Azure Announcements (September 2022)

A man holding a megaphone - Important announcement

Microsoft Azure, being an constantly evolving, updating and changing environment, makes it difficult to sometimes follow all that happens around it. I will try to condense some of the Azure Announcements based on status – generally available, preview or update features.

Be aware that generally available features/updates might incur costs. Anything that is part of a public preview, does not incur any costs, but also does not have Service-Level Agreement (SLA) attached to it.

Past articles:
Azure announcements (August 2022)
Azure Announcements (July 2022)
Azure Announcements (June 2022)

General Availability Announcements

Ensure zone resilient outbound connectivity with NAT gateway

When customers need to connect outbound to the internet from their Azure infrastructures, Network Address Translation (NAT) gateway is the best way. NAT gateway is a zonal resource that is configured to subnets from the same virtual network, which means that it can be deployed to individual zones to allow outbound connectivity.

Subnets and virtual networks, on the other hand, are regional constructs that are not restricted to individual zones. Subnets can contain virtual machine instances or scale sets spanning across multiple availability zones.

Additional information:
Ensure zone resilient outbound connectivity with NAT gateway
NAT gateway and availability zones
Design virtual networks with NAT gateway
Create a NAT gateway with the portal

Cost Management updates — September 2022

Here are a few of the latest improvements and updates based on your feedback:

Documentation updates.

Additional information:
Cost Management updates—September 2022

Backup and restore updates for App Service

In Azure App Service, you can easily restore app backups, utilize automatic backups, or make on-demand custom backups. You can restore a backup by overwriting an existing app by restoring it to a new app or slot.

Automatic backup and restore is generally available for basic, standard, and premium App Service plan pricing tiers. Custom backup and restore is now generally available for basic, standard, premium, and isolated app service plan pricing tiers.

Additional information:
Generally available: Backup and restore updates for App Service
Back up and restore your app in Azure App Service | Microsoft Learn

Azure Data Explorer Kusto Emulator

The Kusto Emulator is a Docker Container encapsulating the Kusto Query Engine available locally in a Docker Container. The Kusto Emulator was designed to enable local development and automated testing and is a free offering under the following license terms.

Automated testing can be done using the Kusto Emulator without provisioning an Azure Service and without connection to the internet. It can be an efficient way to use Kusto Query Engine for automated tests. Local development can be done without relying on an internet connection or a provisioned service.

Additional information:
Generally available: Azure Data Explorer Kusto Emulator
Azure Data Explorer Kusto emulator | Microsoft Learn
What is Azure Data Explorer? | Microsoft Learn

Authenticate to Service Bus using managed identity

Stream Analytics allows you to use managed identities as an authentication mode when connecting to Azure Service Bus queues and topics. This solves a common challenge when building cloud applications related to credential management. Keeping the credentials secure is important and shouldn’t be stored in developer workstations or checked into source control.

Additional information:
General availability: Authenticate to Service Bus using managed identity
Use managed identities to access Service Bus from an Azure Stream Analytics job

Resizing of peered virtual networks

Updating the address space for peered virtual networks now is now generally available. This feature allows you to update the address space or resize for a peered virtual network without removing the peering.

Users often want to resize or update the IP address of their virtual networks as they grow their footprint in Azure. Users can now resize their virtual networks to meet their needs without downtime. This feature allows you to easily resize your virtual networks without the need to remove the peering in advance.

Additional information:
Generally available: Resizing of peered virtual networks
Resize the address space of Azure virtual networks that are peered | Microsoft Learn
Updating the address space for a peered virtual network – Portal | Microsoft Learn

Improvements to Azure Web Application Firewall (WAF) custom

Azure regional Web Application Firewall (WAF) with Application Gateway now supports creating custom rules using the operators “Any” and “GreaterThanOrEqual”. Custom rules allow you to create your own rules to customize how each request is evaluated as it passes through the WAF engine.

Azure global Web Application Firewall (WAF) with Azure Front Door now supports custom geo-match filtering rules using socket addresses. Filtering by socket address allows you to restrict access to your web application by country/region using the source IP that the WAF sees. If your user is behind a proxy, socket address is often the proxy server address.

Additional information:
Generally available: Resizing of peered virtual General availability: Improvements to Azure Web Application Firewall (WAF) custom rules
Custom rules for Web Application Firewall v2 on Azure Application Gateway | Microsoft Learn
What is geo-filtering on a domain for Azure Front Door Service? | Microsoft Learn

Azure NetApp Files new regions and cross-region replication

Azure NetApp Files cross-region replication has been enabled between following regions:

Korea Central and Korea South,
North Central US and East US 2,

France Central and West Europe.

For the most current regional availability updates, please see the Azure product regional availability page.

For the most current list of cross-region replication pairs, please see the Cross-region replication of Azure NetApp Files volumes | Supported cross-region replication pairs section.

