Monday, was a big day for Microsofts’ team as a flurry of announcements came out of Orlandos’ Ignite conference, we have already talked about how Microsoft is leveraging artificial intelligence (AI) across its products and services be it Microsoft 365 and Office 365, Bing Ads, or new Bing for business.
Here is a brief roundup of news related to data science and Microsoft Cloud:
SQL Server 2017 (Windows, Linux, and Docker) and Machine Learning Services are now generally available with support for in-database R and Python to both Windows and Linux. You can start using Python-based in-database Machine Learning Services for production usage now.
With support for both R and Python, ‘R Services’ is rebranded to ‘Machine Learning Services’.
SQL Server now supports the three most popular data science languages and enables you to use the latest AI and ML packages from the open source world in-database, across ALL editions on Windows – making SQL Server 2017 the commercial database with built-in AI.
Also, now through June 30, 2018, SQL Server on Linux offer is running that provides access to SQL Server 2017 on Linux at significant savings through an annual subscription.
Microsoft ML Server, a new name for Microsoft R Server, now at version 9.2 includes support for operationalizing Python language as well as R.
Microsoft R Client 3.4.1 was also released alongside and provides desktop capabilities for R developers with the ability to deploy computations to a production ML Server.
This 2-minute video explains how to deploy models with ML Server (and with this release, real-time scoring is now also supported Linux as well).
Microsoft Cognitive Services offers new intelligent APIs for developing AI applications, including general availability of the text analytics API for topic extraction, language detection and sentiment analysis.
Visual Studio Code for AI, an extension for popular open-source code editor, provides new interfaces for developing with Tensorflow, Cognitive Toolkit (CNTK), Azure ML and more.
Also, a new high-level language for quantum computing to be integrated with Visual Studio, and a simulator for quantum computers up to 32 qubits was announced on Monday.
This 2-minute video provides an overview of Microsoft’s vision for Quantum Computing.
The new generation of Dynamics 365 AI solutions leverages Microsoft AI platform, tools and infrastructure to help organization accelerate the digital transformation are tailored to existing systems, processes and data.
The first solution includes an intelligent virtual agent for customer care, an intelligent assistant for customer service staff and conversation management tools, all powered by Microsoft AI.
These solutions are designed with three principles in mind:
- Leverage Microsoft’s AI platform, data & expertise. With world-class AI research, cloud, data and developer platform, we are building our solutions on more than 25 years of work. These technologies have been used in our own products, services, and now enterprise-ready solutions.
Integrated with your core enterprise scenarios. Our solutions are built to focus on traditional, horizontal, business scenarios most large enterprises rely on to serve their customers. When we partner with customers, we tailor the solution to meet your requirements, customize it to your data, and connect it to your existing 1st and 3rd party line of business applications and IT systems.
AI driven solutions to transform your business. These new AI solutions are used to meet large-scale enterprise needs and we use them ourselves at Microsoft. You can adopt them with the confidence knowing that they will be ready for your business needs, writes Microsoft.
See this diagram, how the new Dynamics 365 AI solutions works:
System Center Updates Publisher (SCUP) Preview 2 comes with an updated catalog format to provide a better experience for users when consuming large update catalogs.
Improvement include in this release:
- Indexing for quicker imports of previously imported catalogs – Catalog producers can now index their catalogs. This will allow users to import large catalogs containing few new updates more quickly.
Inclusion of signing certificates within updates catalogs – Catalog producers can now include signing certificates with their updates catalogs. This enables users to add the certificates to the trusted publishers list during import so that approval prompts will not block publish operations. Note: While old catalog formats are still supported, catalog producers will need to add information to their existing catalogs to take advantage of these improvements.
- Signature Timestamp – Updates published to a WSUS server will by default have the signature time-stamped. Note, this functionality requires internet access. If you have upgraded from preview 1 this will not be automatically enabled. To enable or disable the signature timestamp or configure the timestamp server that is used see the Advanced page under Options.
Preview 2 also includes fixes for issues based on feedback submitted during the first preview.
With 42 regions around the world and an expansive network spanning over 4,500 points of presence, Microsoft at Ignite, made several announcements about advancements in Azure:
- Microsoft will deliver a first-party, native NFS v3/v4 service based on NetApp’s proven ONTAP and other hybrid cloud data services, with preview available in early 2018. This service will deliver enterprise-grade data storage, management, security, and protection for customers moving to Microsoft Azure. The service will be enabled to advance hybrid cloud scenarios, providing visibility and control across Azure, on-premises and hosted NFS workloads.
Preview of New Azure networking service called Azure DDoS Protection, which helps protect publicly accessible endpoints from distributed denial of service (DDoS) attacks. Azure DDoS Protection learns an application’s normal traffic patterns and automatically applies traffic scrubbing when attacks are detected to ensure only legitimate traffic reaches the service.
Two new cloud governance services – Azure Cost Management and Azure Policy introduced — to help you monitor and optimize cloud spend and cloud compliance. Azure Cost Management will be free for Azure customers, and you can sign up now for a preview of Azure Policy.
Integration of the native security and management experience. New updates in the Azure portal simplify the process of backing up, monitoring, and configuring diaster recovery for virtual machines.
- Also, update management will now be free for Azure customers.
Preview of new Azure Migrate service, which helps discover and migrate virtual machines and servers. The new service captures all on-premises applications, workloads, and data, and helps map migration dependencies over to Azure, making IT’s jobs immensely easier. Azure Migrate also integrates with the Database Migration Services we released today.
- New Azure Data Box preview, which provides a secure way to transfer very large datasets to Azure. This integrates seamlessly with Azure services like Backup and Site Recovery as well as partner solutions from CommVault, Netapp, Veritas, Veeam, and others.
- Azure File Sync preview offer secure, centralized file share management in the cloud.
Microsoft also demonstrated SAP HANA running on both M-series and purpose-built infrastructure, as well as previewed the B-series VM for burstable workloads. Also, upcoming Fv2-, NCv2-, ND-series, which offer innovation of new processor types like Intel’s Scalable Xeon and NVIDIA’s Tesla P100 and P40 GPUs, were announced.
And, also latest versions of most popular VM sizes (DS, ES, GS, and MS), which constrain vCPU count to one half or one quarter of the original VM size, while maintaining the same memory, storage and I/O bandwidth was announced.
Microsoft notes, “licensing charged for SQL Server or Oracle will be constrained to new vCPU count, and other products should be charged based on new vCPU count.”
