This post is my alternative to the Microsoft Ignite “Book of News”.
You’ve probably heard of or even read the Ignite Book of News. This is a PDF that is sent out to those under NDA (media, MVPs, and so on) before Microsoft Ignite starts. After the kickoff, the document is shared publicly. The Book of News is heavily shaped by Marketing, focusing on highlights and the “message” of the conference. The Book of News is not complete, despite all claims by those who are poorly informed – over the years, I’ve found countless announcements from sessions and product group blog posts that were not in the Book of News.
I’m taking part in an “Ignite After Party” to discuss the Book of News. The organiser has encouraged going “off book” so I’ve summarised all the IaaS stuff that I could find (and a little PaaS) – most of this stuff was not in the Book of News. Here you will find all the announcements in that space from Ignite and the time since then (I stopped at November 30th when I wrote this post).
Ignite News
App Services
Go available on App Service
https://azure.github.io/AppService/2022/10/12/Go-on-AppService.html
We are happy to announce that App Service now supports apps targeting Go 1.18 and 1.19 across all public regions on Linux App Service Plans through the App Service Early Access feature. By introducing native support for Go on App Services, we are making one of the top 10 best loved web app development languages available for our developers.
In development: Larger SKUs for App Service Environment v3
https://azure.microsoft.com/en-gb/updates/in-development-larger-skus-for-app-service-environment-v3/
New Isolated v2 SKUs of 64GB/ 128GB/ 256GB provide compelling value to organizations that need a dedicated tenant to run their most sensitive and demanding applications. This is expected to be available in production in Q4 CY2022.
Public preview: Planned maintenance feature for App Service Environment v3
With planned maintenance notifications for App Service Environment v3, you can get a notification 15 days ahead of planned automatic maintenance and start the maintenance when it is convenient for you
Hybrid
Announcing Jumpstart ArcBox for DataOps
ArcBox for DataOps, is our road-tested automation providing our customers a way to get hands-on with the Azure Arc-enabled SQL Managed Instance set of capabilities and features.
Announcing Jumpstart HCIBox
https://techcommunity.microsoft.com/t5/azure-arc-blog/announcing-jumpstart-hcibox/ba-p/3647646
HCIBox is a turnkey solution that provides a complete sandbox for exploring Azure Stack HCI capabilities and hybrid cloud integration in a virtualized environment. HCIBox is designed to be completely self-contained within a single Azure subscription and resource group, which will make it easy for a user to get hands-on with Azure Stack HCI and Azure Arc technology without the need for physical hardware.
CAF
Announcing Landing Zone Accelerator for Azure Arc-enabled SQL Managed Instance
a proven set of guidance designed by subject matter experts across Microsoft to help customers create and implement the business and technology strategies necessary to succeed in the cloud as well as a way to automate a fully deployed Azure Arc-enabled SQL Managed Instance environment, making implementation faster.
AVD
Announcing general availability of support for Azure availability zones in the host pool deployment
I am pleased to announce that you can now automatically distribute your session hosts across any number of availability zones
New ways to optimize flexibility, improve security, and reduce costs with Azure Virtual Desktop
With the public preview of new integrations with Azure Active Directory, you can use single sign-on and passwordless authentication, leveraging FIDO2 standards and Windows Hello for Business to securely streamline the authentication experience for today’s remote and hybrid workforce.
Now in public preview, customers can use cloud storage to host FSLogix and modern Azure Active Directory authentication for their session hosts (more on that later).
Public preview for confidential virtual machine options for Azure Virtual Desktop is also available now—specifically for Windows 11 virtual machines—with Windows 10 support planned in the future.
customers who require their information to remain on trusted private networks will have the option to use Private Link to enable access to their session hosts and workspaces over a private endpoint in their virtual network.
Cost Management
Optimize and maximize cloud investment with Azure savings plan for compute
Today, we are announcing Azure savings plan for compute. With this new pricing offer, customers will have an easy and flexible way to save up to 65%* on compute costs, compared to pay-as-you-go pricing, in addition to existing offers in market including Azure Hybrid Benefit and Reservations.
