Azure Announcements (Spring 2024)

A man holding a megaphone - Important announcement

Microsoft Azure is constantly evolving, updating and changing environment. Sometimes this makes it difficult to follow all that happens around it. I will try to condense some of the announcements based on status – generally available, preview or update features.

Be aware that generally available features/updates might incur costs. Services part of a public preview, don’t incur any costs, but also does not have Service-Level Agreement (SLA).

Previous articles:

Cloud Section (Ituziast)

General Availability Announcements

Announcing the General Availability of GPT-4 Turbo with Vision on Azure OpenAI Service

The general availability of GPT-4 Turbo with Vision on the Azure OpenAI Service, which processes both text and image inputs and replaces several preview models. This multimodal model has already been used by customers in various industries to enhance efficiencies and innovate, with case studies to be featured at the upcoming Build conference. For deployment details and future enhancements, including JSON mode and function calling for image inputs, please refer to our Azure OpenAI Service resources and updates.

Additional information:

Learn more about GPT-4 Turbo with Vision on Azure OpenAI Service
Azure OpenAI Quickstart for GPT-4 Turbo with Vision
Azure OpenAI How-To Guide
Responsible AI

Support for disabling Windows outboundNAT in AKS

Windows OutboundNAT can cause certain connection and communication issues with your AKS pods. An example issue is node port reuse. In this example, Windows OutboundNAT uses ports to translate your pod IP to your Windows node host IP, which can cause an unstable connection to the external service due to a port exhaustion issue.

Windows enables OutboundNAT by default. You can now manually disable OutboundNAT when creating new Windows agent pools.

Additional information:

Create a managed or user-assigned NAT gateway for your Azure Kubernetes Service (AKS) cluster

New version of AKS extension in Visual Studio Code now available

he AKS extension in Visual Studio Code has been updated to version 1.4.3. This new release includes general enhancements as well as a new command “Retina capture”. Retina capture uses Retina, a cloud-agnostic, open-source eBPF network observability tool to help capture logs such as iptables-rules.

Additional information:

Visual Studio Code, please visit the GitHub repository

Customer-managed keys on existing accounts in Azure Cosmos DB

You can now enable Customer Managed Keys (CMK) on existing Azure Cosmos DB accounts. This eliminates the need to migrate data to a new account to enable CMK.   

This release follows the existing ability to enable a second layer of encryption for data at rest using CMK while creating a new Azure Cosmos DB account.   

Additional information:

Azure Cosmos DB documentation
Configure customer-managed keys for your existing Azure Cosmos DB accounts!

Azure API Center

Azure API Center is now generally available, providing a centralized solution to manage the challenges of API sprawl, which is exacerbated by the rapid proliferation of APIs and AI solutions. Azure API Center offers a unified inventory for seamless discovery, consumption, and governance of APIs.

Additional information:

API Inventory Management
API Cataloging for Azure API Management
API Design Governance
API Reusability
API Development Enhancement

Azure Front Door log scrubbing of sensitive data is general available

Azure Front Door log scrubbing tool helps you remove sensitive data (e.g. personal identifiable information) from your Azure Front Door access logs. It works by enabling log scrubbing at Azure Front Door profile level and selecting the log fields to be scrubbed. Once enabled, the tool scrubs that information from your logs generated under this profile and replaces it with “****”.

Normally, when a request is served by Azure Front Door, in the logs the details of the request is in clear text. Sensitive data might be included in the request URL (such as customer passwords, client IP etc.). These data are viewable by anyone with access to the Azure Front Door access logs. To protect customer data, you can set up log scrubbing rules targeting this sensitive data for protection.

Additional information:

Azure Front Door sensitive data protection
Monitor metrics and logs in Azure Front Door

Azure Governance Update – Management Groups

Beginning May 3, 2024, Azure will start enabling the root management group for tenants that have not enabled it yet. Using Azure management groups leverages best practices when applying Azure Policy.Having it pre-enabled reduces the initial set up work to follow the best practices. 

Additional information:

What are Azure management groups?
Root management group for each directory
Initial setup of management groups

Azure Spring Apps Feature Update Q1 2024: Save up to 47% with Azure savings plan

Announcing the exciting feature updates for Azure Spring Apps in Q1 2024. Save up to 47% with Azure Savings plan.

Additional information:

Azure Spring Apps Enterprise is now eligible for Azure savings plan
Azure CLI supports log streaming for Spring Cloud Gateway
Azure CLI supports log streaming for Application Configuration Service
Enhanced troubleshooting of Application Configuration Service

Azure Bastion Developer SKU

The Bastion Developer SKU represents a novel, cost-effective, and streamlined version of the Bastion service.

Additional information

What is Azure Bastion?
Quickstart: Deploy Azure Bastion – Developer SKU

Azure Chaos Studio supports Resource tags

This is a managed service that uses chaos engineering to help measure, understand, and improve cloud application and service resilience. Chaos Studio now supports Resource tags.

Additional information:

Azure Chaos Studio

Infrastructure and quality enhancements for Azure Container Registry

We are excited to share the following significant enhancements to the Azure Container Registry (ACR) infrastructure:

  • Increased Registry Size: Previously capped at 20TiB, ACR’s registry size has now been auto-upgraded to 40TiB for all customers. This expanded capacity ensures that you can store more container images without constraints.
  • Geo-Replication Expansion: Geo-replication, a critical feature for redundancy and disaster recovery, can now be enabled for all registries over 20TiB. Additionally, we’ve optimized its performance, making it 10x faster than before.

