Category Archives: What's New

Azure Management services: what's new in August 2021

Microsoft constantly releases news about Azure management services. By publishing this summary, we want to provide an overall overview of the main news released in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

The IT Service Management Connector is certified with the Quebec version of ServiceNow

The IT Service Management Connector (ITSM) of Azure Monitor is now certified for the Quebec version of ServiceNow. This connector allows you to establish a two-way connection between Azure and ITSM tools, useful for managing incidents and solving problems faster. Furthermore, it is possible to create work items in the ITSM tool, based on Azure alerts(Metric Alerts, Activity Log Alerts, e Log Analytics alert).

Lower levels for reservations for Azure Monitor dedicated clusters

Microsoft has reduced the capacity reservation (capacity reservation) minimum required for Azure Monitor dedicated clusters, bringing it from 1.000 GB to 500 GB per day. This allows you to take advantage of advanced features such as customer-managed keys, lockbox, and infrastructure encryption, even to customers with lower data entry volume.

The retirement of the Log Analytics agent has been announced

Microsoft announced that the 31 August 2024 the Log Analytics agent used in Azure Monitor will be retired. Therefore, before that date, you should use the new Azure Monitor agent (AMA) and data collection rules (DCR) of Azure Monitor to monitor virtual machines and servers.

Configure

Azure Automation

New features coming soon to be released

Microsoft has announced that the following new features will soon be released for Azure Automation:

  • Azure AD support: ability to use Azure AD-based authentication for public automation endpoints
  • Support for Powershell 7: ability to run Azure Automation runbooks, in production scenarios, using PowerShell 7.1
  • Azure Automation Hybrid Worker Extension for Azure and for Azure Arc machines: possibility of onboarding hybrid workers using the hybrid extension for Azure and Azure Arc machines.
  • Support for Availability Zones, useful for increasing the levels of reliability and resilience.
  • Native support of the Powershell Az module.

Govern

Azure Policy

Azure Guest Configuration Policy: possibility of applying settings within the systems as well (preview)

Guest Configuration Policies allow you to control settings within a machine, both for virtual machines running in Azure environment and for "Arc Connected" machines. At the moment, most of the Azure Guest Configuration Policies only allow you to make checks on the settings inside the machine, but they do not apply configurations. However, Microsoft has announced in preview the possibility to apply configurations provided by Microsoft or to create your own configuration packages using PowerShell DSC version 3.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Azure Security Center

Azure Defender for SQL available from Azure SQL Virtual Machine blade

This new Azure Defender information browsing experience for SQL VMs, allows you to view, directly from the SQL virtual machine panel, information about security best practices for related SQL Server databases.

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Support for Archive storage for backup of VMs and SQL on board VMs

In Azure Backup, you can now move recovery points to save costs and keep your backup data longer. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Using Azure PowerShell, it is possible to move these backups from the standard tier to the new archive tier.

When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can be done in an integrated way from the Azure portal, with a simple and intuitive process.

Azure Site Recovery

ASR support for global disaster recovery

Azure Site Recovery (ASR) introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected.

Extended the date of withdrawal of Hard coded IP address

Microsoft has extended the retirement date for hard coded IP addresses to connect with Azure Site Recovery services to 31 August 2024. This allows you to have more time to adjust the configurations of the environments to use the Azure service tags.

Migrate

Azure Migrate

Software inventory and agentless dependency analysis

In Azure Migrate it is now possible to inventory applications, roles and features installed and perform dependency analysis, on Windows and Linux servers, without installing any agent. Agentless dependency analysis allows you to identify and understand dependencies between servers, supporting data collection for up to 1000 servers at the same time.

Discovery and assessment of ASP.NET Web Apps with Azure Migrate (preview)

Azure Migrate now allows you to identify and assess ASP.NET Web Apps running on the on-premises IIS Web server and manage their migration. Until now, it was necessary to use tools such as App Service Migration Assistant to evaluate the Web Apps. Thanks to the introduction of this feature in Azure Migrate, it is possible to discover the .NET Web Apps running in your VMware environment and create assessments to manage the migration to Azure IaaS or Azure App Service.