All of this results in a 50% to 75% increase in the ratio of the VM specs to active (billable) vCPUs.
Here, examples of potential savings running a VM provisioned from SQL Server Enterprise image on the new DS14-4v2 and GS5-8 VM sizes as compared to their original versions:
For, all latest official pricing, refer this Azure VM pricing page.
Next generation of Azure Machine Learning (AML) is now available includes, the AML Workbench, a cross-platform client for AI-powered data wrangling and experiment management.
It also brings in AML Experimentation service to help data scientists increase their rate of experimentation with big data and GPUs, and an AML Model Management service to host, version, manage and monitor machine learning models.
The first Semi-Annual Channel release of Windows Server version 1709, introduces further advances in container technology, including:
- an optimized Nano Server Container image (80% smaller!),
- new support for Linux containers on Hyper-V,
- and the ability to run native Linux tools with the Windows Subsystem for Linux (aka Bash for Windows).
Azure customers will be able to deploy Windows Server, version 1709 in early October. Customers with Software Assurance and loyalty programs (such MSDN) will be able to download the bits later in that month.
Windows Insiders will continue to have access to preview builds in the Semi-Annual Channel.
Azure Container Instances (ACI), which provide the simplest way to create and deploy new containers in the cloud with just a few simple clicks, now support Windows Server in addition to Linux.
Azure Service Fabric, which offers a generalized hosting and container orchestration platform designed for highly scalable applications, today, launhced Linux support in general availability.
Azure SQL Database now supports real-time scoring for R and Python, and a preview of general in-database R services is now available as well.
Microsoft further made advancements in the hybrid cloud computing with following developments:
Azure Stack is now shipping from Dell EMC, Hewlett Packard Enterprise (HPE) and Lenovo, and brings the agility and fast-paced innovation of cloud computing to on-premises environments. Only Azure Stack lets you deliver Azure services from your organization’s datacenter, while balancing the right amount of flexibility and control – for truly-consistent hybrid cloud deployments.
Azure SQL Database service already has 100 percent SQL Server compatibility for no code changes via Managed Instance — today, introducing a new Azure Database Migration Service that enables a near-zero downtime migration. Now customers can migrate all of their data to Azure without hassle or high cost.
Azure Security Center can now be used to secure workloads running on-premises and in other clouds with new capabilities released today, including: Just in Time (JIT) access, dynamic app whitelisting, and being able to drill down into an attack end to end with interactive investigation paths and mapping.
Beyond innovation above, Microsoft shared it’s working on to save customers money, for example, Azure Hybrid Benefit for Windows Server and the new Azure Hybrid Benefit for SQL Server allow customers to use their existing licenses to get discounts in Azure, making Azure the most economical choice and path to the cloud for these customers.
And, the new Azure Reserved VM Instances, will enable customers save up to 82 percent on Windows Server VMs.
Also, the company is now offering new Azure free account, which introduces the free use of many popular services for 12 months, in addition to $200 free credit that the compnay provide.
Here are brief details of the new Microsoft Cloud Platform announcements:
Azure Reserved VM Instances (RIs) offer the most affordable and flexible RIs with prioritized compute capacity on the market. It allows you to reserve virtual machines at extremely low prices on Azure.
Customers need to select only three items: region, VM series, and term, when making an RI purchase. What’s more, Windows Server customers can save up to 82% with AHB.
Azure security and operations management | Cloudyn, Azure Security Center, Monitor
Microsoft announced several new features and updates to help users secure and manage their cloud workloads:
Cost Management by Cloudyn, a service that helps organizations manage and optimize cloud spend across Azure, AWS, and Google Cloud Platform. The service is now available for free to all Azure customers and partners.
Azure Security Center, helps customers protect workloads running in Azure against cyber threats, can now also be used to secure workloads running on-premises and in other private and public clouds, in public preview.
Security Center is also releasing new capabilities including dynamic application whitelisting, integration with Azure Logic Apps, and ability to drill down into an incident with interactive investigation paths and mapping.
Additionally, customers can now easily explore and add on services for monitoring, backing up, and securing their resources from the creation of a resource in Azure to reduce security and compliance risk.
One of these new features, Update Management, will be free for any machine.
The public preview of Azure Availbility Zones in two new regions with more coming in next few months. Availability Zones are fault-isolated locations within an Azure region, providing redundant power, cooling, and networking.
Availability Zones allow you to run mission critical applications with high availability and fault tolerance to data center failures. As our commitment to you, we will offer a financially backed 99.99% SLA for virtual machines deployed in two or more zones within a region when the service is generally available.
General availability of Azure Batch low-priority VMs are now available at a large discount compared to regular on-demand VMs. If Batch applications can tolerate interruption and job execution time is flexible, then using low-priority VMs can significantly reduce the cost of running workloads, or allow much more work to be performed at a greater scale, for the same cost. Many batch processing workloads can take advantage of low-priority VMs, and Azure Batch makes it easy to allocate and manage low-priority VMs, as well as handle any pre-emptions that occur.
GA of Azure Batch Rendering enable customers such as artists, engineers, and designers to submit rendering jobs seamlessly via client applications such as Maya and 3ds Max, or via our SDK, Azure Batch Rendering accelerates large scale rendering jobs to deliver results to customers faster.
Azure is also working with Autodesk, Chaos Group, and other partners to enable customers to run their day-to-day rendering workloads seamlessly on Azure.
The Batch Rendering feature will provide tools such as client plugins offering a rich integrated experience allowing customers to submit jobs from within the applications with easy scaling, monitoring, and asset management.
Additionally, the SDK, available in various languages, allows custom integration with customer’s existing environments.
The public preview of PowerShell in Azure Cloud Shell enable Microsoft-managed admin machine on Azure, for Azure. Now you can use PowerShell when you connect with Azure using an authenticated, browser-based shell experience that’s hosted in the cloud, and accessible from virtually anywhere or any device.
The PowerShell experience provides easy discovery and navigation of all Azure resources using Azure drive’s (Azure:) filesystem-like browsing of resources, contextual capabilities based on the current path, an extensible model for adding new commands from PowerShell Gallery, and easier management of virtual machines.
The limited preview of Azure Data Box available in US regiions, is a secure, ruggedized, tamper resistant appliance created by Microsoft help customers transfer large amounts of data into Azure Storage.