Storage
General availability: Azure Premium SSD v2 Disk Storage
http://azure.microsoft.com/en-us/updates/general-availability-azure-premium-ssd-v2-disk-storage/
In summary, Premium SSD v2 offers the following key benefits:
- Ability to increase disk storage capacity in 1 GiB increments.
- The capability to separately provision IOPS, throughput, and disk storage capacity.
- Consistent sub-millisecond latency.
- Easier maintenance with scaling performance up and down without downtime.
- Up to 64TiBs, 80,000 IOPS and 1200 MB/s on a single disk.
Public preview: Azure Elastic SAN
http://azure.microsoft.com/en-us/updates/public-preview-azure-elastic-san/
With Elastic SAN, you can deploy, manage, and host workloads on Azure with an end-to-end experience similar to on-premises SAN. The solution also enables bulk provisioning of block storage that can achieve massive scale, up to millions of IOPS, double-digit GB/s of throughput, and low single-digit millisecond latencies with built-in resiliency to minimize downtime.
Management
Generally available: Azure Automanage for Azure Virtual Machines and Arc-enabled servers
Azure Automanage is a service that automates configuration of virtual machines (VMs) to best-practice Azure services, as well as continuous security and management operations across the entire lifecycle of VMs in Azure or hybrid environments enabled through Azure Arc. This allows you to save time, reduce risk, and improve workload uptime by automating day-to-day configuration and management tasks– all with point-and-click simplicity, at scale.
Generally available: Azure Monitor agent support for Windows clients
The Azure Monitor agent and data collection rules now support Windows 10 and 11 client devices via the new Windows MSI installer. Extend the use of the same agent for telemetry and security management (using Sentinel) across your service and device landscape.
Generally available: Azure Monitor agent migration tools
http://azure.microsoft.com/en-us/updates/generally-available-azure-monitor-agent-migration-tools/
Per earlier communication, you must migrate from log analytics agent (MMA or OMS agents) to this agent before August 2024. You can use agent migration tools now generally available to make this process easier for you.
Public preview: Azure Monitor Logs – create granular level RBAC for custom tables
The Log Analytics product team added two additional capabilities to enable workspace admins to manage more granular data access, supporting read permission at the table level both for Azure tables and customer tables.
Cost-effective solution for high-volume verbose logs
Basic Logs is a new flavor of logs that enables a lower-cost collection of high-volume verbose logs that you use for debugging and troubleshooting, but not for analytics and alerts. This data, which might have been historically stored outside of Azure Monitor Logs, can now be available inside your Log Analytics workspace, enabling one solution for all your log data.
Low-cost long-term storage of your log data
Log Archive is an in-place solution to store your data for long-term retention of up to seven years at a cost-effective price point. This lets you store all your data in Azure Monitor Logs, without having to manage an external data store for archival purposes, and query or import data in and out of Azure Monitor Logs. You can access archived data by running a search job or restoring it for a limited time for investigation, as detailed below.
Search through large volumes of log data
A search job can run from a few minutes to hours, scanning log data and fetching the relevant records into a new persistent search job results table. The search job results table supports the full set of analytics capabilities to enable further analysis and investigation of these records.
Investigate archived logs
Restore is another tool for investigating your archived data. Unlike the search job, which accesses data based on specific criteria, restore makes a given time range of the data in a table available for high-performance queries. Restore is a powerful operation, with a relatively high cost, so it should be used in extreme cases when you need direct access to your archived data with the full interactive range of analytics capabilities.
Generally available: Windows Admin Center for Azure Virtual Machines
https://azure.microsoft.com/en-gb/updates/windows-admin-center-for-azure-virtual-machines/
Windows Admin Center lets you manage the Windows Server Operating System of your Azure Virtual Machines, natively in the Azure Portal. You can perform maintenance and troubleshooting tasks such as managing your files, viewing your events, monitoring your performance, getting an in-browser RDP and PowerShell session, and much more, all within Azure.
Set up alerts faster with our new and simplified alerting experience (in preview)
Recommended alert rules provides customers with an easy way to enable a set of best practice alert rules on their Azure resources. This feature, which previously supported only virtual machines, is now being extended to also support AKS and Log Analytics Workspace resources.