Containerization of apps and migration to AKS or Azure App Service

The Azure Migrate app containerization tool allows you to modernize existing ASP.NET and Java web applications, using a containerization approach that requires little or no application changes. The tool groups existing applications running on servers in a container image and allows them to be deployed in containers running in Azure Kubernetes Service(AKS) or in Azure App Service. As part of the migration process, the tool allows you to parameterize the application configurations, outsource file system dependencies using persistent volumes and configure the containerized application monitor using Application Insights.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: What's new in July 2021

Microsoft constantly announces news regarding Azure management services and as usual this monthly summary. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New built-in policies for Log Analytics workspaces and linked automation accounts

When designing and deploying Azure Monitor Log Analytics workspaces, it is advisable to adopt specific criteria to distribute them consistently, in compliance with the compliance of their environment. Thanks to a new built-in policy it is possible to automate and control the distribution of Log Analytics workspaces and the Automation Accounts connected to them in your own environments.

Better integration between Azure Monitor and Grafana

Grafana is a very popular open source visualization and analysis software, which allows you to query, view and explore various metrics from multiple data sources in a centralized way. Recently, some updates have been made to the Azure Monitor plug-in for Grafana that allow you to enable additional data sources and easier authentication via managed identity. Among the main improvements we find:

  • Azure Resource Graph in the Azure Monitor Grafana data source. Azure Resource Graph (ARG) is a service in Azure that allows you to perform large-scale queries on a given subscription set, so that you can effectively govern your environment. With Grafana 8.0, Azure Monitor data source supports querying ARG.
  • Managed Identities are supported for the Grafana data source hosted in Azure and for Azure Monitor. Customers hosting Grafana on Azure (e.g.. App Service, Azure Virtual Machine) and have enabled managed identity on their virtual machine, they will be able to use it to configure Azure Monitor in Grafana. This aspect simplifies the configuration of the data source, requiring it to be securely authenticated without having to manually configure credentials through app registrations in Azure AD for each data source.
  • Direct links to the Azure portal for Grafana metrics. To allow easy exploration of Azure Monitor metrics directly from Grafana, when a user selects the result of a query, a menu appears with a link to “View in the Azure portal”. Selecting it will redirect you to the corresponding chart in the Azure Metrics Explorer portal.

Direct proxy and Log Analytics gateway support for the new agent

Following the recent announcement on the availability of the new Azure Monitor agent (AMA) and data collection rules (Data Collection Rules), support for direct proxies and support for Log Analytics gateways is introduced for this agent.

Configure

Azure Automation

Support for User Assigned Managed Identities (preview)

Azure Automation has introduced support for User Assigned Managed Identities, which allows you to eliminate the effort of managing RunAs Accounts for runbooks. A User Assigned Managed Identities is an independent Azure resource that can be assigned to the Azure Automation account, which can have multiple associated user-assigned identities. The same identity can be assigned to multiple Azure Automation accounts.

Govern

Azure Policy

Azure Policy built-in for Network Watcher Traffic Analytics

Traffic Analytics is based on the analysis of NSG flow logs and after an appropriate aggregation of data, inserting the necessary intelligence concerning security, topology and geographic map, can provide detailed information about the network traffic of your Azure cloud environment. The following new built-in policies have been introduced to facilitate the deployment of Traffic Analytics:

  • An audit policy: Flag flow logs resource without traffic analytics enabled
  • DeployIfNotExists policies: Enable Traffic Analytics on NSGs in an Azure region of a subscription or resource group

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 56 that solves several issues and introduces some improvements. In particular, this update introduces the following new features:

  • Microsoft Azure Site Recovery (services): Improvements have been made to enable replication and new protection operations to be faster than 46%.
  • Microsoft Azure Site Recovery (portal): Replication between any two Azure regions around the world can now be enabled. You are no longer limited to enabling replication on your continent.

The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: What's new in June 2021

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

The new Azure Monitor agent and new Data Collection Rules features are available

Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

With regard to the Data Collection, these innovations have been made:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).

Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)

Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.

Azure Monitor cost changes to achieve significant savings

Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:

  • New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
  • Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
  • Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.

Govern

Azure Policy

Changes in compliance for Resource Type Policies

Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Display of amortized costs in the cost analysis preview.
  • Cloudyn is withdrawn from the 30 June.
  • News regarding Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

TLS 1.2 enforcement per il MARS backup agent

Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.

Cross Region Restore of SQL / SAP HANA running on VM in Azure

In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support for new geographies of the public cloud.
  • The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
  • Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.

Support for Azure private links

Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: What's new in June 2021

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

The new Azure Monitor agent and new Data Collection Rules features are available

Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

With regard to the Data Collection, these innovations have been made:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).

Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)

Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.

Azure Monitor cost changes to achieve significant savings

Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:

  • New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
  • Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
  • Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.

Govern

Azure Policy

Changes in compliance for Resource Type Policies

Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Display of amortized costs in the cost analysis preview.
  • Cloudyn is withdrawn from the 30 June.
  • News regarding Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

TLS 1.2 enforcement per il MARS backup agent

Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.