Customers can order ‘Data Box’ through Azure portal, which connect to a customer’s networks via DHCP or customer supplied IP address. Customers can copy data to the Azure Data Box using the SMB 3.0 protocol, and encrypt it using 256-bit AES encryption keys. When returned to Microsoft, customers can store their data in Azure Blob or Files storage, and the device is erased after data upload. Partners can also use the Azure Data Box to help their customers with large Azure Data transfer projects.
Azure DDOS Protection service protect applications from being impacted by Distributed Denial of Service (DDoS) attacks at OSI Layers 3-7.
This service monitors public IP addresses of resources within Azure, learns an application’s normal traffic patterns, and instantly mitigates an attack when it’s detected. When you subscribe to this service, you also receive advanced telemetry and alerts related to the attacks that were carried out against your application.
During preview, Microsoft says, users will not incur any cost for using the service.
Preview for Azure File Sync, which provides secure, centralized file share management in the cloud was announced.
Install the File Sync agent on your Windows Servers so you can store less frequently accessed files in the cloud, while keeping more frequently accessed data on local file shares, and deliver consistent file share performance with no configuration or code changes.
The public preview of Azure IoT Hub Device Provisioning, a new service that works with Azure IoT Hub to enable customers to configure zero-touch device provisioning to their IoT hub.
With the Device Provisioning Service, you can provision millions of devices in a secure and scalable manner, automating a process that has historically been time and resource intensive for manufacturers and companies managing volumes of connected devices.
IoT Hub Device Provisioning Service, together with IoT Hub device management, helps customers manage all stages of IoT device lifecycle, at scale and in a secure way.
Azure IoT Suite Remote Monitoring solution that represents the next milestone in ease of development, deployment, and maintenance of an IoT project is now available for purchase.
This architecture will be available both in Java and .NET languages, which will give you more choices on which solutions to build on top of the Azure platform.
Azure Migrate Preview, a new service that provides the guidance, insights, and mechanisms needed to assist you in migrating to Azure.
Using an appliance-based approach, Azure Migrate provides:
- Discovery and assessment for on-premises virtual machines and servers.
- Inbuilt dependency mapping for high-confidence discovery of multi-tier applications.
- Intelligent rightsizing to Azure Virtual Machines.
- Compatibility reporting with guidelines for remediating potential issues.
- Integration with Azure Database Management Service for database discovery and migration.
Azure Network Watcher announces the preview of Connectivity Check for Express Route circuits, enable you to identify hybrid connectivity issues from your Azure virtual machine to an on premise machine connected over an Azure ExpressRoute circuit.
Connectivity Check drastically reduces the amount of time required to identify connectivity issues. The results returned provide you:
- All hops from your source virtual machine to your on-premise machine.
- Hop by hop and overall latency.
- Potential user configuration or platform issues at each hop in Azure. The connectivity check can either be initiated from Portal or through REST API, PowerShell, CLI, and SDK.
Azure Traffic Manager announces ‘Real User Measurements’ Preview, that provides customers with an increase in accuracy of the routing decisions made by Azure Traffic Manager for queries against their Traffic Manager profiles, and ensures that Azure Traffic Manager’s existing network latency intelligence adequately spans the specific networks where their end users connect from.
Azure Traffic Manager Traffic View preview, enable to understand where your user bases are located (up to a local DNS resolver level granularity), the volume of traffic originating from these regions, what is the representative latency experienced by these users, and deep dive into the specific traffic patterns from each of these user bases to Azure regions where you have presence.
Choose to use this feature and you will be able to view the above information in a tabular format in the Azure portal, in addition to having the ability to download raw data. By adopting into this feature, you will have actionable intelligence on how to manage your capacity at existing Azure regions as well as new Azure regions to which you need to expand so that your users will get an even better experience.
P2S VPN for Macs and AD Domain Authentication for P2S VPN are now generally available.
Customers can now connect to Azure Virtual Networks over P2S VPN from their Mac machines using the native IKEv2 VPN client. SSTP continues to be the P2S solution for Windows. Customers can support a mixed client environment consisting of both Windows and Macs by enabling both IKEv2 and SSTP VPN.
Customers can use the organization domain credentials for IKEv2 and SSTP VPN authentication by enabling RADIUS authentication. The Azure VPN Gateway integrates with the customer’s RADIUS and AD Domain deployment in Azure, or on-premises Datacenter. RADIUS servers integrate with other identity providers too, providing multiple useful authentication (including multi-factor) options for P2S VPN.
Azure Load Balancer HA Ports in preview, a premium offering of Azure Load Balancer enables you to configure a single load balancing rule to process traffic from all the protocols and ports, thus enabling deployment of services or appliances in high availability mode.
This rule makes it easier to load balance the virtual network traffic from multiple sources on to the required backend pool, irrespective of the port numbers. By replacing multiple load balancing rules with a single rule, you can now avoid the max rule limit, and reduce the complexity of ARM templates.
Load Balancer Standard in Preview allows you to create load balanced deployments with much greater scale, resiliency, and ease of use for all your virtual machine instances inside a virtual network.
Load Balancer Standard unlocks a wide range of scenarios and abilities, including Availability Zones, any virtual machine instance in a virtual network, 1000 instance VM scale sets, instance load balancing rules for network virtual appliance high availability, and diagnostic insights including data plane health, per endpoint health, and traffic counters.
Project “Honolulu” in Preview offers a flexible, locally-deployed, browser-based management platform and set of tools. To get started with Project “Honolulu,” download the public preview and check out the documentation page.
Global Virtual Network Peering in public preview enables you to peer virtual networks belonging to different Azure regions. Previously through Virtual Network Peering, you could only peer virtual networks belonging to the same region.
With this preview, you can set up a peering connection across different regions enabling a variety of scenarios. Some examples include disaster recovery, database failover, and data replication through private IPs. Global Virtual Network Peering enables a low latency, direct connection between VMs belonging to different Virtual Networks in different regions.
The traffic is completely private—no internet is involved. The traffic is completely restricted to the Microsoft backbone. Further, there are no bandwidth limitations that come into play with Global Virtual Network Peering, except those determined by your virtual machine size.
Microsoft will be delivering semi-annual releases for System Center, starting in early 2018 with public preview of System Center version 1801 will be available in November.
This release will focus on System Center Operations Manager, Virtual Machine Manager, and Data Protection Manager. The key areas of investment will include support for the latest version of Windows Server, support for Linux, enhanced performance, usability and reliability, and extensibility with Azure-based security and management services.
