In December, several news regarding Azure management were announced by Microsoftservices. The release of this summary, which occurs on a monthly basis, want to provide an overview of the main news of the month, in order to stay updated on these topics and have the necessary references to conduct further investigations.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
Azure Monitor Agent: IIS logsand custom logs
The Azure Monitor agent allows you to collect text files and IIS logs and merge them into a Log Analytics workspace. In this regard, a new feature has been introduced to allow the collection of text logs generated in the application environment, exactly as it happens for Internet Information Service logs (IIS).
Azure Monitor Logs: custom log API and ingestion-timetransformation
A new set of features is now available in Azure Monitor that allows you to fully customize the shape of the data that flows into your workspace, plus a new API for custom data merging. Thanks to these new features, it is possible to envisage customized transformations to the data at the time of ingestion. These transformations can be used to set up the extraction of fields during ingestion, obfuscate sensitive data, proceed to remove unnecessary fields or to delete complete events (useful for example to contain costs). Furthermore, it is possible to completely customize the data sent to the new API for custom logs. As well as being able to specify a transformation on the data sent to the new API, you can also explicitly define the schema of your custom table (including dynamic data structures) and leverage AAD authentication and ARM RBAC management.
Configure
Azure Automation
Extension for the Hybrid Runbook Worker
The User Hybrid Worker extension was announced in Azure Automation, which is based on the virtual machine extensions framework and offers an integrated installation experience. There is no dependency on the Log Analytics agent and workspace, and authentication is via System-assigned managed identities, eliminating the need to manage certificates. Furthermore, ensures automatic minor version upgrades by default and simplifies small-scale management of Hybrid Workers through the Azure portal, cmdlet PowerShell, Azure CLI, Bicep, ARM templates and the REST API.
Govern
Azure Cost Management
Use tag inheritance for cost management (preview)
Tag inheritance was announced in a public preview, which allows you to automatically apply subscription and resource group tags to child resources. This mechanism simplifies cost management pipelines.
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article the main improvements and updates of this solution are reported for the year 2022.
Azure Arc
Azure Arc enabled Azure Container Apps (preview)
Azure Container Apps enables developers to quickly build and deploy microservices and containerized applications. Deploying an Arc extension on Azure Arc enabled Kubernetes cluster, IT administrators gain control of the underlying hardware and environment, enabling high productivity of Azure PaaS services within a hybrid environment. The cluster can be on-premise or hosted in a third-party cloud. This approach allows developers to leverage the functionality and productivity of Azure Container Apps anywhere, not only in Azure environment. While, IT administrators can maintain corporate compliance by hosting applications in hybrid environments.
Server Azure Arc enabled in Azure China
Azure Arc-enabled servers are now also operable in two regions of Azure China: Est China 2 and North China 2.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.
Protect
Azure Backup
Recovery of Azure virtual machines Cross Zonal
Azure Backup exploits the potential of Zonal Redundant Storage (ZRS), which stores three replicas of backup data in different Availability Zones, synchronously. This allows recovery points stored in the Recovery Services Vault to be used with ZRS storage even if the backup data in one of the Availability Zones is unavailable, ensuring data availability within a region.
The Cross Zonal Restore option can be considered when:
Zone-wide availability of backup data is critical, and backup data downtime is unacceptable. This allows you to restore Azure virtual machines and disks to any zone of your choice in the same region.
Backup data resilience is needed along with data residency.
Azure Kubernetes Service (AKS) Backup (private preview)
For the Azure Backup service, the private preview of AKS Backup was announced. Using this feature it is possible:
Back up and restore containerized applications, both stateless and stateful, running on AKS clusters
Back up and restore data stored on persistent volumes attached to clusters.
Perform backup orchestration and management from the Backup Center.
Azure Site Recovery
Increased the churn limit(preview)
Azure Site Recovery (ASR) increased the data churn limit by approx 2,5 times, bringing it to 50 MB/s per disk. This way you can configure disaster recovery (DR) for Azure VMs with a data churn of up to 100 MB/s. This allows you to enable DR for IO intensive workloads. This feature is only available for Azure-to-Azure replication scenarios.
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 65 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. The main news of this month are described in detail in the following paragraphs.
Software inventory and agentless dependency analysis
Azure Migrate agentless software inventory and dependency analysis is now available for Hyper-V VMs, for bare-metal servers and for servers running on other public clouds such as AWS and GCP. It is therefore possible to inventory the applications, the roles and features installed on those systems. Furthermore, you can run dependency analysis on discovered Windows and Linux servers without installing any agents. Thanks to these features it is possible to build migration plans to Azure more effectively, going to group the servers related to each other.
Building a business case with Azure Migrate (preview)
Azure Migrate's business case feature helps you build business propositions to understand how Azure can drive the most value. In fact,, this solution allows you to understand the return on investment regarding the migration of server systems to Azure, of SQL Server deployments and ASP.NET web applications running in the VMware environment . The business case can be created with just a few clicks and can help you understand:
Total cost of ownership on-premises vs Azure and annual cash flow.
Resource utilization-based insights to identify ideal servers and workloads for the cloud and recommendations for right sizing in Azure.
Benefits for migration and modernization, including the end of support for Windows and SQL versions.
Long-term savings by moving from a capital expenditure model to an operating expenditure model, paying only for what you use.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
Azure Dedicated Host gives you more control over the hosts you deployed by giving you the option to restart any host. When undergoing a restart, the host and its associated VMs will restart while staying on the same underlying physical hardware. With this new capability, now generally available, you can take troubleshooting steps at the host level.
New Memory Optimized VM sizes (preview)
The new E96bsv5 and E112ibsv5 VM sizes part of the Azure Ebsv5 VM series offer the highest remote storage performances of any Azure VMs to date. The new VMs can now achieve even higher VM-to-disk throughput and IOPS performance with up to 8,000 MBps and 260,000 IOPS. This enables you to run data intensive workloads more efficiently and process more data on fewer vCPUs, potentially optimizing infrastructure and licensing costs.
