Azure
What is Azure Security Center?
Azure Security Center is an infrastructure security hygiene tool. It has a lot of recommendations around security hygiene.
Features and Benefits
Azure Security Center Standard has threat protection built-in for the resources that it monitors.
What is Azure Defender?
Azure Defender is an infrastructure security thread alert solution.
What is Azure Kubernetes Service (AKS)?
Azure Kubernetes Service is a fully managed container orchestration service based on the open-source Kubernetes system, available on the Microsoft Azure public cloud.
"Production-Grade Container Orchestration"
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
- A software system that allows you to deploy and manage containerized applications on top of it easily
- Exposes the underlying infrastructure as a single computational resource
- Consistent deployment experience regardless of the size of the cluster
- Enables developers to deploy their applications themselves and as often as they want
- Enables the ops team by automatically monitoring and rescheduling those apps in the event of a hardware failure
- The focus from supervising individual apps to mostly supervising and managing Kubernetes and the rest of the infrastructure
- Abstracts away the hardware infrastructure and exposes your whole data center as a single gigantic computational resource
- Kubernetes encourage Desired State deployment
- You assert you want one or more resources to be in a certain state and with specific versions
- Controllers are where the brains exist for tracking those resources and attempting to run your software as you described
- kubectl or kube ctl
- is a command-line interface for running commands against Kubernetes cluster
- kubectl <operation> <object> <resource name> <optional flags>
- kubectl get nodes
- kubectl help
- The smallest unit that Kubernetes manages
- A Pod is made up of one or more containers and information associated with those containers
- Querying a pod returns a data structure that contains information about containers and it's metadata
- Characteristics of a Pod
- All the containers for a Pod will be run on the same node
- Any container running within a Pod will share the Node's network with any other container in the same Pod
- Containers within a Pod can share files through volumes, attached to the containers
- A Pod has an explicit life cycle, and will always remain on the Node in which it was started
- Pods are collected into namespaces, which are used to group Pods
- Namespaces can e used to provide quotas and limits around resource usage and have an impact on DNS names that Kubernetes creates internal to the cluster
- If no namespace is specified when interacting with Kubernetes through kubectl, the command assumes you are working with the default namespace, named default
- A node is a machine that is added to the Kubernetes Cluster
- The master node is the brain of Kubernetes while the worker nodes do the actual work of pulling container images and running pods
Master node
Holds the control plane that controls and manages the whole Kubernetes system.
Components:
- Controller manager: performs cluster-level functions, such as replicating components, keeping track of worker nodes, handling node failures, etc.
- API Server: users and other control plane components communicate with
- etcd, is a reliable distributed data store to store the cluster configuration persistently
- Scheduler, which schedules the application, basically assigning a worker node to each deployable component of the application
Worker nodes
Run the actual applications.
Components:
- Container runtime, which can be Docker or rkt (Rocket)
- Kubelet, talks to the AI server and manages containers on its node
- Kubernetes service proxy, load balances network traffic between the application components.
- All the containers in a Pod share the Node's network
- All nodes in a Kubernetes cluster are expected to be connected to each other and share a private cluster-wide network
- Kubernetes runs containers within a Pod within this isolated network
- A ReplicaSet is associate with a Pod and indicates how many instances of that Pod should be running within the cluster
- A ReplicaSet also implies a controller that watches the ongoing state and knows how many of your Pod to keep running
- A ReplicaSet is commonly wrapped in turn by a deployment
- Kubernetes resource used to provide an abstraction through to your Pods agnostic of the specific instance that are running
- Can contain a Policy
- Emulates a software load balancer within Kubernetes
- The recommended way to run code on Kubernetes
- The deployment controller wraps around and extends the ReplicaSet controller
- Includes metadata settings to know how many Pods to keep running
- Simplifies deployment, management, and operations of Kubernetes
- Kubernetes Objects
- Azure Kubernetes Services or AKS
- It makes it quick and easy to deploy and manage containerized applications without container orchestration expertise.
- Eliminates the burden of ongoing operations and maintenance by provisioning, upgrading, and scaling resources on demand
- Master node(s) managed by Microsoft
- Access to enterprise-grade features of Micorosft Azure
- Reduces the complexity and operational overhead of managing a Kubernetes cluster by offloading much of that responsibility to Azure
- Handles critical tasks like health monitoring and maintenance for you
- Automated Kubernetes version upgrade and patching
- Easy cluster scaling
- Self-healing hosted control plane (masters)
- Cost savings
List subscriptions
az account list
Change subscription
Set context to the desired subscription
az account set -s "{subscription}"
Show current subscription
az account show
Set default resource group for all Azure CLI commands
az configure --defaults group={resource-group-name}
Get AKS credentials
az aks get-credentials --name {aks-cluster-name}
Download and install kubectl
az aks install-cli
Get the deployments
kubectl get deployments
Delete deployments
kubectl delete deployment {deployment_name}
Samples
Sample to expose an endpoint
kubectl expose deployment {app_name} --type=LoadBalancer --port=80 --target-port=80
Azure Sentinel can only be enabled for a single Log Analytics Workspace. Therefore it is recommended to centralize all security logs to a dedicated central workspace. Use Azure Lighthouse if you have multiple workspaces.
To create Azure Sentinel, an active subscription and a Log Analytics workspace need to be available.
The permissions required
- Contributor on Subscription level
- Contributor or Reader on Resource Group or Resource level
Resource
Get the resource ID for the existing AKS cluster
Get the resource ID:
SP_ID=$(az aks show --resource-group aksrg --name pdtaks\
--query servicePrincipalProfile.clientId -o tsv)
az ad sp credential list --id $SP_ID --query "[].endDate" -o tsv
From: AKS ErrImagePull and ImagePullBackOff on AKS after a year
What is Azure Resource Graph?
Azure Resource Graph is a service in Azure that is designed to extend Azure Resource Management by providing efficient and performant resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment.
These queries provide the following features:
- Ability to query resources with complex filtering, grouping, and sorting by resource properties.
- Ability to iteratively explore resources based on governance requirements.
- Ability to assess the impact of applying policies in a vast cloud environment.
- Ability to detail changes made to resource properties (preview).
By default, the kubectl command for Kubernetes uses parameters from the current context to communicate with the cluster.
Display the current context:
$ kubectl config current-context
List all contexts in a kubeconfig file:
$ kubectl config get-contexts
Switch context:
$ kubectl config use-context <context_name>
A Pod is a group of one or more containers with shared storage, network, and lifecycle and is the basic deployable unit in Kubernetes.
How to get detailed information about Pods using kubectl command.
List Pods in the default Namespace for the current context:
$ kubectl get pods $ kubectl get pods -o wide
List all Pods from the all Namespace:
$ kubectl get pods --all-namespaces
Get Pods from a particular Namespace:
$ kubectl get pods --namespace <namespace-name>
Get detailed information about a Pod
$ kubectl describe pods <pod-name>
In general, I see two approaches
- Start with App Services for all applications, and only if the complexity and orchestration needs exceed the limits, then go for AKS. This would be my approach as I don’t see either/or, but I would leverage their individual strengths.
- Or if they already plan to introduce a sophisticated AKS infrastructure, then use leverage this (I have the feeling that some at Swiss Re try to go into this direction)
What do/would I consider
- General: have simple applications with just a few Web Apps I would go with App Services, but for a more complex microservice architecture, I would consider AKS.
- Is there a strategic decision already taken
- Is there a Multi-Cloud strategy and need to leverage knowledge (infrastructure) across clouds, then it could make sense to go with AKS as this is more provider agnostic
- If there is no Kubernetes knowledge available, App Services would be simpler to start with
- If you have an Application with just a front-end (maybe SPA) and API backend, then App Services would be preferable
- If it is a containerized application with a lot of containers that need orchestration, then AKS could help
- What Customers need to understand is that there are much more management activities they need to take care of when using AKS compared to App Service. AKS is closer to an IaaS platform from that point of view. So as long as their needs can be met with App Service, I think it’s a much less painful choice compared to AKS.
Azure Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Easily create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Empower data consumers to find valuable, trustworthy data.
Establish the foundation for effective data usage and governance with Purview Data Map.
- Automate and manage metadata from hybrid sources.
- Classify data using built-in and custom classifiers and Microsoft Information Protection sensitivity labels.
- Label sensitive data consistently across SQL Server, Azure, Microsoft 365, and Power BI.
- Easily integrate all your data systems using Apache Atlas APIs.
Azure Sentinel is a next-generation Security Information and Event Management (SIEM) and Security Operation Automation Response (SOAR) solution provided by Microsoft.
- Data Collection
- Threat Detection
- Threat Investigation
- Rapid Response
- Automatically scaling to meet the data collection and storage requirements
- Integrate directly with Microsoft Intelligent Security Graph
- Include advanced anomaly detections using Microsoft machine learning
- Leveraging automation capability for investigating and responding to alerts
- Provide intuitive dashboard and querying capabilities
Types
- Native or service to service integrates directly with resources across the Microsoft product range. This is the preferred method for ingestion
- API
- Agent-Based
- Direct
Azure Sentinel
A cloud-based SIEM and SOAR solution that depends on various security solutions to provide threat detection, investigation, hunting, and automated response capabilities.
Azure Security Center
A Cloud Security Posture Management and Cloud Workload Platform Protection solution.
Complements Azure Sentinel
Types of Analytic Rules
- Scheduled rules run on a set schedule to detect suspicious events
- Microsoft Security rules are used to create Azure Sentinel incidents from alerts generated from other Microsoft Security solutions
- Machine learning behavioral analytics rules can only be created from templates provided and use proprietary Microsoft machine learning algorithms
- Fusion is a Microsoft machine learning technology to combine information from various sources to generate alerts
K9s provides a terminal UI to interact with your Kubernetes clusters. This project aims to make it easier to navigate, observe, and manage your applications in the wild. K9s continually watches Kubernetes for changes and offers subsequent commands to interact with your observed resources.
K9s - Manage Your Kubernetes Clusters In Style (k9scli.io)
Manging and Investigating Incidents
An incident
- is created based on alerts
- can be based on first-party analytics from Microsoft Security Solutions
- can also be created via a bookmark
- can include one or multiple alerts
- contains evidence that can be used for further investigation
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows.
Azure Monitor Private Link Scope (AMPLS) connects private endpoints (and the VNets contained in) to one or more Azure Monitor resources - Log Analytics workspaces and Application Insights components.
Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. Azure Arc enables you to:
- Manage your entire environment, with a single pane of glass, by projecting your existing non-Azure, on-premises, or other cloud resources into Azure Resource Manager.
- Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
- Use familiar Azure services and management capabilities, regardless of where they live.
- Continue using traditional ITOps, while introducing DevOps practices to support new cloud-native patterns in your environment.
- Configure Custom Locations as an abstraction layer on top of Azure Arc enabled Kubernetes cluster, cluster connect, and cluster extensions.
Today, Azure Arc allows you to manage the following resource types hosted outside of Azure:
- Servers - both physical and virtual machines running Windows or Linux.
- Kubernetes clusters - supporting multiple Kubernetes distributions.
- Azure data services - Azure SQL Managed Instance and PostgreSQL Hyperscale services.
- SQL Server - enroll instances from any location.
For further information visit Azure Arc overview.
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools. Vaults support storing software and HSM-backed keys, secrets, and certificates. Managed HSM pools only support HSM-backed keys. See Azure Key Vault REST API overview for complete details.
Application Insights can monitor Azure cloud service apps for availability, performance, failures, and usage by combining data from Application Insights SDKs with Azure Diagnostics data from your cloud services. With the feedback you get about the performance and effectiveness of your app in the wild, you can make informed choices about the direction of the design in each development lifecycle.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies and includes powerful analytics tools to help you diagnose issues and understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on various platforms, including .NET, Node.js, Java, and Python hosted on-premises, hybrid, or any public cloud. It integrates with your DevOps process and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.
Log Analytics is a tool in the Azure portal used to edit and run log queries with data in Azure Monitor Logs. You may write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze them. Or you may write a more advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend. Whether you work with the results of your queries interactively or use them with other Azure Monitor features such as log query alerts or workbooks, Log Analytics is the tool that you're going to use to write and test them.
For further details, visit Overview of Log Analytics in Azure Monitor.
For many organizations, the Azure landing zone conceptual architecture below represents the destination in their cloud adoption journey. It's a mature, scaled-out target architecture intended to help organizations operate successful cloud environments that drive their business while maintaining best practices for security and governance.
Source: What is an Azure landing zone? - Cloud Adoption Framework | Microsoft Docs
A landing zone is an environment for hosting your workloads, pre-provisioned through code.
What is App Service
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.
App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.
With App Service, you pay for the Azure compute resources you use. The compute resources you use are determined by the App Service plan that you run your apps on. For more information, see Azure App Service plans overview.
For further information visit App Service overview
Logic apps are not well suited for large files.
- Depending on the connector, they support either 100MB or 1GB (with chunking).
- The file adapter limit is 30 MB and doesn’t support compression.
Further details can be found at Limits and configuration reference for Azure Logic Apps.
Octant is an open-source developer-centric web interface for Kubernetes that lets you inspect a Kubernetes cluster and its applications.
Website: Octant
Durable Functions scales as needed and provides a cost-effective means of implementing complex workflows in the cloud. Some benefits of using Durable Functions include:
- They enable you to write event-driven code. A durable function can wait asynchronously for one or more external events and then perform a series of tasks in response to these events.
- You can chain functions together. You can implement common patterns such as fan-out/fan-in, which uses one function to invoke others in parallel, and then accumulate the results.
- You can orchestrate and coordinate functions and specify the order in which functions should execute.
- The state is managed for you. You don't have to write your own code to save state information for a long-running function.
You can use three durable function types: Client, Orchestrator, and Activity.
- Client functions are the entry point for creating an instance of a Durable Functions orchestration. They can run in response to an event from many sources, such as a new HTTP request arriving, a message being posted to a message queue, an event arriving in an event stream. You can write them in any of the supported languages.
- Orchestrator functions describe how actions are executed and the order in which they are run. You write the orchestration logic in code (C# or JavaScript).
- Activity functions are the basic units of work in a durable function orchestration. An activity function contains the actual work performed by the tasks being orchestrated.
A trigger is an object that defines how an Azure Function is invoked. For example, if you want a function to execute every 10 minutes, you can trigger a timer.
Every function must have exactly one trigger associated with it. If you want to execute a logic that runs under multiple conditions, you need to create multiple functions that share the same core function code.
Azure Functions support a wide range of trigger types. Some of the most common types:
- Timer: Execute a function at a set interval.
- HTTP: Execute a function when an HTTP request is received.
- Blob: Execute a function when a file is uploaded or updated in Azure Blob storage.
- Queue: Execute a function when a message is added to an Azure Storage queue.
- Azure Cosmos DB: Execute a function when a document changes in a collection.
- Event Hub: Execute a function when an event hub receives a new event.
A binding is a connection to data within your function. Bindings are optional and can be input bindings, output bindings, or both. An input binding is the data that your function receives. An output binding is the data that your function sends.
Unlike a trigger, a function can have multiple input bindings and output bindings.
Azure API Management (APIM) helps organizations unlock the potential of their data and services by publishing APIs to external partners and internal developers.
The API gateway is the endpoint that:
- Accepts API calls and routes them to the backend.
- Verifies API keys, JWT tokens, certificates, and other credentials.
- Enforces usage quotas and rate limits.
- Transforms your API on the fly without code modifications.
- Caches backend responses where set up.
- Logs call metadata for analytics purposes.
The Azure portal is the administrative interface where you set up your API program. You can also use it to:
- Define or import API schema.
- Package APIs into products.
- Set up policies such as quotas or transformations on the APIs.
- Get insights from analytics.
- Manage users.
The Developer portal serves as the main web presence for developers. From here they can:
- Read API documentation.
- Try out an API via the interactive console.
- Create an account and subscribe to get API keys.
- Access analytics on their own usage.
Azure Kubernetes Service allows you to deploy a production-ready Kubernetes cluster in Azure quickly.
Azure Database for PostgreSQL is a fully managed relational database service based on the community edition of the open-source PostgreSQL database engine.
Your default choice for new Azure Cosmos DB accounts should be Core (SQL). However, it would help if you also considered the following situations:
If your data is better represented in a graph, the Gremlin (graph) API might be a good choice.
If you already have an existing application or database using one of the other APIs, then the current API might be a better choice for your specific scenario. Using the current API might make it easier to:
- Migrate your application or database to Azure Cosmos DB
- Reuse your existing code with minimal changes
- Leverage the existing knowledge and experience of your development team.
You should only use the Azure Table API if you migrate from Azure Table Storage, as Core (SQL) offers far more features and flexibility.
Some of the concepts in Azure Cosmos DB:
- Database account is a container for one or more Azure Cosmos DB databases.
- Database is a container for one or more collections
- Collections are like tables in relational databases without a schema. A collection contains documents.
- Documents are an unstructured set of key/value pairs, read and written in JSON format. They are the logical unit and which is roughly equivalent to a relational row. Documents of similar types are organized into collections.
- Partitioning is the distribution and grouping of your data across the underlying resources.
- Index is a catalog of document properties and their values.
- Request Units (RUs) measures the throughput at which rate data is processed. RU is the amount of CPU, disk I/O, and memory required to read 1 KB of data in 1 second.
Additional insights can be found at How To Design And Query Data In Cosmos DB (c-sharpcorner.com)
Create an Azure Cosmos DB account running the following command
az cosmosdb create --resource-group {RESOURCE_GROUP} --name {COSMOS_NAME}
Run the following command to store the Cosmos DB endpoint in an environment variable.
export ENDPOINT=$(az cosmosdb list --resource-group {RESOURCE_GROUP} --output tsv --query [0].documentEndpoint)
Run the following command to store the access key in an environment variable:
export KEY=$(az cosmosdb keys list --resource-group {RESOURCE_GROUP} --name {COSMOS_NAME} --output tsv --query primaryMasterKey)
Run the following command to create a database called in your Azure Cosmos DB account.
az cosmosdb sql database create --resource-group {RESOURCE_GROUP} --account-name {COSMOS_NAME} --name {DATABASE_NAME}
Create a collection running the following command.
We use the id as the partition key and configure 100 request units per second (RU/s).
az cosmosdb sql container create --resource-group {RESOURCE_GROUP} --account-name {COSMOS_NAME} --database-name {DATABASE_NAME} --name {COLLECTION_NAME} --partition-key-path /id --throughput 100
In this overview video I cover the basics of containers, Kubernetes, the Azure Kubernetes Service (AKS) and how all the pieces fit together!
Bicep provides the following advantages over other options:
- Support for all resource types and API versions: Bicep immediately supports all preview and GA versions for Azure services. As soon as a resource provider introduces new resources types and API versions, you can use them in your Bicep file. You don't have to wait for tools to be updated before using the new services.
- Simple syntax: When compared to the equivalent JSON template, Bicep files are more concise and easier to read. Bicep requires no previous knowledge of programming languages. Bicep syntax is declarative and specifies which resources and resource properties you want to deploy.
- Authoring experience: When you use VS Code to create your Bicep files, you get a first-class authoring experience. The editor provides rich type-safety, IntelliSense, and syntax validation.
- Modularity: You can break your Bicep code into manageable parts by using modules. The module deploys a set of related resources. Modules enable you to reuse code and simplify development. Add the module to a Bicep file anytime you need to deploy those resources.
- Integration with Azure services: Bicep is integrated with Azure services such as Azure Policy, template specs, and Blueprints.
- No state or state files to manage: All state is stored in Azure. Users can collaborate and have confidence their updates are handled as expected. Use the what-if operation to preview changes before deploying your template.
- No cost and open source: Bicep is completely free. You don't have to pay for premium capabilities. It's also supported by Microsoft support.
- Set up Bicep development and deployment environments - Azure Resource Manager | Microsoft Docs
- GitHub - Azure/vscode-remote-try-bicep
- Discover Bicep on Microsoft Learn - Azure Resource Manager | Microsoft Docs
- Create Bicep files - Visual Studio Code - Azure Resource Manager | Microsoft Docs
- Bicep & ARM template reference to learn about the resources that are available in your Bicep file
- Bicep GitHub repo
Private Azure Kubernetes Service Cluster
In a private cluster, the control plane or API server has internal IP addresses that are defined in the RFC1918 - Address Allocation for Private Internet document. Using a private cluster lets you ensure network traffic between your API server and your node pools remains on the private network only.
Create a private Azure Kubernetes Service cluster - Azure Kubernetes Service | Microsoft Docs
Provide the requirements of your AKS deployment to generate the assets to create a fully operational environment, incorporating best-practices guidance.
Sign in interactively
The Azure CLI's default authentication method for logins uses a web browser and access token to sign in.
az login
If the CLI can open your default browser, it will do so and load an Azure sign-in page. Otherwise, open a browser page at https://aka.ms/devicelogin and enter the authorization code displayed in your terminal. Sign in with your account credentials in the browser.
If no web browser is available or the web browser fails to open, use device code flow with az login --use-device-code.
Sign in with a different tenant
You can select a tenant to sign in under with the --tenant argument. The value of this argument can either be an .onmicrosoft.com domain or the Azure object ID for the tenant. Both interactive and command-line sign in methods work with --tenant.
az login --tenant {tenant}
Additional details can be found at Sign in with Azure CLI — Login and Authentication | Microsoft Docs
Log into Azure using a Service Principal
az login --service-principal --username {SPN_CLIENT_ID} --password {SPN_CLIENT_SECRET} --tenant {SPN_TENANT_ID}
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. It is written and maintained primarily by Simon Tatham.
The Azure Redis Cache offers the following pricing tiers with different features, performance, and budgets:
Basic
The Basic cache is a single node cache that is ideal for development/test and non-critical workloads. There’s no SLA (Service Level Agreement is Microsoft’s commitment for uptime and connectivity). The basic tier has different options to choose from C0 to C6. The lowest option is C0, and this is in a shared infrastructure. Everything above C0 provides dedicated service, i.e., this does not share infrastructure with other customers.
- Minimal feature set
- A single node
- No SLA
- Development and test
Standard
This tier offers an SLA and provides a replicated cache. The data is automatically replicated between the two nodes — ideal for production-level applications.
- 2 Replicated nodes (primary-secondary pair)
- 99.9% availability
- 53 GB of memory
- 20000 clients
Premium
The Premium tier has all the standard features and, also, it provides better performance, bigger workloads, enhanced security, and disaster recovery. Backups and Snapshots and can be created and restored in case of failures. It also offers Redis Persistence, which persists data stored inside the cache. It also provides a Redis Cluster, which automatically shares data across multiple Redis nodes. Hence this allows creating workloads of bigger memory sizes and get better performance. It also offers support for Azure Virtual Networks, which gives the ability to isolate the cache by using subnets, access control policies, and other features.
- Redis cluster
- Low latency
- 99.95% availability
- 40000 clients
Enterprise
- The full Redis feature set
- 99.99% availability
Enterprise Flash
- Fast non-volatile storage
- Watch out for data loss. Never rely on a key being present. It may have expired or been evicted.
- Set expiry times to manage the content lifetime.
- Add jitter to spread database load that is varying the expiry time to spread the load on origin.
- Avoid caching large objects and consider breaking them down into smaller separate objects.
- Host Redis in the same region as the application
- As a security best practice, do not enable non-SSL port connection as all data that will pass through that connection would not be encrypted.
Redis CLI
The Redis Command Line interface is a very popular command-line tool that is used to connect to Redis Cache and do several management operations.
Redis-benchmark utility
The Redis-benchmark utility is a special tool available through the Redis CLI that simulates some load on a Redis Cache instance. It runs a set of tests against the instance, simulating a number of connected clients, and gives a way to ensure that the cache is provisioned at the correct scale.
Redis-benchmark -q -n 10000
It is recommended to create a virtual machine that contains the Redis CLI and execute it from there.
stunnel
stunnel is a simple utility that will take non-SSL connections and tunnel them through SSL so that a tool like Redis CLI, which does not natively support SSL, can still connect through an SSL endpoint.
Data Encryption
Encryption in Transit
Encryption in Transit is the security of the messages sent between the application and the cache itself. The transport-level security is provided by TLS, and out-of-the-box Redis uses TLS 1.2 but also supports TLS 1.1 for compatibility purposes. HTTP connections are disabled by default as this is not recommended.
Encryption at Rest
In-memory data is not encrypted, so Redis encryption is not implemented and is not supported on Azure.
With premiums tiers, the data can be persistent and backed up to an Azure Storage account. For this data at rest, encryption is enabled and by default uses Microsoft-managed keys.
Azure Redis Cache is a high-throughput, low-latency, secure managed service based on the open-source in-memory Redis Cache.
It is commonly deployed in front of databases or storage as a way to speed up data access for applications or servers.
Protocol: TCP
Port: 6379 or 6380 (SSL)
Server name: {unique name}.redis.cache.windows.net
Azure Redis Cache offers the following Network Security Options:
- Public Endpoint is an internet-facing endpoint with a firewall
- Resource Inside the VNET with the Premium Redis Cache option
At this point, Redis Cache is not offering service or private endpoints.
Proper firewall configuration is critical, especially for basic or standard Azure Redis caches because they have public endpoints and are reachable through the internet.
Authentication
Shared keys are used to connect to Redis Cache. Shared, and there is no identity authentication.
Shared keys are like the root password of the cache. There are always two active keys.
Shared Keys need to be stored securely as they provide full access to the cache, like using Azure Key Vault.
Azure Redis Cache supports storing data in various formats. It supports data structures like Strings, Lists, Sets, and Hashes.
- Strings: Redis strings are binary safe and allow them to store any type of data with serialization. The maximum allowed string length is 512MB. It provides some useful commands like Incr, Desr, Append, GetRange, SetRange, and other useful commands.
- Lists: Lists are lists of Strings, sorted by insertion order. It allows adding elements at the beginning or end of the list. It supports constant time insertion and deletion of elements near the beginning or end of the list, even with many millions of inserted items.
- Sets: These are also lists of Strings. The unique feature of sets is that they don’t allow duplicate values. There are two types of sets: Ordered and Unordered Sets.
- Hashes: Hashes are objects containing multiple fields. The object allows storing as many fields as required.
General Tipps for Application Insights Portal View
- Some views and blades are cached, and you will not see any updates. You need to refresh the page to see the updated calculation.
The following code snippet shows how to configure AddApplication Insights Telemetry.
public void ConfigureServices(IServiceCollection services)
{
// ...
services.AddSingleton<ITelemetryInitializer, CustomAppInsightsInitializer>(); // server side to track the requests and dependencies
ApplicationInsightsServiceOptions options = new ApplicationInsightsServiceOptions()
{
EnableAuthenticationTrackingJavaScript = true, // enable client side to track pageviews
ConnectionString = "InstrumentationKey={key};IngestionEndpoint=https://westeurope-1.in.applicationinsights.azure.com/"
};
services.AddApplicationInsightsTelemetry();
services.AddRazorPages(options =>
// ...
}
Telemetry Initializers set context properties that are sent along with every item of telemetry.
You can write your own initializers to set context properties.
The standard initializers are all set either by the Web or WindowsServer NuGet packages and can be found at ApplicationInsights.config reference - Azure - Azure Monitor | Microsoft Docs.
Examples of standard initializers are:
- AccountIdTelemetryInitializer sets the AccountId property.
- AuthenticatedUserIdTelemetryInitializer sets the AuthenticatedUserId property as set by the JavaScript SDK.
The setAuthenticatedUserContext API has optional parameters. When setting storeInCookie to true, the ai_authuser cookie is set, so every request is sent with the authenticatedUserId.
But when using appInsights.setAuthenticatedUserContext(userName, null, true) the back-end side in ASP.NET Core doesn't set the Auth Id context property with the default initializers (in this case the AuthenticatedUserIdTelemetryInitializer).
Some additional discussion can be found at Add option EnableAuthenticationTracking to add AuthenticatedUserId to telemetries · Issue #1431 · microsoft/ApplicationInsights-dotnet · GitHub
There are two options to track authenticated users.
Option 1
- Set
EnableAuthenticationTrackingJavaScriptconfiguration totruein appsettings.json. With this, the default TelemetryInitializers will set the Auth Id with the username for Page View events. - Implement a TelemetryInitializer to set the Auth Id context property from the back-end side for all the other events.
- Register the custom TelemetryInitializer and move app.UseAuthentication() to the position in the pipeline where you want to track.
Option 2
- Use
appInsights.setAuthenticatedUserContext(userName, null, true)to set the ai_authuser cookie on the client-side. - Implement a TelemetryInitializer to read the cookie on the backend-side and set the Auth Id context property
- Register the custom TelemetryInitializer
Application Insights API for custom events and metrics - Azure Monitor | Microsoft Docs
AddApplicationInsightsTelemetry() and UseApplicationInsights() both are ways to add instrumentation capabilities to your application. These are "mutually exclusive" and you should use only one of them.
UseApplicationInsights() will automatically read and initialize configuration variables from appsettings.json and is the easiest way to get started with default settings.
AddApplicationInsightsTelemetry() is recommended for customized configuration.
Use a custom Telemetry initializer to assign additional context properties you wish to populate.
Sample code below
public class MyCustomTelemetryPropertyInitializer : ITelemetryInitializer
{
IHttpContextAccessor httpContextAccessor;
public MyCustomTelemetryPropertyInitializer(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor;
}
public void Initialize(ITelemetry telemetry)
{
telemetry.Context.GlobalProperties.Add("MyApplicationName", "ApplicationInsightsTester");
}
}
You will then be able to query in Log Analytics using the below query
requests
| take 100
| where customDimensions["MyApplicationName"] == "ApplicationInsightsTester"
Application Insights is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and Java EE, hosted on-premises, hybrid, or any public cloud.
Below I list some services provided by Application Insights:
- HTTP request rates, response times, and success rates
- Dependency (HTTP & SQL) call rates, response times, and success rates
- Exception traces from both server and client
- Diagnostic log traces
- Page view counts, user and session counts, browser load times, and exceptions
- AJAX call rates, response times, and success rates
- Server performance counters
- Custom client and server telemetry
- Segmentation by client location, browser version, OS version, server instance, custom dimensions, and more
- Availability tests
Along with the preceding, there are associated diagnostic and analytics tools available for alerting and monitoring with various different customizable metrics. Application Insights is an excellent tool for any cloud service with its own query language and customizable dashboards.
Azure Arc bridges the gap from different environments into the Azure cloud and, as such, combines all resources in one place without actually running those resources in Azure.
- Azure Arc-enabled Servers
- Azure Arc-enabled SQL Server
- Azure Arc-enabled Data Services
- Azure Arc-enabled Kubernetes
- Azure Arc-enabled Machine Learning
- Install the Azure Connected Machine agent
- Connect to Azure to bring the metadata to Azure
- Enable Microsoft Monitoring Agent (MMA) extension
Additional Information
Create and output a new Service Principal with password
$sp = NewAzADServicePrincipal -DisplayName "{sp-name}" -Role "{role}"
$sp
$credentials = New-Object pscredential -ArgumentList "temp", $sp.Secret
$credentials.GetNetworkCredential().password
The release of .NET 6 helps developers build the apps they want to build, the platforms they want to target, and the operating systems they want to use for development. Azure App Service for .NET 6 is generally available now, meaning application developers can utilize the capabilities offered by .NET 6 and run those web apps in App Service.
.NET 6 extends our .Net unification vision, making it easier for web and cloud developers to expose services to .NET mobile apps and share code with them.
Azure App Service support for .Net 6 now generally available | Azure updates | Microsoft Azure
Create a Data Controller
az arcdata dc create --connectivity-mode Indirect --name arc-dc --namespace arcds `
--azure-subscription $sub --resource-group ArcRes --location eastus `
--profile azure-arc-kubeadm --use-k8s --storage-class local-storage
Check out the pods
kubectl get pods -n arcds
Create a managed instance
az SQL mi-arc create --name local-mi-01 --namespace arcds --use-k8s `
--storage-class-data local-storage --storage-class-logs local-storage `
--storage-class-datalogs local-storage --storage-class-backup local-storage
Restore DB
kubectl cp ..\AdvantureWorks2017.bak arcds/local-mi-01-0:var/opt/mssql/data/AdvantureWorks2017.bak -c arc-sqlmi
Export and upload metrics & logs
az arcdata dc export -t metrics --path metrics.json --namespace arcds --force az arcdata dc export -t logs --path logs.json --namespace arcds --force az arcdata dc upload --path metrics.json az arcdata dc upload --path logs.json
You can now further customize autoscale Apache Spark in Azure Synapse by enabling the ability to scale within a minimum and a maximum number of executors required at the pool, Spark job, or notebook session-level. This enhances the autoscale capabilities within Apache Spark on Synapse by allowing you to customize how your clusters scale based on specific workload requirements.
The max number of Site-to-Site/VNet-to-VNet connections on a VPN Gateway has been increased from 30 to 100 tunnels for SKUs VpnGw4, VpnGw5, VpnGw4AZ, and VpnGw5AZ.
This change does not affect legacy gateways with the High-Performance SKU.
General availability: Increased connection limit for VPN Gateways | Azure updates | Microsoft Azure
More than a map
It goes beyond maps. It is a location platform and has built-in capabilities for search for addresses and places, rendering canvas, routing capabilities (multi-point, route optimization, isochrones)
Services in Azure Maps
- Data service
- Geolocation service
- Render service
- Route service
- Search service
- Spatial service
- Timezone service
- Traffic service
- Weather services
- Maps Creator service
- Elevation service
Get subscriptions that the current account can access.
The Get-AzSubscription cmdlet gets the subscription ID, subscription name, and home tenant for subscriptions that the current account can access.
Get all subscriptions in all tenants
PS C:\>Get-AzSubscription
Get all subscriptions for a specific tenant
PS C:\>Get-AzSubscription -TenantId "aaaa-aaaa-aaaa-aaaa"
Apps can be configured with any OpenID provider as a custom identity provider for the App Service Authentication feature.
To learn more, see Configure an OpenID Connect provider.
This update provides the following improvements for the latest version of Azure Site Recovery components.
- Mobility Service - Added support for Windows Server 2022 as replicating machine's operating system, for Azure to Azure and VMware to Azure replications.
- Bug fixes and error message improvements.
It also provides the latest updates for the following Azure Site Recovery scenarios.
- Azure to Azure
- VMware/Physical to Azure
- VMware to Azure (Preview)
- Hyper-V to Azure
Learn more about the issues fixed and get the download links.
Flexible Server is a new deployment option that provides more control and flexibility over databases, zone resilient high availability, cost optimization controls, and competitive ready-to-use performance/latency.
Flexible Server provides maximum control through custom maintenance windows and additional configuration parameters for fine-grained tuning. You can now benefit from zone redundant high availability and control the timing for patches and upgrades. Deploying a new server is simpler with a guided experience.
You can also optimize the total cost of ownership with burstable instances for your servers and stop/start capabilities that enable you to only pay for compute when the server is in use. Flexible Server is also fully compatible with community PostgreSQL, available with PostgreSQL 11, 12, and 13 support, and can be used for a variety of workloads.
Learn more about this announcement on the Tech Community blog.
Application volume group (AVG) for SAP HANA enables you to deploy all volumes required to install and operate an SAP HANA database according to best practices in a single one-step and optimized workflow. The application volume group feature includes the use of proximity placement group (PPG) with VMs to achieve automated, low-latency deployments. Application volume group for SAP HANA has implemented many technical improvements that simplify and standardize the entire process to help you streamline volume deployments for SAP HANA - instead of creating the SAP HANA volumes (data, log, shared, log-backup, file-backup) individually, the new application volume group for SAP HANA creates these volumes in a single 'atomic' operation (GUI, RP, API).
Azure NetApp Files application volume group will shorten SAP HANA landscape deployment time and increase overall application performance and stability, and eliminate the need for ‘manual pinning’ of the Azure NetApp Files volumes. The application volume group feature supports both Single-Node (scale-up) and Multi-Node (scale-out) standardized and optimized HANA deployments. The application volume group feature also proposes optimized sizing, standard naming conventions, and includes support for both HANA System Replication (HSR) for high availability and Azure NetApp Files cross region replication (CRR) for regional disaster recovery with storage based replication. This feature is now in public preview.
Suggestions for additional Azure Maps resources:
- Maps Documentation homepage: Azure Maps Documentation | Microsoft Docs
- Maps Services homepage: Azure Maps – Geospatial Services | Microsoft Azure
- Maps Web control examples: Azure Maps Web SDK Samples
- Maps Glossary: Azure Maps Glossary | Microsoft Docs
- Maps Videos: Channel9 has joined Microsoft Learn | Microsoft Docs
- Maps Terms of use: Microsoft Azure Legal Information | Microsoft Azure
- Maps pricing: Pricing - Azure Maps | Microsoft Azure
- Maps open-source projects: Azure Maps community Open-source projects | Microsoft Docs
- Maps Case studies: Geospatial & Location Intelligence Case Studies using Azure Maps (office.com)
Gets the metadata used to authenticate Azure Resource Manager requests.
The Get-AzContext cmdlet gets the current metadata used to authenticate Azure Resource Manager requests. This cmdlet gets the Active Directory account, Active Directory tenant, Azure subscription, and the targeted Azure environment.
Get-AzContext [-DefaultProfile <IAzureContextContainer>] [[-Name] <String>] [<CommonParameters>]
Example for getting the context of the current session by calling Get-AzContext.
PS C:\> Get-AzContext
There is a very good description on how to login using PowerShell at Different ways to login to Azure automation using PowerShell (sqlshack.com)
You can now enable the full mode of SQL Server IaaS Agent extension with no restart, giving you access to more manageability features for SQL Server on Azure Virtual Machines without interruption to your workloads. Previously, you had to restart the SQL Server services to enable these features. The full mode of SQL Server IaaS Agent extension unlocks many benefits such as Automated Backup, Automated Patching, Storage Optimization, and more, along with license management that comes with lightweight mode.
Azure Kubernetes Service (AKS) feature to allow for Azure Active Directory (AAD) integrated clusters to be created without any local admin user account is now generally available.
By default, when you create a Kubernetes cluster, access to the cluster is through a local admin account. This is not desirable for security reasons as anyone can use a local account. It is also harder to manage such local accounts.
With AAD integration, there is no need for local accounts. You can now disable local accounts when you setup AAD with your AKS cluster.
Azure Load Testing is a fully managed Azure service that enables developers and testers to generate high-scale load and run simulations with custom JMeter scripts, gain actionable insights to catch and fix performance bottlenecks at scale, and shifts testing left in automated CI/CD pipelines.
- Simplify load tests by eliminating infrastructural complexities and unlocking the full power of JMeter scripts at scale
- A comprehensive view of curated client and server metrics with actionable insights into app performance
- Integration with CI/CD workflows for automated, collaborative load testing
- Streamlined billing and test management that builds on existing Azure conventions
Azure Kubernetes Service (AKS) uses certificates for authentication with many of its components. Periodically, you may need to rotate those certificates for security or policy reasons. AKS will now automatically rotate non-CA certificates on both the control plane and agent nodes before they expire with no downtime for the cluster.
AKS auto-certificate feature is currently available in selected regions. This capability is being rolled out to other regions and will become available in the remaining Azure regions by end of Feb 2022.
SMS is one of the fastest-growing methods of connecting with customers and helps businesses deliver important information almost anywhere. With SMS from Azure Communication Services, developers can easily add text messaging capabilities to their applications with features like high-velocity message support, bulk messaging, two-way communication, reliable delivery, and so much more.