A limited preview is now available for the Windows Server Technical Adoption program members.
VNet Service Endpoints for Azure Storage and Azure SQL in Public Preview allow you to secure Azure Storage accounts and Azure SQL DBs to virtual network (VNet), fully removing public Internet access to these resources. Service endpoints provide direct connection from your virtual network to an Azure service, allowing you to use your VNet’s private address space to access supported Azure services.
Traffic destined to Azure services through service endpoints will always remain on the Microsoft Azure backbone network. There is no additional cost to enabling service endpoints on your virtual networks.
Virtual Network service endpoints allow you to secure Azure Storage accounts and Azure SQL DBs to your virtual network (VNet), fully removing public Internet access to these resources. Service endpoints provide direct connection from your virtual network to an Azure service, allowing you to use your VNet’s private address space to access supported Azure services.
Traffic destined to Azure services through service endpoints will always remain on the Microsoft Azure backbone network.
There is no additional cost to enabling service endpoints on your virtual networks.
Ip Service Tags preview will include service tags that can be used in network security groups for Storage, SQL, and Traffic Manager.
Service Tags simplify security for Azure Virtual Machines and Virtual Networks by enabling you to easily restrict network access for their virtual machines to just the Azure services you use.
ExpressRoute IPv6 support for Azure and Office365 hits general availability. Customers can now access IPv6 endpoints hosted by Office 365 and Azure services through the Microsoft peering. Microsoft peering will be dual stacked. Customers will need to enable both IPv4 and IPv6 configuration on the peering to ensure that they have access to all relevant endpoints. You can use route filters to select the services and regions that you want to connect to.
This capability is fully supported through APIs, PowerShell, and CLI.
Microsoft Azure Essentials preview, a new free resource for IT Professionals and Developers who are excited about the potential of cloud computing, and want to learn new skills and apply them quickly.
As Azure grows, Azure Essentials will grow right along with it and with you. Azure Essentials will be updated with new ways to learn and new content to keep your career on track.
FastTrack for Azure preview expands its geo presence provides direct assistance from Microsoft engineers, working hand in hand with partners, to help customers build desired solutions quickly and confidently.
Focused on customer success, FastTrack guides customers from setup, configuration, and development to production of Azure solutions. To learn more, visit aka.ms/FTAzure.
Azure Machine Learning updates in public preview now enable AI developers and data scientists to build, deploy, and manage AI models everywhere, at any scale, in the cloud, on-premises, or edge.
AML will offer following benefits with enterprise grade security of Microsoft, including.
- Cost-effective machine learning. Get started right away with free seats. Pay only for the cloud resources you use.
- Increase your rate of model experimentation. Track model code, configurations, parameters, and training data to quickly identify the best performing models and ensure reproducibility.
- Build, deploy, and manage everywhere. Rapidly prototype on a desktop, then scale up using virtual machines, and scale out using Spark clusters. Docker containers make model training and deployment flexible and easier.
- Meets you where you are. Use the tools and technology that data scientists and AI developers love. No need to learn new tools or technology. Integrated into Visual Studio code.
- More modeling, less prepping. Intelligent data prep is built right in. It learns your data preparation steps as you perform them, and then runs them on the rest of your data. Export your work in Python or Spark for reproducibility and scale on all your data.
New features for Azure Machine Learning are now available in public preview in East US 2, West Central US, and Australia, with more regions and markets will be added later.
Azure SQL Database—Easy lift and shift to the cloud
Later this fall, Microsoft will announce public preview of “Azure Database Migration Service,” “SQL Database Managed Instance,” and a new “Hybrid Use Benefit,” that you can use to easily and quickly move SQL Server data to Azure SQL Database.
Soon, “you will be able to lift and shift, at scale, your on-premises SQL Servers with the fully-automated Database Migration Service to a managed instance that is highly compatible with SQL Server,” said Microsoft.
Azure SQL Database | Native Scoring Preview
Get Started with Native Scoring in Azure SQL Database
Now available in Azure SQL Database, Native Scoring allows you to score machine learning models generated by RevoScaleR or revoscalepy packages from Transact-SQL. The PREDICT function allows you to score models as part of your transactions without calling an external language runtime, thus reducing or eliminating performance costs. For more information, please see the PREDICT function topic in our documentation.
Azure SQL Database | Pools storage up to 4 TB premium tier—GA
More included storage for Premium elastic pools in Azure SQL Database is GA
More than 1 TB of storage, up to a maximum of 4 TB, is included in the price of the largest compute size premium pools. These storage increases are now generally available in certain regions with wider spread regional coverage planned. To learn more, visit the Azure Blog.
Azure SQL Database | Virtual Network service endpoints Preview
Enable Virtual Network service endpoints for more granular security
The public preview of Virtual Network service endpoints in Azure SQL Database is now available. Azure SQL Database allows you to set firewall rules for specific public IPs and lets you allow all Azure Services’ IPs to connect to your servers. If you’re looking for finer grained connectivity limitations, you would have to provision a static public IP, which can be hard to manage and costly when done at scale. Virtual Network service endpoints allows you to limit connectivity to your Azure SQL Database Servers from given Subnets within a virtual network.
Azure SQL Database | Vulnerability Assessment Preview
Azure SQL Database—Track and remediate potential database vulnerabilities
Vulnerability Assessment is a scanning service built into the Azure SQL Database service itself. The service employs a knowledge base of rules that identify security vulnerabilities and deviations from best practices, such as misconfigurations, excessive permissions, and exposed sensitive data. Results of the assessment include actionable steps to resolve each issue, and customized remediation scripts where applicable. The assessment report can be customized for each environment and tailored to specific requirements.
Cognitive Services Updates | GA announcements of Text Analytics, Bing Search v7 and Bing Custom Search
Today we are excited to announce the next big wave of innovation for Microsoft Cognitive Services, a collection of APIs and services that allow developers to use the broadest set of AI services in the industry, such as vision and speech recognition, emotion and sentiment detection, and language understanding and add them to their applications with no need to be an expert in data science.
Today’s updates include:
- Text Analytics API General Availability – a cloud-based service that provides advanced natural language processing over raw text. It includes API functions such as sentiment analysis, key phrase extraction and language detection.
