I am here to provide a single post for Azure updates on the previous month. In this blog, we will be covering up September month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorized the updates based on high-level sections.
Azure Compute
General availability of Azure AD-joined VMs support
Add the VMs into Azure AD and this removes the need to have line-of-sight from the VM to an on-premises or virtualized Active Directory Domain Controller (DC) or to deploy Azure AD Domain Services (Azure AD DS). In some cases, it can remove the need for a DC entirely, simplifying the deployment and management of the environment. These VMs can also be automatically enrolled in Intune for ease of management.
Microsoft recommends Azure AD-joined VMs for scenarios where users only need access to cloud-based resources or Azure AD-based authentication. This feature currently has some limitations:
- Azure AD Joined VM needs Intune for Management control.
- Azure AD Joined VM supports only local user profiles.
- Azure Virtual Desktop doesn’t currently support single sign-on for Azure AD-joined VMs.
Screen Capture Protection for Azure Virtual Desktop is now generally available
The screen capture protection feature prevents sensitive information from being captured on the client endpoints. When you enable this feature, remote content will be automatically blocked or hidden in screenshots and screen shares. Also, the Remote Desktop client will hide content from malicious software that may be capturing the screen.
This option is enabled at the Host pool level by the Group policy objects (GPOs) and it’s enforced to the client level. Only clients that support this feature can connect to the remote session. Currently, only the Windows Desktop client supports screen capture protection. Only full desktops are supported.
Azure App Service support for Availability Zones reaches general availability
Availability Zone support for the public multi-tenant Azure App Service enables you to build high availability into your application architecture. The App Service platform automatically allocates compute across zones ensuring applications stay up and running. Combined with Availability Zone support across Azure for storage, networking, and data, you can create highly available end-to-end application architectures.
The service has some limitations at the time of writing:
- Zone redundancy can only be specified when creating a new App Service plan and cannot convert the existing App service to zone redundancy.
- It can be deployed only via Azure ARM Templates.
- Requires either Premium v2 or Premium v3 App Service plans with minimum three nodes.
Azure Data & Storage
Azure Data Factory managed virtual network
Creating Azure Integration Runtime (IR) within Data Factory (ADF) provides an option for managed virtual Network (VNet) will leverage private endpoints to securely connect to supported data stores. Creating an Azure IR within managed Virtual Network ensures that the data integration process is isolated and secure.
The important things to note:
- Existing public Azure integration runtime can’t switch to Azure integration runtime in Azure Data Factory managed virtual network and vice versa.
- Currently, the managed Virtual Network is only supported in the same region as Azure Data Factory region.
The service is moved to General availability (GA).
Zone redundant storage (ZRS) for Azure Disk Storage is now generally available
ZRS increases availability for critical workloads by providing the industry’s only synchronous replication of block storage across three zones in a region, enabling your disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. ZRS is currently supported for Azure Premium SSDs and Azure Standard SSDs.
They also enable you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software.
Azure Networking & Security
Azure Route Server general availability
Azure route Server is a fully managed service and built with highly available. It helps to manage the dynamic routing between the Virtual network and the Network virtual appliance in the Azure cloud. It allows you to exchange routing information directly through Border Gateway Protocol (BGP) routing protocol between any NVA that supports the BGP routing protocol and the Azure Software Defined Network (SDN) in the Azure Virtual Network (VNET) without the need to manually configure or maintain route tables.
This removes the manually updating user-defined routes (UDR) and routing table in NVA.
Other Azure Services
Azure Automation Account supports the AZ PowerShell module.
Microsoft has announced the AzureRM PowerShell will be retired by February 2024 and it’s replaced by the AZ PowerShell module. The automation account would support the AZ PowerShell modules now.
The new automation accounts will have the latest AZ PowerShell modules (6.4.0) and the existing Accounts has an option to upgrade to the AZ PowerShell module.
Thanks for your time, and I hope you had some quick preview of list updates from last month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
