As expected, day 1 of Microsoft’s Ignite conference saw a large number of announcements across all products, including Azure. Below you’ll find my summary of Azure announcements I pulled in from the conference floor. There are a lot of quality of life announcements that didn’t necessarily make it into the Keynotes, but that could be a big deal if they impact you.
Also a quick reminder, if your at Ignite and have the time please feel to come see my sessions on Wednesday afternoon in community theatre 5, starting at 15.35. Come learn about hosting SMB shares in Azure or replacing SQL agent with functions or automation.
- Service Endpoints – You can now lock down Storage and SQL to only be
accessible from your vNet or specific IP ranges, no more public endpoints. More
resources coming in the future – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
- NSG Tags – We now have network secrity group tags for Azure PaaS resources, only SQL and
Storage at the moment but more coming. This now makes it possible to use NSG’s to lock down access to the internet without blocking PaaS services – https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#service-tags
- Application groups – You can now group your application servers together and
then specify rules between them and others – https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#application-security-groups
- Augmented NSG rules – you can now be a lot more complex with NSG rules,
meaning you can reduce the amount of rules you actually need to create. This adds the long awaited ability to have comma seperated lists of ports and IPs – https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#augmented-security-rules
- Gobal vNet peering – peer virtual networks across regions – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
- DDOS Protection – protection from denial of service built into the Azure WAF – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
- On Demand Maintenance – When scheduled maintenance events occur this adds the ability to proactively reboot your VMs on your own schedule – https://azure.microsoft.com/en-gb/blog/a-new-planned-maintenance-experience-for-your-virtual-machines/
- Availability Zones – Separate buildings in the same region for additional
fault tolerance, provides a 99.99% uptime SLA – https://azure.microsoft.com/en-gb/blog/a-new-planned-maintenance-experience-for-your-virtual-machines
- Low priority VMS now support hybrid use benefit
- New solutions for Update Management, Change Tracking and Inventory. These solutions have been available in OMS for a while, but have been improved on and moved into Azure Automation – https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management#update-management-in-azure-automation
- Azure Container Instance Support for Windows Containers – https://azure.microsoft.com/en-gb/services/container-instances/
- Service Fabric support for Containers – https://azure.microsoft.com/en-gb/blog/announcing-azure-container-instances/
- Accelerated networking extended down to machines with 4 cores and above – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-create-vm-accelerated-networking
- Public preview of Azure File Sync – this tools provides the ability to sync files between on premesis (or anywhere really) file servers and Azure files – https://azure.microsoft.com/en-gb/blog/announcing-azure-container-instances/
Governance and Security
- Azure Policy Center – Resource policies have now expanded into their own area, and added a lot more options. This includes things like requiring security center to be enabled, requiring the use of managed disks etc. – https://azure.microsoft.com/en-us/services/azure-policy/
- Management groups – the ability to group subscriptions together into a management group and apply policies and RBAC permissions at the group level. Can’t see any docs yet on this one.
- Playbooks in Security Center – you can now have events in security centre trigger a logic app, so when you get an alert it can do something like email, post to teams, run an automation script etc. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#augmented-security-rules
- Azure Cloud Shell now supports PowerShell – https://azure.microsoft.com/en-us/blog/powershell-comes-to-azure-cloud-shell/
- Not available yet, but coming soon – serial access for Azure VM’s!
- Azure gets a new logo
More announcements will be coming over the week and I’ll aim to detail these as soon as possible, we’ll also take a deep dive into some of these updates soon.