- Bing Custom Search API upcoming General Availability in October, lets you create a highly-customized targeted web search experience, to deliver more relevant results from your targeted web space through a commercial grade service. Featuring a straightforward User Interface, Bing Custom Search enables you to create your own web search engine without a line of code. Specify the slices of the web that you want to draw from – or let cutting-edge AI technology help you to identify them. It can empower businesses of any size, hobbyists and entrepreneurs to design and deploy web search applications for any possible scenario.
- Bing Search V7 upcoming General Availability in October – Allowing you to bring the immense knowledge of the planet to your applications. Results come back fast with improved performance for queries on the Bing Web Search API. New sorting and filtering options make it easier to find relevant results in news trending topics and image searches. Better error messages make it easy to troubleshoot and diagnose problem queries, and updated, modernized documentation make it easy bring the power of the Bing Search APIs to your applications.
- We plan to make Language Understanding Intelligent Service and Microsoft Bot Framework, which contains everything you need to build and connect intelligent bots, generally available later this year.
- We’re also adding new capabilities to our services:
- QnAMaker preview API is now enabling to build, train and publish a simple question and answer bot from product manuals.
- We’re expanding Face API, Computer Vision API and Content Moderator in 7 additional regions: South Central US, West US2, East US, Brazil, North Europe, Australia East and East Asia.
For more information about these updates, please refer to the Cognitive Services Blog Post.
Machine Learning Services | ML Server Software Assurance benefit for Hadoop—GA
Machine Learning Server for Hadoop Becomes a Software Assurance benefit
In addition to rebranding Microsoft R Server to Microsoft Machine Learning Server, we simplified the purchase and acquisition process for our customers. Effective October 1st, Microsoft Machine Learning for Hadoop/Spark becomes a Software Assurance benefit for SQL Server Enterprise Edition customers. The new Software Assurance benefit provides the rights to run Microsoft Machine Learning Server for Hadoop on up to 10 servers for every 2 cores of SQL Server Enterprise Edition under active Software Assurance as of October 1st.
The stand-alone version of Microsoft R Server (without the database engine components) will be renamed Microsoft Machine Learning Server. (This server can only be purchased with SQL Server., It’s intended for machine learning as well as data scientists wanting to benefit from the scale and performance capabilities of Microsoft Machine Learning Server, without database components and other services.
Machine Learning Server for Linux is now licensed through SQL Server Enterprise Edition
Beginning October 1st, running Machine Learning Server for Linux will be licensed through SQL Server 2017 Enterprise Edition. R Server for Windows has been licensed through SQL Server Enterprise Edition, and this will bring consistency to running Machine Learning Server for Linux workloads on the SQL platform.
Machine Learning Services | Rename R Server to Machine Learning Server—GA
We’ve renamed SQL R Services to Microsoft Machine Learning Services under the SQL Server brand, and have also renamed Microsoft R Server as Microsoft Machine Learning Server. The additional language support aligns the advanced analytics workload to machine learning capabilities and focus on AI.
With Python support in addition to R and Microsoft ML libraries, we’re enhancing machine learning capabilities, offering the ability to develop new intelligent applications that combine the best of the open source and enterprise capabilities of SQL Server 2017.
We see Python growing as the most commonly utilized language for data science and machine learning applications. We started with R when we acquired Revolution Analytics two years ago, and built in an extensibility layer to enable us to add additional languages as our customers and users started adopting them for their data science needs.
Power BI Desktop | GA
New and most frequently requested Power BI Desktop features are now available to business analysts.
Drill through to another report page—Drill through filters allow you to create a page in your report that provides details on a single ‘entity’ in your model, such as a customer, manufacturer, product, or location, and then use any data point referring to that ‘entity’ column through the report to navigate to that drill through page with the matching filter context.
Explain the increase/decrease insights (preview)—This feature lets you right click on a bar or a data point in a line chart and to ask us to explain why the data point increased or decreased compared to the data point before it. We will run our insights machine learning algorithms over the data and populate a fly out with charts showing what categories most influenced this increase or decrease.
Visio visual (preview)—The Visio visual gives you the ability to represent Power BI data just how you want it. It allows you to design a Visio diagram showing your business process workflows or a real-world layout like your floor plan and quickly connect to it in Power BI. The underlying Power BI data is automatically and intelligently linked to the diagram based on its shape properties, eliminating the need to do this manually. This is an incredibly powerful visual that lets you turn your Visio diagrams into an interactive Power BI visualization that can help you make informed decisions faster. You can learn more about this visual on our dedicated blog and download it from the Office store.
ESRI Plus— We previously announced the general availability of ArcGIS Maps for Power BI. The integration of Power BI with ArcGIS has allowed us to redefine how business users experience their data using maps and advanced GIS techniques previously available only in specialized tooling. With the new Plus subscription for ArcGIS Maps for Power BI that will be announced at Ignite, Esri and Microsoft will enable users to further advance that experience. The Plus subscription allows users to access more maps, global demographics, verified ready-to-use data, and plot even more locations on their maps for compelling visualizations that give perspective and impact decisions. Esri will make this new subscription available later in Q4. Learn more. Download the latest Power BI Desktop to experience the new features immediately. For more information on these new features and others, visit the Power BI blog.
Azure Cosmos DB | Database Auditing—GA
Azure Cosmos DB—Database account auditing
Now generally available, Azure diagnostics logs for Azure Cosmos DB enables you to see logs for all requests made to your respective database account at the individual request level. The diagnostics logs help track how and when your databases are accessed. This feature also provides a convenient method for configuring the destination of the logs for the customer. You can choose the destination to either Storage Account, Event Hub, or Operation Management Suite Log Analytics.
Azure Cosmos DB | Integration with Azure Functions Preview
Native integration between Azure Cosmos DB and Azure Functions
With the native integration between Azure Cosmos DB and Azure Functions, you can simply add a trigger function directly from your Azure Cosmos DB account. The benefit of trigger functions is that it only executes when an event happens which triggers a function call. Using Azure Functions and Azure Cosmos DB, you can create and deploy event-driven, planet-scale serverless apps with extremely low-latency access against very rich data for a huge number of customers around the globe.
Azure Cosmos DB | New Metrics and Heatmaps—GA
Azure Cosmos DB—New metrics and heatmaps
We’re happy to announce the availability of new metrics and heatmaps. You can now easily detect and troubleshoot “hot partition” issues, navigating from the throttling signal to partition heatmaps, and individual records for the problematic partition key in two clicks. You get full visibility into users’ per-region usage performance against throughput, availability, latency, and consistency SLAs. Learn more about this announcement by visiting the metrics documentation webpage.
