Microsoft

Jul 31, 2023

Azure Announcements Newsletter - July 2023

AZURE ANNOUNCEMENTS NEWSLETTER

July 1, 2023 – July 31, 2023

Announcements Summary
Firewall		Preview Features – 1 Update
Monitor		General Availability – 1 Update Preview Features – 1 Update
Service Fabric		Updated Features – 1 Update
	Storage	General Availability – 1 Update Region Updates – 1 Update
	Virtual Network	Preview Features – 1 Update

API Management	Preview Features – 1 Update
ARC	New Features – 1 Update
Cognitive Services	Preview Features – 1 Update
Event Grid	New Features – 1 Update
Functions	Preview Features – 1 Update
IoT Hub	General Availability – 1 Update
Kubernetes Service	Preview Features – 2 Updates
Machine Learning	General Availability – 1 Update Preview Features – 1 Update
Media Services	Retiring Features – 1 Update
Traffic Manager	General Availability – 1 Update
Virtual Machines	Preview Features – 2 Updates
Application Gateway	Preview Features – 1 Update Updated Features – 1 Update
Cognitive Services	Retiring Features – 1 Update
DevOps	Updated Features – 1 Update
SQL Database	Updated Features – 1 Update

Announcements Details

Azure Service: Firewall
Preview Features Azure's regional Web Application Firewall (WAF) running on Application Gateway now supports sensitive data protection through log scrubbing. When a request matches the criteria of a rule, and triggers a WAF action, that event is captured within the WAF logs. WAF logs are stored as plain text for debuggability, and any matching patterns with sensitive customer data like IP address, passwords, and other personally identifiable information could potentially end up in logs as plain text. To help safeguard this sensitive data, you can now create log scrubbing rules that replace the sensitive data with "******". Sensitive data protection using log scrubbing supports the creation of rules using the following variables: Request Header Names Request Cookie Names Request Arg Names Request Post Arg Names Request JSON Arg Names Request IP Address Announcement: https://azure.microsoft.com/updates/public-preview-sensitive-data-protection-for-application-gateway-web-application-firewall-logs/ Documentation: https://learn.microsoft.com/azure/web-application-firewall/ag/waf-sensitive-data-protection

Azure Service: Monitor
General Availability Azure Native New Relic Service, which enables developers and IT administrators to set up monitoring for their cloud applications using New Relic on Azure, is now generally available. Users can benefit from multiple deep integration capabilities like creating a New Relic account, linking existing New Relic accounts, easily configuring logs and metrics monitoring and installing extensions for monitoring virtual machines and app services right from within the Azure experience. Announcement: https://azure.microsoft.com/updates/general-availability-azure-native-new-relic-service/ Documentation: https://learn.microsoft.com/azure/partner-solutions/new-relic/new-relic-overview
Preview Features Azure Monitor Agent (AMA) collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Azure Monitor Agent replaces all of Azure Monitor's legacy monitoring agents. This article provides an overview of Azure Monitor Agent's capabilities and supported use cases. You can now monitor the health of agents at-scale across Azure, on premises and other clouds using the Azure Monitor Agent Health experience released in preview today. This includes AMA running on both virtual machines and on-premise (Arc-enabled servers), including a view into the related Data Collection rules. Identify data collection problems before they start impacting your business, and troubleshoot faster by narrowing down the impact scope for a given problem. Announcement: https://azure.microsoft.com/updates/public-preview-azure-monitor-agent-health-experience/ Documentation: https://learn.microsoft.com/azure/azure-monitor/agents/agents-overview
Azure Service: Service Fabric
Updated Features We are excited to announce that the 9.1 Fifth Refresh release of the Service Fabric runtime has completed rolling out to the various Azure regions along with tooling and SDK updates. The updates for .NET SDK, Java SDK, and Service Fabric runtimes can be downloaded from the links provided in Release Notes. The SDK, NuGet packages, and Maven repositories are already available in all regions. We are also excited to announce that the 9.0 Tenth Refresh release of the Service Fabric runtime has completed rolling out to the various Azure regions along with tooling and SDK updates. The updates for .NET SDK, Java SDK, and Service Fabric runtimes can be downloaded from the links provided in Release Notes. The SDK, NuGet packages, and Maven repositories are already available in all regions. Announcement: https://azure.microsoft.com/updates/azure-service-fabric-91-fifth-refresh-release/ Documentation: https://github.com/microsoft/service-fabric/blob/master/release_notes/Service_Fabric_ReleaseNotes_91CU5.mdr/release_notes/Service_Fabric_ReleaseNotes_91CU2.md

Azure Service: Storage

General Availability

Azure Premium SSD v2 Disk Storage is now available in Switzerland North, Japan East, Korea Central, South Africa North, Sweden Central, Canada Central and Central US regions. This next-generation storage solution offers advanced general-purpose block storage with the best price performance, delivering sub-millisecond disk latencies for demanding IO-intensive workloads at a low cost. It is well-suited for a wide range of enterprise production workloads, including SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data analytics, gaming on virtual machines, and stateful containers.

