Azure in 2019: The Year in Review

Azure

As we move into 2020, it’s time to take a look back at the last year in Azure and review the new services, updates and announcements that we have seen over 2019.

As with last year, I’ve taken the data from the Azure Updates site and used this to analyse what’s been going on over the year. I am sure there have been updates and announcements happening that have not made it onto this feed, but this is the only data source that exists for tracking these things, so it’s the best metric we have currently.

Over 2019 we have seen 1050 announcements and updates published, which is 208 more than 2018. As expected, we see a significant spike in announcements in November, due to Ignite. However, an interesting data point is that we see more updates in April than we do in May when Build is occurring.

Month by Month

I tried to look at the areas of Azure where these updates took place, but unfortunately, a large number of entries on the update site did not have any keywords associated with them, which made this difficult. The chart below shows the breakdown of areas where they did have keywords set up.

Areas

By far, the most significant area of change was in the Azure portal. Whether this is just because that team are better at tagging their updates, or they did have a lot more updates, it is difficult to tell. But, based on this data alone, we can see that the most significant areas of change were around the portal, Azure DevOps and log analytics.

Now that we’ve seen the big picture let’s dive in and look at some of the highlights of the year.

2019 Highlights

There’s no way we can cover all 1050 updates, so I’ve picked out some areas I think are highlights for the year, either brand new services, or updates that add new functionality or solve significant issues. I’m sure I’ve missed some, so if there are areas you would like to highlight please add them in the comments.

Compute

Proximity Placement Groups - achieve co-location and low latency between your virtual machines

Azure Spot VMs - reduce your VM cost by bidding on unused capacity

Dedicated Hosts - dedicated hosts for your workloads that require consistent performance or isolation

Gen 2 Virtual Machines - supporting many new features such as increased memory, Intel SGX, UEFI BIOS and larger OS disks

Windows Virtual Desktop - VDI and App virtualisation as a service

Networking

Private Link - consume Azur PaaS service privately inside your virtual network, or publish your services to other virtual networks

Virtual WAN - bring together manager WAN services such as VPN and ExpressRoute into a single interface and virtual hub

Azure Firewall Manager - manage all your Azure Firewall instances in a single place

Express Route for Satellite - expanding the reach of Express Route to areas with limited connectivity

Azure Internet Analyzer - test application performance over the internet

Azure Peering Service - Enhance connectivity to Azure with optimized connectivity and monitoring from partner providers

Dual Stack IPv6 Support - bring your private IPv6 range to your virtual network

Storage

Change Feed Support for Blob - transaction logs of all changes in your blob account

Geo and Zone Redundant Storage - write data across multiple availability zones and replication to another region

Azure NetApp Files - use real NetApp storage devices as a PaaS service

Ephemeral OS Disks - storage for stateless workloads providing faster deployment and cost reduction

Storage Account Failover - user-controlled failover of storage accounts to another region

Wep Apps, APIM & Logic Apps

Azure Spring Cloud - host Java Spring applications in a PaaS service

Azure App Configuration - store and manage application settings centrally

No Cost App Service Certificates - free SSL certificates for Azure App Services

Self Hosted API Management Gateway - use APIM to expose your on-premises applications with low latency

Windows Server Container Support - use Windows containers to deploy to app services

Logic App Integrated Service Environment - inject a dedicated logic app environment into your virtual network

Serverless and Containers

Private AKS Clusters in Preview - lockdown an AKS cluster to be accessed only from your virtual network

Azure Functions 3.0 - the latest Azure Functions run time including the ability to target .net Core 3.1 and Node 12

Azure Container Registry Scoped Permissions - grant access to only specific repositories within and ACR registry

ACR OCI Support - store any OCI compliant artefact in ACR

Multiple node pool support for AKS - use different VM sizes and operating systems within your AKS cluster

PowerShell & Python Support in Azure Functions - first-class support for both languages in v2 functions

Azure Red Hat OpenShift - deploy OpenShift as a PaaS service managed by both Microsoft and Red Hat

Azure Functions Premium - offers more features such as configurable sizes, vNet integration and pre-warmed instances