Azure Data Factory | Azure Data Factory updates Preview
Azure Data Factory is a fully-managed data integration service in the cloud that automates the movement and transformation of data. Improve business outcomes by composing and monitoring factories that convert raw data points into actionable business insights for making better decisions. Orchestrate data-driven workflows to move data between both on-premises and cloud data stores, as well as process data using compute services such as Apache Spark with Azure HDInsight, SQL Server, SQL Database, SQL Server Integration Services (SSIS), and Azure Data Lake Analytics.
Now in public preview, new Azure Data Factory features will enable you to build hybrid data integration that will let you create, schedule, and orchestrate your ETL/ELT workflows, at scale, wherever your data lives, in the cloud or any self-hosted network. Meet security and compliance needs while taking advantage of extensive capabilities and paying only for what you use. Accelerate your data integration with multiple data source connectors natively available in-service. Now in public preview, SSIS customers can easily lift their SSIS packages into the cloud using Data Factory’s new managed SSIS hosting capabilities.
Take advantage of all these benefits with the enterprise-grade security of Microsoft:
- Orchestrate your data integration workflows wherever your data lives, in cloud, or self-hosted environment.
- Accelerate your data integration with multiple native data connectors and fully managed data-movement-as-a-service.
- Modernize your data warehouse with Azure big data, and advanced analytics services like Azure HDInsight and Azure Data Lake Analytics.
- Easily move your SSIS workloads to the cloud.
New features for Data Factory are now available in public preview in East US region. For more information about pricing, please visit the pricing webpage. To learn more, please visit the Data Factory webpage.
Azure SQL Database | Adaptive query processing—GA
Adaptive Query Processing support for Azure SQL Database now generally available
SQL Server 2017 and Azure SQL Database introduce a new generation of query processing improvements that will adapt optimization strategies to your application workload’s runtime conditions. For this first version of the adaptive query processing feature family, we have three new improvements—batch mode adaptive joins, batch mode memory grant feedback, and interleaved execution for multi-statement table valued functions.
Azure SQL Database | Graph support—GA
Graph support for Azure SQL Database is now generally available
The rapid growth and complexity of data can leave users struggling to optimize schema and query design to address complex relationships between the data. Graph databases introduce simple constructs of nodes and relationships into linked structures for sophisticated modeling. Azure SQL Database now offers fully integrated graph extensions, so users can define graph schema with graph objects. T-SQL language extensions help users find patterns and use multi-hop navigation. To learn more about graph support, visit the TechNet Blog.
Azure SQL Database | Intelligent Insights Preview
Intelligent insights for Azure SQL Database—Performance degradation diagnostics log
Azure SQL Database built-in intelligence continuously monitors database usage, detects disruptive events that can cause poor performance, and generates an Intelligent insights diagnostic log. The insights provided consist of a root cause description of performance degradation and improvement recommendations where possible. The feature can be coupled with Azure Log Analytics or a third-party solution for custom alerting and reporting capabilities.
Power BI service | GA
Additional new and most frequently requested Power BI features are now available to users and business analysts.
Power BI apps GA—Power BI apps, the new way to flexibly distribute content across the organization, are now generally available.
Additional Power BI Premium capabilities include large models, virtual cores, and scale up capacity. Additional enterprise capabilities include AAD B2B, data lineage, additional admin controls, and user level usage metrics. Sign-in to experience the new features immediately. For more information on these new features and others, visit the Power BI blog.
SQL Data Warehouse | New performance tier for analytics workloads
To satisfy customer needs for more intensive and demanding compute power for their mission critical analytic applications, SQL Data Warehouse will offer you two service options with the preview release of a new “optimized for compute” performance tier that significantly improves performance and scale of analytics in the cloud. This new compute optimized performance tier also scales further than ever before—up to 30,000 compute Data Warehouse units. The preview will be available in this fall.
Azure App Service | New premium tier—GA
The new premium tier from Azure App Service is now generally available. It features Dv2-series VMs with faster processors, SSD storage, and double memory-to-core ratio compared to the previous compute iteration. This is an ideal App Service option for apps that require high performance and scalability. Learn more from this blog.
Azure Functions | Functions support for .NET Core
Azure Functions now supports .NET core, allowing functions code to target .NET Core. This allows developers to use your cross-platform .NET Core code investments in a serverless environment. Additionally, it allows developers to develop and debug their functions locally on all development platforms (Windows, Mac and Linux). For more information, please visit this blog post.
Azure Functions | Support for Microsoft Graph bindings
Azure Functions provides a feature called bindings that allows developers to declaratively connect to data from within their code without dealing with the complexities of the respective data sources. We’re now enhancing that support to allow developers to build their own bindings, which means if you have a custom data source, you can now easily create bindings for that data source for Azure Functions. This allows not only you but even your customers to build serverless functions that seamlessly interact with your custom data source.
Additionally, we’re also announcing new bindings for Microsoft Graph and Office, so it’s now much easier to access and modify Graph and Office information in your serverless code without having to deal with intricacies of Graph and Office API.
To learn more, please visit this blog post.
Azure Service Fabric | New releases
We’re excited to announce the release of Service Fabric updates along with the general availability of orchestration of Linux containers on Service Fabric in all regions. With this announcement, we bring the same rich level of features we’ve supported on Windows Server containers to Linux, including resource governance, DNS service, and integration with OMS for container logs, as well as support for volume drivers. This release also includes preview support of the Docker Compose API so you can run reuse compose.yaml files. At this time, Ubuntu 16.04 is the supported OS for Service Fabric on Linux clusters.
In addition, we’re releasing a preview of the programming models for Java and .NET Standard 2.0, including stateless and stateful Reliable Services. Stateful Reliable Services brings the data close to compute by automatically co-locating data on the same node the service is running, thereby reducing latency. Furthermore, a preview of the easy to use Reliable Actors programming model on C# and Java is also being released.
Azure OSS DevOps | Hashicorp Terraform in Azure Cloud Shell—GA
Increased Support for Terraform and Azure
Terraform is an open source tool from HashiCorp that codifies APIs into declarative configuration files based on Hashi Config Language (HCL) that can be shared amongst team members, treated as code, edited, reviewed, and versioned. The AzureRM provider has had many new Azure resources added and Terraform is now included directly in the Azure Cloud Shell. We have also published new Terraform Modules for Azure, making it even easier to get started with Terraform on Azure. For more information, please visit the Azure Blog.
