The new year began with several announcements from Microsoft regarding news related to Azure management services. The Cloud Community releases this summary monthly, allowing you to have a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Cross query between Azure Monitor and Azure Data Explorer (preview)

The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.

Among the various features recently released we find the ability to perform queries:

• Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
• On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer

In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.

Monitoring Azure Data Explorer Cluster with Azure Monitor (preview)

Azure Monitor expands its capabilities with Azure Monitor for Azure Data Explorer, which allows you to perform a complete monitor of Azure Data Explorer clusters, providing a single view of performance, of operations, and actual use.

Integration between Azure Monitor workbooks and Application Change Analysis (preview)

The recently released integration between Azure Monitor and Application Change workbooks allows you to create different types of charts, using as a data source the information regarding the changes that are made in the Azure environment. For example,, you can create charts to see when important changes have occurred in the last few 24 hours, or use the ability to merge to see what changed before a spike in memory that occurred on a VM.

ITSM Connector for ServiceNow ITOM with Secure Export (preview)

Secure Export is the new version (in preview) of the’IT Service Management Connector (ITSM) of Azure Monitor, which allows you to automatically create work items in an ITSM tool, when an Azure Monitor alert is activated. As part of the preview, a new integration with ServiceNow IT Operations Management was introduced (ITOM) using Secure Export.

Azure Monitor Network Insights

Azure Monitor Network Insights is now available and allows , through a centralized console, to monitor your Azure network infrastructure. The main features of Network Insights are as follows:

• Unique console for the network monitor.
• Agent configuration is not required.
• Centralized access to traffic and connectivity monitor tools, that allow you to check health state, metrics, alerts, and data.
• Viewing the network topology, with the ability to view functional dependencies. This will make it easier to solve any problems.
• Access resource metrics to debug when needed, without having to write queries or create specific workbooks.

Availability in new regions

Azure Monitor Log Analytics is now available in the following Azure regions: “Germany West Central”, “UAE North”, and “Switzerland West”. Furthermore, Azure Log Analytics is available in preview in two new regions: “UAE Central” and “Japan West”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in new regions

Azure Automation is now available in the “UAE North” and in the region of “Switzerland West”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Support for NSG Flow Logs

TheNSG flow logs in the Azure platform, they allow you to maintain the visibility of network traffic entering and leaving the Network Security Groups. To simplify the deployment experience, NSG flow logs Integrated support has been introduced in the Azure Policy, which allows you to check the enabled status and to force the collection of NSG flow logs when disabled, specifically by using the following policies:

• Audit policy: NSGs flag without Flow logs enabled
• DeployIfNotExists policy: Enable Flow logs on NSGs where it is disabled   

Azure Cost Management

Updates related to Azure Cost Management and Billing

Microsoft is constantly looking for new ways to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . In this article some of the latest improvements and updates regarding this solution are reported, including:

• New cost view for resource groups
• Saving the last scope used
• What's New in Cost Management Labs
• Definition of roles and responsibilities
• Cost-saving methodologies by running .NET apps on Azure
• New ways to save money
• New videos to deepen these issues
• Documentation updates

Secure

Azure Security Center

Vulnerability assessment for on-premises and multi-cloud systems

The Azure Security Center solution has recently been enriched with the ability to carry out an integrated Vulnerability Assessment, not just virtual machines in Azure, but also systems located on-premises or in multi-cloud environments, as long as Azure Arc has been enabled.

The vulnerability scanning included in Azure Defender for servers is done through the solutionQualys, which is recognized as a leading tool for real-time identification of potential vulnerabilities in the systems.

Thanks to this update, it is possible to harness the power of Azure Defender for server to consolidate the vulnerability management program on all resources in your environment (Azure and not). Among the main features we find:

• Monitoring the VA scan (vulnerability assessment) on Azure Arc machines
• Provisioning the VA agent on Azure Arc Windows and Linux machines (manually and on a large scale)
• Receiving and analyzing vulnerabilities detected by distributed agents (manually and on a large scale)
• Unified experience for Azure VMs and Azure Arc machines

What's new in Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

• Azure Security Benchmark becomes the default initiative
• Secure score for management groups (preview)
• Secure score API
• DNS sangling security added to Azure Defender for App Service
• Multi-cloud connectors
• Exemption, for subscriptions and management groups, for recommendations from the secure score
• Users can request visibility “tenant-wide”
• 35 recommendations in previews added
• CSV export of filtered lists of recommendations
• Resources “Not applicable” are reported as “Compliant” in Azure Policy assessments
• Weekly export of secure score and regulatory compliance data through continuous export (preview)