SMS short codes, now in public preview, are short numbers typically 5 or 6 digits long, that can only be used for sending text messages. Short codes are an addition to existing number types supported by Azure Communication Services. This is important for scenarios, like two-factor authentication, promotional campaigns, or appointment reminders. With this functionality, developers can now register for a new short code through an easy, automated registration service, providing many benefits for driving customer engagement at scale.
Azure Communication Services SMS and short code functionality is also built to work with other Azure services. For example, businesses can reliably send messages while exposing deliverability and response metrics through Azure Monitor. SMS-based workflows can be added into applications with a Logic Apps connector or receive SMS notifications with Azure Event Grid.
Check out this blog to learn more about how these services can work together: Prototyping sentiment analysis of SMS with Logic Apps.
Geo-redundant backup helps you protect against outages impacting the primary region and allows you to restore your server to the geo-paired region. Currently, geo-redundancy can only be enabled or disabled when a server is initially created. Geo-restore allows you to instantiate a server in the paired Azure region using the geo-backup. The geo-redundant backup for Azure Database for PostgreSQL – Flexible Server is available in selected regions only at this time. Refer to the documentation for the latest list of regions supported for this feature.
Learn more about this announcement and review the documentation for the latest list of regions supported for this feature.
Azure Application Gateway now supports the use of wildcard characters such as asterisk (*) and question mark (?) for hostnames on a multi-site HTTP(S) listener. You can now route requests from multiple host-names such as shop.contoso.com, accounts.contoso.com, pay.contoso.com to the same backend pool through a single listener configured with a wildcard hostname such as *.contoso.com.
Managing secrets and credentials that are used to establish secure connections between Azure services is a common challenge for developers. You often need to rotate and store these credentials in a secure place within their code. This update adds support for System Assigned Managed Identity in IoT Central allowing developers to seamlessly configure their data export destinations.
Azure Managed Identity completely eliminates the need to manage credentials and connection strings for your data export destinations within your IoT Central application. It provides with you with a secure identity that can be used to connect with other Azure resources that support Azure Active Directory authentication.
Please check out the IoT Show demo video for this feature, where you are walked through how to eliminate the management of secrets and credentials by leveraging a system-assigned managed identity for your IoT Central application to securely and seamless access other Azure-AD protected resources.
Learn more about configuring a managed identity.
Learn more about creating an Event Hubs destination.
Immutable storage with versioning for Blob Storage is now generally available. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable, and you can set a retention period so that files can't be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed.
Immutable storage with versioning adds the capability to set an immutable policy on the account, container, or object level. It also allows for the immutable protection of all past and current versions of any blob.
To learn more, please read the documentation on immutable storage with versioning.
Immutable storage with versioning policies and legal holds are free of charge. Storage usage and transactions will be billed as normal. To learn more about pricing, visit the Azure Storage Blobs Pricing | Microsoft Azure.
Last year, Microsoft announced Azure Space, bringing together the possibilities of Space with the power of the cloud to help people and organizations achieve more on and off the planet.
Today we are announcing new partnerships and capabilities for Azure Space including:
- Azure Orbital reaches preview—now anyone can communicate and control satellites, from our owned and partnered ground-stations around the world—with no backhaul costs into Azure.
- Innovations built on Azure are “seeing” through the clouds with SpaceEye, and enhancing imagery with Project Turing.
- Our new partnership with Airbus is bringing the world’s leading high-resolution satellite imagery and elevation data into Azure, to further transform our understanding of the world.
- A virtualization partnership with iDirect, one of the largest satellite modem providers, is creating modern and flexible solutions for customers.
- New geospatial and data analytics partnerships with Esri, Blackshark.ai, and Orbital Insight on Azure are enabling new insights for our customers.
Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments expressed as a predicate using these attributes. This update to the preview enables the use of Azure AD custom security attributes for principals in role assignment conditions. You can now use combine principal attributes with resource and request attributes in your condition expressions.
Managing hundreds or thousands of role assignments for a subscription or a resource can be difficult. Use of these custom security attributes for principals in role-assignment conditions can help you reduce the number of role assignments on your storage account, and make them easier to manage. You can scale the management of role assignments using role assignment conditions that match attributes of a principal to attributes of the storage resource being accessed.
Today we're announcing the public preview of VM restore point, a new resource that stores VM configuration and a point-in-time snapshot of one or more managed disks attached to a VM. VM restore points supports multi-disk application consistent snapshots and can be leveraged to easily capture backups of your VM and disks. You can easily restore the VM using VM restore points in cases of data loss, corruption, or disasters.
We are also introducing a new Azure Resource Manager (ARM) resource called Restore Point Collection, which will act as a container for all the restore points of a specific VM.
Read more about VM restore points in our blog and learn how to use VM restore points by reviewing our public documentation.
Availability Zones in India Central are made up of three unique physically separated locations or “zones” within a single region to bring higher availability and asynchronous replication across Azure regions for disaster recovery protection.
Availability Zones give users additional options for high availability for their most demanding applications and services as well as confidence and protection from potential hardware and software failures by providing three or more unique physical locations within an Azure region.
Azure Communication Services can now be used to connect users of a custom-built app with users on Microsoft Teams via voice, video, or chat. Organizations and businesses alike can offer custom branded experiences connected with Microsoft Teams where internal employees benefit from the security, familiarity, and capability of Microsoft Teams, and external users can enjoy a custom communication experience on a web or mobile app.
This is ideal for many business-to-consumer scenarios, such as healthcare professionals delivering remote care, finance advisors helping consumers with a loan application, or support staff helping end-users install a new product. As a bonus, VoIP and chat usage is only billed to your Azure resource when using Azure APIs and SDKs. Meaning usage for Microsoft Teams app users interacting with Azure Communication Services applications is free.*
*VoIP and chat usage for Microsoft Teams endpoints are included with Microsoft 365 licenses.
The 2021 Q3 update to Azure App Service on Azure Stack Hub is now available. This release updates the resource provider and brings the following key capabilities and fixes:
- Updates to App Service Tenant, Admin, Functions portals and Kudu tools. Consistent with Azure Stack Portal SDK version.
- Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.
Azure App Service and Azure Functions on Azure Stack Hub 2021 Q3 Released - Azure App Service
GitHub Desktop now supports reviewing the statuses of individual check runs for a pull request directly in GitHub Desktop. This includes statuses of job steps for check runs generated through GitHub Actions. Customers can review the results of check runs on a PR, re-run jobs, and quickly navigate to the logs on github.com.
We’re announcing the release of CycleCloud 8.2.1 This release contains a number of Slurm improvements. Check the list of the improvements and bug fixes below:
New Features:
- Updated to CycleCloud Slurm 2.5.0
- Node hostnames now match Slurm/CycleCloud node names.
- Supports disabling the installation of Slurm binaries if they’re baked into a custom image.
- Supports including custom slurm.conf settings in the default CycleCloud Slurm template
- VMSS Force Delete is supported (if enabled)
Microsoft is releasing a new Azure HDInsight API version, which simplifies and updates the API design. The new API 2021-06-01 includes capabilities, such as creating clusters with availability zones, supporting private link, and private endpoint configuration. With these new enhancements, Azure HDInsight 2018-06-01 preview API will be retired on 30 November 2024.
Required Action
Start using the new API by following the steps in Azure HDInsight REST API before 30 November, 2024. After 30 November 2024, 2018-06-01-preview version will not work.
Some of the key API changes you need to update include:
- Change the location property to be required instead of optional
- Remove the ‘vmzises’ and ‘vmsize_filters’
- Renaming two existing properties to follow CamelCase
You can secure access to your storage account by enabling a service endpoint for Storage in the subnet and configuring a virtual network rule for that subnet through the Azure storage firewall. You can now configure your storage account to allow access from virtual networks and subnets in any Azure region. By default, service endpoints enable connectivity from a virtual network to a storage account in the same Azure region as the virtual network or it's paired Azure region. This preview enables you to register your subnet to allow service endpoint connectivity to storage accounts in any Azure region across the globe.
Soft delete for blobs capability for Azure Data Lake Storage is now generally available. This feature protects files and directories from accidental deletes by retaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object, i.e. file or directory, to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted.
All soft deleted files and directories are billed at the same rate as active ones until the retention period has expired.
This capability is now generally available in all public regions.
You can learn more about this capability and how to use it here - Soft delete for blobs concept, How to enable soft delete for blobs , How to manage and restore soft-deleted blobs.
Module: Az.Resources
Creates a new Template Spec version with the specified ARM Template content. The content can either come from a raw JSON string (using FromJsonStringParameterSet parameter set) or from a specified JSON/Bicep file (using FromJsonFileParameterSet parameter set).
The following example creates a new Template Spec version "v1.0" in a Template Spec named "myTemplateSpec". The specified version will have $templateJson as the version's ARM Template content.
$templateJson = @"
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": []
}
"@
New-AzTemplateSpec -ResourceGroupName 'myRG' -Name 'myTemplateSpec' -Version 'v1.0' -Location 'West US' -TemplateJson $templateJson
Additional details at New-AzTemplateSpec (Az.Resources) | Microsoft Docs
Azure Arc-enabled servers enables you to manage your Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud providers. This management experience is designed to be consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID enabling the machine to be included in a resource group. Now you can benefit from standard Azure constructs, such as Azure Policy and applying tags. Service providers managing a customer's on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure resources, across multiple customer environments using Azure Lighthouse.
To deliver this experience with your hybrid machines, you need to install the Azure Connected Machine agent on each machine. This agent does not deliver any other functionality, and it doesn't replace the Azure Log Analytics agent.
Azure Arc-enabled servers Overview - Azure Arc | Microsoft Docs
Deployments of Azure resources can be monitored by the resource group. You can view all the ongoing, completed, and also failed azure deployments details for any resource from the resource group. An Azure resource group is a container that contains all the related resources for a specific cloud solution. In addition to that using the resource group, you can easily manage permissions, alerts, cost, locks, and audit logs on a group of resources. Azure resource group also helps in automated deployments of resources. There is an interesting and little-overlooked feature, that you can find in Azure Portal, which is checking a list of deployments of resources to a resource group.
From the Azure Portal, navigate to any specific Azure Resource Group and then to Settings > Deployments blade. This screen list out all the deployments of Azure resources for the selected resource group.
On the Deployments overview, click on any of the deployment instances to view the details. It will list out all the resources created or updated during the process of deployment.
Not only the completed list of deployments, it shows up any in-progress and also failed deployment. As a result, it could be your single point of reference to check for deployment states for any particular resource group.
Instead of allowing all or no users to force push, admins can now be selective about who can force push to a repository.
Now, you can be specific about the people and teams who are allowed to force push. As shown in the image below, select Allow force pushes and Specify who can force push. Then, search for and select the people and teams who should be allowed to force push.
Transparent data encryption (TDE) in Azure SQL Database and Managed Instance helps protect against the threat of malicious offline activity by encrypting data at rest. Azure SQL TDE with Customer-Managed Key (CMK) enables Bring Your Own Key (BYOK) scenario for data protection at rest and allows customers to have full control of the key lifecycle management.
The ability to use an RSA key stored in Azure Key Vault Managed HSM, for customer-managed TDE (TDE BYOK) in Azure SQL Database and Managed Instance is now generally available.
With this, along with the existing option of using Azure Key Vault (standard and premium tiers), customers now have the flexibility to use Managed HSMs for storing their encryption keys to protect their most confidential workloads in Azure SQL.
AI is expected to contribute nearly $16 trillion to the global economy by 2030. There are, however, growing concerns about the ethical risks associated with AI systems. Companies acknowledge the need and benefits of operationalizing Responsible AI principles to guide their processes and actions. The big challenge, however, lies in execution; while Responsible AI is about rigorous engineering, its operationalization is tedious, manual, and time-consuming without the right tooling and infrastructure. There are minimal instructions, and few disjointed frameworks and tools available to empower data scientists explore and evaluate their models holistically. Moreover, to truly enable responsible use of AI, one require a whole new world of tools, best practices, and examples to inform their responsible data-driven decision making processes.
In this sprint, we are announcing updates to hosted images. We will retire macOS 10.14 Mojave images on December 10. In addition, we've included the brownout schedule for Windows 2016 hosted images.
Check out the release notes for details.
Azure Pipelines
We are pleased to share that Microsoft is named a Leader in the 2021 Gartner® Magic Quadrant™ for Cloud Database Management Systems.1 This placement reflects our completeness of vision and ability to execute, and we feel is a testament to our ongoing innovation and the integration of a comprehensive cloud data management ecosystem into Microsoft’s end-to-end data platform.
Today’s organizations are modernizing their data platforms as part of a broader digital transformation and need to rely on data as a strategic asset and competitive differentiator. Azure offers a full range of solutions for businesses seeking to accelerate their recovery from economic uncertainty. Gartner evaluates these use cases across 15 distinct criteria to determine their Magic Quadrant placements.
Azure Purview now supports Snowflake as a data source to help you generate a holistic map of your data landscape with automated data discovery. You can now scan your Snowflake databases to easily bring over metadata into the Azure Purview data map, then manage and govern the Snowflake data in Azure Purview.
More about Azure Purview - snippset
We are excited to announce the preview release of auto-failover groups for Azure SQL Hyperscale tier. This preview release includes support for forced and planned failover for Azure SQL Hyperscale databases that use active geo-replication and auto-failover groups. Some key benefits of auto-failover groups include:
Simplified management of a group of geo-replicated databases including ability to failover the entire group of databases.
Ability for application to maintain the same read/write and read-only endpoints after failover.
Recovery during loss of an entire region through geo-failover which can be initiated manually or through an automatic failover policy.
Readable online secondaries that can be used for read-only workloads by connecting with read-only listener endpoints which remain unchanged during geo-failovers.
See more at Auto-failover groups for Azure SQL Hyperscale now in preview - Microsoft Tech Community
Live Share has been on the frontiers of developer collaboration.
The extension comes built-in Visual Studio to make collaboration an intuitive part of their workflow. We gathered more information to learn that having communication channel within the tool could be of great value during collaboration. This is why, Visual Studio 2022 now has integrated chat built into Live Share. This allows each Live Share session to have a context specific chat. Whether it is long pairing sessions, quick-help or code walk-throughs, Live Share chat can add asynchronous context to the session.
See more at Integrated Chat in Live Share for Visual Studio 2022 - Visual Studio Blog (microsoft.com)
You may be using the same tile configuration across dashboards or similar dashboards across apps in Azure IoT Central. With Copy Dashboards new capability, you can leverage your existing work to build new dashboards by simply duplicating an existing dashboard.
This feature helps you to save time and eliminates the need to build a similar dashboard from ground up. When creating a copy, you will get the option to select a name and the dashboard type. After creating a copy, you can modify the tiles as per your needs.
Learn more about creating and managing dashboards in Azure IoT Central.
In December 2021, the following generally available updates and enhancements were made to Microsoft Defender for Cloud (formerly Azure Security Center):
Microsoft is helping to reshape the automotive industry in the way it serves its drivers with in-vehicle infotainment systems. As an example, Azure is partnering with XPENG to enable AI voice experiences for automotive brands and customers.
The solution provides the industry with a fresh take on text-to-speech and expressive voice, global languages, speaker fidelity, and self-service customization. XPENG joins a growing trend of automakers rethinking investments in environmental voice.
“This is a cutting-edge exploration of vehicle voice interaction in the auto industry,” XPENG automotive AI product senior expert Hao Chao said. “The experience delivers a whole new level of natural speech. With a deep understanding of urban mobility, we are finding many more scenarios to leverage AI technology for a high level of driver-machine intuition.”
Semantic Search, a feature of Azure Cognitive Search, has entered ungated public preview. You can now turn on Semantic Search features directly from the Azure portal. We are also releasing the following updates:
- Billing for semantic search is now available. Customers can select between Free and Standard plans. See our pricing page for more details.
- We have expanded semantic search availability to the following regions: Australia East, East US, East US 2, North Central US, South Central US, West US, West US 2, North Europe, UK South, West Europe
- Customers can also leverage Semantic Configurations– a new feature within Semantic Search that allows customers to indicate title, description, and keyword fields as part of index definitions. This will help optimize search relevance by indicating the relative importance of certain fields
Public preview: Semantic Search update | Azure updates | Microsoft Azure
Azure Ultra Disk Storage is now available in West US 3. Azure Ultra Disks offer high throughput, high IOPS, and consistent low latency disk storage for Azure virtual machines (VMs). Ultra Disks are suited for data-intensive workloads such as SAP HANA, top tier databases, and transaction-heavy workloads.
Based on customer feedback, we have increased the limit of devices that can be shown on a single tile on and Azure IoT Central Dashboard from 10 to 100. This change makes it easier to visualize and analyze data across a larger device group simultaneously.
Learn more about creating and managing dashboards in Azure IoT Central.
You can now send device telemetry in different shapes and transform the telemetry into structured data at Azure IoT Central ingress. Data mapping in Azure IoT Central enables you to map a JSON path in device message to a friendly name (alias) at a device level. IoT Central will then use the device alias information to provide a structured data (mapped data) that you can leverage to create device templates and device management experiences in IoT Central such as Rules, and export the mapped data to any destination. With this capability, you can send industrial equipment data into IoT Central and create device management experience for your industrial equipment.
Using IoT Central portal, you can map the data for any or all your devices. Navigate to a device Raw data view, expand any telemetry message and hover the mouse pointer over a message path to add an alias. Once an alias is mapped to a JSON path, you can verify that IoT Central is mapping the telemetry by checking the ‘_mappeddata’ section in Raw data.
Learn more about transforming telemetry on ingress in Azure IoT Central.
We started 2021 with great hopes of putting the global pandemic behind us. While it's happening much slower than any of us may have wanted, we're getting there. Yet, while we evolve and learn new ways to work, the need to manage and reduce cost continues to grow. With that in mind, 2021 was more focused on platform capabilities in Azure Cost Management and Billing and the underlying commerce platform at Microsoft. You saw many improvements, but there are even more changes behind the scenes that are extending the foundation for many great things to come.
Azure Cost Management and Billing 2021 year in review | Azure Blog and Updates | Microsoft Azure
Use Azure Static Web Apps enterprise-grade edge (public preview) to increase your website page load speed, enhance security, and optimize reliability for your global applications. It combines the capabilities of Azure Static Web Apps, Azure Front Door and Azure Content Delivery Network (CDN) standard into a single secure cloud CDN platform.
Key features included with Azure Static Web Apps enterprise-grade edge:
- Global presence in 118+ edge locations
- Proactive protection against Distributed Denial of Service (DDoS) attacks
- Native support of end-to-end IPv6 connectivity and HTTP/2 protocol
You can now upgrade your Azure Load Balancer from Basic SKU to Standard SKU by using a PowerShell script. By upgrading to Standard SKU, the Load Balancer enables the network layer traffic to drive higher performance and stronger resiliency, along with an improved integration experience with other Azure services. The PowerShell script creates the Standard SKU Load Balancer with the same configurations as the Basic Load Balancer. In additon, the script migrates the backend resources to the Standard Load Balancer for you.
Learn more about the process to upgrade Azure Load Balancer.
Learn more about the differences between two SKUs.
Learn more about Standard Load Balancer pricing.
As part of our commitment to delivering the best possible value for Azure confidential computing, we're announcing a price reduction on the DCsv2 and DCsv3-series VMs by up to 33%. The price reduction enables the data protection benefits of ACC with no premium compared to general-purpose VMs on a per physical core basis.
New prices took effect on 1/1/2022. If you are already using DCsv2 and DCsv3-series VMs prior to 1/1/2022, you will see the price reduction in your next bill.
Please visit Azure pricing page for more details and learn more about Azure confidential computing
Site performance is crucial when creating applications on the modern web. It has a direct impact on user experience, search engine rankings, and user conversion rates. With Azure Static Web Apps, we're committed to building a platform that helps you deliver the best results for your users at a global scale. It provides streamlined full-stack development and hosting across static content and serverless APIs to power high productivity from source code to global high availability.
Today, we are announcing the preview of the Azure Static Web Apps enterprise-grade edge powered by Azure Front Door which enables faster page loads, enhanced security, and increased reliability for your global apps with no configuration or additional code required.
Containerd is an industry-standard container runtime. Using containerd enhances pod creation speed as well as stability. Azure Kubernetes Services (AKS) now supports containerd for Windows server containers. This is available for Kubernetes version 1.20 and higher.
With the general availability of Windows containerd support in AKS, Windows customer now have the ability to run production workloads on containerd. This also means that from Kubernetes 1.23 containerd will be the only support runtime for Windows workloads, as it is on Linux.
Azure Cache for Redis now supports authenticating storage account connections using managed identity. Identity is established through Azure Active Directory, and both system-assigned and user-assigned identities are supported. This further allows the service to establish trusted access to storage for uses including data persistence and importing/exporting cache data.
As part of the application and cluster lifecycle, you can now upgrade to the latest available version of Kubernetes and take advantage of new features. These new events enable you to more easily view the upgrade status in the Azure portal or via the CLI.
You can now code, build, deploy, simulate and debug your IoT Edge solutions in Visual Studio 2022.
- New Azure IoT Edge project targeting different platforms (Linux amd64, Linux arm32v7, Linux arm64v8, Windows amd64)
- Add a new IoT Edge module (C#/C) to solution and now includes support of .NET 6 for C# module
- Edit, build and debug IoT Edge modules locally on your Visual Studio machine
- Build and push docker images of IoT Edge modules
- Run IoT Edge modules in a local or remote simulator
- Manage IoT Edge devices and modules in IoT Hub
Download the Visual Studio installer
Learn more about develop and debug edge modules with Visual Studio
Log alerts are one of the alert types that are supported in Azure alerts. Log alerts enable you to use a Log Analytics query to evaluate resources logs in every set frequency, and fire an alert based on the results. Rules can trigger one or more actions using action groups. Log alerts with one-minute frequency, the alert query will be evaluated every minute to check the condition, reducing the overall time to fire of a log alert.
Learn more here.
A new version of the K2Bridge connector (Kibana-Kusto/Azure Data Explorer free connector) now supports dashboards and visualizations, in addition to the Discover tab which was supported previously.
With Kibana's Visualize tab users can create visualizations like: Vertical bar, Area chart, Pie chart, Gauge, Data table, Heat map, Goal chart, and Metric chart. After creating visualizations, users can use them to build dashboards. Additionally, we upgraded the connector's Kibana to version 7.10.2 to improve the user experience and provide better filtering support for Kusto's dynamic data type.
To learn more about Elasticsearch to Azure Data Explorer migration, visit this blog post.
To install and learn more about K2Bridge, visit the documentation or the GitHub repository.
With the subscription wide limit and per vault limit doubled, i.e. for secret GET and RSA 2,048-bit software keys, you'll receive 4,000 GET transactions per 10 seconds vs 2,000 per 10 seconds previously. The service quotas are specific to operation type and the entire list can be accessed in Azure Key Vault Service Limits. You can also view your Key Vault's usage on the 'Overview' page in the Azure portal on the "Monitoring" tab.
Learn more about Monitor Key Vault with Key Vault insights and monitoring metrics for Azure Key Vault.
There is no manual step required for increased service limits and this is by default applicable on all vaults without any additional cost.
Azure Pipelines Microsoft-hosted agents have supported windows-2022 since September 2021. We've listened to your feedback that helped us improve the windows-2022 image and are ready to have Windows Server 2022 as the default version for the windows-latest image.
Azure Pipelines
Azure ultra disks offer high throughput, high IOPS, and consistent low latency disk storage for your stateful applications. One major benefit of ultra disks is the ability to dynamically change the performance of the SSD along with your workloads without the need to restart your agent nodes. Ultra disks are suited for data-intensive workloads.
Source: General availability: Ultra disks support on AKS | Azure updates | Microsoft Azure
We are happy to announce the availability of the public preview of the App Service Environment (ASE) v3 migration feature. With this feature, you’ll be able to migrate your existing ASE as well as the apps running on that ASE to ASEv3. ASEv3 provides a number of feature differences as well as performance enhancements and potential reduced overall costs compared to previous versions. To get a complete overview on ASEv3, read the ASEv3 focused App Service Environment overview.
Check out the following docs to learn more about migrating to ASEv3:
Source: App Service Environment v3 Migration Feature Public Preview - Azure App Service
To show you the latest capabilities of using Linux and Azure—and share some exciting announcements—we will be hosting Azure Open Source Day on Tuesday, February 15, 2022, from 9:00 AM to 10:30 AM Pacific Time.
Push your apps and data to the next level by using Azure, open-source, and Linux together. Join this free digital event to learn how to natively run your open-source workloads on Azure, expand their capabilities, and innovate in new ways using Azure services.
At this event, you’ll learn how Microsoft is committed to open source and works with the open-source community to develop new technologies. Hear about the latest trends and capabilities of using Linux and Azure together—direct from Microsoft insiders. Whether you’re new to Azure or are already using it, you’ll discover how to turbocharge your apps and data with open source and hybrid cloud technologies.
Here are seven reasons to attend the event
- Get the inside scoop on CBL-Mariner, the Linux distribution built by Microsoft to host Azure open-source services.
- Find out how to better automate and manage Linux investments on Azure using Azure Hybrid Benefit and Project Bicep.
- Discover tools for every developer, including Visual Studio Code, GitHub Codespaces, and Azure managed database and AI services.
- Learn about application modernization best practices using containers and Azure Kubernetes Service (AKS).
- Hear from Microsoft insiders and Linux industry leaders like Red Hat and SUSE.
- Ask the experts your questions during the live chat Q and A.
- Plus, be among the first to hear Microsoft CEO, Satya Nadella, share a special announcement on the 30th anniversary for Linux.
Source: 7 reasons to attend Azure Open Source Day | Azure Blog and Updates | Microsoft Azure
New Azure Maps features historical weather, air quality and tropical storms.
Develop weather and climatology enabled solutions using the historical weather, air quality and tropical storms features from Azure Maps Weather Services.
Azure Maps Weather Services has added three new features, historical weather, air quality and tropical storms. Like the other Azure Maps Weather Services, the data in these new features come from worldwide leading weather services provider, AccuWeather. Here are the specifics on what these new features include:
Historical weather provides actuals, normals and records climatology data by day, for a specified date range, up to 31 days in a single API request. Historical data may be available as far back as 5 to 40+ years and includes, temperatures, precipitation, snowfall, snow depth and cooling/heating degree day information, depending on the location and service.
Air quality provides detailed information about the current and forecasted concentration of air pollutants and air quality. Forecasted information is available by hour (upcoming 1, 12, 24, 48, 72, and 96 hours) and by day (upcoming 1 to 7 days). Information includes, pollution levels, air quality index values, the dominant pollutant, and a brief statement summarizing risk level and suggested precautions.
Tropical storms provides information on government-issued active tropical storms, government-issued forecasted tropical storms, the locations of an individual government-issued tropical storm and the ability to search government-issued tropical storms by year, basin ID, and government ID. Tropical storms are also known as, hurricanes, cyclones, and typhoons, depending on the region of the world.
To get started with Azure Maps and the Azure Maps Weather Services, please go to the Azure Maps documentation and create an Azure Maps account for free if you don’t already have one.
At Ignite 2021, Microsoft launched the Zone Redundant Storage (ZRS) option for Azure managed disks. ZRS managed disks provide synchronous replication of data across zones in any given region, enabling disks to tolerate zonal failures. This means that if a virtual machine becomes unavailable in an affected zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone.
However, zonal resiliency is insufficient in the event of regional outages. Thus, Azure Site Recovery (ASR) now supports ZRS managed disks. With ASR, you can protect your VMs that leverage ZRS managed disks by replicating them to a secondary region of your choice. ASR identifies the source disks to be ZRS managed disks and creates equivalent ZRS managed disks in the secondary region. If there is a regional outage and you are required to failover to the secondary region, the VM(s) that ASR will spin up for you in the secondary region will have ZRS managed disks attached to them, ensuring the same, high level of zonal resiliency that you want.
Azure Backup has recently released the below changes to the security features setting for the workloads protected via Microsoft Azure Recovery Service Agent, Azure Backup Server, or System Center Data Protection Manager.
Integration with MUA (Multi-user authorization)
The operation to “disable security features” is now defined as a critical operation that can be protected by a Resource Guard. Learn more
Unregistration blocked for protected servers with backup items in active or soft delete state
To provide protection against accidental or malicious deletion, a protected server cannot be unregistered if the security features are enabled for the vault and there are associated backups items in active or soft delete state.
Free retention of backup data in soft delete state
Customers will incur no cost for the backup data retained in the soft delete state.
No data loss if backups are retained in soft delete state
The backup policy is not enforced on the data retained in the soft delete state, and hence no data is deleted for 14 days.
To ensure customers running on Azure are protected against ransomware attacks, Microsoft has invested heavily in Azure security and has provided customers with the security controls needed to protect their Azure cloud workloads.
Azure Firewall Premium comes into help with its intrusion detection and prevention system (IDPS) capability, every packet will be inspected thoroughly, including all its headers and payload to identify malicious activity and to prevent it from penetrating your network. IDPS allows you to monitor your network for malicious activity, log information about this activity, report it, and optionally attempt to block it.
A comprehensive overview of best practices and recommendations can be found in the "Azure Defenses for Ransomware Attack" e-book.
Microsoft’s Zero Trust Framework protects assets anywhere by adhering to three principles:
- Verify explicitly: Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
- Use least privileged access: Limit user access with just-in-time and just-enough-access (JIT and JEA), risk-based adaptive policies, and data protection to help secure both data and productivity.
- Assume breach: Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
Enabling Zero Trust with Azure network security services | Azure Blog and Updates | Microsoft Azure
You can use Anomaly Detector’s multivariate detection synchronously with simple operations without the need to upload data to blob storage for inference. Put the data in the API request body and get the detection result in real-time. Detection results include additional information to help you deep dive into the root cause of an anomaly, giving you the most contributed variables and their related variables. Learn more on how to use Anomaly Detector on multiple variables for your time series data.
You can now create Azure Container Apps environments into new or existing virtual networks. This enables Container Apps to receive private IP addresses, maintain outbound internet connectivity, and communicate privately with other resources on the same virtual network.
Opt-in to new feature updates, security improvements, and bug fixes in the Azure Monitor agent (AMA). These have been rolled out automatically across your virtual machines for new and existing agent installations. Attend to important updates and security fixes by enabling the automatic extension upgrade feature.
The new opt-in experience is available for Azure virtual machines and scale sets on both Windows and Linux. Review the migration guidance to start migrating from Log Analytics agents to the new agent.
You can collect and send logs for Azure Storage to Azure Monitor log analytics workspaces, Azure Event Hubs, Azure Storage, and select Marketplace partners.
The pricing model for diagnostic settings is in effect for Azure Storage logs. Sending logs to Azure Storage, Azure Event Hubs, or Marketplace partners will incur a charge per GB sent by diagnostic settings and independently of any costs charged by the destination.
Read the Azure Monitor pricing page under Platform Logs to learn more about the pricing model and Azure Storage documentation to learn more details about the announcement. Note: Changes to the Portal UX and documentation to remove "preview" designation for this feature will follow over the next few weeks.
Automate queries to your Log Analytics workspaces and Application Insights components to list or visualize results with Azure Monitor Logs connector. The connector 'time range' property can be set to either ‘set in query’, when the time filter appears in the query, or with a relative value (last hour, last 12 hours, etc.). Improve investigation utilizing an ‘exact’ time range to enable scenarios like diagnostics of alert incidents.
Azure Functions support for PowerShell on Linux OS is now generally available in Azure Functions runtime 4.0 on all hosting plans. You can now develop Azure Functions PowerShell apps locally and deploy them to Azure Functions on Linux OS.
Generally available: PowerShell on Linux OS in Azure Functions | Azure updates | Microsoft Azure
With the new Azure Bastion native client support in public preview and included in Standard SKU, you can now:
- Use either SSH or RDP to upload files to a VM from your local computer.
- Use RDP to download files from a VM to your local computer.
Azure Site Recovery provides replication policies which govern retention history of recovery points during replication. Based on the replication policy applied while enabling replication, recovery points are retained, and app-consistent snapshots are captured.
With the roll out of support for longer retention of recovery points, you can now retain recovery points up to 15 days instead of 72 hours. Recovery points will be retained at a frequency of 5 mins for the first 2 hours. Subsequently, recovery points will be pruned and stored at a lesser frequency. You can enter any value from 0-15 (in days) to configure retention period for a replication policy and once used during replication, recovery points will be retained accordingly for that duration. In addition to this, you can enable the application-consistent recovery points if required. By default, this is disabled.
This provides enhanced protection as you have the flexibility of more recovery points. For instance, you can use older recovery points to recover in case recent recovery points are affected due to an incident, such as ransomware, that was undetected for a few days.
Scope: Azure to Azure, VMware to Azure, Physical to Azure disaster recovery scenarios.
The dependency graph now supports detecting GitHub Actions workflow YAML files. These will be displayed within the dependency graph section in the Insights tab. Repositories that publish actions will also be able to see the number of repositories that depend on that action from the Used By control on the repository homepage.
Dependency graph adds support for GitHub Actions | GitHub Changelog
You now have more control over when your self-hosted runners perform software updates. If you specify the --disableupdate flag to the runner then it will not try to perform an automatic software update if a newer version of the runner is available. This allows you to update the self-hosted runner on your own schedule and is especially convenient if your self-hosted runner is in a container.
For compatibility with the GitHub Actions service, you will need to manually update your runner within 30 days of a new runner version being available. For instructions on how to install the latest runner version, please see the installation instructions for the latest release in the runner repo.
GitHub Actions: Self-hosted runners can now disable automatic updates | GitHub Changelog
Azure Communication Services has added support for Telephony Direct Offers in public preview for both Denmark and the UK. This means that both partners and you in Denmark and UK can purchase Toll-Free and Geographic phone numbers in their countries, helping them to build engaging communication experiences to connect to telephony (PSTN) users worldwide.
Learn more about pricing and quickstart template.
Azure Backup service is announcing the private preview of AKS persistent volume backup. With this release, you can backup and restore the persistent volumes of your Azure Kubernetes Service (AKS) cluster.
Benefits includes
- Recovery from data corruption or deletion of persistent volumes
- Clone or replicate persistent volumes to dev/test environments
Using this feature, you can
- configure backup for the persistent volumes of stateful applications deployed on the AKS cluster
- restore back one or more persistent volumes on to the same or different cluster
Use this feature to configure data protection for the stateful application deployed as Kubernetes workloads (namely Deployment, Statefulset) that saves application data in one or more persistent volumes.
Private preview: AKS cluster persistent volume backup | Azure updates | Microsoft Azure
When deploying your SQL Server on Azure Virtual Machines using Azure Marketplace images, you can configure storage directly from the SQL Server for Azure Virtual Machine blade in the Azure portal. This is restricted to allowing an increase in the space for data and log storage pools but with the ability to configure tempdb.
- Perform common DBA tasks directly from the SQL VM blade such as adding data files of equal size and acting when the file sizes are not equal.
- Increase storage space using tempdb configuration blade when using on a remote disk.
General availability: Enhanced storage configuration with tempdb | Azure updates | Microsoft Azure
Simplify your monitoring and troubleshooting of Azure IoT Edge devices with deep integration with Azure Monitor through a set of built-in metrics, the IoT Edge Metrics Collector module, and a set of curated visualizations. With this integration, you can
- Analyze the efficiency of your solution
- Choose hardware to fit the performance demands on your devices
- Monitor locked down assets
- Unify cloud and edge monitoring
- Proactively identify issues with metrics-based alerts
- Rapidly troubleshoot problems
- Create custom metrics and dashboards
The latest IoT Edge metrics collector module release 1.0.3 is now available in the Microsoft container registry at mcr.microsoft.com/azureiotedge-metrics-collector:1.0.3.
General Availability: IoT Edge monitoring with Azure Monitor | Azure updates | Microsoft Azure
Computer Vision's OCR (Read) API expands supported languages to 164 with its latest preview:
- OCR support for print text expands to 42 new languages including Arabic, Hindi and other languages using Arabic and Devanagari scripts.
- OCR support for handwritten text expands to Japanese and Korean in addition to English, Chinese Simplified, French, German, Italian, Portuguese, and Spanish.
- Enhancements include improved support for extracting handwritten dates, amounts, names, and single character boxes.
- General performance and AI quality improvements.
See the OCR how-to guide to learn how to use the new preview features.
You can now upload images to Wiki pages. Drag and drop, select or paste the file.
Flash, as the project is internally known, is a collection of efforts across Azure Engineering, that aims to evolve Azure’s virtual machine (VM) availability monitoring ecosystem into a centralized, holistic, and intelligible solution customers can rely on to meet their specific observability needs. Today, we’re excited to announce the completion of the project’s first two milestones—the preview of VM availability data in Azure Resource Graph, and the private preview of a VM availability metric in Azure Monitor.
What is Project Flash?
Project Flash derives its name from our commitment to building robust and rapid ways to monitor virtual machine (VM) availability as comprehensively as possible—a key prerequisite for efficient application performance. It’s our mission to ensure you can:
- Consume accurate and actionable data on VM availability disruptions (for example, VM reboots and restarts, application freezes due to network driver updates, and 30-second host OS updates), along with precise failure details (for example, platform versus user-initiated, reboot versus freeze, planned versus unplanned).
- Analyze and alert on trends in VM availability for quick debugging and month-over-month reporting.
- Periodically monitor data at scale and build custom dashboards to stay updated on the latest availability states of all resources.
- Receive automated root cause analyses (RCAs) detailing impacted VMs, downtime cause and duration, consequent fixes, and similar—all to enable targeted investigations and post-mortem analyses.
- Receive instantaneous notifications on critical changes in VM availability to quickly trigger remediation actions and prevent end-user impact.
- Dynamically tailor and automate platform recovery policies, based on ever-changing workload sensitivities and failover needs.
Azure Sphere OS version 22.02 is now available for evaluation in the Retail Eval feed. The retail evaluation period provides 2 weeks for backwards compatibility testing. During this time, please verify that your applications and devices operate properly with this release before it is deployed broadly via the Retail feed. The Retail feed will continue to deliver OS version 21.10 until we publish 22.02.
The evaluation release of version 22.02 includes an OS update only; it does not include an updated SDK. When 22.02 is generally available later in February, an updated SDK will be included.
Today Microsoft is announcing the Azure File Migration Program which gives customers and partners in the Solution Integrator and Service Provider ecosystem, access to industry-leading file migration solutions from Komprise and Data Dynamics—at no cost. These solutions help easily, safely, and securely migrate file and object data to Azure Storage.
Azure Migrate offers a very powerful set of no-cost (or low-cost) tools to help you migrate virtual machines, websites, databases, and virtual desktops for critical applications. You can modernize legacy applications by migrating them from servers to containers and build a cloud native environment. This new program complements Azure Migrate and provides the means to migrate applications and workloads that include large volumes of unstructured file data.
Migrating your files to Azure has never been easier | Azure Blog and Updates | Microsoft Azure
If your IoT Central solution has a large number of devices, it can sometimes be difficult to find the device you are looking for simply scrolling through the device explorer. For quick access, you have always had the ability to search for devices using the search bar but what was returned was a simple list of results.
With this update, the search results experience has been redesigned allowing you to filter your results by different search fields such as device name, device id, property values, and cloud property values. We have also added bold text for matched terms (highlights) so you can understand why exactly a device showed up in the results.