Visual Studio Mobile Center Preview | Announcement of Android 8.0 (“Oreo”) support
For developers who want to build for Android 8.x (“Oreo”) with confidence, we’re pleased to announce that Visual Studio Mobile Center’s Test service now supports the Oreo platform. We have multiple real Oreo device platforms available today in our datacenters, and we’ll continue to add new devices in coming weeks and months. To ensure that developers can test against a representative sampling of devices that accurately reflects real-world usage, we continue to provide hundreds of other Android device and OS platforms, including operating systems as early as Android 2.2 (“FroYo”).
Visual Studio Mobile Center Preview | Announcement of iOS 11 support
For developers who want to build for Apple’s newly-announced iOS 11 with confidence, we’re happy to announce that Visual Studio Mobile Center’s Test service now supports the platform. We have multiple real (non-simulated) iOS 11 device platforms available today in our datacenters, and we will continue to add new devices in coming weeks and months. To ensure that developers can test against a representative sampling of devices that accurately reflects real-world usage, we continue to provide hundreds of other iOS device and OS platforms, including operating systems as early as iOS 8.
Visual Studio Mobile Center Preview | Continuous Export
For Visual Studio Mobile Center users who want to take advantage of other Azure services to manage and manipulate their data, we’re pleased to announce Continuous Export, a feature that provides integration to two key Azure services—Application Insights and Blob Storage.
By adding the Mobile Center SDK and enabling Continuous Export to Application Insights, you can create a steady stream of data into advanced analytics features such as funnels and user flows, retention, workbooks, custom query capabilities, and the host of other advanced usage analytics tools Application Insights provides.
Azure Blob storage is a service for storing large amounts of unstructured object data, such as text or binary data, that can be accessed from anywhere in the world via HTTP or HTTPS. By enabling Continuous Export to Blob Storage, you can store your data privately or publicly, scale automatically, retain your data as long as necessary, and access it as needed.
New and enhanced Azure Active Directory Cloud App Discovery | GA
More than 80% of employees admit using non-approved SaaS apps for work purposes. Even though you may not be in the cloud, your employees are. Visibility is the first key step for data protection. If you can’t see it, you can’t prevent it.
We’re excited to announce that Azure Active Directory Cloud App Discovery, a feature of Azure Active Directory Premium P1, is enhanced to provide deeper visibility into cloud app usage in your organizations. The upgraded experience is powered by Microsoft Cloud App Security, and is available at no additional cost.
System Center Configuration Manager | Disclosure Co-Management (ConfigMgr+Intune)
Digital transformation enables our customers to modernize their IT infrastructure, policies and processes to lower costs, simplify device and app management, and provide a better experience for both users and IT pros. We designed Microsoft 365 for this reason, and we’re excited to announce new improvements to make it easier for customers to realize the full benefits of Microsoft 365 by enhancing the ability to deploy and manage Windows 10 and Office 365 ProPlus from the cloud.
We’re enabling a bridge to modern management for existing System Center Configuration Manager (ConfigMgr) customers with co-management that allows managing Windows 10 devices by both ConfigMgr agent and Intune MDM at the same time. For example, customers will be able to transition the management of VPN profiles, OS updates, and conditional access check from ConfigMgr to Intune while continuing to use ConfigMgr for other workloads, such as deep device security enforcement. Over time, customers will be able to move more workloads to Intune. This unique ability enables customers to start their journey to cloud-based management in small manageable steps with lower risk while maintaining the control they expect.
VNet Service Endpoints for Azure Storage and Azure SQL | Public Preview
Virtual network service endpoints allow you to secure Azure Storage accounts and Azure SQL DBs to your virtual network (VNet), fully removing public Internet access to these resources. Service endpoints provide direct connection from your virtual network to an Azure service, allowing you to use your VNet’s private address space to access supported Azure services. Traffic destined to Azure services through service endpoints will always remain on the Microsoft Azure backbone network. There is no additional cost to enabling service endpoints on your virtual networks.
For more details, please visit the Virtual Network webpage.
Intune Partner Integration | Disclosure—Jamf integration
Jamf and Microsoft Enterprise Mobility + Security (EMS) announced a partnership to provide an automated compliance management solution for Mac devices accessing applications set up with Azure AD authentication. EMS provides an identity-driven unified endpoint management solution that offers a holistic approach to solve mobility and security challenges as you go through the digital transformation. Jamf is the management standard for the Apple ecosystem. Together, Jamf delivers information about the management state and health of Mac devices to Microsoft Intune’s device compliance engine, which integrates with Azure AD Conditional Access to allow organizations to identify unmanaged and non-compliant Mac devices, and remediate them.
Microsoft Cloud App Security | Proxy Preview announcement
Control and limit access to cloud apps with Microsoft Cloud App Security
More than 80% of all breaches leverage stolen and/or weak passwords. For this reason, it’s critical to build a strong conditional access strategy to protect your organization right at the front door. With Azure Active Directory Conditional Access, access context, continuous cybersecurity threat intelligence, and the risk signals are put to work to help you control access in real-time. As we lift the curtain at Ignite, we’re excited to announce that we’re expanding conditional access capabilities to incorporate Microsoft Cloud App Security.
Uniquely integrated with Azure AD Conditional Access, Microsoft Cloud App Security will help you perform real-time monitoring and control over your cloud applications (preview in October 2017). The activities performed within the user sessions in cloud apps can be limited and controlled based on the conditions such as user identity, location, device, and detected sign-in risk level. Conditional Access policies can be used to employ session restrictions through the Cloud App Security proxy. For example, you can allow access to cloud apps from an unfamiliar location or unmanaged device while blocking the download of the sensitive documents.
Azure HDInsight | OMS Integration – Public Preview
Azure HDInsight: Interactive Data Warehouse GA and Azure Log Analytics integration in public preview
HDInsight has two additional features available. HDI Interactive Query, formerly Interactive Hive, allows in-memory caching that makes queries more interactive and performant. Additionally, Azure Log Analytics integration is now available for public preview, allowing you to proactively monitor and analyze logs and metrics data, empowering you to optimize availability and performance across your resources. Learn more about these features by visiting our documentation webpage.