Cross Region Restore of SQL / SAP HANA running on VM in Azure

In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support for new geographies of the public cloud.
  • The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
  • Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.

Support for Azure private links

Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: What's new in May 2021

To stay constantly updated on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Log Analytics workspace insights

Microsoft has announced the availability of Log Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: use, performance, integrity, agents, query e change logs.

These are the main questions to which the solution can provide an answer:

  • What are the main tables, those where most of the data is imported?
  • Which resource sends the most logs to the workspace?
  • How long does it take for the logs to reach the workspace?
  • How many agents are connected to the work area? How many are in a health state?
  • Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
  • Who has set a daily limit? When data retention has changed?
    • Useful for keeping a log of changes in workspace settings.

Export of Azure Monitor logs to multiple destinations (preview)

You now have the option to create up to 10 data export rules in each Log Analytics workspace, having the flexibility to decide which tables to export and to which destination (storage accounts oppure event hubs). This configuration possibility makes it possible to address these aspects:

  • Event hub rate limit
  • Single storage account rate limit
  • Different logs can be exported to different destinations.

Updates related to the user interface(UI)

The following user interface updates have been introduced in Log Analytics(UI):

  • Consultation of custom logs: it is now possible to control and manage the table and the custom fields from a new dedicated panel, offering a new user interface that improves the experience of consulting custom logs.
  • Azure Dashboard: the parts of Log Analytics added to Azure dashboards support integration with filters.

Query packs in Azure Monitor (preview)

Query packages have been made available in Azure Monitor , which are essentially ARM objects containing several queries. Among the main features we find:

  • Being ARM objects, precise control of permissions is provided and can be distributed via code and incorporated into policies.
  • They work in all contexts and in all environments, with the ability to upload them to multiple subscriptions.
  • They allow organizations to better organize queries based on their taxonomy, thanks to the presence of new metadata.
  • The clear experience, harmonized and contextual to the environment is incorporated in Log Analytics.

Availability in new regions

Azure Monitor Log Analytics is now also available in the South India region. To check the availability of the service in all the Azure regions you can consult this document.

Secure

Azure Security Center

Integration con GitHub Actions (in public preview)

The integration of Azure Security Center (ASC) with GitHub Actions, in public preview, allows you to easily incorporate security and compliance early in the software development lifecycle. With this integrated experience, you can gain greater visibility into IT operations and IT security, both in the pipeline CI / CD, both in the security scans of container registry within ASC. Furthermore, end-to-end traceability makes it easier for developers to identify issues, improving resolution times and strengthening your cloud security posture.

Re-scanning of containers

Azure Security Center has introduced a new scan for containers that analyzes images to identify vulnerabilities before the push action occurs within the Azure container registries. In the future, ASC will also provide recommendations if you detect workflows that send Docker images without enabling scan actions CI / CD.

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Backup for Azure Blobs

Azure Blob Backup is a managed data protection solution, this helps protect block blobs from various data loss scenarios. The data is stored locally within the source storage account and can be restored from a certain time when necessary. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Enable Azure Site Recovery (ASR) when creating virtual machines

While creating new virtual machines from the Azure portal, you can now also enable the Azure Site Recovery replication process. This possibility is included in the virtual machine management options along with those already available, such as Monitoring, Identity, and Backup.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features. In particular, this month the main news is the migration of virtual machines and physical servers with operating system disks up to 4 TB, which is now supported using the migration method based on the presence of the agent.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: What's New in April 2021

Microsoft is constantly announcing news regarding Azure management services. This summary, released on a monthly basis, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New agent version for Windows Systems

A new version of the Log Analytics agent has been released this month for Window systemss. The new version includes a new tool for troubleshooting and handles changes to certificates in Azure services differently.

The uniqueness of the name of the Log Analytics workspaces is now per resource group

In the past, the uniqueness of the Azure Monitor Log Analytics workspace was globally for all subscriptions. This meant that when a workspace name was used by a customer, it could not be reused by others. Microsoft has changed the way in which the uniqueness of the workspace name is requested and is now managed in the context of the resource group.

New definitions built-in of the Azure Policy for data encryption in Azure Monitor

Azure Monitor provides built-in policies for data encryption governance and control over the key used for encryption at rest. Here are the new built-in policies available for data encryption:

  • Azure Monitor logs clusters should be encrypted with customer-managed key – Audit if log analytics cluster is defined with customer-managed key.
  • Azure Monitor logs clusters should be created with infrastructure-encryption enabled (double encryption) – Audit log analytics cluster is created with Infrastructure enabled.
  • Azure Monitor logs for application insights should be linked to a log analytics workspace – Audit if application insights is linked to store data in log analytics workspace. Workspace can then be linked to a log analytics cluster for customer-managed key settings.
  • Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption – Audit if workspace has linked storage account, which allows the encryption using customer-managed key.
  • Log alert queries in Azure Monitor will be saved in customer storage account, if workspace has linked storage account, which allows the encryption using customer-managed key.