Azure Defender for SQL updates and enhancements

In Azure Security Center, the following updates and improvements have been made to Azure Defender for SQL:

• Azure Defender for SQL servers on board virtual machines is available (generally available)
• Azure Defender for SQL includes support for Azure Synapse Analytics dedicated SQL pool
• Best Security Center Experience for Azure SQL Database & SQL Managed Instance

Protect

Azure Backup

Azure Managed Disk backups (limited preview)

Azure Backup offers the ability, at the moment by accessing a limited preview, to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.

Encryption at rest with keys “customer-managed”

Azure Backup introduces encryption at rest support using customer-managed keys. This feature encrypts backup data in recovery services vaults using your keys in the Azure Key Vault. Data is protected using a data encryption key (DEK) AES-based 256, which in turn is protected using the keys stored in the Key Vault. Compared to encryption that uses keys managed by the Azure platform (available by default), this support gives you more control over encryption key management, enabling you to best meet your compliance needs.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 53 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In December several news regarding Azure management services were announced by Microsoft. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New Azure Monitor agent and new Data Collection Rules features(preview)

Azure Monitor introduces (in preview) a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

• Support for Azure Arc server(Windows and Linux) 
• Virtual Machine Scale Set support (VMSS)
• Installation via ARM template

With regard to the Data Collection, these innovations have been made:

• Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
• Single collection and sending to both Log Analytics and Azure Monitor Metrics
• Send to multiple workspaces (multi-homing for Linux)
• Ability to better filter Windows events
• Better extension management

Azure Monitor for Windows Virtual Desktop (preview)

Azure Monitor now allows you to perform the following operations related to Windows Virtual Desktop environments:

• View a summary of the status and health of host pools
• Find and resolve any deployment issues
• Evaluate resource usage and make decisions about scalability and cost management
• Understanding and addressing user feedback

Azure Monitor for containers: tab reports and deployment logs

In Azure Monitor for containers a new tab has been made available Reports that gives customers complete access to all advanced monitoring workbooks for Kubernetes, for example: Node-disk, Node-network, workloads and Persistent Volume monitoring.

Furthermore, you can now view real-time logs of Azure Kubernetes Service deployments (AKS), accessing the live logs of the pods directly. Log Analytics will allow you to search by applying filters to view historical pod deployment logs, useful for diagnosing any issues.

Azure Monitor for containers: support for Private Cluster live logs (preview)

In Azure Monitor for containers support for private cluster live logs has been introduced, this allows you to view in real time container logs, pod events and metrics. For more details please visit the Microsoft-specific documentation.

Infrastructure Encryption for Azure Monitor data 

Starting from 1 November 2020 data that flows into Azure Monitor is encrypted twice: at the service level and now also at the infrastructure level, thanks to the double encryption available for Azure storage.

Configure

Azure Automation

Support for Azure Private Link available

Microsoft has introduced support forAzure Private Link, necessary to securely connect virtual networks to Azure Automation through the use of private endpoints. This feature is useful for:

• Establish a private connection with Azure Automation, without opening access from the public network.
• Ensure that Azure Automation data is accessible only through authorized private networks.
• Protect yourself from data extraction by allowing granular access to specific resources.
• Keep all traffic within the Microsoft Azure backbone network.

Availability in new regions

Azure Automation is now available in the “Norway East” and “Germany West Central”. To check the availability of the service in all the Azure regions you can consult this document.

Support for Python3 runbooks (preview)

In Azure Automation, you can now import, create and run runbooks Python 3 in Azure or in a Hybrid Runbook Worker.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In November, Microsoft unveiled several news regarding Azure management services. Our community, through these articles that are released on a monthly basis, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New version of the agent for Linux systems

This month, a new version of the Log Analytics agent was released forLinux systems, which includes several improvements and ensures greater stability. Among the main changes is support for Red Hat Enterprise Linux 8, CentOS 8, Ubuntu 20.04 and SLES 15 SP1+, as well as an extension of features for Azure Arc VMs. It also includes a new troubleshooting tool.

Availability in new regions

Azure Log Analytics is now available in the "Brazil Southeast" and "Norway East" regions. It is also available in preview in three new regions: “Germany West Central”, “UAE North”, and “Switzerland West”. To check the availability of the service in all the Azure regions you can consultthis document.