Azure VMware Solution
Public preview: Customer-managed keys for Azure VMware Solution
Customer-managed keys (CMK) for Azure VMware Solution (AVS) provides you with control over your encrypted vSAN data on Azure VMware Solution. With this feature, you can use Azure Key Vault to generate customer-managed keys as well as centralize and streamline the key management process.
Public preview: Stretched clusters for Azure VMware Solution
provides 99.99% uptime for mission critical applications. Stretched cluster benefits:
- Improve application availability.
- Provide a zero-recovery point objective (RPO) capability for enterprise applications without needing to redesign or deploy expensive disaster recovery (DR) solutions.
- A private cloud with stretched clusters is designed to provide 99.99% availability due to its resilience to availability zone failures.
- Enables you to focus on core application requirements and features, instead of infrastructure availability.
AKS
Generally available: Azure Hybrid Benefit for AKS and Azure Stack HCI
At Ignite, we are expanding Azure Hybrid Benefit to further reduce costs for on-premises and edge locations. Customers with Windows Server Software Assurance (SA) can use Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and Azure Stack HCI to:
- Run AKS on Windows Server and Azure Stack HCI at no additional cost in datacenter and edge locations. With this, you can deploy and manage containerized Linux and Windows applications from cloud to edge with a consistent, managed Kubernetes service. This applies to Windows Server Datacenter and Standard Software Assurance and Cloud Solution Provider (CSP) customers.
- Use first-party Arc-enabled infrastructure, Azure Stack HCI, at no additional cost. Windows Server Datacenter Software Assurance customers can modernize their existing datacenter and edge infrastructure to run their VM and container-based applications on modern infrastructure with industry-leading price-performance and built-in connectivity to Azure.
Public preview: Azure Kubernetes Service hybrid deployment options
Azure Kubernetes Service (AKS) on Azure Stack HCI, Windows Server 2019, and 2022 Datacenter can be provisioned from the Azure Portal/CLI. Additionally, AKS is now in public preview on Windows devices and Windows IoT for lightweight Kubernetes orchestration.
Generally available: 5,000 node scale in AKS
http://azure.microsoft.com/en-us/updates/generally-available-5000-node-scale-in-aks/
Azure Kubernetes Service is increasing the maximum node limit per cluster from 1,000 nodes to 5,000 nodes for customers using the uptime-SLA feature.
Generally available: Windows server 2022 host support in AKS
With this generally available feature, Windows Server 2022 is now supported on AKS. Among other improvements related to security, Windows Server 2022 also provides several platform improvements for Windows Containers and Kubernetes. Windows Server 2022 is available for Kubernetes v1.23 and higher.
Public preview: Kubernetes apps on Azure Marketplace
http://azure.microsoft.com/en-us/updates/public-preview-kubernetes-apps-on-azure-marketplace/
You can now browse the catalog of solutions specialized for Kubernetes platforms under Kubernetes apps offer in marketplace and select a solution for click through deployment to Azure Kubernetes Service (AKS) with automated Azure billing.
Public preview: Azure CNI Overlay mode in Azure Kubernetes Service
Azure CNI Overlay mode is a new CNI network plugin that allocates pod IPs from an overlay network space, rather than from the virtual network IP space.
General availability: AMD-based confidential VMs for Azure Kubernetes Service
With the general availability of confidential virtual machines featuring AMD 3rd Gen EPYC™ processors, with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features, organizations get VMs with isolated, encrypted memory, and genuine confidentiality attestation rooted to the hardware.
Public preview: Rules for Azure Kubernetes Service and Log Analytic workspace resources
Enable a set of best practice alert rules on an unmonitored AKS and Log Analytics workspace resource with just a few clicks.
Public preview: Azure Monitor managed service for Prometheus
The new fully managed Prometheus compatible service from Azure Monitor delivers the best of what you like about the open-source ecosystem while automating complex tasks such as scaling, high-availability, and long-term data retention. It is available to use as a standalone service from Azure Monitor or as an integrated component of Container Insights and Azure Managed Grafana.