Explore the latest search experience using the tips above.
Find guidence and support with updated documentation including new FAQ articles, guides for each phase of the solution development process, and a reorganized landing page and table of contents. The new FAQ articles include:
- Why should I start with Azure IoT Central?
- What’s the difference between aPaaS and PaaS offerings?
- How do I move between aPaaS and PaaS solution approach?
- How do I extend Azure IoT Central if it’s missing something I need?
- What are Azure IoT Central’s scale limits?
To get started, see the new documentation landing page.
Virtual Machine level disk bursting supports M-series, Msv2-series Medium Memory, and Mdsv2-series Medium Memory VM families allowing your virtual machine to burst its disk IO and throughput performance for a short time, daily. This enables VMs to handle unforeseen spiky disk traffic smoothly and process batched jobs with speed. There is no additional cost associated with this new capability or adjustments on the VM pricing and it comes enabled by default.
Some example scenarios where bursting can be applied:
- Improve boot times: With your virtual machine and your disks both being able to burst and coming fully stocked with bursting credits at the start, your instance will be able to boot at a much faster rate than before.
- Handle batch jobs: Some application workloads are cyclical in nature, requiring a baseline performance for the majority of the time but a higher performance for a short period of time. For instance, an accounting program that processes daily transactions requiring a small amount of disk traffic but then monthly end reports which need a higher amount of disk traffic.
- Prepares for trafficspikes: Web servers and their applications can get a surge of traffic from unforeseen circumstances. With bursting virtual machines and disks backing the web servers, the web servers will handle traffic spikes smoothly and improve their customer’s experience by reducing load times under heavy stress.
Query across your subscriptions and tenants to discover changes to your resources with Azure Resource Graph. Resource configuration changes enable you to:
- Find when changes were detected on an Azure Resource Manager property
- See property change details for each resource change
- Query changes at scale across your subscriptions, management group, or tenants
At scale and on by default
This public preview iterates on the previous Resource Changes API with an entirely new pipeline that stores changes as extension resources at change time, enabling you to query changes to your Azure resources at scale through Resource Graph. In addition, this support includes the ability to craft charts and pin results to Azure dashboards based on specific change queries.
At-scale
Resource changes can be queried with Resource Graph, which supports querying at the resource, resource group, subscription, management group, and tenant scopes. With one query you can get details about all of the deleted, created, and/or modified resources in your environment over the past seven days.
On by default
No onboarding is required. This is a platform feature enabled by default and available at no additional cost.
Public preview: Resource configuration changes | Azure updates | Microsoft Azure
Predictive autoscale uses machine learning to help manage and scale Azure virtual machine scale sets with cyclical workload patterns. It forecasts overall CPU load to your virtual machine scale set, based on your historical CPU usage patterns. By observing and learning from historical usage, it predicts the overall CPU load ensuring scale-out occurs in time to meet demand.
Alert processing rules (formerly action rules) provide post-processing capabilities for fired alerts in Azure Monitor, such as scheduled suppression and at-scale actions management. Following the updated public preview from December 2021, this feature is now generally available.
As part of the generally available announcement, we will be retiring the existing preview APIs of alert processing rules / action rules in June 2022, so update your environments accordingly. This includes ARM templates / PowerShell / CLI etc. We will also start to enforce a per subscription quota on the rules (1000 rules per subscription). See the limits document for more details.
Action required: Update your environments such as ARM templates / PowerShell / CLI etc. as soon as possible, as we will be retiring the existing preview APIs of alert processing rules / action rules in June 2022.
Generally available: Alert processing rules in Azure Monitor | Azure updates | Microsoft Azure
AKS support for Kubernetes release 1.21 is now in public preview. Kubernetes 1.21 delivers a total of 50 enhancements in various stages of maturity, including 19 completely new capabilities. This release include capabilities such as a new memory manager and a more flexible scheduler.
Public preview: Kubernetes 1.21 support in AKS | Azure-Updates | Microsoft Azure
You can now apply tags to an Azure Kubernetes Service (AKS) cluster and its related resources using the Azure Resource Manager, the Azure CLI, and Azure PowerShell. For some resources, you can also use Kubernetes manifests to set Azure tags. Azure tags are useful for tracking resource usage for things like charge back.
General availability: Azure tags support in AKS | Azure updates | Microsoft Azure
You can patch and install updates to your Windows Server virtual machines on Azure without requiring a reboot using hotpatch. This capability is available exclusively as part of Azure Automanage for Windows Server for Windows Server Azure Edition core virtual machines, and comes with the following benefits:
- Lower workload impact with less reboots
- Faster deployment of updates as the packages are smaller, install faster, and have easier patch orchestration with Azure Update Manager
- Better protection, as the hotpatch update packages are scoped to Windows security updates that install faster without rebooting
Generally available: Hotpatch for Windows Server virtual machines | Azure updates | Microsoft Azure
Cost Management anomaly detection is now available for subscriptions in the cost analysis preview. To check cost anomalies for your subscription, open any view in the cost analysis preview and click the see insights link to view all insights and details.
If this is your first time using the cost analysis preview, you'll see a "check back tomorrow for cost anomaly insights" message confirming that you've been setup for anomaly detection. If you're already setup, then you'll either see a "no anomalies" message or a list of any anomalies that have been detected within the date range you're looking at. To get more details about the anomaly, click the insight link to view daily cost over the date range that was evaluated.
Today, we’re announcing that the ability to prebuild codespaces is entering public beta. Prebuilding a codespace enables fast environment creation times, regardless of the size or complexity of your repositories. A prebuilt codespace will serve as a ‘ready-to-go’ template where your source code, editor extensions, project dependencies, commands, and configurations have already been downloaded, installed, and applied so that you don’t have to wait for these tasks to finish each time you create a new codespace.
Codespaces prebuilds now available in public beta | GitHub Changelog
We are excited to announce the general availability of Log Analytics data export, a capability that lets you continuously export ingested data for selected tables in your Log Analytics workspace, and sent it to an Azure storage account, or Azure Event Hubs.
How it works?
Data export is designed for scale and can support Terabytes of logs per day for each of your workspaces. Data export flow relies on destination resources that you own and manage, and you must assure sufficient ingress capacity for proper export operation, and prevent failures. See 'Scale considerations' for details.
Azure Monitor Log Analytics data export is generally available! - Microsoft Tech Community
Automatically delete disks, NICs and Public IPs associated with a VM at the same time you delete the VM. With this feature, you can specify the associated resources that should be automatically deleted when you delete a VM. This will allow you to save time and simplify the VM management process.
To learn more about this feature and to get started, read our documentation.
You can now create virtual machine restore points in any region of your choice regardless of the region where your virtual machine is deployed. Protect your Azure workloads by easily copying virtual machine restore points from one region to another region.
Read more about cross region virtual machine restore points on our blog and learn how to create and copy virtual machine restore points across regions by reviewing our public documentation.
Public preview: Cross region virtual machine restore points | Azure updates | Microsoft Azure
The Azure Purview UX team has localized Azure Purview studio in a variety of languages. You can go to settings on the top bar and select one of 18 languages to use. All user experiences that are generally available will be localized to the selected language.
General availability: Localization available in Azure Purview | Azure updates | Microsoft Azure
The capability to set specific retention on AzureActivity and Usage data tables in Log Analytics workspaces is now in general availability. Keep AzureActivity and Usage data for longer periods of time, while maintaining the workspace retention as low as needed. Previously, AzureActivity and Usage were treated differently–they had a minimum of 90 days retention and couldn’t be set with specific retention as other tables which forced you to increase the workspace retention.
The minimum retention for AzureActivity and Usage remains 90 days to enable basic audit on operations and usability troubleshooting.
Low recovery point objective (RPO) is a key requirement for Azure Files holding business-critical data. Azure Backup enables you to achieve recovery point objective for up to four hours using Azure Files snapshot-based backup solution. You can leverage the multiple backups per day feature to create or modify a backup policy to take multiple snapshots of your file share. This feature allows you to define a backup schedule aligning to your working hours when there are frequent updates to your Azure Files content.
In addition to the preview capability that allowed you to configure multiple backups from the Azure portal, you can now also use Powershell or Azure CLI to create a backup policy that triggers multiple snapshots a day as per your defined schedule.
Azure NetApp Files is now available in the following additional region:
- Australia Central 2
- Additionally, cross-region replication has been enabled between Australia Central and Australia Central 2 region pair.
For the most current regional availability updates, please see the Azure product regional availability page.
For the most current list of cross-region replication pairs, please see the Supported cross-region replication pairs page.
The Azure Cosmos DB API for MongoDB version 4.2 includes new aggregation functionality and improved security features such as client-side field encryption. These features help you accelerate development by leveraging the new functionality instead of developing it yourself. The Azure Cosmos DB API for MongoDB 4.2 can be enabled in the Azure Portal with any new or existing database account in seconds, with zero downtime.
You can now create a branch directly from an issue to begin development work that's correlated to that issue. Branches connected to an issue are shown under the "Development" section, which has replaced "Linked pull requests", in the sidebar of an issue. When you create a pull request for one of these branches, it is automatically linked to the issue.
Azure Static Web Apps allow configuration of various settings such as routing, authentication, and networking via the staticwebapp.config.json file. You can now specify an API language runtime via the same configuration file.
You can specify an API runtime version in your app’s staticwebapp.config.json configuration file as shown below:
{
"platform": {
"apiRuntime": "node:16"
}
}
With Azure for Operators, we’re empowering operators to unlock the power of 5G by bringing cloud and edge closer together to modernize their networks so that they can streamline and optimize their business operations and deliver new services faster with greater reach and lower cost. With solutions that run on-premises, at the edge, or in the cloud but are always managed and secured by Azure, Microsoft meets you where you are, offering flexibility to transform on your terms and timelines. We are committed to partnering with you, not competing against you. Your consumer, enterprise, and government customers will benefit from a cloud platform with industry-leading security and governance built-in, and with an unmatched partner and developer ecosystem to maximize the value of the cloud at the edge. We’re applying Microsoft technology and developer ecosystem capabilities to offer the next-generation Azure for Operators portfolio—carrier-grade hybrid cloud platform, voice core, mobile core, and multi-access edge compute.
Azure Application Gateway is announcing general availability for transport layer security (TLS) mutual authentication. Mutual authentication allows for two-way TLS certificate-based authentication, which allows both client and server to verify each other's identity. This release strengthens your zero trust networking posture and enables many connected devices, IoT, business to business, and API security scenarios.
You can upload multiple client certificate authority (CA) certificate chains on the Application Gateway to use for client authentication. You can also choose to enable frontend mutual authentication at a per-listener level on Application Gateway. We are also adding enhancements to server variables supported on Application Gateway to enable you to pass additional client certificate information to backend as HTTP headers.
With this release we are also extending support for listener specific TLS policies which allows you to configure predefined or custom TLS policies at a per listener granularity, instead of global TLS policies.
Application consistent snapshot tool (AzAcSnap) v5.1 is a command-line tool enables you to simplify data protection for third-party databases (SAP HANA) in Linux environments (for example, SUSE and RHEL).
The public preview of application consistent snapshot tool v5.1 supports the following new capabilities:
- Oracle Database support
- Backint Co-existence
- RunBefore and RunAfter capability
These new features can be used with Azure NetApp Files, Azure BareMetal, and now, Azure Managed Disk.
To protect your snapshots against accidental deletion, Azure Backup has added one more level of security to the Azure file shares snapshot management solution by integrating with the Azure Files platform capability of acquiring a lease on the snapshots. The lease operation creates and manages a lock on the snapshots for delete operations. After taking a snapshot, Azure Backup takes an infinite lease on it. This lease protects the snapshot from accidental deletion. To ensure that a snapshot does not get deleted during a restore operation, Azure Backup also checks the lease status at the beginning of the restore, and in case it is found to be non-leased, it acquires a lease on the snapshot.
Data virtualization capabilities, now in preview in Azure SQL Managed Instance, enable you to execute Transact-SQL (T-SQL) queries against data from files stored in Azure Data Lake Storage Gen2 or Azure Blob Storage and combine it with relational data stored locally in the managed instance using logical joins. This way you can transparently access external data while keeping it in its original format and location. There is no data duplication or need to run and maintain ETL processes, which means that you can extract and deliver insights faster. Currently supported file formats are Parquet, CSV, and JSON.
Announcing Data virtualization with Azure SQL Managed Instance – preview - Microsoft Tech Community
When developing web apps, it’s common to use the browser developer tools to perform various tasks like; modifying the CSS, inspecting network traffic, etc. Because the browser is disconnected from the IDE, if you make changes to the running application in the browser, you will need to remember and reapply those changes to your code as well. To make you more productive, we have partnered with the Edge Developer Tools team to start integrating their developer tools into Visual Studio for ASP.NET Core, and ASP.NET, developers. You can download and install the preview extension at https://aka.ms/edgetools-for-vs. In the current Preview release we have enabled the both the Elements and Network tools. Below is an animated gif showing you the Elements tool in action.
Edge Developer Tools for Visual Studio (Preview) - Visual Studio Blog (microsoft.com)
As an Azure Purview data catalog grows in size, it becomes important for data consumers to understand what assets they can trust. Data consumers must know if an asset meet their organization's quality standards and can be regarded as reliable. Azure Purview allows data stewards to manually endorse assets to indicate that they're ready to use across an organization or business unit.
When searching or browsing the data catalog, you'll see a certification label on any asset that it's certified. Certified assets will also be boosted in search results, helping data consumers discover them easily.
Azure IoT Central is an IoT application platform that reduces the burden and cost of developing, managing, and maintaining enterprise-grade IoT solutions. Azure IoT Central provides a ready-to-use UX and API surface built to connect, manage, and operate fleets of devices at scale.
Azure IoT Central is now generally available in the South Central US and Canada Central azure regions. For more information, please visit Azure IoT Central homepage and see the Azure Regional Availability site for complete regional availability information.
Now in preview, new Azure SQL Hyperscale databases can enable the zone redundant configuration. The zone redundant configuration utilizes Azure Availability Zones to replicate databases across multiple physical locations within an Azure region. By selecting zone redundancy, you can make all layers of your Hyperscale databases resilient to a much larger set of failures, including catastrophic datacenter outages, without any changes of the application logic. For more information see Hyperscale zone redundant availability.
Zone Redundancy for Azure SQL Database Hyperscale tier in preview - Microsoft Tech Community
Azure Site Recovery is now integrated with on-demand capacity reservation and available in public preview. With this integration, you can leverage the power of capacity reservations with Site Recovery to reserve compute capacity in the disaster recovery (DR) region and guarantee your failovers. When you assign a capacity reservation group (CRG) for your protected VMs, Site Recovery will failover the VMs to that CRG. Additionally, when on-demand capacity reservation reaches general availability, a compute SLA gets added to the existing Site Recovery’s Recovery Time Objective (RTO) SLA of 2 hours.
For new VMs, you can create and assign a CRG enabling replication. If you want to assign a CRG for your existing protected VMs, review the example in the screenshot below to navigate to the "Compute" blade and select the desired CRG. Assigning a CRG does not impact the Site Recovery License fee. For more information about the pricing of on-demand capacity reservation, refer the on-demand capacity reservations documentation.
Stay informed about changes to your cost in Azure Cost Management and Billing with scheduled emails. From cost analysis, select a private or shared chart view, click the subscribe command to manage all emails for this view, then click +add to configure a new email alert. You can subscribe to daily, weekly, or monthly updates and can even share those views with people outside the portal.
Learn more about how to subscribe to cost alerts and configure daily alerts for your costs today in cost analysis.
Public preview: Schedule automated emails of your saved cost views | Azure updates | Microsoft Azure
Trusted launch is a seamless way to improve the security of generation 2 VMs. It protects against advanced and persistent attack techniques by combining technologies that can be independently enabled like secure boot and virtualized version of trusted platform module (vTPM). Today, we are announcing public preview of Trusted Launch support for VMs using Ephemeral OS disks.
Azure Chaos Studio now has faults available for Azure Key Vault and Classic Cloud Services. The Key Vault Deny Access fault blocks all network access to a Key Vault by temporarily modifying the Key Vault network rules, preventing an application dependent on the Key Vault from accessing secrets, keys, and/or certificates. The Classic Cloud Services Shutdown fault stops a deployment, simulating a service failure. Fault details are available in the fault library and these faults can be used in experiments created via Azure Resource Manager template or REST API. Adding these faults to an experiment using the experiment designer in the Azure portal will be available in the coming weeks.
Azure Database for MySQL—Flexible Server is now available as a deployment option in the US Gov Virginia region. You can now:
- Optimize lower total cost of ownership (TCO) with burstable SKU
- Access the stop/start feature
- Experience better resiliency with zone redundant high availability
- Increase control with scheduled maintenance
- Utilize enterprise security with virtual network isolation and data encryption
- Experience the openness of the MySQL database community version
- Bring your own keys to encrypt data at rest
Manage approvals for business terms or self-service data access requests for your entire data estate. Azure Purview workflows empower you to achieve create, update, and delete validations and approvals using repeatable business processes with more control and less effort. You will not need to use manual controls such as emails or worksheets to review and approve the changes in your Azure Purview account.
Public preview: Azure Purview workflows | Azure updates | Microsoft Azure
Azure Private Link is a service that enables you to access Azure resources (like Azure Event Hubs, Azure Storage, and Azure Cosmos DB) and Azure-hosted customer and partner services over a private endpoint in your Azure Virtual Network (VNet). With this general availability, you can now use private endpoint for Azure Digital Twins instances to allow clients in the virtual network (VNet) to securely access Azure Digital Twins instances over Azure Private Link. This feature allows you to further secure Azure Digital Twins instances by restricting traffic to the instances.
The new Azure Monitor agent and data collection rules now support private virtual network configurations via private links and a new Azure resource type called data collection endpoints. This is now generally available. It will allow you to use these capabilities in restricted environments that need special networking requirements and isolation from the public internet. More information below:
- It’s configured using data collection endpoint, which must be created and ‘associated’ to the respective machines with the new agent installed
- It leverages the use of Azure Monitor Private Link Scopes (AMPLS)
- It can only be configured for data being sent to Azure Monitor logs; no support for Azure Monitor metrics
Read the documentation to configure the new agent to upload data via private links only, without accessing the public internet directly. If you haven’t already, review the updated migration guidance to start migrating to the new agent. And if you have any feedback, please share feedback on our feedback channel.
Import-Export overview
With Azure SQL Import-Export users can import a SQL Server database into Azure SQL Database using a BACPAC file or export from an Azure SQL Database into a BACPAC file. BACPAC files can be stored in Azure Blob storage(standard storage only) or local storage in an on-premises location. Importing a database into Azure SQL DB using Import-Export creates the database and imports schema and data into the database from the BACPAC file provided. Here is an overview of Import Export works:
To successfully run Import Export operations in Azure SQL Database, users must set “Allow Access to Azure Services” parameter under Firewall settings to ON. Otherwise, the Import Export operations fail with errors. But in many scenarios users would not want to give such a broad privilege for Import/Export operations and require a more precise and controlled way to perform the operation.
Import Export using Private Link now in Preview - Microsoft Tech Community
Today, Microsoft take a giant step toward making the dream of interoperability in healthcare real. Microsoft is announcing the general availability of Azure Health Data Services, a platform as a service (PaaS) offering designed exclusively to support Protected Health Information (PHI) in the cloud. Azure Health Data Services is a new way of working with unified data—providing your team with a platform to support both transactional and analytical workloads from the same data store and enabling cloud computing to transform how we develop and deliver AI across the healthcare ecosystem.
On 3 December 2022, extended support for Microsoft .NET Core 3.1 will end. After that date, your applications that are hosted on App Service will continue to run and your existing workloads will not be impacted. However, we'll no longer provide patches or customer service for .NET Core 3.1.
Update your App Service applications to use .NET 6, which is the latest version with long-term support and provides these enhancements:
- A unified set of base libraries and an SDK that make it easy to share code across any application type.
- Simplified development with new C# 10 features and minimal APIs.
- Hot reload that allows you to make code changes without explicit recompiling.
Recommended action
To avoid potential service disruptions or security vulnerabilities, follow the steps to update your App Service applications to use .NET 6 before 3 December 2022.
Microsoft partners with NVIDIA to bring GPU-accelerated confidential computing to Azure
Today, Microsoft are excited to announce the next chapter in this journey as NVIDIA and Microsoft are combining the power of GPU-accelerated computing with confidential computing for state-of-the-art AI workloads. This collaboration is the first step towards a shared vision to empower individuals and organizations to share and collaborate to derive new insights from data using GPU-accelerated computing without sacrificing security or privacy. With support for Ampere Protected Memory (APM) in NVIDIA A100 Tensor Core GPUs and hardware-protected VMs, enterprises will be able to use sensitive datasets to train and deploy more accurate models with state-of-the-art performance and an added layer of security that their data remain protected.
In addition to saving your analysis queries, now you can continually monitor the data by pinning it as a tile on a dashboard. To pin an analytics tile, you will need to save the analysis query first. While pinning, you will get the option to select the desired dashboard. After pinning, you can update the size, location, and title of the tile by editing the dashboard.
It’s now been 25 years since the first release of Visual Studio in 1997 and such a big milestone deserves a proper celebration. The Visual Studio 25th Anniversary Event kicks off at 9 AM Pacific Time on Thursday, March 17, with exclusive content and exciting reveals all day long.
Source: Happy 25th birthday Visual Studio! - Visual Studio Blog (microsoft.com)
Azure Private Link support in Azure API Management is now in preview. With this, incoming traffic to Azure API Management's gateway can be secured to clients running in a virtual network through Azure Private Link. This will limit access to Azure API Management by assigning a virtual network private IP address to the Azure API Management gateway using Azure Private Link. Previously, only Developer and Premium tiers supported this integration with a virtual network. With this update, you can now integrate to clients in a virtual network privately, using the tiers- Developer, Basic, Standard, and Premium.
Source: Public preview: Azure Private Link support in Azure API Management | Azure updates | Microsoft Azure
Microsoft announced the GA release of maintenance windows for Azure SQL Database and Azure SQL Managed Instance. Need for additional control and transparency into monthly maintenance events have been a continued feedback from customers of Azure SQL Database and Managed Instance. With the GA release of maintenance windows, you can choose from predefined time slots for maintenance in addition to having ability to set up alerts to be notified of upcoming maintenance events.
All Azure HBv3 virtual machine (VM) deployments from 21 March 2022 will include AMD EPYC 3rd Gen processors with 3D V-Cache, codenamed “Milan-X”. The enhanced HBv3 VMs are available in theAzure East US, South Central US, and West Europe regions. All VM deployments from today onward will occur on machines featuring Milan-X processors. Existing HBv3 VMs deployed prior to today’s launch will continue to see AMD EPYC 3rd Gen processors, codenamed “Milan”, until they are de-allocated and you create a new VM in its place.
HBv3-series VMs retain their existing pricing and do not require changes to your workloads. No other changes are being made to the HBv3-series VM sizes you already know and rely on for your critical research and business workloads. For more information on the Azure HBv3-series, please see official documentation for the Azure HBv3-series of Virtual Machines.
With Azure Stack Hub’s 2108 update, you can preview Azure Kubernetes Service on Azure Stack Hub. The same service that’s currently found in Azure is available in Azure Stack Hub. Manage Kubernetes clusters in the same way you currently do in Azure and utilize a familiar user experience, CLI, and API.
Source: Public preview: Azure Kubernetes Service on Azure Stack Hub
On 31 March 2023, Microsoft will be retiring support for Azure SDK libraries which do not conform to the Azure SDK guidelines. The new Azure SDK libraries are updated regularly to drive consistent experiences and strengthen your security posture. Please transition to the new Azure SDK libraries to take advantage of the new capabilities and critical security updates before 31 March 2023.
On 31 March 2025, Microsoft will retire the public preview templates functionality in the Azure portal. Before that date, you’ll need to start using template specs, which includes all the functionality of templates, plus enables you to:
- Securely store, share, and manage access to template specs in Azure Resource Manager.
- Iterate on template code to update an existing version or publish a new one.
- Deploy using PowerShell, Azure CLI, the Azure portal, REST, and other supported SDKs and clients.
Required action
To avoid losing access to your templates, follow the steps to convert them to template specs in the Azure portal before 31 March 2025.
Source: Templates functionality preview version in Azure portal will be retired on 31 March 2025
Azure Monitor helps you maximize the availability and performance of your applications and services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. This information helps you understand how your applications are performing and proactively identify issues affecting them and the resources they depend on.
Just a few examples of what you can do with Azure Monitor include:
- Detect and diagnose issues across applications and dependencies with Application Insights.
- Correlate infrastructure issues with VM insights and Container insights.
- Drill into your monitoring data with Log Analytics for troubleshooting and deep diagnostics.
- Support operations at scale with smart alerts and automated actions.
- Create visualizations with Azure dashboards and workbooks.
- Collect data from monitored resources using Azure Monitor Metrics.
The following diagram gives a high-level view of Azure Monitor. At the center of the diagram are the data stores for metrics and logs, which are the two fundamental types of data used by Azure Monitor. On the left are the sources of monitoring data that populate these data stores. On the right are the different functions that Azure Monitor performs with this collected data. This includes such actions as analysis, alerting, and streaming to external systems.
To use Application Insights, you either install a small instrumentation package (SDK) in your app, or enable Application Insights by using the Application Insights agent. For languages and platforms that support the Application Insights agent, see Supported languages.
You can instrument the web app, any background components, and the JavaScript in the web pages themselves. The app and its components don't have to be hosted in Azure.
You can now use Data Box to copy data directly to Archive tier blobs in Azure Storage. Indicate your intent to move data to Archive tier while ordering Data Box in the Azure portal. After Data Box arrives and you access its local UI, you can copy to the Block Blob (Archive) share shown under your storage account name. You can also copy to Archive tier using Data Box's data copy service.
Source: Generally available: Copy data directly to Archive Storage with Data Box
Azure Front Door: The modern enterprise CDN
Every company is now a technology company challenged with managing a rapidly growing digital footprint, dispersed workforce, and evolving security threats. As a result, enterprises are looking for solutions that help meet the rising demands for better scalability, more security, higher performance, greater automation, and easier manageability—with reduced costs.
Whether you’re delivering content and files or building global apps and APIs, Azure Front Door can help you deliver higher availability, lower latency, better scale, and more secure experiences to your users wherever they are. Azure Front Door also enables you to define, manage, and monitor the global routing for your app.
Source: Introducing the new Azure Front Door: Reimagined for modern apps and content
With Azure Stack Hub’s 2108 update, you can preview Azure Container Registry on Azure Stack Hub. This service uses private container registries on Azure Stack Hub to store and retrieve OCI-compliant images to support both connected and disconnected scenarios for Azure Kubernetes Service (AKS), AKS engine, and other container orchestrator engines.
Source: Public preview: Azure Container Registry on Azure Stack Hub
On 31March 2025, QnA Maker will be retired. Before that date, you’ll need to migrate your QnA Maker knowledge bases to custom question answering, a feature of Azure Cognitive Service for Language. Custom question answering provides all the capabilities of QnA Maker, plus enhancements such as:
- Improved relevance ranking.
- Availability across 31 regions.
- The ability to add and query unstructured content from documents and public URLs.
Beginning 1 October 2022, you won’t be able to create new QnA Maker resources or knowledge bases. All QnA Maker resources and knowledge bases created before that date will be supported until 31 March 2025.
Generally available: On-demand capacity reservation with Azure Site Recovery safeguards VMs failover
Azure Site Recovery is now integrated with on-demand capacity reservation and is available generally. With this integration, you can leverage the power of capacity reservations with Site Recovery to reserve compute capacity in the disaster recovery (DR) region and guarantee your failovers. When you assign a capacity reservation group (CRG) for your protected VMs, Site Recovery will failover the VMs to that CRG. Additionally, a compute SLA gets added to the existing Site Recovery’s Recovery Time Objective (RTO) SLA of 2 hours.
For new VMs, you can create and assign a CRG while enabling replication with a single click. If you want to assign a CRG for your existing protected VMs, review the example in the screenshot below to navigate to the "Compute" blade and select the desired CRG. Assigning a CRG does not impact the Site Recovery License fee. For more information about the pricing of on-demand capacity reservation, refer the on-demand capacity reservations documentation.
Source: Generally available: On-demand capacity reservation with Azure Site Recovery safeguards VMs failover
On-demand capacity reservations for Azure Virtual Machines let you deploy and manage the compute capacity required to run Azure Virtual Machines separately from the virtual machines (VMs) themselves. This new feature enables your IT organization to reserve compute capacity for a VM size. The reservation can be for any length of time in any public Azure region or availability zone and supports most VM series. You can create and cancel an on-demand capacity reservation at any time, no commitment is required.
The ability for you to access compute capacity–with SLA guarantees–ahead of actual VM deployments is particularly important to ensure the availability of business-critical applications running on Azure. On-demand capacity reservations can be combined with Azure Reserved VM Instances (RIs) to significantly reduce costs.
Source: General availability: On-demand capacity reservations
Azure Dedicated Host is a service that provides physical servers - able to host one or more virtual machines - dedicated to one Azure subscription. Dedicated hosts are the same physical servers used in our data centers, provided as a resource.
You can provision dedicated hosts within a region, availability zone, and fault domain. Then, you can place AKS VMs directly into your provisioned hosts, in whatever configuration best meets your needs.
Using Azure Dedicated Hosts for nodes with your AKS cluster enables:
- Hardware isolation at the physical server level. No other VMs will be placed on your hosts.
- Control over maintenance events initiated by the Azure platform. With dedicated hosts, you can opt-in to a maintenance window to reduce the impact to your service.
When planning a potential migration of on-premises infrastructure to Azure, you may want to retain your existing public IP addresses due to your customers' dependencies or established IP reputation. Today, we are announcing the general availability of the ability to BYOIP (Bring Your Own IPs) to Azure. Public IP ranges can be onboarded to Azure as regional Custom IP Prefix resources, where they can be utilized in the same manner as Azure-owned public IP prefixes.
Source: General availability: Bring your own IP ranges to Azure
Today Microsoft is announcing the general availability of Azure Spot Virtual Machines (VMs). Azure Spot VMs provide access to unused Azure compute capacity at deep discounts. Spot pricing is available on single VMs in addition to VM scale sets (VMSS). This enables you to deploy a broader variety of workloads on Azure while enjoying access to discounted pricing compared to pay-as-you-go rates. Spot VMs offer the same characteristics as a pay-as-you-go virtual machine, the differences being pricing and evictions. Spot VMs can be evicted at any time if Azure needs capacity.
Source: Announcing the general availability of Azure Spot Virtual Machines
The new memory optimized Ebs v5 and Ebds v5 Azure Virtual Machines, now generally available, feature the latest 3rd Gen Intel Xeon Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration. These VMs deliver up to 300% increase in VM-to-Disk Storage throughput and IOPS compared to the previous generation D/Ev4 VM series. The new VM series feature sizes from 2 to 64 vCPUs with and without local temporary storage best match your workload requirements.
These new VMs offer up to 120,000 IOPS and 4,000 MB/s of remote disk storage throughput. The increased storage throughput is ideal for the most demanding data-intensive workloads, including large relational databases such as SQL Server, high-performance OLTP scenarios, and high-end data analytics applications. You can also consolidate existing workloads on fewer VMs or deploy smaller VM sizes while achieving potential cost savings.
Source: Generally available: Azure Virtual Machines increase storage throughput by up to 300%
Auto-healing is a heavily used diagnostic feature of Azure App Service that allows end-users to configure a rich set of triggers that can be used to mitigate an app once it starts misbehaving. It not only allows you to mitigate the app from a bad situation but it also allows customers to capture diagnostic data that helps them debug the issues later.
Crash Monitoring and Proactive Crash Monitoring allow end-users to effectively diagnose and debug application crashes (process exits due to unhandled exceptions) easily.
One of the most asked features for both these features was the ability to view historical information about when these tools were triggered and what conditions cause them to trigger. Customers have also asked us to be able to view this information for a longer duration as by default the views available in Diagnose and Solve blade show you a maximum of 24 hours of information.
You can now create private endpoints to limit and secure device connectivity to your Azure IoT Central application with Private Link. This not only improves your security posture, but also simplifies your network architecture.
Devices running on connected or peered virtual networks, on-premises environments securely connected to Azure using ExpressRoute or VPN can now connect and enable bi-directional communication with Azure IoT Central via private endpoint.
Private endpoints use private IP addresses from a virtual network address space to connect your devices privately to your Azure IoT Central application. Network traffic between devices on the virtual network and the Azure IoT platform traverses the virtual network and a private link on the Microsoft backbone network, eliminating exposure on the public internet.
With Visual Studio 2022, Microsoft has converted the CPU Usage tool in the Performance Profiler to the profiler’s new analysis engine. This new change provides the tool with better source resolution, incremental/cancelable symbol loading, a performance boost, and a new flame graph.
Note: This is only available in the Performance Profiler (Alt+F2) version of the tool, but we are still working on supporting it in the Diagnostic Tools. Give it a shot and see what insights you can find!
Flame Graph
We have finally shipped our most requested feature, a flame graph, to visualize a call tree. This new view is in the CPU tool details tool window, above the source line highlighting view. Using the graph, you can get a visual overview of where time is being spent in your application and click on specific nodes to dig into them further. Stay tuned for a follow-up blog where I walk through a recent investigation I did with the tool to double the performance.
Azure Bastion support for Kerberos authentication, available with both basic and standard SKUs, is now in public preview. To learn more about the Kerberos authentication protocol and how to use it for VMs accessed via Azure Bastion, see the following resources below:
- Kerberos Authentication Overview | Microsoft Docs
- Configure Bastion for Kerberos authentication: Azure portal - Azure Bastion | Microsoft Docs
Source: Public preview: Azure Bastion support for Kerberos authentication
With the new Azure Bastion native client support, available with Standard SKU, you can now:
- Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local machine
- Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials
- Access the features available with your chosen native client (ex: file transfer)
Source: General availability: Azure Bastion native client support
Azure Automation diagnostic logs allows you to send runbook job status and job streams to the Log Analytics workspace. This data can be queried with the powerful KQL query language to gain deep insights across patterns, correlations, and more.
Today, we are announcing the ability to send audit data for Automation accounts to Azure Monitor Log Analytics workspace. This allows enterprises to monitor key Automation account activities for security and compliance. When enabled through the Azure Diagnostics mechanism, you will be able to collect telemetry about create, update, and delete operations for the Automation runbooks and Automation assets. This includes connection, credential, variable, and certificate. This telemetry, as with any other Azure Diagnostics-based telemetry, can be sent to an Azure Storage Blob, Azure Event Hub, or into Azure Monitor logs.
Source: Generally available: Diagnostic audit logs for Automation accounts
Note: Azure AD Graph will not retire on 30 June 2022 per announcement . We are extending the retirement date for Azure AD Graph. A follow up announcement will be published before 31 December 2022 with more information on additional tools to assist you with your migration and an updated retirement date.
Azure AD Graph will continue to be supported but will not be receiving any new feature updates as we are investing our engineering resources in Microsoft Graph. We encourage you to update your apps to use Microsoft Graph as soon as possible. Please view details below to migrate to Microsoft Graph.
The latest release of Apache Spark 3.1 includes:
- Adaptive query execution
- Convert sort merge join to broadcast hash join
- Spark catalyst optimizer
- Dynamic partition pruning
- Create new Spark 3.1 clusters (not Spark 3.0 clusters (preview))
Source: Generally available: Apache Spark 3.1.2 in Azure HDinsight
The latest release of Apache Kafka 2.4 includes:
- MirrorMaker 2 availability
- New metric category AtMinIsr topic partition
- Improved broker start-up time by lazy on demand mmap of index files
- More consumer metrics to observe user poll behavior
Source: Generally available: Apache Kafka 2.4 in Azure HDinsight
- Activities are the individual steps performed
- Pipelines are a logical group of activities
- Triggers define when a pipeline will run
- Integration runtime is the compute infrastructure
- Datasets are the actual representation of the data
- Linked services thell where to find the data
Types of Integration Runtime for Azure Data Factory:
- Azure IR: for data movement between public endpoints
- Self-Hosted IR: for connection to private and on-premises resources
- Azure-SSIS IR: Exclusively for executing SSIS packages
Linked Services are similar to connection strings.
Two types:
- Data Stores
- External Compute Services
Datasets are about the data structure.
Datasets are used in activities as data inputs and outputs.
Examples
- Tables in SQL Database
- Files in Blob Storage
Triggers are the Data Factory components that initiate the execution of a pipeline. They define when a pipeline needs to run.
Types of triggers
- Schedule: focus on ON/AT (on Monday, at midnight, the last day of the month)
- Tumbling Window: focus on EVERY (every 4 hours)
- Event-based: Fire based on an event (file arrival)
Note: Azure AD Graph will not retire on 30 June 2022 per announcement below. We are extending the retirement date for Azure AD Graph. A follow up announcement will be published before 31 December 2022 with more information on additional tools to assist you with your migration and an updated retirement date.
Azure AD Graph will continue to be supported but will not be receiving any new feature updates as we are investing our engineering resources in Microsoft Graph. We encourage you to update your apps to use Microsoft Graph as soon as possible. Please view details below to migrate to Microsoft Graph.
Azure Automation diagnostic logs allows you to send runbook job status and job streams to the Log Analytics workspace. This data can be queried with the powerful KQL query language to gain deep insights across patterns, correlations, and more.
Today, we are announcing the ability to send audit data for Automation accounts to Azure Monitor Log Analytics workspace. This allows enterprises to monitor key Automation account activities for security and compliance. When enabled through the Azure Diagnostics mechanism, you will be able to collect telemetry about create, update, and delete operations for the Automation runbooks and Automation assets. This includes connection, credential, variable, and certificate. This telemetry, as with any other Azure Diagnostics-based telemetry, can be sent to an Azure Storage Blob, Azure Event Hub, or into Azure Monitor logs.
Source: Generally available: Diagnostic audit logs for Automation accounts
The latest release of Apache Spark 3.1 includes:
- Adaptive query execution
- Convert sort merge join to broadcast hash join
- Spark catalyst optimizer
- Dynamic partition pruning
- Create new Spark 3.1 clusters (not Spark 3.0 clusters (preview))
For additional details, review the document Apache Spark 3.1 on Microsoft Tech Community.
For a complete list of improvements, review the Apache Spark 3.1 release notes.
For more details on migration, review the migration guide.
The latest release of Apache Kafka 2.4 includes:
- MirrorMaker 2 availability
- New metric category AtMinIsr topic partition
- Improved broker start-up time by lazy on demand mmap of index files
- More consumer metrics to observe user poll behavior
Source: Generally available: Apache Kafka 2.4 in Azure HDinsight
Your new and existing general purpose provisioned and serverless Azure SQL Database elastic pools allow for zone redundant configuration. This feature utilizes Azure Availability Zones to replicate databases across multiple physical locations within an Azure region. By selecting zone redundancy, you can make your databases and elastic pools resilient to a much larger set of failures, including catastrophic datacenter outages—without any changes of the application logic.
Source: General availability: Zone redundancy for Azure SQL Database general purpose tier
Private endpoints enable clients on an Azure virtual network to securely access Azure Static Web Apps through an IP address in the virtual network's address space over a private link. This enables network traffic between the virtual network and the Static Web Apps service to traverse over the Microsoft backbone, eliminating exposure from the public internet.