Networking
Feature enhancements to Azure Web Application Firewall (WAF)
Azure’s global Web Application Firewall (WAF) running on Azure Front Door, and Azure’s regional WAF running on Application Gateway, now support additional features that help organizations improve their security posture and make it easier to manage logging across resources:
SQL injection (SQLi) and cross site scripting (XSS) detection queries: new Azure WAF analytics SQLi and XSS detection rule templates simplify the process of setting up automated detection and response with Microsoft’s security incident & event management (SIEM) service: Microsoft Sentinel.
Azure policies for WAF logging: the regional WAF on Application Gateway and the global WAF running on Azure Front Door now have built-in Azure policies requiring resource logs and metrics. This allows organizations to enforce standards for WAF deployments to collect logs and metrics for further analysis and insights related to security events.
In addition, Azure regional WAF on Application Gateway now has:
Increased exclusion limit: CRS 3.2 or greater ruleset now supports exclusions limit up to 200, a 5x increase from older versions; allowing for greater customization on how the WAF handles managed rulesets.
Bot Manager ruleset exclusion rules: exclusions are extended to Bot Manager Rule Set 1.0. Learn more: WAF exclusions.
Uppercase transform on custom rules: you can now handle case sensitivity when creating custom WAF rules using uppercase transform in addition to the lowercase transform.
The cross-zone replication feature allows you to replicate your Azure NetApp Files volumes asynchronously from one Azure availability zone (AZ) to another in the same region. It uses a combination of the SnapMirror® technology used with cross-region replication and the new availability zone volume placement feature, to replicate data in-region; only changed blocks are sent over the network in a compressed, efficient format. It helps you protect your data from unforeseeable zone failures, without the need for host-based data replication. This feature minimizes the amount of data required to replicate across the zones, therefore limiting data transfers required and also shortens the replication time, so you can achieve a smaller restore point objective (RPO). Cross-zone replication doesn’t involve any network transfer costs, and hence it is highly cost-effective.
Azure HX series and HBv4 series virtual machines (preview)
The Azure HX series and HBv4 series virtual machines (VMs) are now in preview in the East US region. These VMs, powered by AMD 4th gen EPYCTM “Genoa” CPUs, improve the performance and cost-effectiveness of a variety of memory performance bound, compute bound, and massively parallel workloads. These new VMs deliver more performance, value-adding innovation, and cost-effectiveness to every Azure HPC customer.
Networking
Azure Bastion now support shareable links (preview)
With the new Azure Bastion shareable links feature in public preview and included in Standard SKU, you can now connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal.
This feature will solve two key pain points:
Administrators will no longer have to provide full access to their Azure accounts to one-time VM users, helping to maintain their privacy and security.
Users without Azure subscriptions can seamlessly connect to VMs without exposing RDP/SSH ports to the public internet.
Storage
Azure File Sync agent v15.2
Azure File Sync agent v15.2 is now on Microsoft Update and Microsoft Download Center.
Improvements and issues that are fixed:
Fixed a cloud tiering issue in the v15.1 agent that caused the following symptoms:
Memory usage is higher after upgrading to v15.1
Storage Sync Agent (FileSyncSvc) service intermittently crashes
Files are failing to recall with error ERROR_INVALID_HANDLE (0x00000006)
Fixed a health reporting issue with servers configured to use a non-Gregorian calendar
More information about this release:
This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations
The agent version for this release is 15.2.0.0
Installation instructions are documented in KB5013875
In November, Microsoft released some important news regarding Azure management services. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Management services in Azure overview
Configure
Azure Automation
Support for Availability Zones
Azure Automation has introduced support for Availability Zones so that it can provide greater resiliency and reliability to the service, runbooks and other automation resources. In case a zone is inactive, no user action is required to recover from a zone fault, in fact, the service will be made accessible through the other available areas. In addition to high availability, this feature is useful for implementing a disaster recovery strategy for the Automation Account, often a key component in DR plans in Azure.
Govern
Azure Cost Management
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:
Ability to use tag inheritance to group subscriptions and resource groups.
View cost change over previous period, in the cost analysis preview.
Azure Advisor: new cost recommendations for Virtual Machine Scale Sets
Azure Advisor has expanded the recommendations to include cost optimizations for Virtual Machine Scale Sets as well. Recommendations will include recommendations for shutting down resources that are not being used, recommendations for changing the SKU and downscaling for underutilized resources versus provisioning.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
Protecting containers in a GCP environment with Defender for Containers
Ability to validate Defender for Containers protections via sample alerts
Governance rules at scale (preview)
Protect
Azure Backup
Cross-subscription recovery for VMs in Azure (preview)
The Cross Subscription Restore feature was announced in preview and allows you to restore Azure virtual machines, by creating or restoring new disks, in any subscription, starting from the restore point created by Azure Backup. By default, Azure Backup restores in the same subscription where the recovery points are available. With this new feature, you get the flexibility to perform restores in any subscription of the tenant. Cross Subscription Restore is also supported for restore with Managed System Identities (MSI), while it is not currently supported for Azure encrypted virtual machines and Trusted Launch VMs.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:
Support for using a sudo account to perform agentless dependency analysis on Linux servers running in environments VMware, Hyper-V and for physical systems or in other cloud environments.
Support for selecting VNets and Subnets during test migration (Using PowerShell) for the agentless VMware scenario.
OS disk swap support for agentless VMware scenario.
Support for pausing and resuming replicas using PowerShell for VMware agentless scenario.
