Microsoft Azure Information Protection, will be generally available starting October 1, 2016.
Azure Information Protection “helps you classify, label and protect data.” “Classification labels and protection travel with the data so that it’s protected at all times, regardless of where its stored or with whom its shared, internal or external colleagues,” expalins team.
Azure App Gateway WAF (Web Application Firewall) Public Preview as part of its new WAF SKU is launched. “WAF capability protects web applications from common web based attacks like SQL Injection, cross site scripting attacks or session hijacks.”
Application Gateway WAF comes preconfigured with Core Rule Set to provide protection from threats as identified by Open Web Application Security Project (OWASP) top ten common web vulnerabilities.
Azure disk encryption for Linux IaaS VMs as well support for VMs with Premium storage is generally available effective today in all Azure public regions. Additionally, “Azure disk encryption for Windows and Linux Standard IaaS VMs” is also generally available today. And, “enable customers to protect and safeguard the OS disk and Data disks at rest using industry standard encryption technology.”
Azure DNS also today entered into GA, lets you host your Domain Name System (DNS) domain in Azure “so you can manage your DNS records using the same credentials, billing, and support contract as your other Azure services.”
Azure DNS will be covered by the Azure service level agreement (SLA), “which means that we guarantee that DNS queries will receive a valid response from at least one of our Azure DNS name server clusters at least 99.99 percent of the time.”
Availability is calculated over a monthly billing cycle. During general availability, “Azure DNS will initially remain at fifty percent public preview billing,” stated team. “The associated meters will be switched to full-on general availability (100 percent) by July 2016.”
Key Vault Certificates, a new Microsoft Azure Key Vault service functionality helps to simplify tasks associated with SSL/TLS certificates is generally available from today.
This enhancement will “help you enroll for certificates, automatically renew certificates from supported third party Certificate Authorities while providing auditing trails within the same Key Vault environment.”
IPv6 for Azure VMs (Iaas) is generall available globally – “all Azure commercial, government and go-local regions except China (IPv6 service not yet offered by Chinese Internet Service Providers),” stated microsoft.
Native IPv6 support for Azure VMs (IaaS) deployed via Azure Resource Manager enables customers to meet regulatory requirements and address the growing mobile and IoT markets with their Azure-based services.
Azure VMs can connect with IPv6-capable clients on the Internet.
Provides load-balanced public IPv6 endpoints for Azure (IaaS) VMs. “Dual-stacked” (IPv4+IPv6) VMs provide maximum service deployment flexibility- a single service instance can connect with both IPv4 and IPv6-capable Internet clients. Native IPv6 to the VM supports broadest possible range of service architectures:
Protocols supported: TCP, UDP, HTTP(S)
Outbound connectivity enables VMs communicate with and use other IPv6 resources on the Internet
Azure Storage announced the GA of Storage Service Encryption for Azure Blob Storage (Block and Page Blobs) for any new storage account created through Azure Resource Manager.
For accounts enabled with this feature, “data will be encrypted using Microsoft managed keys,” writes azure team. “Data is encrypted using the industry leading Encryption algorithm, 256-bit Advanced Encryption Standard (AES-256).”
Accelerated Networking (NIC) has now entered its public preview and is ready for select VMs sizes to enable via for the best performance Azure has to offer:
- Lower Latency/Higher packets per second (pps): Removing the vSwitch from the data path removes the time that packet would spend in the host for policy processing and increases the number of packets that can be processed inside the VM.
- Reduced jitter: vSwitch processing would depend on the amount of policy that would need to be applied and the workload of the CPU that is doing the processing. SR-IOV removes that variability by delivering the packets directly to the VM.
- Decreased CPU utilization: Bypassing the host means that CPU is used more efficiently freeing cycles for the VM to use.
More regions and VM sizes will be added in the weeks after its release.
Azure Security Center new features enters into public preview helps customers benefit from ongoing security research resulting in new analytics released today that are designed to detect insider threats, attempts to persist within a compromised system, and use of compromised systems to mount additional attacks, such as DDoS and Brute Force.