Virtual Machines Guest Health (preview)

The functionality Virtual Machines Guest Health allows you to monitor the health status of the CPU, disk and memory for a virtual machine and allows you to receive alerts for changes. Each monitor measures the health status of a particular component and the three states covered are: Healthy, Warning, and Critical. These states are defined based on the thresholds set by the user for each monitor. The functionality Virtual Machines Guest Health has a hierarchical model “father-son” where the overall integrity of the virtual machine is determined by the integrity of its individual monitors and corresponds to the monitor state “son” having the worst state of integrity.

Configure

Azure Automation

Availability in a new region

Azure Automation is now available in the “Brazil Southeast”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Export and management of Azure Policies as code with GitHub

You can now export Azure policies to GitHub directly from the Azure portal, through the “Export definitions”. After exporting, you can use GitHub actions to create custom workflows for deploying policies from GitHub to Azure. For further information you can consult this documentation.

Azure Advisor

New recommendations

Azure Adivisor has added the following recommendations to help improve the reliability and performance of Azure resources.

Reliability:

• Latest version of the Azure Connected Machine agent
• Do not override host name when configuring Application Gateway

Performance:

• Deploy VMs closer to the Windows Virtual Desktop deployment location
• Upgrade to the latest version of the Immersive Reader SDK

Protect

Azure Backup

Soft Delete for SQL Server and SAP HANA in Azure VMs

Azure Backup officially released thesoft delete also with regard to the SQL Server and SAP HANA protection on board Azure virtual machines. Soft delete is a security feature that allows you to protect your backups even after you delete it. Thanks toSoft delete, in the event that a backup is removed accidentally or for malicious actions, you are guaranteed that the backup data is still maintained for 14 days from the cancellation date. This feature, that doesn't include any additional costs, allows you to recover any backups removed within the retention period.

News in SAP HANA protection

Azure Backup makes it easy to back up and restore SAP HANA databases running on Azure virtual machines and is BackInt certified by SAP. With regard to the protection of SAP HANA, the following innovations have been introduced:

• Support for SAP HANA incremental database backups (preview).
• Azure Backup's SAP HANA backup uses a pre-registration script to create a HANA user to perform backup and restore operations, which has suffered significant updates about the permissions required by the user who is used to perform backups.

Long term protection for Azure PostgreSQL

Azure Backup provides the ability to keep Azure Database backups for PostgreSQL up to 10 years. To consult the advanced protection features of Azure PostgreSQL databases you can consult this article.

Azure Resource Manager template support for backing up Azure file shares

Azure Backup introduced the ability to configure backup protection for Azure file shares by using the Azure Resource Manager declarative template (ARM). With this new option, you can enable backup of Azure file shares through a specific JSON file that can be deployed through the Azure portal, Azure Powershell or with azure command-line interface.

Azure Site Recovery

DR for Azure VM: increased the maximum disk size

Azure Site Recovery now enables Disaster Recovery scenarios for virtual machines in Azure with managed disks up to 32 TB, replicated in a secondary region.

Migrate

Azure Migrate

PowerShell support for the Server Migrate tool

In Azure Migrate, thanks to the addition of a new PowerShell-based management interface for the Server Migrate tool, you can configure and manage server replication and migration to Azure using Azure PowerShell cmdlets. This allows you to perform migrations in a repeatable and automated way, being able to obtain greater scalability and speed in the migration processes.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

In October, Microsoft announced a considerable number of news regarding Azure management services. Our community, through these articles that are released on a monthly basis, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New version of the agent for Linux systems

This month, a new version of the Log Analytics agent was released for Linux systems, which includes several improvements and ensures greater stability. Among the main changes is support for Red Hat Enterprise Linux 8, CentOS 8, Ubuntu 20.04 and SLES 15 SP1+, as well as an extension of the features for Azure Arc VMs. Also included is support for Python 3 and a new troubleshooting tool.

Monitor Azure Arc-enabled Kubernetes environments

Azure Monitor for Containers now extends support by contemplating alerts related to metrics of azure arc-enabled kubernetes environments. These metric alerts enable an effective monitor of system resources. To see the list of alerts available for Azure Arc-enabled Kubernetes clusters, please consult this document.

