Azure Announcements (March 2023)

DALL·E 2022-12-14 19.27.15 - Digital art female robot sitting behind a desk with tablet in her hands. The background is crimson and blue.

Microsoft Azure, being a constantly evolving, updating and changing environment. Sometimes this makes it difficult to follow all that happens around it. I will try to condense some of the announcements based on status – generally available, preview or update features.

Be aware that generally available features/updates might incur costs. Services part of a public preview, don’t incur any costs, but also does not have Service-Level Agreement (SLA).

Previous articles:
Cloud Section (Ituziast)

Blogs

Monitor Azure Virtual Network Manager changes with event logging

As the number of network resources increases, the need to maintain connectivity and security also grows. To address this challenge, Azure Virtual Network Manager (AVNM) provides a comprehensive solution for managing network resources at scale, currently available in preview. Additionally, customers using AVNM require visibility into the changes made to their network to audit events, analyze changes over time, and troubleshoot any issues. This capability is now a reality – Azure Virtual Network Manager event logging is now in preview.

Azure Virtual Network Manager (AVNM) uses Azure Monitor for telemetry collection and analysis like many other Azure services. AVNM now provides event logs that you can interact with through Azure Monitor’s Log Analytics tool in the Azure Portal, as well as through a storage account. You can also send these logs to an event hub or partner solution.

With this preview announcement, Azure Virtual Network Manager will provide a log category for network group membership change. In the context of AVNM, network groups are defined by the user to contain virtual networks. The network group membership change log category tracks when a particular virtual network is added to or removed from a network group. This can be used to track network group membership changes over time, to capture a snapshot of a particular virtual network’s network group membership, and more.

Additional information:
Monitor Azure Virtual Network Manager changes with event logging | Azure Blog and Updates | Microsoft Azure
Azure Virtual Network Manager documentation | Microsoft Learn

Protect against cyberattacks with the new Azure Firewall Basic

Cyberattacks continue to rise across businesses of all sizes as attackers are adapting their techniques and increasing the complexity of their operations. The risk of these attacks is significant for small and medium businesses (SMBs) as they usually don’t have the specialized knowledge or resources to protect against emerging threats and face more challenges when recovering from an attack. In a recent Microsoft survey, 70 percent of SMBs think cyber-threats are becoming more of a business risk and nearly one in four SMBs stated that they had a security breach in the last year.

Diagram - high-level overview of Azure Firewall Basic capabilities — High-level overview of Azure Firewall Basic capabilities

It offers Layer 3–Layer 7 filtering and alerts on malicious traffic with built-in threat intelligence from Microsoft threat intelligence. As a cloud-native service, Azure Firewall Basic is simple to deploy with a few clicks and seamlessly integrates with other Azure services, including Microsoft Azure Firewall Manager, Azure Monitor, Azure Events Hub, Microsoft Sentinel, and Microsoft Defender for Cloud.

Since public preview, we have seen a wide adoption of the Azure Firewall Basic. Customers stated the simplicity and ease of use of the Azure Firewall as one of the key benefits for choosing Azure Firewall Basic. Azure Firewall is offered in three SKUs to meet a wide range of use cases and needs

Table, providing closer look at the features across the three Azure Firewall SKUs — Closer look at the features across the three Azure Firewall SKUs

Azure Firewall Basic pricing includes both deployment and data processing charges for both virtual network and virtual hub scenarios. Pricing and billing for Azure Firewall Basic with virtual hub will be effective starting May 1, 2023.

Additional information:
Protect against cyberattacks with the new Azure Firewall Basic | Azure Blog and Updates | Microsoft Azure
Azure Firewall – Cloud Network Security Solutions | Microsoft Azure
Azure Firewall documentation | Microsoft Learn
Azure Firewall Manager | Microsoft Azure
Azure Firewall Manager documentation | Microsoft Learn
Quickstart: Create an Azure Firewall and IP Groups – Resource Manager template | Microsoft Learn
Deploy & configure Azure Firewall Basic and policy using the Azure portal | Microsoft Learn

Automate your attack response with Azure DDoS Protection solution for Microsoft Sentinel

Azure delivers numerous network security products that aid organizations in safeguarding their applications: Azure DDoS Protection, Azure Firewall, and Azure Web Application Firewall (WAF). Customers can deploy and configure each of these services individually to heighten the security stance of their safeguarded environment and application in Azure. While each product offers distinct capabilities to tackle specific attack vectors, the most significant advantage lies in their combined power. These three products provide more extensive protection when used in conjunction. In fact, to combat contemporary attack campaigns, a product suite should be employed, and security signals from one service should be correlated with another to detect and prevent multi-vector attacks.

The latest addition to this portfolio is Azure DDoS Protection Solution for Microsoft Sentinel. It allows customers to identify bad actors from Azure’s DDoS security signals and block possible new attack vectors in other security products, such as Azure Firewall.

