In September there were several news announced by Microsoft regarding Azure management services. In this summary, which I report on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Support for Availability Zones is available

Azure Monitor has introduced support for Availability Zones that help protect applications and data from datacenter failures and can provide resilience for Azure Monitor features such as Application Insights and any other functionality that relies on a Log Analytics workspace. When a workspace is linked to an availability zone, Azure Monitor remains active and operational even if a specific datacenter is not functional or completely inactive. Azure Monitor currently supports Availability Zones for the following regions: East US 2 and West US 2.

Cross query between Azure Monitor and Azure Data Explorer

The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.

Among the various features recently released we find the ability to perform queries:

• Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
• On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer

In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.

Support for Windows Server 2022 for the Azure Monitor Agent

The Azure Monitor Agent is now also supported for Windows Server 2022 such as virtual machines, virtual machine scale sets and Arc enabled servers (in on-premise environments and / or non-Azure servers).

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems where several improvements and greater stability are introduced. Furthermore, the OMI component has been updated to version 1.6.8 and introduced support for AWS 2 / Centos 8.4 Linux.

Configure

Azure Automation

Support for the Az module

Azure Automation introduces support for the module “Az”, available by default for all new Automation Accounts. Furthermore, the option is present in the Azure portal “Update Az Modules” which allows you to update the modules to “Az” for existing Automation Accounts.

Govern

Azure Policy

Support for AKS custom policy (preview)

Microsoft has announced in preview support for custom policies for Azure Kubernetes Service clusters (AKS). With this feature, it is possible to create and assign custom policy definitions and constraint templates to AKS clusters, see advanced information about any errors, use the embedded constraint template embedded within the policy definition and more.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Sharing reservations between different subscriptions through management groups.
• New cost view for services and products.
• What's New in Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.

Protect

Azure Backup

New alerts and management in the Backup center (preview)

Azure Backup has released a new Azure Monitor based alerting solution, which allows you to take advantage of the notification capabilities offered by Azure to monitor and effectively act on critical backup incidents. These alerts can also be managed directly by Azure Backup center.

Oracle snapshot with Azure Backup

Azure Backup now allows you to run pre-post scripts to deactivate and reactivate Oracle databases. This allows you to have consistent backups and take advantage of all the advantages of Azure VM backup also for Oracle systems. Database-consistent snapshots can be used for restores from Oracle, they are verifiable by Oracle database clients such as RMAN and have economic advantages as the backup of Azure VMs is intrinsically incremental. The ability to take consistent snapshots at the Oracle database level also means there is no need to stream the full daily data to a storage target, therefore it is possible to significantly reduce the I / O demand on the machine and on the network, as well as reducing the need for large storage spaces. Furthermore, the use of these snapshots guarantees the ability to quickly create clones of Oracle production VMs and it is not necessary to perform intensive I / O operations such as a datapump.

Offline backup with Azure Data Box

Microsoft has made the Azure Offline Backup functionality available using Azure Data Box, which allows you to use Azure Data Box to seed large initial backups offline in an Azure Recovery Service vault.

Azure Site Recovery

New features to simplify the DR scenarios of VMs in a VMware environment (preview)

The following changes have been released in preview in ASR to help improve the activation of Disaster Recovery scenarios for VMware environments:

• Automatic updates for the ASR replication appliance and for the Mobility agent. A limitation of the current ASR architecture is the need to manually update the various components of the configuration server and the Mobility service. To make things easier, Microsoft has introduced the ability to update automatically: when an update is made available, both the appliance (configuration server) and the Mobility service can be updated automatically. Furthermore, to perform automatic updates, the machine's root / admin credentials are no longer required.
• Scalability improvements. The appliance becomes a single management unit where all its components have been converted into microservices hosted in an Azure environment. Not only will this make troubleshooting a lot easier, but managing the scalability of the solution will also be easier.
• High availability for the appliance. Appliance resilience is a required feature and, thanks to this review, it is no longer necessary to perform regular backups of the appliance, but just start a new appliance and transfer all protected machines to the new appliance, without having to repeat a full replication.

