I am here to provide a single post for Azure updates on the previous month. In this blog, we will be covering September month updates from Azure. Each update on this blog is not an exhaustive list of monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorized the updates based on high-level sections.
Azure Compute:
Public preview: Automatic backup for App Service Environment V2 and V3
In Azure App Service, you can easily create on-demand custom backups and automatic backups. You can easily restore these backups by overwriting an existing app or restoring it to a new app or slot.
There are two types of backups in App Service. Automatic backups are made for your app regularly as long as it’s in a supported pricing tier. Custom backups require initial configuration and can be made on-demand or on a schedule.
Automatic backup and restore are now in preview for an isolated pricing tier for App Service Environment V2 and V3. Support in App Service environments (ASE) V2 and V3 are in preview. For App Service environments:
- Backups can be restored to a target app within the ASE itself, not another ASE.
- Backups can be restored to a target app in another App Service plan in the ASE.
- Backups can be restored to the target app of the same OS platform as the source app.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/app-service/manage-backup?tabs=portal
Azure Data & Storage
Public preview: Encrypt storage account/managed disks with cross-tenant customer-managed keys.
When configuring a customer-managed key, Azure Storage wraps the root data encryption key for the account with the customer-managed key in the associated key vault or managed HSM. Enabling customer-managed keys doesn’t impact performance and takes effect immediately. You can configure customer-managed keys with the key vault and storage account in the same tenant or in different Azure AD tenants.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/storage/common/customer-managed-keys-overview
Generally available: Resource instance rules for access to Azure Storage
Resource instance rules enable secure connectivity to a storage account by restricting access to specific resources of select Azure services.
Azure Storage provides a layered security model that enables you to secure and control access to your storage account. You can configure network access rules to limit access to your storage account from select virtual networks or IP address ranges. Some Azure services operate on multi-tenant infrastructure, so the resources of these services cannot be isolated to a specific virtual network.
With resource instance rules, you can now configure your storage account to only allow access from specific resource instances of such Azure services. For example, Azure Synapse offers analytic capabilities that cannot be deployed into a virtual network. If your Synapse workspace uses such capabilities, you can configure a resource instance rule on a secured storage account to only allow traffic from that Synapse workspace.
Resource instances must be in the same tenant as your storage account, but they may belong to any resource group or subscription in the tenant
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal
Public preview: Customer-initiated storage account conversion
Today Azure Storage is announced the public preview of a self-service option to convert storage accounts from non-zonal redundancy (LRS/GRS) to zonal redundancy (ZRS/GZRS). This allows you to initiate the conversion of storage accounts via the Azure portal without the necessity of creating a support ticket.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/storage/common/redundancy-migration?tabs=portal
Generally available: Reserved capacity for Azure Backup Storage
Save up to 24 percent on your usage of Azure Backup Storage by purchasing reserved capacity storage. The reservation discount will automatically apply to your matching Backup Storage, and the process of purchasing a reservation is streamlined. Reservations are available on a one-year basis for up to a 16 percent discount or a three-year basis for a 24 percent discount.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/backup/backup-azure-reserved-pricing-optimize-cost
Azure AKS:
Public preview: soft delete in Azure Container Registry
Azure Container Registry (ACR) allows you to enable the soft delete policy to recover any accidentally deleted artifacts for a set retention period. After the feature is enabled and an artifact is deleted, the deleted artifact is stored in a recycle bin for a number of days (user configurable setting). You can restore the artifact while it is still available in the recycle bin and build containers from it immediately. Once an artifact hits the configured recycle days limit, it is permanently purged from the Azure Container Registry.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy
Public preview: API Server VNET Integration for AKS private cluster
An Azure Kubernetes Service (AKS) cluster with API Server VNet Integration configured projects the API server endpoint directly into a delegated subnet in the VNet where AKS is deployed. This enables network communication between the API server and the cluster nodes without any required private link or tunnel. The API server will be available behind an Internal Load Balancer VIP in the delegated subnet, which the nodes will be configured to utilize.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/aks/api-server-vnet-integration
Azure Networking & Security:
General availability: Resizing of peered virtual networks
Updating the address space for peered virtual networks now is now generally available. This feature allows you to update the address space or resize for a peered virtual network without removing the peering.
Users often want to resize or update the IP address of their virtual networks as they grow their footprint in Azure. Users can now resize their virtual networks to meet their needs without downtime. This feature allows you to easily resize your virtual networks without the need to remove the peering in advance
To learn more about this update visit: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#resize-the-address-space-of-azure-virtual-networks-that-are-peered
Public preview: Policy analytics for Azure Firewall
Policy analytics for Azure Firewall, now in public preview, provides enhanced visibility into traffic flowing through Azure Firewall, enabling the optimization of your firewall configuration without impacting your application performance.
As application migration to the cloud accelerates, it’s common to update Azure Firewall configuration daily (sometimes hourly) to meet the growing application needs and respond to a changing threat landscape. Frequently, changes are managed by multiple administrators spread across geographies.
Over time, the firewall configuration can grow sub-optimally, impacting firewall performance and security. It’s challenging for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule-to-flow match, rule hit rate and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.
To learn more about this update, visit: https://azure.microsoft.com/en-us/blog/strengthen-your-security-with-policy-analytics-for-azure-firewall/
Other Azure Services:
With this solution, users receive default alerts for critical scenarios related to backup security and job failures that are integrated with Azure Monitor. You can monitor these alerts at scale via the Azure Monitor dashboard or the Backup center and route these alerts to various notification channels of choice. Below are the main benefits of using built-in Azure Monitor alerts for backup:
Generally available: Built-in Azure Monitor alerts for Azure Backup
- Ability to configure notifications to a wide range of notification channels supported by Azure Monitor
- Ability to select which scenarios to get notified for
- Ability to have a consistent alerts management experience for multiple Azure services, including backup, with at-scale management capabilities
To learn more about this update, visit: https://azure.microsoft.com/en-us/updates/generally-available-builtin-azure-monitor-alerts-for-azure-backup/
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