Azure Monitor for containers: Network Policy Manager support (Preview)
It is now possible to monitor the networking of AKS clusters using Network Policy Manager (NPM). In this way Azure monitor for containers will collect the metrics and report any anomalies in the configuration or in the performance of the network.

Azure Monitor for containers: persistent volume monitoring support (PV)

Azure Monitor for containers is now able to monitor the capacity of the persistent volume (PV) connected to the AKS cluster, collecting capacity metrics for all PVs, except for kubesystemnamespace.

Azure Monitor Log Analytics data export (preview)

This feature allows you to continuously export data that resides in certain tables in a Log Analytics workspace to an Azure storage account (every hour) or to Azure Event Hub (almost in real time). When exporting to a storage account, each table is stored in a separate container. Similarly, when you export to event hub, each table is exported to a new event hub instance. There is currently no method for filtering data and limiting the export of only certain events. By adopting this feature you can take advantage of the following benefits:

• Low cost data retention
• Easier compliance when data retention is required for an extended period of time
• Integration with third-party solutions such as Azure Data Lake and Splunk
• Low-latency export to Event Hub, enabling near real-time monitoring and alerts

Availability in new regions (preview)

Azure Log Analytics is now available in preview in the region of “Brazil Southeast” and “Norway East”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in a new region

Azure Automation is now available in the “Switzerland North”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Added support for keys, secrets, and certificates in Azure Policy for Key Vault

Azure Policies for Key Vault allow you to control secrets, keys, and certificates stored in the key vault to ensure that set compliance requirements are met. Any secrets, keys, or certificates that do not meet the requirements will appear as non-compliant in the policy compliance dashboard. Furthermore, you can set deny policies to prevent users from creating or importing objects into the key vault that do not comply with the policies that you set. Compliance results can also be published in Azure Security Center.

Azure Cost Management

Azure Cost Management + Billing updates

During this month, news was announced regarding the following areas of Azure Cost Management and Billing:

• Azure Advisor Score
• Create subscriptions by using ARM templates
• What's new in Cost Management Labs
• Documentation updates

Azure Advisor

New recommendations

The following recommendations have been added in Azure Adivisor to improve resource performance:

• Use the Accelerated Writes feature in your HBase cluster
• Review Azure Data Explorer table cache-period (policy)
• Optimize MySQL temporary-table sizing
• Distribute data in server group to distribute workload among nodes

For further information you can consult this article.

Furthermore, to improve the operation of the Azure environment, the following recommendations have been included:

• Ensure that at least one host pool is Validation Environment enabled
• Make sure not too many host pools have Validation Environment enabled
• Use Traffic Analytics to view insights into traffic patterns across Azure resources

More details are available in this article.

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 51 which solves several issues and introduces support for the following Linux distributions: SUSE 15 SP2, RHEL 7.9 e Cent OS 7.9. The related details and the procedure to follow for installation can be found in specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Also in September, Microsoft announced news regarding Azure management services. Our community publishes this summary monthly to provide an overview of these new features. In this way you can stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New agent version for Windows Systems

A new version of the Log Analytics agent has been released this month for Windows systems, which introduces several improvements and greater stability.

New unified Agent and data collection rules (preview)

Azure Monitor is introducing a new concept for configuring data collection and a new unified agent for Azure Monitor in public preview. The new agent and data collection rules improve some key areas of data collection from virtual machines in Azure Monitor, including:

• Send data to both Log Analytics and Azure Monitor metrics.
• Data collection scoping for a subset of virtual machines for a single workspace.
• Sending data to multiple workspaces for Linux VMs (multi-homing).
• Improvements in Windows event filters.

New agent for containers

The new version of the Azure Monitor agent for containers introduces these changes:

• Allows you to monitor the status of your deployments and Horizontal Pod Autoscaler (HPA) via workbook.
• Accessing the tab Health (limited preview)
• Bug fixes such as displaying node status “not ready”.

Azure Resource Health

Azure Cloud Services support

In Azure Resource Health real-time health status and status history are now reported for Azure Cloud Services, in particular:

• Help diagnose and get support for Azure Cloud Service.
• Reports the current and past status of resources at the level of Deployment, Role & Role Instance.
• Provides detailed reasons for health status changes.
• Sets alerts when health status changes.

Govern

Azure Cost Management

Cost Management for Amazon Web Services (AWS)

Adopting a multi-cloud strategy usually results in high complexity in cost control, often given by the different management of different cost models and different billing cycles. Keeping the costs of workloads residing on different cloud providers under control can be difficult to understand as they require the use of different dashboards and views.