Data Platform

Azure Synapse - brand new service evolving from SQL Data Warehouse to provide limitless analytics

Azure Data Share - easily share large data sources with any Azure user

Azure SQL Database Serverless - auto-scaling compute for Azure SQL

Reserved Capacity for MySQL, PostgreSQL, MariaDB - pay up front for reduced costs

Large Storage for MySQL, PostgreSQL - support for databases up to 16TB

Operations, Management & Governance

Azure Arc - manage resource on-premises and in other clouds from within Azure

Azure Policy for Certificates - manage certificates stored in Key Vault with Azure Policy

Azure Monitor Workbooks - use workbooks to analyse Azure Monitor data and find insights into performance, usage and availability

Azure Monitor Prometheus Integration - scrape Prometheus metrics straight into Log Analytics without the need for a Prometheus server

Azure Lighthouse - manage Azure customer subscriptions as if they were part of your tenant

Azure Policy for AKS - apply Azure policies to AKS clusters to control things like which registries can be used to pull images

AKS Virtual Node - use Azure Container Instances to provide on-demand capacity within AKS

ACR Content Trust Support - sign and store images with Docker Trust in ACR

Security

Container scanning with Azure Security Centre - scan container images for vulnerabilities

Threat Protection for AKS - monitoring of AKS clusters within Security Centre

Vulnerability Assessment in Security Centre - use Qualys vulnerability scanning as part of Security Centre standard

Custom Policies in Security Centre - create your custom policies within Security Centre

Azure Bastion - secure, managed bastion hosts for access to vNet based resource without public IPs

New Regions

Norway - Norway West and Norway East

Germany - Germany North and Germany West Central

Switzerland - Switzerland North and Switzerland West

Middle East - UAE Central, UAE North (Qatar North just announced)

South Africa - South Africa North, South Africa West

Wish List

2019 Wishes

Last year I made several wishes for what I wanted to see happen in 2019 let’s see how that worked out:

  • Better monitoring story - this is a bit better, but there are still gaps in the monitoring story and too many ways to do the same thing
  • AKS support for Windows - this is in preview currently, I suspect it will be in preview for a while, but we are on the way
  • Expansion of the Virtual Node concept to provide a full PaaS offering for Kubernetes in Azure- virtual node was released and went GA, but we still need some VM nodes currently
  • Continued expansion of Managed Identity so that we can use this anywhere we need to provide applications access to Azure services.- we saw some growth in this area, but it still needs some work, especially around AKS
  • Expansion of the Azure Files AAD integration to no longer require the use of AAD DS- this was announced as a preview at Ignite
  • On the subject of AAD DS, I would like to see it finally support the ability to deploy to multiple regions and multiple instances- no movement on this at all
  • I’d like to see Azure Front Door implement the full range of OWASP rules currently supported by App Gateway- WAF for Front Door released
  • Azure Firewall was a great new solution for 2018, but if you’re implementing many firewalls, it can be a pain to manage rules on each different instance. I would like to see a way to manage these rules centrally.- Azure Firewall Manager in preview

2020 Wishes

In addition to those wishes from 2019 that didn’t get there, here are a few more things I would like to see in 2020:

  • Azure Arc expanding its ability to work with other clouds beyond just managing VM’s. I would love to see it being able to manage things like AWS Lambda or GCP App Engine
  • Reducing the number of services that require dedicated subnets - nearly every service that can join a vNet requires it’s own subnet, this is a pain to manage. With the advent of private link, I hope this can go away
  • Azure Policy for AKS to make it out of preview
  • Repeating last years wish, to get rid of VM nodes in AKS altogether!
  • To see a better deployment story for Azure Front Door - the service its self is excellent, but deploying it in production is painful
  • Get parity between PowerShell, CLI and ARM - you should be able to create all Azure resources using any of these methods
  • Key Vault Search - this is such a simple thing, but so annoying, I just want a search box in Key Vault in the portal so I can search for a specific secret
  • Azure Blob Backup - we’ve seen the fist steps for this with the introdcution of a change feed, I hope this leads to introducting a full backup service in 2020

I’d love to hear what your wishes for the next year in Azure are; please add them in the comments.