Improvements for Log Alerts

Log Alerts are available in Azure Monitor that allow users to use a Log Analytics query to evaluate the resources logs at a set frequency and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. In this context, two new highly requested features have been released (in preview):

  • Stateful Log Alert: with this feature enabled, activated alerts are automatically resolved once the condition is no longer satisfied. In this way, the same behavior is adopted as in the alerts related to metrics.
  • Frequency of 1 minute: with this feature enabled, the alert query is evaluated every minute to verify the specified condition, thus reducing the overall time for activating a Log Alert.

Availability in new regions

Azure Monitor Log Analytics is also available in the region South India.

To check the availability of the service in all the Azure regions you can consult this document.

Container insights: support for the monitor of Kubernetes Azure Arc enabled environment (preview)

Containers insights in Azure Monitor has extended its monitor capabilities to Azure Arc Kubernetes clusters as well, providing the same monitoring capabilities present for the Azure Kubernetes service (AKS), which:

  • Visibility on the performance of the environment, through the memory and processor metrics for the controllers, nodes and containers.
  • View information collected through workbooks and in the Azure portal.
  • Alert and possibility of querying historical data for problem solving.
  • Ability to verify Prometheus metrics.

Configure

Azure Automation

Availability in new regions

Azure Automation is also available in the region South India.

Support for System Assigned Managed Identities for cloud and Hybrid job (public preview)

Azure Automation has introduced support for System Assigned Managed Identities for cloud and Hybrid jobs. Among the advantages of using Managed Identities we find:

  • The ability to authenticate to any Azure service that supports Azure AD authentication.
  • Elimination of the management overhead associated with managing Run As accounts in runbook code. This makes it possible to access resources via the Managed Identity of an Automation account from a runbook, without having to worry about creating RunAsCertificate, RunAsConnection, etc.
  • It is not necessary to renew the certificate used by the Automation Run As account.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Azure Dedicated Host protection support

Azure Backup has introduced support for the backup and recovery of virtual machines residing on Azure Dedicated Host, physical servers dedicated to your organization whose capacity is not shared with other customers. This feature is available in all Azure regions where Azure Dedicated Host can be activated.

Azure VM Scale sets protection with orchestration templates (preview)

Azure Backup now allows you to backup and restore Azure VM Scale sets with orchestration models, which provide a logical grouping of virtual machines managed by the platform.

Improvements in encryption using customer managed keys (preview)

Azure Backup now allows you to use your own keys to encrypt backup data residing in the Recovery Services vaults. This new feature allows you to increase the control of the encryption of your data. Furthermore, you can use the Azure Policy to control and apply encryption using keys managed directly by the customer.

Azure Site Recovery

Support for Azure Policy (preview)

The ability to use Azure Policy is now provided to enable large-scale use of Azure Site Recovery for virtual machines. After creating a disaster recovery policy for a resource group, all new virtual machines that will be added to this resource group will have Site Recovery enabled automatically. Furthermore, through a Remediation process, Site Recovery can also be enabled for all virtual machines already present in the Resource Group.

Support for cross-continental disaster recovery (for 3 region pairs)

Azure Site Recovery introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected. This feature is currently available for the following 3 pairs of intercontinental regions:

  • Southeast Asia and Australia East
  • Southeast Asia and Australia Southeast
  • West Europe and South Central US

Support of “proximity placement groups” in hybrid and cloud disaster recovery scenarios

Azure Site Recovery introduced support for “proximity placement groups (PPG)” in hybrid and cloud disaster recovery scenarios. With this support it will be possible to replicate an on-premises physical or virtual machine or an Azure virtual machine within a PPG, in the chosen Azure target area. Upon activation of the failover plan, Site Recovery will activate the failover VM within the target PPG selected by the user. This functionality is available both through the Azure portal and through PowerShell and REST API, across all Azure regions.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features. In particular, this new release was released this month:

  • The tools Azure Migrate: Discovery and Assessment and Azure Migrate: Server Migration can be used by connecting privately and securely to the Azure Migrate service via ExpressRoute or via a site-to-site VPN, using Azure private links. This connectivity method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in March 2021

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, reported monthly, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