To learn more about Azure Static Web Apps, visit: https://docs.microsoft.com/azure/static-web-apps/overview
Source: Generally available: Azure Static Web Apps support for private endpoints
Microsoft Azure is a cloud platform integrated with data services, advanced analytics, and developer tools and services. When you build on, or migrate IT assets to Azure, we provide a secure, consistent application platform to run your workloads. To strengthen your security posture, we rolled out DNS reservations to prevent subdomain takeover in Cloud Services deployments. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.
The risks of subdomain takeover include:
- Loss of control over the content of the subdomain
- Cookie harvesting from unsuspecting visitors
- Phishing campaigns
- Further risks of classic attacks such as XSS, CSRF, CORS bypass
Ensuring that your organization has implemented processes to prevent dangling DNS entries and the resulting subdomain takeovers is a crucial part of your security program.
Please refer to the DNS reservation feature in Cloud Services to reclaim your subdomain here: Prevent subdomain takeovers
Source: Generally available: DNS reservations to prevent subdomain takeover in Cloud Services deployments
Security Overview at the organization level is now out of beta and generally available. GitHub Advanced Security customers can use Security Overview to view a repo-centric view of application security risks. They can also see an alert-centric view of all Code Scanning, Dependabot, and Secret Scanning alerts, across all repositories in an organization.
Microsoft is pleased to announce that the next generation of NC A100 v4 series is now available for preview. These virtual machines (VMs) come equipped with NVIDIA A100 80GB Tensor Core PCIe GPUs and 3rd Gen AMD EPYC™ Milan processors. These new offerings improve the performance and cost-effectiveness of a variety of GPU performance-bound real-world AI training and inferencing workloads. These workloads cover object detection, video processing, image classification, speech recognition, recommender, autonomous driving reinforcement learning, oil and gas reservoir simulation, finance document parsing, web inferencing, and more.
Figure 1: ResNet50 results were generated using NC24s_v3 and NC96ads_A100_v4 virtual machine sizes.
Source: Accelerate your AI applications with Azure NC A100 v4 virtual machines
Continuous cost optimization can take place at all stages of an Azure workload’s lifecycle, but your Azure subscription provides a very effective benefit to further optimize your investment when you are ready to deploy that workload.
For cloud workloads with consistent resource usage, you can buy reserved instances at a significant discount and reduce your workload costs by up to 72 percent compared to pay-as-you-go prices. Azure Reservations can be obtained by committing to one-year or three-year plans for virtual machines, Azure Blob storage or Azure Data Lake Storage Gen2, SQL Database compute capacity, Azure Cosmos DB throughput, and other Azure resources.
Source: Optimize your cloud investment with Azure Reservations
When you deploy a site to Azure Static Web Apps, each pull request against your production branch will generate a preview deployment available at a temporary URL. Today, we’re announcing expanded support for preview deployments with stable URLs. This can be configured in the GitHub Actions workflow by enabling deployment from branches or by specifying a deployment environment name.
To deploy non-production branches to a preview environment, it is required to update the GitHub workflow to run when a push is made to the specific branches and define the production_branch property in the build_and_deploy_job configuration.
Alternatively, you can push changes to a named preview environment by configuring a deployment_environment property in the workflow.
Source: Public preview: Stable URLs for preview environments in Azure Static Web Apps
Along with the announcement of Azure Managed Grafana, Microsoft is excited to introduce new Grafana integrations with Azure Monitor including the ability to pin Azure Monitor visualizations from Azure Portal to Grafana dashboards and new out-of-the-box Azure Monitor dashboards.
Full stack visibility from multiple sources in a single screen
Grafana allows you to query, visualize and create operational dashboards on Azure Monitor data. Using Azure Managed Grafana, you can now view your Azure monitoring data in Grafana dashboards in a few simple clicks. You can quickly pin Azure Monitor visualizations from the Azure Portal to new or existing Grafana dashboards by adding panels to your Grafana dashboard directly from Azure Monitor. Additionally, you can combine app and infrastructure metrics from multiple Azure sources into a single dashboard for full stack visibility.
Visual Studio 17.2 Preview 3 introduces a brand-new All-In-One search experience that merges the existing VS Search (Ctrl + Q) and Go To (Ctrl + T) to allow you to search both your code and Visual Studio features quicker and easier than ever, all in the same place.
The All-In-One search streamlines your searching experience by providing you with a customizable UI (size, location, and dismissibility), compact search results with real-time matching as you type, and a fully keyboard friendly interface to ideally minimize your searching pain points.
Source: Introducing a New Way to Search Your Code and Visual Studio Features
Today, Microsoft is announcing that Azure Managed Grafana is available in preview. With Azure Managed Grafana, the Grafana dashboards our customers are familiar with are now integrated seamlessly with the services and security of Azure.
The Grafana application lets users easily visualize all their telemetry data in a single user interface. With Grafana's extensible architecture, users can visualize and correlate multiple data sources across on-premises, Azure, and multi-cloud environments. Azure Managed Grafana particularly optimizes this experience for Azure-native data stores such as Azure Monitor and Data Explorer thus making it easy for customers to connect to any resource in their subscription and view all resulting telemetry in a familiar Grafana dashboard.
Source: Enhance your data visualizations with Azure Managed Grafana—now in preview
Specify a service tag as the address prefix parameter in a user-defined route for your route table. You can choose from tags representing over 70 Microsoft and Azure services to simplify and consolidate route creation and maintenance. With this release, using service tags in routing scenarios for containers is also supported.
User-defined routes with service tags will update automatically to include any changes that services make to their list of IPs and endpoints. You will no longer need to manually update routes using the Service Tag and IP range data from the weekly downloadable JSON file.
Instead of creating several routes per route table to configure routing for multiple Microsoft and Azure services, each of which can contain dozens or hundreds of prefixes, one route with a service tag condenses all the ranges for that service. As a result, this feature can reduce the likelihood of hitting the routes-per-table limit of 400.
For example, the AzureCloud service tag includes more than 4,500 prefixes, which represent the Azure address space; one route containing the AzureCloud service tag will effectively route traffic intended for any of these AzureCloud prefixes through the desired next hop type.
This feature is available through Azure Portal, REST, PowerShell, CLI, and can be used in ARM templates.
Source: Generally available: Service tags support for user-defined routing
Azure Container Apps, a service for building and deploying modern applications and microservices using serverless containers, now supports managed identities in public preview.
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication, such as Azure Key Vault and Azure SQL Database. When enabled, your container apps can connect to supported services without using secrets in connection strings. Both system- and user-assigned managed identity are supported.
Virtual network integration and private endpoint support is now available in the Azure App Service App Service Basic pricing tier.
You can use VNet integration (outbound) to enable your apps to access resources in or through a virtual network, without granting inbound private access to your apps. You can use private endpoints (inbound) to allow clients located in your private network to securely access your apps over Private Link, eliminating exposure from the public internet.
This extends the robust security capabilities already available in other App Service pricing tiers to the Basic SKU, making it even easier to get started with Azure App Service.
You can now rehydrate an archived blob by copying it to a different storage account, as long as the destination account is in the same region as the source account. Rehydration across storage accounts enables you to segregate your production data from your backup data, by maintaining them in separate accounts. Isolating archived data in a separate account can also help to mitigate costs from unintentional rehydration.
Source: Generally available: Rehydrate an archived blob to a different storage account
Microsoft is announcing that Azure Purview is generally available as of September 28, 2021. You can now maximize the value of your on-premises, multicloud, and software as a service (SaaS) data with this unified data governance solution.
Easily create a unified map of your data assets and their relationships with automated data discovery and sensitive data classification, get insight into the location and movement of data across your hybrid landscape, and empower data consumers to find valuable data through a data catalog. Azure Purview also has turnkey integrations with Azure Synapse Analytics, SQL Server, Power BI, Azure SQL and more to automatically capture lineage relationships between data assets.
App Service has added Azure Portal support for configuring networking options regarding virtual networks and private endpoints. This capability (currently in public preview) allows you to use the Portal to ensure a secure configuration from the moment you create a new web app in App Service.
This capability is also available through the Azure CLI and ARM templates.
Source: Public preview: App Service - Configure networking in Azure Portal during app creation
Azure Lab Services offers classroom labs for higher education, K-12 institutions, and commercial organizations that don't want to use the on-premises hardware but rather want to harness the power of the cloud to host labs for students or users.
Microsoft is excited to announce major updates to Azure Lab Services including enhanced lab creation and improved backend reliability, access performance, extended virtual network support, easier labs administration via new roles, improved cost tracking via Azure Cost Management service, availability of PowerShell module, and .NET API SDK for advanced automation and customization, and integration with Canvas learning management system. Learn more about the new update and how to use it.
Along with making significant reliability enhancements to the backend, labs creation, and access performance improvements, this major update is bringing a whole slew of additional features for the IT departments and administrators, educators, and the students, who are the three key personas that use this service.
With the Azure Key Vault automated key rotation feature, now generally available, you can set a rotation policy on a key to schedule automated rotation and configure expiry notifications through Event Grid integration.
This feature enables end-to-end zero-touch key rotation for Azure services data encryption with customer-managed key (CMK) stored in Azure Key Vault.
Automated key rotation feature will be billed per scheduled rotation.
Source: Generally available: Automated key rotation in Azure Key Vault
Azure App Service now supports mounting Azure Files as a local share in Windows Code (in public preview). This complements existing file share support for Linux Containers and Windows Containers.
Enabling custom-mounted storage creates many opportunities for you to:
- Configure persistent storage for your App Service app and manage the storage separately.
- Make static content like video and images readily available for your App Service app.
- Write application log files or archive older application log to Azure File shares.
- Share content across multiple apps or with other Azure services.
Source: Public preview: Azure Storage as share in Windows Code in App Service
With Static Web Apps, you can now configure Azure pipelines to deploy your application to preview environments. The Azure DevOps task for Azure Static Web Apps intelligently detects and builds your app’s frontend and API and deploys the entire application to Azure. You can fully automate the testing and delivery of your software in multiple stages all the way to production.
Azure Static Web Apps provides globally distributed content hosting and serverless APIs powered by Azure Functions. It also includes everything you need to run a full-stack web app, including support for custom domains, free SSL certificates, authentication/authorization, and preview environments.
Source: Public preview: Static Web Apps support for preview environments in Azure DevOps
Azure Bastion is a fully managed jumpbox-as-a-service that provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to your VMs in local or peered virtual networks. Azure Bastion provides connectivity directly from the Azure portal using Transport Layer Security (TLS).
With Azure Bastion, your VMs do not need a public IP address, protecting your virtual machines from exposing RDP and SSH ports to threats on the public internet, while still providing secure access using RDP and SSH. With native client support available on the Standard SKU for Azure Bastion, you now unlock customizable features and added functionality in your VM sessions.
Source: Customize your secure VM session experience with native client support on Azure Bastion
Azure Web Application Firewall (WAF) is a cloud-native, self-managed security service that protects your applications and APIs running in Azure or anywhere else – from the network edge to the cloud. We offer two options – global WAF integrated with Azure Front Door and regional WAF integrated with Azure Application Gateway - for deploying Azure WAF for your applications and APIs.
On March 29, we announced the general availability of managed Default Rule Set 2.0 with anomaly scoring, Bot Manager 1.0, and security reports on global WAF. Today, we are excited to share the general availability of additional features on regional WAF. Take advantage of the latest Azure WAF enhancements that offer you better security, improved scale, easier deployment, and better management of your applications and APIs:
- Reduced false positives with Core Rule Set 3.2 integrated with Azure Application Gateway. The older CRS 2.2.9 ruleset is being phased out in favor of the newer rulesets.
- Improved performance and scale with the next generation of WAF engine, released with CRS 3.2
- Increased size limits on regional WAF for body inspection up to 2MB and file upload up to 4GB
- Advanced customization with per rule exclusion and attribute by names support on regional WAF
- Native consistent experience with WAF policy – new deployments of Application Gateway v2 WAF SKU now natively utilizes WAF policies instead of configuration
- Advanced analytics capabilities with new Azure Monitor metrics on regional WAF
Source: Generally available: Enhancements to Azure Web Application Firewall
Azure Functions support for PowerShell 7.2 is now supported in public preview. This enables developing and deploying Azure Functions Apps for production scenarios using the latest version of PowerShell.
Source: Public preview: Azure Functions now supports PowerShell 7.2
When a node is deallocated, the attached storage as well as the container image is still present on the node. When scaling up your deployments, all deallocated nodes will be started first before provisioning new nodes. This allows for faster operation speeds as your deployment leverages cached images. Scale-down mode allows you to no longer have to pre-provision nodes and pre-pull container images.
With the move of preview to GA, scale-down mode now supports spot node pools.
Object replication now supports premium block blobs to replicate your data from your blob container in one storage account to another anywhere in Azure. The destination storage account can be a premium block blob or a general-purpose v2 storage account.
You can also specify up to 1000 replication rules (increased from 10) for each replication policy for both general-purpose v2 and premium block blob storage accounts.
Object replication unblocks a set of common replication scenarios for block blobs:
- Minimize latency – have your users consume the data locally rather than issuing cross-region read requests.
- Increase efficiency – have your compute clusters process the same set of objects locally in different regions.
- Optimize data distribution – have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
- Optimizing costs – after your data has been replicated, you can reduce costs by moving it to the archive tier using life cycle management policies.
Source: General availability: Object replication on premium blob storage and rule limit increased
Node pool snapshots allow you to take a configuration snapshot of your node pool and then create new node pools or new clusters based off that snapshot, as long as that configuration and Kubernetes version is supported.
Object replication now supports premium block blobs to replicate your data from your blob container in one storage account to another anywhere in Azure. The destination storage account can be a premium block blob or a general-purpose v2 storage account.
You can also specify up to 1000 replication rules (increased from 10) for each replication policy for both general-purpose v2 and premium block blob storage accounts.
Object replication unblocks a set of common replication scenarios for block blobs:
- Minimize latency – have your users consume the data locally rather than issuing cross-region read requests.
- Increase efficiency – have your compute clusters process the same set of objects locally in different regions.
- Optimize data distribution – have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
- Optimizing costs – after your data has been replicated, you can reduce costs by moving it to the archive tier using life cycle management policies.
Source: General availability: Object replication on premium blob storage and rule limit increased
Virtual Network NAT (VNet NAT) is a fully managed and highly resilient network address translation (NAT) service. With Virtual Network NAT, you can simplify your outbound connectivity for virtual networks without worrying about the risk of connectivity failures from port exhaustion or your internet routing configurations.
Support for Resource Health check with Virtual Network NAT helps you monitor the health of your NAT gateway as well as diagnose or troubleshoot outbound connectivity.
With Azure Resource Health, you can:
- View a personalized dashboard of the health of your NAT gateway
- Set up customizable resource health alerts to notify you in near real-time of when the health status of your NAT gateway changes
- See the current and past health history of your NAT gateway to help you mitigate issues
- Access technical support when you need help with Azure services, such as diagnosing and solving issues
Source: General availability: Virtual Network NAT health checks available via Resource Health
Azure Event Grid’s Partner Events enables users to grant authorization to partners in order to create partner topics or partner destinations in their Azure subscription. You need to opt-in to use this feature prior to July 2022. Event Grid will start requiring authorizations to create partner topics or partner destinations around June 30th, 2022. At that point, any attempt from a partner to create a partner topic or partner destination will fail. This authorization model does not apply to custom topic, domains, or system topics.
Source: Public preview: Event Grid enables user authorization to create partner topics
Join to celebrate the one-year anniversary of Azure Static Web Apps! Connect with others in the developer community and increase your Azure Static Web Apps skills in a fun, collaborative way.
It's hard to believe that it was just under a year ago that Microsoft announced the general availability of Azure Static Web Apps.
Azure Static Web Apps service became generally available in May 2021, with support for many of the popular front-end frameworks and static site generators used for modern web app development.
Sign up now for the Azure Static Web Apps anniversary event.
Source: Join us and the developer community to celebrate Azure Static Web Apps
Private endpoints for Azure Arc-enabled servers enable you to manage your Windows and Linux servers from Azure without sending network traffic over the public internet for enhanced security.
Servers can be configured to use a private endpoint by associating them with an Azure Arc Private Link Scope and connecting your on-premises network to an Azure virtual network using a site-to-site VPN or Express Route.
Source: Generally available: Azure Arc-enabled servers support for private endpoints
Secure webhook is an updated version of IT Service Management Connector (ITSMC). Both versions allow you to create work items in an IT Service Manager (ITSM) tool when Azure Monitor sends alerts. The functionality includes metric, log, and activity log alerts.
IT Service Manager Connector uses username and password credentials. Secure webhook has stronger authentication because it uses Azure Active Directory (Azure AD). Azure AD is Microsoft's cloud-based identity and access management service. It helps users sign in and access internal or external resources. Using Azure AD with IT Service Manager helps to identify Azure alerts (through the Azure AD application ID) that were sent to the external system.
The first two integrations are with ServiceNow ITOM and BMC Helix.
Azure Static Web Apps now supports seamless CI/CD integration with Azure DevOps via Microsoft Azure Portal. You can now opt for DevOps as your deployment source and link your DevOps account to populate the repository details with a single click.
Source: Public preview: Improved Azure DevOps support in Static Web Apps
Big news for computer science (CS) teachers. GitHub verified teachers using GitHub Classroom get access to GitHub’s groundbreaking, browser-based IDE, Codespaces. It’s a seismic shift for CS education, breaking down barriers in a fundamentally new way. Whether you’re a teacher frustrated with the complexities of managing local machine-based developer environments, tired of troubleshooting your students’ tools rather than focusing on their code, or looking to reduce technical and cost barriers for your CS Classroom, Codespaces addresses so many of the pain points in CS education with one elegant solution – integration in GitHub Classroom.
You can enable Codespaces in GitHub Classroom and then choose it as the preferred editor when creating assignments.
Big news for computer science teachers! Today, we invite teachers to join GitHub Global Campus, the new home for all computer science teachers at GitHub! On Global Campus, teachers can access education resources and learn about new programs and events-all in one place! Teachers can also:
- Upgrade their GitHub organizations to GitHub Team.
- Connect with the teacher community on GitHub Discussions.
- Request swag for their classroom.
- Manage active GitHub Classrooms.
If you’re a teacher, you can join Global Campus by completing a short application for teacher benefits. Once accepted, you will be officially welcomed as a Global Campus teacher.
Trusted launch provides a seamless way to improve the security of Azure Generation 2 VMs. It protects against advanced and persistent attack techniques by combining technologies which can be independently enabled like secure boot and virtualized version of trusted platform module (vTPM). Now you can use Azure Compute Gallery to create and share images of trusted launch virtual machines.
Source: Generally available: Azure Compute Gallery support for trusted launch Virtual Machines
Azure Database for MySQL - Flexible Server is now running on the latest MySQL minor versions 8.0.28 and 5.7.37. The new MySQL minor versions include bug fixes in terms of partitioning, replication, and some additional new functionality. As part of your maintenance window, your servers will be automatically updated to this version.
The minor versions allow you to get the most out of your experience with Azure Database for MySQL – Flexible Server—along with running on the most stable, compliant, and secure MySQL community versions.
Source: Generally available: Minor versions upgrade for Azure Database for MySQL – Flexible Server
Microsoft offers two types of Azure DNS Zones—private and public—for hosting your private DNS and public DNS records.
- Azure Private DNS: Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution. By using private DNS zones, you can use your own custom domain name instead of the Azure-provided names during deployment.
- Azure Public DNS: DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers. Azure DNS uses anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.
Source: Announcing Azure DNS Private Resolver: Now in preview
Azure Container Apps, a service for building and deploying modern applications and microservices using serverless containers, now provides live log streaming and the ability to connect to a containers console.
Log streaming is helpful when testing and diagnosing your container(s) in your container app. Being able to connect to the console of a running container enables you to execute shell (e.g., Bash or sh) commands as needed.
Source: Public preview: Azure Container Apps now support log streaming and console connect
Azure Data Lake Storage Gen1 will be retired on 29 February 2024. We recommend you migrate your data lake to Azure Data Lake Storage Gen2 and take advantage of the capabilities dedicated to big data analytics, built on Azure Blob Storage. To lower the barrier for this migration, we are now offering a simple and intuitive user experience in the Azure portal. You can provide your consent in the Azure portal and migrate your data from Azure Data Lake Storage Gen1 to Azure Data Lake Storage Gen2.
Source: General availability: Azure Data Lake Storage Gen1 to Gen2 using Azure Portal
The Open Service Mesh (OSM) extension is a managed service mesh for Arc-enabled Kubernetes clusters that is lightweight and extensible. It can be configured with Service Mesh Interface APIs, works by injecting envoy proxy as a sidecar to each application instance, and brings a new Azure Portal experience for onboarding. Open Service Mesh covers some of the core features of a service mesh including:
- mTLS traffic encryption between microservices
- Traffic splitting for canary and blue/green deployments
- Fine grained access control policies for microservices communicating over HTTP, TCP, and gRPC
- Observability for application performance
- Traffic control for ingress with various tools such as Contour
- Progressive delivery with Flagger
Source: Generally available: Open Service Mesh extension for Azure Arc
Stream Analytics now allows you to use managed identities as an authentication mode when connecting to Azure Cosmos DB and Azure Service Bus. You can use either System-Assigned Managed Identity or your own User-Assigned Managed Identity when authenticating. This solves a common challenge when building cloud applications related to credential management. Keeping the credentials secure is important and shouldn't be stored in developer workstations or checked into source control.
To learn more, visit:
- Connect to Azure Cosmos DB using Managed Identity
- Connect to Azure Service Bus using Managed Identity
Source: Public preview: Additional support for managed identity authentication in Azure Stream Analytics
Computer Vision's OCR (Read) API 2022 model with 164 supported languages is now generally available as a cloud service and Docker container.
- Support for 164 languages including Russian, Arabic, Hindi and other languages using Cyrillic, Arabic, and Devanagari scripts.
- Support for 9 languages with English, Chinese Simplified, French, German, Italian, Japanese, Korean, Portuguese, and Spanish.
- Enhanced support for single characters, handwritten dates, amounts, names, other entities commonly found in receipts and invoices.
- Improved processing of digital PDF documents and Input file size limit increased to 500 MB.
- Performance and latency improvements.
- Available as cloud service and Docker container.
To learn more, get started with the new OCR features.
Source: Generally available: OCR supports 164 languages in the Cognitive Services Computer Vision
Trusted launch is a seamless way to improve the security of generation 2 VMs. It protects against advanced and persistent attack techniques by combining technologies which can be independently enabled like secure boot and virtualized version of trusted platform module (vTPM). Azure Backup is announcing general availability of trusted launch VMs backup in all Azure regions where trusted launch Azure Virtual Machines are available. You will be able to configure the backup of your trusted launch Azure Virtual Machines through enhanced policy and enable backup through recovery services blade, manage blade, and create VM blade.
Learn more about trusted launch VMs backup here.
Source: General availability: Azure Backup support for trusted launch Azure Virtual Machines
AKS now supports Key Management System (KMS) plugin integration which enables encryption at the rest of your Kubernetes data in etcd using Azure Key Vault. You can now store secrets in bring your own key (BYOK) encrypted etcd using KMS.
From the Kubernetes documentation on Encrypting Secret Data at Rest:
KMS Plugin for Key Vault is the recommended choice for using a third-party tool for key management. KMS plugin simplifies key rotation, with a new data encryption key (DEK) generated for each encryption, and key encryption key (KEK) rotation controlled by the user.
Features:
- Use a key in Key Vault for etcd encryption
- Bring your own keys
- Provide encryption at rest for secrets stored in etcd
Leverage a rich set of first party solutions on AKS using the cluster extension feature. This feature builds on top of the packaging components of Helm by providing an Azure Resource Manager driven experience for installation and lifecycle management of different Azure service capabilities on the Kubernetes cluster.
The cluster extensions can be enabled using Azure CLI and allows you to accelerate your deployments on AKS by leveraging a broad range of services.
The Azure Migrate tool now offers additional capabilities that make it easier for you to move applications from on-premises environments to Azure App Service and Azure Kubernetes Service.
Azure App Service bulk migration capabilities are now in public preview through the Azure Migrate feature:
- Discover and assess ASP.NET web apps in addition to categorizing which apps are ready for migration.
- Suggest a destination for migration and provide a guided content and configuration experience for ASP.NET web apps to Azure App Service.
- Discover and migrate with Java Tomcat applications to App Service Linux and to Azure Kubernetes Service.
- Containerize your ASP.NET web apps and move them to either Windows Containers on App Service or to Azure Kubernetes Service.
Source: Public preview: App Service new migration capabilities
Azure AI is introducing two updates in preview to Azure Cognitive Services to help you deploy high-quality models as APIs and infuse language capabilities into your apps more efficiently and responsibly:
Azure OpenAI Service, an Azure Cognitive Service, is now available in limited access preview. Approved customers will be able to access 25 different models from OpenAI, including the GPT-3 base series (Ada, Babbage, Curie and DaVinci), Codex series and embedding models, with the enterprise capabilities of Azure. Azure OpenAI Service will help you enable new reasoning and comprehension capabilities for building cutting-edge applications for use cases such as writing assistance, code generation, and making sense of unstructured data. With features like fine-tuning and built-in responsible AI, you can also tailor the model to your specific needs and detect and mitigate harmful use. Learn more.
Azure Cognitive Service for Language now offers summarization for documents and conversations, a new capability which helps you quickly surface key information in documents and contact center calls, such as reason for the call and resolution. Learn more.
NGINX for Azure is a natively integrated software as a service (SaaS) solution with advanced traffic management and monitoring. The Azure integration enables ease of use with provisioning and configuration in a couple steps though the Azure portal.
Leverage advanced traffic management features, such as JSON Web Token (JWT) authentication and active health checks, with built-in security integrations like Azure Key Vault for SSL/TLS certificate management. You can purchase this solution through the Azure Marketplace, receive a unified bill for all services you use on Azure, and leverage existing enterprise agreements.
Source: Public preview: NGINX for Azure
Azure Synapse Link for SQL automates the extraction and movement of data from your relational operational data stores in both Azure SQL Database and SQL Server 2022 to Azure Synapse Analytics dedicated SQL pools.
Your data is replicated in near-real-time without the need to develop and deploy ETL or ELT pipelines. Once in Azure Synapse Analytics, the data can be used in advanced analytics and other downstream processing systems much faster than traditional batch-based ETL or ELT scenarios.
Azure Container Apps is a managed serverless container service which offers an ideal platform for application developers who want to run microservices in containers without managing infrastructure.
Write code using your preferred programming language or framework and build microservices with full support for Distributed Application Runtime (Dapr). Scale dynamically based on HTTP traffic or events powered by Kubernetes Event-Driven Autoscaling (KEDA).
Container Apps is built on a foundation of powerful open-source technology. Behind the scenes, every container app runs on Azure Kubernetes Service, with KEDA, Dapr, and Envoy baked in. This lets you perform modern application lifecycle tasks such as application upgrades, traffic shifting, and versioning ready-to-run for teams of every skillset.
To learn more about Azure Container Apps, visit the getting started guide on Microsoft Docs.
The subnet per node pool feature allows for use of multiple subnets in the same virtual network within an AKS cluster by assigning new node pools to different subnets. This allows for expansion of cluster address space over time as cluster size increases.
Dynamic concurrency automatically determines optimal per trigger concurrency settings for your workloads and adjusts as your load patterns change over time. Using dynamic concurrency can provide the following benefits to your function apps:
- Increased throughput
- Simplified concurrency configuration
- Dynamic adjustments to changing load patterns
- Instance health protection
This feature currently supports Service Bus, Azure Blob, and Azure Queue triggers.
Learn more about the benefits of dynamic concurrency and how to optimize concurrency.
Source: Generally available: Dynamic concurrency in Azure Functions
MultiValue (MV) Traffic Manager profiles enable you to specify a set of IPv4 and IPv6 endpoints in the same profile. MultiValue profiles are often nested under other profiles and traffic is routed from parent profiles to MultiValue profiles only if a minimum number of endpoints are healthy. This threshold of the minimum number of healthy endpoints is specified by users through the minChild parameter of the MultiValue profile.
Until now, you could only specify an aggregate number of minChild parameters and could not distinguish between IPv4 and IPv6 endpoints. This worked well for dual-homed scenarios where the number of IPv4 endpoints was the same as the number of IPv6 endpoints. However, this is lacking when you have single stack IPv4-only and IPv6-only endpoints which may have different capacity and availability characteristics.
With these enhancements, you will now be able to specify minChild property separately for IPv4 and IPv6 endpoints, enabling them to account for capacity differences in these stacks. This will offer greater design flexibility while you are chalking out your IPv6 adoption strategy.
Source: General availability: Enhanced IPv6 functionality for MultiValue profiles in Azure Traffic Manager
Microsoft is committed to the responsible advancement of AI to enable every person and organization to achieve more. Over the last few months, we have talked about advancements in our Azure infrastructure, Azure Cognitive Services, and Azure Machine Learning to make Azure better at supporting the AI needs of all our customers, regardless of their scale. Meanwhile, we also work closely with some of the leading research organizations around the world to empower them to build great AI.
Today, we’re thrilled to announce an expansion of our ongoing collaboration with Meta: Meta has selected Azure as a strategic cloud provider to help accelerate AI research and development.
As part of this deeper relationship, Meta will expand its use of Azure’s supercomputing power to accelerate AI research and development for its Meta AI group. Meta will utilize a dedicated Azure cluster of 5400 GPUs using the latest virtual machine (VM) series in Azure (NDm A100 v4 series, featuring NVIDIA A100 Tensor Core 80GB GPUs) for some of their large-scale AI research workloads. In 2021, Meta began using Microsoft Azure Virtual Machines (NVIDIA A100 80GB GPUs) for some of its large-scale AI research after experiencing Azure’s impressive performance and scale. With four times the GPU-to-GPU bandwidth between virtual machines compared to other public cloud offerings, the Azure platform enables faster distributed AI training. Meta used this, for example, to train their recent OPT-175B language model. The NDm A100 v4 VM series on Azure also gives customers the flexibility to configure clusters of any size automatically and dynamically from a few GPUs to thousands, and the ability to pause and resume during experimentation. Now, the Meta AI team is expanding their usage and bringing more cutting-edge machine learning training workloads to Azure to help further advance their leading AI research.
In addition, Meta and Microsoft will collaborate to scale PyTorch adoption on Azure and accelerate developers' journey from experimentation to production. Azure provides a comprehensive top to bottom stack for PyTorch users with best-in-class hardware (NDv4s and Infiniband). In the coming months, Microsoft will build new PyTorch development accelerators to facilitate rapid implementation of PyTorch-based solutions on Azure. Microsoft will also continue providing enterprise-grade support for PyTorch to enable customers and partners to deploy PyTorch models in production on both cloud and edge.
“We are excited to deepen our collaboration with Azure to advance Meta’s AI research, innovation, and open-source efforts in a way that benefits more developers around the world,” Jerome Pesenti, Vice President of AI, Meta. “With Azure’s compute power and 1.6 TB/s of interconnect bandwidth per VM we are able to accelerate our ever-growing training demands to better accommodate larger and more innovative AI models. Additionally, we’re happy to work with Microsoft in extending our experience to their customers using PyTorch in their journey from research to production.”
By scaling Azure’s supercomputing power to train large AI models for the world’s leading research organizations, and by expanding tools and resources for open source collaboration and experimentation, we can help unlock new opportunities for developers and the broader tech community, and further our mission to empower every person and organization around the world.
Automate the creation and management of Azure Cost Management scheduled emails with the ScheduledActions API. You can already create scheduled emails from within cost analysis in the portal. The API now allows you to automate scheduling new email alerts or triggering one-time emails to support advanced scenarios.
Learn more about subscribing to cost alerts and start looking into automation via the ScheduledActions API to increase cost visibility throughout your team.
Source: Public preview: Automate scheduled emails of your saved cost views via API
Azure Bastion now supports connectivity to Azure virtual machines or on-premises resources via a specified IP address. When IP based connection feature is enabled, Azure Bastion can be used to RDP/SSH into an on-premises resource over ExpressRoute and Site-to-Site VPN.
Source: General availability: Azure Bastion IP based connection
Customizing your node configuration allows you to configure or tune your operating system (OS) settings or the kubelet parameters to match the needs of the workloads.
When you create an AKS cluster or add a node pool to your cluster, you can customize a subset of commonly used OS and kubelet settings. These customizations allow you to choose where you may want to change default values in situations where workloads have certain performance demands on the kubelet or OS.
Source: Generally available: Custom node configuration on AKS
Host your Google Remote Procedure Call (gRPC) apps on App Service. Google Remote Procedure Call uses the HTTP/2 protocol to streamline messaging between clients and back-end servers, providing an efficient way to connect services that require high-performance communication.
Source: Public preview: App Service Google Remote Procedure Call support
Microsoft is announcing the general availability of new storage optimized Azure Virtual Machines. The new Lasv3 and Lsv3 VM series have been engineered to run workloads that require high throughput and high IOPS, including big data applications, SQL and NoSQL databases, distributed file systems, data analytics engines, and more.
The new VM series provide faster processors, increased networking, and higher remote disk throughput compared to prior generation storage optimized VMs. More specifically:
- The Lsv3 VM series is based on the 3rd Generation Intel® Xeon® Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration.
- The Lasv3 VM series features the 3rd Generation AMD EPYC™ 7763v (Milan) processor in a multithreaded configuration.
Both Lsv3 and Lasv3 VMs provide high throughput, low latency, directly mapped local NVMe storage and one 1.92TB NVMe SSD per 8 vCPUs, with up to 19.2TB available on the largest instance.
Source: General availability: Storage optimized Azure VMs deliver higher performance for data analytics.
Azure Firewall Manager now supports Azure Web Application Firewall (Azure WAF) policies for application delivery platforms, Azure Front Door, and Azure Application Gateway.
Key benefits:
Central deployment and configuration
- Deploy and configure multiple WAF policies
- Secure Azure Front Door Application Gateway with WAF policies at scale
- Upgrade from legacy WAF configuration to WAF policies on Application Gateway
View all application delivery platforms in a single place
- Gain visibility of all deployments across regions and subscriptions
Manage overall network security posture
- Adopt Zero-Trust principles by managing WAF, DDoS, and Azure Firewalls all in a central platform
There are no additional charges for using WAF policy management in Azure Firewall Manager. Learn more about pricing.
Source: Public preview: Manage Azure Web Application Firewall policies in Azure Firewall Manager
AI is revolutionizing the world we live in—from the way we entertain ourselves, to the products and services that we consume, to the way we care for our bodies, and how we go about our daily work. Organizations are leveraging the power of AI to transform our lives by accelerating superior product innovations, increasing organization competitiveness no matter their size or available resources, and immersing us into more amazing, photo-realistic virtual worlds in movies and games.
Azure Cognitive Services are cloud-based artificial intelligence (AI) services that help you build cognitive intelligence into your applications. They are available as REST APIs, client library SDKs, and user interfaces. You can add cognitive features to your applications without having AI or data science skills. Cognitive Services enable you to build cognitive solutions that can see, hear, speak, understand, and even make decisions.
Categories of Cognitive Services
Cognitive Services can be categorized into four main pillars:
- Vision
- Speech
- Language
- Decision
IPv6 support for Global Reach unlocks connectivity between on-premise networks, via the Microsoft backbone, for customers with dual-stack workloads. Establish Global Reach connections between ExpressRoute circuits using IPv4 subnets, IPv6 subnets, or both. This configuration can be done using Azure Portal, PowerShell, or CLI.
Source: Public preview: ExpressRoute IPv6 Support for Global Reach
When a file is renamed or moved to a new directory but half of it's contents remain the same, it's commit history will now indicate that the file was renamed, similar to git log --follow.
Trusted launch is a seamless way to improve the security of generation 2 VMs. It protects against advanced and persistent attack techniques by combining technologies that can be independently enabled like secure boot and virtualized version of trusted platform module (vTPM).
Trusted launch support for VMs using Ephemeral OS disks is available in all Azure public regions. With this, customers using Ephemeral OS disk for VMs will benefit from the additional security offered by trusted launch.
Source: General availability: Trusted launch support for virtual machines using Ephemeral OS disks
With Azure VMware Solution you can now scale storage independently from compute using Azure NetApp Files datastores, enabling you to run VMware-based storage-intensive workloads like SQL Server, general-purpose file servers, and others in Azure.
Gain the flexibility and scalability of running your storage-heavy workloads on Azure VMware Solution, while delivering high performance and low latency.
Get started today
On Azure VMware Solution you can now scale storage independently of your compute costs and gain the performance, scalability, reliability, and security you need with Azure NetApp Files for Azure VMware Solution.
Source: Power your file storage-intensive workloads with Azure VMware Solution
Microsoft is excited to introduce Azure Skills Navigator, a new learning resource designed especially for those that are new to Azure and want to learn more. Azure Skills Navigator is our very own ramp-up guide intended to help you develop a strong foundation on cloud technologies as you begin to explore Azure.
These downloadable Azure Skills Navigator guides offer a variety of resources to help build your skills and knowledge of Azure. Each guide features carefully selected digital training, learning courses, videos, documents, certifications, and more. Microsoft understands how important it is in today’s market to stay ahead of the tech curve. There is a high demand for professionals skilled in cloud technologies. Azure Skills Navigator guides ensure that you have a solid foundation as you begin exploring Azure. Microsoft has hand-picked a selection of resources that will help you develop a strong foundation of Microsoft Azure, allowing you to build and explore today. After you’ve mastered the content, Microsoft will help you navigate our intermediate and advanced level content.
Azure Container Apps, a service for building and deploying modern applications and microservices using serverless containers, now supports mounting Azure Files file shares and ephemeral volumes. This feature is currently in public preview.
Mount a file share to read and persist data in Azure Files. This is useful for loading large amounts of data without increasing the size of your container images. You can also use Azure Files to share data with other containers and applications.
With ephemeral storage, you can share data between multiple containers in a replica. Data written to ephemeral storage is persisted for the lifetime of the replica.
Source: Public preview: Mount Azure Files and ephemeral storage in Azure Container Apps
Azure Container Apps, a service for building and deploying modern applications and microservices using serverless containers, now supports custom domains and TLS certificates.
This feature is now generally available and allows you to use your own domains and TLS certificates to customize the hostname of your container apps and secure them using HTTPS.
Source: Generally available: Azure Container Apps support for custom domains and TLS certificates
Network Watcher packet capture allows you to create packet capture sessions to track traffic to and from virtual machine scale set (VMSS) instances. This will help to diagnose network anomalies both reactively and proactively. Other uses include gathering network statistics, gaining information on network intrusions, debugging client-server communications, and more.
Packet capture is an extension that is remotely started through Network Watcher as virtual machine scale sets can have 2-100 instances. This capability eases the burden of running a packet capture manually on the desired virtual machine scale set instances, which saves valuable time. Packet capture can be triggered through the portal, PowerShell, CLI, or REST API. Filters are provided for the capture session to ensure you capture traffic you want to monitor. Filters are based on 5-tuple (protocol, local IP address, remote IP address, local port, and remote port) information. The captured data is stored in the local disk or a storage blob.
Source: Public preview: Network Watcher packet capture support for virtual machine scale sets
Azure Functions now supports developing and editing applications, running on Linux, to be created and edited within the Azure portal.