Announcement: https://azure.microsoft.com/updates/generally-available-azure-premium-ssd-v2-disk-storage-is-now-available-in-more-regions/

Documentation: https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd-v2

Region Updates

Azure Archive Storage provides a secure, low-cost means for retaining rarely accessed data including backup and archival storage. Now, Azure Archive Storage is available in Sweden Central

Announcement: https://azure.microsoft.com/updates/general-availability-azure-archive-storage-now-available-in-sweden-central/

Documentation: https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=storage

Azure Service: Virtual Network

Preview Features

With Virtual Network encryption, customers can enable encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network and between regionally and globally peered virtual networks. This new feature enhances the existing encryption in transit capabilities in Azure.

Azure Virtual Network encryption is available in the following regions during public preview: East US 2 EUAP, Central US EUAP, West Central US, East US, East US 2, West US, West US 2.

Announcement: https://azure.microsoft.com/updates/public-preview-azure-virtual-network-encryption-2/

Documentation: https://learn.microsoft.com/azure/virtual-network/virtual-network-encryption-overview

Azure Service: API Management

Preview Features

We are excited to announce the public preview of the OData API type in Azure API Management. This new capability extends the benefits and capabilities of Azure API Management to OData APIs, including the ability to secure them with standard API protections, such as authentication, authorization, and rate limiting, in combination with OData-specific policies for request validation. First-class support for OData makes it easier for customers to use Azure API Management for publishing APIs from SAP, Oracle, Dataverse, and others who expose OData APIs.

Key Features of the OData API Type:

Import OData services into Azure API Management as APIs

Expose and protect OData APIs

Validate requests with OData specific policy

Integrate with SAP solutions

Announcement: https://azure.microsoft.com/updates/public-preview-odata-api-type-in-azure-api-management-2/

Documentation: https://learn.microsoft.com/azure/api-management/import-api-from-odata

Azure Service: ARC

New Features

At Inspire, we are announcing Extended Security Updates (ESUs) enabled by Azure Arc. You will be able to purchase and seamlessly deploy ESUs through Azure Arc in on-premises or multicloud environments, right from the Azure portal. In addition to providing a centralized management of security patching, ESUs enabled by Azure Arc gives you more flexibility with a pay-as-you-go subscription model, compared to the classic ESU offered through the Volume Licensing Center which are purchased in yearly increments. You can also leverage additional Azure services that help better secure, monitor, and govern end-of-support servers in tandem with your Windows Server and SQL Server ESUs.

This feature is available now for SQL Server 2012 with billing starting in September 2023. If you sign up before September, you will see a one-time charge from July 12 to September. For Windows Server, this feature will be available in September 2023, but customers can connect to Azure Arc today to prepare.

Announcement: https://azure.microsoft.com/updates/extendedsecurityupdatesenabledbyazurearc/

Documentation: https://techcommunity.microsoft.com/t5/azure-arc-blog/new-options-for-extended-security-updates-enabled-by-azure-arc/ba-p/3876737

Azure Service: Cognitive Services

Preview Features

We're excited to announce that Vector search is now available in public preview on Azure Cognitive Search. The enterprise retrieval cloud service powers the next generation of LLM-based applications, as well as plugins for ChatGPT and Azure OpenAI service. With Vector search, Developers can store, index, and deliver search applications over vector representations of organizational data, also known as embeddings. Vector search supports a wide range of data types, such as text, images, audio, video, and graphs. Execute vector similarity queries using approximate nearest neighbor search. Find information that is semantically similar to search queries, even if the search terms are not exact matches. Azure Cognitive Search offers pure vector search and hybrid retrieval – as well as a sophisticated re-ranking system powered by Bing in a single integrated solution. Build applications to generate personalized responses in natural language, deliver product recommendations, detect fraud, identify data patterns, and more.