Generally available: ARM64 support in AKS
http://azure.microsoft.com/en-us/updates/generally-available-arm64-support-in-aks/
Announcing the general availability of ARM64 node pool support in AKS. ARM64 provides a better price and compute comparison due to its lower power utilization.
Networking
Public preview: IP Protection SKU for Azure DDoS Protection
Instead of enabling DDoS protection on a per virtual network basis, including all public IP resources associated with resources in those virtual networks, you now have the flexibility to enable DDoS protection on an individual public IP.
General availability: Azure DNS Private Resolver – hybrid name resolution and conditional forwarding
Azure DNS Private Resolver is a cloud-native, highly available, and DevOps-friendly service. It provides a simple, zero- maintenance, reliable, and secure DNS service to resolve and conditionally forward DNS queries from a virtual network, on-premises, and to other target DNS servers without the need to create and manage a custom DNS solution
WordPress on Azure App Service supports Azure Front Door Integration
We are happy to announce the preview of WordPress on Azure App Service powered by Azure Front Door which enables faster page loads, enhanced security, and increased reliability for your global apps with no configuration or additional code required.
General availability: Custom network interface name configurations of private endpoints
This feature allows you to define your own string name at the time of creation of the private endpoint NIC deployed.
General availability: Static IP configurations of private endpoints
This feature allows you to add customizations to your deployments. Leverage already reserved IP addresses and allocate them to your private endpoint without relying on the randomness of Azure’s dynamic IP allocation.
Public preview: ExpressRoute Traffic Collector
http://azure.microsoft.com/en-us/updates/public-preview-expressroute-traffic-collector/
ExpressRoute Traffic Collector enables sampling of network flows sent over your ExpressRoute Direct circuits. Flow logs get sent to a Log Analytics workspace where you can create your own log queries for further analysis, export the data to any visualization tool or SIEM (Security Information and Event Management) of your choice
In development: Introducing ExpressRoute Metro
https://azure.microsoft.com/en-gb/updates/in-development-introducing-expressroute-metro/
ExpressRoute Metro offers you the ability to create private connections via an ExpressRoute Circuit with dual connections from a Service provider (AT&T, Equinix, Verizon etc.,) or connecting directly with ExpressRoute Direct over a dual 10 Gbps or 100 Gbps physical port in two different Microsoft Edge location in a metropolitan area offering higher redundancy and resiliency.
Virtual Machines
General availability: New Azure proximity placement groups feature
https://azure.microsoft.com/en-gb/updates/ppgintent/
With the addition of the new optional parameter, intent, you can now specify the VM sizes intended to be part of a proximity placement group when it is created. An optional zone parameter can be used to specify where you want to create the proximity placement group. This capability allows the proximity placement group allocation scope (datacenter) to be optimally defined for the intended VM sizes, reducing deployment failures of compute resources due to capacity unavailability.
General availability: Confidential VM option for SQL Server on Azure Virtual Machines
With the confidential VM option for SQL Server on Azure Virtual Machines, you can now run your SQL Server workloads on the latest AMD-backed confidential virtual machines.
General availability: AMD confidential VM guest attestation
http://azure.microsoft.com/en-us/updates/general-availability-amd-confidential-vm-guest-attestation/
It lets you do the following:
- Use the guest attestation feature to verify that a confidential VM is running on a hardware-based trusted execution environment (TEE) with security features (isolation, integrity, secure boot) enabled.
- Allow application deployment decisions (whether to launch a sensitive workload) based on the hardware state returned by the library call.
- Use remote attestation artifacts (token and claims) received from another system (on a confidential VM) to enable relying parties to gain trust to make transactions with the other system.
- Receive recommendations and alerts of unhealthy confidential VMs in Microsoft Defender for Cloud.
Announcing the new Ebsv5 VM sizes offering 2X remote storage performance with NVMe-Public Preview
Today, we are announcing the Public Preview of two additional Virtual Machine (VM) sizes, E96bsv5 and E112ibsv5, to the Ebsv5 VM family. The two new sizes are developed with the NVMe protocol and provide exceptional remote storage performance offering up to 260,000 IOPS and 8,000 MBps throughput.