- Security Incidents, currently available in preview, have been enriched to correlate alerts from different sources, including alerts from connected partner solutions.
- Threat attribute reports are now built in to provide valuable information about attackers, which can be used to remediate threats more quickly.
Security Center also released support for integrated vulnerability assessment from partners like Qualys, along with security assessment of Web Apps and Storage accounts.
This includes expanded integration with security services from partners, along with additional monitoring of Azure services:
- With Integrated Vulnerability Assessment preview customers can now deploy vulnerability assessment solutions from partners like Qualys in just a few clicks. “Findings from these solutions will be integrated so customers can view a prioritized list of all security vulnerabilities identified by Security Center and integrated partners in one place,” writes azure team.
- Azure Storage Security Assessment in preview: Security Center will begin monitoring and recommending encryption for Azure Storage in the coming weeks, and within a few clicks customers can enable built-in encryption for their Azure Storage Accounts.
- New Threat Detections: Ongoing security research has resulted in new analytics designed to detect insider threats and attempts to persist within a compromised system – both are achieved using behavioral analysis. Security Center is also now monitoring for outbound DDoS attacks and has enhanced brute force detection capabilities.
- Enhanced Security Incidents (preview): Incidents, which combine alerts that align to kill chain patterns, now offer insights into attack campaigns that span multiple VMs. Malicious activity detected on one VM can be correlated with similar activity on a second VM to enable customers to quickly understand what actions an attacker took and what resources are impacted. In addition, alerts from integrated antimalware and WAF solutions can now be included in incidents.
- Threat Intelligence Reports (preview): Security Center now features threat attributions reports that are built-in to security alerts – so you get valuable information in the context of active threats. Getting access to intelligence about an attacker, including their tactics and objectives, enables customers to target incident response and investigations.
Diagnostics for Network Security Groups and Routes goes to GA. To troubleshoot network connectivity to/from your Virtual Machine (VM), you can now view all the effective security group rules impacting traffic on a given Network Interface (NIC).
Additionally, you can also view full list of effective routes, including system and BGP routes, impacting the NIC traffic. “These capabilities simplify network troubleshooting for complex cloud workloads, by showing actual security policies/routes impacting the network traffic for a given VM/NIC,” explains azure.
Through Multiple IP Addresses on Network Interface Cards (NIC) more than one (up to 250) private and public IP addresses can be allocated to each NIC.
All the private IP addresses support platform native features like Network Security Groups (NSGs) and User Defined Routes (UDRs).
In addition, through this feature, “load balancing across both, primary and secondary NICs, is possible.” A VM can host multiple applications or services with unique public IP addresses.
Network virtual appliances (NVAs) can decouple the application data traffic and management traffic by placing multiple public IP addresses on separate NICs. This separation allows NVAs to enforce different security policies based on the NICs and also provide bandwidth isolation among different traffic types. Micro-services on VMs, through this feature, are able to use distinct IP addresses and benefit from native functions like NSGs and UDRs, without depending on an overlay network.
Azure Multiple VIP support for Azure internal Load Balancer is now generally available today.
“Multiple VIP support for Azure internal Load Balancer deployed via Azure Resource Manager allows customers to deploy more efficient, more scalable environments.” “frontend port reuse across the multiple VIPs – option for DSR (“FloatingIP”) allows for backend port reuse SQL AlwaysOn Multiple Listener scenario documentation is available and released as Preview.”
The AzureCAT team is supporting SAP Multi-SID scenario. Multi-SID configuration enables consolidation of multiple SAP instances into two cluster nodes. “This cuts down the number of operating system images, server or VMs you have to manage.”
“UltraPerformance” is a new ExpressRoute gateway SKU for connecting a virtual network to an ExpressRoute circuit generall available now. “The new gateway SKU provides a five times increase in network throughput over the “HighPerformance” gateway.”
Customers can now deploy more network intensive workloads into their virtual networks.