Upgrade al TLS 1.2 or later

As part of the Microsoft initiative that provides for Azure to use TLS 1.2 by default and removing dependencies from previous versions, Azure Site Recovery is moving away from legacy protocols to ensure greater security for replication data. Therefore, TLS 1.0 e TLS 1.1 they will no longer be supported. These changes will take effect on 15 November 2021. To continue using Azure Site Recovery without interruption, you should make sure that all the resources that use the Microsoft Azure Recovery Services agent (MARS) are enabled for the use of TLS 1.2 or later.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft constantly releases news about Azure management services. By publishing this summary, we want to provide an overall overview of the main news released in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

The IT Service Management Connector is certified with the Quebec version of ServiceNow

The IT Service Management Connector (ITSM) of Azure Monitor is now certified for the Quebec version of ServiceNow. This connector allows you to establish a two-way connection between Azure and ITSM tools, useful for managing incidents and solving problems faster. Furthermore, it is possible to create work items in the ITSM tool, based on Azure alerts(Metric Alerts, Activity Log Alerts, e Log Analytics alert).

Lower levels for reservations for Azure Monitor dedicated clusters

Microsoft has reduced the capacity reservation (capacity reservation) minimum required for Azure Monitor dedicated clusters, bringing it from 1.000 GB to 500 GB per day. This allows you to take advantage of advanced features such as customer-managed keys, lockbox, and infrastructure encryption, even to customers with lower data entry volume.

The retirement of the Log Analytics agent has been announced

Microsoft announced that the 31 August 2024 the Log Analytics agent used in Azure Monitor will be retired. Therefore, before that date, you should use the new Azure Monitor agent (AMA) and data collection rules (DCR) of Azure Monitor to monitor virtual machines and servers.

Configure

Azure Automation

New features coming soon to be released

Microsoft has announced that the following new features will soon be released for Azure Automation:

• Azure AD support: ability to use Azure AD-based authentication for public automation endpoints
• Support for Powershell 7: ability to run Azure Automation runbooks, in production scenarios, using PowerShell 7.1
• Azure Automation Hybrid Worker Extension for Azure and for Azure Arc machines: possibility of onboarding hybrid workers using the hybrid extension for Azure and Azure Arc machines.
• Support for Availability Zones, useful for increasing the levels of reliability and resilience.
• Native support of the Powershell Az module.

Govern

Azure Policy

Azure Guest Configuration Policy: possibility of applying settings within the systems as well (preview)

Guest Configuration Policies allow you to control settings within a machine, both for virtual machines running in Azure environment and for "Arc Connected" machines. At the moment, most of the Azure Guest Configuration Policies only allow you to make checks on the settings inside the machine, but they do not apply configurations. However, Microsoft has announced in preview the possibility to apply configurations provided by Microsoft or to create your own configuration packages using PowerShell DSC version 3.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Azure Security Center

Azure Defender for SQL available from Azure SQL Virtual Machine blade

This new Azure Defender information browsing experience for SQL VMs, allows you to view, directly from the SQL virtual machine panel, information about security best practices for related SQL Server databases.

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Microsoft Defender for Endpoint for Linux is now supported by Azure Defender for servers (in preview)
• Added two new recommendations for managing endpoint protection solutions (in preview)
• Released the regulatory compliance dashboard Azure Audit reports
• Azure Defender for container registries is now able to scan registry protected with Azure Private Link
• Security Center allows you to self-provision extensions for Azure Policy Guest Configuration (in preview)

Protect

Azure Backup

Support for Archive storage for backup of VMs and SQL on board VMs

In Azure Backup, you can now move recovery points to save costs and keep your backup data longer. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Using Azure PowerShell, it is possible to move these backups from the standard tier to the new archive tier.

When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can be done in an integrated way from the Azure portal, with a simple and intuitive process.

Azure Site Recovery

ASR support for global disaster recovery

Azure Site Recovery (ASR) introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected.

Extended the date of withdrawal of Hard coded IP address

Microsoft has extended the retirement date for hard coded IP addresses to connect with Azure Site Recovery services to 31 August 2024. This allows you to have more time to adjust the configurations of the environments to use the Azure service tags.

Migrate

Azure Migrate

Software inventory and agentless dependency analysis

In Azure Migrate it is now possible to inventory applications, roles and features installed and perform dependency analysis, on Windows and Linux servers, without installing any agent. Agentless dependency analysis allows you to identify and understand dependencies between servers, supporting data collection for up to 1000 servers at the same time.