Additional information:
Automate your attack response with Azure DDoS Protection solution for Microsoft Sentinel | Azure Blog and Updates | Microsoft Azure
Azure DDoS Protection Overview | Microsoft Learn
What is Azure Web Application Firewall on Azure Application Gateway? – Azure Web Application Firewall | Microsoft Learn
What is Microsoft Sentinel ? | Microsoft Learn
New Azure DDoS Solution for Microsoft Sentinel – Microsoft Community Hub

Connect, secure, and simplify your network resources with Azure Virtual Network Manager

Enterprise-scale management and configuration of your network resources in Azure are key to keeping costs down, reducing operational overhead, and properly connecting and securing your network presence in the cloud. We are happy to announce Azure Virtual Network Manager (AVNM), your one-stop shop for managing the connectivity and security of your network resources at scale, is generally available.

High level diagram of the process to enforce security rules throughout an organization

Common use cases for AVNM include the following and can be addressed by deploying AVNM’s connectivity and security admin configurations onto your defined network groups:

Interconnected virtual networks (VNets) that communicate directly with each other.
Central infrastructure services in a hub VNet that are shared by other VNets.
- Establishing direct connectivity between spoke VNets to reduce latency.
Automatic maintenance of connectivity at scale, even with the addition of new network resources.
Enforced standard security rules on all existing and new VNets without risk of change.
- Keeping flexibility for VNet owners to configure network security groups (NSGs) as needed for more specific traffic dictation.
Application of default security rules across an entire organization to mitigate the risk of misconfiguration and security holes.
Force-allowance of services’ traffic, such as monitoring services and program updates, to prevent accidental blocking through security rules.

Additional information:
Connect, secure, and simplify your network resources with Azure Virtual Network Manager | Azure Blog and Updates | Microsoft Azure
What is Azure Virtual Network Manager?

General Availability Announcements

New enhanced connection troubleshoot

With a one-stop solution to all disjointed operations and actionable insights at the fingertips, the new comprehensive and improved Network Watcher connection troubleshoot aims to reduce mean time to resolution and improve your experience.

New features:

Unified solution for troubleshooting all NSG, user defined routes, and blocked ports

Actionable insights with step-by-step guide to resolve issues
Identifying configuration issues impacting connectivity
NSG rules that are blocking traffic

Inability to open a socket at the specified source port
No servers listening on designated destination ports
Misconfiguration or missing routes

Additional information:
General availability: New enhanced connection troubleshoot | Azure updates | Microsoft Azure
Connection troubleshoot overview – Azure Network Watcher | Microsoft Learn

App Insights Extension for Azure Virtual Machines and VM Scale Sets

The Azure Monitor team is happy to share that the application insights extension for virtual machines and virtual machine scale sets is now generally available. You can now easily monitor your IIS-hosted .NET Framework and .NET Core applications running on Azure VMs and VM scale sets. Customers can enable this feature either through the portal or via PowerShell scripts.

When enabled, the extension will configure and attach a .NET Application Insights agent to your application runtime so that application-level logs, metrics, and traces flow into your Application Insights resource. Armed with application-level signals, you will be able to understand how your .NET application is performing and more easily determine the cause of any incidents.

Additional information:
Generally available: App Insights Extension for Azure Virtual Machines and VM Scale Sets | Azure updates | Microsoft Azure
Monitor performance on Azure VMs – Azure Application Insights – Azure Monitor | Microsoft Learn

Azure Red Hat OpenShift March Updates

Azure Red Hat OpenShift is now available in two additional regions, bringing the total available regions to 34. There are also releasing several features to support workload optimization, enhanced security, and performance.

Additional information:
Azure Red Hat OpenShift March Updates | Azure updates | Microsoft Azure
Azure Red Hat OpenShift documentation – Azure Red Hat OpenShift | Microsoft Learn

Durable Functions support of managed identity for Azure Storage

Azure Durable Functions support of managed identity for Azure Storage is now generally available! Instead of embedding secrets in connection strings, you can use an identity-based connection to access Azure Storage.

The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.

Additional resources:
Generally Available: Durable Functions support of managed identity for Azure Storage | Azure updates | Microsoft Azure
Durable Functions Overview – Azure | Microsoft Learn
Configure Durable Functions with Azure Active Directory | Microsoft Learn

Azure SQL Database offline migrations in Azure SQL Migration extension

The new migration capability in the Azure SQL Migration extension for Azure Data Studio provides an end-to-end experience to modernize SQL Server to Azure SQL Database. The extension allows you to perform a migration readiness check with actions to remediate possible migration blockers and get right-sized Azure recommendations for your Azure SQL Database targets, including hardware configuration within the Hyperscale service tier.

Perform offline migrations of your SQL Server databases running on-premises, SQL Server on Azure Virtual Machines, or any virtual machine running in the cloud (private, public) to Azure SQL Database using the Azure SQL Migration extension.

