Category Archives: Microsoft Azure

Azure Management services: what's new in March 2023

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, published on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Ingestion client libraries

Microsoft announces the initial release of the Azure Monitor Ingestion client libraries for .NET, Java, JavaScript e Python. Libraries allow you to:

  • Upload custom logs to a Log Analytics workspace.
  • Modernize security standards by requiring Azure Active Directory token-based authentication.
  • Complete Azure Monitor Query libraries, used to query logs in a Log Analytics workspace.

Collecting Syslog from AKS nodes using Azure Monitor Container Insights (preview)

Customers can now use Azure Monitor Container Insights to collect Syslog from their Azure Kubernetes Service cluster nodes (AKS). In combination with SIEM systems (Microsoft Sentinel) and monitor tools (Azure Monitor), syslog collection tracks security and health events of IaaS and containerized workloads.

The Azure Monitor for Prometheus managed service now supports querying PromQL

Thanks to Azure Workbooks support for Azure Monitor Prometheus managed service, users are provided with the ability to use Prometheus workbooks to run PromQL queries in the portal. Furthermore, users have the benefit of creating custom reports for Prometheus workbooks.

Azure Monitor supports Availability Zones in new regions

Azure Monitor continues to expand its availability zone support by adding three regions: Canada Central, France Central and Japan East.

Azure Monitor alerts support cloning

When viewing the details of an alert rule in the Azure portal, a new option is now available “duplicate”, which allows you to duplicate the alert rule. When selecting this option for an existing alert rule, the rule creation wizard starts, pre-populated with the original alert rule configuration, while allowing you to make changes.

Configure

Azure Automation

Announced the retirement of the agent-based Hybrid Worker (Windows and Linux) for the 31 August 2024

Azure Automation is deprecating the agent-based Hybrid Runbook Worker (Windows and Linux) and this will definitely happen on 31 August 2024. You must migrate to extension-based Hybrid Workers by that date (Windows and Linux).

The main advantages of the extension-based Hybrid Runbook Worker are:

  • uses system-assigned managed identities, so you don't need to manage certificates for authentication;
  • offers automatic updating of minor versions;
  • simplify hybrid worker management at scale with native integration with Azure Resource Manager and governance with Azure Policy.

Migrating authentication from Run As account to Managed Identity in ASR

It is now possible to migrate the authentication type of accounts, moving to managed identities, using Azure Site Recovery from the Azure portal. Authentication of runbooks via Run As accounts will be deprecated on 30 September 2023. Before that date, runbooks need to be migrated to enable the use of Managed Identities.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article the latest improvements and updates concerning this solution are reported.

Azure Arc

Improved Azure Arc integration with Datadog

Microsoft is improving the ability to observe and manage IT infrastructure thanks to the integration of Microsoft Azure Arc with Datadog. Based on the consolidated collaboration, Microsoft is integrating Datadog with Azure Arc natively, to meet Datadog customers, providing rich insights from Azure Arc-enabled resources directly into Datadog dashboards. Customers can monitor real-time data during cloud migrations and performance of applications running in both public cloud and hybrid or multicloud environments.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • availability of a new Defender for Storage plan, which includes near real-time scanning for malware and detection of threats to sensitive data;
  • data-aware security posture (preview);
  • new experience for managing Azure default security policies;
  • Defender per CSPM (Cloud Security Posture Management) is now available (GA);
  • ability to create custom security standards and recommendations in Microsoft Defender for Cloud;
  • Microsoft Cloud Security Benchmark (MCSB) version 1.0 is now available (GA);
  • some regulatory compliance standards are now available in government clouds;
  • new preview recommendation for Azure SQL Servers;
  • new notice in Defender for Key Vault.

Protect

Azure Backup

Immutable vaults for Azure Backup

Immutable vaults are now also available for production environments and offer greater security for backups, ensuring that recovery points created once cannot be deleted before they expire. Azure Backup prevents any operation on immutable vaults which could lead to backup data loss. Furthermore, you can lock immutable vault ownership to make it irreversible. This helps protect your backups from threats such as ransomware attacks and malicious actors, preventing operations such as deleting backups or reducing retention in backup policies.