Azure Database Migration
Offline Azure SQL Database migrations with the Azure SQL Migration extension
To perform offline migrations of SQL Server databases running on-premises, SQL Server on Azure virtual machines or any virtual machine running in the cloud (private, public) to Azure SQL Database you can use the extension Azure SQL Migration
New Azure SQL Migration extension migration feature provides an end-to-end experience to modernize SQL Servers in Azure SQL Database. The extension allows you to check the readiness of the migration with actions for: remedying possible migration blocks, export assessment results and get appropriate Azure recommendations.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
Stretched Clusters for Azure VMware Solution, now in preview, provides 99.99 percent uptime for mission critical applications that require the highest availability. In times of availability zone failure, your virtual machines (VMs) and applications automatically failover to an unaffected availability zone with no application impact.
Azure NetApp Files Datastores is now generally available to run your storage intensive workloads on Azure VMware Solution. This integration between Azure VMware Solution and Azure NetApp Files enables you to create datastores via the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes and attach the datastores to your private cloud clusters of choice.
Customer-managed keys for Azure VMware Solution is now in preview, both supporting higher security for customers’ mission-critical workloads and providing you with control over your encrypted vSAN data on Azure VMware Solution. With this feature, you can use Azure Key Vault to generate customer-managed keys as well as centralize and streamline the key management process.
New node sizing for Azure VMware Solution. Start leveraging Azure VMware Solution across two new node sizes with the general availability of AV36P and AV52 in AVS. With these new node sizes organizations can optimize their workloads for memory and storage with AV36P and AV52.
Virtual Machine software reservations
The new Virtual Machine software reservations enable savings on your Virtual Machine software costs when you make a one- to three-year commitment for plans offered by third-party publishers such as Canonical, Citrix, and Red Hat.
Arm-based VMs now available in four additional Azure regions
The Dpsv5, Dplsv5, and Epsv5 VMs are available in the following additional four Azure regions: West US, North Central US, UK South, and France Central
Storage
Encrypt managed disks with cross-tenant customer-managed keys
Encrypting managed disks with cross-tenant customer-managed keys (CMK) enables you to encrypt managed disks with customer-managed keys using Azure Key Vault hosted in a different Azure Active Directory (AD) tenant.
Networking
New capabilities for Azure Firewall
Azure Firewall is a cloud-native firewall as a service offering that enables customers to centrally govern and log all their traffic flows using a DevOps approach.
Several key Azure Firewall capabilities are now generally available:
New GA regions in Qatar central, China East, and China North: Azure Firewall Standard, Azure Firewall Premium, and Azure Firewall Manager are now generally available in three new regions: Qatar Central, China East, and China North
IDPS Private IP ranges: in Azure Firewall Premium IDPS, Private IP address ranges are used to identify traffic direction (inbound, outbound, or internal) to allow accurate matches with IDPS signatures. By default, only ranges defined by Internet Assigned Numbers Authority (IANA) RFC 1918 are considered private IP addresses. To modify your private IP addresses, you can now easily edit, remove, or add ranges as needed.
Single Click Upgrade/Downgrade (preview): With this new capability, customers can easily upgrade their existing Firewall Standard SKU to Premium SKU as well as downgrade from Premium to Standard SKU. The process is fully automated and has zero service downtime.
Enhanced Threat Intelligence (preview): Threat Intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and FQDNs. With the new enhancement, Azure Firewall Threat Intelligence has more granularity for filtering based on malicious URLs. This means that customers may have access to a certain domain through a specific URL in this domain will be denied by Azure Firewall if identified as malicious.
KeyVault with zero internet exposure (preview): in Azure Firewall Premium TLS inspection, customers are required to deploy their intermediate CA certificate in Azure KeyVault. Now that Azure firewall is listed as a trusted Azure KeyVault service, customers can eliminate any internet exposure of their Azure KeyVault.
Azure Front Door: new features in preview
New features are available for Azure Front Door (preview):
Azure Front Door zero downtime migration. In March of this year, Microsoft announced the general availability of two new Azure Front Door tiers. Azure Front Door Standard and Premium are native, modern cloud content delivery network (CDN) catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model. The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps or five simple steps if your Azure Front Door (classic) instance has custom domains with your own certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as number of domains, backend pools, routes, and other configurations.
Upgrade from Azure Front Door Standard to Premium tier: Azure Front Door supports upgrading from Standard to Premium tier without downtime. Azure Front Door Premium supports advanced security capabilities and has increased quota limit, such as managed Web Application Firewall rules and private connectivity to your origin using Private Link.
Azure Front Door integration with managed identities. Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault. This feature is in addition to the AAD Application access to Key Vault that is currently supported.
Default Rule Set 2.1 for Azure Web Application Firewall
Default Rule Set 2.1 (DRS 2.1) on Azure’s global Web Application Firewall (WAF) running on Azure Front Door is available. This rule set is available on the Azure Front Door Premium tier.
DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and includes additional proprietary protections rules developed by Microsoft Threat Intelligence team. As with previous DRS releases, DRS 2.1 rules are also tailored by Microsoft Threat Intelligence Center (MSTIC). The MSTIC team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to address those issues while also reducing false positives to our customers.
Bot Manager Rule Set 1.0 on regional Web Application Firewall
A new bot protection rule set (Microsoft_BotManagerRuleSet_1.0) is now generally available for Azure Web Application Firewall (WAF) with Azure Application Gateway. Added to this updated rule set are three bot categories: good, bad, and unknown. Bot signatures are managed and dynamically updated by Azure WAF. The default action for bad bot groups is set to Block, for the verified search engine crawlers group it’s set to Allow, and for the unknown bot category it’s set to Log. You may overwrite the default action with Allow, Block, or Log for any type of bot rule
Per Rule Actions on regional Web Application Firewall
Azure’s regional Web Application Firewall (WAF) with Application Gateway running the Bot Protection rule set and Core Rule Set (CRS) 3.2 or higher now supports setting actions on a rule-by-rule basis. This gives you greater flexibility when deciding how the WAF handles a request that matches a rule’s conditions.