Azure Cost Management introduced the ability to centrally manage AWS costs in addition to Azure. This feature allows you to avoid budget surpluses, to maintain control and better manage cloud cost responsibility.

Secure

Azure Security Center

Introduction to Azure Defender

Threat protection services in the Azure Security Center have been renamed to Azure Defender. Furthermore, thanks to the new dashboards, a better experience is offered for detecting security threats and their responses.

Securing SQL databases and virtual machines at any location

With Azure Arc support, Azure Defender can now protect SQL servers located on-premises and in multicloud environments, as well as virtual machines hosted in other public clouds.

Advanced protection for containers

The growing popularity of the adoption of containers and Kubernetes has led to an evolution in Azure Defender for Kubernetes. In fact,, to ensure adequate workload protection in the Kubernetes environment, Azure Defender has included Kubernetes policy management, hardening and application of admission controls.

Furthermore, thanks to the introduction of a mechanism that allows continuous scanning of container images, the possibility of maliciously exploiting the running containers is reduced to a minimum.

IoT protection

Azure Defender for IoT, thanks to the recent acquisition of CyberX, can provide security for IoT devices in agentless mode. The solution provides continuous detection of IoT assets / OT, vulnerability management and threat monitoring for both greenfield and brownfield devices.

Protect

Azure Backup

Backup Center

The new Backup Center solution, currently available in public preview, provides a unique experience designed for centralized backup management at scale. With Backup Center, you can dynamically explore large backup inventories between vaults, subscriptions, locations and even different tenants. The Backup Center can also govern any actions related to backups.

Backup Center supports the following types of workloads:

• Azure Virtual Machines
• SQL in Azure Virtual Machines
• Azure Database for PostgreSQL servers
• Azure Files

Cross Region Restore

Recovery between different Azure regions, available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions at any time, essential in the event of the unavailability of the primary region.

Long-term protection of Azure Database for PostgreSQL

Azure Backup and Azure Database Services have merged to provide an enterprise-class backup solution for Azure Database for PostgreSQL (preview). Through managed backup policies you can enable backup retention for up to ten years.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 50 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Introduced support for Availability Zones

In the tool Azure Migrate: Server Migration the support for Availability Zones was introduced when migrating server systems to Azure. The Azure Availability Zones are a mechanism for achieving high availability, protecting applications and data from failure that might occur in Azure datacenters. With this new opportunity, you can achieve better resiliency for application workloads that migrate to your Azure environment.

Support for Windows Virtual Desktop and ASP.NET web applications included

Azure Migrate has recently expanded support to include in migration scenarios:

• Windows Virtual Desktop. This migration process helped companies provide a secure and reliable remote desktop experience, simplifying the path to the adoption of cloud solutions.
• ASP.NET Web Applications. By migrating on-premises .NET-based web applications to managed services provided by the Azure platform, such as App Service and Azure SQL, customers are able to reduce costs and simplify application management.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft constantly releases news about Azure management services. Our community publishes this monthly summary to provide an overview of the top news released in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems. In addition to solving several issues, some new features are introduced, among the main ones we find:

• Support for Red Hat Enterprise Linux 8
• Support for Azure Arc for servers
• FIPS compliance
• Limiting ingestion to prevent service degradation in the event of extremely high data volume

Azure Monitor for containers: support for viewing Kubernetes environment resources (preview)

With the Kubernetes resource monitor from the Azure portal, you can now use the kubernetes “point and click” to get real-time details of workloads hosted in the AKS environment. The public preview of this feature includes support for different resources (deployments, pods, and replica sets) and supports the following features:

• Viewing Workloads Running on the Cluster, including the ability to filter resources by namespaces
• Find the node on which an application is running and its IP address of the pod
• View pods in set replica, the status of each pod and the images associated with each pod
• Drill down for individual deployments to view their real-time status and details
• Perform on-the-fly changes on YAML to validate devtest scenarios

Audit Logs for Azure Monitor queries (preview)

The Azure Monitor team has announced in public preview one of the most requested features: the ability to check Azure Monitor query logs. When enabled, through the Azure diagnostic mechanism, you can collect telemetry data about who ran a query, when it was performed, which tool was used to run it, text and performance statistics related to the performance of the same. This telemetry, like any other Azure Diagnostic-based telemetry, can be sent to an Azure storage blob, Event Hub or Azure Monitor.

