I am here to provide a single post for Azure updates on the previous month. In this blog, we will be covering up April month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorised the updates based on high- level sections.
Azure Compute
Azure Site Recovery now supports cross-continental disaster recovery for 3 region pairs
Azure Site Recovery now supports cross-continental disaster recovery. With this release, a virutal machine can be replicated from a region in one continent to a region in another. In the event of a planned or unplanned outage, the virtual machine can be failed over across continents. It can then be re-protected and failed back once the outage is mitigated.
This functionality is currently available for the following 3 cross-continental region pairs:
- Southeast Asia and Australia East
- Southeast Asia and Australia Southeast
- West Europe and South Central US
Azure Automation support for System Assigned Managed Identities
Azure Automation now supports System Assigned Managed Identities for cloud and Hybrid jobs in Azure public and Gov regions. Hybrid jobs could be running on an Hybrid runbook worker running on an Azure or non-Azure VM.
A managed identity from Azure Active Directory (Azure AD) allows the runbook to easily access other Azure AD-protected resources. The identity is managed by the Azure platform and users don’t have to manage service principals on their own. Some of the benefits of using managed identities:
- You can use managed identities to authenticate to any Azure service that supports Azure AD authentication.
- Managed identities eliminate the management overhead associated with managing RunAs Account in your runbook code. The end user can access resources via a managed identity of an Automation account from a runbook without worrying about creating the service principal, RunAsCertificate, RunAsConnection, etc.
- You don’t have to renew the certificate used by the Automation Run As account.
Start VM on connect feature for Windows Virtual Desktop
The start VM on connect setting for Windows Virtual Desktop automatically turns on a VM that is in a deallocated state when a user attempts to connect to it. With this setting you can deallocate VMs that are not in use to save cost while ensuring that users can connect to it if needed. Keep in mind that we have the following limitations currently with the public preview:
- You can configure the setting on validation pool only (we will update this post when you can enable on non-validation too).
- You can apply this setting for personal host pools only.
- You can access this setting from PowerShell and Rest API only.
Azure Monitor for Windows Virtual Desktop provides you a 360 degree view of your Windows Virtual Desktop environment. You can easily find and troubleshoot problems in the deployment, view the status and health of host pools, diagnose session issues, and understand resource utilization. General availability comes with many improvements including improved data collection and setup experience and cost optimizations.
Azure Storage
Azure Blob storage supports objects up to 200 TB in size
Workloads that utilize larger file sizes such as backups, media, and seismic analysis can now utilize Azure Blob storage and ADLS Gen2 without breaking these large files into separate blobs.Each blob is made up of up to 50,000 blocks. Each block can now be 4GB in size for a total of 200 TB per blob or ADLS Gen2 file.
The 200 TB block blob size is supported in all regions, using tiers including Premium, Hot, Cool, and Archive. There is no additional charge for this preview capability.
With large file size support, being able to break up an object into blocks to ease upload and download is critical. Every Azure Blob is made up of up to 50,000 blocks. This allows a multi-terabyte object to be broken down into manageable pieces for write.
Azure Networking & Security
Application Gateway URL Rewrite
Azure Application Gateway now supports the ability to rewrite host name, path and query string of the request URL. In addition to header rewrites, you can now also rewrite URL of all or some of the client requests based on matching one or more conditions as required.
With URL rewrite capability in Application Gateway, you can:
- Rewrite the host name, path and query string of the request URL
- Choose to rewrite the URL of all requests on a listener or only those requests which match one or more of the conditions you set. These conditions are based on the request and response properties (request, header, response header and server variables).
- Choose to route the request (select the backend pool) based on either the original URL or the rewritten URL
Other Azure Services
Azure policy:
To maintain governance and organization compliance standards, Azure policy now supports below use cases:
- Azure policy now supports Azure Site Recovery. Once you have a disaster recovery policy created for a resource group, then all the new virtual machines that are added to the Resource Group will get Site Recovery enabled for them automatically. Moreover, for all the virtual machines already present in the Resource Group, you can get Site Recovery enabled through a process called remediation
- Azure Policy built-in definitions for data encryption in Azure Monitor. Azure Monitor now provides built-in policy definitions for data encryption governance and control over the key being used by the encryption at rest.
Log analytics workspace name uniqueness is now per resource group
Azure Monitor log analytics workspace name uniqueness was maintained globally across all subscription. When a workspace name was used by one customer or user in the same organization, it couldn’t be used again by others.
Microsoft have changed the way the enforce workspace name uniqueness and it’s now maintained in the resource group context. It allows you to use the same workspace name in deployments across multiple environments for consistency. Workspace uniqueness is maintained as follow:
- Workspace ID – global uniqueness remained unchanged.
- Workspace resource ID – global uniqueness.
- Workspace name – per resource group
Azure API Management support for Availability Zones
Azure Availability Zones provide high availability for the mission-critical applications and data. Support for this capability in Azure API Management means that you can now ensure the following for your API Management instances:
- Achieve higher availability in a single region.
- Achieve higher availability in the primary region when multi-region deployment is used.
- Achieve higher availability in every region of a mullti-region deployment.
This feature is available only in the Premium tier of API Management.
Thanks for your time, and I hope you had some quick preview of list updates from April month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