Azure Stack
Azure Stack HCI
Network HUD
Network HUD is a new feature, available with the November update on Azure Stack HCI that detects operational network issues causing stability issues or degrade performance. It distills the various indicators of problems generated by event logs, performance counters, the physical network and more, to proactively identify issues and alert you with contextual messages that you can act on. It also integrates with the existing alerting mechanisms you’re already used to and leverages Network ATC for intent-based analytics and remediation.
Attribute-based access control for standard storage accounts
Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, and requests. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This release makes generally available role assignment conditions using request and resource attributes on Blobs, ADLS Gen2 and storage queues for standard storage accounts.
Premium SSD v2 disks available on Azure Disk CSI driver
Premium SSD v2 is the next-generation Azure Disk Storage optimized for performance-sensitive and general-purpose workloads that need consistent low average read and write latency combined with high IOPS and throughput. Premium SSD v2 is now available with the Azure Disk CSI driver to deploy stateful workloads in Kubernetes on Azure.
Ephemeral OS disk support for confidential virtual machines
The support to create confidential VMs using Ephemeral OS disks is available. This enables customers using stateless workloads to benefit from the trusted execution environments (TEEs). Trusted execution environments protect data being processed from access outside the trusted execution environments.
Encrypt storage account with cross-tenant customer-managed keys
The ability to encrypt storage account with customer-managed keys (CMK) using an Azure Key Vault hosted on a different Azure Active Directory tenant is available. You can use this solution to encrypt your customers’ data using an encryption key managed by your customers.
Availability zone volume placement for Azure NetApp Files (preview)
Azure NetApp Files availability zone volume placement feature lets you deploy new volumes in the logical availability zone of your choice to support enterprise, mission-critical high availability (HA) deployments across multiple availability zones.
In October, Microsoft announced a considerable number of news regarding Azure management services, accomplice also the Microsoft Ignite conference 2022. Through these articles, issued on a monthly basis, I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
New migration tools for the Azure Monitor agent
The Azure Monitor Agent (AMA) provides a way that is secure , economical and performing to collect telemetry data from Azure virtual machines, scale set, Azure Arc-enabled servers and Windows client devices. Microsoft has announced that it is necessary to migrate from the log analytics agent (MMA or OMS agent) to this agent before August 2024. To address this migration you can use the following migration tools:
AMA migration helper: an Azure Monitor workbook-based solution that helps you find out what to migrate and monitor progress in moving from legacy agents to the new Azure Monitor agent.
DCR config generator: the Azure Monitor agent relies only on data collection rules (data collection rule) for configuration, while the legacy agent extracted all its configuration from the Log Analytics workspaces. Using this script, it is possible to analyze the configuration of the legacy agent from the workspaces and automatically generate the corresponding rules. You will be able to associate these rules with systems running the new agent, using the integrated association criteria.
Support of the Azure Monitor agent also for Windows clients
Azure Monitor agent and data collection rules now support client devices Windows 10 and 11. Client devices running the agent must be connected to AAD or hybrid AAD, since the agent relies on the identity of the AAD device for authentication. For client devices, while deploying the same agent that uses data collection rules to manage the configuration, only association is allowed (or targeting) at the AAD tenant level. Granular device targeting is not yet available. Furthermore, the agent is the same used for virtual machines or servers, that is, it has no specific optimization for client devices (ex. for the battery, the network, etc.).
Azure Service Map retirement announced
Microsoft announced that Azure Service Map will be officially retired on 30 September 2025. To monitor connections between servers, processes and connection latencies need to use Azure MonitorVM insights. The experience provided by VM Insights includes the same features as Service Map, beyond:
Improved scalability and support for more complex maps.
More detailed metrics for connections.
Integrated support for grouping machines.
Azure Monitor predictive autoscale for Azure Virtual Machine Scale Sets
The predictive autoscale uses machine learning to help manage and scale Azure Virtual Machine Scale Sets with cyclical workload models. This feature allows you to predict the overall CPU load for the set of virtual machines based on historical CPU usage patterns. This allows scale-out to be done in time to meet demand.
There are several key features released:
New virtual machine set instances are added when the system expects the CPU percentage to exceed the scale-out limit.
You can configure how far in advance you want to provision new instances.
It is possible to view the CPU usage forecasts without activating the scaling action, using the forecast-only mode.
Azure Monitor Logs: functionality to add value to data and reduce costs
For Azure Monitor Logs, interesting log analysis features have been announced that will help increase the cost effectiveness of logs:
Basic Logs: an economical solution for high-volume verbose logs. It is now possible to configure high-volume verbose log tables as basic logs and reduce the cost of storing data used for debugging, problem solving and auditing.
Long-term archiving of logs for security and compliance. The archiving of the logs allows you to extend the retention period of the Log Analytic table and to archive the logs up to seven years with a significant reduction in prices.
Archived logs can be accessed by using a search job or by temporarily restoring a set of logs.
Search Log: a new tool that asynchronously scans petabytes of data and retrieves all relevant records in a new persistent Log Analytics table.
Restoration: an operation that makes a specific time interval of table data available in the hot cache, to run high performance queries.
Azure Monitor Logs: RBAC creation in granular way for custom tables Today, data access control can be managed at the workspace level, resource and table, but only for Azure standard tables. Previously, custom tables only supported one authorization method: “all or nothing”. The Log Analytics product team added the functionality to allow workspace administrators to manage more granular access to data, supporting table-level read permission, for both Azure tables and customer tables.
Integration of the Azure Monitor Agent with Connection Monitor (preview) Connection Monitor is a multi-agent monitoring solution that can monitor connectivity in Azure and hybrid environments and measure packet loss, latency and jitter. Connection Monitor provides useful information for diagnosing and resolving network problems and provides end-to-end path visibility with a unified topology.
Microsoft's goal is to consolidate multiple monitor agents into a single agent. This feature allows you to meet the needs of collection of monitor logs related to connectivity and metrics on Azure and on on-premises Arc-enabled computers, eliminating the costs of managing and enabling multiple monitor agents. Furthermore, the Azure Monitor Agent offers improved security and performance features, real cost savings and easier problem solving. Thanks to this support, the dependence on the Log Analytics agent is eliminated, while increasing the coverage of on-premises computers with the support of Arc-enabled endpoints.
