I am here to provide a single post for Azure updates on the previous month. In this blog, we will cover June month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorized the updates based on high-level sections.
Azure Compute
Public Preview: Confidential Virtual Machines (VM) support in Azure Virtual Desktop
Azure Confidential Virtual Machines (VMs) support in Azure Virtual Desktop is in public preview. Confidential Virtual Machines increase data privacy and security by protecting data in use. The Azure DCasv5 and ECasv5 confidential VM series provide a hardware-based Trusted Execution Environment (TEE) that features AMD SEV-SNP security capabilities, which harden guest protections to deny the hypervisor and other host management code access to VM memory and state, and that are designed to protect against operator access and encrypts data in use. With this preview, support for Windows 11 22H2 has been added to Confidential Virtual Machines.
What is changing with this update: With this preview, support for Windows 11 22H2 has been added to Confidential Virtual Machines. Confidential OS Disk encryption and Integrity monitoring will be added to the preview later. Confidential VM support for Windows 10 is planned.
To learn more about this update, visit: https://techcommunity.microsoft.com/t5/azure-virtual-desktop-blog/confidential-virtual-machine-support-for-azure-virtual-desktop/ba-p/3686350
Public preview: Custom Image Templates for Azure Virtual Desktop
Custom image templates allow admins to build a custom “golden image” with the capability to include Azure Virtual Desktop built-in customizations and your customization scripts to install other applications or configurations. Leveraging the Azure Image Builder (AIB) service, it takes the elements that you want to include in your build and ships them to the AIB service, which builds the image, including any additional customizations you have either selected from the Azure Virtual Desktop built-in customizations or those of your own.
What is changing with this update: This feature is a wrapper for the Azure Image Builder (AIB) service. It takes the elements that you want to include in your build and ships them to the AIB service, which builds the image, including any additional customizations you have either selected from the AVD built-in customizations or those of your own. AIB will then distribute the resulting image to either a managed image or to the Azure Compute Gallery, which supports capabilities such as automated versioning and image replication across any Azure region.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/virtual-desktop/custom-image-templates
Generally Availability: Azure VMware Solution Stretched Clusters with Customer-Managed Keys
Stretched clusters for Azure VMware Solution (AVS) provide 99.99% uptime for mission-critical applications requiring the highest availability. Customers can use Customer-Managed Keys to encrypt the stretched vSAN with this release. By default, virtual machines within the vSAN datastore are protected with data-at-rest encryption using FIPS 140-2 compliant Data Encryption Key (DEK) generated for each local disk on ESXi hosts. These DEKs are encrypted by VMware vSAN Key Encryption Key (service-managed key) provided by Microsoft.
Stretched Cluster Benefits:
- Improved application availability
- Provide a zero-recovery point objective (RPO) capability for enterprise applications without redesigning them or deploying expensive disaster recovery solutions.
- A private cloud with stretched clusters is designed to provide 99.99% availability due to its resilience to AZ failures.
What is changing with this update: Stretched clusters allow the configuration of vSAN Fault Domains across two AZs to notify vCenter Server that hosts reside in each Availability Zone (AZ). Each fault domain is named after the AZ it resides within to increase clarity. When you stretch a vSAN cluster across two AZs within a region, should an AZ go down, it’s treated as a vSphere HA event, and the virtual machine is restarted in the other AZ.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters
Azure Data & Storage
Public Preview: Azure NetApp Files Availability zone volume placement enhancement – Populate existing volume.
Azure NetApp Files availability zone volume placement feature lets you deploy new volumes in the availability zone of your choice, in alignment with Azure compute and other services in the same zone. It will automatically map the physical zone the volumes were deployed in and map it to the logical zone for your subscription. This feature will not move any volumes between zones. With this capability, you can enhance workloads previously deployed regionally and align them with VMs in the same failure domain, for example, to enable HA architectures across availability zones.
What is changing with this update: With this ‘Populate existing volume’ enhancement, you can now obtain and, if desired, populate previously deployed existing volumes with the logical availability zone information.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/azure-netapp-files/use-availability-zones
Public Preview: Azure AD Support for Azure Files SMB shares REST API
The public preview of Azure Active Directory (Azure AD) for Azure SMB Shares enables share-level to read and write access for users, groups, and managed identities (MI) when accessing through the REST API. With Azure AD support, applications can access Azure file shares securely without storing or managing credentials. Applications can leverage managed identities to access customer-owned file shares securely.
What is changing with this update: Azure Portal also supports using Azure AD to authenticate requests to Azure Files. Users can choose the Azure AD identity-based authentication method for their actions through the portal, such as browsing their file share contents. To learn more about this update, visit: https://techcommunity.microsoft.com/t5/azure-storage-blog/public-preview-introducing-azure-ad-support-for-azure-files-smb/ba-p/3826733
Azure Networking & Security:
General Availability: Azure Front Door integration with managed identities
Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault. This feature is in addition to the AAD Application access to Key Vault that is currently supported.
What is changing with this update: A managed identity generated by Azure Active Directory (Azure AD) allows your Azure Front Door instance to quickly and securely access other Azure AD-protected resources, such as Azure Key Vault.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/frontdoor/managed-identity?tabs=system-assigned.
General availability: Azure Front Door Migration from classic to standard/premium and Azure Front Door upgrade from standard to premium
In March 2022, Microsoft announced the general availability of two new Azure Front Door tiers. Azure Front Door Standard and Premium are native, modern cloud content delivery networks (CDN) catering to dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model.
The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in three or five simple steps if your Azure Front Door (classic) instance has custom domains with your certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as the number of domains, backend pools, routes, and other configurations.
What is changing with this update: Microsoft Strongly recommends migrating your classic profile to one of the newer tiers to benefit from the new features and improvements. Azure Front Door provides a zero-downtime migration to move your workload from Azure Front Door (classic) to Standard or Premium to ease the move to the new tiers.
To learn more about this update, visit: https://techcommunity.microsoft.com/t5/azure-networking-blog/azure-front-door-migration-tool-general-available/ba-p/3826836.
General availability: Private Link support for Application Gateway
Private link configuration for Application Gateway enables incoming traffic to an Azure Application Gateway frontend. It can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link.
In general availability, the limitation on traffic visibility has been removed for new private link configurations, and the service is ready for production workload support.
What is changing with this update: Application Gateway Private Link allows you to connect your workloads over a private connection spanning VNets and subscriptions.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/application-gateway/private-link-configure?tabs=portal.
General availability: Azure Load Balancer per VM limit removal
The “Load balancer per VM” limit is now removed for customers using Standard Load Balancer. Previously this limit was two load balancers per VM (1 public and one internal).
What is changing with this update: With this limit removed, you can associate as many load balancers as possible per VM with either type (public or internal) up to the Azure Load Balancer’s limits.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/azure-resource-manager/management/azure-subscription-service-limits#load-balancer
Other Azure Services:
General availability: Multiple backups per day for Azure Virtual Machines
Azure Virtual Machine Backup enables you to create an enhanced policy to take multiple daily snapshots. This allows you to protect your virtual machines with Recovery Point Objective (RPO) for as low as four hours.
With this capability, you can define the duration your backup jobs would trigger and align your backup schedule with the working hours when there are frequent updates. Understanding your need for higher retention in instant restore, the enhanced policy offers instant restore retention with a default of seven days retention and a maximum of 30 days.
What is changing with this update: With this update virtual machines support multiple backups per day.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/backup/backup-azure-vms-enhanced-policy?tabs=azure-portal.
Thanks for your time, and I hope you had a quick preview of the list updates from last month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