Backup per Azure Kubernetes Service (preview)

Organizations using Azure Kubernetes Services (AKS) increasingly run stateful applications on their clusters, deploying workloads such as Apache Kafka-based messaging queues and databases such as Postgres and MongoDB. With data storage within the cluster, backup and recovery become a major concern of IT managers. Make sure Kubernetes backup capabilities are scalable, flexible and purpose-built for Kubernetes is central to an overall data protection plan. Azure Backup introduced now Backup for AKS. This solution simplifies the backup and recovery of containerized applications and data and allows customers to configure a scheduled backup for both cluster state and application data. Backup for AKS is aligned with the Container Storage Interface (CSI) to offer Kubernetes-aware backup capabilities. The solution allows customers to unlock different scenarios, such as data backup for application security and regulatory requirements, cloning of development/test environments and rollback management.

Azure Backup allows you to keep backups in vaults for Azure Blob and for Azure File (preview)

Azure Backup now supports transferring Azure Blob and Azure File backups to vaults. A vault is a logical entity that stores backups and recovery points created over time. In this regard, you can define a backup schedule for creating recovery points and specify retention settings that determine how long backups will be stored in the vault. Backups in the vault are isolated from the source data and allow you to tap into the data even if the source data has been compromised, performing resets.

Listed below are some of the main features that can be achieved by placing backups in vaults:

  • Offsite copy of data: allows you to restore mission-critical data from backups, regardless of the state of the source data.
  • Long-term retention of backup data, which helps you meet compliance requirements, particularly in the financial and healthcare sectors, with strict guidelines on the data retention period.
  • Recovery in alternate location: allows you to restore data to an alternate account if the source storage account is compromised or create different copies of your data for testing or development purposes.
  • Centralized management through the backup center: backups in vaults can be monitored and analyzed at scale alongside other protected workloads using Azure Backup.
  • Safe backups. The built-in security features of Azure Backup, such as multi-user authorization (MUA) for critical backup operations, data encryption and role-based access control (RBAC), help protect the backups in the vault and meet your backup security needs.

Azure Site Recovery

Improved the ability to rename network interfaces and disks of protected virtual machines

ASR introduces a new, easier way to name and rename network interfaces (NIC) and the virtual machine disks in the recovery service vaults.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, This month, the biggest news is support for web app discovery and assessment for Azure app service for Hyper-V and physical servers.

Azure Database Migration

Offline Azure SQL Database migrations with the Azure SQL Migration extension

Offline migrations of SQL Server databases running on-premises, on Azure virtual machines or any virtual machine running in the cloud (private, public) to Azure SQL Database it is possible to do it through the Azure SQL Migration extension. The new migration feature of the Azure SQL Migration extension for Azure Data Studio provides an end-to-end experience to modernize SQL Server on Azure SQL Database. The extension allows you to prepare for the migration with actions to remediate any blockages and allows you to obtain recommendations to adequately size the Azure SQL Database targets, including hardware configuration in the Hyperscale service tier.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (March 2023 – Weeks: 11 and 12)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution: Azure Hybrid Benefit for SQL Server

Azure Hybrid Benefit (AHB) for SQL Server is now available in Azure VMware Solution (AVS). With AHB for SQL Server on Azure VMware Solution, you can take advantage of the unlimited virtualization licensing capability included with the SQL Server Software Assurance. To this end, you can configure and enable VM-Host placement policies via the Azure portal and apply Azure Hybrid Benefit.

Networking

Azure Firewall Basic

Azure Firewall Basic is a new SKU for Azure Firewall designed for small and medium-sized businesses. Azure Firewall Basic can be deployed inside a virtual network or a virtual hub. This gives businesses the flexibility to choose the deployment option that best meets their needs.