What's new in Azure Monitor for Windows Virtual Desktop

Azure Monitor for Windows Virtual Desktop, that will be made available in the coming weeks, will allow you to have a centralized view, containing all the monitor information to help you troubleshoot and operate on a large scale. Thanks to the latest updates it is possible to:

  • View a summary of the status and health of the pool host
  • Find and resolve deployment issues
  • Understanding and addressing user feedback
  • Evaluate resource usage and make scalability decisions, thus achieving optimal cost management

ExpressRoute Monitors in Azure Monitor Network Insights

Azure Monitor Network Insights allows now, through a centralized console, to make the ExpressRoute monitor. The solution displays the following information regarding ExpressRoute connectivity:

  • Topology of all ExpressRoute circuit components (peering, connections and gateways)
  • Provisioning and health status of the various components
  • Circuit metrics (Availability, throughput and packet delivery)
  • Metrics of the ExpressRoute gateway connected to the circuit

Azure Monitor SQL insights for Azure SQL (preview)

Azure Monitor SQL Insights allows you to collect, the analysis and customized display of telemetry data for SQL Database, SQL Managed Instance and SQL Server on board Azure Virtual Machines. The interactive experience introduced by SQL Insights allows you to customize the collection, the frequency of telemetry and to combine data from multiple sources, providing a unified monitoring experience for the SQL environment. SQL Insights is based on the Azure Monitor platform, giving customers access to all the viewing and notification features in the solution.

Azure Monitor Alerts for Azure Backup (preview)

You can now manage backup alerts through the standard Azure Monitor experience. This integration allows users to have a consistent experience in managing alerts across Azure services, including backup.

Azure monitor for containers: live consultation of pods logs & Replica set

Azure monitor for containers introduced support for real-time access to Azure Kubernetes Service Pods and Replica sets logs (AKS). Thanks to this new feature you can search for, filter and view historical pod logs in Log Analytics, you can also troubleshoot and diagnose pods and replica sets.

Container Insights: Persistent Volume monitoring & Tab reports

Container Insights of Azure Monitor introduces two new features:

  • Monitoring dei Persistent Volume (PV) for AKS clusters.
  • A new Reports tab that provides full access to all workbooks related to Kubernetes.

Azure SQL auditing in Log Analytics

It is now possible to merge the audit logs of Azure SQL Database and Azure Synapse Analytics to a Log Analytics workspace and to the Event Hub. This way you can centralize SQL audit logs in one location and do large-scale analysis.

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems, which introduces several improvements and greater stability.

Availability in new regions

Azure Monitor Log Analytics is available in the following new regions:

  • Australia Central 2

To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in new regions

Azure Automation is available in the following new regions:

  • UK West

Azure Automanage

New features for Windows systems and extension to Linux distro

Azure Automanage is a new solution that automates several operations throughout the entire lifecycle of virtual machines located in Azure. It allows you to automatically implement best practices in virtual machine management ensuring compliance regarding security aspects, corporate compliance and business continuity. In this solution, new features have been added to simplify operations on virtual machines (VM) Windows Server, such as installing security patches without restarting. This feature allows security patches to be deployed in seconds, this makes it easier to protect servers from critical threats. Azure Automanage has also been extended to major Linux distributions.

Govern

Azure Policy

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Ability to monitor spending through alerts on expected costs (forecasted cost alerts)
  • New view of subscription costs
  • Cost Management Labs News

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Integrating Azure Firewall management into Security Center
  • Inclusion of the “Disable rule” experience in SQL vulnerability assessment (preview)
  • Azure Monitor Workbooks built into Security Center
  • Azure Audit reports included in the regulatory compliance dashboard (preview)
  • Ability to view recommendation data in Azure Resource Graph with “Explore in ARG”
  • Workflow Automation Deployment Policy Updates
  • Improvements in the recommendations page

Protect

Azure Backup

Backup Center

The new Backup Center solution is now available and offers a unique experience designed for centralized management of large-scale backups. With Backup Center, you can dynamically explore large backup inventories between vaults, subscriptions, different locations and even tenants using Azure Lighthouse. The Backup Center can also govern any actions related to backups. Thanks to integration with Azure Policies and recent additional features for tag-based Azure Policies, large-scale governance can be implemented and compliance monitoring simplified. Backup Center also provides useful information to detect resources that are not protected from backups.

Backup Center supports the following types of workloads:

  • Azure Virtual Machines
  • SQL in Azure Virtual Machines
  • HANA in Azure VMs
  • Azure Files

Furthermore, the following workloads are supported in preview:

  • Azure Disks
  • Azure Blobs
  • Azure Database for PostgreSQL Servers

Azure Managed Disk backups

Azure Backup offers the ability to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.