Azure Monitor Managed Service for Prometheus (preview)
Prometheus, the open source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running self-managed Prometheus is often a great solution for smaller deployments, though scaling to manage workloads can be a major challenge. The new Prometheus-compatible and fully managed Azure Monitor service offers the best of what you like about the open source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. This service is available as a standalone Azure Monitor service or as an integrated component of Container Insights and Azure Managed Grafana.
Rules for Azure Kubernetes Service resources and for Log Analytics(preview)
The Azure portal now allows you to easily enable a set of alert rules pertaining to the best practices recommended for Azure Kubernetes Service resources (AKS) and for Log Analytics workspace.
Govern
Azure Cost Management
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Azure Arc
Automatic extension update for Azure Arc-enabled servers
Microsoft has made the extension automatic update functionality available for Azure Arc-enabled servers.
Azure Automanage for Azure virtual machines and Arc-enabled servers Azure Automanage is a service that automates the configuration of virtual machines to Azure services, as well as security operations and management of the entire life cycle of VMs in Azure or hybrid environments (enabled through Azure Arc). This saves time, reduce risks and improve workload uptime, automating daily configuration and management tasks. Azure Automanage is now available for Azure virtual machines and Arc-enabled servers.
Microsoft has added new features to further automate the configuration and management of any virtual machine, including:
the application of improved backup settings and different auditing modes for server baselines;
the ability to specify custom Log Analytics workspaces and Azure tags to identify resources;
support for Windows virtual machines 10;
support for enabling Microsoft Antimalware.
New features for Azure Arc-enabled SQL Servers
Azure Arc-enabled SQL Servers have several new features that increasingly allow customers to leverage a cloud-like experience, including:
single sign-on experience that integrates with Azure Active Directory (Azure AD).
improved security thanks to Microsoft Defender which allows customers to evaluate and secure SQL Server properties in hybrid and multicloud environments.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
Microsoft Defender for DevOps, a new solution that will provide visibility across multiple DevOps environments. This solution will make it possible to centrally manage security, strengthen cloud resource configurations in code and prioritize critical troubleshooting in code in multi-pipeline and multicloud environments. With this preview, major platforms such as GitHub and Azure DevOps are already supported and other major DevOps platforms will be supported shortly.
Microsoft cloud security benchmark: the complete multicloud security framework is now available with Microsoft Defender for Cloud, as part of the free Cloud Security Posture Management experience. This integrated benchmark is able to map best practices across different clouds and various industry frameworks, enabling security teams to ensure multicloud security compliance.
Microsoft Defender for Servers, as well as an agent-based approach to virtual machines (VM) in Azure e AWS, will support agentless scanning.
Defender for Servers P2 will provide the premium features of Microsoft Defender Vulnerability Management.
Microsoft Defender for Containers will expand multicloud threat protection with agentless scanning in AWS Elastic Container Registry.
Protect
Azure Backup
Smart tiering: automatic move to the vault-archive tier
Azure Backup has introduced the ability to configure policies to automate the use of the vault-archive tier for Azure virtual machines and for SQL Server / SAP HANA on board virtual machines. This ensures that the restore points are suitable and recommended (in the case of Azure virtual machines) are automatically moved to the vault-archive tier. This is done periodically and according to the backup policy settings. Furthermore, you can specify the number of days after which you want the recovery points to be moved to the vault-archive tier.
Support for zone-rendundant storage
In Azure Backup, support for redundant zone type vaults has been introduced. When configuring resource protection using a zone-redundant storage vault (ZRS), backups are synchronously replicated across three Availability Zones within a region. This allows you to perform data restores even in the event of outages in a specific area.
Immutable vaults for Azure Backup
With immutable vaults, Azure Backup offers an option to ensure that the recovery points created cannot be deleted before the expected deadline. Azure Backup does this by preventing any operation that could lead to the loss of backup data. This helps protect backups from threats such as ransomware attacks and malicious actors, preventing operations such as deleting backups or reducing retention in backup policies.
Soft delete functionality enhancements for Azure Backup
It is now possible to ensure better protection of backups against various threats, making soft delete irreversible. Furthermore, the soft delete functionality allows you to provide a customizable retention period for which deleted data must be kept.
Support for HANA System Replication in Azure Backup for HANA (preview)
Azure Backup protects HANA databases on Azure virtual machines with a streaming database backup solution, Backint certified. Previously, if the HANA database had HANA System Replication (HSR) as a disaster recovery solution (DR), after each failover, manual intervention was required to activate the backups. Now, with this new feature in preview, you get instant and continuous protection for your HANA System Replication configuration, without the need for any manual intervention.
Azure Site Recovery
New DR architecture for VMware machines
In ASR it has been made easier, reliable and modern mechanism to protect VMware virtual machines. Among the main improvements it is worth mentioning:
Stateless ASR Replication Appliance: the Configuration Server and its local components have been converted to a stateless ASR replication appliance. This choice simplifies the discovery and failback process, introducing the option to select any appliance, without having to configure any master target server or process server.
Automatic updates for the ASR replication appliance and for the mobility agent. A problem felt with the classic architecture was the need to manually update the various components of the Configuration Server and the mobility agents. To make things easier, automatic updates have been introduced.
More flexible scalability. The replication appliance constitutes a single management unit and all its components have been converted into microservices hosted in an Azure environment. This not only makes it easier to troubleshoot any problems, but managing scalability is also much easier.
High availability for appliances. With modern architecture, it is no longer necessary to perform regular backups of the appliance. In fact,, just start another appliance and switch all machines to the new appliance. The replicated items will be transferred to the new appliance, without having to repeat the full replication.
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 64 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.