Discovery and assessment of ASP.NET Web Apps with Azure Migrate (preview)

Azure Migrate now allows you to identify and assess ASP.NET Web Apps running on the on-premises IIS Web server and manage their migration. Until now, it was necessary to use tools such as App Service Migration Assistant to evaluate the Web Apps. Thanks to the introduction of this feature in Azure Migrate, it is possible to discover the .NET Web Apps running in your VMware environment and create assessments to manage the migration to Azure IaaS or Azure App Service.

Containerization of apps and migration to AKS or Azure App Service

The Azure Migrate app containerization tool allows you to modernize existing ASP.NET and Java web applications, using a containerization approach that requires little or no application changes. The tool groups existing applications running on servers in a container image and allows them to be deployed in containers running in Azure Kubernetes Service(AKS) or in Azure App Service. As part of the migration process, the tool allows you to parameterize the application configurations, outsource file system dependencies using persistent volumes and configure the containerized application monitor using Application Insights.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft constantly announces news regarding Azure management services and as usual this monthly summary. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New built-in policies for Log Analytics workspaces and linked automation accounts

When designing and deploying Azure Monitor Log Analytics workspaces, it is advisable to adopt specific criteria to distribute them consistently, in compliance with the compliance of their environment. Thanks to a new built-in policy it is possible to automate and control the distribution of Log Analytics workspaces and the Automation Accounts connected to them in your own environments.

Better integration between Azure Monitor and Grafana

Grafana is a very popular open source visualization and analysis software, which allows you to query, view and explore various metrics from multiple data sources in a centralized way. Recently, some updates have been made to the Azure Monitor plug-in for Grafana that allow you to enable additional data sources and easier authentication via managed identity. Among the main improvements we find:

• Azure Resource Graph in the Azure Monitor Grafana data source. Azure Resource Graph (ARG) is a service in Azure that allows you to perform large-scale queries on a given subscription set, so that you can effectively govern your environment. With Grafana 8.0, Azure Monitor data source supports querying ARG.
• Managed Identities are supported for the Grafana data source hosted in Azure and for Azure Monitor. Customers hosting Grafana on Azure (e.g.. App Service, Azure Virtual Machine) and have enabled managed identity on their virtual machine, they will be able to use it to configure Azure Monitor in Grafana. This aspect simplifies the configuration of the data source, requiring it to be securely authenticated without having to manually configure credentials through app registrations in Azure AD for each data source.
• Direct links to the Azure portal for Grafana metrics. To allow easy exploration of Azure Monitor metrics directly from Grafana, when a user selects the result of a query, a menu appears with a link to “View in the Azure portal”. Selecting it will redirect you to the corresponding chart in the Azure Metrics Explorer portal.

Direct proxy and Log Analytics gateway support for the new agent

Following the recent announcement on the availability of the new Azure Monitor agent (AMA) and data collection rules (Data Collection Rules), support for direct proxies and support for Log Analytics gateways is introduced for this agent.

Configure

Azure Automation

Support for User Assigned Managed Identities (preview)

Azure Automation has introduced support for User Assigned Managed Identities, which allows you to eliminate the effort of managing RunAs Accounts for runbooks. A User Assigned Managed Identities is an independent Azure resource that can be assigned to the Azure Automation account, which can have multiple associated user-assigned identities. The same identity can be assigned to multiple Azure Automation accounts.

Govern

Azure Policy

Azure Policy built-in for Network Watcher Traffic Analytics

Traffic Analytics is based on the analysis of NSG flow logs and after an appropriate aggregation of data, inserting the necessary intelligence concerning security, topology and geographic map, can provide detailed information about the network traffic of your Azure cloud environment. The following new built-in policies have been introduced to facilitate the deployment of Traffic Analytics:

• An audit policy: Flag flow logs resource without traffic analytics enabled
• DeployIfNotExists policies: Enable Traffic Analytics on NSGs in an Azure region of a subscription or resource group

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Confirmation of billing policies in the same location where cost configuration settings are managed
• What's new in Cost Management Labs
• New possibilities to optimize costs in Azure

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Improvements related to the recommendation to enable Azure Disk Encryption (ADE)
• Continuous export of the secure score and regulatory compliance data’
• Workflow automations can be triggered by changes related to regulatory compliance assessments
• The fields 'FirstEvaluationDate'’ and ‘StatusChangeDate’ Assessment APIs are available in workspace schemas and logic apps
• The template ‘Compliance over time’ has been added to the Azure Monitor Workbook collection

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 56 that solves several issues and introduces some improvements. In particular, this update introduces the following new features:

• Microsoft Azure Site Recovery (services): Improvements have been made to enable replication and new protection operations to be faster than 46%.
• Microsoft Azure Site Recovery (portal): Replication between any two Azure regions around the world can now be enabled. You are no longer limited to enabling replication on your continent.