The main benefits are:

  • Comprehensive, cloud-native network firewall security
    • Network and application traffic filtering
    • Threat intelligence to alert on malicious traffic
    • Built-in high availability
    • Seamless integration with other Azure security services
  • Simple setup and easy-to-use
    • Setup in just a few minutes
    • Automate deployment (deploy as code)
    • Zero maintenance with automatic updates
    • Central management via Azure Firewall Manager
  • Cost-effective
    • Designed to deliver essential, cost-effective protection of your resources within your virtual network

Pricing and billing for Azure Firewall Basic with secured virtual hub will be effective starting May 1, 2023.

Azure Virtual Network Manager

Azure Virtual Network Manager (AVNM) is now generally available. AVNM is a highly scalable and available network management solution that allows you to simplify network management across subscriptions globally. Using its centralized network management capabilities, you can manage your network resources at scale from a single plane of glass.

Key features of Azure Virtual Network Manager include:

  • global management of virtual network resources across regions, subscriptions, and tenants;
  • automated management and deployment of virtual network topology to create hub and spoke*;
  • high-priority security rule enforcement at scale to protect your network resources*;
  • safe deployment of network configurations across desired regions.

*The mesh topology and security admin rule features remain in public preview and will become generally available soon

Azure Traffic Manager: reserved namespaces for subdomains

Azure Traffic Manager has added functionality for reserving domain labels for traffic manager profiles. Any customer requesting a traffic manger profile of the form label1.trafficmanager.net will have “label1” label reserved for the tenant and another user will not be able to create a new traffic manager profile with this name or subdomains below it. For example if a user creates a profile names label1.trafficmanager.net then “label1” and all labels of form “<labelN>….<lable2>.<label1>.trafficmanager.net” will be reserved for the subscription. With these enhancements, once a namespace is created by a customer under trafficmanager.net domain, it will not be available for any other tenant. This enhancement ensures that customers have full control over the labels tree used in their traffic manager profiles and enables customers better manage their namespace without having to worry about a specific name/label being in use by other tenants.

Illumio for Azure Firewall (preview)

Microsoft partnered with Illumio, the leader in Zero Trust Segmentation, to build Illumio for Azure Firewall, an integrated solution that brings the benefits of Zero Trust Segmentation to Azure Firewall.

Illumio for Azure Firewall uses the Azure platform to protect your resources across your Azure virtual networks and at your Azure perimeter. It enables organizations to understand application traffic and dependencies and apply consistent protection across your environment – limiting exposure, containing breaches, and improving efficiency. Illumio for Azure Firewall also helps simplify Zero Trust Segmentation by enhancing visibility, streamlining policy management, and providing scalable security.

Key benefits:

  • Reduce security risks with a single view of your east-west and north-south traffic based on Azure Firewall flow data within your Azure subscriptions.
  • Gain a holistic view of your application traffic with real-time visibility of interactions and dependencies across your environment.
  • Easily deploy and configure Azure application-based polices within the Illumio platform.
  • Deploy Azure Firewall policies confidently with policies that automatically scale along with your applications.
  • Avoid application downtime by understanding the impact of Azure Firewall policies before they are enforced.
  • Works with all 3 SKUs of Azure Firewall – Basic, Standard, and Premium – to meet the needs of any organization.

Accelerated Connections for Network Virtual Appliances now in Azure Marketplace (preview)

Accelerated Connections is a new product that enhances Accelerated Networking enabled vNICs, enabling customer flexibility in selecting the best option of CPS capabilities suited to match their Azure implementation. This offering will enable you to achieve the first bare-metal-like performance levels for connections per second (CPS) in Azure.

Storage

Ephemeral OS disks supports encryption at host using customer managed keys

Ephemeral OS disks can be encrypted at host using platform managed keys or customer managed keys. The default is platform managed keys. This feature would enable our customers to meet your organization’s compliance needs.

Azure Ultra Disk Storage in Brazil Southeast, South Africa North and UAE North

Azure Ultra Disk Storage is now available in one zone in Brazil Southeast, South Africa North and UAE North region. Azure Ultra Disk Storage offers high throughput, high IOPS and consistent low latency disk storage for Azure Virtual Machines (VMs). Ultra Disk Storage is well suited for data-intensive workloads such as SAP HANA, top-tier databases and transaction-heavy workloads.