Migrate
Azure Migrate
Discovery and assessment aimed at migrating SQL Server to Azure
The new SQL discovery and assessment capabilities in Azure Migrate allow you to map the environment and evaluate availability, the costs and any blocks in moving these instances to Azure IaaS and PaaS. Thanks to this tool it is possible to detect the most valid and convenient Azure target for the analyzed SQL instances. Furthermore, this information can be downloaded in a specific report.
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.
Azure Database Migration
Migration from Oracle to Azure with Database Migration Assessment for Oracle Database Migration Assessment for Oracle, an Azure Data Studio extension powered by Azure Database Migration Service, now allows you to do an assessment for migration from Oracle Database to Azure Database for PostgreSQL. The assessment includes recommendations for database migration and an assessment of the code complexity of the databases. Through the same tool, customers can get recommendations on targeted sizing for Oracle Database migration to Azure Database for PostgreSQL and Azure SQL, including Azure SQL Database Hyperscale, ideal for large workloads up to 100 TB. With these new features, Migration planning is made easier for Oracle customers who want to modernize their data assets with Azure-managed databases.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite (October 2022) conference.
Azure
Compute
Azure savings plan for compute
Azure savings plan for compute is an easy and flexible way to save significantly on compute services, compared to pay-as-you-go prices. The savings plan unlocks lower prices on select compute services when customers commit to spend a fixed hourly amount for one or three years. Choose whether to pay all upfront or monthly at no extra cost. As you use select compute services across the world, your usage is covered by the plan at reduced prices, helping you get more value from your cloud budget. During the times when your usage is above your hourly commitment, you’ll be billed at your regular pay-as-you-go prices. With savings automatically applying across compute usage globally, you’ll continue saving even as your usage needs change over time.
Storage
SFTP support for Azure Blob Storage
SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is now generally available. Azure Blob Storage now supports SFTP, enabling you to leverage object storage economics and features for your SFTP workloads. With just one click, you can provision a fully managed, highly scalable SFTP endpoint for your storage account. This expands Blob Storage’s multi-protocol access capabilities and eliminates data silos, meaning you can run different applications, requiring different protocols, on a single storage platform with no code changes.
This special edition includes Microsoft’s most important announcements and major updates, regarding Azure infrastructure as a service (IaaS) and Azure Stack, which were officially announced this week at the Microsoft Ignite conference (October 2022). Microsoft announced a number of significant enhancements to its Azure infrastructure as a service (IaaS) portfolio, and Microsoft infrastructure services continue to evolve to improve the experience of running business-critical workloads in a hybrid environment.
Azure
Compute
Nutanix Cloud Clusters now generally available on Azure
Nutanix Cloud Clusters on Azure, now generally available, simplifies and accelerates the customer journey to the cloud. Nutanix customers can migrate or extend their workloads to Azure, without modification or retooling. With Nutanix Cloud Clusters on Azure, customers can leverage their existing Nutanix skills and tools, add Azure services such as security, identity and analytics and gain cost efficiencies with license portability that enables them to use their existing licenses for Azure deployment. And, to further support a hybrid model, customers can also seamlessly extend Azure data services to their on-premises Azure Arc-enabled Kubernetes clusters using the Nutanix platform.
New features for Azure VMWare Solution
Two new Azure VMware Solution features support higher availability and security for
customers’ mission critical workloads and include:
99.99% private cloud uptime: stretched clusters for Azure VMware Solution, now in preview, will provide 99.99% uptime for mission-critical apps that require the highest availability. In times of Availability Zone failure, customers’ virtual machines (VMs) and apps automatically failover to an unaffected Availability Zone with no app impact, which does not require IT support.
Customer Managed Keys (CMK): now in preview, CMK will give customers maximum control over their encrypted vSAN data on Azure VMware Solution. With this feature, customers use Azure Key Vault to generate customer managed keys and to centralize and streamline the key management process
Azure savings plan for compute offers a new price offering
Microsoft is launching a new price offering, Azure savings plan for compute. This new offer, generally available later in October, will allow customers to save across select compute services globally by committing to spend a fixed hourly amount (for example, $5/hour) for one or three years. As customers use select compute services around the world, their usage is covered by the plan at reduced prices, helping them get more value from their cloud budget. During times when their usage is above their hourly commitment, users will simply be billed at the regular pay-as-you-go prices. With savings automatically applying across compute usage globally, they’ll continue saving even as their usage needs change over time. This plan lets customers increase the value of their cloud budget, retain financial control and optimize costs amid increasing cloud spends to help them do more with less.
New Azure Virtual Machine Scale Set and Spot Virtual Machines capabilities (preview)
A new Virtual Machine Scale Sets feature that enables Azure customers to include standard and Spot Virtual Machine types in the same virtual machine scale set is now in preview. This new capability is available with flexible orchestration mode and can help you achieve significant cost savings given the deep discount rates that Spot Virtual Machines usually provide. Virtual Machines Scale Sets flexible orchestration mode provides you with the ability to deploy highly available large-scale cloud infrastructure quickly, reliably, and easily. You can also set up policies that define the percentage allocation of standard versus Spot Virtual Machines. The number of standard VMs that need to be running at any given time, in addition to the percentage of Spot Virtual Machines, can also be defined.
Confidential VM option for SQL Server on Azure Virtual Machines
With the confidential VM option for SQL Server on Azure Virtual Machines, you can now run your SQL Server workloads on the latest AMD-backed confidential virtual machines. This ensures that both the data in use (the data processed inside the memory of the SQL Server) as well as the data at rest stored on your VM’s drives, are inaccessible to unauthorized users from the outside of the VM. This can be done without the need to change the code of your SQL Server applications or your database schemas, including stored procedures.
