A Summary of the Last 30 Days (July 2022)

Last Updated on May 29, 2023 by Arnav Sharma

General availability: Ephemeral OS disk support for confidential virtual machines

Published date: November 02, 2022

Microsoft announced support for creating confidential VMs using Ephemeral OS disks. This enables customers using stateless workloads to benefit from the trusted execution environments (TEEs). Trusted execution environments protect data being processed from access outside the trusted execution environments.

Azure Multi-Factor Authentication Server will be deprecated 30 September 2024

Published date: November 04, 2022

Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multi-factor authentication (MFA) requests, which could cause authentications to fail for your organization.

Required action

To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure MFA service using the latest Migration Utility included in the most recent Azure MFA Server update. Learn more at Azure MFA Server Migration

General availability: Default Rule Set 2.1 for Azure Web Application Firewall

Published date: November 07, 2022

Microsoft announced the general availability of the Default Rule Set 2.1 (DRS 2.1) on Azure’s global Web Application Firewall (WAF) running on Azure Front Door. This rule set is available on the Azure Front Door Premium tier. 

DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and includes additional proprietary protection rules developed by the Microsoft Threat Intelligence team. As with previous DRS releases, DRS 2.1 rules are also tailored by Microsoft Threat Intelligence Center (MSTIC). The MSTIC team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to address those issues while also reducing false positives to our customers.

General availability: Virtual Machine software reservations

Published date: November 08, 2022

The new Virtual Machine software reservations enable savings on your Virtual Machine software costs when you make a one- to three-year commitment for plans offered by third-party publishers such as Canonical, Citrix, and Red Hat.

  • You can choose to pay monthly or up-front​
  • You can change the size of the deployed Virtual Machine, and Microsoft handles the application of reservation benefits and overage charges​
  • You do not have to redeploy your workloads to use the reservation benefits

Generally available: Block domain fronting behaviour on newly created customer resources

Published date: November 08, 2022

All newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain-fronting behavior.

If you want to block domain fronting for any existing Azure Front Door, Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resources created before November 1, 2022, please open a support request. In the support request, provide your subscription and Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resource information. Once blocking of domain fronting has been enabled, Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources will block any HTTP requests that exhibit this behaviour.

General availability: Azure Automation supports Availability zones

Published date: November 09, 2022

Microsoft Azure Automation now supports Azure Availability zones to provide improved resiliency and reliability to the service, runbooks and other automation assets. In the event when a zone is down, there’s no action required by you to recover from a zone failure and the service would be accessible through the other available zones. The service detects that the zone is down and automatically distributes the traffic to the available zones as needed. Availability zone support for Automation accounts supports only Process Automation feature to provide an improved resiliency for runbook automation. Learn more about Availability zones and regions supported currently by Azure Automation.

General availability: Manage your Log Analytics Tables in Azure Portal

Published date: November 09, 2022

Microsoft announced the general availability of a new experience for managing Azure Log Analytics table metadata from the Azure Portal. With this new UI you can view and edit table properties directly from Azure Portal in Log Analytics workspaces experience. This will also help with Azure Monitor.

The new tables menu entry of Log Analytics workspaces allows you to:

  1. View the list of workspace’s tables, with their type (Azure table Custom table Search results Restored logs), plan (Analytics Basic) and retention properties (interactive retention, archive period, and total retention period)
  2. Create or delete a table 
  3. Manage specific table schema and edit its properties

Generally available: Static Web Apps support for preview environments in Azure DevOps

Published date: November 09, 2022

With Static Web Apps, you can now configure Azure Pipelines to deploy your application to preview environments. The Azure DevOps task for Azure Static Web Apps intelligently detects and builds your app’s frontend and API and deploys the entire application to Azure. You can fully automate the testing and delivery of your software in multiple stages all the way to production.

Public preview: Azure Front Door zero downtime migration

Published date: November 10, 2022

Azure Front Door Standard and Premium are native, modern cloud content delivery network (CDN) catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model.

The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps or five simple steps if your Azure Front Door (classic) instance has custom domains with your own certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as number of domains, backend pools, routes, and other configurations.

Limited preview: Azure Backup support for confidential VMs using Platform Managed Keys

Published date: November 14, 2022

Azure Backup now allows to backup confidential VMs without confidential OS disk encryption and confidential VMs having confidential OS disk encryption using Platform Managed Keys.

Feature details:

  • Backup is supported in all regions where confidential VMs are currently available.
  • Backup of confidential VMs is only supported using Enhanced Policy.
  • Cross-region Restore and Item Level Restore are unsupported.
  • Backup of confidential VMs having confidential OS disk encryption using Customer Managed Key is currently unsupported.

Generally available: Encrypt managed disks with cross-tenant customer-managed keys

Published date: November 14, 2022

Encrypting managed disks with cross-tenant customer-managed keys (CMK) enables you to encrypt managed disks with customer-managed keys using Azure Key Vault hosted in a different Azure Active Directory (AD) tenant. 

Many service providers building Software as a Service (SaaS) offerings on Azure want to allow their customers to manage their own encryption keys. Customers of service providers can now use cross-tenant customer-managed keys to manage encryption keys in their own Azure AD tenant and subscription using Azure Key Vault. As a result, they will have complete control of their customer-managed keys and their data.

Public preview: Azure Bastion now support shareable links

Published date: November 21, 2022

With the new Azure Bastion shareable links feature in public preview and included in Standard SKU, you can now connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal.

This feature will solve two key pain points:

  • Administrators will no longer have to provide full access to their Azure accounts to one-time VM users—helping to maintain their privacy and security.
  • Users without Azure subscriptions can seamlessly connect to VMs without exposing RDP/SSH ports to the public internet.

Public preview: Cross Subscription Restore for Azure Virtual Machines

Published date: November 22, 2022

Microsoft announced the preview of Cross Subscription Restore of Azure Virtual machines. Cross Subscription Restore allows you to restore Azure Virtual Machine, through create new or restore disks, to any subscription (honoring the RBAC capabilities) from the restore point created by Azure Backup. By default, Azure Backup restores to the same subscription where the restore points are available. With this new feature, you can gain the flexibility of restoring to any subscription under your tenant if restore permissions are available. You can trigger Cross Subscription Restore for managed Azure Virtual Machines only from vault and not from snapshots. Cross Subscription Restore is also supported for Restore with Managed System Identities (MSI)It is unsupported for Encrypted Azure VMs and Trusted Launch VMs.

Keywords: Security Updates, Azure resources, Storage Account, azure platform,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Toggle Dark Mode