We are actively working on further increasing the registry size to over 100TiB.

These current and planned enhancements are designed to empower your container workflows and support your evolving needs.

Additional information:

Introduction to Container registries in Azure
Service tier features and limits

Improved network topology experience in Network Watcher and Azure Monitor Network Insights

Azure Network Watcher provides network monitoring and troubleshooting capabilities to increase observability and actionable insights. Network Watcher supports four main scenarios: 

  • Connectivity Monitoring detects packet loss and latency, built-in health metrics
  • Topology visualization help to locate issues
  • Traffic monitoring tracks network communication pattern
  • Diagnostics suite enables troubleshooting.

Efficient management and monitoring of cloud networks is crucial for peak performance, security, and reliability. 

Additional information:

 Azure Virtual Network Manager
 Connection Monitor
 Traffic Analytics
Azure Monitor – Network Insights – View Topology

Application Gateway Web Application Firewall (WAF) inspection limit & size enforcement

Azure’s regional Web Application Firewall (WAF) now supports greater control over inspection limits and size enforcement for WAF policies. This feature allows you to control request body inspection, maximum request body limit, and maximum file upload limit independently of each other.

With this update, now you have more flexibility on how WAF inspects requests while allowing larger requests to pass without being blocked.

Additional information:

What is Azure Web Application Firewall?
Azure Application Gateway
Web Application Firewall request and file upload size limits

Azure Machine Learning – General Availability for April 2024

Three features enable you to seamlessly log inference data to a central location, set up event-driven applications, processes, or workflows based on Azure Machine Learning events, and utilize lifecycle management of features from creation through archival. 

Log inference data to a central location with the Model Data Collector (MDC) : You can now seamlessly log inference input and output data to the Azure Blob Storage location of your choice. This data can be used for compliance, auditing, or monitoring. 

React to event-driven applications, processes, and workflows with EventGrid integration : You can now use Event Grid with modern serverless architectures to react to Azure Machine Learning events, such as the completion of training runs, the registration and deployment of models, and the detection of data drift. 

Network isolation in managed feature store : You can now use the managed feature store (with network isolation) to experiment and ship models faster, increase reliability of your models, and reduce your operational costs. 

Additional information:

Azure Machine Learning documentation

Azure Monitor log search alerts support managed identities

Azure Monitor alerts allow you to monitor your Azure and application data to quickly identify issues affecting your service. You can use log search alert rules to run queries periodically on your log data. With that, you get notifications or trigger actions when an a potential issue is identified.

A common challenge for developers is the management of credentials for applications to use when connecting to resources. Managed identities provide an automatically managed identity in Microsoft Entra ID. Applications can use managed identities to obtain Microsoft Entra tokens without having to manage any credentials.

Log search alert rules support managed identities for Azure resources, allowing you to see and control the exact permissions.

Additional information:

Managed identities for Azure resources
Configure Managed Identity in Log Search Alert Rule
Configure alerts with a query to ADX Azure Data Explorer or Azure Resource Graph

Azure Site Recovery update rollup 73 – April 2024

This update provides the following improvements for the latest version of Azure Site Recovery components.

Mobility Service – Added support for Linux OS for:

  • Azure to Azure – Debian 12 and Ubuntu 18.04 Pro
  • Modernized VMware/Physical to Azure – Debian 12 and Ubuntu 18.04 Pro

Additional information:

Update Rollup 73 for Azure Site Recovery

Azure Red Hat OpenShift April 2024 updates

Azure Red Hat OpenShift (ARO) provides highly available, fully managed OpenShift clusters on demand.

The latest Azure Red Hat OpenShift update delivers the following enhancements:

  • ARO support in Azure Terraform Provider: The AzureRM Terraform provider now supports managing Azure Red Hat Openshift resources. Hashicorp Terraform is an infrastructure-as-code tool that lets you define infrastructure resources in human-readable configuration files that can be versioned, reused and shared. 
  • Bring your own Network Security Groups: You can now attach your own NSGs that include both your organization’s security rules and ARO service rules. This will be applied to both master and worker subnets before installing ARO clusters with a flag indicating the presence of the NSGs. 
  • Azure Monitor Signals: You are able to provide ARO cluster Resource Health and integration with Azure Monitor Signals. Azure Monitor signals can be configured to generate alerts based on signals from Azure Red Hat OpenShift clusters.Learn more.
  • New GPU instance types for Day 2 operations: Azure Red Hat OpenShift now supports new GPU instance types that are aimed at Day 2 operations. The following GPU instance types are now supported: ND96asr_v4, NC24ads_A100_v4,NC48ads_A100_v4, NC96ads_A100_v4,and ND96amsr_A100_v4. Learn more.
  • ARO is now supported in the Taiwan Region: Azure Red Hat OpenShift is now supported in the Taiwan region providing more availability and fault tolerance to customers in this area. Learn more.
About Dimitar Grozdanov 36 Articles
Engineer. 25+ years “in the field”. Cloud Solution Architect. Trainer, Consultant. Co-founder/Supporter of Tech Communities. Speaker. Blogger. Parent. Passionate about craft beer tasting and hanging out with family and friends.

Be the first to comment

Leave a Reply

Your email address will not be published.