Storage
Next-gen Azure Premium SSD Disk Storage
The new Azure Premium SSD v2 Disk Storage is the most advanced general purpose block storage solution available, designed for performance-critical workloads like online transaction processing systems that consistently need sub-millisecond latency combined with high IOPS and throughput. Premium SSD v2 enables you to improve the price-performance of a broad range of enterprise production workloads that require sub-millisecond latency with high IOPS and throughput such as SQL Server, Oracle® DB, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. With Premium SSD v2, you can provision up to 64TiBs, 80,000 IOPS, and 1,200 MB/s throughput on a single disk. You can specify disk size ranging from 1 GiB up to 64 TiBs, in 1-GiB increments. You can provision separately disk size, IOPS, and throughput to match your workload requirements, resulting in greater flexibility when managing performance and costs. Furthermore, you can dynamically scale up or down the performance as needed without downtime, giving you the flexibility to manage disk performance cost-effectively.
Azure Elastic SAN (preview)
Azure Elastic SAN, now in preview, is a unique cloud-native and fully managed storage area network (SAN) service. Combining SAN-like capabilities with the benefits of being a cloud-native service, Azure Elastic SAN will offer a scalable, cost-effective, high-performance and reliable storage solution. It can connect to a variety of Azure compute services, enabling customers to seamlessly lift and shift their SAN workloads to the cloud without having to change their provisioning and management model.
These features include:
Deploying, managing and hosting workloads on Azure with an end-to-end experience like on-premises SAN.
Bulk provisioning of block storage that can achieve massive scale up to millions of IOPS, double-digit GB/s throughput and low single-digit millisecond latencies while serving a plethora of workloads in an organization.
Simplifying volume management through grouping and policy enforcement with an on-premises SAN experience.
Achieving higher resiliency and minimizing downtime with zone-redundant storage,
thus ensuring organizations high levels of availability when running business-critical
apps on Azure.
Networking
Azure DNS Private Resolver
Azure DNS Private Resolver is a cloud-native, highly available, and DevOps-friendly service. It provides a simple, zero- maintenance, reliable, and secure DNS service to resolve and conditionally forward DNS queries from a virtual network, on-premises, and to other target DNS servers without the need to create and manage a custom DNS solution. Resolve DNS names hosted in Azure Private DNS Zones from on-premises networks as well as DNS queries for your own domain names. This will make your DNS infrastructure work privately and seamlessly across on-premises networks and enable key hybrid networking scenarios.
Azure Resource Topology
Azure Resource Topology (ART) allows visualizing the resources in a network, acquire system context, understand state and debug issues faster. It provides a visualized connected experience for inventory management and monitoring. This unified topology leads to upgrading the network monitoring and management experience in Azure. Replacing the Network Watcher topology, this topology will allow the users to draw a unified and dynamic topology across multiple subscription, regions, and resource groups (RGs) comprising of multiple resources. Allowing deep dive into your environment, ART provides the capability for users to drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure. It also stitches the end-to-end monitoring and diagnostics story with the capability to run next hop directly from a VM selected in the topology after specifying the destination IP address. Selecting a resource in the topology highlights the node and all other nodes/resources connected to it via edges. These edges define the connections among regions which can be done through VNET peering, VNET Gateways, etc. The side pane shows extensive resource details and properties for selected node/resource.
Static IP configurations of private endpoints
Private endpoint support for statically defined IP addresses is generally available. This feature allows you to add customizations to your deployments. Leverage already reserved IP addresses and allocate them to your private endpoint without relying on the randomness of Azure’s dynamic IP allocation. In doing so, you can account for a consistent IP address to the private endpoint to use alongside IP based security rules and scripts.
Custom network interface name configurations of private endpoints
Private endpoint support for custom network interface (NIC) is now generally available. This feature allows you to define your own string name at the time of creation of the private endpoint NIC deployed. This enhances customizations to your deployments by allowing private endpoint resources to comply with your naming structure. You can leverage this feature to define a private endpoint NIC outside of the existing format of [Private Endpoint Name].nic.GUID.
IP Protection SKU for Azure DDoS Protection (preview)
IP Protection is designed with SMBs in mind and delivers enterprise-grade, cost-effective DDoS protection. Instead of enabling DDoS protection on a per virtual network basis, including all public IP resources associated with resources in those virtual networks, you now have the flexibility to enable DDoS protection on an individual public IP. The existing standard SKU of Azure DDoS Protection will now be known as Network Protection. IP Protection includes the same features as Network Protection, but Network Protection will have in the following value-added services: DDoS Rapid Response support, cost protection, integration with Azure Firewall Manager, and discounts on Azure Web Application Firewall.
ExpressRoute Metro (in development)
ExpressRoute Metro offers you the ability to create private connections via an ExpressRoute Circuit with dual connections from a Service provider (AT&T, Equinix, Verizon etc.,) or connecting directly with ExpressRoute Direct over a dual 10 Gbps or 100 Gbps physical port in two different Microsoft Edge location in a metropolitan area offering higher redundancy and resiliency.
Azure public multi-access edge compute (MEC)
Azure public multi-access edge compute (MEC) allows enterprises and developers to
deliver innovative, high-performance, low-latency apps using operators’ public 5G
networks. Azure public MEC is available with AT&T in Atlanta and Dallas. This offers
customers the unique ability to analyze data closer to where it is being captured for
proactive actions and decisions. Azure public MEC with the AT&T 5G network will be available in November in Atlanta and Dallas. Additional sites will be coming soon to Detroit and New York City.
Azure Stack
Azure Stack HCI
New benefit for Software Assurance customers
Microsoft is expanding Azure Hybrid Benefit, a program that enables Software Assurance (SA) customers to reduce costs. With the new Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and Azure Stack HCI, customers can:
Get Azure Stack HCI at no additional cost with Windows Server Datacenter SA.
Customers can modernize their existing datacenter and edge infrastructure to run their virtual machine (VM) and container-based workloads on modern infrastructure with industry-leading price-performance and built-in connectivity to Azure.
Run AKS on Windows Server and Azure Stack HCI at no additional cost with Windows SA and Cloud Solution Provider (CSP) subscriptions. With this, customers can deploy and manage containerized Linux and Windows apps from cloud to edge with a consistent, managed Kubernetes service.