SAP HANA Incremental Backup Support

Azure Backup introduces support for creating incremental SAP HANA backups (at the moment in all regions, except Germany Northeast, Germany Central, France South, and US Gov IOWA). Sap HANA's large DB protection is faster and cheaper with this feature.

Support for Archive storage for backup of VMs and SQL on board VMs (preview)

In Azure Backup, you can now move recovery points to save costs and keep your backup data longer. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Using Azure PowerShell, you can move these backups from the standard tier to the new archive tier. Restores can be done in an integrated way from the Azure portal, with a simple and intuitive process. In addition to this, Azure Backup will provide, using a specific API, recommendations for moving recovery points to the tier archive.

Backup for Azure Blobs (preview)

Azure Blob backup is an on-premises and managed data protection solution, this helps protect block blobs from various data loss scenarios. Data is stored locally within the source storage account and can be restored from a certain selected time when needed. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Expanding DR scenarios to Availability Zones from Azure

Although Availability Zones are traditionally used by customers for high-availability configurations of environments, can now also be leveraged to implement specific disaster recovery scenarios. This feature allows you to define DR plans for scenarios where the maintenance of data residency and local compliance is required, improving the Recovery Point Objective (RPO). This configuration also reduces the complexity of the configurations required to implement a DR strategy in a secondary region.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support to provide multiple server credentials on the Azure Migrate appliance needed to detect installed applications (software inventory), perform agentless dependency analysis and discover SQL Server instances and databases in the VMware environment.
  • Agentless VMware migration now supports simultaneous replication of 500 VMs for vCenter.
  • Azure Migrate automatically installs the Azure VM agent during migration (using the agentless migration method).
  • Azure Migrate Hub now includes an app containerization tool (preview), with support for ASP.NET and Java web applications, which allows you to facilitate the migration of containerized applications running on Azure Kubernetes Service (AKS).
  • Ability to perform assessment for migration to Azure VMware Solution.
  • The new Azure Migrate PowerShell module (preview) adds support for Server Migration agentless tools for migrating VMware virtual machines (VM) in Azure. Furthermore, you can configure and manage server replication to Azure and migrate them, using Azure PowerShell cmdlets in an automated and repeatable way.

Azure Database Migration

SQL Server discovery and assessment agentless

With Azure Migrate, you can now discover SQL Server instances and databases running in a VMware environment, analyze their configuration, application performance and dependencies to migrate to Azure SQL databases and Azure SQL Managed Instances. The solution can provide information regarding the possibility of migration, correct sizing and SQL Azure cost projections.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in February 2021

The month of February was full of news and there are several updates that have affected the Azure management services. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Availability in new regions

Azure Monitor Log Analytics is available in the following new regions:

  • UAE Central
  • Japan West
  • Australia Central 2 (preview)

To check the availability of the service in all the Azure regions you can consult this document.

The new Azure Monitor agent and the new data collection rules features(preview) extend to new regions and distros

Azure Monitor currently has (in preview) a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features of this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

As far as the Data Collection is concerned, it introduces these innovations:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

AMA on Linux supports the following new distros for data collection (Data Collection Rules – DCR):

  • CentOS Linux 8*
  • Debian 10
  • Oracle Linux 8*
  • Red Hat Enterprise Linux Server 8*
  • SUSE Linux Enterprise Server 15.2*
  • SUSE Linux Enterprise Server 15.1*
  • Ubuntu 20

*Known issue with Syslog events. Currently only Performance Counters are supported (CPU, Memory, Disk, Network)

Furthermore, AMA and DCR are now available in new regions:

  • UK West (Wuk)
  • Korea Central (If)
  • France Central (Frc)
  • South Africa North (Jnb)
  • Switzerland North

New disk bursting metrics

Azure Monitor allows you to obtain detailed information on the resources deployed and running in the Azure environment. Through metrics, which are resource performance indicators in Azure, you can get detailed information about what's happening. Azure Monitor releases new metrics to help you better understand disk bursting performance. These new metrics provide the expected performance from Premium SSD disks and indicate the amount of bursting credits that have been used.