The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

The new Azure Monitor agent and new Data Collection Rules features are available

Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

• Support for Azure Arc server(Windows and Linux) 
• Virtual Machine Scale Set support (VMSS)
• Installation via ARM template

With regard to the Data Collection, these innovations have been made:

• Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
• Single collection and sending to both Log Analytics and Azure Monitor Metrics
• Send to multiple workspaces (multi-homing for Linux)
• Ability to better filter Windows events
• Better extension management

All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).

Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)

Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.

Azure Monitor cost changes to achieve significant savings

Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:

• New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
• Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
• Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.

Govern

Azure Policy

Changes in compliance for Resource Type Policies

Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Display of amortized costs in the cost analysis preview.
• Cloudyn is withdrawn from the 30 June.
• News regarding Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• New alerts for Azure Defender for Key Vault
• Recommendations for encrypting through customer-managed keys (CMKs) (disabilitata by default)
• Prefix change for Kubernetes alerts, from “AKS_” to “K8S_”
• Deprecated two recommendations from the security check “Apply system updates”

Protect

Azure Backup

TLS 1.2 enforcement per il MARS backup agent

Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.

Cross Region Restore of SQL / SAP HANA running on VM in Azure

In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

• Support for new geographies of the public cloud.
• The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
• Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.

Support for Azure private links

Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

The new Azure Monitor agent and new Data Collection Rules features are available

Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

• Support for Azure Arc server(Windows and Linux) 
• Virtual Machine Scale Set support (VMSS)
• Installation via ARM template

With regard to the Data Collection, these innovations have been made:

• Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
• Single collection and sending to both Log Analytics and Azure Monitor Metrics
• Send to multiple workspaces (multi-homing for Linux)
• Ability to better filter Windows events
• Better extension management

All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).

Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)

Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.

Azure Monitor cost changes to achieve significant savings

Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:

• New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
• Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
• Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.

Govern

Azure Policy

Changes in compliance for Resource Type Policies

Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Display of amortized costs in the cost analysis preview.
• Cloudyn is withdrawn from the 30 June.
• News regarding Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• New alerts for Azure Defender for Key Vault
• Recommendations for encrypting through customer-managed keys (CMKs) (disabilitata by default)
• Prefix change for Kubernetes alerts, from “AKS_” to “K8S_”
• Deprecated two recommendations from the security check “Apply system updates”

Protect

Azure Backup

TLS 1.2 enforcement per il MARS backup agent

Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.

Cross Region Restore of SQL / SAP HANA running on VM in Azure

In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

• Support for new geographies of the public cloud.
• The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
• Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.

Support for Azure private links

Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

To stay constantly updated on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Log Analytics workspace insights

Microsoft has announced the availability of Log Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: usage, performance, integrity, agents, query and change logs.

These are the main questions to which the solution can provide an answer:

• What are the main tables, those where most of the data is imported?
• Which resource sends the most logs to the workspace?
• How long does it take for the logs to reach the workspace?
• How many agents are connected to the work area? How many are in a health state?
• Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
• Who has set a daily limit? When data retention has changed?
  • Useful for keeping a log of changes in workspace settings.

Export of Azure Monitor logs to multiple destinations (preview)

You now have the option to create up to 10 data export rules in each Log Analytics workspace, having the flexibility to decide which tables to export and to which destination (storage accounts oppure event hubs). This configuration possibility makes it possible to address these aspects:

• Event hub rate limit
• Single storage account rate limit
• Different logs can be exported to different destinations.

Updates related to the user interface(UI)

The following user interface updates have been introduced in Log Analytics(UI):

• Consultation of custom logs: it is now possible to control and manage the table and the custom fields from a new dedicated panel, offering a new user interface that improves the experience of consulting custom logs.
• Azure Dashboard: the parts of Log Analytics added to Azure dashboards support integration with filters.

Query packs in Azure Monitor (preview)

Query packages have been made available in Azure Monitor , which are essentially ARM objects containing several queries. Among the main features we find:

• Being ARM objects, precise control of permissions is provided and can be distributed via code and incorporated into policies.
• They work in all contexts and in all environments, with the ability to upload them to multiple subscriptions.
• They allow organizations to better organize queries based on their taxonomy, thanks to the presence of new metadata.
• The clear experience, harmonized and contextual to the environment is incorporated in Log Analytics.