Source: Public preview: Linux portal editing for applications
There are two key components of Azure Private Link:
- Private Endpoint is a service that allows virtual network resources to privately connect to other resources as if they were part of the same network, carrying traffic across the Microsoft Azure backbone instead of the internet. It is a network interface connected to your virtual network, assigned with a private IP address. It is used to connect privately and securely to a service powered by Azure Private Link or a Private Link Service that you or a partner might own.
- Private Link Service – your own service, powered by Azure Private Link that runs behind an Azure Standard Load Balancer, enabled for Private Link access. This service can be privately connected with and consumed using Private Endpoints deployed in the consumer’s virtual network.
Private Link has the following benefits
- Secures access to services over the Microsoft backbone
- The service can be used to connect virtual networks with overlapping address spaces
- Allows private access to services running in Azure from on-premise or peered networks
- The service can connect to resources running in other regions offering global reach
- Ability to enable private link access to your services
- Supports various PaaS, partner, and customer-owned services
Azure Private Link enables you to access Azure PaaS Services and Azure hosted customer/partner services over a Private Endpoint in your virtual network.
Traffic between your virtual network and the service traverses over the Microsoft backbone network, eliminating exposure from the public Internet.
You can also create your own Private Link Service in your virtual network (VNet) and deliver it privately to your customers.
- Private Link Docs - 1:00
- Private Link Center - 2:48
- Add Private Endpoint - 3:36
- Build Private Endpoint - 5:29
- Create Private Link Svc - 7:23
- Test Private Link Svc - 10:30
- Test Azure SQL - 14:36
- Test Azure Storage - 16:11
Agenda
- 00:00 Episode introduction
- 00:24 Network Security Groups
- 01:42 Network Security Groups Demo
- 05:18 Network Security Groups Summary
- 06:22 Application Security Groups
- 07:53 Summary of Security Groups
Here are some additional resources regarding Azure Private Link
Clients can connect to the private endpoint from the same VNet, peered VNet in same region or across regions, or via VNet-to-VNet connection across regions. Additionally, clients can connect from on-premises using ExpressRoute, private peering, or VPN tunneling. Below is a simplified diagram showing the common use cases.
Source: Private Link - Azure Database for PostgreSQL - Single server | Microsoft Docs
Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer-owned/partner services over a private endpoint in your virtual network.
Traffic between your virtual network and the service travels the Microsoft backbone network. Exposing your service to the public internet is no longer necessary. You can create your own private link service in your virtual network and deliver it to your customers. Setup and consumption using Azure Private Link is consistent across Azure PaaS, customer-owned, and shared partner services.
Managed Identity has a service principal built-in.
Managed Identity creates an enterprise application under the hood. This application is like the AAD app.
An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, giving you control over which resources can be accessed and at which level. For security reasons, it's always recommended to use service principals with automated tools rather than allowing them to log in with a user identity.
You can enable a managed identity directly on a service instance. When you allow a system-assigned managed identity during the creation of the service, an identity is created in Azure AD tied to that service instance's lifecycle. By design, only that Azure resource can use this identity to request tokens from Azure AD. So when the resource is deleted, Azure automatically deletes the identity for you. Azure Synapse Analytics requires that a system-assigned managed identity must be created along with the Synapse workspace.
A managed identity can also be created as a standalone Azure resource. The user-assigned managed identity can be created and then assigned to one or more instances. In user-assigned managed identities, the identity is managed separately from the resources that use it.
You can create, delete, and manage user-assigned managed identities in Azure Active Directory.
The new Azure Monitor Agent (AMA) and the Data Collection Rules (DCR) improve on key areas of data collection. This includes cost reduction, improved security and performance, and easier management overall across its lifecycle. Upgrade your Azure Monitor Agents for Linux version to v1.19.3 to leverage these benefits on the latest distros like Ubuntu 22.04, Rocky Linux, and AlmaLinux.
Source: Generally available: Azure Monitor Agent available on latest Linux distros
With private link support, incoming traffic to an Azure Application Gateway frontend can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link. Traffic between private endpoints in your virtual network and your Application Gateway will traverse a secure and private connection.
Source: Public preview: Private link support in Azure Application Gateway
Azure Databricks is a data analytics platform optimized for the Microsoft Azure cloud services platform. Azure Databricks offers three environments for developing data-intensive applications: Databricks SQL, Databricks Data Science & Engineering, and Databricks Machine Learning.
Azure Databricks is now generally available in Sweden Central and West Central US. For more information about Azure Databricks, see the Azure Databricks documentation.
Source: General availability: Azure Databricks available in new regions
Azure Firewall Premium IDPS signature lookup is a great way to better understand the applied IDPS signatures on your network as well as fine-tuning them according to your specific needs. IDPS signatures lookup allows you to:
- Customize one or more signatures and change their mode to Disabled, Alert, or Alert and Deny. For example, if you receive a false positive where a legitimate request is blocked by Azure Firewall due to a faulty signature, you can use the signature ID from the network rules logs and set its IDPS mode to off. This causes the "faulty" signature to be ignored and resolves the false positive issue.
- You can apply the same fine-tuning procedure for signatures that are creating too many low-priority alerts, and therefore interfering with visibility for high-priority alerts.
- Get a holistic view of the entire 58,000 signatures.
- Smart search.
- Allows you to search through the entire signatures database by any type of attribute. For example, you can search for specific CVE-ID to discover what signatures are taking care of this CVE by typing the ID in the search bar.
To meet the demanding requirements of mission-critical enterprise workloads, new features are constantly added to Azure NetApp Files, and previously released preview features are moved into general availability. The following capabilities are recently generally available and no longer need registration for use: AES encryption for AD authentication, Backup policy users, Administrators privilege users and Dynamic change of service level.
Additionally, feature regional coverage continues to expand for Azure NetApp Files cross-region replication. The following are the cross-region replication region pair additions: Brazil South and South Central US, West US 3 and East US, Australia Central and Australia Central 2, France Central and West Europe.
Source: General availability: Feature general availability and feature expansion of regional availability
Azure Data Explorer connector for Power Automate, Logic Apps, and Power Apps enables you to automate alerts and notifications, orchestrate business workflows, and build low-code, no-code apps. This is done by using native Azure Data Explorer actions to execute KQL queries and commands on your cluster.
Some of the key scenarios that can be built using integration of Azure Data Explorer with Power Automate and Logic Apps:
- Automation of alerts and notifications
- Automation of recurring tasks and business workflows
- Automation of copy of data scenarios
- Automation of export of data
- Integration with Microsoft or 3rd party services
Some of the key scenarios that can be built using integration of Azure Data Explorer with Power Apps:
- Management of reference data
- Data entry scenarios such as audits in manufacturing plants
- Decision-making apps e.g. in energy and utilities industry, one of the common scenario is to predict the maintenance of machines and sending a technician to respond to those scenarios.
Source: General availability: Azure Data Explorer connector for Power Automate, Logic Apps, and Power Apps
Azure Application Gateway is a load balancing solution provided by Microsoft Azure. This web traffic load balancer works on Layer 7 of the OSI model and enables you to manage traffic for your web applications. Unlike traditional load balancers that operate at Layer 4 and route traffic based on source IP address and port, Azure Application Gateway makes routing decisions based on additional attributes of an HTTP request such as URI path or host headers.
Source: What is Azure Application Gateway? Step-by-Step Tutorial (intellipaat.com)
Check out these great new capabilities released in Azure Firewall
- Intrusion Detection and Prevention System (IDPS) signatures (GA)
- TLS inspection (TLSi) Certification Auto-Generation (GA)
- Web categories lookup (GA)
- Structured Firewall Logs (Preview)
- IDPS Private IP ranges now in (Preview)
To select the correct subscription use
Get-AzSubscription -SubscriptionName "{name}" | Select-AzSubscription
Azure Firewall Manager now supports managing DDoS Protection Plans for virtual networks and Azure Web Application Firewall (Azure WAF) policies for application delivery platforms: Azure Front Door and Azure Application Gateway.
Key benefits:
Central deployment and configuration
- Deploy and configure multiple WAF policies and DDoS plans
- Secure Azure Front Door Application Gateway with WAF policies at scale
- Protect Virtual Networks with DDoS plans and Azure Firewall simultaneously
- Upgrade from legacy WAF configuration to WAF policies on Application Gateway
View all application delivery platforms and virtual networks in a single place
- Gain visibility of all deployments across regions and subscriptions
Manage overall network security posture
- Adopt Zero-Trust principles by managing WAF, DDoS, and Azure Firewalls all in a central platform
- Monitor network security coverage in dashboard, across subscriptions
There are no additional charges for using WAF policy and DDoS management in Azure Firewall Manager.
Source: General availability: Azure WAF policy and DDoS management in Azure Firewall Manager
You can now benefit from remote management capabilities through a single pane of glass using the Windows Admin Center in order to manage multiple clusters from one central location.
Source: Public preview: Windows Admin Center in the Azure portal
Generate an authorization for the ExpressRoute Direct resource and redeem the authorization to create an ExpressRoute Circuit in a different subscription and/or Azure Active Directory Tenant. This feature is currently available in public preview.
Source: Public preview: ExpressRoute Direct and Circuit in different subscriptions
Azure Virtual Network Manager is now in public preview in nine new regions.
You can create an Azure Virtual Network Manager instance in nine additional regions and manage your virtual networks at scale across regions, subscriptions, management groups, and tenants globally from a single pane of glass.
- US South Central
- Southeast Asia
- Canada Central
- Japan East
- Japan West
- Australia East
- UK South
- Switzerland North
- Central India
With this announcement, Azure Virtual Network Manager public preview is now available in 20 Azure regions worldwide. Azure Virtual Network Manager helps you create your desired topologies like hub and spoke and mesh with just a few clicks. The security admin rules feature allows you to enforce security policies throughout your organization.
Source: Public preview: Azure Virtual Network Manager in nine new regions
Using application groups, you can create logical groupings between client applications that connect (publish or consume events) with Event Hubs and apply throttling and data access policies per each group. You can associate an application group with a uniquely identifiable condition such as the security context (shared access signatures (SAS) or Azure Active Directory (Azure AD) application ID - of the client application).
By defining an application group and using application group policies, you can throttle low priority producers or consumers while allowing high priority producers or consumers to stream data without any interruptions.
Source: Public preview: Resource governance for client applications in Azure Event Hubs
Today, we’re officially releasing GitHub Copilot, an AI pair programmer that suggests code in your editor, to all developers for $10 USD/month or $100 USD/year.
To show our appreciation to the Open Source and Learning communities, it will also be free to use for verified students and maintainers for popular open-source projects on GitHub.
Also thanks to users who are already in the technical preview program. You can continue enjoy free access until August 22nd.
Source: GitHub Copilot is now available to individual developers
You can now capture event streams of Azure Event Hubs in Parquet format to storage services.
Using Azure Event Hubs, no code editor for event processing, you can automatically capture streaming data in an Azure Data Lake Storage Gen2 account in Parquet format. The no code editor allows you to easily develop an Azure Stream Analytics job without writing a single line of code.
Source: Public preview: Apache Parquet capturing support in Azure Event Hubs
To create a new TextAnalyticsClient to detect the language a document is written in, you need a Cognitive Services or Language service endpoint and credentials.
string endpoint = "<endpoint>"; string apiKey = "<apiKey>"; var client = new TextAnalyticsClient(new Uri(endpoint), new AzureKeyCredential(apiKey));
To detect the language of a single document, use the DetectLanguage method. The detected language the document is written in will be returned in the DetectedLanguage object, which contains the language and the confidence that the service's prediction is correct.
string document = @"Este documento está escrito en un idioma diferente al Inglés. Tiene como objetivo demostrar cómo invocar el método de Detección de idioma del servicio de Text Analytics en Microsoft Azure.";
try
{
Response<DetectedLanguage> response = client.DetectLanguage(document);
DetectedLanguage language = response.Value;
Console.WriteLine($"Detected language {language.Name} with confidence score {language.ConfidenceScore}.");
}
catch (RequestFailedException exception)
{
Console.WriteLine($"Error Code: {exception.ErrorCode}");
Console.WriteLine($"Message: {exception.Message}");
}
Source: azure-sdk-for-net/Sample1_DetectLanguage.md at main · Azure/azure-sdk-for-net
Language Studio is a set of UI-based tools that lets you explore, build, and integrate features from Azure Cognitive Service for Language into your applications.
Language Studio provides you with a platform to try several service features and see what they return visually. It also provides an easy-to-use experience to create custom projects and models to work on your data. Using the Studio, you can get started without needing to write code and then use the available client libraries and REST APIs in your application.
Custom certificate authorities (CAs) allow you to establish trust between your Azure Kubernetes Service (AKS) cluster and your workloads as private registries, proxies, and firewalls. A Kubernetes secret is used to store the certificate authority's information until it is passed to all nodes in the cluster.
This feature is applied per node pool. Therefore, new and existing node pools must be configured to enable the feature.
The Azure Key Vault Secrets Provider extension enables fetching the secrets, keys, and certificates from an Azure Key Vault into an Arc-connected Kubernetes cluster. Remove the need to store and maintain secrets locally on the clusters and outsource the management of secrets to AKV as the central secrets management solution.
Source: General availability: Azure Key Vault secrets provider on Azure Arc enabled Kubernetes
Our accessibility journey in Visual Studio has taught us that developers love to customize their experiences to help them be productive. Some developers have been telling us that they want to use sound to help them understand what’s happening in their code. A short, simple sound when the caret arrives on a line with an error can quickly help some developers understand where their attention needs to be.
Visual Studio Code introduced a handful of these audio cues, and many developers love them. We’re happy to bring them to Visual Studio.
Source: Listen Up, Visual Studio has a new feature you need to hear about!
AKS support for Kubernetes release 1.24 is now in public preview. Kubernetes 1.24 delivers 46 enhancements. This release includes new changes such as the removal of Dockershim.
Source: Public preview: Kubernetes release 1.24 support in AKS
Azure Kubernetes Service (AKS) clusters, whether deployed into a managed or custom virtual network, have certain outbound dependencies necessary to function properly.
Previously, in environments requiring internet access to be routed through HTTP proxies, this was a problem. Nodes had no way of bootstrapping the configuration, environment variables, and certificates necessary to access internet services.
This feature, now generally available, adds HTTP proxy support for AKS clusters, exposing a straightforward interface that cluster operators can use to secure AKS-required network traffic in proxy-dependent environments.
Source: Generally available: HTTP proxy support for AKS clusters
Azure Front Door is an Application Delivery Network (ADN) as a service, offering various layer 7 load-balancing capabilities for your applications.
Azure Front Door supports dynamic site acceleration (DSA), TLS/SSL offloading and end-to-end TLS, Web Application Firewall, cookie-based session affinity, URL path-based routing, free certificates, and multiple domain management, and others.
Azure App Service enables you to host web apps and API apps in the programming language that you choose, allowing autoscale and high availability without having to manage infrastructure.
Azure Private Link provides private connectivity that you can use to access Azure PaaS services like Azure Storage and Azure SQL Database or to access customer or partner services from a virtual network.
Azure Private Link private endpoints allow you to connect privately and with improved security to Azure services.
While both Front Door and Application Gateway are layer 7 (HTTP/HTTPS) load balancers, the primary difference is that Front Door is a non-regional service whereas Application Gateway is a regional service. While Front Door can load balance between your different scale units/clusters/stamp units across regions, Application Gateway allows you to load balance between your VMs/containers etc. that is within the scale unit.
Azure Virtual Network is the fundamental building block for creating your own private network in Azure. It provides a highly secure environment for running Azure resources like virtual machines. Azure resources like virtual machines (VMs) can securely communicate with each other, the internet, and on-premises networks through Virtual Networks.
Azure SQL Database is a general-purpose relational database managed service that supports relational data, spatial data, JSON, and XML.
This version has a significant performance and robustness advantage over the old version.
To get a sense of improvement, consider this simple fan-out-fan-in orchestration of over 15k activities.
A fan-out-fan-in benchmark
Here we use Durable Functions Extension version 2.6.1 and run this benchmark on the Azure Functions Consumption plan for Windows. We then compare the performance of this benchmark between the npm package `durable-functions` version `1.5.4` and version `2.0.0`. See results below.
This release makes use of new features in the Durable Functions Extension to prevent race conditions that cause orchestrations to get stuck in large fan-out-fan-in scenarios, especially when durable timers are involved.
Try it out by installing version 2.0.0, or later of the SDK.
Important Note: This release has a few breaking changes for certain edge use cases. For details, please see our release notes.
Durable Functions, an extension to Azure Functions that lets you define stateful serverless workflows in code, now supports Java. You can use Durable Functions to implement complex function orchestration that would otherwise require writing lots of boilerplate code for state management.
In this preview, you can leverage existing Durable Functions patterns such as "function chaining", "fan-out/fan-in", "async HTTP APIs", "monitor", and "human interaction". The sample below shows a simple, durable function that is triggered by an HTTP request and invokes tasks in a sequence.
The Azure SQL migration extension for Azure Data Studio enables you to assess, get Azure recommendations and migrate your SQL Server databases to Azure.
The following flowchart will help you to choose a load-balancing solution for your application. The flowchart guides you through a set of key decision criteria to reach a recommendation.
Further reading at Load-balancing options - Azure Architecture Center
Azure offers a number of ways to host your application code. The term compute refers to the hosting model for the computing resources that your application runs on. The following flowchart will help you to choose a compute service for your application.
Further reading at Choose an Azure compute service
GitHub is transitioning map rendering services from MapBox to Azure Maps in our Free, Pro, and Team plans. This includes maps embedded in the site file viewer, embedded maps, and maps rendered in markdown. As part of the transition, custom icons and formatting of features in geojson and topojson files will no longer be supported. This change will not impact our Enterprise Cloud instances which will continue to use MapBox for map rendering. Documentation can be found here:
You can now apply a filter to limit exporting device data including telemetry, property changes, and device events from devices under an organization in your Azure IoT Central data exports. To apply this filter, use the organizations filter, under operator, and specify the organizations path as value in your Azure IoT Central data export. You can also include the entire organizations path in the export message. To include the organizations path, use the data transformation capability in data export to pass the "organizationPaths" in the outgoing message.
Source: Generally available: Export device data under an organization in Azure IoT Central
Azure Virtual Machine Backup enables you to create an enhanced policy to take multiple daily snapshots. Understanding your need to protect mission-critical workloads in Azure Virtual Machines, Azure Backup now previews low recovery point objective (RPO) to as low as four hours.
With this capability, you can define the duration your backup jobs would trigger and align your backup schedule with the working hours when there are frequent updates. Understanding your need for higher retention in instant restore, enhanced policy is designed to offer instant restore retention with a default of seven days retention and a maximum of 30 days. This ensures minimal data loss in the event of corruption or updates.
Source: Public preview: Multiple backups per day for Azure Virtual Machines
Azure Advisor provides a personalized list of best practices for optimizing your Azure Database for MySQL - Flexible Server instance. The feature analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources.
Source: General availability: Azure Advisor support for Azure Database for MySQL - Flexible Server
Data duplication across your data landscape is a common challenge. You can now share data with your consumers (internal or external) from Azure Storage without physically copying it over. To ease your data management efforts, you can govern the whole process from Purview.
Further reading at Share data near real-time with Microsoft Purview in-place data sharing for Azure Storage
Infracost is a great cost visibility tool for cloud infra. Infracost's VSCode extension shows a snapshot of the total cost of resources right above their Terraform definitions.
Sample architecture for building decentralized trust between banks - this example will show how various Azure services can be quickly provisioned for the deployment of an efficient private Ethereum PoA blockchain where member banks can establish their own nodes.
Read more at Decentralized trust between banks - Azure Example Scenarios | Microsoft Docs
The cost of a typical application hack in today's modern world is high, and traditional WAFs don’t always work. This webinar details how you can better secure your Kubernetes apps with NGINX.
Azure Storage is announcing the public preview of the ability to create an additional 5000 Azure Storage accounts per subscription per region. This is a 20 times increase from the current limit of 250 and helps you create several hundred or thousand storage accounts to address your storage needs within a single subscription instead of creating additional subscriptions.
Source: Public preview: Create an additional 5000 Azure Storage accounts within your subscription
Restoring a backup file is the easiest way to copy a SQL Server database to another instance. It allows you to create a copy of your production database for easier troubleshooting or debugging of an issue, to provide a copy of a database to your end users or eligible third parties, or as a light-weight business continuity/disaster recovery solution to restore functionality on another instance of SQL Server. These are just a few use cases, and the list is much longer and there are some very inventive ways of using backup-restore in the wild.
Multi-user authorization (MUA) for Backup adds an additional layer of protection for critical operations on your recovery services vaults, providing greater security for your backups. To provide multi-user authorization, Backup uses a resource guard to ensure critical operations are performed with proper authorization. With this, Azure Backup provides improved protection against operations that could lead to potential loss of backup data, including:
- Disable soft delete and hybrid security settings
- Disable multi-user authorization protection
- Modify backup policy (to reduce retention)
- Modify protection (to reduce retention)
- Stop protection with delete data
- Change MARS security PIN
The backup administrator, who typically owns the recovery services vault, needs to gain the contributor role on the resource guard to be able to perform the aforementioned protected (critical operations). This also requires action from the owner of the resource guard to approve and grant the required access. You can also use Azure AD Privileged Identity Management to manage just-in-time access on the resource guard. Additionally, you can create the resource guard in a subscription or a tenant different from the one that has the recovery services vault, to achieve maximum isolation.
Please refer to the documentation to learn more about multi-user authorization for Azure Backup, and for details on configuration and use.
Source: Generally available: Azure Backup multi-user authorization for recovery services vaults
Seamless data sharing between organizations eliminates data silos, facilitates data-empowered decisions, and unlocks tremendous competitive advantages. Traditionally, organizations have shared data with internal teams or external partners by generating data feeds requiring data copy and refresh pipelines investment. The result is a higher cost for data storage and movement, data proliferation (i.e., multiple copies of data), and delay in access to time-sensitive data. Near-real time access to data is the key to harnessing the true power and scale of big data in enterprise data lakes to effectively realize consistent and reliable data driven decisions.
Source: Share data near real-time with Microsoft Purview in-place data sharing for Azure Storage
The AzureDataExplorer connector for PowerAutomate (previously Microsoft Flow) enables you to orchestrate and schedule flows and send notifications, and alerts, as part of a planned or triggered task.
- Send notifications and alerts based on query results, such as when thresholds exceed certain limits.
- Send regular reports, such as daily or weekly, tables and charts.
- Schedule regular jobs using control commands on clusters. For example, copy data from one table to another using the .set-or-append command.
- Export and import data between Azure Data Explorer and other databases.
Documentation at Azure Data Explorer connector for Power Automate
Usage Examples at Usage examples for Azure Data Explorer connector to Power Automate
This runtime provides a new way for customers to take advantage of the Functions programming model on-premises. Built on the same open-source roots that Azure Functions service is built on, Azure Functions Runtime can be deployed on-premises and provides a near similar development experience as the cloud service.
- Harness unused compute power: It provides a cheap way for customers to perform certain tasks such as harnessing the compute power of on-premises PCs to run batch processes overnight, leveraging devices on the floor to conditionally send data to the cloud, and so on.
- Future-proof your code assets: Customers who want to experience Functions-as-a-Service even before committing to the cloud would also find this runtime very useful. The code assets they build on-premises can easily be translated to the cloud when they eventually move.
KEDA (or, Kubernetes Event-Driven Autoscaling) is a Kubernetes-based event-driven auto-scaler for Pods. With KEDA, we can scale out our application easily and then scale back to 0 which is not possible when it comes to the default HPA (Horizontal Pod Autoscaler) of Kubernetes.
Read more at Scale your Apps using KEDA in Kubernetes
Whether you're a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you're spending, where, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Microsoft Cost Management comes in.
- Viewing cost in the Azure mobile app
- Introducing a new API for configuring cost alerts
- Prevent budget overages with action groups common alert schema
- Amplify your learning experience in Cost Management
- Help shape the future of navigation in Cost Management and Billing
- What's new in Cost Management Labs
- New ways to save money with Microsoft Cloud
- New videos and learning opportunities
- Documentation updates
- Join the Microsoft Cost Management team
Azure Monitor Agent (AMA) replaces Log Analytics agents and provides a secure, cost-effective, simplified, and performant way to collect telemetry data from Azure Virtual Machines, Virtual Machine Scale Sets, Arc-enabled servers, and Windows client devices. Today we are announcing public preview support for installation and authentication of AMA extension at-scale using Managed Identity user-assigned mode. You can use the built-in policies and initiatives to deploy the agent extension across virtual machines and scale sets.
User-assigned identity is more scalable and resilient compared to system-assigned identity. It is recommended for at-scale installation using agent extension on Azure Virtual Machines and Virtual Machine Scale Sets.
Source: Public preview: User-assigned Managed Identity support for Azure Monitor Agent
Azure Monitor Agent (AMA) provides a secure, cost-effective, simplified, and performant way to collect telemetry data from Azure Virtual Machines, Virtual Machine Scale Sets, Arc-enabled servers, and Windows client devices. You must migrate from the Log Analytics agent (MMA or OMS agents) to this agent before August 2024. To make this process easier for you, we are launching a public preview today of agent migration tools.
AMA Migration Helper: A workbook-based solution in Azure Monitor that helps you discover what to migrate and track progress as you move from legacy agents to Azure Monitor agent on your virtual machines, scale sets, on-premise and Arc-enabled servers in your subscriptions. Use this single glass pane view to expedite your agent migration journey.
Source: Public preview: Migration tools for Azure Monitor Agent
With Windows Server 2022 support, you can now enable Container Insights for your AKS clusters running on this operating system.
The following limitations apply to Windows Server 2022 clusters:
- A maximum of 30 Windows Server containers are supported
- Windows does not provide the Memory RSS metric
- Disk Storage capacity information is not available
- Only Kubernetes, not Docker, environments are monitored
Source: Public preview: Container Insights now supports Windows Server 2022
The standard test can run any single request test required and is a major upgrade on the existing URL ping test. It has the reactive SSL check but also a proactive SSL certificate check. You can set a time period before a certificate expires to be alerted that it will need to be updated. The standard test also has a dedicated configuration section for more advanced tests, can be deployed in up to 16 locations.
As part of this release, standard tests will now incur additional costs to continue to utilize. If you have set up standard tests as part of the preview, these will no longer run without cost.
Source: General availability: Application Insights standard test for synthetic monitoring
When you build an application, you want it to be fast. Users should perceive it as fast and performant, even when many users are using it. And your application should continue to work without errors when it is under load. It can be difficult to know how your application behaves when it is used by many concurrent users. Azure Load Testing can help by putting your application under load and analyzing how it performs.
Read more at How to test application performance with Azure Load Testing
MySQL workloads are often read-heavy and support customers with operations in different geographical locations. To provide for Disaster Recovery (DR) in the rare event of a regional disaster, Azure Database for MySQL - Flexible Server offers Geo-restore.
An alternate option for DR or read scaling across regions is to create an Azure Database for MySQL flexible server as the source server and then to replicate its data to a server in another region using Data-in replication.
Read more at Cross region replication using Data-in replication with Azure Database for MySQL - Flexible Server
Azure Active Directory (Azure AD) authentication for Azure Monitor Application Insights is now fully released. By using Azure AD, you can now ensure that only authenticated telemetry is ingested in your Application Insights resources.
Typically, using various authentication systems can be cumbersome and pose risks since it’s difficult to manage credentials on a large scale. You can now choose to opt out of local authentication and ensure only telemetry that is exclusively authenticated using Managed Identities and Azure Active Directory is ingested in your Application Insights resource.
This feature is a step to enhance the security and reliability of the telemetry used to make both critical operational (alerting/autoscale etc.) and business decisions.
Source: General availability: Azure Active Directory authentication for Application Insights
As part of our commitment to delivering the best possible value for Azure confidential computing, we're announcing the support to create confidential VMs using Ephemeral OS disks. This enables customers using stateless workloads to benefit from the trusted execution environments (TEEs). Trusted execution environments protect data being processed from access outside the trusted execution environments.
Source: Public preview: Ephemeral OS disk support for confidential virtual machines
You can now set a retry policy using Event Hubs or timer triggers that re-execute a function until successful execution or the maximum number of retries occur.
Source: Generally available: Azure Functions retry policy for Event Hubs and timer triggers
With the latest preview release for Azure IoT Central REST API (2022-06-30), there is now preview support for a series of new endpoints. Note: these capabilities should be leveraged to develop and test your solutions; however, you should avoid the use of any preview endpoints within your production scenarios. The Azure IoT Central product group strives for high stability across all of our preview and generally available endpoints; however, it reserves the right to change the preview endpoint schema based on customer feedback.
Source: Public preview: 2022-06-30 Azure IoT Central REST API release is now live
In this video, learn how to use scope to define the records that will be evaluated by your query in Log Analytics.Log Analytics allows you to set a scope for a particular monitored Azure resource, group of resources, Log Analytics workspace, or Application Insights resource.
Previously, Microsoft announced the public preview release of Gateway Load Balancer (GWLB), a new SKU of Azure Load Balancer targeted for transparent NVA (network virtual appliance) insertion supported by a growing list of NVA providers. Today, placing NVAs in the path of traffic is a growing need for customers as their workloads scale. Common use cases of NVAs we’ve seen are:
- Allowing or blocking specific IPs using virtual firewalls.
- Protecting applications from DDoS attacks.
- Analyzing or visualizing traffic patterns.
And GWLB now offers the following benefits for NVA scenarios:
- Source IP preservation.
- Flow symmetry.
- Lightweight NVA management at scale.
- Auto-scaling with Azure Virtual Machines Scale Sets (VMSS).
With GWLB, bump-in-the-wire service chaining becomes easy to add on to new or existing architectures in Azure. This means customers can easily “chain” a new GWLB resource to both Standard Public Load Balancers and individual virtual machines with Standard Public IPs, covering scenarios involving both highly available, zonally resilient deployments and simpler workloads.
Figure 1: GWLB can be associated to multiple consumer resources, including both Standard Public Load Balancers and Virtual Machines with Standard Public IPs. When GWLB is chained to the front-end configuration or VM NIC IP configuration, unfiltered traffic from the internet will first be directed to the GWLB and then reach the configured NVAs. The NVAs will then inspect the traffic and send the filtered traffic to the final destination, the consumer application hosted on either the load balancer or virtual machine.
Source: Gateway Load Balancer now generally available in all regions
Today we are announcing improvements that 1) Enable resumable database backup restores for Azure SQL Managed Instance in case of impactful system updates, and 2) Removal of the 36 hrs. limitation to hold off system updates once a migration from SQL Server to managed instance has started. These improvements apply to Log Replay Service (LRS), Azure SQL migration extension for Azure Data Studio, and Azure Database Migration Services (DMS).
Log Replay Service (LRS) is our implementation of the SQL Server log shipping to the cloud, and perhaps the most used feature for orchestration of migration jobs from SQL Server 2008-2019 to Azure SQL Managed Instance. LRS infrastructure powers Azure SQL migration extension for Azure Data Studio, and Azure Database Migration Services (DMS). Azure Blob Storage is used as an intermediary to store backup files from SQL Server, and LRS is used to restore these backup files on managed instance in NORECOVERY mode. Customers can add differential and log backups continuously to Azure Blob Storage, and these will be continuously restored on Managed instance. Once the last backup file has been restored, and manual or automated cutover initiated, the migration is complete.
Microsoft announced the preview of Premium SSD v2, the next generation of Microsoft Azure Premium SSD Disk Storage. This new disk offering provides the most advanced block storage solution designed for a broad range of input/output (IO)-intensive enterprise production workloads that require sub-millisecond disk latencies as well as high input/output operations per second (IOPS) and throughput—at a low cost. With Premium SSD v2, you can now provision up to 64TiBs of storage capacity, 80,000 IOPS, and 1,200 MBPS throughput on a single disk. With best-in-class IOPS and bandwidth, Premium SSD v2 provides the most flexible and scalable general-purpose block storage in the cloud, enabling you to meet the ever-growing demands of your production workloads such as—SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. Moreover, with Premium SSD v2, you can provision granular disk sizes, IOPS, and throughput independently based on your workload needs, providing you more flexibility in managing performance and costs.
With the launch of Premium SSD v2, our Azure Disk Storage portfolio now includes one of the most comprehensive sets of disk storage offerings to satisfy workloads ranging from Tier-1 IOPS intensive workloads such as SAP HANA to general purpose workloads such as RDMS and NoSQL databases and cost-sensitive Dev/Test workloads.
Azure Monitor for SAP solutions (version 2) is in public preview. SAP on Azure customers can collect and visualize end-to-end technical monitoring for SAP workloads in the Azure portal. Both SAP BASIS teams and infrastructure teams can use this product to view SAP telemetry and infrastructure telemetry at one place. Azure Monitor for SAP solutions is easy to use, deploy, and maintain.
Going forward, the new product version launched today will be referred to as Azure Monitor for SAP solutions (AMS). The previous version of product will be referred to as Azure Monitor for SAP Solutions (classic).
Azure Monitor for SAP solutions provides telemetry for SAP NetWeaver, SAP HANA, High-availability (Pacemaker) Linux clusters, Microsoft SQL Server, IBM Db2, and Operating System (Linux). You can view pre-defined alert templates and configure alerts of your choice with few clicks.
This release of Azure Monitor for SAP solutions comes with new architecture. Azure Functions is a collector unit and makes connections to source systems that need to be monitored to collect telemetry data. Telemetry data is stored in Azure Log Analytics.
You can now get advisor recommendations scoped to a business unit, workload, or team and filter recommendations and calculate scores using tags you have already assigned to Azure resources, resource groups, and subscriptions. You can also use tag filters to:
1. Identify cost-saving opportunities by business units
2. Optimize critical workloads by comparing scores
Your organization can fully benefit from this functionality if a tagging strategy is adopted.
Announcing Public Preview of Confidential VM on AKS.
Azure confidential VMs (DCav5/ECav5) are VM based Hardware Trusted Execution Environment (TEE) that leverage SEV-SNP security features to deny the hypervisor and other host management code access to VM memory and state, providing defense in depth protections against operator access.
Source: Confidential VM node pool support on AKS with AMD SEV-SNP VM in preview (microsoft.com)
This video (GERMAN) demonstrates how to expose Azure Service Bus as REST service by using of Azure API Management.
Source: Exposing ServiceBus via Azure API Management | Microsoft Docs
Video: https://docs.microsoft.com/video/media/1de8e6a2-c0ae-4565-902a-be1534538bff/apimsb_mid.mp4
Today, Azure SQL Managed Instance supports cross-instance distributed transactions, meaning that you can run distributed transactions between multiple databases hosted on several managed instances.
The scope of this improvement can enable you to run distributed transactions between Azure SQL Managed Instance and other distributed transaction participants and that includes:
- Azure SQL Managed Instance
- SQL Server hosted anywhere
- Relational Database Management Systems
- Other software that can participate in distributed transactions, such as MSMQ.
Running distributed transactions in a heterogenous environment can enable you to perform transparent migration of your databases from SQL Server; to entirely or partially migrate or modernize your existing solutions; and develop new applications with complex transactional patterns on Azure SQL Managed Instance.
Today, Azure SQL Managed Instance supports cross-instance distributed transactions, meaning that you can run distributed transactions between multiple databases hosted on several managed instances.
The scope of this improvement can enable you to run distributed transactions between Azure SQL Managed Instance and other distributed transaction participants and that includes:
- Azure SQL Managed Instance
- SQL Server hosted anywhere
- Relational Database Management Systems
- Other software that can participate in distributed transactions, such as MSMQ.
Running distributed transactions in a heterogenous environment can enable you to perform transparent migration of your databases from SQL Server; to entirely or partially migrate or modernize your existing solutions; and develop new applications with complex transactional patterns on Azure SQL Managed Instance.
This week at Microsoft Inspire it announced that Scheduled Agent Updates on Azure Virtual Desktop is now Generally Available!
This feature gives IT admins control over when the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent get updated. You can specify the time of day you want to update the Azure Virtual Desktop agent. You can schedule agents to be deployed at convenient times such as outside peak business hours so that business critical work and end user productivity is not interrupted.
To enable this feature in the Azure Portal, simply select the Scheduled Agent Updates tab for your host pool, check the box to enable Scheduled Agent Updates, enter your desired maintenance window and time zone setting, and select Apply.
The new Predefined and CustomV2 policies on Application Gateway come with TLS v1.3 support. They provide improved security and performance benefits, fulfilling the needs of your enterprise security policies. You may use out-of-the-box predefined policies or configure a preferred cipher-suite list by using the CustomV2 policy.
Source: Public preview: TLS 1.3 support on Application Gateway
Customers and Azure partners who are looking to build business continuity and disaster recovery solutions can use VM restore points to capture app consistent and crash consistent backups natively on the Azure platform. This can then be used to restore disks and VMs during scenarios such as data loss, data corruption, or disaster recovery.
VM Apps is a service that simplifies the management, sharing, and global distribution of application packages at scale. The ability to manage application packages at scale is critical to you. Today, you can manage application packages in storage accounts. While this is secure and reliable, managing and deploying these packages at a scale is a challenge.
Using VM Apps, you can create and securely store application packages in an Azure Compute Gallery. The create experience is as simple as packaging all the application-related files (including install and uninstall scripts) in a compressed package and uploading it to Azure. Package management is simplified with logical grouping and versioning capabilities available with the feature. These packages can then be shared with other users in your organization, across subscriptions, and tenants, who can deploy them on VM. Shared Applications give you the flexibility to make application packages available to a VM, even if the VM is locked down with no internet access.
With VM Applications, you can now define application packages, replicate, share and deploy them automatically to your VMs and Virtual Machine Scale Sets using ARM templates, the portal, CLI, or PowerShell. Add an application to a VM or VMSS at creation, or add, remove, and update applications on existing resources.
This feature provides flexibility and simplicity in managing, sharing, and deploying applications. Some features include:
- Support for pre-deployment applications settings, or a default configuration across all deployments.
- Deploy VM Apps to VM or VMSS across subscriptions using IAM.
- Package your applications and configuration in either page blobs or block blobs and replicate them across the desired regions.
- Proxies all packages to prevent direct access to any of the replicas from the VM.
- Ability to auto select “latest” available VM Apps version when installing an application.
Source: General availability: VM Applications – Manage and deploy applications to VMs and VMSS
Direct shared gallery is a new feature of Azure Compute Gallery that simplifies the sharing of resources with all users within the same subscription, same tenant, different subscription and different tenants without the need for any auxiliary tokens. When the gallery is shared with a target subscription or tenant, all users in the subscription or tenant will have read-only access to the gallery and they can create a VM or a VM scale set on the target subscription.
Source: Public preview: Share images across subscriptions and tenants with new Compute Gallery feature
You can now configure your Azure Stream Analytics job to write to a table in your Azure SQL Database that hasn't yet been created. You have to do the following steps:
- Make sure that there is incoming streaming data in your Azure Stream Analytics job
- Write your Stream Analytics query (or use the existing template of Select *)
- Test your Stream Analytics query
- Select "Create table" - Stream Analytics will use the schema from Step 3 to create a new table in your SQL Database.
Source: Public preview: SQL DB output connector improvements in Stream Analytics
Azure SignalR Service Premium Tier is now generally available. This plan provides greater resiliency, scalability, and flexibility.
