Last Updated on May 14, 2024 by Arnav Sharma
General availability: Ephemeral OS disk support for confidential virtual machines
Published date: November 02, 2022
Microsoft announced support for creating confidential VMs using Ephemeral OS disks. This enables customers using stateless workloads to benefit from the trusted execution environments (TEEs). Trusted execution environments protect data being processed from access outside the trusted execution environments.
Azure Multi-Factor Authentication Server will be deprecated 30 September 2024
Published date: November 04, 2022
Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multi-factor authentication (MFA) requests, which could cause authentications to fail for your organization.
Required action
To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure MFA service using the latest Migration Utility included in the most recent Azure MFA Server update. Learn more at Azure MFA Server Migration.
General availability: Default Rule Set 2.1 for Azure Web Application Firewall
Published date: November 07, 2022
Microsoft announced the general availability of the Default Rule Set 2.1 (DRS 2.1) on Azure’s global Web Application Firewall (WAF) running on Azure Front Door. This rule set is available on the Azure Front Door Premium tier.
DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and includes additional proprietary protection rules developed by the Microsoft Threat Intelligence team. As with previous DRS releases, DRS 2.1 rules are also tailored by Microsoft Threat Intelligence Center (MSTIC). The MSTIC team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to address those issues while also reducing false positives to our customers.
General availability: Virtual Machine software reservations
Published date: November 08, 2022
The new Virtual Machine software reservations enable savings on your Virtual Machine software costs when you make a one- to three-year commitment for plans offered by third-party publishers such as Canonical, Citrix, and Red Hat.
- You can choose to pay monthly or up-front
- You can change the size of the deployed Virtual Machine, and Microsoft handles the application of reservation benefits and overage charges
- You do not have to redeploy your workloads to use the reservation benefits
Generally available: Block domain fronting behaviour on newly created customer resources
Published date: November 08, 2022
All newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain-fronting behavior.
If you want to block domain fronting for any existing Azure Front Door, Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resources created before November 1, 2022, please open a support request. In the support request, provide your subscription and Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resource information. Once blocking of domain fronting has been enabled, Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources will block any HTTP requests that exhibit this behaviour.
General availability: Azure Automation supports Availability zones
Published date: November 09, 2022
Microsoft Azure Automation now supports Azure Availability zones to provide improved resiliency and reliability to the service, runbooks and other automation assets. In the event when a zone is down, there’s no action required by you to recover from a zone failure and the service would be accessible through the other available zones. The service detects that the zone is down and automatically distributes the traffic to the available zones as needed. Availability zone support for Automation accounts supports only Process Automation feature to provide an improved resiliency for runbook automation. Learn more about Availability zones and regions supported currently by Azure Automation.
General availability: Manage your Log Analytics Tables in Azure Portal
Published date: November 09, 2022
Microsoft announced the general availability of a new experience for managing Azure Log Analytics table metadata from the Azure Portal. With this new UI you can view and edit table properties directly from Azure Portal in Log Analytics workspaces experience. This will also help with Azure Monitor.
The new tables menu entry of Log Analytics workspaces allows you to:
- View the list of workspace’s tables, with their type (Azure table Custom table Search results Restored logs), plan (Analytics Basic) and retention properties (interactive retention, archive period, and total retention period)
- Create or delete a table
- Manage specific table schema and edit its properties
Generally available: Static Web Apps support for preview environments in Azure DevOps
Published date: November 09, 2022
With Static Web Apps, you can now configure Azure Pipelines to deploy your application to preview environments. The Azure DevOps task for Azure Static Web Apps intelligently detects and builds your app’s frontend and API and deploys the entire application to Azure. You can fully automate the testing and delivery of your software in multiple stages all the way to production.
Public preview: Azure Front Door zero downtime migration
Published date: November 10, 2022
Azure Front Door Standard and Premium are native, modern cloud content delivery network (CDN) catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model.
The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps or five simple steps if your Azure Front Door (classic) instance has custom domains with your own certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as number of domains, backend pools, routes, and other configurations.
Limited preview: Azure Backup support for confidential VMs using Platform Managed Keys
Published date: November 14, 2022
Azure Backup now allows to backup confidential VMs without confidential OS disk encryption and confidential VMs having confidential OS disk encryption using Platform Managed Keys.
Feature details:
- Backup is supported in all regions where confidential VMs are currently available.
- Backup of confidential VMs is only supported using Enhanced Policy.
- Cross-region Restore and Item Level Restore are unsupported.
- Backup of confidential VMs having confidential OS disk encryption using Customer Managed Key is currently unsupported.
Generally available: Encrypt managed disks with cross-tenant customer-managed keys
Published date: November 14, 2022
Encrypting managed disks with cross-tenant customer-managed keys (CMK) enables you to encrypt managed disks with customer-managed keys using Azure Key Vault hosted in a different Azure Active Directory (AD) tenant.
Many service providers building Software as a Service (SaaS) offerings on Azure want to allow their customers to manage their own encryption keys. Customers of service providers can now use cross-tenant customer-managed keys to manage encryption keys in their own Azure AD tenant and subscription using Azure Key Vault. As a result, they will have complete control of their customer-managed keys and their data.
Public preview: Azure Bastion now support shareable links
Published date: November 21, 2022
With the new Azure Bastion shareable links feature in public preview and included in Standard SKU, you can now connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal.
This feature will solve two key pain points:
- Administrators will no longer have to provide full access to their Azure accounts to one-time VM users—helping to maintain their privacy and security.
- Users without Azure subscriptions can seamlessly connect to VMs without exposing RDP/SSH ports to the public internet.
Public preview: Cross Subscription Restore for Azure Virtual Machines
Published date: November 22, 2022
Microsoft announced the preview of Cross Subscription Restore of Azure Virtual machines. Cross Subscription Restore allows you to restore Azure Virtual Machine, through create new or restore disks, to any subscription (honoring the RBAC capabilities) from the restore point created by Azure Backup. By default, Azure Backup restores to the same subscription where the restore points are available. With this new feature, you can gain the flexibility of restoring to any subscription under your tenant if restore permissions are available. You can trigger Cross Subscription Restore for managed Azure Virtual Machines only from vault and not from snapshots. Cross Subscription Restore is also supported for Restore with Managed System Identities (MSI). It is unsupported for Encrypted Azure VMs and Trusted Launch VMs.
Keywords: Security Updates, Azure resources, Storage Account, azure platform,