Configure

Azure Automation

Availability in new regions

Azure Automation is available in the following new regions:

  • Japan West
  • UAE Central

To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Cost Management

Availability for Azure Government Pay-As-You-Go subscription

Azure Cost Management features are now also available for Azure Government Pay-As-You-Go subscriptions.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

What's new in Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Cross Region Restore (CRR) for Azure virtual machines

Azure Backup stores the backup data in the Recovery Service vault on which a geographical redundancy is set by default. This results in the backup data in the primary region being geographically replicated to the associated secondary region (paired region). However, replicated data in the secondary region is available for recovery only if Azure declares an emergency in the primary region. By adopting this new functionality in Azure Backup, you will be able to start restores of virtual machines in a secondary region at will, making them completely controlled by the customer. To do this, however, the Recovery Service vault that holds the backups must be set up in geographical redundancy. Recovery between different Azure regions is available, still in preview, also for SQL and SAP HANA.

New features for Azure Backup Center (preview)

Backup Center, currently in preview, now also supports the following workloads: SQL in Azure VM, SAP HANA in Azure VM and Azure Files. With the Backup Center, you can centrally manage and monitor backups of all supported Azure workloads.

Furthermore, new built-in policies for Azure Backup have been included in the Backup Center that allow you to configure the backups of virtual machines in Azure based on the resource groups they belong to and the assigned tags.

Azure Backup for SAP HANA: soft limit increased by 2 TB to 8 TB

Thanks to the new data transfer features, Azure Backup now helps protect larger SAP HANA DB. Azure Backup for SAP HANA now allows you to reach data transfer speeds up to 420 MBps for non-log backups (for example full, differential and incremental) and 100 MBps for log backups. Thanks to this improvement in data transfer capacity it is possible to back up ~ 1,5 TB per hour, which results in 6-8 TB of full backups in 4-6 hours. The Azure Backup Service allows you to provide similar speeds even during restore operations.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 54 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in January 2021

The new year began with several announcements from Microsoft regarding news related to Azure management services. The Cloud Community releases this summary monthly, allowing you to have a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Cross query between Azure Monitor and Azure Data Explorer (preview)

The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.

Among the various features recently released we find the ability to perform queries:

  • Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
  • On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer

In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.

Monitoring Azure Data Explorer Cluster with Azure Monitor (preview)

Azure Monitor expands its capabilities with Azure Monitor for Azure Data Explorer, which allows you to perform a complete monitor of Azure Data Explorer clusters, providing a single view of performance, of operations, and actual use.

Integration between Azure Monitor workbooks and Application Change Analysis (preview)

The recently released integration between Azure Monitor and Application Change workbooks allows you to create different types of charts, using as a data source the information regarding the changes that are made in the Azure environment. For example,, you can create charts to see when important changes have occurred in the last few 24 hours, or use the ability to merge to see what changed before a spike in memory that occurred on a VM.

ITSM Connector for ServiceNow ITOM with Secure Export (preview)

Secure Export is the new version (in preview) of the’IT Service Management Connector (ITSM) of Azure Monitor, which allows you to automatically create work items in an ITSM tool, when an Azure Monitor alert is activated. As part of the preview, a new integration with ServiceNow IT Operations Management was introduced (ITOM) using Secure Export.

Azure Monitor Network Insights

Azure Monitor Network Insights is now available and allows , through a centralized console, to monitor your Azure network infrastructure. The main features of Network Insights are as follows:

  • Unique console for the network monitor.
  • Agent configuration is not required.
  • Centralized access to traffic and connectivity monitor tools, that allow you to check health state, metrics, alerts, and data.
  • Viewing the network topology, with the ability to view functional dependencies. This will make it easier to solve any problems.
  • Access resource metrics to debug when needed, without having to write queries or create specific workbooks.

Availability in new regions

Azure Monitor Log Analytics is now available in the following Azure regions: “Germany West Central”, “UAE North”, and “Switzerland West”. Furthermore, Azure Log Analytics is available in preview in two new regions: “UAE Central” and “Japan West”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in new regions

Azure Automation is now available in the “UAE North” and in the region of “Switzerland West”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Support for NSG Flow Logs

TheNSG flow logs in the Azure platform, they allow you to maintain the visibility of network traffic entering and leaving the Network Security Groups. To simplify the deployment experience, NSG flow logs Integrated support has been introduced in the Azure Policy, which allows you to check the enabled status and to force the collection of NSG flow logs when disabled, specifically by using the following policies:

  • Audit policy: NSGs flag without Flow logs enabled
  • DeployIfNotExists policy: Enable Flow logs on NSGs where it is disabled   

Azure Cost Management

Updates related to Azure Cost Management and Billing

Microsoft is constantly looking for new ways to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . In this article some of the latest improvements and updates regarding this solution are reported, including:

  • New cost view for resource groups
  • Saving the last scope used
  • Cost Management Labs News
  • Definition of roles and responsibilities
  • Cost-saving methodologies by running .NET apps on Azure
  • New ways to save money
  • New videos to deepen these issues
  • Documentation updates

Secure

Azure Security Center

Vulnerability assessment for on-premises and multi-cloud systems

The Azure Security Center solution has recently been enriched with the ability to carry out an integrated Vulnerability Assessment, not just virtual machines in Azure, but also systems located on-premises or in multi-cloud environments, as long as Azure Arc has been enabled.