Key features, including:
- An SLA including 99.95% availability.
- Availability Zone support: Distribute workloads evenly across multiple zones in a supported Azure region and redirecting traffic to other zones in the event of a failure.
- Autoscale capabilities: Specify rules that make it easy scale up and down to meet capacity needs and optimize resource usage.
- Custom domain support: Add your desired custom domain names to your application.
Source: Generally available: Azure SignalR Service Premium Tier
Azure Synapse Analytics Spark pools now support elastic pool storage. Apache Spark in Azure Synapse Ananlytics utilize temporary disk storage while the Spark pool is instantiated. For many Spark jobs, it's difficult to estimate the pools storage requirements, which can cause some Spark jobs to fail if the temporay storage is exhausted. Today we are enabling elastic pool storage which allows the Spark engine to monitor worker node temporary storage and attach additional disks if needed. No action is required by you, plus you should see less job failures as a result.
Source: Public preview: Azure Synapse Analytics Spark elastic pool storage
Azure IoT Central now gives you step-by-step instructions on how to connect your phone as a device so you can pilot key features. Connecting your phone to an Azure IoT Central application allows you to see raw data such as altitude and battery level flowing from your phone to the application. Once your phone is connected to Azure IoT Central, you will also have the ability to execute commands remotely. The tour gives you direct instructions on how to connect your phone to your Azure IoT Central application, configure a remote job, and create a new rule. The in-app guidance allows you to experience key capabilities of Azure IoT Central and prepares you for your IoT device onboarding.
To get started on the guided tour, navigate to the Azure IoT Central Build page to create a new application and then click on the Use phone as a device button to trigger the in-app guidance and explore the capabilities of Azure IoT Central.
Source: Generally available: Guided tour experience added to Azure IoT Central
Effective July 31 2022, all Public IPv6 Addresses and Public IPv6 Prefixes will be free. The Public IP billing meters will also reflect this change with updated naming: Basic IPv4 Public IP, Basic IPv4 Static Public IP, and Standard IPv4 Static Public IP.
For more information about Public IP pricing, visit the Public IP Pricing page. For more information about Public IPs, visit the Azure IP Services page.
Source: Generally available: Azure Public IPv6 offerings are free as of July 31
Previously, when creating a fork all branches from the parent repository were copied to the new fork repository. There are several scenarios where this is unneeded, such as contributing to open-source projects. When all branches are copied, it could result in slow repo cloning and unnecessary disk usage. With this new feature, only the default branch is copied; no other branches or tags. This may result in faster clones because only reachable objects will be pulled down.
Source: You can now fork a repo and copy only the default branch
Azure Kubernetes Service (AKS) provides the capability for organizations to deploy containers at scale. We are expanding the Azure confidential computing portfolio to enable AMD-based confidential VM node pools in AKS, adding defense-in-depth to Azure's already hardened security profile.
With the general availability of confidential virtual machines featuring AMD 3rd Gen EPYC™ processors, with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features, organizations get VMs with isolated, encrypted memory and genuine confidentiality attestation rooted to the hardware.
AKS is now equipped to have confidential and non-confidential node pools on a single cluster. This means that applications processing sensitive data can reside in a VM-level Trusted Execution Environment (TEE) node pool with memory encryption keys generated from the chipset itself.
Confidential node pools on AKS enable a seamless transition of Linux container workloads to Azure without the overhead of changing code.
Source: Public preview: AMD-based confidential VMs for Azure Kubernetes Service (AKS)
With next hop IP support, you can deploy network virtual appliances (NVAs) behind an Azure Internal Load Balancer (ILB) to achieve key active-passive connectivity scenarios and improve connectivity performance. To learn more about this feature, check out next hop IP support.
Source: General availability: Next hop IP support for Route Server
The AKS node pool start/stop feature allows you to completely stop specific user node pools and pick up later where you left off with a switch of a button, saving time and costs.
Previously, you had to either scale a user node pool and all its workloads down to zero in order to save costs or keep it running with a low footprint to avoid re-deployment, adding to operations time, or wasting compute resources. The start/stop feature keeps user node pool configurations in place, like the previous node count, allowing you to pick up where you left off without reconfiguring the node pools.
Source: Generally available: AKS node pool user start/stop feature
Currently, Azure Monitor VM insights requires a Log Analytics agent and a dependency agent installed on each virtual machine or virtual machine scale set to be monitored. This public preview will introduce a version of VM insights that makes use of the new Azure Monitor agent and would replace the existing Log Analytics agent.
Several key capabilities have been released in preview:
- Easy configuration using data collection rules to collect VM performance counters and specific data types.
- Option to enable/disable processes and dependencies data that provides Map view, thus, optimizing costs.
- Enhanced security and performance that comes with using Azure Monitor agent and managed identity.
Source: Public preview: Enable VM insights using Azure Monitor agent
Currently, VMs running on Azure Dedicated Host support the use of Standard and Premium Azure disks as data disks. With this preview, we are introducing support for Azure Ultra Disks on Azure Dedicated Host.
Azure Ultra disks are highly performant disks on Azure that offer high throughput (maximum of 4000 MBps per disk) and high IOPS (maximum of 160,00 IOPS per disk) depending on the disk size.
If you are running IaaS workloads that are data intensive and latency sensitive, such as Oracle DB, MySQL DB, other critical databases, and gaming applications, you will benefit from using Ultra disks as data disks on VMs hosted on Azure Dedicated Host.
Source: Public preview: Azure Dedicated Host support for Ultra SSD
Azure Services map with workload type
See details at Azure Solution Architect Map.pdf · GitHub
How to stay up-to-date with Microsoft Azure
Microsoft Azure is huge and changes fast! At this point in time, there are more than 200 services in Azure, with many, many features. The rate at which services evolve is amazing. New services come out all the time, and services are constantly being improved with new features. Microsoft is able to do this because most services are owned by separate teams that develop functionality.
This high rate of change is great because it keeps providing new ways to solve problems. However, it is very hard to stay up-to-date. It is very hard to keep track of new services; and what their purpose is in the world of Azure.
So the question is how to stay up-to-date? Here are some important information sources:
- Azure Friday | Microsoft Docs
- Azure This Week - A Cloud Guru
- Azure updates | Microsoft Azure
- Announcements | Azure Blog and Updates | Microsoft Azure
- Azure Blog and Updates | Microsoft Azure
- Azure App Service Team Blog
And also, the Azure Developer's Cheat Sheet at GitHub - milanm/azure-cheat-sheet: Azure Cheat Sheet
Join Scott Hanselman, Donovan Brown, or Lara Rubbelke as they host the engineers who build Azure, demo it, answer questions, and share insights.
Azure This Week is your weekly news roundup for all things Azure. Join our expert hosts as they cover everything you need to know about the past week’s developments, keeping it short, fun and informative.
Get the latest updates on Azure products and features to meet your cloud investment needs. Subscribe to notifications to stay informed.
See more at Azure updates | Microsoft Azure
Announcements, updates, deep-dive content, and event information from the Product and Engineering teams that run App Service at Microsoft.
See at Home - Azure App Service
Ever wondered how to handle dev/test/prod environments in Azure Landing Zones?
Then this is the video for you! Join Jack Tracey, Matt White & Kevin Rowlandson from the Microsoft Customer Architecture & Engineering team (the team that are responsible for Azure Landing Zones) as they talk through how to handle dev/test/prod application workloads in the Azure Landing Zone architecture.
See at Azure Landing Zones - Handling Dev/Test/Prod for Application Workloads - YouTube
Azure Database for PostgreSQL – Flexible Server provides maximum flexibility over your database, built-in cost-optimization controls, and support for latest PostgreSQL major versions compared to Single Server.
You typically must perform manual migrations using PostgreSQL dump and restore or using Azure Database Migration Service. The new migration tool (available in select regions) includes a seamless, inline experience to migrate your Single Server to Flexible Server and has automated a number of steps required for migration. It supports online and offline modes of migrations, and suitable for databases less than 1TB size.
Source: Public preview: Migration tool feature with Azure Database for PostgreSQL – Flexible Server
The ability for GitHub Enterprise Cloud owners to display members’ IP addresses for all audit logs events for private repositories and other enterprise assets, such as issues and projects, is generally available.
These IP addresses can be used to improve threat analyses and further secure your software. Note, IP addresses will continue to not be displayed for activity related to public repositories.
Serverless SQL for Azure Databricks, a new capability for Azure Databricks SQL, provides instant compute to users for their BI and SQL workloads, with minimal management required and capacity optimizations that can lower overall cost. You only pay for Serverless SQL when users start running reports or queries.
Serverless SQL was built for the modern business analyst who works on their own schedules and wants instant compute available to process their queries without waiting for clusters to start up or scale out. Organizations with business analysts who want to analyze data in the data lake with their favorite BI tools, including Power BI, will benefit from this capability. This makes it easier for organizations to expand adoption of the lakehouse for business analysts who are looking to access the rich, real-time datasets of the lakehouse with a simple and performant solution.
Azure Dedicated Host gives you more control over the hosts you deployed by giving you the option to restart any host. When undergoing a restart, the host and its associated VMs will restart while staying on the same underlying physical hardware.
With this new capability, now in preview, you can take troubleshooting steps at the host level.
The Enterprise and Enterprise Flash tiers of Azure Cache for Redis now support the popular RedisJSON module. This module adds native functionality to store, query, and search JSON formatted data, which allows you to store data more easily in a document-style format in Redis. This simplifies common Redis use cases like storing product catalog or user profile data.
RedisJSON support implements the community version of the module the collaboration with Redis Incorporated so you can utilize your existing knowledge and workstreams. RedisJSON is additionally designed to be used with the search functionality of RediSearch (also available in Azure Cache for Redis) to provide integrated indexing and querying of data.
Source: Public preview: RedisJSON available in Azure Cache for Redis Enterprise
We shared at Microsoft Inspire that one of our most anticipated features, Autoscale for pooled host pools, will soon be Generally Available on Azure Virtual Desktop. Today, we are happy to announce that Autoscale for pooled host pools is officially Generally Available!
Data Platform Virtual Summit 2022 (DPS 2022) is right around the corner! A FREE, global learning event for data professionals, DPS 2022 features a couple of learning formats including breakouts & Data Gurukuls. This content will be delivered by Azure Data Engineering, partner organizations, community leaders, and Data Platform MVPs. From September 19 to 23, the event is fine-tuned for multiple time zones running as five editions, ANZ, APAC, INDIA, EMEA, and AMERICAS making it a truly global and inclusive learning event. This year at DPS 2022 the content will be delivered in 14 different languages other than English. Attendees will get to learn about the latest SQL Server and Azure Data innovations and gain deep technical skills to move ahead in their careers.
Custom domain suffix capability is now available in App Service Environment (ASE), an Azure App Service feature that provides a fully isolated and dedicated environment for running App Service apps securely at high scale. Your apps are not restricted by the DNS settings for your App Service Environment’s default domain suffix to only be accessible by those domain names. Custom domain suffix is an internal load balancer (ILB) App Service Environment feature that allows you to use your own domain suffix to access the apps in your App Service Environment.
Source: General availability: Azure App Service Environment v3 support for custom domain suffix
You can now protect your Kubernetes clusters and container workloads from potential threats by restricting deployment of container images with vulnerabilities in their software components.
This feature allows you to use Azure Policy and Azure Defender for Containers to identify and patch vulnerabilities prior to deployment.
Source: Public preview: Policy blocking the deployment of vulnerable images
Update management center, the next iteration of Azure Automation Update Management solution, is now in public preview. It provides an out-of-the-box, easy-to-use experience for central management and governance of OS updates across all the machines, including:
-
Machines with Windows and Linux Operating systems.
-
Machines deployed on Azure, and on-premises or on other cloud platforms via Azure Arc.
You get the following key upgrades over Azure Automation update management solution:
-
Management and governance of updates for entire fleet of machines including Windows & Linux, Azure & Arc workloads.
-
No pre-requisites, zero onboarding steps.
-
Granular access control on each machine using Azure roles and identity.
-
Install updates right away or schedule them for a later date.
-
Flexibility to define scheduling windows including syncing patch cycles with patch Tuesdays (unofficial term for Microsoft’s scheduled security fix release on every second Tuesday).
-
New ways of patching such as automatic VM guest patching in Azure, hotpatch, or custom maintenance schedules
-
Policy driven enforcement of assessment and patching at scale.
Today we are officially announcing availability of the migration capability to move your existing VMware virtual machine, protected using Azure Site Recovery, from classic protection experience to modernized protection experience. With this capability, customers can move their existing replications of VMware virtual machines enabled using configuration server, to the modernized experience enabled using the ASR replication appliance.
The migration is guided by a smart detection mechanism, which ensures that complete initial replication is not performed again for non-critical replicated items. The capability calculates and provides estimated migration time to better assist customers and plan their migration. Additionally, the tool is integrated with a robust rollback mechanism. If the migration fails due to any reason, the operation will be automatically rolled back, and you will be moved back to the classic replication experience.
Moving to the modernized experience is recommended, as it aims at enhancing security, reducing manageability efforts, simplifying scale, cutting down manual intervention and adopting an automation first approach.
Source: General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience
Microsoft Dev Box is now in public preview. Microsoft Dev Box provides self-service access for developers to high-performance, cloud-based workstations preconfigured and ready-to-code for specific projects—all while maintaining security and corporate governance. With Microsoft Dev Box, organizations can:
- Maximize dev productivity with ready-to-code, self-service Dev Boxes.
- Centralize governance of workstations running anywhere to maintain greater security, compliance, and cost efficiency.
- Customize dev boxes with everything developers need for their current projects.
User-defined routes (UDRs) support for private endpoints is now generally available. This feature enhancement will remove the need to create a /32 address prefix when defining custom routes. You will now have the ability to use a wider address prefix in the user defined route tables for traffic destined to a private endpoint (PE) by way of a network virtual appliance (NVA). In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled on the subnet containing private endpoint resources.
Source: General availability: User-defined routes support for private endpoints
Network security groups (NSGs) support for private endpoints is now generally available. This feature enhancement provides you with the ability to enable advanced security controls on traffic destined to a private endpoint. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled on the subnet containing private endpoint resources.
At this time, Private Link network security group support is available in most public regions.
Source: General availability: Network security groups support for private endpoints
Azure Load Testing now supports load testing for private endpoints. You can create an Azure Load Testing resource and enable it to generate load from within your virtual network (VNET injection).
This functionality enables the following usage scenarios:
- Generate load to an endpoint that is deployed in an Azure virtual network
- Generate load to a public endpoint with access restrictions, such as restricting client IP addresses
- Generate load to an on-premises service, not publicly accessible that is connected to Azure via ExpressRoute
Source: Public preview: Microsoft Azure Load Testing supports private endpoints testing
Disaster Recovery to cloud is a resilient and cost-effective way of protecting the workloads against site outages and data corruption events like ransomware. Leveraging the VMware VAIO framework, on-premise VMware workloads can be replicated to Azure Blob storage and recovered with minimal or close to no data loss and near-zero recovery time objective (RTO). JetStream Disaster Recovert (DR) can seamlessly recover workloads replicated from on-premises to Azure VMware Solution. JetStream DR enables cost-effective disaster recovery by consuming minimal resources at the disaster recovery site as well as using cost-effective cloud storage.
JetStream DR can also replicate and automate recovery to Azure NetApp Files datastores. It can recover independent VMs or groups of related VMs into the recovery site infrastructure according to runbook settings. It also provides point-in-time recovery for ransomware protection.
Source: Generally available: JetStream DR for AVS supports Azure NetApp Files datastores
Azure Dedicated Host is a service that provides physical servers, able to host one or more virtual machines, dedicated to one Azure subscription. Dedicated hosts are the same physical servers used in our data centers, provided as a resource.
You can provision dedicated hosts within a region, availability zone, and fault domain. Then, you can place AKS VMs directly into your provisioned hosts, in whatever configuration best meets your needs.
Using Azure Dedicated Hosts for nodes with your AKS cluster enables:
- Hardware isolation at the physical server level. No other VMs will be placed on your hosts.
- Control over maintenance events initiated by the Azure platform. With dedicated hosts, you can opt-in to a maintenance window to reduce the impact to your service.
Today, we are announcing the general availability for a new Public IP capability on Azure VMware Solution. Most customer applications running on Azure VMware Solution require internet access. These applications require both outbound and inbound internet connectivity. Azure VMware Solution Public IP is a simplified and scalable solution for running these applications. With this capability, we enable the following.
- Direct inbound and outbound internet access for AVS to the NSX-T Edge.
- The ability to receive up to 1000 or more Public IPs.
- DDoS Security protection against network traffic in and out of the internet.
- Enable support for VMware HCX (migration tool for VMware VMs) over the public internet.
Source: Generally available: Public IP Capability for Azure VMware Solution
Save up to 55 percent on your usage of the Enterprise and Enterprise Flash tiers of Azure Cache for Redis by purchasing reserved instances. The reservation discount will automatically apply to your matching cache resources so the process of purchasing a reservation is streamlined. Reservations are available on a one-year basis for up to a 35 percent discount or on a three-year basis for a 55 percent discount. This is a great way to maximize the cost efficiency of your Azure deployment and ensure you get the best deal.
Source: General availability: Reserved instance pricing for Azure Cache for Redis Enterprise
Use server logs for Azure Database for MySQL - Flexible Server to enable logging for your server and save the results to a file. If you enable server logs and select the log type, you can download the logs from your server. Use the information in these logs to get detailed insights about the activities executed on your server, and then identify and troubleshoot potential issues.
Source: General availability: Server logs for Azure Database for MySQL - Flexible Server
Azure App Configuration now supports replicating your configuration data in the configuration store to replicas in other Azure regions. Available to standard tier subscribers, any updates or additions to key/values in the configuration store or in a replica will be automatically synchronized, using an eventual consistency model. This delivers benefits including:
- Increased resiliency – Replication across regions means that your configuration data will still be accessible should a service outage impact your store or any one of the replicas.
- Minimize latency – Now your applications can consume the data locally rather than issuing cross-region requests.
- Optimize request distribution – Replicas and the configuration store have unique applicable request limits, enabling you to distribute requests efficiently to avoid exhausting the request limits on either the replicas or the configuration store.
Source: Public preview: App Configuration geo replication support
Process your real-time data streams in Azure Event Hubs using Azure Stream Analytics. The no-code editor allows you to easily develop a Stream Analytics job without writing a single line of code. You can develop and run a job that tackles many scenarios within minutes.
There are four new features that will help you build and monitor your jobs:
- Managed identity: You can now use ‘managed identity’ as authentication mode in Event Hub streaming input, Cosmos DB streaming output, and Azure Data Lake Storage Gen2. Managed identities eliminate the limitations of user-based authentication methods, like the need to reauthenticate because of password changes or user token expirations that occur every 90 days.
- Azure Data Lake StorageGen2 reference data: You can now use Azure Data Lake Storage Gen2 as reference data in the query. Reference data is either static or changes slowly over time. It is typically used to enrich incoming streaming and do lookups in your job.
- Metrics: You can now monitor the health of your job by viewing metrics within no code editor. The metrics shown are for the last one hour by default. You can select any time ranging from the last 1 hour to 30 hours to view metrics for the job.
- Save job: You can now save your job anytime while creating it. For starting the job, you have to configure the Event Hub, transformations, and streaming outputs for the job.
Note: While the no code editor is in preview, the Azure Stream Analytics service is generally available.
Source: Public preview: Four new features in no code editor in Event Hubs
IPv6 support for Global Reach unlocks connectivity between on-premise networks, via the Microsoft backbone, for customers with dual-stack workloads. Establish Global Reach connections between ExpressRoute circuits using IPv4 subnets, IPv6 subnets, or both. This configuration can be done using Azure Portal, PowerShell, or CLI.
Source: General availability: ExpressRoute IPv6 Support for Global Reach
Ephemeral OS disk customers can choose encryption type between platform-managed keys or customer-managed keys for host-based encryption. The default is platform-managed keys. This feature would enable our customers to meet your organization's compliance needs.
Source: Public preview: Ephemeral OS disks supports host-based encryption using customer managed key
The Event Grid blob trigger handles events raised by a storage account and is now generally available.
The extension allows you to reduce latency by triggering on an event subscription to the same blob container. The event subscription uses Event Grid to forward changes in the blob container as events for your function to consume.
Source: Generally available: Azure Functions extension for Event Grid blob trigger
Resizing a disk on Azure can provide increased storage capacity and better performance for your applications. As part of our commitment to continuously add new capabilities to our Azure Disk Storage portfolio, live resize for Premium SSD and Standard SSD Disk Storage is now generally available.
With live resize, you can dynamically increase the storage capacity of your Premium SSD and Standard SSD disks without causing any disruption to your applications. To reduce costs, you can start with smaller disks and gradually increase their storage capacity without experiencing any downtime.
Source: Generally available: Live resize for Premium SSD and Standard SSD Disk Storage
Use Azure Cosmos DB integrated cache to optimize read costs and latency for both point reads and queries. The Azure Cosmos DB integrated cache is an in-memory cache built-in to the Azure Cosmos DB dedicated gateway. The dedicated gateway is optional front-end compute that stores cached data and routes requests to the backend database. There’s no need to make code changes in your application to use the dedicated gateway and utilize the integrated cache. Integrated cache is currently available for Core (SQL) API only.
Source: General availability: Azure Cosmos DB integrated cache
App Service and Azure Functions now support referencing configuration key-values from the Azure App Configuration service. App Configuration provides central management of configuration key-values that can span resources and deployment environments. When defining an application setting or connection string within App Service and Azure Functions, instead of providing a direct value, you can now specify a key-value in an external Azure App Configuration store. The app uses its managed identity to resolve the value from the store and expose it as an environment variable to your application.
This initial preview does not yet include support for network-restricted configuration stores or for resolution of configuration store references to Key Vault. Referenced key-values are not yet refreshed automatically, and new values will only be pulled in when the app restarts as the result of another config change such as modifying an app setting.
Source: Public preview: App Configuration references for App Service and Azure Functions
Azure Cache for Redis now supports authenticating storage account connections using managed identity. Identity is established through Azure Active Directory, and both system-assigned and user-assigned identities are supported. This allows you to establish trusted access to storage for uses including data persistence and importing/exporting cache data. Using managed identity to connect to storage account limits the need to manage storage keys and gives you tighter and more secure control over storage account access.
Source: General availability: Managed identity to connect Azure Cache for Redis to storage
The 1.4 version is the latest long term servicing (LTS) release of IoT Edge. This release will be serviced with fixes for regressions and critical security issues through November 12, 2024 (product lifecycle). This release also marks the end of servicing for the 1.3 release which will no longer receive bug fixes or security patches. The release is based on 1.3 and brings the following improvements in addition to long term servicing:
- Automatic cleanup of unused Docker images
- Ability to pass a custom json payload to DPS on provisioning
- Ability to require all modules in a deployment be downloaded before (re)starting any
- Use of the TCG TPM2 Software Stack which enables TPM hierarchy authorization values, specifying the TPM index at which to persist the DPS authentication key, and accommodating more TPM configurations
Full release notes can be found on the GitHub release page for 1.4.0. The companion release of Azure IoT Edge for Linux on Windows (EFLOW) 1.4 LTS will be coming later this fall. Release notes for EFLOW can be found on the EFLOW GitHub releases page.
The Kusto Emulator is a Docker Container encapsulating the Kusto Query Engine available locally in a Docker Container. The Kusto Emulator was designed to enable local development and automated testing and is a free offering under the following license terms.
Automated testing can be done using the Kusto Emulator without provisioning an Azure Service and without connection to the internet. It can be an efficient way to use Kusto Query Engine for automated tests. Local development can be done without relying on an internet connection or a provisioned service.
Source: Generally available: Azure Data Explorer Kusto Emulator
Generally available: Enterprise-grade edge for Azure Static Web Apps
Enterprise-grade edge for Azure Static Web Apps is now generally available. Enable faster page loads, enhance security, and optimize reliability for your global applications. Enterprise-grade edge combines the capabilities of Azure Static Web Apps, Azure Front Door, and Azure Content Delivery Network (CDN) into a single secure cloud CDN platform.
Key features:
- Global presence in 118+ edge locations across 100 metro cities
- Caching assets at the edge
- Proactive protection against Distributed Denial of Service (DDoS) attacks
- Native support of end-to-end IPv6 connectivity and HTTP/2 protocol.
- Optimized file compression.
Source: Generally available: Enterprise-grade edge for Azure Static Web Apps
The general purpose Dps v5 and Dpds v5 Azure Virtual Machines series can run popular Linux enterprise workloads such as web and application servers, open-source databases, Java and .Net applications, gaming, and media servers, and more. The new VMs provide up to 4GiBs of memory per vCPU in sizes with up to 64 vCPUs, 208GiB of memory, and 40Gbps networking, with and without local temporary storage.
The Dpls v5 and Dplds v5 VM series offer one of the lowest starting price points within the general-purpose Azure Virtual Machines portfolio, providing 2GiBs per vCPU in sizes up to 64vCPUs, 128GiBs of memory, and up to 40Gbps networking with and without local temporary storage options.
Lastly, the memory optimized Eps v5 and Epds v5 VM series feature up to 8GiBs of memory per vCPU in sizes with up to 32 vCPUs, 208GiBs of memory, 40Gbps networking, with and without local temporary storage options, and are designed to meet the requirements associated with memory-intensive Linux-based workloads including open-source databases, in-memory caching applications, and data analytics engines.
All the VM series listed above are now generally available in multiple regions and feature the Ampere Altra Arm-based processor operating at up to 3.0GHz frequency. The Altra Arm-based processor was architected for scale-out cloud environments to deliver efficient performance and help reduce overall environmental impact of computing operations.
Source: Generally available: New Azure Virtual Machines with Ampere Altra Arm-based processors
You can now use Stream Analytics clusters to securely connect your jobs to write to dedicated synapse SQL pools using managed private endpoints. Setting this up is a simple, two step operation. First add synapse SQL output to your job. Then go to your Stream Analytics cluster to add a managed private endpoint that establishes a secure, private connection between your resources. Learn how to configure managed private endpoints in your Stream Analytics cluster.
Source: General availability: Managed private endpoint support to Synapse SQL output
Resource instance rules enable secure connectivity to a storage account by restricting access to specific resources of select Azure services.
Azure Storage provides a layered security model that enables you to secure and control access to your storage account. You can configure network access rules to limit access to your storage account from select virtual networks or IP address ranges. Some Azure services operate on multi-tenant infrastructure, so resources of these services cannot be isolated to a specific virtual network.
With resource instance rules, you can now configure your storage account to only allow access from specific resource instances of such Azure services. For example, Azure Synapse offers analytic capabilities that cannot be deployed into a virtual network. If your Synapse workspace uses such capabilities, you can configure a resource instance rule on a secured storage account to only allow traffic from that Synapse workspace.
Resource instances must be in the same tenant as your storage account, but they may belong to any resource group or subscription in the tenant.
Source: Generally available: Resource instance rules for access to Azure Storage
General availability: Up to 45% performance gains in stream processing
Announcing an up to 45% performance boost for CPU intensive jobs by default. This improvement allows you to reduce the number of streaming units assigned to such jobs and save on costs without impacting performance.
Source: General availability: Up to 45% performance gains in stream processing
Azure Daily 2022 - Sep 08, 2022
Auditing for Azure SQL database has started supporting User Managed Identity. Auditing can be configured to Storage account using two authentication methods, managed identity and storage access keys. For managed identity you can use system managed identity or user managed identity. To know more about UMI in azure refer here
To configure writing audit logs to a storage account, select Storage when you get to the Auditing section. Select the Azure storage account where logs will be saved, you can use two storage authentication types i.e., managed identity and storage access keys.
Read more at Azure Daily 2022
We are announcing the general availability of standard network features for Azure NetApp Files volumes. Standard network features provide you with an enhanced, and consistent virtual networking experience along with security posture for Azure NetApp Files.
You are now able to choose between standard or basic network features while creating a new Azure NetApp Files volume:
- Basic provide the current functionality, limited scale, and features.
- Standard provides the following new features for Azure NetApp Files volumes or delegated subnets:
- Increased IP limits for Vnets with Azure NetApp Files volumes. This is at par with VMs to enable you to provision Azure NetApp File volumes in your existing topologies or architectures. This eliminates the need to rearchitect network topologies to use Azure NetApp Files for workloads like VDI, AVD, or AKS.
- Enhanced network security with support for network security groups (NSG) on the Azure NetApp Files delegated subnet.
- Enhanced network control with support for user-defined routes (UDR) to and from Azure NetApp Files delegated subnets. You can now direct traffic to and from Azure NetApp Files via your choice of network virtual appliances for traffic inspection.
- Connectivity over active or active VPN gateway setup for highly available connectivity to Azure NetApp Files from on-premises network.
- ExpressRoute FastPath connectivity to Azure NetApp Files. FastPath improves the data path performance between on-premises network and Azure Virtual Network.
This general availability for standard network features is currently in20 regions and will rollout to other regions.
Source: General availability: Standard network features for Azure NetApp Files
Save up to 24 percent on your usage of Azure Backup Storage by purchasing reserved capacity storage. The reservation discount will automatically apply to your matching Backup Storage and the process of purchasing a reservation is streamlined. Reservations are available on a one-year basis for up to a 16 percent discount or on a three-year basis for a 24 percent discount.
Source: Generally available: Reserved capacity for Azure Backup Storage
Currently, virtual machines (VMs) running on Azure Dedicated Host support the use of standard and premium disks as data disks. We are introducing support for ultra disks on dedicated host.
Ultra disks are highly performant disks on Azure that offer high throughput (maximum of 4000 MBps per disk) and high IOPS (maximum of 160,00 IOPS per disk) depending on the disk size. If you are running IaaS workloads that are data intensive and latency sensitive, such as Oracle DB, MySQL DB, other critical databases, and gaming applications, you will benefit from using ultra disks as data disks on VMs hosted on dedicated host.
Source: Generally available: Azure Dedicated Host support for Ultra Disk Storage
You can easily configure an Azure Database for PostgreSQL instance as output to your Stream Analytics job with zero code. This functionality is now generally available.
Source: General availability: Azure Database for PostgreSQL output in Stream Analytics
Generally available: Multi-instance GPU support in AKS
Multi-instance GPU (MIG) for the A100 GPU is now generally available in AKS. Multi-instance GPU provides a mechanism for you to partition up the GPU for Kubernetes workloads on the same VM. You can now run your production workloads using the A100 GPU SKU and benefit from its higher performance.
Source: Generally available: Multi-instance GPU support in AKS
An Azure Kubernetes Service (AKS) cluster with API Server VNet Integration configured projects the API server endpoint directly into a delegated subnet in the VNet where AKS is deployed. This enables network communication between the API server and the cluster nodes without any required private link or tunnel. The API server will be available behind an Internal Load Balancer VIP in the delegated subnet, which the nodes will be configured to utilize.
Source: Public preview: API Server VNET Integration for AKS private cluster
Updating the address space for peered virtual networks now is now generally available. This feature allows you to update the address space or resize for a peered virtual network without removing the peering.
Users often want to resize or update the IP address of their virtual networks as they grow their footprint in Azure. Users can now resize their virtual networks to meet their needs without downtime. This feature allows you to easily resize your virtual networks without the need to remove the peering in advance.
Source: Generally available: Resizing of peered virtual networks
Restore artifacts you may have deleted by mistake using the Azure Container Registry (ACR) soft delete feature.
After the feature is enabled and an artifact is deleted, the deleted artifact is stored in a recycle bin for a number of days (user configurable setting). You can restore the artifact while it is still available in the recycle bin and build containers from it right away. Once an artifact hits the configured recycle days limit, it is purged from the Azure Container Registry permanently.
Source: Public preview: Soft delete in Azure Container Registry
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.
Azure Bastion is deployed to a virtual network and supports virtual network peering. Specifically, Azure Bastion manages RDP/SSH connectivity to VMs created in the local or peered virtual networks.
RDP and SSH are some of the fundamental means through which you can connect to your workloads running in Azure. Exposing RDP/SSH ports over the Internet isn't desired and is seen as a significant threat surface. This is often due to protocol vulnerabilities. To contain this threat surface, you can deploy bastion hosts (also known as jump-servers) at the public side of your perimeter network. Bastion host servers are designed and configured to withstand attacks. Bastion servers also provide RDP and SSH connectivity to the workloads sitting behind the bastion, as well as further inside the network.
This figure shows the architecture of an Azure Bastion deployment. In this diagram:
- The Bastion host is deployed in the virtual network that contains the AzureBastionSubnet subnet that has a minimum /26 prefix.
- The user connects to the Azure portal using any HTML5 browser.
- The user selects the virtual machine to connect to.
- With a single click, the RDP/SSH session opens in the browser.
- No public IP is required on the Azure VM.
The new read replica feature allows you to replicate your data from an instance of Azure Database for MySQL Flexible Server to a read-only server. You can use this feature to replicate the source server to up to a total of 10 replicas. This functionality is now extended to support high availability (HA) enabled servers within the same region.
Source: General availability: Read replica for Azure Database for MySQL - Flexible Server
Azure Media Services is announcing the general availability of low-latency live streaming (LL-HLS). This offers glass-to-glass latency as low as 4 seconds with any player capable of supporting Apple's low-latency HLS (LL-HLS) specification. With low-latency in the 4-7 second range, you can build a variety of interactive applications that allow you to engage seamlessly with your audiences at scale.
What kinds of applications can you build with low-latency live streaming?
Low-latency support can enable you to stream a variety of interactive scenarios including:
- Retail live shopping.
- Fitness and educational instruction classes.
- Social streaming and user generated live where audiences can chat and react with emojis.
What are the key features of low-latency live streaming in Media Services?
- Latencies in the 4-7 second range (upper end latency can vary by network conditions and geography).
- Automatic live transcription in over 50 languages.
- Dynamic encryption and digital rights management (DRM) support for PlayReady, Widevine, and FairPlay.
- Player friendly - Works natively with Apple devices (MacOS 12 and iOS15 and above) with no additional player work needed. Playback has been evaluated with the latest version of HLS.js, Video.js, Shaka, and more.
- No additional costs over existing encoding live events.
- Major improvements in latency for DASH delivery when not using LL-HLS playback (LL-DASH support is not available at this time).
Source: General availability: Azure Media Services low-latency live streaming
New operators on regional WAF custom rules:
Azure regional Web Application Firewall (WAF) with Application Gateway now supports creating custom rules using the operators "Any" and "GreaterThanOrEqual". Custom rules allow you to create your own rules to customize how each request is evaluatedas it passes through the WAF engine.
To learn more about creating custom rules, please visit the regional WAF documentation.
Geo filtering using socket address on global WAF:
Azure global Web Application Firewall (WAF) with Azure Front Door now supports custom geo-match filtering rules using socket addresses. Filtering by socket address allows you to restrict access to your web application by country/region using the source IP that the WAF sees. If your user is behind a proxy, socket address is often the proxy server address.
To learn more about geo filtering, please visit the global WAF documentation..
Source: General availability: Improvements to Azure Web Application Firewall (WAF) custom rules
In less than two years, Bicep’s VS Code extension has grown from zero users to more than 15 thousand a month. In addition to the Bicep extension’s success, millions of resources are now deployed with Bicep files via Azure CLI and Azure PowerShell. Our incredible community has not only shaped the suite of Bicep features we know and love today, but they also made it abundantly clear how important Visual Studio was to their daily workflow. We heard you, no more switching back and forth between editors!
Azure Database for PostgreSQL – Flexible Server performs automatic snapshot backups and allows you to restore to any point in time within the retention period. The overall time to restore and recover may take several minutes depending on the amount of recovery to perform from the previous backup.
In use cases like testing, development, and data verifications at backup that don’t require the latest data but need to spin up a server quickly, Azure Database for PostgreSQL – Flexible Server now supports the fastest restore feature to address these use cases. This feature lists all the available automatic backups and you can choose a specific backup to restore. This feature then provisions a new server and restores the backup from the snapshot. Since no recovery is involved, this feature provides a fast and predictable restore experience.
Source: Generally available: Fast restore for Azure Database for PostgreSQL – Flexible Server
Immutable storage for Blob Storage on containers (which has been generally available since September 2018) now includes a new append capability. This capability, titled “Allow Protected Appends for Block and Append Blobs,” allows you to set up immutable policies for block and append blobs to keep already written data in a WORM state and continue to add new data. This capability is available for both legal holds and time-based retention policies.
This capability is supported in all public regions and it is available to new and existing accounts. To learn more, read the documentation on immutable storage.
Source: General availability (update): Improved Append Capability on Immutable Storage for Blob Storage
Immutable storage for Azure Data Lake Storage is now generally available. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable and you can set a retention period so that files can't be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed.
This release includes the new “allow append writes for block and append blobs” flag, which allows users to set up immutable policies for block and append blobs to keep already written data in a WORM state and continue to add new data.
If you are using NFS 3.0 protocol or SFTP support on an account, immutable storage is not supported.
Source: Generally available: Immutable storage for Azure Data Lake Storage
Encryption scopes introduce the option to provision multiple encryption keys in a storage account with hierarchical namespace. Using encryption scopes, you now can provision multiple encryption keys and choose to apply the encryption scope either at the container level (as the default scope for blobs in that container) or at the blob level. The preview is available for REST, HDFS, NFSv3, and SFTP protocols in an Azure Blob / Data Lake Gen2 storage account.
The key that protects an encryption scope may be either a Microsoft-managed key or a customer-managed key in Azure Key Vault. You can choose to enable automatic rotation of a customer-managed key that protects an encryption scope. When you generate a new version of the key in your Key Vault, Azure Storage will automatically update the version of the key that is protecting the encryption scope, within a day.
Source: Public preview: Encryption scopes on hierarchical namespace enabled storage accounts
Public preview: Customer initiated storage account conversion
Today Azure Storage is announcing the public preview of a self-service option to convert storage accounts from non-zonal redundancy (LRS/GRS) to zonal redundancy (ZRS/GZRS). This allows you to initiate the conversion of storage accounts via the Azure portal without the necessity of creating a support ticket.
Source: Public preview: Customer initiated storage account conversion
We are happy to announce General Availability(GA) of the ability to reverse migrate an Azure SQL Database from Hyperscale tier to General Purpose tier. Previously, migration into the Hyperscale tier was a one-way migration with no easy way to move back to any non-Hyperscale tier. Reverse Migration to the General Purpose service tier now allows customers who have recently migrated an existing Azure SQL DB database to the Hyperscale service tier to move back, should Hyperscale not meet their needs. This provides additional mobility for their SQL Database data. Once in the General Purpose tier, they have the flexibility to remain on that tier or move their database to other SQL Database tiers including coming back to Hyperscale tier.
Read more at Azure Daily 2022
Today we’re announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 keys). With this preview, you can now:
- Enable a single sign-on experience to Azure AD-joined and Hybrid Azure AD-joined session hosts when using the Windows and the web clients
- Use passwordless authentication to sign in to the host using Azure AD
- Use passwordless authentication inside the session when using the Windows client
- Use third-party Identity Providers (IdP) that integrate with Azure AD to sign in to the host
Read more at Azure Daily 2022
Generally available: Azure Functions .NET Framework support in the isolated worker model
You can now build production Serverless Apps with Azure Functions v4 in isolated worker model with .NET Framework 4.8. This allows apps with .NET Framework dependencies to explore taking advantage of the latest versions of Azure Functions host.