Encryption scopes on hierarchical namespace enabled storage accounts

Encryption scopes introduce the option to provision multiple encryption keys in a storage account with hierarchical namespace. Using encryption scopes, you now can provision multiple encryption keys and choose to apply the encryption scope either at the container level (as the default scope for blobs in that container) or at the blob level. The capability is available for REST, HDFS, NFSv3 and SFTP protocols in an Azure Blob / Data Lake Gen2 storage account. The key that protects an encryption scope may be either a Microsoft-managed key or a customer-managed key in Azure Key Vault. You can choose to enable automatic rotation of a customer-managed key that protects an encryption scope. When you generate a new version of the key in your Key Vault, Azure Storage will automatically update the version of the key that is protecting the encryption scope, within a day.

Performance Plus for Azure Disk Storage (preview)

Azure Disk Storage now offers a new feature called Performance Plus, which enhances the IOPS and throughput performance of Standard HDD, Standard SSD, and Standard HDD disks that are sized 1TB or larger. Performance Plus is offered for free and is available to use through deployments on Azure Command-Line Interface (CLI) and PowerShell.

Azure IaaS and Azure Stack: announcements and updates (March 2023 – Weeks: 09 and 10)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution in Microsoft Azure Government (preview)

Azure VMware Solution is a fully managed service in Azure that customers can use to extend their on-premises VMware workloads more seamlessly to the cloud, while maintaining their existing skills and operational processes. Azure VMware Solution is already available in Azure commercial for any customer, including public sector organizations. With this launch, Microsoft is extending the same benefits of Azure VMware Solution to Azure Government, where US Government customers and their partners can meet their security and compliance needs.

Spot Priority Mix

Spot Priority Mix is a new feature for Virtual Machine Scale Sets (VMSS) with Flexible Orchestration Mode enabled. With Spot Priority Mix, customers can now mix spot and standard virtual machines in their Flexible scale set, providing the high availability of standard virtual machines and the cost savings of Spot virtual machines. This feature also allows customers to autoscale their scale set with a percentage split of Spot and standard virtual machines, providing even more flexibility and cost optimization. With Spot Priority Mix, customers can specify a base number of standard virtual machines and a percentage split of spot and standard virtual machines to be used when the scale set capacity is above the base number of standard virtual machines. This allows customers to ensure that their critical workloads are always running on standard virtual machines, while taking advantage of the cost savings offered by spot virtual machines for non-critical, interruptible workloads.

Networking

Azure Network Watcher: new enhanced connection troubleshoot

As customers bring sophisticated, high-performance workloads into Azure, there is a critical need for increased visibility and control over the operational state of complex networks running these workloads. One such day-to-day common occurring scenario is connectivity.

Although Microsoft Azure Network Watcher provides numerous specialized standalone tools to diagnose and troubleshoot connectivity cases. These tools include:

  • IP Flow Verify – helping detect blocked traffic due to network security group (NSG) rules restriction
  • Next Hop – determine intended traffic as per the rules of the effective route
  • Port Scanner – helping determine any port blocking traffic.

With a one-stop solution to all disjointed operations and actionable insights at the fingertips, the new comprehensive and improved Network Watcher connection troubleshoot aims to reduce mean time to resolution and improve your experience.

New features:

  • Unified solution for troubleshooting all NSG, user defined routes, and blocked ports
  • Actionable insights with step-by-step guide to resolve issues
  • Identifying configuration issues impacting connectivity
  • NSG rules that are blocking traffic
  • Inability to open a socket at the specified source port
  • No servers listening on designated destination ports
  • Misconfigured or missing routes

Scale improvements and metrics enhancements on Azure’s regional WAF

You can now do more with less using the increased scale limits for Azure’s regional Web Application Firewall (WAF) running on Application Gateway. These increased scale limits allow you greater flexibility, and scale, when configuring your WAF to meet the needs of your applications and network. Application Gateway v2 WAF enabled SKUs running Core Rule Set (CRS) 3.2 or higher now supports a higher number of frontend ports, HTTP load-balancing rules, backend HTTP settings, SSL certificates, number of sites, and redirect configurations. The regional WAF also increased the number of HTTP listeners from 40 to 200. You can leverage the new metrics for Azure’s regional v2 WAF when you use CRS 3.2 or higher, or if your WAF has bot protection and geo-filtering enabled. The regional WAF now allows you to filter the metrics total requests, managed rule matches, custom rule matches, and bot protection matches by the dimensions policy name, policy scope and ruleset name, in addition to the already existing dimensions that the WAF supports.