VNET Peering generall available now. Virtual network peering for Azure Virtual Network lets customers directly link virtual machines in two virtual networks in the same region through private IP addresses, as if they were part of the same network.
“Peering works across virtual networks in different subscriptions and between an Azure Resource Manager (V2) and Azure Classic (V1) virtual network. It does not work between two Azure Classic virtual networks.”
IT Pro Cloud Essentials and IT Pro Career Center | International launch
Microsoft is helping IT Professionals who want to build and advance their career in cloud technology with the Microsoft IT Pro Cloud Essentials and IT Pro Career Center programs. Now available in 25 languages, these free programs offer cloud services, support, career mapping, industry expert advice and more. Join here.
Azure Service Fabric enters into GA today, simplifies building and operating microservice-based applications in Azure, at scale and with always-on 24×7 availability.
And with the general availability of Azure Service Fabric on Windows Server, customers can now run production workloads with the option to purchase premium support from Microsoft for ultimate confidence.
Azure Service Fabric for Windows Server extends this capability to on-premises datacenters and other clouds, enabling application portability and flexibility by providing a runtime that can be installed on Windows Server instances wherever they run.
Now, the preview of Service Fabric for Linux is publicly available. With this announcement, “customers can now provision Service Fabric clusters in Azure using Linux as the host operating system and deploy Java applications to Service Fabric clusters.”
Service Fabric on Linux will initially be available for Ubuntu, with support for RHEL coming soon.
SAP HANA on Azure now in GA offer unparalleled performance for large enterprise workloads with large instances.
“Spanning Azure Virtual Machines and purpose-built hardware, called SAP HANA large instances, scale your SAP HANA workloads up to 32 TB on multimode configurations.” Azure lets you ‘run the largest SAP HANA workloads, OLTP (up to 3 TB) and OLAP (up to 32 TB) of any global scale cloud provider.”
Announcing the public preview of Azure Event Hubs – Archive feature—customers can now deliver streaming data in their Event Hubs into a Blob Storage account by specifying a time or size interval of their choosing.
Event Hubs Archive allows you to focus on data processing. It enables loading data into Azure Data Lake, Azure Data Factory, and Azure HDInsight where you can perform batch processing and other analytics.
Customers will now be able to deploy their Logic App from Visual Studio in their production environment Azure App Service. This feature enables them to “leverage both designer and code views right from visual studio’, and “customers can also manage source control” and “do not have to use production tools to build out Logic Apps.”
Logic Apps enterprise integration tools for Visual Studio 2015 also provides a schema editor, flatfile schema generator and XSLT mapper to easily create Integration Account artifacts from Visual Studio.
HTTP/2 now generall available is “enabled by default for all customers using Azure CDN from Akamai with no additional cost.”
HTTP/2 improves user experience by improving the loading speed and performance of webpages, and is fully compliant with HTTP/2 standard RFC 7540 (all HTTP/2 features are supported with the exception of server-push).
Public preview of ArcGIS Maps for Power BI lets customers take geographic information to a whole new level in collaboration with Esri, a leader in the geographic information systems (GIS) industry.
Also, soon Power BI users will be able to use ArcGIS Maps for Power BI (preview) created by Esri. “This preview will bring new and exciting data visualization capabilities to all Power BI users,” stated BI team.
Microsoft Identity Manager (MIM) 2016 Service Pack 1, which addresses customer reported bug fixes, and several new highly-requested features since the initial release of MIM 2016 last year, is now generall available.
These features include; MIM portal cross-browser compatibility, including all major browsers and mobile devices, a streamlined deployment option for Privileged Access Management (PAM), integration with Exchange Online for request and approval notifications, PAM single forest deployment and automatic authentication policy silo configuration, and updated platform support including SharePoint and SQL 2016.
Microsoft Intune’s Android for Work support is currently in private preview, general availability is expected in early Q4 CY17.