If you are on .NET Framework on v1, it is recommended to migrate to .NET 6 or .NET 7 on v4 host. If your apps have .NET Framework dependencies, please migrate to .NET framework on v4 and provide feedback on our Azure Functions .NET Worker GitHub repository.
Apps built using this capability will follow the same patterns as any isolated .NET worker project in Functions, but they will specify .NET Framework 4.8 as the target framework. Please provide feedback through the Azure Functions .NET Worker GitHub repository.
Source: Generally available: Azure Functions .NET Framework support in the isolated worker model
In Azure App Service, you can easily create on-demand custom backups and automatic backups. You can easily restore these backups by overwriting an existing app or by restoring it to a new app or slot.
Automatic backup and restore is now in preview for isolated pricing tier for App Service Environment V2 and V3.
For more information about Azure App Services backups and restore, visit: Back up an app - Azure App Service | Microsoft Docs
Source: Public preview: Automatic backup for App Service Environment V2 and V3
Policy analytics for Azure Firewall, now in public preview, provides enhanced visibility into traffic flowing through Azure Firewall, enabling the optimization of your firewall configuration without impacting your application performance.
As application migration to the cloud accelerates, it’s common to update Azure Firewall configuration daily (sometimes hourly) to meet the growing application needs and respond to a changing threat landscape. Frequently, changes are managed by multiple administrators spread across geographies.
Over time, the firewall configuration can grow sub optimally impacting firewall performance and security. It’s a challenging task for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule to flow match, rule hit rate, and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.
Read the blog and Azure Firewall documentation to learn more.
Follow these instructions to enable policy analytics on your subscriptions.
Message Bus Queues and Topics provide
- Temporal decoupling as message producers and consumers do not have to be online at the same time
- Load leveling to smooth out peaks in load by allowing the consuming application to be provisioned for average load rather than peak load
- Load balancing to have multiple consumers listening on a single subscription with each message being handed off to only one of the consumers, thereby balancing load
- Loose coupling to evolve the messaging network without imcating existing endpoints, e.g. adding subscriptions or changing filters to a topic to accommodate new consumers
With Queues, you can have multiple senders, but only one message-consumer receives and process each message.
Using queues to intermediate between message producers and consumers provides an inherent loose coupling between the components.
With Queues, there are two different modes available to process messages.
Received & Delete
This mode is suitable where the system can tolerate not processing messages in case of failure. In this mode, once the consumer service reads the message, it will be deleted from the Queue irrespective of the status of the message process.
Peek
This mode is suitable where the system cannot tolerate ignoring messages in case of failure. So here, messages are processed in two stages, as below.
- Finds the next message to be consumed, locks it to prevent other consumers from receiving it, and then return the message to the application.
- After the application finishes processing the message, it requests the Service Bus service to complete the second stage of the receiving process. Then, the service marks the message as being consumed.
Senders send messages to a topic in the same way that they send messages to a queue, but it varies on a slight factor where 'Topics' can have multiple, independent 'Subscriptions'. Subscriptions are durable by default but can be configured to expire and then be automatically deleted.
We can define rules on a subscription. A subscription rule has a filter to define a condition for the message to be copied into the subscription and an optional action that can modify message metadata.
Azure Firewall Basic is a new SKU for Azure Firewall designed for small and medium-sized businesses.
The main benefits are:
Comprehensive, cloud-native network firewall security:
- Network and application traffic filtering
- Threat intelligence to alert on malicious traffic
- Built-in high availability
- Seamless integration with other Azure security services
Simple setup and easy-to-use:
- Setup in just a few minutes
- Automate deployment (deploy as code)
- Zero maintenance with automatic updates
- Central management via Azure Firewall Manager
Cost-effective:
- Designed to deliver essential, cost-effective protection of your resources within your virtual network
Today Microsoft officially announced the general availability of a simpler, more reliable, and modernized way to protect your VMware virtual machines using Azure Site Recovery, for recovering quickly from disasters. We are now offering these enhancements:
- Stateless ASR replication appliance
- Automatic upgrades for ASR replication appliance and mobility agent
- Easier scale management
- High availability for appliances
Learn more about the modernized architecture and move to the modernized experience now.
Source: General availability: Simplified disaster recovery for VMware machines using Azure Site Recovery
Azure Daily 2022 - Oct 10, 2022
Microsoft is pleased to announce that you can now automatically distribute your session hosts across any number of availability zones. This enables you to take full advantage of the built-in Azure resiliency options from within the same deployment process.
This has been a feature request from many of our customers, and I'm pleased to announce the host pool deployment process has been improved so it now supports deploying into up to three availability zones in Azure regions that support them.
Read more at Azure Daily 2022
Classic resource providers that use Azure Service Manager (classic deployment model) will be retired on 31 August 2024.
Required action
Your access to the classic resource provider’s endpoint will be revoked and the resource provider will be disabled on 31 August 2024.
-
To take advantage of advanced capabilities offered by Azure Resource Manager and avoid service disruptions, migrate your resources that use Classic (ASM) to Azure Resource Manager by 31 August 2024.
-
Additionally, to manage service expectations of your classic resource provider, notify your end customers and coordinate with them for completing migration before the retirement date of 31 August 2024.
Source: Azure classic resource providers will be retired on 31 August 2024
IP Protection is designed with SMBs in mind and delivers enterprise-grade, cost-effective DDoS protection.
Instead of enabling DDoS protection on a per virtual network basis, including all public IP resources associated with resources in those virtual networks, you now have the flexibility to enable DDoS protection on an individual public IP.
The existing standard SKU of Azure DDoS Protection will now be known as Network Protection.
IP Protection includes the same features as Network Protection, but Network Protection will have in the following value-added services: DDoS Rapid Response support, cost protection, integration with Azure Firewall Manager, and discounts on Azure Web Application Firewall.
Billing for IP Protection will be effective starting February 1, 2023.
Source: Public preview: IP Protection SKU for Azure DDoS Protection
Public preview: Azure Resource Topology
Azure Resource Topology (ART) allows visualizing the resources in a network, acquire system context, understand state and debug issues faster. It provides a visualized connected experience for inventory management and monitoring.
This unified topology leads to upgrading the network monitoring and management experience in Azure. Replacing the Network Watcher topology, this topology will allow the users to draw a unified and dynamic topology across multiple subscription, regions, and resource groups (RGs) comprising of multiple resources.
Allowing deep dive into your environment, ART provides the capability for users to drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure. It also stitches the end-to-end monitoring and diagnostics story with the capability to run next hop directly from a VM selected in the topology after specifying the destination IP address.
Selecting a resource in the topology highlights the node and all other nodes/resources connected to it via edges. These edges define the connections among regions which can be done through VNET peering, VNET Gateways, etc. The side pane shows extensive resource details and properties for selected node/resource.
Features available in public preview:
- Multi-region and multi-subscription visualization
- Drilldown from Azure region to resources inside subnet
- Side-panel showing resource properties and metrics
- Highlighting of nodes connected to a selected resource
- Automatic grouping of resources of the same type
- Side-by-side visualization of two regions/VNETs/Subnets
- Search based on resource name
- Scope selector based on subscription and resource-type filtering
- Health status of resources using resource health (RHC) status
- Diagnostics tool next hop integration.
- Resource view diagram for all supported resources
We’re announcing the general availability of the intent feature in Azure proximity placement groups. Proximity placement groups are a popular logical construct among customers running very latency sensitive workloads such as SAP and HPC. Proximity placement groups are used to physically locate Azure compute resources close to each other to provide best possible latencies.
With the addition of the new optional parameter, intent, you can now specify the VM sizes intended to be part of a proximity placement group when it is created. An optional zone parameter can be used to specify where you want to create the proximity placement group. This capability allows the proximity placement group allocation scope (datacenter) to be optimally defined for the intended VM sizes, reducing deployment failures of compute resources due to capacity unavailability. The new intent feature can now be used across all regions and it is supported through CLI and PowerShell interfaces.
To learn more about the new proximity placement groups' intent feature, refer to the documentation proximity placement groups - Azure Virtual Machines | Microsoft Learn.
Source: General availability: New Azure proximity placement groups feature
Azure Deployment Environments has entered public preview.
Azure Deployment Environments help dev teams create and manage all types of environments throughout the application lifecycle with features like:
On-demand environments enable developer to spin up environments with each feature branch to enable higher quality code reviews and ensure devs can view and test their changes in a prod-like environment.
Sandbox environments can be used as greenfield environments for experimentation and research.
CI/CD pipeline environments integrate with your CI/CD deployment pipeline to automatically create dev, test (regression, load, integration), staging, and production environments at specified points in the development lifecycle.
Environment types enable dev infra and IT teams to create preconfigured mappings that automatically apply the right subscriptions, permissions, and identities to environments deployed by developers based on their current stage of development.
Template catalogues housed in a code repo that can be accessed and edited by developers and IT admins to propagate best practices while maintaining security and governance.
For more information about Azure Deployment Environments, visit the announcement blog.
Source: Public preview: Microsoft Azure Deployment Environments
Thanks to your support during the preview of the completely revamped Service Bus Explorer tool on the Azure portal, this tool is now generally available. Azure Service Bus has two types of operations which can be performed against it:
- Management operations: Create, update, delete of Service Bus namespace, queues, topics, and subscriptions.
- Data operations: Send to and receive messages from queues, topics, and subscriptions.
While we have offered a portal-based Service Bus Explorer for data operations for a while now, you have provided us with feedback that the experience was still lacking compared to the community managed Service Bus Explorer OSS tool.
We have released a new version of Service Bus Explorer, which brings many new capabilities to the portal for working with your messages, right from the portal. For example, it is now possible to send, receive, and peek messages on queues, topics, and subscriptions, including dead-letter sub-queues. The tool allows you to perform operations such as complete, re-sending, and deferral. This can be done on a single message or for multiple messages at once.
To access the tool:
- Navigate to the namespace.
- Select the specific queue or topic that you want to perform your data operations on.
- Open "Service Bus Explorer (preview)" from the left menu navigation pane. When working with a topic, it's also possible to select a specific subscription within.
For all information about the tool and step-by-step guidance for the different operations, check the documentation.
Source: Generally available: Service Bus Explorer for the Azure portal
Private endpoint support for statically defined IP addresses is generally available. This feature allows you to add customizations to your deployments. Leverage already reserved IP addresses and allocate them to your private endpoint without relying on the randomness of Azure's dynamic IP allocation. In doing so, you can account for a consistent IP address to the private endpoint to use alongside IP based security rules and scripts.
Source: General availability: Static IP configurations of private endpoints
Azure savings plan for compute is an easy and flexible way to save significantly on compute services, compared to pay-as-you-go prices. The savings plan unlocks lower prices on select compute services when customers commit to spend a fixed hourly amount for one or three years. Choose whether to pay all upfront or monthly at no extra cost. As you use select compute services across the world, your usage is covered by the plan at reduced prices, helping you get more value from your cloud budget. During the times when your usage is above your hourly commitment, you'll be billed at your regular pay-as-you-go prices. With savings automatically applying across compute usage globally, you'll continue saving even as your usage needs change over time.
Source: General availability: Azure savings plan for compute
Stream Analytics now supports end-to-end exactly once semantics when writing to Azure Data Lake Storage Gen2. Your jobs now guarantee no data loss and no duplicates being produced as output. This simplifies your streaming pipeline by not having to monitor, implement, and troubleshoot deduplication logic.
Source: Public preview: Exactly once delivery for Azure Data Lake Storage Gen2
Azure Kubernetes Service is increasing the maximum node limit per cluster from 1,000 nodes to 5,000 nodes for customers using the uptime-SLA feature. The default limit for all AKS clusters will continue to be 1,000 nodes. However, AKS clusters using the uptime SLA feature can now request an increase in the AKS service quota up to a maximum of 5,000 nodes across all node pools in a cluster by creating a support request.
Workloads that need large amount of compute resources can now scale beyond 1,000 virtual machines (nodes) within the same cluster removing the operational overhead of managing cross-cluster deployments and workloads. You can scale your clusters up to 5,000 nodes using both manual and cluster autoscaler.
This feature is available for clusters using uptime-SLA and Azure CNI Network plugin only.
The option to store the backup of the workloads protected by Azure Backup in zone redundant vaults is generally available. When you configure the protection of a resource with the zone-redundant storage (ZRS) vault, the backups replicate synchronously across three availability zones in a region. It enables you to perform successful restores and recover your data even if a zone goes down. For organizations governed by the compliance requirement of data not crossing the regional boundary, zone-redundant storage is the right and preferred choice for backups.
With the general availability of this feature, you have a broader set of redundancy or storage replication options to choose from for your backup data. Based on your data residency, data resiliency, and total cost of ownership (TCO) requirements, you can select either locally redundant storage (LRS), zone-redundant storage (ZRS), or geo-redundant storage (GRS).
Azure Backup currently supports ZRS in these regions.
Source: General availability: Zone-redundant storage support by Azure Backup
SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is now generally available.
Azure Blob Storage now supports SFTP, enabling you to leverage object storage economics and features for your SFTP workloads. With just one click, you can provision a fully managed, highly scalable SFTP endpoint for your storage account. This expands Blob Storage’s multi-protocol access capabilities and eliminates data silos – meaning you can run different applications, requiring different protocols, on a single storage platform with no code changes.
Source: Generally available: SFTP support for Azure Blob Storage
Azure Data Explorer now supports the ingestion of data from many receivers via the OpenTelemetry exporter.
OpenTelemetry (OTel) is a vendor-neutral open-source observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs.
We are releasing Azure Data Explorer OpenTelemetry exporter, which supports ingestion of data from many receivers into Azure Data Explorer, allowing you to instrument, generate, collect, and store data using a vendor-neutral open-source framework.
Source: General availability: OpenTelemetry exporter for Azure Data Explorer
Azure regions and availability zones (AZ) are designed to help you achieve resiliency and reliability for your business-critical workloads.This Azure NetApp Files availability zone volume placement feature lets you deploy new volumes in the logical availability zone of your choice to support enterprise, mission-critical high availability (HA) deployments across multiple availability zones.This public preview of the feature is available in all availability zone-enabled regions with Azure NetApp Files presence.
Source: Public preview: Availability zone volume placement for Azure NetApp Files
Enterprises and hobbyists alike have been using Azure Computer Vision’s Image Analysis API to garner various insights from their images. These insights help power scenarios such as digital asset management, search engine optimization (SEO), image content moderation, and alt text for accessibility among others.
Newly improved features including read (OCR)
We are thrilled to announce the preview release of Computer Vision Image Analysis 4.0 which combines existing and new visual features such as read optical character recognition (OCR), captioning, image classification and tagging, object detection, people detection, and smart cropping into one API. One call is all it takes to run all these features on an image.
The OCR feature integrates more deeply with the Computer Vision service and includes performance improvements that are optimized for image scenarios that make OCR easy to use for user interfaces and near real-time experiences. Read now supports 164 languages including Cyrillic, Arabic, and Hindi.
Tested at scale and ready for deployment
Microsoft’s own products from PowerPoint, Designer, Word, Outlook, Edge, and LinkedIn are using Vision APIs to power design suggestions, alt text for accessibility, SEO, document processing, and content moderation.
You can get started with the preview by trying out the visual features with your images on Vision Studio. Upgrading from a previous version of the Computer Vision Image Analysis API to V4.0 is simple with these instructions.
We will continue to release breakthrough vision AI through this new API over the coming months, including capabilities powered by the Florence foundation model featured in this year’s premiere computer vision conference keynote at CVPR.
Additional Computer Vision services
Spatial Analysis is also in preview. You can use the spatial analysis feature to create apps that can count people in a room, understand dwell times in front of a retail display, and determine wait times in lines. Build solutions that enable occupancy management and social distancing, optimize in-store and office layouts, and accelerate the checkout process. By processing video streams from physical spaces, you're able to learn how people use them and maximize the space's value to your organization.
The Azure Face service provides AI algorithms that detect, recognize, and analyze human faces in images. Facial recognition software is important in many different scenarios, such as identity verification, touchless access control, and face blurring for privacy. Face service access is limited based on eligibility and usage criteria in order to support our Responsible AI principles. Face service is only available to Microsoft managed customers and partners. Use the Face Recognition intake form to apply for access. For more information, see the Face limited access page.
Computer Vision and Responsible AI
We are excited to see how our customers use Computer Vision’s Image Analysis API with these new and updated features. Our technology advancements are also guided by Microsoft’s Responsible AI process, and our principles of fairness, inclusiveness, reliability and safety, transparency, privacy and security, and accountability. We put these ethical standards into practice through the Office of Responsible AI (ORA)—which sets our rules and governance processes, the AI Ethics and Effects in Engineering and Research (Aether) Committee—which advises our leadership on the challenges and opportunities presented by AI innovations, and Responsible AI Strategy in Engineering (RAISE)—a team that enables the implementation of Microsoft Responsible AI rules across engineering groups.
Get started
Start improving how you analyze images with Image Analysis 4.0 with a unified API endpoint and a new OCR Model.
- Computer Vision documentation.
- Image Analysis documentation.
- Quick Start for Image Analysis.
- Vision Studio for demoing product solutions.
Source: Image Analysis 4.0 with new API endpoint and OCR model in preview
The ability to bring your own public IP ranges is now available in all US Government regions.
Additionally:
- You can now bring your own IPv6 ranges to Azure. These ranges must be a /48 size and can be split into multiple regional /64 ranges, of which a subset of IPs can be used as Public IP Prefixes.
- A regional commissioning feature now allows you to advertise a range internally within an Azure region prior to full global advertisement to the Internet, easing the migration process for a range that is already live outside of Azure.
Source: Generally available: Custom IP Prefixes (BYOIP) now available in US Government regions
Mariner is an open-source Linux distribution created by Microsoft and is now available for preview as a container host on Azure Kubernetes Service (AKS).
Optimized for AKS, the Mariner container host provides reliability and consistency from cloud to edge across the AKS, AKS-HCI, and Arc products. You can deploy Mariner node pools in a new cluster, add Mariner node pools to your existing Ubuntu clusters, or migrate your Ubuntu nodes to Mariner nodes. To learn more about Mariner, see the Mariner documentation.
Why use Mariner
The Mariner container host on AKS uses a native AKS image that provides one place to do all Linux development. Every package is built from source and is validated, ensuring your services run on proven components. Mariner is lightweight, only including the necessary set of packages needed to run container workloads. It provides a reduced attack surface and eliminates patching and maintenance of unnecessary packages. At Mariner's base layer, it has a Microsoft hardened kernel tuned for Azure.
Public preview: Azure CNI Powered by Cilium
Azure CNI powered by Cilium provides native support for the next-generation Cilium eBPF data plane in AKS clusters running Azure CNI. It offers Pod networking, basic Kubernetes Network Policies, and high-performance service load balancing. The eBPF data plane is available in both VNet mode and Overlay mode of Azure CNI.
It's common to use pipelines to build and deploy images on Azure Kubernetes Service (AKS) clusters. This process often doesn't account for the stale images left behind and can lead to image bloat on cluster nodes. These images can present security issues as they may contain vulnerabilities.
With image cleaner, we can detect and automatically remove all unused and vulnerable images cached on AKS nodes keeping the nodes cleaner and safer.
A successful hybrid networking strategy demands DNS services that work seamlessly across on-premises and cloud networks. Azure DNS Private Resolver now provides a fully managed recursive resolution and conditional forwarding service for Azure virtual networks. Using this service, you will be able to resolve DNS names hosted in Azure DNS private zones from on-premises networks as well as DNS queries originating from Azure virtual networks that can be forwarded to a specified destination server to resolve them.
This service will provide a highly available and resilient DNS infrastructure on Azure for a fraction of the price of running traditional IaaS VMs running DNS servers in virtual networks. You will be able to seamlessly integrate with Private DNS Zones and unlock key scenarios with minimal operational overhead.
We are excited to share that Azure DNS Private Resolver is now in general availability.
A quick overview of Azure DNS
We offer two types of Azure DNS Zones—private and public—for hosting your private DNS and public DNS records. In the preceding illustration, multi-region workloads running on Azure with Azure DNS Private Resolver are provisioned in two regional, centralized virtual networks with one or more spokes peered to each centralized virtual network. These virtual networks have inbound and outbound endpoints provisioned. From on-premises, there are two distinct locations (East and West) and each location connects via Express Route to the centralized virtual network where Private Resolver is provisioned. These on-premises locations have one or more local DNS servers configured to do conditional forwarding to the inbound endpoint of Private Resolver. The local DNS servers in East have the IP address of the East inbound endpoint as the primary DNS target, and the West inbound endpoint as secondary. Alternatively, the local DNS servers in West have the IP address of the West inbound endpoint as the primary DNS target, and the East inbound endpoint as secondary. There is a single private DNS zone linked to both regions and both on-premises locations can resolve names from this zone even in the event of a regional failure.
- Azure Private DNS: Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution. By using private DNS zones, you can use your own custom domain name instead of the Azure-provided names during deployment.
- Azure Public DNS: DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers. Azure DNS uses anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.
Source: Announcing Azure DNS Private Resolver general availability
We’re introducing a new way to learn about Git, GitHub, and version control in Visual Studio – an email learning series with actionable challenges and a repository to practice your skills! We found from our Happiness Tracking Survey that 34% of our VS developers aren’t using any form of version control. While GitHub makes collaboration easy, even smaller teams or solo developers can boost their productivity and code management with version control. We’ll teach you how to back up your code, sync across devices, rollback breaking changes, and more within the IDE. Sign up for the new and improved Getting Started with GitHub in Visual Studio series and master GitHub in short lessons over the next four weeks.
Source: Learning Series: Get started with GitHub in Visual Studio -
Beginning in November, Databricks is rolling out a new compute option called Databricks SQL Pro, joining the SQL product family of Classic and Serverless. Like Serverless SQL, SQL Pro includes performance and integration features that expand the SQL experience on the Lakehouse Platform. The primary difference is that SQL Pro keeps compute in the customer's account.
Azure Databricks SQL Pro’s features include:
- Predictive I/O - Predictive I/O boosts query performance by leveraging the years of experience Databricks has in building large AI/ML systems to make the lakehouse a more intelligent data warehouse
- Applying deep learning techniques to our data lakehouse
- Determining the most efficient access pattern to read data
- For select queries, Predictive I/O calculates probabilities to anticipate where the next row match will occur, only reading that data from cloud storage
- Native Geospatial Features - 30+ built-in H3 expressions for geospatial processing and analysis in Photon-enabled clusters, available in SQL, Scala, and Python
- Query federation - Databricks Warehouse now supports the ability to query live data from various databases through federation capability. Query federation allows BI applications to integrate data in the lakehouse and external data sources, providing a rich query experience
- Workflows integrations - Invoke DBSQL tasks like queries, alerts, and running dashboards from within Databricks Workflows
Many more feature and performance improvements are on the way, such as Materialized Views, and Python UDFs. SQL Pro is generally available everywhere Databricks SQL Classic is available.
Today we are releasing the ability to encrypt storage account with customer-managed keys (CMK) using an Azure Key Vault hosted on a different Azure Active Directory tenant. You can use this solution to encrypt your customers’ data using an encryption key managed by your customers.
Source: Generally available: Encrypt storage account with cross-tenant customer-managed keys
Several enhancements have been made to the passive geo-replication functionality offered on the Premium tier of Azure Cache for Redis. New metrics are available for you to better track the health and status of your geo-replication link, including statistics around the amount of data that is waiting to be replicated. With this feature, you can now initiate a failover between geo-primary and geo-replica caches with a single click or CLI command, eliminating the hassle of manually unlinking and relinking caches. A global cache URL is also now offered that will automatically update your DNS records after geo-failovers are triggered, allowing your application to only manage one cache address.
Source: Public preview: Improved passive geo-replication for Azure Cache for Redis
As part of our commitment to delivering the best possible value for Azure confidential computing, we're announcing the support to create confidential VMs using Ephemeral OS disks. This enables customers using stateless workloads to benefit from the trusted execution environments (TEEs). Trusted execution environments protect data being processed from access outside the trusted execution environments.
Source: General availability: Ephemeral OS disk support for confidential virtual machines
Logic Apps Standard VS Code Extension now allows you to export groups of logic apps workflows deployed to Azure, either in Consumption SKU or under an Integration Service Environment (ISE) as a local Logic Apps Standard project, allowing you to locally test the exported logic apps and either deploy directly to Azure or push the project to your preferred source control repository.
The tool will also generate ARM templates to support the deployment of a Logic App Standard application and any associated Azure connectors via script, parameterize your connections configuration – simplifying the move between environments, and deploy new instances to your Azure connections, so local testing don’t impact existing applications.
To learn more about the tool, including how to install and a walkthrough of the export process, follow one of the paths below:
- Exporting Consumption Workflows to Logic Apps Standard
- Exporting ISE workflows to Logic Apps Standard
Source: Public preview: Exporting ISE and Consumption Logic Apps to Standard SKU
We are announcing the general availability of the Default Rule Set 2.1 (DRS 2.1) on Azure's global Web Application Firewall (WAF) running on Azure Front Door. This rule set is available on the Azure Front Door Premium tier.
DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and includes additional proprietary protections rules developed by Microsoft Threat Intelligence team. As with previous DRS releases, DRS 2.1 rules are also tailored by Microsoft Threat Intelligence Center (MSTIC). The MSTIC team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to address those issues while also reducing false positives to our customers.
Source: General availability: Default Rule Set 2.1 for Azure Web Application Firewall
The new Virtual Machine software reservations enable savings on your Virtual Machine software costs when you make a one- to three-year commitment for plans offered by third-party publishers such as Canonical, Citrix, and Red Hat.
- You can choose to pay monthly or up-front
- You can change the size of the deployed Virtual Machine, and Microsoft handles the application of reservation benefits and overage charges
- You do not have to redeploy your workloads to use the reservation benefits
Source: General availability: Virtual Machine software reservations
When you deploy a site to Azure Static Web Apps, each pull request against your production branch will generate a preview deployment available at a temporary URL. This can be configured in the GitHub Actions workflow by enabling deployment from branches or by specifying a deployment environment name.
To deploy non-production branches to a preview environment, you are required to update the GitHub workflow to run when a push is made to the specific branches and define the production_branch property in the build_and_deploy_job configuration.
Alternatively, you can push changes to a named preview environment by configuring a deployment_environment property in the workflow.
Source: Generally available: Static Web Apps support for stable URLs for preview environments
You will be able to usedependencies and inter-correlations between up to 300 different signals and now easily integrate the multivariate time series anomaly detection capabilities into predictive maintenance solutions, artificial intelligence for IT operation monitoring solutions for complex enterprise software, or business intelligence tools. Through the anomaly results that are detected by this feature, you will not only know when there is an anomaly before a disaster happens, but also get the contribution rank of anomalous variables, which will help save time and effort to analyze root cause.
Source: General availability: Multivariate Anomaly Detection
In March of this year, Microsoft announced the general availability of two new Azure Front Door tiers. Azure Front Door Standard and Premium are our native, modern cloud content delivery network (CDN) catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model.
The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps or five simple steps if your Azure Front Door (classic) instance has custom domains with your own certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as number of domains, backend pools, routes, and other configurations.
Source: Public preview: Azure Front Door zero downtime migration
Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault. This feature is in addition to the AAD Application access to Key Vault that is currently supported.
Source: Public preview: Azure Front Door integration with managed identities
Azure Front Door supports upgrading from Standard to Premium tier without downtime. Azure Front Door Premium supports advanced security capabilities and has increased quota limit, such as managed Web Application Firewall rules and private connectivity to your origin using Private Link.
Source: Public preview: Upgrade from Azure Front Door Standard to Premium tier
With Static Web Apps, you can now configure Azure Pipelines to deploy your application to preview environments. The Azure DevOps task for Azure Static Web Apps intelligently detects and builds your app’s frontend and API and deploys the entire application to Azure. You can fully automate the testing and delivery of your software in multiple stages all the way to production.
Azure Static Web Apps provides globally distributed content hosting and serverless APIs powered by Azure Functions. It also includes everything you need to run a full-stack web app, including support for custom domains, free SSL certificates, authentication/authorization, and preview environments.
This feature is now generally available.
Source: Generally available: Static Web Apps support for preview environments in Azure DevOps
Azure Quota REST API support for service limits (quota) is now available in preview for you to manage your quota programatically. Use Azure REST Quota APIs to manage service limits (quotas) for Azure Virtual Machines (cores/vCPU), Networking, Azure HPC Cache, and Azure Purview services.
For the resources currently supported, the Quota API provides an easier way to quickly get current limits, current usage, and request quota increases.
Request quota increases and enumerate current quotas by subscription, provider, and location seamlessly.
Source: Public preview: Use Azure Quota REST APIs to manage service limits (quotas)
By using .NET 7 for your entire stack, you can leverage the latest language and runtime improvements in .NET, and you can seamlessly share code between your Blazor WebAssembly app, Azure Functions, and other .NET applications.
For your app’s frontend, Static Web Apps can now automatically build and deploy .NET 7.0 Blazor WebAssembly apps. For backend APIs, you can build and deploy .NET 7.0 Azure Functions with your static web apps.
Azure Static Web Apps support for .NET 7.0 follows the .NET 7.0 lifecycle. To learn more, please refer to the .NET support policy.
Source: Generally available: Azure Static Web Apps now fully supports .NET 7
Earlier this year, we announced our vision to empower any developer to become a space developer through Azure. With over 90 million developers on GitHub, we have created a powerful ecosystem and we are focused on empowering the next generation of developers for space. Today, we are announcing a crucial step towards democratizing access to space development, with the preview release of Azure Orbital Space SDK (software development kit)—a secure hosting platform and application toolkit designed to enable developers to create, deploy, and operate applications on-orbit.
By bringing modern cloud-based applications to spacecrafts we not only increase the efficiency, value, and speed of insights from space data but also increase the value of that data through the optimization of ground communication.
Source: Any developer can be a space developer with the new Azure Orbital Space SDK
Azure IoT Hub now supports the ability to setup an Azure Cosmos DB account as a custom routing endpoint. This will help route device data from IoT Hub to Azure Cosmos DB directly. The feature also allows the configuration of Synthetic Partition Keys for writing data into Azure Cosmos DB which helps in optimized querying when working with large-scale data.
Many IoT solutions require extensive downstream data analysis and pushing data into hyperscale databases. For example, IoT implementations in manufacturing and intelligent transport systems require hyperscale databases with extremely high throughput to process the continuous stream of data. Traditional SQL based relational databases cannot scale optimally and also become expensive once data scale increases. Azure Cosmos DB is best suited for such cases where the data needs to be analyzed while it is being written.
Source: Public preview: Add an Azure Cosmos DB custom endpoint in IoT Hub
With the new Azure Bastion shareable links feature in public preview and included in Standard SKU, you can now connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal.
This feature will solve two key pain points:
- Administrators will no longer have to provide full access to their Azure accounts to one-time VM users—helping to maintain their privacy and security.
- Users without Azure subscriptions can seamlessly connect to VMs without exposing RDP/SSH ports to the public internet.
Source: Public preview: Azure Bastion now support shareable links
We are delighted to announce the preview of Cross Subscription Restore of Azure Virtual machines. Cross Subscription Restore allows you to restore Azure Virtual Machine, through create new or restore disks, to any subscription (honoring the RBAC capabilities) from the restore point created by Azure Backup. By default, Azure Backup restores to the same subscription where the restore points are available. With this new feature, you can gain the flexibility of restoring to any subscription under your tenant if restore permissions are available. You can trigger Cross Subscription Restore for managed Azure Virtual Machines only from vault and not from snapshots. Cross Subscription Restore is also supported for Restore with Managed System Identities (MSI). It is unsupported for Encrypted Azure VMs and Trusted Launch VMs.
Learn more about Cross Subscription Restore.
Source: Public preview: Cross Subscription Restore for Azure Virtual Machines
A new version of Azure Quota REST API support for service limits (quotas) is now available in Public preview. Use this new feature to programmatically manage the service limits (quotas) of Azure Virtual Machines (cores/vCPU), Networking, Azure HPC Cache and Azure Purview services. Take advantage of this capability to query current usage and quotas for the supported resources and update these limits, when needed.
For the resources currently supported, the Quota API provides an easier way to quickly get current limits, current usage, and request quota increases.
Request quota increases and enumerate current quotas by subscription, provider, and location seamlessly.
Source: Public Preview: Use Azure Quota Rest APIs to manage service limits (quotas)
Today, GitHub is introducing calendar-based versioning for the REST API to give API integrators a smooth migration path and plenty of time to update their integrations when we need to make occasional breaking changes to the API.
You can learn more in today’s blog post and on the new “API Versions” page in our docs.
If you’re using the REST API, you don’t need to take any action right now. We’ll get in touch with plenty of notice before we drop support for any old versions.
Azure Daily 2022 - Nov 23, 2022
In this article you will find an overview of all the new metadata that was added to support customers using external data and access Policies from Microsoft Purview. You will find this interesting if you are in a technical role and have access to a SQL database, for example as a DBA or developer or need to create reports on who has access to your systems.
Read more at Azure Daily 2022
Generally available: Azure Blob Storage integration with Azure Cosmos DB for PostgreSQL
Using the pg_azure_storageextension, you can interact with Azure Blob Storage containers directly from Azure Cosmos DB for PostgreSQL. Container contents can be listed and fetched using the COPY command and a flexible API. Save time implementing custom data upload pipelines without requiring additional infrastructure and leverage efficient networking between Azure services using a flexible API to make complex data pipelines easier to automate. Currently supported formats include .tsv, .csv, binary, text, and transparent decompression of .gzip compressed file.
Source: Generally available: Azure Blob Storage integration with Azure Cosmos DB for PostgreSQL
For the first time ever, Go language (v1.18 and v1.19) is natively supported on Azure App Service, helping developers innovate faster using the best fully managed app platform for cloud-centric web apps. The language support is available as an experimental language release on Linux App Service in November 2022.
Source: Public preview: Go language support on Azure App Service
Azure Cosmos DB for PostgreSQL now supports cross-region asynchronous replication of data from one cluster to another cluster. This feature allows read-heavy workloads to scale out and load balance across independently configured read-only replicas which can also be promoted to independent read-write clusters. These features can provide you with increased read performance and more precise resource utilization for better cost efficiency and higher availability through support for cross-region disaster recovery.
Source: General availability: Cross-region read replicas for Azure Cosmos DB for PostgreSQL
Azure offers a unique capability of mounting Blob Storage (or object storage) as a file system to a Kubernetes pod or application using BlobFuse or NFS 3.0 options. This allows you to use blob storage with a number of stateful Kubernetes applications including HPC, Analytics, image processing, and audio or video streaming. Not only that, if your application ingests data into Data Lake storage on Azure Blobs, you can now directly mount and use it with AKS. Previously, you had to manually install and manage the lifecycle of the open-source Azure Blob CSI driver including deployment, versioning, and upgrades.
You can now use the Azure Blob CSI driver as a managed addon in AKS with built in storage classes for NFS and BlobFuse, reducing the operational overhead and maximizing time to value.
Source: Generally available: Azure Blob CSI driver support in AKS
Public preview: Build and deploy to Azure Container Apps without a Dockerfile from the Azure CLI
Azure Container Apps is a serverless containers platform for microservices. It has a rich set of commands in the Azure CLI for managing and deploying container apps.
The “az containerapp up” command can build and deploy local source code to Azure Container Apps in a single command. Previously, “az containerapp up” required a Dockerfile to build a container image. "az containerapp up” now supports building container images from source code without a Dockerfile.
Popular languages and runtimes, including .NET, Python, and Node.js are supported.
This feature is currently in preview.
Source: Public preview: Build and deploy to Azure Container Apps without a Dockerfile from the Azure CLI
Day 0 support for .NET 7.0 on App Service means that developers are immediately unblocked to try, test, and deploy .NET apps targeting the version of .NET accelerating time-to-market on the platform they know and use today. It is expected to be available in Q2 FY23.
Please visit this QuickStart: Deploy an ASP.NET web app to try out .NET 7.0 on App Service.
Source: Generally available Day 0 support for .NET 7.0 on App Service
Service Tiers
- vCore-based purchasing model
- General Purpose (Scalable compute and storage options)
- Hyperscale (On-demand scalable storage)
- Business Critical (High transaction rate and high resiliency)
- DTU-based purchasing model
- Basic (for less demanding workloads)
- Standard (for workloads with typical performance requirements)
- Premium (for IO-intensive workloads)
Compute Tiers (for General Purpose vCore)
- Provisioned - Compute resources are pre-allocated. Billed per hour based on vCores configured
- Serverless - Compute resources are auto-scaled. Billed per second based on vCore used
Additional Resources
A virtual core (vCore) represents a logical CPU and offers you the option to choose between generations of hardware and the physical characteristics of the hardware (for example, the number of cores, the memory, and the storage size). The vCore-based purchasing model gives you flexibility, control, and transparency of individual resource consumption.
In the vCore-based purchasing model, your costs depend on the choice and usage of Service tier like
- Hardware configuration
- Compute resources (the number of vCores and the amount of memory)
- Reserved database storage
- Actual backup storage
| Use case | General Purpose | Business Critical | Hyperscale |
|---|---|---|---|
| Best for | Most business workloads. Offers budget-oriented, balanced, and scalable compute and storage options. | Offers business applications the highest resilience to failures by using several isolated replicas, and provides the highest I/O performance per database replica. | Most business workloads with highly scalable storage and read-scale requirements. Offers higher resilience to failures by allowing configuration of more than one isolated database replica. |
| Availability | 1 replica, no read-scale replicas, zone-redundant high availability (HA) |
3 replicas, 1 read-scale replica, zone-redundant high availability (HA) |
zone-redundant high availability (HA) (preview) |
| Pricing/billing | vCore, reserved storage, and backup storage are charged. IOPS is not charged. |
vCore, reserved storage, and backup storage are charged. IOPS is not charged. |
vCore for each replica and used storage are charged. IOPS not yet charged. |
| Discount models | Reserved instances Azure Hybrid Benefit (not available on dev/test subscriptions) Enterprise and Pay-As-You-Go Dev/Test subscriptions |
Reserved instances Azure Hybrid Benefit (not available on dev/test subscriptions) Enterprise and Pay-As-You-Go Dev/Test subscriptions |
Azure Hybrid Benefit (not available on dev/test subscriptions) Enterprise and Pay-As-You-Go Dev/Test subscriptions |
For greater details, review resource limits for logical server, single databases, and pooled databases.
The DTU-based purchasing model uses a database transaction unit (DTU) to calculate and bundle compute costs.
A database transaction unit (DTU) represents a blended measure of
- CPU,
- memory,
- reads, and writes
In the DTU-based purchasing model, you can choose between the basic, standard, and premium service tiers for Azure SQL Database.
Choosing a service tier depends primarily on business continuity, storage, and performance requirements.
| Basic | Standard | Premium | |
|---|---|---|---|
| Target workload | Development and production | Development and production | Development and production |
| Uptime SLA | 99.99% | 99.99% | 99.99% |
| Maximum backup retention | 7 days | 35 days | 35 days |
| CPU | Low | Low, Medium, High | Medium, High |
| IOPS (approximate)* | 1-4 IOPS per DTU | 1-4 IOPS per DTU | >25 IOPS per DTU |
| IO latency (approximate) | 5 ms (read), 10 ms (write) | 5 ms (read), 10 ms (write) | 2 ms (read/write) |
| Columnstore indexing | N/A | S3 and above | Supported |
| In-memory OLTP | N/A | N/A | Supported |
Review DTU service tiers to learn more.