Availability in new regions

Azure Monitor Log Analytics is now also available in the South India region. To check the availability of the service in all the Azure regions you can consult this document.

Secure

Azure Security Center

Integration con GitHub Actions (in public preview)

The integration of Azure Security Center (ASC) with GitHub Actions, in public preview, allows you to easily incorporate security and compliance early in the software development lifecycle. With this integrated experience, you can gain greater visibility into IT operations and IT security, both in the pipeline CI / CD, both in the security scans of container registry within ASC. Furthermore, end-to-end traceability makes it easier for developers to identify issues, improving resolution times and strengthening your cloud security posture.

Re-scanning of containers

Azure Security Center has introduced a new scan for containers that analyzes images to identify vulnerabilities before the push action occurs within the Azure container registries. In the future, ASC will also provide recommendations if you detect workflows that send Docker images without enabling scan actions CI / CD.

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Azure Defender for DNS and Azure Defender for Resource Manager released in General Availability (GA)
• Azure Defender for open-source relational databases released in General Availability (GA)
• New alerts for Azure Defender for Resource Manager
• CI/CD vulnerability scanning of container images with GitHub workflows and Azure Defender (preview)
• Additional Resource Graph queries available for some recommendations
• Changes to the severity of the recommendations relating to the SQL data classification
• New recommendations for enabling features trusted launch (preview)
• New recommendations for hardening of Kubernetes clusters (preview)
• Extended API assessments with new fields

Protect

Azure Backup

Backup for Azure Blobs

Azure Blob Backup is a managed data protection solution, this helps protect block blobs from various data loss scenarios. The data is stored locally within the source storage account and can be restored from a certain time when necessary. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Enable Azure Site Recovery (ASR) when creating virtual machines

While creating new virtual machines from the Azure portal, you can now also enable the Azure Site Recovery replication process. This possibility is included in the virtual machine management options along with those already available, such as Monitoring, Identity, and Backup.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news is the migration of virtual machines and physical servers with operating system disks up to 4 TB, which is now supported using the migration method based on the presence of the agent.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft is constantly announcing news regarding Azure management services. This summary, released on a monthly basis, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New agent version for Windows Systems

A new version of the Log Analytics agent has been released this month for Window systemss. The new version includes a new tool for troubleshooting and handles changes to certificates in Azure services differently.

The uniqueness of the name of the Log Analytics workspaces is now per resource group

In the past, the uniqueness of the Azure Monitor Log Analytics workspace was globally for all subscriptions. This meant that when a workspace name was used by a customer, it could not be reused by others. Microsoft has changed the way in which the uniqueness of the workspace name is requested and is now managed in the context of the resource group.

New definitions built-in of the Azure Policy for data encryption in Azure Monitor

Azure Monitor provides built-in policies for data encryption governance and control over the key used for encryption at rest. Here are the new built-in policies available for data encryption:

• Azure Monitor logs clusters should be encrypted with customer-managed key – Audit if log analytics cluster is defined with customer-managed key.
• Azure Monitor logs clusters should be created with infrastructure-encryption enabled (double encryption) – Audit log analytics cluster is created with Infrastructure enabled.
• Azure Monitor logs for application insights should be linked to a log analytics workspace – Audit if application insights is linked to store data in log analytics workspace. Workspace can then be linked to a log analytics cluster for customer-managed key settings.
• Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption – Audit if workspace has linked storage account, which allows the encryption using customer-managed key.
• Log alert queries in Azure Monitor will be saved in customer storage account, if workspace has linked storage account, which allows the encryption using customer-managed key.

Improvements for Log Alerts

Log Alerts are available in Azure Monitor that allow users to use a Log Analytics query to evaluate the resources logs at a set frequency and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. In this context, two new highly requested features have been released (in preview):

• Stateful Log Alert: with this feature enabled, activated alerts are automatically resolved once the condition is no longer satisfied. In this way, the same behavior is adopted as in the alerts related to metrics.
• Frequency of 1 minute: with this feature enabled, the alert query is evaluated every minute to verify the specified condition, thus reducing the overall time for activating a Log Alert.

Availability in new regions

Azure Monitor Log Analytics is also available in the region South India.

To check the availability of the service in all the Azure regions you can consult this document.

