I am here to provide a single post for Azure updates on the previous month. In this blog, we will be covering up July month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorized the updates based on high-level sections.
Azure Compute
Start VM on connect capability in Azure Virtual Desktop enters general available
This feature provides an option to save cost by deallocating the VMs during idle/non-peak hours. The Start Virtual Machine (VM) on Connect feature lets you save costs by allowing end-users to turn on their VMs only when they need them.
Azure Virtual Desktop (classic) doesn’t support this feature. This option requires a custom role for the Azure Virtual Desktop app to power on the host pool virtual machines.
Instead of predicting when the VMs need to be available for your users, give them the power to turn on a deallocated or stopped VM to meet flexible demand. This new feature will turn on a shutdown or deallocated VM in an Azure Virtual Desktop host pool when a user tries to connect to it.
VMware Site Recovery Manager is now generally available for Azure VMware Solution
VMware Site Recovery Manager (SRM) is a disaster recovery solution that enables customers to minimize downtime of their virtual machines in case of a disaster. SRM has been a popular solution for customers with on-premises VMware environments, and with this announcement, customers can now leverage those same capabilities with Azure VMware Solution.
SRM helps you plan, test, and run the recovery of VMs between a protected vCenter Server site and a recovery vCenter Server site. You can use SRM with Azure VMware Solution with the following two DR scenarios:
- On-premises VMware to Azure VMware Solution disaster recovery
- Primary Azure VMware Solution to Secondary Azure VMware Solution private cloud disaster recovery
Introducing Windows 365
Microsoft announced Windows 365, an incredibly simple way to securely stream Windows from the Microsoft Cloud, delivered as a complete software-as-a-service (SaaS) solution built on the Azure Virtual Desktop platform.
Windows 365 is ideal for customers looking for a personalized Windows experience – including apps, content, and settings – on any device, with the predictable per user, per month pricing. This service can be easily deployed and managed with Microsoft Endpoint Manager or via a self-service portal, no VDI expertise is required.
Azure Networking & Security
The Azure Firewall Premium general availability
Azure Firewall Premium is a next-generation firewall with capabilities that are required for highly sensitive and regulated environments. Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources.
Firewall Policy can be managed independently or with Azure Firewall Manager. A firewall policy associated with a single firewall has no charge. Azure Firewall Premium includes the following features:
- TLS inspection – decrypts outbound traffic, processes the data, then encrypts the data and sends it to the destination.
- IDPS – A network intrusion detection and prevention system (IDPS) allows you to monitor network activities for malicious activity, log information about this activity, report it, and optionally attempt to block it.
- URL filtering – extends Azure Firewall’s FQDN filtering capability to consider an entire URL. For example, www.contoso.com/a/c instead of www.contoso.com.
- Web categories – administrators can allow or deny user access to website categories such as gambling websites, social media websites, and others.
Other Azure Services
Azure App Service Environment v3 is now generally available
App Service Environments (ASE) v3, available through Isolated v2 App Service plans, are now generally available.
ASE’s host applications from only one customer and do so in one of their VNets. Customers have fine-grained control over inbound and outbound application network traffic. Applications can establish high-speed secure connections over VPNs to on-premises corporate resources.
The updates to ASE v3 include a simplified deployment experience enabling a highly secure, isolated app hosting environment for you to run your most sensitive web workloads.
- This is a single tenant system, with no public internet dependencies, that deploys in your azure virtual network.
- You can secure your workloads without affecting the ASE. The minimal set of networking endpoints that need to be secured is now just what the applications in the ASE require.
- Availability zone support is available with ASE v3 in Selected regions.
- You can deploy an ASE v3 on a dedicated host group. This allows you to have a dedicated system all the way down to the hardware.
This new ASE v3 allows you to customize your application security while Azure secures the infrastructure dedicated to that workload. By removing the per-instance stamp fee and we’ve reduced the cost of deploying your web apps on the Isolated v2 offering by up to 75% versus Isolated v1. Additional savings are now available through Reserved Instance pricing on Isolated v2.
Thanks for your time, and I hope you had some quick preview of list updates from last month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