Azure SQL is a family of managed, secure, and intelligent products that use the SQL Server database engine in the Azure cloud.
- Azure SQL Database: Support modern cloud applications on an intelligent, managed database service, that includes serverless compute.
- Azure SQL Managed Instance: Modernize your existing SQL Server applications at scale with an intelligent fully managed instance as a service, with almost 100% feature parity with the SQL Server database engine. Best for most migrations to the cloud.
- SQL Server on Azure VMs: Lift-and-shift your SQL Server workloads with ease and maintain 100% SQL Server compatibility and operating system-level access.
Azure SQL is built upon the familiar SQL Server engine, so you can migrate applications with ease and continue to use the tools, languages, and resources you're familiar with. Your skills and experience transfer to the cloud, so you can do even more with what you already have.
Azure SQL Database and SQL Managed Instance share a common code base with the latest stable version of SQL Server. Most of the standard SQL language, query processing, and database management features are identical. The features that are common between SQL Server and SQL Database or SQL Managed Instance are:
- Language features - Control of flow language keywords, Cursors, Data types, DML statements, Predicates, Sequence numbers, Stored procedures, and Variables.
- Database features - Automatic tuning (plan forcing), Change tracking, Database collation, Contained databases, Contained users, Data compression, Database configuration settings, Online index operations, Partitioning, and Temporal tables (see getting started guide).
- Security features - Application roles, Dynamic data masking (see getting started guide), Row Level Security, and Threat detection - see getting started guides for SQL Database and SQL Managed Instance.
- Multi-model capabilities - Graph processing, JSON data (see getting started guide), OPENXML, Spatial, OPENJSON, and XML indexes.
Azure manages your databases and guarantees their high-availability. Some features that might affect high-availability or can't be used in PaaS world have limited functionalities in SQL Database and SQL Managed Instance. These features are described in the tables below.
If you need more details about the differences, you can find them in the separate pages:
Starting today, GitHub code scanning includes beta support for analyzing code written in Kotlin, powered by the CodeQL engine.
Kotlin is a key programming language used in the creation of Android mobile applications, and is an increasingly popular choice for new projects, augmenting or even replacing Java. To help organisations and open source developers find potential vulnerabilities in their code, we’ve added Kotlin support (beta) to the CodeQL engine that powers GitHub code scanning. CodeQL now natively supports Kotlin, as well as mixed Java and Kotlin projects. Set up code scanning on your repositories today to receive actionable security alerts right on your pull-requests. To enable Kotlin analysis on a repository, configure the code scanning workflow languages to include java. If you have any feedback or questions, please use this discussion thread or open an issue if you encounter any problems.
Kotlin support is an extension of our existing Java support, and benefits from all of our existing CodeQL queries for Java, for both mobile and server-side applications. We’ve also improved and added a range of mobile-specific queries, covering issues such as handling of Intents, Webview validation problems, fragment injection and more.
CodeQL support for Kotlin has already been used to identify novel real-world vulnerabilities in popular apps, from task management to productivity platforms. You can watch the GitHub Universe talk on how CodeQL was used to identify vulnerabilities like these here.
Kotlin beta support is available by default in GitHub.com code scanning, the CodeQL CLI, and the CodeQL extension for VS Code. GitHub Enterprise Server (GHES) version 3.8 will include this beta release.
Source: CodeQL code scanning launches Kotlin analysis support (beta)
Azure App Service is regularly updated to provide new runtime versions to allow web app developers to take advantage of the latest runtime features and security fixes. We are now adding support for Python 3.10, PHP 8.1 and Node 18, giving them a choice of more versions of the latest and fastest growing web app development languages available.
Source: Generally Available: New versions supported for languages and frameworks in Azure App Service
Microsoft is excited to announce the public preview of one of our most requested native monitoring features – Azure Virtual Desktop Insights at Scale. This update provides the ability to review performance and diagnostic information across multiple host pools in one view.
Previously, Azure Virtual Desktop Insights only supported the ability to review information related to a single host pool at a time. In many cases this limited visibility into issues that may have an impact across multiple host pools.
Read more at Azure Daily 2022
In this blog, we will present a feature for moving Azure SQL Managed Instance from one to another subnet located in a different virtual network. This capability comes as an enhancement of the existing capability for moving the instance to another subnet.
Read more at Azure Daily 2022
Azure Monitor agent is the way to collect text and IIS files for Log Analytics.
Today Microsoft is happy to introduce the long-awaited Custom Log and IIS Log collection capability. This new capability is designed to enable customers to collect their text-based logs generated in their service or application. Likewise, Internet Information Service (IIS) logs for a customers’ service can be collected and transferred into a Log Analytics Workspace table for analysis. These new collection types will enable customers to migrate from other competing data collection services to Azure Monitor.
Source: General availability: Azure Monitor agent custom and IIS logs
We’re announcing that Azure Virtual Desktop has public preview support for Azure Confidential Virtual Machines. Confidential Virtual Machines increase data privacy and security by protecting data in use. The Azure DCasv5 and ECasv5 confidential VM series provide a hardware-based Trusted Execution Environment (TEE) that features AMD SEV-SNP security capabilities, which harden guest protections to deny the hypervisor and other host management code access to VM memory and state, and that is designed to protect against operator access and encrypts data in use.
With this preview, support for Windows 11 22H2 has been added to Confidential Virtual Machines. Confidential OS Disk encryption and Integrity monitoring will be added to the preview at a later date. Confidential VM support for Windows 10 is planned.
Read more at Azure Daily 2022
We are pleased to announce the general availability of RDP Shortpath for public networks. RDP Shortpath improves the transport reliability of Azure Virtual Desktop connections by establishing a direct UDP data flow between the Remote Desktop client and session hosts. This feature is enabled by default for all customers. We started deploying RDP Shortpath in September and now the feature is 100% rolled out.
What is RDP Shortpath for public networks?
Read more at Azure Daily 2022
File storage is a critical part of any organization’s on-premises IT infrastructure. As organizations migrate more of their applications and user shares to the cloud, they often face challenges in migrating the associated file data. Having the right tools and services is essential to successful migrations.
Across workloads, there can be a wide range of file sizes, counts, types, and access patterns. In addition to supporting a variety of file data, migration services must minimize downtime, especially on mission-critical file shares.
Source: Azure Storage Mover–A managed migration service for Azure Storage
Inside each streaming node of an Azure Stream Analytics job, there are Stream Analytics processors available for processing the stream data. Each processor represents one or more steps in your query. The processor diagram in physical job diagram visualizes the processor topology inside the specific streaming node of your job. It helps you to identify if there is any bottleneck and where the bottleneck is in the streaming node of your job.
Source: Public preview: Processor diagram in Physical Job Diagram for Stream Analytics job troubleshooting
Log compaction is a way of retaining events in Event Hubs. Rather using time based retention, you can use key-based retention mechanism where Event Hubs retrains the last known value for each event key of an event hub or Kafka topic. Event Hubs service runs a compaction job internally and purges old events in a compacted event hub. The partition key that you set with each event is used as the compaction key and users can also mark events that needs to be deleted from the event log by publishing event with a key and null payload.
To learn more about log compaction, please check out Log Compaction documentation.
Source: Public preview: Log compaction support in Azure Event Hubs
Enable higher throughput levels for Azure Service Bus premium via two new features in public preview today.
First, we are releasing scaling partitions, allowing the use of partitioning for the premium messaging tier. Service Bus partitions enable messaging entities to be partitioned across multiple message brokers. This means that the overall throughput of a partitioned entity is no longer limited by the performance of a single message broker. Additionally, a temporary outage of a message broker, for example during an upgrade, does not render a partitioned queue or topic unavailable, as messages will be retried on a different partition.
Second, we are making a change to our infrastructure, which will result in more consistent low latency. This is accomplished by switching our storage to a different implementation called local store. During public preview we will create partitioned namespaces using this new feature, but in the future all new namespaces will be created on local store.
Source: Public preview: Performance improving features for Azure Service Bus premium
Generally available: Static Web Apps Diagnostics
Azure Static Web Apps Diagnostics is an intelligent tool to help you troubleshoot your static web app directly from the Azure Portal. When issues arise, Static Web Apps diagnostics will help you diagnose what went wrong and will show you how to resolve the issues. This guidance helps you improve the reliability of your site and track its performance.
Azure Site Recovery (ASR) has increased its data churn limit by approximately 2.5x to 50 MB/s per disk. With this, you can configure disaster recovery (DR) for Azure VMs having data churn up to 100 MB/s. This helps you to enable DR for more IO intensive workloads.
To opt for the higher churn limit is very easy – you need to select the option High Churn (Public Preview) when enabling the replication. By default, Normal Churn option is selected. If you want to use the higher churn limit for Azure VMs already protected using ASR, you need to disable replication and re-enable replication with the High Churn (Public Preview) option selected. Please note that this feature is only available for Azure-to-Azure scenarios.
Source: Public Preview: Azure Site Recovery Higher Churn Support
Public preview: Azure Arc enabled Azure Container Apps
The cluster can be on-premises or hosted in a third-party cloud. This approach allows developers to take advantage of the features and developer productivity of Azure Container Apps. Meanwhile it allows IT Administrators to maintain corporate compliance by hosting the application in Hybrid environments.
Azure Container Apps allows developers to rapidly build and deploy microservices and containerized applications. Common uses of Azure Container Apps include, but are not limited to: API endpoints, background or event-driven processing, and running microservices. Applications can dynamically scale within the limits of the Arc-enabled Kubernetes cluster.
By deploying an Arc extension on the Azure Arc-enabled Kubernetes cluster, IT administrators gain control of the underlying hardware and environment, while still enabling the high productivity of Azure PaaS services from within a hybrid environment.
Source: Public preview: Azure Arc enabled Azure Container Apps
Durable Functions for Java is now generally available. Durable Functions makes it easy to orchestrate stateful workflows as-code in a serverless environment. Some common stateful application patterns that Durable Functions facilitates include "function chaining", "fan out/fan in", "async http APIs", "monitor", and "human interaction". More details about Durable Functions concepts and patterns can be found in our documentation.
Source: Generally Available: Durable Functions support for Java
Azure Dedicated Host gives you more control over the hosts you deployed by giving you the option to restart any host. When undergoing a restart, the host and its associated VMs will restart while staying on the same underlying physical hardware.
With this new capability, now generally available, you can take troubleshooting steps at the host level. This feature is currently available only in Azure public cloud and we will soon be launching this feature in sovereign clouds as well.
The Business case capability in Azure Migrate helps you build business proposals to understand how Azure can bring the most value. It can help you understand the return on investment for migrating your servers, SQL Server deployments and ASP.NET web apps running in your VMware environment to Azure. The business case can be created with just a few clicks and can help you understand:
- On-premises vs Azure total cost of ownership and year on year cashflow.
- Resource utilization-based insights to identify servers and workloads that are ideal for cloud and right-sized recommendations in Azure.
- Quick wins for migration and modernization including end of support Windows OS and SQL versions.
- Long term cost savings by moving from a capital expenditure model to an Operating expenditure model, by paying for only what you use.
Build your first business case today. Learn more
Source: Public preview: Build a business case with Azure Migrate
Materialized view provides the ability to create Apache Cassandra tables with different primary/partition keys. This reduces write latency for your source table since the service handles populating the materialized views automatically and asynchronously. Benefit from low latency point reads directly from the views and overall greater compatibility with native Apache Cassandra.
Source: Public Preview: Materialized view for Azure Cosmos DB for Apache Cassandra
With the "Featured Clothing" insight, you are able to identify key items worn by individuals within videos. This allows high-quality in-video contextual advertising by matching relevant clothing ads with the specific time within the video in which they are viewed. "Featured Clothing" is now available to you using Azure Video Indexer advanced preset. With the new featured clothing insight information, you can enable more targeted ads placement.
The new Azure Cosmos DB connector V2 for Power BI now allows you to import data into your dashboards using the DirectQuery mode, in addition to the previously available Import mode.
The DirectQuery mode in the V2 connector is helpful in scenarios where Azure Cosmos DB container data volume is large enough to be imported into Power BI cache via Import mode. It’s also helpful in scenarios where real-time reporting with the latest ingested data is a requirement. This feature can help you reduce data movement between Azure Cosmos DB and Power BI, with filtering and aggregations being pushed down. It is also helpful in user scenarios where real-time reporting with the latest ingested data is a requirement. Direct Query also has performance optimizations related to query pushdown and data serialization.
Source: Public preview: Azure Cosmos DB V2 Connector for Power BI
We are certifying IT Service Management Connector (ITSMC) on Tokyo version of ServiceNow.
Azure services like Log Analytics and Azure Monitor provide tools to detect, analyze and troubleshoot issues with your Azure and non-Azure resources to enable work item integration with IT Service Management products. The ITSM connector provides a bi-directional connection between Azure and ITSM tools to help track and resolve issues faster.
Azure Database for PostgreSQL – Flexible Server uses storage encryption of data at-rest for data using service managed encryption keys in limited Azure regions. Data, including backups, are encrypted on disk and this encryption is always on and can't be disabled. The encryption uses FIPS 140-2 validated cryptographic module and an AES 256-bit cipher for the Azure storage encryption. Currently this feature is available in the Switzerland North, Switzerland West, Canada East, Canada Central, Southeast Asia, Asia East and Brazil South regions.
Infrastructure encryption with customer managed keys (CMK) adds a second layer of protection by encrypting service-managed keys with customer managed keys. It uses FIPS 140-2 validated cryptographic module, but with a different encryption algorithm. This provides an additional layer of protection for your data at rest. The key managed by the customer that is used to encrypt the service supplied key is stored in Azure Key Vault service, providing additional security, high availability, and disaster recovery features.
Source: General availability: Encryption using CMK for Azure Database for PostgreSQL – Flexible Server
Azure Data Explorer (ADX) now supports managed ingestion from Azure Cosmos DB.
This feature enables near real-time analytics on Cosmos DB data in a managed setting (ADX data connection). Since ADX supports Power BI direct query, it enables near real-time Power BI reporting. The latency between Cosmos DB and ADX can be as low as sub-seconds (using streaming ingestion).
This brings the best of both worlds: fast/low latency transactional workload with Azure Cosmos DB and fast / ad hoc analytical with Azure Data Explorer.
Only Azure Cosmos DB NoSQL is supported.
Source: Public Preview: Azure Cosmos DB to Azure Data Explorer Synapse Link
Delta Lake is open source software that extends Parquet data files with a file-based transaction log for ACID transactions and scalable metadata handling. Now, Stream Analytics no-code editor provides you an easiest way (drag and drop experience) to capture your Event Hubs data into ADLS Gen2 with this Delta Lake format without a piece of code. A pre-defined canvas template has been prepared for you to further speed up your data capturing with such format.
To access this capability, simply go to your Event Hubs in Azure portal -> Features -> Process data or Capture.
Source: Public preview: Capture Event Hubs data with Stream Analytics no-code editor in Delta Lake format
GitHub Actions: OpenID Connect token now supports more claims for configuring granular cloud access
OpenID Connect (OIDC) support in GitHub Actions enables secure cloud deployments using short-lived tokens that are automatically rotated for each deployment.
Each OIDC token includes standard claims like the audience, issuer, subject and many more custom claims that uniquely define the workflow job that generated the token. These claims can be used to define fine grained trust policies to control the access to specific cloud roles and resources.
These changes enable developers to define more advanced access policies using OpenID connect and do more secure cloud deployments at scale with GitHub Actions.
Source: GitHub Actions: OpenID Connect token now supports more claims for configuring granular cloud access
Generally available: Azure Ultra Disk Storage in Switzerland North and Korea South
Azure Ultra Disk Storage is now available in one zone in Switzerland North and with Regional VMs in Korea South. Azure Ultra Disk Storage offers high throughput, high IOPS, and consistent low latency disk storage for Azure Virtual Machines (VMs). Ultra Disk Storage is well-suited for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads.
Source: Generally available: Azure Ultra Disk Storage in Switzerland North and Korea South
Large language models are quickly becoming an essential platform for people to innovate, apply AI to solve big problems, and imagine what’s possible. Today, we are excited to announce the general availability of Azure OpenAI Service as part of Microsoft’s continued commitment to democratizing AI, and ongoing partnership with OpenAI.
With Azure OpenAI Service now generally available, more businesses can apply for access to the most advanced AI models in the world—including GPT-3.5, Codex, and DALL•E 2—backed by the trusted enterprise-grade capabilities and AI-optimized infrastructure of Microsoft Azure, to create cutting-edge applications. Customers will also be able to access ChatGPT—a fine-tuned version of GPT-3.5 that has been trained and runs inference on Azure AI infrastructure—through Azure OpenAI Service soon.
Empowering customers to achieve more
We debuted Azure OpenAI Service in November 2021 to enable customers to tap into the power of large-scale generative AI models with the enterprise promises customers have come to expect from our Azure cloud and computing infrastructure—security, reliability, compliance, data privacy, and built-in Responsible AI capabilities.
Since then, one of the most exciting things we’ve seen is the breadth of use cases Azure OpenAI Service has enabled our customers—from generating content that helps better match shoppers with the right purchases to summarizing customer service tickets, freeing up time for employees to focus on more critical tasks.
Customers of all sizes across industries are using Azure OpenAI Service to do more with less, improve experiences for end-users, and streamline operational efficiencies internally. From startups like Moveworks to multinational corporations like KPMG, organizations small and large are applying the capabilities of Azure OpenAI Service to advanced use cases such as customer support, customization, and gaining insights from data using search, data extraction, and classification.
“At Moveworks, we see Azure OpenAI Service as an important component of our machine learning architecture. It enables us to solve several novel use cases, such as identifying gaps in our customer’s internal knowledge bases and automatically drafting new knowledge articles based on those gaps. This saves IT and HR teams a significant amount of time and improves employee self-service. Azure OpenAI Service will also radically enhance our existing enterprise search capabilities and supercharge our analytics and data visualization offerings. Given that so much of the modern enterprise relies on language to get work done, the possibilities are endless—and we look forward to continued collaboration and partnership with Azure OpenAI Service."—Vaibhav Nivargi, Chief Technology Officer and Founder at Moveworks.
“Al Jazeera Digital is constantly exploring new ways to use technology to support our journalism and better serve our audience. Azure OpenAI Service has the potential to enhance our content production in several ways, including summarization and translation, selection of topics, AI tagging, content extraction, and style guide rule application. We are excited to see this service go to general availability so it can help us further contextualize our reporting by conveying the opinion and the other opinion.”—Jason McCartney, Vice President of Engineering at Al Jazeera.
“KPMG is using Azure OpenAI Service to help companies realize significant efficiencies in their Tax ESG (Environmental, Social, and Governance) initiatives. Companies are moving to make their total tax contributions publicly available. With much of these tax payments buried in IT systems outside of finance, massive data volumes, and incomplete data attributes, Azure OpenAI Service finds the data relationships to predict tax payments and tax type—making it much easier to validate accuracy and categorize payments by country and tax type.”—Brett Weaver, Partner, Tax ESG Leader at KPMG.
Azure—the best place to build AI workloads
The general availability of Azure OpenAI Service is not only an important milestone for our customers but also for Azure.
Azure OpenAI Service provides businesses and developers with high-performance AI models at production scale with industry-leading uptime. This is the same production service that Microsoft uses to power its own products, including GitHub Copilot, an AI pair programmer that helps developers write better code, Power BI, which leverages GPT-3-powered natural language to automatically generate formulae and expressions, and the recently-announced Microsoft Designer, which helps creators build stunning content with natural language prompts.
All of this innovation shares a common thread: Azure’s purpose-built, AI-optimized infrastructure.
Azure is also the core computing power behind OpenAI API’s family of models for research advancement and developer production.
Azure is currently the only global public cloud that offers AI supercomputers with massive scale-up and scale-out capabilities. With a unique architecture design that combines leading GPU and networking solutions, Azure delivers best-in-class performance and scale for the most compute-intensive AI training and inference workloads. It’s the reason the world’s leading AI companies—including OpenAI, Meta, Hugging Face, and others—continue to choose Azure to advance their AI innovation. Azure currently ranks in the top 15 of the TOP500 supercomputers worldwide and is the highest-ranked global cloud services provider today. Azure continues to be the cloud and compute power that propels large-scale AI advancements across the globe.
Source: TOP500 The List: TOP500 November 2022, Green500 November 2022.
A responsible approach to AI
As an industry leader, we recognize that any innovation in AI must be done responsibly. This becomes even more important with powerful, new technologies like generative models. We have taken an iterative approach to large models, working closely with our partner OpenAI and our customers to carefully assess use cases, learn, and address potential risks. Additionally, we’ve implemented our own guardrails for Azure OpenAI Service that align with our Responsible AI principles. As part of our Limited Access Framework, developers are required to apply for access, describing their intended use case or application before they are given access to the service. Content filters uniquely designed to catch abusive, hateful, and offensive content constantly monitor the input provided to the service as well as the generated content. In the event of a confirmed policy violation, we may ask the developer to take immediate action to prevent further abuse.
We are confident in the quality of the AI models we are using and offering customers today, and we strongly believe they will empower businesses and people to innovate in entirely new and exciting ways.
The pace of innovation in the AI community is moving at lightning speed. We’re tremendously excited to be at the forefront of these advancements with our customers, and look forward to helping more people benefit from them in 2023 and beyond.
Getting started with Azure OpenAI Service
- Learn more about Azure OpenAI Service and more about all the latest enhancements.
- Apply for access to Azure OpenAI Service. Once approved for use, customers can log in to the Azure portal to create an Azure OpenAI Service resource and then get started either in our Studio website or via code:
- Read the blog: AI and the need for purpose-built cloud infrastructure.
- Watch a video with tips on how to get started with Azure OpenAI Service:
Public Preview: Azure Automation Visual Studio Code Extension
You can now use Azure Automation Extension to quickly create and manage runbooks. All runbook creation and management operations like editing runbook, triggering jobs, tracking recent jobs, linking a schedule or webhook, asset management, local debugging, and many more are supported in the extension to make it easier for you to work in the IDE like interface provided by VS Code.
Source: Public Preview: Azure Automation Visual Studio Code Extension
The Change Tracking and Inventory service tracks changes to Files, Registry, Software, Services and Daemons and uses the MMA (Microsoft Monitoring Agent)/OMS (Operations Management Suite) agent. This preview supports the new AMA agent and enhances the following:
- Security/Reliability and Scale - The Azure Monitor Agent enhances security, reliability, and facilitates multi-homing experience to store data.
- Simplified onboarding- You can onboard to Virtual Machines directly to Change Tracking (add link) without needing to configure an Automation account. In new experience, there is
- Rules management – Uses Data Collection Rules to configure or customize various aspects of data collection. For example, you can change the frequency of file collection. DCRs let you configure data collection for specific machines connected to a workspace as compared to the "all or nothing" approach of legacy agents.
General Availability: Azure Active Directory authentication for exporting and importing Managed Disks
Azure already supports disk import and export locking only from a trusted Azure Virtual Network (VNET) using Azure Private Link. For greater security, we are launching the integration with Azure Active Directory (AD) to export and import data to Azure Managed Disks. This feature enables the system to validate the identity of the requesting user in Azure AD and verify that the user has the required permissions to export and import that disk.
This feature is now generally available, to learn more, read the documentation Download VHD or Upload a VHD to a managed disk.
As a central authentication repository used by Azure, Azure Active Directory allows you to store objects such as users, groups, or service principals as identities. Azure AD also allows you to use those identities to authenticate with different Azure services. Azure AD authentication is supported for Azure SQL Database, Azure SQL Managed Instance, SQL Server on Windows Azure VMs, Azure Synapse Analytics, and now we are bringing it to SQL Server 2022.
Source: Generally available: Azure Active Directory authentication for SQL Server 2022
Today, customers and partners manage hundreds or even thousands of active databases. For each of these databases, it is essential to be able to create an accurate mapping of the active configurations. This could be for inventorying or even reporting purposes. Centralizing this database inventory in Azure using Azure Arc allows you to create a unified view of all your databases in one place regardless of which infrastructure those databases might be located on – in Azure, in your datacenter, in edge sites, or even in other clouds.
Source: Public Preview of Viewing SQL Server Databases via Azure Arc
Microsoft has announced that window sharing of the Microsoft Teams application is now generally available on the Azure Virtual Desktop for Windows users.
Application window sharing now allows users to select a specific window from their desktop screen to share. Previously, users could only share their entire desktop window or a Microsoft PowerPoint Live presentation. Application window sharing helps reduce the risk of showing sensitive content during meetings/calls and keeps meetings focused by directing participants to specific content.
Read more at Azure Daily 2022
- Managed Identities
- User Assigned Managed Identities (UAMI)
- Service Principals
- Service Connections
Azure Key Vault is a cloud-based secrets store for holding app secrets, including configuration values like passwords and connection strings that must always remain secure. It keeps secrets in a single central location and provides secure access, permissions control, and access logging.
Use Azure Key Vault to store secrets like Passwords, Shared Access Signature (SAS) tokens, Application Programming Interface (API) keys, and Personal Access Tokens (PAT).
Source app settings from key vault
Complete reference:
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)Alternatively:
@Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret)Source: Use Key Vault references - Azure App Service | Microsoft Learn
Are you just starting your cloud journey or looking for ways to upgrade your knowledge in specific areas? Azure Charts is a web-based application that allows you to see what Azure consists of and how it evolves.
References
Microsoft Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics.
Service Bus is used to decouple applications and services from each other, which help us to balance workload.
Azure Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Easily create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Empower data consumers to find valuable, trustworthy data.
Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network.
How to stay up-to-date with Microsoft Azure
Microsoft Azure is huge and changes fast! At this point in time, there are more than 200 services in Azure, with many features. The rate at which services evolve is impressive. New services come out all the time, and services are constantly being improved with new features. Microsoft can do this because most services are owned by separate teams that develop functionality.
This high rate of change is great because it keeps providing new ways to solve problems. However, it is tough to stay up-to-date. It is very hard to keep track of new services; and what their purpose is in the world of Azure.
So the question is how to stay up-to-date? Here are some important information sources.
Commands
az extension add --name connectedk8s
az extension add --name k8s-configuration
az extension update --name connectedk8s
az extension update --name k8s-configuration
Connect to cluster
az connectedk8s connect --name {kubernetes-name} --resource-group {resource-group-name}
The following list shows helpful resources for tracking users in Application Insights
- appInsights.setAuthenticatedUserContext is not a function - how to get authenticated user context on automatic telemetry? · Issue #218 · microsoft/ApplicationInsights-aspnetcore · GitHub
- asp.net mvc - Azure - App Insights - how to track the logged-in Username in Auth Id? - Stack Overflow
- Tracking Authenticated User ID in Application Insights (matthew-glace.blogspot.com)
A security playbook is a collection of procedures that can be run from Azure Sentinel in response to an alert. Playbooks provide the ability to build flows that can automate investigations and respond to security alerts that happen in the environment.
Web PubSub makes it easy to scale web apps so that developers can focus on the user experience for their chat apps, games, and other communication-intensive scenarios.
Web PubSub supports both native and serverless WebSockets, so developers can leverage the publish-subscribe messaging pattern and let Web PubSub handle the real-time communication requirements between an application and web and mobile clients. This enables scenarios such as chats, live broadcasting, and IoT dashboards.
Azure Web PubSub service now generally available | Azure updates | Microsoft Azure
The message size limit for Service Bus is 1 MB (premium tier).
Azure Container Apps enables you to run microservices and containerized applications on a serverless platform.
Log Analytics is a tool in the Azure portal used to edit and run log queries with data in Azure Monitor Logs. You may write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze them.
Azure Private Link is a technology designed to provide private connectivity to selected PaaS services, customer-owned, and partner-offered services.
Cognitive Services brings AI within reach of every developer and data scientist. With leading models, a variety of use cases can be unlocked. All it takes is an API call to embed the ability to see, hear, speak, search, understand, and accelerate advanced decision-making into your apps. Enable developers and data scientists of all skill levels to easily add AI capabilities to their apps.
Azure Arc is a Microsoft solution to be able to centrally manage and operate IT resources across multiple clouds and locations.
Azure Arc offers simplified management, faster app development, and consistent Azure services. Easily organize, govern, and secure Windows and Linux servers, SQL Server, and Kubernetes clusters across data centers, the edge, and multi-cloud environments in Azure. Architect, design and build cloud-native apps anywhere without sacrificing central visibility and control. Get Azure innovation and cloud benefits by deploying consistent Azure applications, machine learning, and data services on any infrastructure.
It allows central inventory management for resources like Windows, Linux, and SQL servers, including ways to monitor and manage them. IT provides a similar approach for Kubernetes clusters.
Azure Bicep is a domain-specific language (DSL) that uses a declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse.
Durable Functions enables you to implement complex stateful functions in a serverless environment.
Durable Functions is an extension of Azure Functions. Whereas Azure Functions operate in a stateless environment, Durable Functions can retain state between function calls. This approach enables you to simplify complex stateful executions in a serverless environment.
Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios.
This Set combines some Snipps for tracking authenticated users with Application Insights.
See also Configurations for Application Insights.
What is Azure Sentinel?
Azure Sentinel is a security information event management (SIEM) and security orchestration automation response (SOAR) solution.
Sentinel is a cloud-native solution.
How it works
Sentinel sits on top of Log Analytics.
Features and benefits
What it provides, features and benefits:
- It provides intelligent analytics about different threats in IT solutions.
- It provides threat detection and response.
Use Cases
Architecture
Security, monitoring, and compliance
Availability and costs
Differences to other products
- .NET
- .NET
- .NET 6.0 Migration
- .NET Argument Exceptions
- .NET Class Library
- .NET Reflection
- 5 Best websites to read books online free with no downloads
- 5 surprising things that men find unattractive
- 5 Ways To Take Control of Overthinking
- 6 simple methods for a more productive workday
- 6 Ways To Stop Stressing About Things You Can't Control
- Add React to ASP.NET Core
- Adding reCAPTCHA to a .NET Core Web Site
- Admin Accounts
- Adobe Acrobat
- Afraid of the new job? 7 positive tips against negative feelings
- Agile
- AI
- AKS and Kubernetes Commands (kubectl)
- API Lifecycle Management
- Application Insights
- arc42
- Article Writing Tools
- ASP.NET Core Code Snippets
- ASP.NET Core Performance Best Practices
- ASP.NET Core Razor Pages and Markup
- ASP.NET Razor Syntax Cheat Sheet
- Asynchronous programming
- Atlassian
- Authorization Code Grant
- Avoiding List Reference Issues in .NET: Making Independent Copies
- Axios Library
- Azure
- Azure API Management
- Azure App Registration
- Azure Application Gateway
- Azure Application Insights
- Azure Arc
- Azure Arc Commands
- Azure Architectures
- Azure Bastion
- Azure Bicep
- Azure CLI Commands
- Azure Cloud Products
- Azure Cognitive Services
- Azure Container Apps
- Azure Cosmos DB
- Azure Cosmos DB Commands
- Azure Costs
- Azure Daily
- Azure Daily 2022
- Azure Daily 2023
- Azure Data Factory
- Azure Database for MySQL
- Azure Databricks
- Azure Diagram Samples
- Azure Durable Functions
- Azure Firewall
- Azure Functions
- Azure Kubernetes Service (AKS)
- Azure Landing Zone
- Azure Log Analytics
- Azure Logic Apps
- Azure Maps
- Azure Monitor
- Azure News
- Azure PowerShell Cmdlets
- Azure PowerShell Login
- Azure Private Link
- Azure Purview
- Azure Redis Cache
- Azure Security Groups
- Azure Sentinel
- Azure Service Bus
- Azure Service Bus Questions (FAQ)
- Azure Services Abstract
- Azure SQL
- Azure Storage Account
- Azure Tips and Tricks
- Backlog Items
- BASH Programming
- Best LinkedIn Tips (Demo Test)
- Best Practices for RESTful API
- Bing Maps
- Birthday Gift Ideas for Wife
- Birthday Poems
- Black Backgrounds and Wallpapers
- Bootstrap Templates
- Brave New World
- Break Out of a JavaScript Loop
- Brian Tracy Quotes
- Build Websites Resources
- C# - Data Types
- C# Code Samples
- C# Design Patterns
- C# Development Issues
- C# Programming Guide
- C# Retry Pattern
- C# Strings
- Caching
- Caching Patterns
- Camping Trip Checklist
- Canary Deployment
- Careers of the Future You Should Know About
- Cheap Vacation Ideas
- Cloud Computing
- Cloud Migration Methods
- Cloud Native Applications
- Cloud Service Models
- Cloudflare
- Code Snippets
- Compelling Reasons Why Money Can’t Buy Happiness
- Conditional Access
- Configurations for Application Insights
- Const in JavaScript
- Create a Routine
- Create sitemap.xml in ASP.NET Core
- Creative Writing: Exercises for creative texts
- CSS Selectors Cheat Sheet
- Cultivate a Growth Mindset
- Cultivate a Growth Mindset by Stealing From Silicon Valley
- Custom Script Extension for Windows
- Daily Scrum (Meeting)
- Dalai Lama Quotes
- Data Generators
- DataGridView
- Decision Trees
- Deployments in Azure
- Dev Box
- Develop ASP.NET Core with React
- Docker
- Don’t End a Meeting Without Doing These 3 Things
- Drink More Water: This is How it Works
- Dropdown Filter
- Earl Nightingale Quotes
- Easy Steps Towards Energy Efficiency
- EF Core
- EF Core Migrations
- EF Core Save Data
- Elon Musk
- Elon Musk Companies
- Employment
- English
- Escape Double Quotes in C#
- Escaping characters in C#
- Executing Raw SQL Queries using Entity Framework Core
- Factors to Consider While Selecting the Best Earthmoving System
- Feng Shui 101: How to Harmonize Your Home in the New Year
- Filtering and Organizing Data with JavaScript
- Flying Machines
- Foods against cravings
- Foods that cool you from the inside
- Four Misconceptions About Drinking
- Free APIs
- Funny Life Quotes
- Generate Faces
- Generate Random Numbers in C#
- Genius Money Hacks for Massive Savings
- Git Cheat Sheet
- git config
- Git for Beginners
- Git Fork
- GitHub
- GitHub Concepts
- Green Careers Set to Grow in the Next Decade
- Grouping in EF Core
- Habits Of Highly Stressed People and how to avoid them
- Happy Birthday Wishes & Quotes
- Helm Overview
- How to Clean Floors – Tips & Tricks
- How to invest during the 2021 pandemic
- How To Make Money From Real Estate
- How To Stop Drinking Coffee
- HTML 'video' Tag
- HTTP
- HTTP PUT
- HTTP Status Code
- Image for Websites
- Implementing Efficient Search Functionality in React
- Inspirational Quotes
- Install PowerShell
- JavaScript
- JavaScript Array Object
- JavaScript Collection
- JavaScript Functions
- JavaScript Scope
- JavaScript Snippets
- JavaScript Tutorial
- JavaScript Variables
- Jobs Of 2050
- jQuery
- jQuery plugins
- JS Async
- JSON (JavaScript Object Notation)
- JSON Deserialization in C#
- JSON for Linking Data (JSON-LD)
- Json to C# Converters
- JSON Tree Viewer JavaScript Plugin
- JSON Web Tokens, (JWT)
- Karen Lamb Quotes
- Kubernetes Objects
- Kubernetes Tools
- Kusto Query Language
- Lack of time at work? 5 simple tricks to help you avoid stress
- Lambda (C#)
- Last Minute Travel Tips
- Last-Minute-Reisetipps
- Latest Robotics
- LDAP
- LDAP search filters
- Leadership
- Let in JavaScript
- List Of Hobbies And Interests
- Logitech BRIO Webcam
- Management
- Managing Services with PowerShell: A Quick Guide
- Mark Twain Quotes
- Markdown
- Meet Sophia
- Message-Oriented Architecture
- Microservices
- Microsoft Power Automate
- Microsoft SQL Server
- Microsoft Teams
- Migrations VS Commands
- Mobile UI Frameworks
- Motivation
- Multilingual Applications
- NuGet
- Objectives and Key Results (OKR)
- Objectives and Key Results (OKR) Samples
- OKR Software
- Online JSON Viewer and Parser
- Operators
- Outlook Automation
- PCMag
- Phases of any relationship
- Playwright
- Popular cars per decade
- Popular Quotes
- PowerShell
- PowerShell Array Guide
- PowerShell Cmdlets
- PowerShell Coding Samples
- PowerToys
- Prism
- Pros & Cons Of Alternative Energy
- Quill Rich Text Editor
- Quotes
- RACI Matrix
- Razor Syntax
- React Click Event Handlers
- React Conditional Rendering
- React Context
- React Hooks
- React Router
- Reasons why singletasking is better than multitasking
- Regular Expression (RegEx)
- Reorder List in JavaScript
- Resize Images in C#
- Response Caching in ASP.NET Core
- RESTful APIs
- Rich Text Editors
- Rob Siltanen Quotes
- Robots
- Run sudo commands
- Sample Data
- Save Money On Food
- Score with authenticity in the job interview
- Scrum
- Scrum Meetings
- Security
- Semantic Versioning
- Serialization using Thread Synchronization
- Service Worker
- Snipps (en)
- Speak and Presentation
- Sprint Backlog
- SQL Functions
- SQL References
- SQL Server Full-Text Search
- SQL UPDATE
- Stress
- Successful
- Surface Lineup 2021
- Surface Lineup 2021 Videos
- SVG Online Editors
- TanStack Query (FKA React Query)
- Team Manifesto
- Technologies
- Technology Abbreviations
- Technology Glossary
- TechSpot
- That is why you should drink cucumber water every day
- The Cache Tag Helper in ASP.NET Core
- The Verge
- Theodore Roosevelt Quotes
- These 7 things make you unattractive
- Things Successful People Do That Others Don’t
- Things to Consider for a Great Birthday Party
- Things to Consider When Designing A Website
- Thoughts
- TinyMCE Image Options
- TinyMCE Toolbar Options
- Tips for a Joyful Life
- Tips for fewer emails at work
- Tips for Making Better Decisions
- Tips for Managing the Stress of Working at Home
- Tips for Writing that Great Blog Post
- Tips On Giving Flowers As Gifts
- Tips you will listen better
- Top Fitness Tips
- Top Healthy Tips
- Top Money Tips
- Top Ten Jobs
- Track Authenticated Users in Application Insights
- Transactions in EF Core
- Unfiled (legacy)
- Unicode Characters
- Uri Class
- useContext Hook in React
- Var in JavaScript
- Visual Studio 2022
- Vital everyday work: tips for healthy work
- Walking barefoot strengthens your immune system
- Walt Disney Quotes
- Ways for Kids to Make Money
- Web Design Trends & Ideas
- Web Icons
- Web Scraping
- Webhooks
- Website Feature Development
- What are my options for investing money?
- What happens when you drink water in the morning
- What is a Sprint in Scrum?
- What Is Stressful About Working at Home
- What To Eat For Lunch
- When to use Task.Delay, when to use Thread.Sleep?
- Windows
- Windows 11 Top Features You Should Know
- Winston Churchill Quotes
- XPath
- You'll burn out your team with these 5 leadership mistakes
- ZDNet