Power BI Embedded | Disclosure
Microsoft Power BI announces capacity-based SKUs for Power BI Embedded
In the same way that partners and developers build apps on Azure infrastructure, they can also use Power BI capabilities to quickly add stunning visuals, reports, and dashboards into their intelligent apps through a newly announced Power BI Embedded capacity-based offering that will be available in early October. With Power BI Embedded, partners and developers can choose between using Power BI visuals and creating their own. They can expose insights to their customers by connecting to countless data sources and can easily manage the needs of their apps and services based on the requirements of their business and customers. Partners and developers can transact, build, and deploy in Azure while leveraging a comprehensive set of APIs and fully documented SKD to help accelerate taking their app to market.
Microsoft Azure Information Protection | Secure email to anyone
General availability of new and improved Office 365 Message Encryption capabilities
We’re announcing the general availability of enhancements to Office 365 Message Encryption built on top of Azure Information Protection. These improvements make it easier to share protected emails with anybody—inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail, Outlook.com and Live.com.
To address your compliance needs, we’re also enabling support for bring your own key (BYOK) for Exchange Online.
Azure Active Directory access reviews | Preview
Azure Active Directory access reviews now in preview
Azure Active Directory adds new features that help enterprises control ‘who has access to what’ across their hybrid deployments and cloud services. These new features, currently in preview, enable customers to:
- Ask group owners or group members to attest to their need for continued group membership, by starting an access review of that group.
- Ask users with access to an enterprise application, or others in the organization, to recertify their need for continued application access. Access reviews include a user-friendly experience for recertification that addresses attestation fatigue by showing access highlights, including whether the user being reviewed has signed into the application recently.
Azure AD Conditional Access—New conditions and controls | Preview
More Azure Active Directory conditional access enhancements in preview
Azure Active Directory conditional access is enhanced with a set of additional conditions and controls, today announced in public preview:
- New controls, based on integration with Cloud App Security, that perform real-time monitoring and help IT gain control over cloud application usage—both authorized and unauthorized. The actions that users take in SaaS applications can now be limited and controlled based on conditional access policy. For example, you can allow users to access SaaS apps from an unfamiliar location or unmanaged device, but prevent them from downloading sensitive documents.
- To further enhance security at the file level, we’re introducing conditional access for sensitive files. With the integration of Azure Information Protection and Azure Active Directory, conditional access can be set up to allow or block access to documents protected with Azure Information Protection. You can also enforce additional security requirements such as multi-factor authentication or device enrollment.
- New control/action—Administrators will be able to set policies, based on platform, user, app, location and risk conditions that will enforce the use of additional 2nd factor authentication providers. The third-party authentication vendors that will be included in this preview are Duo, RSA and Trusona.
- Application based conditional access (MAM polices)—Restrict SaaS access to mobile apps enforcing MAM policy that are running on MDM compliant devices.
- Conditional access policies for Windows 10 VPN client.
- New condition based on country or region IP addresses.
Microsoft Cloud App Security | AIP auto-labeling preview announcement
Classify sensitive files in the cloud apps and apply labels automatically
Microsoft’s Information Protection solutions help you detect, classify, protect, and monitor your data—regardless of where it’s stored or shared. A key part of this vision is to provide a more consistent and integrated classification, labeling and protection approach across our information protection technologies, enabling persistent protection of your data.
For information protection in cloud apps, Microsoft Cloud App Security provides customizable, granular control policies and powerful remediation actions. You can use out-of-the-box policies, or build your own and enforce them right away on your cloud apps—whether from Microsoft or third parties, such as Box, Dropbox, Salesforce, and others. Microsoft Cloud App Security also can leverage the classification labels set by Azure Information Protection natively and enforce governance actions such as file quarantine, native encryption, remove sharing based on classification, and sharing level of the file.
We’re deepening our information protection capabilities for cloud apps. Leveraging Microsoft’s Information Protection capabilities, Microsoft Cloud App Security will now scan and classify files in the cloud apps and automatically apply Azure Information Protection labels for protection, including encryption (public preview in October 2017).
Microsoft Cloud App Security | EU datacenter support announcement
We’re happy to announce that, in October 2017, Microsoft Cloud App Security will also be available in Azure West Europe region to better serve our customers in Europe and support their compliance requirements.
System Center Configuration Manager | ConfigMgr Mixed Authority and Intune Data Importer
We’ve heard repeatedly from our customers who are using System Center Configuration Manager connected with Microsoft Intune (hybrid MDM) that they’d like to move to a cloud-only experience with Intune on Azure. This experience brings many new benefits, such as large scale, unified admin console, RBAC, and more. To help customers easily transition, we’re introducing a new process of moving from hybrid MDM to Intune standalone.
Previously, the move from hybrid MDM to Intune standalone required a one-time authority switch that would move an entire tenant at once, and force the admin to reconfigure all settings in Intune, including re-enrolling all devices. Our new approach will allow customers to move from hybrid MDM to Intune standalone in a more controlled manner without impacting end users. The new process consists of three parts—Microsoft Intune Data Importer, mixed authority, and an improved MDM authority switch.
G- and H-series price reductions | Disclosure
Price reductions on H Series and G Series VMs
We’re announcing price reductions of up to 21% for H- and G-series VM’s effective October 1. H-series price reductions will be available in the US East, Europe West, Japan East, and US North Central regions. G-series price reductions will be available in Australia East, Canada East, Canada Central, UK South, US Gov Virginia, and Germany Central regions.
H-series VM’s are well suited for high performance computing workloads such as financial risk modeling, seismic and reservoir simulation, molecular modeling, and genomic research. G-series VM’s are best suited for large database workloads, specifically SAP HANA, SQL Server, Hadoop, DataZen, and Hortonworks.
Application Security Groups | Application Security Groups Preview
Announcing the public preview of Application Security Groups.
Many customers have granular security needs to tightly control the network access between their workloads into multiple logical tiers or different application roles.
Application Security Groups (ASG) simplify security definition for Azure Virtual Machines by enabling customers to easily manage their network security policies based on user defined groups.
Customers can group their VMs based on their own abstractions, for example applications, roles, tiers, or any abstraction without using explicit IP addresses. The same VM can be part of multiple ASGs at the same time, enabling customers from multiple different policies applied to the same VM.
They can also define their security policy using Network Security Group (NSG) rules. NSGs can be applied to a virtual network subnet, or to individual virtual machines, giving customers the flexibility to easily secure their workloads.
Customers can also scale with ASGs and NSGs, and just assign new VMs to the right application security group securing VMs during creation process.
Pricing—There are no charges for the use of Application Security Groups.