Additional information:
General availability: Azure NetApp Files new regions and cross-region replication

Azure SQL—General availability updates for late September 2022

In late September 2022, the following updates and enhancements were made to Azure SQL:

Increase resiliency of your Azure SQL Database Hyperscale backups with the new geo-zone redundant storage option.

Additional information:
Azure SQL—General availability updates for late September 2022

Preview Features Announcements

FSLogix 2210 (2.9.8308.44092) – Public Preview

FSLogix enhances and enables user profiles in Windows remote computing environments. FSLogix may also be used to create more portable computing sessions when using physical devices.

FSLogix includes:

Profile Container
Office Container
Application Masking

Java Version Control

FSLogix allows you to:

Roam user data between remote computing session hosts

Minimize sign in times for virtual desktop environments
Optimize file IO between host/client and remote profile store
Provide a local profile experience, eliminating the need for roaming profiles.

Simplify the management of applications and ‘Gold Images’
Specify the version of Java to be utilized by specific URL and applications

Additional information:
FXLogix Public Preview – What’s new? | Microsoft Learn

Policy analytics for Azure Firewall

Policy analytics for Azure Firewall, now in public preview, provides enhanced visibility into traffic flowing through Azure Firewall, enabling the optimization of your firewall configuration without impacting your application performance.

As application migration to the cloud accelerates, it’s common to update Azure Firewall configuration daily (sometimes hourly) to meet the growing application needs and respond to a changing threat landscape. Frequently, changes are managed by multiple administrators spread across geographies.

Over time, the firewall configuration can grow sub optimally impacting firewall performance and security. It’s a challenging task for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule to flow match, rule hit rate, and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.

Additional Information:
Public preview: Policy analytics for Azure Firewall
Strengthen your security with Policy Analytics for Azure Firewall | Azure Blog and Updates | Microsoft Azure
Azure Firewall – Policy Analytics (Preview) | Microsoft Learn
Azure Firewall – Policy Analytics (Preview) Prerequisites | Microsoft Learn

Azure AD authentication with Azure Database for MySQL – Flexible Server

The Microsoft Azure Active Directory (Azure AD) authentication feature allows you to connect to your instances of Azure Database for MySQL – Flexible Server using identities that are defined in Azure AD. With Azure AD authentication, you can manage your database user identities and other Microsoft services in a central location, which simplifies the overall management of permissions.

Additional Information:
Public preview: Azure AD authentication with Azure Database for MySQL – Flexible Server
Use Azure Active Directory for authenticating with MySQL | Microsoft Learn

Automatic backup for App Service Environment V2 and V3

In Azure App Service, you can easily create on-demand custom backups and automatic backups. You can easily restore these backups by overwriting an existing app or by restoring it to a new app or slot.

Automatic backup and restore is now in preview for isolated pricing tier for App Service Environment V2 and V3.

For more information about Azure App Services backups and restore, visit: Back up an app – Azure App Service | Microsoft Docs

Additional Information:
Public preview: Automatic backup for App Service Environment V2 and V3

Billing has started for Azure Monitor Logs data archive

Data archive is the new cost-effective way to save your log data for extended periods up to seven years. While this feature remains in preview, billing started on September 1, 2022. Pricing is available on the Azure Monitor pricing page.

Additional Information:
Public preview: Billing has started for Azure Monitor Logs data archive
Configure data retention and archive policies in Azure Monitor Logs (Preview) | Microsoft Learn

Azure Network Policy Manager for Windows server 2022 in Azure Kubernetes Service (AKS)

We are extending Azure Network Policy Manager (NPM) to Windows server 2022 for AKS.

Security rules from Kubernetes Network Policy resources can now be enforced on all pod traffic across Linux and Windows Server 2022 nodes, for a cluster created with –network-policy=azure.

Network Policy Manager continues to be a managed solution, configurable at cluster creation.

Additional Information:
Public preview: Azure Network Policy Manager for Windows server 2022 in AKS

Encrypt managed disks with cross-tenant customer-managed keys

Encrypting managed disks with cross-tenant customer-managed keys (CMK) enables you to encrypt managed disks with cross-tenant customer-managed keys using Azure Key Vault hosted in a different Azure Active Directory (AD) tenant.

Many service providers building Software as a Service (SaaS) offerings on Azure want to give their customers the option of managing their own encryption keys. Customers of service providers can now use cross-tenant customer-managed keys to manage encryption keys in their own Azure AD tenant and subscription using Azure Key Vault. As a result, they will have complete control of their customer-managed keys and their data.

Additional Information:
Public preview: Encrypt managed disks with cross-tenant customer-managed keys
Encrypt managed disks with cross-tenant customer-managed keys (Preview) | Microsoft Learn

ITuziast

Bits and Bytes of Technology

Azure Announcements (September 2022)

General Availability Announcements