New dedicated blade for System Center

System Center now has its own dedicated blade in Log Analytics. To display the new System Center panel, you need to access the Log Analytics workspace and select “System Center” from the left navigation bar, in the group “Workspace Data Sources”. The new System Center blade lets you view and manage SCOM instances connected to your Log Analytics workspace.

New limits for data ingestion in Log Analytics

Azure Monitor is a large-scale service designed to serve thousands of customers who send high volumes of data every month at an increasing rate. As with any multi-tenancy platform, Microsoft has realized that limits must be placed to protect customers from sudden spikes in ingestion that can affect customers who share the environment and resources. Until now, there was only one import volume speed limit for Azure resource data from Diagnostic Settings. Now you've added the limit to other Log Analytics data sources, including: Diagnostic Settings, agents and data collection APIs. The limit is applied to compressed data approximated 6 GB / Min, where this limit may vary depending on the types of data and its compression ratio. This limit for import volume speed in Log Analytics can be increased by opening a support request.

Log Analytics REST APIs: released a new version

The new version (2020-08-01) of the Log Analytics REST API for the resource provider OperationalInsights was released. This version supports new features such as customer-managed keys(CMK), Bring Your Own Storage (BYOS) and consolidates the functionality of all previous versions.

Govern

Azure Policy

Azure Policy Compliance Scan Action for Workflows GitHub (preview)

In preview, the following were released Azure Policy Compliance Scan Action for Workflows GitHub. The new GitHub actions will make it easier to activate compliance analysis than the subscription-based Azure Policy, resource groups or other resources and will automate the next steps in the GitHub workflow based on resource compliance status.

Protect

Azure Backup

Selective disk backup for virtual machines in Azure (preview)

Azure Backup introduced the ability to selectively back up virtual machine disks. This feature primarily introduces the following benefits:

• Cost Optimization
• Faster backup and restore operations

Configuring Azure file shares

Azure Backup has simplified the backup configuration experience for Azure file shares, providing the ability to enable backup directly from the file share management panel.

Configuring Azure file shares backup now consists of only the following two steps:

• Creating or choosing the recovery services vault
• Create or choose the backup policy

Improvements in virtual machine protection

Azure Backup introduces the following improvements in the protection of VMs:

• Introduces the ability to restore unmanaged disks of a VM by turning them into managed disks during the restore phase.
• Supports the backup and restore of Virtual Machine Scale Sets in the orchestration mode described in this document.
• Allows disk replacement as an option for VMs that have assigned Managed Service Identities (MSI).

Encryption of backups using customer managed keys (preview)

Azure Backup introduces the possibility, when you back up Azure Virtual Machines, to encrypt data using proprietary and managed keys. Azure Backup allows you to use RSA keys stored in Azure Key Vaults to encrypt backups. The data will then be protected using a data encryption key (DEK) AES-based 256, which in turn is protected using keys stored in Key Vaults. This gives you full control over the data protection and keys that are used for encryption.

SAP HANA backup for Red Hat Enterprise Linux VM

Azure Backup has released the ability to protect SAP HANA databases on Red Hat Enterprise Linux virtual machines (RHEL). This feature allows to have in an integrated way and without having to provide a specific backup infrastructure, the protection of SAP HANA databases on RHEL, one of the most commonly used operating systems in these scenarios.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 49 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Assessment of physical servers and servers in AWS and GCP

Azure Migrate introduces support for assessment of physical servers and systems residing in Amazon Web Services (AWS), Google Cloud Platform (GCP) or at any cloud. Thanks to this evolution in the solution it is possible to evaluate any machine in the cloud or on-premises even when you can not access the hypervisor. The assessment is able to provide the following information:

• Analyze suitability in Azure environment
• Planning for migration costs
• Performance-based scaling
• Support for application dependency analysis (agent-based)

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Microsoft continuously announces news about Azure management services and as usual our community releases this monthly summary. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

Azure Monitor Logs connector

The Azure Monitor Logs connector component has been released and allows you to create automated workflows using hundreds of actions for a variety of services with Azure Logic Apps and Power Automate.

Azure Monitor for SAP Solutions (preview)

Azure Monitor for SAP is a new solution that allows you to natively monitor your SAP environment in Azure. This solution allows you to collect and consolidate telemetry from your Azure infrastructure and SAP databases. This data is used to achieve a correlation between the different components that allows for faster troubleshooting. This feature is currently present in public preview in the following regions: US East, US East 2, US West 2, West Europe.