Azure Virtual Network Manager Event Logging (preview)

Azure Virtual Network Manager (AVNM) event logging is now available for public preview. AVNM is a highly scalable and available network management solution that allows you to simplify network management across subscriptions globally. With this new feature, you can monitor changes in network group membership by accessing event logs. Whenever a virtual network is added to or removed from a network group, a corresponding log is emitted for that specific addition or removal. You can view and interact with these logs using Azure Monitor’s Log Analytics tool in the Azure Portal, or you can store them in your storage account, or send them to an event hub or partner solution.

Storage

More transactions at no additional cost for Azure Standard SSD

Microsoft has made changes to the billable transaction costs per hour that can result in additional cost savings. The total cost of Azure Standard SSD storage depends on the size, number of disks, and the number of transactions. Any transactions that exceed the maximum hourly limit will not incur additional charges. New prices took effect on March 6th, 2023.

Customer Initiated Storage Account Conversion

Microsoft is now supporting the self-service ability to convert storage accounts from non-zonal redundancy (LRS/GRS) to zonal redundancy (ZRS/GZRS). You can now save time by initiating a storage account conversion directly through Azure Portal rather than creating a support ticket. Converting your storage account to zonal redundancy allows you to increase your intra-regional resiliency and availability.

Online live resize of persistent volumes

Live resizing capability allows you to dynamically scale up your persistent volumes without application downtime. Previously, in order to resize the disk, you had to scale down your deployment to zero pods, wait several minutes for the disk to detach, update your persistent volume claim, and then scale back up the deployment. With Live resize of persistent volumes, you can just modify your persistent volume claim directly, avoiding any application downtime.

Azure Ultra Disk Storage in the China North 3 Azure region

Azure Ultra Disk Storage is now available in the China North 3 Azure region. Azure Ultra Disk Storage offers high throughput, high input/output operations per second (IOPS), and consistent low latency disk storage for Azure Virtual Machines. Ultra Disk Storage is well-suited for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads.

Azure Archive Storage now available in West US 3

Azure Archive Storage provides a secure, low-cost means for retaining rarely accessed data including backup and archival storage. Now, Azure Archive Storage is available in West US 3.

Azure Management services: what's new in February 2023

During the month of February some news regarding the Azure management services were announced. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Improved experience for creating and managing private endpoints for Recovery Services vaults

Azure Backup allows you to use private endpoints to perform backups and restores securely, using private IPs of virtual networks. Azure Backup recently introduced several enhancements that provide an easier experience for creating and using private endpoints for Recovery Service vaults. The main improvements made as part of this update are as follows:

  • Ability to create private endpoints without managed identities
  • Use fewer private IPs per vault
  • You no longer need to create separate private endpoints for blob and queue services

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 66 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concerns the discovery and assessment support for SQL Server Always On failover cluster instances and Always On availability groups.

Azure Database Migration

Database migrations with login and TDE

The new feature of the Azure SQL Migration extension makes the post database migration experience smoother. In fact,, you can have instance-level object migration support, such as SQL and Windows logins, the permissions, server roles and updated user mapping of previously migrated databases.

Furthermore, you can now perform TDE-enabled database migrations with a wizard that automates the backup process, copying and reconfiguring database encryption keys for Azure SQL Managed Instance targets.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (February 2023 – Weeks: 07 and 08)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Create disks from CMK-encrypted snapshots across subscriptions and in the same tenant

To ease manageability, Microsoft makes disks encrypted with customer-managed keys (CMK) more flexible by allowing creation of disks and snapshots from CMK-encrypted source across subscriptions.