Here’s a what you can expect to see in initial release of Android for Work support:
- A broader set of management policies for Android devices including the ability to manage a work profile on the device, set policies to enforce complex lock screen PINs and define permission policies for Android apps you manage.
- Application install improvements: today, the user experience for deploying apps is different depending on whether the app is an internally developed LOB app, or if it’s in the Play store. Android for Work unifies this experience, making it consistent regardless of what kind of app you are deploying.
- Security improvements including mandatory encryption and the ability to disable app installation from unknown sources.
- Email client app configuration: using managed configuration, any email app that supports enterprise configuration can be provisioned with Intune. Intune also provides IT Pro UI for configuring the Gmail and Nine Work applications.
- App configuration capabilities: developers will be able to expose managed configuration capabilities in their applications, opening up a pipeline for Intune to be able to configure these settings.
Yammer App update available today now supports the Intune MAM app-level data protection with or without MDM device enrollment.
The updated Yammer app is now available in the Google Play and iOS App stores.
Intune App SDK support for Xamarin allows you to easily enable Intune mobile app management features in your mobile iOS and Android apps built with Xamarin.
With new support for Xamarin, “we’re making it easier for developers to use our Intune App SDK to prevent data loss in their mobile iOS and Android apps,” writes team.
The Xamarin component supports Xamarin Cycle 7 and above.
Also, new and most frequently requested Power BI Desktop features are now generall available to business analysts.
- ESRI map support (preview)—ESRI’s ArcGIS maps provide world-class mapping controls right in Power BI.
- Mobile report layout (preview)—provides the ability to design and layout reports optimized for mobile devices.
- Forecasting (preview)—first addition to the new Analytics pane (released last month) enabling predictive analytics on your data—using built-in forecasting models to automatically detect seasonality in your data and provide forecasting results.
Additionally, Power BI service features are now generall available to end users and business analysts in the month of September.
Download reports from Power BI service: lets you download the reports uploaded from Power BI Desktop as PBIX files and reopen them in Desktop. This completes the workflow: create a report in Desktop > publish to service > modify in service > download to Desktop > modify in Desktop > re-publish to service. Sign in to powerbi.microsoft.com to experience the new features immediately. For more information on these new features and others, visit the Power BI blog.
Today, also released a major update to Azure SQL Database Index Advisor that greatly reduces time required to produce and implement index tuning recommendations, making performance tuning process much faster.
Now “you can run your production workload in SQL DB for a day, and Database Advisor will come up with relevant tuning recommendations to improve your performance (and apply them for you in case you turned on automated tuning).”
Microsoft Cognitive Services continued its global expansion beyond the United States with the availability of the Computer Vision API, Face API and Emotion API in the Azure data center located in China.
- Microsoft’s Computer Vision API is able to extract rich information from images to categorize and process visual data and protect your users from unwanted content.
- Microsoft’s FACE API can detect human faces and compare similar ones, organize people into groups according to visual similarity, and identify previously tagged people in images.
- Microsoft’s Emotion API analyzes faces to detect a range of feelings and personalize your app’s responses.
General availability of Temporal Tables feature of Azure SQL Database designed to improve productivity when you develop applications is announced today. “It lets you focus data analysis on a specific point in time and use a declarative cleanup policy to control retention of historical data.” “It also enables you to track the full history of data changes in Azure SQL DB, without custom coding.”
Microsoft IT Pro Cloud Essentials program will help you get started with $300 Azure credits, a free support incident, free Pluralsight courses and certification discounts. Today, expanding availability of the Microsoft IT Pro Cloud Essentials and IT Pro Career Center programs to 25 languages announced as well:
- Microsoft IT Pro Career Center can help you navigate the skills needed to transition to a cloud role.
- Microsoft Tech Community provides a modern digital community where you can ask questions, exchange ideas, and build connections with Microsoft Valued Professionals (MVPs), Microsoft engineers and peers. Finally, to stay current with the latest Microsoft cloud technologies subscribe to the Microsoft Mechanics YouTube channel for weekly IT focused videos.