General availability: Azure Monitor predictive autoscale for Azure Virtual Machine Scale Sets
Predictive autoscale uses machine learning to help manage and scale Azure Virtual Machine Scale Sets with cyclical workload patterns. It forecasts overall CPU load to your virtual machine scale set based on your historical CPU usage patterns. By observing and learning from historical usage, it predicts the overall CPU load ensuring scale-out occurs in time to meet demand.
Miscellaneous
Public preview: Microsoft Azure Deployment Environments
https://azure.microsoft.com/en-gb/updates/public-preview-microsoft-azure-deployment-environments/
Azure Deployment Environments has entered public preview. Azure Deployment Environments help dev teams create and manage all types of environments throughout the application lifecycle with features such as:
- On-demand environments enable developer to spin up environments with each feature branch to enable higher quality code reviews and ensure devs can view and test their changes in a prod-like environment.
- Sandbox environments can be used as greenfield environments for experimentation and research.
- CI/CD pipeline environments integrate with your CI/CD deployment pipeline to automatically create dev, test (regression, load, integration), staging and production environments at specified points in the development lifecycle.
- Environment types enable dev infra and IT teams to create preconfigured mappings that automatically apply the right subscriptions, permissions and identities to environments deployed by developers based on their current stage of development.
- Template catalogues housed in a code repo that can be accessed and edited by developers and IT admins to propagate best practices while maintaining security and governance.
Generally available: Azure Site Recovery update rollup 64 – October 2022
Modernized VMware to Azure DR is now generally available. Added support for:
- Protecting physical machines using the modernized experience.
- Enabling modernized experience with managed identity and private endpoint turned on.
Azure PowerShell Ignite 2022 announcements
- general availability of Azure PowerShell modules version 9
- added 12 modules supporting new services and added more than 500 cmdlets
- With Az 9 we are providing an actionable error message that indicates why a cmdlet is not found.
- With Az Config you can CENTRALLY CONFIGURE Azure PowerShell settings
Active Directory Connector (ADC) for Arc-enabled SQL Managed Instance is now generally available!
Azure Arc-enabled data services support Active Directory (AD) for Identity and Access Management (IAM). The Arc-enabled SQL Managed Instance uses an existing on-premises Active Directory (AD) domain for authentication.
Azure Backup
Public preview: Immutable vaults for Azure Backup
https://azure.microsoft.com/en-gb/updates/azure-backup-immutable-vaults-preview/
With immutable vaults, Azure Backup provides you an option to ensure that recovery points that are once created cannot be deleted before their intended expiry time.
Public preview: Multi-user authorization for Backup vaults
https://azure.microsoft.com/en-gb/updates/azure-backup-mua-backup-vaults-preview/
Multi-user authorization (MUA) for Backup adds an additional layer of protection for critical operations on your Backup vaults, providing greater security for your backups. To provide multi-user authorization, Backup uses a resource guard to ensure critical operations are performed with proper authorization
Public preview: Enhanced soft delete for Azure Backup
http://azure.microsoft.com/en-us/updates/azure-backup-enhanced-soft-delete-preview/
With enhanced soft delete, you get the ability to make soft delete irreversible, which protects soft delete from being disabled by any malicious actors. Hence, enhanced soft delete provides better protection for your backups against various threats. With enhanced soft delete, you get the ability to make soft delete irreversible, which protects soft delete from being disabled by any malicious actors. Hence, enhanced soft delete provides better protection for your backups against various threats.
General availability: Zone-redundant storage support by Azure Backup
http://azure.microsoft.com/en-us/updates/azurebackupzrssupport/
With the general availability of this feature, you have a broader set of redundancy or storage replication options to choose from for your backup data. Based on your data residency, data resiliency and total cost of ownership (TCO) requirements, you can select either locally redundant storage (LRS), zone-redundant storage (ZRS) or geo-redundant storage (GRS).
After Ignite – Up To November 30th
Cost Management
General availability: Azure savings plan for compute
https://azure.microsoft.com/en-gb/updates/general-availability-azure-savings-plan-for-compute/
The savings plan unlocks lower prices on select compute services when customers commit to spend a fixed hourly amount for one or three years. Choose whether to pay all up front or monthly at no extra cost.