Incremental snapshots for Premium SSD v2 Disk Storage (preview)

Incremental snapshots for Premium SSD v2 Disk Storage in the US East and West Europe Azure region are available. This new capability is particularly important to customers who want to create a backup copy of their data stored on disks to recover from accidental deletes, or to have a last line of defense against ransomware attacks, or to ensure business continuity. You can now create incremental snapshots for Premium SSD v2 Disk Storage on Standard HDD. Additionally, snapshot resources can be used to store incremental backups of your disk, create or recover to new disks, or download snapshots to on-premises locations. This new feature adds an extra layer of data protection and flexibility for users.

Azure Managed Lustre (preview)

Azure Managed Lustre is a managed, pay-as-you-go file system purpose-built for high-performance computing (HPC) and AI workloads. This high-performance distributed parallel file system delivers hundreds of GBps storage bandwidth and solid-state disk latency and integrates fully with Azure services such as Azure HPC Compute, Azure Kubernetes Service, and Azure Machine Learning.

Use this system to:

  • Simplify operations
  • Reduce setup costs
  • Eliminate complex maintenance

Azure NetApp Files updates (preview)

  • Azure NetApp Files volume user and group quotas: in some scenarios you may want to limit this storage consumption of users and groups within the volume. With Azure NetApp Files volume and group quotas you can now do so. User and/or group quotas enable you to restrict the storage space that a user or group can use within a specific Azure NetApp Files volume. You can choose to set default (same for all users) or individual user quotas on all NFS, SMB, and dual protocol-enabled volumes. On all NFS-enabled volumes, you can set default (same for all users) or individual group quotas.
  • You can now create Azure NetApp Files large volumes between 100TiB to 500TiB in size.
  • Azure NetApp Files now supports smaller 2TiB capacity pool sizes, lowered from 4TiB, when used with volumes using standard network features.
  • Azure NetApp Files volumes now support encryption with customer-managed keys (CMK), using Azure Key Vault for key storage, to enable an extra layer of security for data at rest.

Azure IaaS and Azure Stack: announcements and updates (February 2023 – Weeks: 05 and 06)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New planned datacenter region in Saudi Arabia (Saudi Arabia Central)

Microsoft will establish a new datacenter region in the country, offering organizations in Saudi Arabia local data residency and faster access to the cloud, delivering advanced data security and cloud solutions. The new datacenter region will also include Availability Zones, providing customers with high availability and additional tolerance to datacenter failures.

Azure Kubernetes Service introduces two pricing tiers: Free and Standard

To better communicate the benefits and use cases for the two control plane management options, today, Azure Kubernetes Service (AKS) is introducing two pricing tiers: Free tier and Standard tier. Previously, few customers were aware of the uptime SLA support, and many did not have the uptime SLA feature enabled for critical production workload. With the Standard tier, Microsoft hopes to help increase customer awareness and allow customers to gain the full benefits of the Standard tier for production workload to minimize disruption.

AKS’s unique Free tier allows you to only pay for the virtual machines, and associated storage and networking resources consumed, and you get the managed Kubernetes control plane for free. This allows you to deploy unlimited free test clusters to decide if AKS is right for your needs and allows you to configure and test your infrastructure set-up before running critical production workloads. The Free tier is recommended for clusters with less than 10 nodes and for experimenting, learning, and simple testing.

The new Standard tier is the recommended control plane management pricing option which comes with greater control plane resources, scalability and the existing uptime SLA support. Customers currently signed up for the uptime SLA support will automatically be moved to the Standard tier with no change in cost or action needed. Standard tier not only includes the uptime SLA, but it will also include additional features such as support for up to 5000 nodes per cluster and API server autoscaling.

Microsoft Azure Load Testing is now Generally Available

Azure Load Testing is a fully managed load-testing service that enables you to generate high-scale load, gain actionable insights, and ensure the resiliency of your applications and services. The service simulates traffic for your applications, regardless of where they’re hosted. Developers, testers, and quality assurance (QA) engineers can use it to optimize application performance, scalability, or capacity.