Additional information:
Generally available: Azure SQL Database offline migrations in Azure SQL Migration extension | Azure updates | Microsoft Azure
Tutorial: Migrate SQL Server to Azure SQL Database offline in Azure Data Studio – Azure Database Migration Service | Microsoft Learn

Azure Machine Learning – Generally availability updates for March 2023

New features now available in GA include the ability to visualize time-series models accurately over time, and deploy a compute cluster or compute instance without any public IP addresses. Additionally, you can now deploy your models to batch endpoints and run them on top of your Kubernetes clusters, and control and restrict data access so that sensitive data can only be accessed when working on compute instance.

These features are:

Visualize forecasting horizon metrics for AutoML.
Secure your compute cluster and Compute Instance with No Public IP.

Kubernetes support for Batch Endpoints.
Create compute instance with Managed Identity.

Additional information:
Azure Machine Learning – Generally availability updates for March 2023 | Azure updates | Microsoft Azure
Evaluate automated machine learning experiment results
Secure an Azure Machine Learning training environment with virtual networks
Use batch endpoints for batch scoring
Create and manage an Azure Machine Learning compute instance

Azure Site Recovery – Migrate Azure Automation account’s authentication from Run As accounts to Managed Identity

You can now migrate the authentication type of the Automation accounts to Managed Identities using Azure Site Recovery on the Azure portal.

Authentication of runbooks via Run As Account will retire on September 30, 2023. Prior to this, you must migrate your runbooks to use managed identities.

Additional information:
Generally available: Azure Site Recovery – Migrate Azure Automation account’s authentication from Run As accounts to Managed Identity | Azure updates | Microsoft Azure
Migrate from a Run As account to a managed identity – Azure Site Recovery | Microsoft Learn

Azure Image Builder Portal Functionality now available

Azure Image Builder service offers unification and simplification for your image building process across Azure and Azure Stack with an automated image building pipeline. Use Azure Image Builder to help ensure the security—including patching and updating—and full control of your custom images.

Additional information:
Azure Image Builder Portal Functionality now available | Azure updates | Microsoft Azure
Azure VM Image Builder overview – Azure Virtual Machines | Microsoft Learn

Public Preview

Azure HDInsight for Apache Kafka 3.2.0 is now available for public preview

After notable improvements in performance and stability, Azure HDInsight for Apache Kafka 3.2.0 now available for public preview and ready for production workloads. The essential changes include features and improvements. Review the official release notes and migration guidelines to assess potential changes to your applications

Additional information:
Azure HDInsight for Apache Kafka 3.2.0 is now available for public preview. | Azure updates | Microsoft Azure
Release notes for Azure HDInsight | Microsoft Learn
Apache Kafka

AKS support for Kubernetes 1.26 release

AKS support for Kubernetes release 1.26 is now in public preview. Kubernetes 1.26 delivers 37 enhancements. This release includes new improvements in general Kubernetes metrics as well as in pod scheduling.

Additional information:
Public preview: AKS support for Kubernetes 1.26 release | Azure updates | Microsoft Azure
Kubernetes v1.26: Electrifying | Kubernetes

Azure Migrate – Discover ASP.NET & Java web apps and assess ASP.NET in all environments

Azure Migrate can now discover Java & ASP.NET web apps running on Tomcat & IIS web servers respectively across all stacks (VMware, Hyper-V and Physical) and assess ASP.NET web apps for Azure App Service code (native) at-scale. This feature fills the gaps for customers who have app workloads running on stacks beyond VMware.

Key capabilities include:

Azure App Service readiness with ability to specify target location, Isolation requirement, reserved instance etc.

Automatic App Service Plan recommendation.
Recommended App Service SKU.
Highlighting migration blockers and providing mitigation information.

Cost of hosting web apps in App Service.

Additional information:
Public Preview: Azure Migrate – Discover ASP.NET & Java web apps and assess ASP.NET in all environments | Azure updates | Microsoft Azure
Create an Azure App Service assessment – Azure Migrate | Microsoft Learn
About Azure Migrate – Azure Migrate | Microsoft Learn

Workspaces in Azure API Management

Workspaces for Azure API Management is now in public preview. This new capability enables granular access control in multi-team Azure API Management deployments. API Management platform owners can separate team permissions for managing APIs by scoping them to a workspace.

Additional information:
Public Preview: Workspaces in Azure API Management | Azure updates | Microsoft Azure
Workspaces in Azure API Management | Microsoft Learn
Azure API Management – Overview and key concepts | Microsoft Learn

Azure Database for MySQL connector for Power Apps, Logic Apps

You can now use the Azure Database for MySQL – Flexible Server connector when building applications using Power Apps and workflows using Azure Logic apps. Microsoft Power Apps is a no-code developer platform for generating mobile and tablet apps that can be connected to MySQL data. The connector allows you to perform data operations like list rows, update, add new row or delete a row.

Additional information:
Public preview: Azure Database for MySQL connector for Power Apps, Logic Apps | Azure updates | Microsoft Azure
MySQL – Connectors | Microsoft Learn
Power Platform and Azure Logic Apps connectors documentation – Connectors | Microsoft Learn
Microsoft Power Platform documentation – Power Platform | Microsoft Learn