Azure Monitor Community Repository

The Azure Monitor Community GitHub repository has been made available and provides a collaborative space for community members to share and explore Azure Monitor artifacts as queries [KQL], workbooks and alerts. This repository is public and accepts contributions from any user, for the benefit of the entire Azure Monitor community.

Azure Log Analytics saved searches are moving to Query Explorer

Azure Log Analytics Saved Searches are now available in Query Explorer, which allows you to use and manage different queries. To manage them, access to the section Logs in the Azure Monitor Log Analytics workspace or from Application Insights and select Query explorer from the main menu.

Configure

Azure Automation

Introduced support for Azure Private Link (preview)

Microsoft has introduced support for Azure Private Link, necessary to securely connect virtual networks to Azure Automation through the use of private endpoints. This feature is useful for:

• Establish a private connection with Azure Automation, without opening access to the public network.
• Ensure that Azure Automation data is accessible only through authorized private networks.
• Protect yourself from data extraction by allowing granular access to specific resources.
• Protect resources from access from the public network.

Govern

Azure Policy

Azure Policy for Azure Kubernetes Service (AKS) pods (preview)

To improve the security of Azure Kubernetes Service clusters (AKS) you can now protect pods by using Azure Policies. This integration allows you to control pod requests and detect requests that violate policies set. At the moment, you can choose from a list of 16 integrated policies and two initiatives (that match the standards set in the Kubernetes pod security policy) .

Azure Cost Management

Azure Cost Management + Billing updates

During the month of July, news was announced regarding the following areas of Azure Cost Management and Billing:

• Drill into empty fields and untagged resources in cost analysis
• What's New in Cost Management Labs
• New ways to save money with Azure
• Documentation update

Secure

Azure Security Center

Advanced threat protection for Azure Storage

Advanced threat protection preview for Azure Storage supports Azure Files and Azure Data Lake Storage Gen2 API, helping customers protect data stored in file shares and data stores designed for corporate big data analytics. This protection provides an additional layer of security information by providing alerts when unusual and potentially malicious attempts to access or exploit storage accounts are detected. These security alerts are integrated with the Security Center and are also emailed to subscription administrators, with details about suspicious activity and advice on how to investigate and resolve threats.

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 48 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Support for replication via Private Link

Azure Site Recovery introduced support for private links, These can be used to replicate Azure virtual machines, VMware and Hyper-V systems and physical machines. Using Private Links provides secure connectivity to Azure Site Recovery service URLs. A private endpoint on the network will be required for access to the recovery services vault and a second endpoint for data replication to the cache storage account. This feature will be available in almost all public regions by August 2020.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

To stay constantly updated on news regarding Azure management services, our community releases this monthly summary, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Monitor

Azure Monitor

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems. The main innovations introduced are:

• Stability and reliability improvements.
• Improved support for Azure Arc for Server.
• FIPS Compliance.
• RHEL support 8.

SHA-2 signing for the Log Analytics agent

The Log Analytics agent for Windows will start enforcing SHA-2 signings from 17 August 2020, postponing the date previously set to 18 may 2020. This change requires action if you are running the agent on a legacy version of the operating system (Windows 7, Windows Server 2008 R2, or Windows Server 2008) . Customers who are in this condition should apply the latest updates and patches on these operating systems before 17 August 2020, otherwise their agents will stop sending data to Log Analytics workspaces. The following Azure services will be affected by this change: Azure Monitor, Azure Automation, Azure Update Management, Azure Change Tracking, Azure Security Center, Azure Sentinel, Windows Defender ATP.

Feature extensions of Azure Monitor

The following enhancements have been made in Azure Monitor that expand its functionality and make it an increasingly complete solution:

• Azure Monitor availability for Azure Storage and Azure Monitor for Azure Cosmos DB.
• Azure Monitor preview for Azure Key Vault and Azure Monitor for Redis Cache.
• Preview of Azure Monitor Application Insights in Azure Monitor Logs workspaces.
• Capacity reservation and CMK encryption with Azure Monitor Logs clusters dedicated to large-scale deployments.

Azure Private Link Availability for Azure Monitor
The Azure Private Link feature is now also available for Azure Monitor and allows you to have the following features:

• Private connectivity to Azure Monitor Logs workspaces and to Azure Application Insights.
• Exfiltration data protection with granular access to specific resources.
• Protecting resources from access from the public network.