Azure Arc-enabled VM management: public preview 2
Microsoft is adding some important new features in public preview 2 to manage virtual machines:
Marketplace image: in addition to using your own custom images, you can now access images from the Azure Marketplace. In just a few clicks, you can conveniently deploy the latest fully-patched images from Microsoft, including Windows Server 2022 Azure Edition with hotpatching and Windows 11 Enterprise multi-session for Azure Virtual Desktop. Later, images from third-party publishers will be available too. The Marketplace functionality is built natively into Azure Arc (no new agents needed) and is designed to be conscious of your network bandwidth: images are optimized to minimize file size, and you only need to download them once to create as many VMs as you like.
Guest management including VM extensions: when you deploy a new VM through Azure Arc, the guest OS is now automatically Arc-enabled. This means you can use VM extensions like Domain Join to configure the operating system, or Custom Script to deploy and configure your applications. Later, more extensions will be available.
22H2 feature update
All existing Azure Stack HCI clusters are eligible to receive 22H2 as a free over-the-air update. You can apply the update non-disruptively with cluster-aware updating, just like a monthly security patch. Microsoft recommends version 22H2 for all new Azure Stack HCI deployments. No matter how you use Azure Stack HCI, there’s something for you in the 22H2 feature update.
Network
With version 22H2, Network ATC can automatically assign IP addresses to your intra-cluster storage networks, and automatically name your cluster networks based on their intended use. It can also manage live migration settings for you, like selecting the best network, best transport, and best bandwidth allocation.
Storage
Storage management is more flexible: you can modify existing storage volumes to increase their resiliency (e.g., from two-way to three-way mirror) or convert in-place from fixed to thin provisioning.
Storage replication between sites in a stretch cluster is faster with new optional compression. Hyper-V live migration is more reliable for switchless 2-node and 3-node clusters. And there’s new tag-based network segmentation, enabling you to secure virtualized workloads against lateral threats based on custom tags of your choice.
Management tools
Management tools are being refreshed to support the new update. You can use Windows Admin Center to manage version 22H2 right now, and in mid-November, the next Windows Admin Center release will bring enhancements to light up new features, like modifiable volume settings, an improved cluster settings design, and more. In mid-November, the first Update Rollup (UR1) for System Center 2022 will add official support for Azure Stack HCI, version 22H2.
Azure Kubernetes Service hybrid deployment options
Azure Kubernetes Service (AKS) on Azure Stack HCI, Windows Server 2019, and 2022 Datacenter can be provisioned from the Azure Portal/CLI. Through this consistent managed Kubernetes experience, organizations can run containerized apps regardless of their location in a datacenter, the Azure cloud and/or a physical location or device.
Hardware
In 2023, Microsoft will begin offering an Azure Stack HCI integrated system based on hardware that’s designed, shipped, and supported by Microsoft. The solution, called the “Pro 2”, has a 2U half-depth form factor that’s ideal for deployment outside the datacenter, in locations like retail, manufacturing and healthcare. The Pro 2 will be available in several configurations, with specs tailored to edge use cases and the option for up to two NVIDIA A2 GPUs. You’ll be able to order it directly from the Azure Portal and it’ll ship with Azure Stack HCI pre-installed. And hardware management will be integrated directly into the existing cluster management tools, including a new Windows Admin Center extension that’s under development now.
Azure NetApp Files new regions and cross-region replication
Azure NetApp Files is now available in the following additional regions:
Korea South,
Sweden Central.
Additionally, Azure NetApp Files cross-region replication has been enabled between following regions:
Korea Central and Korea South,
North Central US and East US 2,
France Central and West Europe.
Networking
ExpressRoute FastPath support for Vnet peering and UDRs
FastPath now supports virtual network peering and user defined routing (UDR). FastPath will send traffic directly to any VM deployed in a spoke virtual network peered to the virtual network where the ExpressRoute virtual network gateway is deployed. Additionally, FastPath will now honor UDRs configured on the GatewaySubnet and send traffic directly to an Azure Firewall or third-party Network Virtual Appliance (NVA).
Azure Firewall Basic (preview)
Azure Firewall Basic is a new SKU for Azure Firewall designed for small and medium-sized businesses.
Seamless integration with other Azure security services
Simple setup and easy-to-use:
Setup in just a few minutes
Automate deployment (deploy as code)
Zero maintenance with automatic updates
Central management via Azure Firewall Manager
Cost-effective:
Designed to deliver essential, cost-effective protection of your resources within your virtual network
Policy analytics for Azure Firewall (preview)
Policy analytics for Azure Firewall, now in public preview, provides enhanced visibility into traffic flowing through Azure Firewall, enabling the optimization of your firewall configuration without impacting your application performance.
Azure Basic Load Balancer will be retired
On 30 September 2025, Azure Basic Load Balancer will be retired. You can continue to use your existing Basic Load Balancers until then, but you’ll no longer be able to deploy new ones after 31 March 2025.
To keep your workloads appropriately distributed, you’ll need to upgrade to Standard Load Balancer, which provides significant improvements including:
High performance, ultra-low latency, and superior resilient load-balancing.
Security by default: closed to inbound flows unless allowed by a network security group.
Diagnostics such as multi-dimensional metrics and alerts, resource health, and monitoring.
SLA of 99.99 percent availability.
Basic SKU public IP addresses will be retired
On 30 September 2025, Basic SKU public IP addresses will be retired in Azure. You can continue to use your existing Basic SKU public IP addresses until then, however, you’ll no longer be able to create new ones after 31 March 2025.
Standard SKU public IP addresses offer significant improvements, including:
Access to a variety of other Azure products, including Standard Load Balancer, Azure Firewall, and NAT Gateway.
Security by default—closed to inbound flows unless allowed by a network security group.
Zone-redundant and zonal front ends for inbound and outbound traffic.