General availability: Virtual Machine software reservations
You can now save on Virtual Machine software from third-party publishers by purchasing software reservations.
Hybrid
Generally available: Auto Extension upgrade for Arc enabled Servers
https://azure.microsoft.com/en-us/updates/auto-extension-upgrade-for-arc-servers/
Automatic Extension upgrade is now generally available for Arc enabled Servers using eligible VM extensions. With this release we are adding support for Azure Portal, PowerShell, CLI, and automatic rollback of failed upgrades
Networking
Visualize and monitor Azure & hybrid networks with Azure Network Watcher
Azure Network Watcher provides an entire suite of tools to visualize, monitor, diagnose, and troubleshoot network issues across Azure and Hybrid cloud environments.
Azure Virtual WAN simplifies networking needs
http://azure.microsoft.com/blog/networking-needs-simplified-with-azure-virtual-wan/
- Multipool user group support preview
- Secure hub routing intent preview
- Hub routing preference (HRP) is generally available
- Bypass next hop IP for workloads within a spoke VNet connected to the virtual WAN hub generally available
- Border Gateway Protocol (BGP) Peering with a virtual hub is generally available
- BGP dashboard is now generally available
- Virtual Network Gateway VPN over ExpressRoute private peering (AZ and non-AZ regions) is generally available
- Custom traffic selectors (portal)–generally available
- High availability for Azure VPN client using secondary profile is generally available
- ExpressRoute circuit with visibility of Virtual WAN connection
- Fortinet SDWAN is generally available
- Aruba EdgeConnect Enterprise SDWAN preview
- Checkpoint NG Firewall preview
Generally available: Block domain fronting behavior on newly created customer resources
beginning November 8, 2022, all newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior.
General availability: Default Rule Set 2.1 for Azure Web Application Firewall
Increase your security posture and reduce false positives with Default Rule Set 2.1, now generally available on Azure’s global Web Application Firewall running on Azure Front Door.
Evolving networking with a DPU-powered edge
SmartNICs or Data Processing Units (DPUs) bring an opportunity to double down on the benefits of a software-defined infrastructure without sacrificing the host resources needed by your line-of-business apps in your (virtual machines) VMs or containers. With a DPU, we can enable SR-IOV usage removing the host CPU consumption incurred by the synthetic datapath, alongside the SDN benefits.
Public preview: Azure Front Door zero downtime migration
http://azure.microsoft.com/en-us/updates/public-preview-azure-front-door-zero-downtime-migration/
You can use this feature to migrate Azure Front Door (classic) to Azure Front Door Standard and Premium with zero downtime.
Public preview: Azure Front Door integration with managed identities
Azure Front Door Standard and Premium supports enabling managed identities for Azure Front Door to access Azure Key Vault.
Public preview: Upgrade from Azure Front Door Standard to Premium tier
You can now use this feature to upgrade your Azure Front Door Standard profile to Premium tier without downtime.
General availability: Per Rule Actions on regional Web Application Firewall
Azure’s regional Web Application Firewall (WAF) with Application Gateway running the Bot Protection rule set and Core Rule Set (CRS) 3.2 or higher now supports setting actions on a rule-by-rule basis.
General availability: TLS 1.3 with Application Gateway
http://azure.microsoft.com/en-us/updates/tls1-3-application-gateway-ga/
Start using the new policies with TLS 1.3 for your Azure Application Gateway to improve security and performance.
Announcing new capabilities for Azure Firewall
http://azure.microsoft.com/blog/announcing-new-capabilities-for-azure-firewall/
- New GA regions in Qatar central, China East, and China North
- IDPS Private IP ranges now generally available.
- Single Click Upgrade/Downgrade now in preview.
- Enhanced Threat Intelligence now in preview.
- KeyVault with zero internet exposure now in preview.
AKS
Dapr v1.9.0 now available in the Dapr extension for AKS and Arc-enabled Kubernetes
The Dapr v1.9.0 release offers several new features, including pluggable components, resiliency metrics, and app health checks, as well as many fixes in the core runtime and components.