At the moment you need to make a request explicitly to access these features.

Improve the experience when deleting and restoring Azure Monitor Logs workspaces

Microsoft has added soft-delete workspace functionality to make it easier to recover if necessary. In fact, in the event of a cancellation, the workspace will go into a soft-delete state to allow it to be restored if necessary, including data and connected agents, within 14 days. This behavior can be circumvented and permanently deleted the workspace. To avoid the incorrect elimination of the workspaces from the Azure portal, a specific section has been added where you can consult how many solutions are installed and the relative daily data volume received in the last 7 days by data type.
Restoring the workspace, can now take place directly from the Azure portal.

Azure Advisor recommendation digests

Azure Advisor introduces the ability to receive a periodic summary of the available best practice recommendations developed by the solution. Advisor Digest Recommendations keep you up-to-date on Azure optimization opportunities outside the Azure portal. Notifications are customizable and handled through Azure Monitor Action Group.

Azure Service Health also includes emerging issues

Azure Service Health now also reports emerging issues in the Azure portal. An emerging problem is a situation in which Azure is aware of a widespread outage but may not yet be fully aware of the extent and amplitude. Previously, emerging problems were only available in the Azure Status page.

Configure

Azure Automation

TLS 1.2 Enforcement

Starting from September 1st 2020, Azure Automation will impose the presence of Transport Layer Security (TLS) version 1.2 or later, for all external HTTPS endpoints.

Secure

Azure Security Center

Changes to the just-in-time service (JIT) virtual machine (VM) Access

In the just-in-time service (JIT) virtual machine (VM) access have been made the following changes:

• The recommendation advising to enable JIT on a VM has been renamed by “Just-in-time network access control should be applied on virtual machines” in “Management ports of virtual machines should be protected with just-in-time network access control”.
• The recommendation is now activated only if open management ports are detected.

Custom recommendations placed in a separate panel

All the custom recommendations created for your subscriptions are now positioned in the dedicated section “Custom recommendations”.

Account security recommendations moved to the section “Security best practices”

The following recommendations have been included in the section “Security best practices” and therefore do not impact on the secure score:

• MFA should be enabled on accounts with read permissions on your subscription (originally in the “Enable MFA” control)
• External accounts with read permissions should be removed from your subscription (originally in the “Manage access and permissions” control)
• A maximum of 3 owners should be designated for your subscription (originally in the “Manage access and permissions” control)

Microsoft has decided to apply this change as it has determined that the risk of these three recommendations is lower than initially thought.

Protect

Azure Backup

SAP HANA backup for Red Hat Enterprise Linux VM

Azure Backup includes protecting SAP HANA databases on Red Hat Enterprise Linux virtual machines (RHEL). This feature allows to have in an integrated way and without having to provide a specific backup infrastructure, the protection of SAP HANA databases on RHEL, one of the most commonly used operating systems in these scenarios.

Protect against accidental deletion of Azure file shares

To provide greater protection against cyberattacks and accidental deletion, Azure Backup has added an extra layer of security to the Azure file shares snapshot management solution. If you delete File Shares, content and its recovery points (Snapshots) are retained for a configurable period of time, enabling full recovery without data loss. When you configure protection for a file share, Azure Backup enables soft-delete functionality at the account storage level with a retention period of 14 days, which is configurable according to your needs. This setting determines the time window in which you can restore the contents and snapshots of your file shares after any accidental deletion operations. Once the share file is restored, backups resume working without the need for additional configurations.

Azure Site Recovery

Zone-to-zone disaster recovery available in new regions

Zone-to-Zone DR is now also available in the Southeast Asia and UK South regions. With this Azure Site Recovery feature, called zone-to-zone DR, there's an opportunity to create disaster recovery plans (DR) for virtual machines (VM), replicating them between different Azure Availability Zones. If a single Azure Availability Zone is compromised, you will be able to fail over virtual machines to a different zone within the same region and access them from the Secondary Availability Zone.

Introduced support for proximity groups

Azure Site Recovery has introduced support for proximity placement groups (PPGs). Thanks to this feature, any virtual machine (VM) hosted within a PPG can be secured using Azure Site Recovery. By enabling replication of that VM, you can provide a PPG in the secondary region as an additional parameter. When a failover process is activated, Site Recovery will place the VM in the user-supplied target PPG.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.