Trusted launch for Azure VMs in Azure for US Government regions

Trusted launch for Azure virtual machines is available in all Azure for US Government regions: US Gov Virginia, US Gov Arizona US Gov Texas, US DoD East, US DoD Central. Trusted launch for Azure VMs allows you to bolster the security posture of an Azure Virtual Machine.

Storage

Azure File Sync agent v16

The Azure File Sync agent v16 release is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed:

  • Improved Azure File Sync service availability: Azure File Sync is now a zone-redundant service which means an outage in a zone has limited impact while improving the service resiliency to minimize customer impact. To fully leverage this improvement, configure your storage accounts to use zone-redundant storage (ZRS) or Geo-zone redundant storage (GZRS) replication.
  • Sync upload performance improvements: this improvement will mainly benefit file share migrations (initial upload) and high churn events on the server in which a large number of files need to be uploaded.
  • Immediately run server change enumeration to detect files changes that were missed on the server.
  • Miscellaneous reliability and telemetry improvements for cloud tiering and sync.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • The agent version for this release is 16.0.0.0.
  • Installation instructions are documented in KB5013877.

Azure storage access tiers to append blobs and page blobs with blob type conversion

Azure Storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it’s being used. Azure Storage access tiers include hot tier, cool tier, and archive tier. Azure Storage access tiers support only block blobs natively. When you need to save cost of storing append blobs or page blobs, you can convert them to block blobs then move them into the most cost-efficient tiers based on your access patterns. Blob type conversion along with tiering is now supported by PowerShell, CLI and AzCopy.

Azure Management services: what's new in January 2023

The new year started with several announcements from Microsoft regarding news related to Azure management services. The monthly release of this summary allows you to have an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Certificate the IT Service Management Connector (ITSMC) with ServiceNow Tokyo version (preview)

The IT Service Management Connector (ITSMC) is certified on the Tokyo version of ServiceNow. This connector provides a two-way connection between Azure Monitor and ServiceNow, useful to help you track and fix problems faster.

Govern

Azure Cost Management

Management of billing accounts for EA customers

For Enterprise Agreement customers (EA) “indirect” the ability to manage your billing accounts directly from Cost Management and Billing has been introduced. All relevant information regarding department, account and subscription are available directly from the Azure portal. Furthermore, from the same point it is possible to view the properties and manage the policies of the indirect EA enrollments.

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Azure Arc

Active Directory Connector for Arc-enabled SQL MI

Azure Arc-enabled data services introduced Active Directory support (AD) for the management of Identity and Access Management (IAM). Indeed, the Arc-enabled SQL Managed instance can use an Active Directory domain (AD) existing on-premises for authentication. To facilitate this, Azure Arc-enabled data services introduce a new Custom Resource Definition (CRD) native Kubernetes called Active Directory Connector. This provides Azure Arc-enabled SQL Managed Instances running on the same data controller the ability to perform Active Directory authentication.

View SQL Server databases using Azure Arc (preview)

Today, customers and partners manage a large number of databases. For each of these databases, it is essential to be able to create an accurate mapping of the configurations. This may be for inventory or reporting purposes. Centralizing database inventory in Azure using Azure Arc allows you to create a unified view of all your databases in one place, regardless of the infrastructure in which they are located: in Azure, in the data center, at edge sites or even other clouds.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • the endpoint protection component (Microsoft Defender for Endpoint) it is now accessible on the Settings and monitors page;
  • new version of the recommendation to find missing system updates;
  • cleanup of deleted Azure Arc machines in linked AWS and GCP accounts.

Protect

Azure Backup

Updates and improvements regarding SAP HANA

The following updates and improvements have been made recently to Azure Backup for SAP HANA, the certified solution Backint for protecting SAP HANA databases residing in Azure virtual machines:

  • Long-term retention for backups “adhoc”: it is now possible to provide customized retention for backups that occur on demand, outside the scheduled policies.
  • Partial restore-as-files: Azure Backup for HANA allows recovery points to be restored as a file. If you download the entire chain for one recovery point and want to repeat the operation for another adjacent recovery point, you don't need to download the entire chain again. It is also possible to restore only the files you want.
  • Integration with native clients and with other tools: previously, for certain scenarios, it was necessary to deactivate backint before the request and reactivate it afterwards, thereby increasing the RPO. With the improvements introduced, these additional steps are no longer necessary and it will be sufficient to activate the requests from the native clients or from the other tools used.