Generally available: Premium SSD v2 disks available on Azure Disk CSI driver
Premium SSD v2 support is now generally available on AKS.
Public preview: AKS image cleaner
https://azure.microsoft.com/en-gb/updates/public-preview-aks-image-cleaner/
You can now more easily remove unused and vulnerable images stored on AKS nodes.
Public preview: IPVS load balancer support in AKS
https://azure.microsoft.com/en-gb/updates/public-preview-ipvs-load-balancer-support-in-aks/
You can now use the IP Virtual Server (IPVS) load balancer with AKS, with configurable connection scheduling and TCP/UDP timeouts.
Public preview: Azure CNI Powered by Cilium
https://azure.microsoft.com/en-gb/updates/public-preview-azure-cni-powered-by-cilium/
Leverage next generation eBPF dataplane for pod networking, Kubernetes network policies and service load balancing.
Public preview: Rotate SSH keys on existing AKS nodepools
http://azure.microsoft.com/en-us/updates/public-preview-rotate-ssh-keys-on-existing-aks-nodepools/
You can now update SSH keys on existing AKS nodepools post deployment.
Azure VMware Solution
Generally available: New node sizing for Azure VMware Solution
Optimize workloads with new node sizes, AV52, and AV36P, now generally available in Azure VMware Solution.
Generally available: Azure NetApp Files datastores for Azure VMware Solution
Azure NetApp Files datastores is now generally available to run your storage intensive workloads on Azure VMware Solution (AVS).
Virtual Machines
General availability: Ephemeral OS disk support for confidential virtual machines
Create confidential VMs using Ephemeral OS disks for your stateless workloads.
General availability: New cost recommendations for Virtual Machine Scale Sets
Azure Advisor has expanded recommendations to include cost optimisation recommendation for Virtual Machine Scale Sets too.
Microsoft Intune user scope configuration for Azure Virtual Desktop multi-session VMs is now GA
This new update enables you to configure user scope policies using settings catalog, configure user certificates, and configure PowerShell scripts in user context.
Generally available: Encrypt managed disks with cross-tenant customer-managed keys
Many service providers building Software as a Service (SaaS) offerings on Azure want to give their customers the option of managing their own encryption keys.
General availability: Bot Manager Rule Set 1.0 on regional Web Application Firewall
This rule set provides you enhanced protection against bots and provides granular control over bots detected by WAF by categorizing bot traffic as good, bad, or unknown bots.
Public preview: Azure Bastion now support shareable links
http://azure.microsoft.com/en-us/updates/azure-bastion-shareable-links/
Shareable links allows users to connect to target resources via Azure Bastion without access to the Azure portal.
Storage
Generally available: SFTP support for Azure Blob Storage
Azure Blob Storage now supports provisioning an SFTP endpoint with just one click.
Public preview: Availability zone volume placement for Azure NetApp Files
Deploy new Azure NetApp Files volumes in Azure availability zones (AZs) of your choice to support workloads across multiple availability zones.
App Services
App Service Environment version 1 and version 2 will be retired on 31 August 2024
Migrate to App Service Environment version 3 by 31 August 2024
Generally available: Azure Static Web Apps now fully supports .NET 7
Azure Static Web Apps now supports building and deploying full-stack .NET 7.0 isolated applications.
Public preview: Azure Static Web Apps now Supports Node 18
https://azure.microsoft.com/en-gb/updates/public-preview-azure-static-web-apps-now-supports-node-18/
Azure Static Web Apps now supports building and deploying full-stack Node 18 applications.
Generally available: Static Web Apps support for skipping API builds
Azure Static Web Apps provides the option to skip the default API builds via GitHub Actions and Azure pipelines. While setting up the YAML build configuration, you can set the skip_api_build flag to true in order to skip building the APIs.
Generally available: Static Web Apps support for stable URLs for preview environments
Use stable URLs with Azure Static Web Apps preview environments.
Generally available: Static Web Apps support for Gitlab and Bitbucket
Deploy Static Web Apps using Gitlab and Bitbucket as CI/CD providers.
