Powered by Microsoft Azure
https://www.facebook.com/troubleshootingazure

What’s New in Azure: A Summary of the Last 30 Days (August 2022)

azure, cybersecurity, IT

What’s New in Azure: A Summary of the Last 30 Days (August 2022)

General availability: Next hop IP support for Route Server

Published date: August 01, 2022

With next hop IP support, you can deploy network virtual appliances (NVAs) behind an Azure Internal Load Balancer (ILB) to acheive key active-passive connectivity scenarios and improve connectivity performance. To learn more about this feature, check out next hop IP support.


Azure Firewall Premium is now ICSA labs certified

Published date: August 02, 2022

The new Intrusion Prevention System (IPS) certification from ICSA Labs is an important IPS certification, is an addition to our existing Firewall certification, from ICSA Labs.

Azure Firewall Premium SKU is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It provides advanced threat protection that meets the needs of highly sensitive and regulated environments and includes Intrusion Prevention System (IPS) and TLS inspection capabilities.

ICSA Labs provides credible third-party testing and certification of security and health IT products, as well as network-connected devices. This includes certification of network intrusion prevention systems.


Public preview: Enable VM insights using Azure Monitor agent

Published date: August 03, 2022

Currently, Azure Monitor VM insights requires a Log Analytics agent and a dependency agent installed on each virtual machine or virtual machine scale set to be monitored. This public preview will introduce a version of VM insights that makes use of the new Azure Monitor agent and would replace the existing Log Analytics agent.


General availability: Azure Lab Services August 2022 update

Published date: August 08, 2022

The updated version of Azure Lab Services provides a range of improvements and enhancements along with introducing key features. The update includes:

  • Enhanced lab creation and publication improvements along with backend reliability.
  • Enhanced virtual machine access performance.
  • With the introduction of VNET injection for Azure Virtual Networks, educators and trainers have more control of the virtual network and can enable labs with complex configuration to teach a wide variety of courses.
  • Improved cost tracking via Azure Cost Management service.
  • Access to .NET SDK, Python SDK, Azure PowerShell module, and ARM templates to automate your lab processes and build solutions on top of the service.
  • Integration with Canvas, a learning management system.


Public preview: Microsoft Dev Box

Published date: August 15, 2022

Microsoft Dev Box is now in public preview. Microsoft Dev Box provides self-service access for developers to high-performance, cloud-based workstations preconfigured and ready-to-code for specific projects—all while maintaining security and corporate governance. With Microsoft Dev Box, organizations can:

  • Maximize dev productivity with ready-to-code, self-service Dev Boxes.
  • Centralize governance of workstations running anywhere to maintain greater security, compliance, and cost efficiency.
  • Customize dev boxes with everything developers need for their current projects.


Generally available: Azure Monitor Logs data export supports application insights tables

Published date: August 17, 2022

You can configure data export rules in Azure Monitor Logs and export data for application insights tables, storage accounts, and event hubs. When linking multiple applications insights components to a workspace, data export applies to data coming from all linked applications.


Generally available: Key management system integration with AKS

Published date: August 17, 2022

AKS now supports key management system (KMS) plugin integration. This generally available capability enables encryption at rest of your Kubernetes data in etcd using Azure Key Vault. This means you can now store secrets in bring your own key (BYOK) encrypted etcd using KMS.

From the Kubernetes documentation on Encrypting Secret Data at Rest:

KMS plugin for Key Vault is the recommended choice for using a third-party tool for key management. KMS plugin simplifies key rotation, with a new data encryption key (DEK) generated for each encryption, and key encryption key (KEK) rotation controlled by the user.


Generally available: Azure Dedicated Host Support

Published date: August 17, 2022

Azure Dedicated Host is a service that provides physical servers, able to host one or more virtual machines, dedicated to one Azure subscription. Dedicated hosts are the same physical servers used in our data centers, provided as a resource. 

You can provision dedicated hosts within a region, availability zone, and fault domain. Then, you can place AKS VMs directly into your provisioned hosts, in whatever configuration best meets your needs.  

Using Azure Dedicated Hosts for nodes with your AKS cluster enables:

  • Hardware isolation at the physical server level. No other VMs will be placed on your hosts. 
  • Control over maintenance events initiated by the Azure platform. With dedicated hosts, you can opt-in to a maintenance window to reduce the impact to your service.


Generally available: Azure Monitor container insights agent renaming

Published date: August 17, 2022

Azure Monitor container insights allow you to monitor your container and Kubernetes workloads. When enabling container insights, Azure Monitor deploys a containerized collection agent. This agent is being renamed from OMSAgent to Azure Monitor agent. The current OMSAgent name is a legacy name from the OMS product and does not reflect the branding for Azure Monitor. The Azure Monitor agent is being standardized as the single collection agent for Azure Monitor. The name change brings the agent’s name in line with these updates.


Public preview: Use managed identity-based authentication to enable Azure Monitor container insights

Published date: August 17, 2022

Container insights now supports integration with Azure Monitor agent for AKS clusters and Arc-enabled clusters. This integration is now generally available for Linux nodes in AKS and Arc-enabled clusters. This specialized agent collects performance and event data from all nodes in the cluster, and the agent is automatically deployed and registered with the specified log analytics workspace during deployment. 


Public preview: Microsoft Azure Load Testing supports private endpoints testing

Published date: August 17, 2022

Azure Load Testing now supports load testing for private endpoints. You can create an Azure Load Testing resource and enable it to generate load from within your virtual network (VNET injection).

This functionality enables the following usage scenarios:

  • Generate load to an endpoint that is deployed in an Azure virtual network
  • Generate load to a public endpoint with access restrictions, such as restricting client IP addresses
  • Generate load to an on-premises service, not publicly accessible, that is connected to Azure via ExpressRoute


General availability: User-defined routes support for private endpoints

Published date: August 17, 2022

User-defined routes (UDRs) support for private endpoints is now generally available. This feature enhancement will remove the need to create a /32 address prefix when defining custom routes. You will now have the ability to use a wider address prefix in the user defined route tables for traffic destined to a private endpoint (PE) by way of a network virtual appliance (NVA). In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled on the subnet containing private endpoint resources.


General availability: Network security groups support for private endpoints

Published date: August 17, 2022

Network security groups (NSGs) support for private endpoints is now generally available. This feature enhancement provides you with the ability to enable advanced security controls on traffic destined to a private endpoint. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled on the subnet containing private endpoint resources.


Leave a Reply

Your email address will not be published.