Azure Site Recovery

Ability to use Azure Backup Center for ASR monitor

Azure Backup Center is the point of reference for those who use the native backup features of the Azure platform and allows them to govern, to monitor, manage and analyze backup tasks. Microsoft has extended its capabilities by including monitor capabilities for Azure Site Recovery, which:

  • Viewing the inventory of replicated items, from a single view, for all vaults.
  • Consultation through a control panel of all the replication jobs.

Azure Backup Center supports ASR replication scenarios involving Azure virtual machines, VMware and physical machines.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Possibility to plan savings with the ASP savings option (Azure Savings Plan for compute) with the Azure Migrate business case and assessment.
  • Support for exporting the business case report to an .xlsx workbook from the portal.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (January 2023 – Weeks: 03 and 04)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Classic VM retirement: extending retirement date to September 1st 2023

Microsoft is providing an extended migration period for IaaS VMs from Azure Service Manager to Azure Resource Manager. To avoid service disruption, plan and migrate IaaS VMs from Azure Service Manager to Resource Manager 1 September 2023. There are multiple steps to this transition, so we recommend that you plan your migration promptly to avoid potential system interruption.

Networking

Application security groups support for private endpoints

Private endpoint support for application security groups (ASGs) is now available. This feature enhancement will allow you to add granular controls on top of existing network security group (NSG) rules by attaching an ASG to the private endpoint network interface. This will increase segregation within your subnets without losing security rules. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled on the subnet containing private endpoint resources.

Storage

5 GB Put Blob

Azure Storage is announcing the general availability of 5 GB Put Blob. This allows you to upload nearly 20x the previous limit of Put Blob uploads while increasing the maximum size of Put Blob from 256 MiB to 5000 MiB.

Mount Azure Storage as a local share in App Service Windows Code

Mounting Azure Storage File share as a network share in Windows code (non-container) in App Service is now available.

Incremental snapshots for Ultra Disk Storage (preview)

The preview of incremental snapshots for Ultra Disk in the Sweden Central and US West 3 Azure region is available. This new capability is particularly important to customers who want to create a backup copy of their data stored on disks to recover from accidental deletes, or to have a last line of defense against ransomware attacks, or to ensure business continuity. You can now create incremental snapshots for Ultra Disk on Standard HDD. Additionally, snapshot resources can be used to store incremental backups of your disk, create or recover to new disks, or download snapshots to on-premises locations.

Azure Stack

Azure Stack HCI

Software Defined Networking (SDN) with WAC v2211

In this article there are all new features and improvements for SDN in Windows Admin Center 2211 (WAC) for Azure Stack HCI.

Azure IaaS and Azure Stack: announcements and updates (January 2023 – Weeks: 01 and 02)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Azure Ultra Disk Storage in Switzerland North and Korea South

Azure Ultra Disk Storage is now available in one zone in Switzerland North and with Regional VMs in Korea South. Azure Ultra Disk Storage offers high throughput, high IOPS, and consistent low latency disk storage for Azure Virtual Machines (VMs). Ultra Disk Storage is well-suited for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads.

Azure Active Directory authentication for exporting and importing Managed Disks

Azure already supports disk import and export locking only from a trusted Azure Virtual Network (VNET) using Azure Private Link. For greater security, the integration with Azure Active Directory (AD) to export and import data to Azure Managed Disks is available. This feature enables the system to validate the identity of the requesting user in Azure AD and verify that the user has the required permissions to export and import that disk.

Azure IaaS and Azure Stack: announcements and updates (December 2022 – Weeks: 51 and 52)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

During these two weeks of holidays, there were no notable news related to these areas.

We look forward to 2023 for lots of news!

I wish everyone a happy 2023!