The vulnerability scanning included in Azure Defender for servers is done through the solutionQualys, which is recognized as a leading tool for real-time identification of potential vulnerabilities in the systems.

Thanks to this update, it is possible to harness the power of Azure Defender for server to consolidate the vulnerability management program on all resources in your environment (Azure and not). Among the main features we find:

  • Monitoring the VA scan (vulnerability assessment) on Azure Arc machines
  • Provisioning the VA agent on Azure Arc Windows and Linux machines (manually and on a large scale)
  • Receiving and analyzing vulnerabilities detected by distributed agents (manually and on a large scale)
  • Unified experience for Azure VMs and Azure Arc machines

What's new in Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Azure Security Benchmark becomes the default initiative
  • Secure score for management groups (preview)
  • Secure score API
  • DNS sangling security added to Azure Defender for App Service
  • Multi-cloud connectors
  • Exemption, for subscriptions and management groups, for recommendations from the secure score
  • Users can request visibility “tenant-wide”
  • 35 recommendations in previews added
  • CSV export of filtered lists of recommendations
  • Resources “Not applicable” are reported as “Compliant” in Azure Policy assessments
  • Weekly export of secure score and regulatory compliance data through continuous export (preview)

Azure Defender for SQL updates and enhancements

In Azure Security Center, the following updates and improvements have been made to Azure Defender for SQL:

Protect

Azure Backup

Azure Managed Disk backups (limited preview)

Azure Backup offers the ability, at the moment by accessing a limited preview, to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.

Encryption at rest with keys “customer-managed”

Azure Backup introduces encryption at rest support using customer-managed keys. This feature encrypts backup data in recovery services vaults using your keys in the Azure Key Vault. Data is protected using a data encryption key (DEK) AES-based 256, which in turn is protected using the keys stored in the Key Vault. Compared to encryption that uses keys managed by the Azure platform (available by default), this support gives you more control over encryption key management, enabling you to best meet your compliance needs.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 53 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in December 2020

In December several news regarding Azure management services were announced by Microsoft. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New Azure Monitor agent and new Data Collection Rules features(preview)

Azure Monitor introduces (in preview) a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

With regard to the Data Collection, these innovations have been made:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

Azure Monitor for Windows Virtual Desktop (preview)

Azure Monitor now allows you to perform the following operations related to Windows Virtual Desktop environments:

  • View a summary of the status and health of host pools
  • Find and resolve any deployment issues
  • Evaluate resource usage and make decisions about scalability and cost management
  • Understanding and addressing user feedback

Azure Monitor for containers: tab reports and deployment logs

In Azure Monitor for containers a new tab has been made available Reports that gives customers complete access to all advanced monitoring workbooks for Kubernetes, for example: Node-disk, Node-network, workloads and Persistent Volume monitoring.

Furthermore, you can now view real-time logs of Azure Kubernetes Service deployments (AKS), accessing the live logs of the pods directly. Log Analytics will allow you to search by applying filters to view historical pod deployment logs, useful for diagnosing any issues.

Azure Monitor for containers: support for Private Cluster live logs (preview)

In Azure Monitor for containers support for private cluster live logs has been introduced, this allows you to view in real time container logs, pod events and metrics. For more details please visit the Microsoft-specific documentation.

Infrastructure Encryption for Azure Monitor data 

Starting from 1 November 2020 data that flows into Azure Monitor is encrypted twice: at the service level and now also at the infrastructure level, thanks to the double encryption available for Azure storage.

Configure

Azure Automation

Support for Azure Private Link available

Microsoft has introduced support forAzure Private Link, necessary to securely connect virtual networks to Azure Automation through the use of private endpoints. This feature is useful for:

  • Establish a private connection with Azure Automation, without opening access from the public network.
  • Ensure that Azure Automation data is accessible only through authorized private networks.
  • Protect yourself from data extraction by allowing granular access to specific resources.
  • Keep all traffic within the Microsoft Azure backbone network.

Availability in new regions

Azure Automation is now available in the “Norway East” and “Germany West Central”. To check the availability of the service in all the Azure regions you can consult this document.

Support for Python3 runbooks (preview)

In Azure Automation, you can now import, create and run runbooks Python 3 in Azure or in a Hybrid Runbook Worker.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.