Generally available: Static Web Apps support for preview environments in Azure DevOps
Deploy applications to staging environments using Azure DevOps.
Public preview: Go language support on Azure App Service
http://azure.microsoft.com/en-us/updates/public-preview-go-language-support-on-azure-app-service/
Go language (v1.18 and v1.19) is natively supported on Azure App Service, helping developers innovate faster using the best fully managed app platform for cloud-centric web apps. The language support is available as an experimental language release on Linux App Service in November 2022.
Generally available Day 0 support for .NET 7.0 on App Service
developers are immediately unblocked to try, test, and deploy .NET apps targeting the version of .NET accelerating time-to-market on the platform they know and use today. It is expected to be available in Q2 FY23.
Miscellaneous
Secure your digital payment system in the cloud with Azure Payment HSM—now generally available
the general availability of Azure Payment HSM, a BareMetal Infrastructure as a service (IaaS) that enables customers to have native access to payment HSM in the Azure cloud. With Azure Payment HSM, customers can seamlessly migrate PCI workloads to Azure and meet the most stringent security, audit compliance, low latency, and high-performance requirements needed by the Payment Card Industry (PCI).
Automated Key Rotation Generally Available on Azure Key Vault Managed HSM
The feature allows you to set up an auto-rotation policy that automatically generates a new key version of the customer-managed key (CMK) stored in the HSM at a specified frequency.
General availability: Azure Automation supports Availability zones
http://azure.microsoft.com/en-us/updates/azure-automation-availability-zones/
Azure Automation now supports Availability zones to provide improved resiliency and reliability to the service, runbooks and other automation assets.
Public preview: Microsoft Azure Managed HSM TLS Offload Library
https://azure.microsoft.com/en-gb/updates/public-preview-managed-hsm-tls-offload-library/
Azure Managed HSM now supports SSL/TLS Offload for F5 and Nginx.
Generally available: Additional Always Free Services for Azure Free Account and PAYG
With an Azure free account, you can explore with free amounts of 55+ always free services.
AVD
Announcing general availability of FSLogix profiles for Azure AD-joined VMs in Azure Virtual Desktop
By leveraging Azure AD Kerberos with Azure Files, you can seamlessly access file shares from Azure AD-joined VMs and use them to store your FSLogix profile containers.
Management
General availability: Manage your Log Analytics Tables in Azure Portal
announcing the general availability of a new experience for managing Azure Log Analytics table metadata from the Azure Portal. With this new UI you can view and edit table properties directly from Azure Portal in Log Analytics workspaces experience.
New Project Flash Update: Advancing Azure Virtual Machine availability monitoring
- General availability of VM availability information in Azure Resource Graph
- Preview of a VM availability metric in Azure Monitor
- Preview of VM availability status change events via Azure Event Grid
General availability: Azure Monitor agent custom and IIS logs
This new capability is designed to enable customers to collect their text-based logs generated in their service or application. Likewise, Internet Information Service (IIS) logs for a customers’ service can be collected and transferred into a Log Analytics Workspace table for analysis.
General availability: Azure Monitor Logs, custom log API and ingestion-time transformations
With these new features, you will be able to add a custom ingestion-time transformation to data following into Azure Monitor Logs. These transformations can be used to set up ingestion-time extraction of fields and parsing of complex logs, obfuscation of sensitive data, removal of unneeded fields or even dropping full events for cost control, and many more advanced possibilities.
Announcing GA of revamped Custom Logs features
- GA of the Log Ingestion API
- GA of the Ingestion-time Transformations feature
- A nominal fee per GB dropped will be charged for any data dropped beyond 50% of incoming data, calculated daily
Azure Backup
Limited preview: Azure Backup support for confidential VMs using Platform Managed Keys
You can use this feature to back up confidential VMs using Platform Managed Keys.
Public preview: Cross Subscription Restore for Azure Virtual Machines
Cross Subscription Restore allows you to restore Azure Virtual Machine, through create new or restore disks, to any subscription (honoring the RBAC capabilities) from the restore point created by Azure Backup.