Container insights: support for the monitor of Kubernetes Azure Arc enabled environment (preview)

Containers insights in Azure Monitor has extended its monitor capabilities to Azure Arc Kubernetes clusters as well, providing the same monitoring capabilities present for the Azure Kubernetes service (AKS), which:

• Visibility on the performance of the environment, through the memory and processor metrics for the controllers, nodes and containers.
• View information collected through workbooks and in the Azure portal.
• Alert and possibility of querying historical data for problem solving.
• Ability to verify Prometheus metrics.

Configure

Azure Automation

Availability in new regions

Azure Automation is also available in the region South India.

Support for System Assigned Managed Identities for cloud and Hybrid job (public preview)

Azure Automation has introduced support for System Assigned Managed Identities for cloud and Hybrid jobs. Among the advantages of using Managed Identities we find:

• The ability to authenticate to any Azure service that supports Azure AD authentication.
• Elimination of the management overhead associated with managing Run As accounts in runbook code. This makes it possible to access resources via the Managed Identity of an Automation account from a runbook, without having to worry about creating RunAsCertificate, RunAsConnection, etc.
• It is not necessary to renew the certificate used by the Automation Run As account.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

• Detail costs expressed in currencies other than the dollar
• New date selector in cost analysis (preview)
• News regarding Cost Management Labs
• New ways to achieve Azure cost savings

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Refreshed resource health page (preview)
• Container registry images that have been recently pulled are now rescanned weekly
• Azure Defender for Kubernetes to protect hybrid and multi-cloud Kubernetes deployments (preview)
• Microsoft Defender for Endpoint integration with Azure Defender now supports Windows Server 2019 and Windows 10 Virtual Desktop (WVD) released
• Recommendations to enable Azure Defender for DNS and Resource Manager (preview)
• Three regulatory compliance standards added: Azure CIS 1.3.0, CMMC Level 3, and New Zealand ISM Restricted
• Four new recommendations related to guest configuration (preview)
• CMK recommendations moved to best practices security control
• 11 Azure Defender alerts deprecated
• Two recommendations from “Apply system updates” security control were deprecated
• Azure Defender for SQL on machine tile removed from Azure Defender dashboard
• 21 recommendations moved between security controls

Protect

Azure Backup

Azure Dedicated Host protection support

Azure Backup has introduced support for the backup and recovery of virtual machines residing on Azure Dedicated Host, physical servers dedicated to your organization whose capacity is not shared with other customers. This feature is available in all Azure regions where Azure Dedicated Host can be activated.

Azure VM Scale sets protection with orchestration templates (preview)

Azure Backup now allows you to backup and restore Azure VM Scale sets with orchestration models, which provide a logical grouping of virtual machines managed by the platform.

Improvements in encryption using customer managed keys (preview)

Azure Backup now allows you to use your own keys to encrypt backup data residing in the Recovery Services vaults. This new feature allows you to increase the control of the encryption of your data. Furthermore, you can use the Azure Policy to control and apply encryption using keys managed directly by the customer.

Azure Site Recovery

Support for Azure Policy (preview)

The ability to use Azure Policy is now provided to enable large-scale use of Azure Site Recovery for virtual machines. After creating a disaster recovery policy for a resource group, all new virtual machines that will be added to this resource group will have Site Recovery enabled automatically. Furthermore, through a Remediation process, Site Recovery can also be enabled for all virtual machines already present in the Resource Group.

Support for cross-continental disaster recovery (for 3 region pairs)

Azure Site Recovery introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected. This feature is currently available for the following 3 pairs of intercontinental regions:

• Southeast Asia and Australia East
• Southeast Asia and Australia Southeast
• West Europe and South Central US

Support of “proximity placement groups” in hybrid and cloud disaster recovery scenarios

Azure Site Recovery introduced support for “proximity placement groups (PPG)” in hybrid and cloud disaster recovery scenarios. With this support it will be possible to replicate an on-premises physical or virtual machine or an Azure virtual machine within a PPG, in the chosen Azure target area. Upon activation of the failover plan, Site Recovery will activate the failover VM within the target PPG selected by the user. This functionality is available both through the Azure portal and through PowerShell and REST API, across all Azure regions.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this new release was released this month:

• The tools Azure Migrate: Discovery and Assessment and Azure Migrate: Server Migration can be used by connecting privately and securely to the Azure Migrate service via ExpressRoute or via a site-to-site VPN, using Azure private links. This connectivity method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.