application Gateway for Containers, marking a significant evolution in application load balancing technology. This service enhances the capabilities of the traditional Application Gateway and its Ingress Controller by offering advanced layer 7 load balancing and dynamic traffic management for Kubernetes workloads. With features like Custom Health Probes, URL Redirect, and URL/Header Rewrite, the service ensures near-to-real-time updates in response to changes within the Kubernetes environment. The general availability version also introduces Controller High Availability, Gateway API v1 integration, additional regional availability, and a service level agreement (SLA) to support production workloads confidently.

Azure Application Gateway introduces support for TLS and TCP protocols (preview)

Azure Application Gateway expands its functionality by introducing support for TLS and TCP protocols in public preview. This enhancement allows for the utilization of Application Gateway in non-HTTP applications, catering to protocols such as SQL, MQTT, and AMQP. It facilitates the use of custom domains with Application Gateway’s TLS certificate management, ensuring secure connections for clients and access to any backend service. Moreover, this feature provides a unified endpoint for client access, as a single Application Gateway resource can now support both Layer 7 (HTTP/S) and Layer 4 (TCP and TLS) protocols. Available for Standard V2 and Web Application Firewall V2 SKUs, this update broadens the scope of Application Gateway’s capabilities.

Internet inbound for Network Virtual Appliances in Virtual WAN Hubs (preview)

The introduction of Internet inbound (Destination NAT) for Next-Generation Firewall Network Virtual Appliances (NVAs) in Virtual WAN hubs is now in public preview. This feature enables network administrators to publish applications to a wider internet audience without directly exposing the application or server’s public IP. Instead, users access applications through a public IP address assigned to a Firewall NVA, which is configured to filter, translate, and control access to backend applications. With the ability to associate public IP addresses to Firewall NVAs deployed in Virtual WAN Hubs and utilize NVA management and orchestration software, Virtual WAN customers can now seamlessly program both the Virtual WAN infrastructure and the NVAs to accept and forward inbound traffic, enhancing security and accessibility.

Storage

Azure File Sync Agent v17.2 Release

The Azure File Sync Agent v17.2 has been officially released, consolidating improvements and fixes from its predecessors, versions 17.0 and 17.1. This update is crucial for users with the Azure File Sync agent version 16 or below, as both versions 16.2 and 17.2 are now available for update. This version marks the final planned release for Windows Server 2012 R2, with support for this server ending on March 4th, 2025. The agent is compatible with Windows Server 2012 R2, 2016, 2019, and 2022, providing enhanced functionality and stability.

Azure Blob Storage Cold Tier SLA

As of August 10th, 2023, Azure Blob Storage Cold Tier is generally available, providing a cost-effective solution for long-term storage of infrequently accessed data. The service level agreement (SLA) for Azure Blob Storage now includes this new online access tier, ensuring Microsoft’s commitment to uptime and connectivity.

Encryption at Host for Premium SSD v2 and Ultra Disks Expanded

Encryption at host for Premium SSD v2 and Ultra Disks is now generally available in additional regions including Canada East, West Europe, South Central US, and West US 3. This feature enhances security by starting encryption at the VM host level, ensuring data is encrypted at rest and in transit to the Storage service. The expansion of this feature demonstrates Azure’s ongoing commitment to providing secure and reliable cloud storage options.

Azure NetApp Files Volume Enhancement (preview)

Azure NetApp Files introduces a significant enhancement in public preview, allowing volumes in different availability zones within the same region to share the same volume mount path. This feature supports highly available architectures through cross-zone replication, simplifying automation and minimizing manual intervention during disaster recovery failovers. It is applicable to SMB, NFS, and dual-protocol volumes, facilitating improved recovery times and data availability across various scenarios, including host-based replication and test/dev environments.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.