Microsoft Azure, being a constantly evolving, updating and changing environment, makes it difficult to sometimes follow all that happens around it. I will try to condense some of the Azure Announcements based on status – generally available, preview or update features.
Be aware that generally available features/updates might incur costs. Anything that is part of a public preview, does not incur any costs, but also does not have Service-Level Agreement (SLA) attached to it.
General Availability Announcements
Reservation administrator and reader roles in the Azure Portal
Read and manage all reservations using the reservation administrator and reader roles in your Azure Active Directory (Azure AD) tenant (directory) without having to explicitly be assigned to individual reservations. You can now assign these roles in the Azure Portal.
Additional information:General availability: Reservation administrator and reader roles in the Azure Portal
Permissions to view and manage Azure reservations
Azure Firewall Premium is now ICSA labs certified
The new Intrusion Prevention System (IPS) certification from ICSA Labs is an important IPS certification, is an addition to our existing Firewall certification, from ICSA Labs. ICSA Labs provides credible third-party testing and certification of security and health IT products, as well as network-connected devices. This includes certification of network intrusion prevention systems.
Additional information:Generally available: Azure Firewall Premium is now ICSA labs certified
Azure Firewall Premium IPS certification report
Enforcement mode of machine configuration (previously guest configuration)
The enforcement mode of machine configuration (previously guest configuration) is now generally available. This represents the ApplyAndMonitor and ApplyAndAutocorrect auditing modes. The customer experience within Azure has not changed as a result of the renaming. Machine configuration continues to provide a native capability to audit or configure operating system settings as code, both for machines running in Azure and hybrid Azure Arc-enabled servers, directly per-machine or at-scale orchestrated through Azure Automanage, Microsoft Defender for Cloud, or Azure Policy.
You will now be able to:
- Apply and monitor configurations: Set the required configuration on your machines and remediate on demand.
- Apply and autocorrect configurations: Set the required configuration at scale and autoremediate in the event of a configuration drift.
- Apply configurations to machines at management group level.
- Set TLS 1.2 to machines through our newly released built-in policy.
- Create, delete, and monitor the compliance of your configurations through the Azure portal.
Additional information:Generally available: Enforcement mode of machine configuration (previously guest configuration)
Remediation options for machine configuration | Microsoft Docs
Named Replicas FAQs: Understand the machine configuration feature of Azure Policy | Microsoft Docs
Preview Features Announcements
Container insights portal integration with basic logs
Basic logs offer a low-cost alternative to the standard analytics logs. Azure Monitor container insights offers support for basic logging through the ContainerLogV2 schema (preview). With the container insights integration, you can now receive the full portal feature parity with drill-in functionality through the container insights portal experience.
Additional information:Public preview: Multiple backups per day for Azure Virtual Machines
Back up an Azure VM using Enhanced policy | Microsoft Docs
Microsoft Azure Load Testing supports private endpoints testing
Azure Load Testing now supports load testing for private endpoints. You can create an Azure Load Testing resource and enable it to generate load from within your virtual network (VNET injection).
his functionality enables the following usage scenarios:
- Generate load to an endpoint hosted in an Azure virtual network.
- Generate load to a public endpoint with access restrictions, such as restricting client IP addresses.
- Generate load to an on-premises service, not publicly accessible, that is connected to Azure via ExpressRoute (hybrid application deployment).
Additional Information:Public preview: Microsoft Azure Load Testing supports private endpoints testing
Scenarios for deploying Azure Load Testing in a virtual network | Microsoft Docs
Azure Load Testing service | ITuziast article
Ephemeral OS disks supports host-based encryption using customer managed key
Ephemeral OS disk customers can choose encryption type between platform managed keys or customer managed keys for host-based encryption. The default is platform managed keys. This feature would enable our customers to meet your organization’s compliance needs.
Refer to the documentation for more details on encryption at host.
Additional information:Public preview: Ephemeral OS disks supports host-based encryption using customer managed key