Ignite Azure Update - Day 1

As expected, day 1 of Microsoft’s Ignite conference saw a large number of announcements across all products, including Azure. Below you’ll find my summary of Azure announcements I pulled in from the conference floor. There are a lot of quality of life announcements that didn’t necessarily make it into the Keynotes, but that could be a big deal if they impact you.

Also a quick reminder, if your at Ignite and have the time please feel to come see my sessions on Wednesday afternoon in community theatre 5, starting at 15.35. Come learn about hosting SMB shares in Azure or replacing SQL agent with functions or automation.

Azure Networking

• Service Endpoints – You can now lock down Storage and SQL to only be
  accessible from your vNet or specific IP ranges, no more public endpoints. More
  resources coming in the future –  https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
• NSG Tags – We now have network secrity group tags for Azure PaaS resources, only SQL and
  Storage at the moment but more coming. This now makes it possible to use NSG’s to lock down access to the internet without blocking PaaS services – https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#service-tags
• Application groups – You can now group your application servers together and
  then specify rules between them and others – https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#application-security-groups
• Augmented NSG rules – you can now be a lot more complex with NSG rules,
  meaning you can reduce the amount of rules you actually need to create. This adds the long awaited ability to have comma seperated lists of ports and IPs –  https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#augmented-security-rules
• Gobal vNet peering – peer virtual networks across regions – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview 
• DDOS Protection – protection from denial of service built into the Azure WAF – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Compute

• On Demand Maintenance – When scheduled maintenance events occur this adds the ability to  proactively reboot your VMs on your own schedule – https://azure.microsoft.com/en-gb/blog/a-new-planned-maintenance-experience-for-your-virtual-machines/
• Availability Zones – Separate buildings in the same region for additional
  fault tolerance, provides a 99.99% uptime SLA – https://azure.microsoft.com/en-gb/blog/a-new-planned-maintenance-experience-for-your-virtual-machines
• Low priority VMS now support hybrid use benefit
• New solutions for Update Management, Change Tracking and Inventory. These solutions have been available in OMS for a while, but have been improved on and moved into Azure Automation – https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management#update-management-in-azure-automation
• Azure Container Instance Support for Windows Containers – https://azure.microsoft.com/en-gb/services/container-instances/
• Service Fabric support for Containers – https://azure.microsoft.com/en-gb/blog/announcing-azure-container-instances/
• Accelerated networking extended down to machines with 4 cores and above – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-create-vm-accelerated-networking

Storage

• Public preview of Azure File Sync – this tools provides the ability to sync files between on premesis (or anywhere really)  file servers and Azure files – https://azure.microsoft.com/en-gb/blog/announcing-azure-container-instances/

Governance and Security

• Azure Policy Center – Resource policies have now expanded into their own area, and added a lot more options. This includes things like requiring security center to be enabled, requiring the use of managed disks etc. – https://azure.microsoft.com/en-us/services/azure-policy/
• Management groups – the ability to group subscriptions together into a management group and apply policies and RBAC permissions at the group level. Can’t see any docs yet on this one.
• Playbooks in Security Center – you can now have events in security centre trigger a logic app, so when you get an alert it can do something like email, post to teams, run an automation script etc. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#augmented-security-rules

Other

• Azure Cloud Shell now supports PowerShell – https://azure.microsoft.com/en-us/blog/powershell-comes-to-azure-cloud-shell/
• Not available yet, but coming soon – serial access for Azure VM’s!
• Azure gets a new logo

More announcements will be coming over the week and I’ll aim to detail these as soon as possible, we’ll also take a deep dive into some of these updates soon.