Announcement: https://azure.microsoft.com/updates/public-preview-vector-search-a-feature-of-azure-cognitive-search/

Documentation: https://aka.ms/Vector_SearchSnackableVideo

Azure Service: Event Grid

New Features

Azure Event Grid integration with Azure Kubernetes Service (AKS) enables you to subscribe to Event Grid notifications and get important event notifications. You can now receive and programmatically handle AKS generated upgrade events in Event Grid to minimize unexpected issues and improve how you handle such activities.

Event Grid enhancements add new events for the integration at GA to facilitate additional capabilities include:

Upgrade completed/ canceled/ failed notification

Cluster going out of support

cluster out of support notices.

Announcement: https://azure.microsoft.com/updates/generally-available-event-grid-upgrade-enhancements-for-aks/

Documentation: https://learn.microsoft.com/azure/event-grid/event-schema-aks?tabs=event-grid-event-schema

Azure Service: Functions

Preview Features

You can now develop functions using Python 3.11 locally and deploy them to all Azure Functions plans.

Announcement: https://azure.microsoft.com/updates/public-preview-support-for-python-311-in-azure-functions/

Documentation: https://docs.python.org/3/whatsnew/3.11.html

Azure Service: IoT Hub

General Availability

What’s changing:

The architecture of your IoT Hub includes a cluster of front-end message processing servers and software we call the IoT Hub gateway. We are rolling out availability, reliability, and security improvements to this gateway between July 2023 and November 2023.

Potential impact:

The gateway upgrade will result in:

A forced disconnect and reconnect for all devices.

New static IP addresses for all IoT hubs.

Device disconnects:

Your devices will disconnect from IoT Hub while we upgrade the gateway nodes. The time it takes for your devices to reconnect depends on:

DNS update propagation: If your devices leverage DNS to resolve your IoT hub’s IP address, it will resolve the new IP address after the DNS updates propagate to the device’s DNS server(s) and any local DNS cache expires.

DPS reprovisioning: Reprovisioning is subject to DPS limits. Follow the recommended best practices to reprovision devices with DPS. Avoid reprovisioning unless IoT Hub returns an error other than 429 or 5xx.

Device connection retry logic: If your devices leverages the Azure IoT SDKs, they will attempt to reconnect according to their retry policy.

Device connection throttling: IoT Hub throttles device connections based on your selected tier.

Firewall rules and impact:

If you followed our best practices to configure your IoT Hub by using Fully Qualified Domain Name (FQDN), then no action is required.

If you implemented a range-based approach using IoT Hub service tags, no action is required.

If you restrict access based on a specific IP address for your IoT Hub, follow our best practices and move away from a static IP address. The IP address of your IoT Hub might change at any time for any reason.

If you cannot follow our best practices or have questions, reach out to your Azure IoT or Microsoft contacts.

Announcement: https://azure.microsoft.com/updates/general-availability-iot-hub-service-upgrade/

Documentation: https://azure.microsoft.com/updates/general-availability-iot-hub-service-upgrade/

Azure Service: Kubernetes Service

Preview Features

The new network observability add-on for AKS, now in public preview, provides complete observability into the network health and connectivity of your AKS cluster.

Key benefits:

Get access to cluster level network metrics like packet drops, connections stats and more.

(GA) Access to pod-level metrics and network debuggability features

Support for all Azure CNIs - AzureCNI and AzureCNI (Powered by Cilium)

Support for all AKS node types - Linux and Windows

Easy deployment using native Azure tools - AKS CLI, ARM templates, PowerShell, etc.

Seamless integration with the Azure managed Prometheus and Azure-managed Grafana offerings.

Announcement: https://azure.microsoft.com/updates/public-preview-network-observability-addon-for-aks-4/

Documentation: https://techcommunity.microsoft.com/t5/azure-observability-blog/comprehensive-network-observability-for-aks-through-azure/ba-p/3825852

Preview Features

AKS now supports the ability to create clusters with BYOK enabled for nodes using ephemeral OS disk if the chosen VM SKU supports ephemeral. BYOK support provides you the option to use your own customer managed keys (CMK) to encrypt your ephemeral OS Disks, providing you increased control over your encryption keys.

Announcement: https://azure.microsoft.com/updates/public-preview-bring-your-own-key-on-ephemeral-os-disk-for-aks/

Documentation: https://learn.microsoft.com/azure/aks/azure-disk-customer-managed-keys

Azure Service: Machine Learning

General Availability

A new feature now available in GA enables you to create compute clusters in locations that are different from the location of the workspace.

Create and use compute in multiple Azure Regions – You can now use managed compute outside of the current Azure Machine Learning compute scenarios to run a job, either on-demand or in a dedicated manner.

Announcement: https://azure.microsoft.com/updates/azure-machine-learning-general-availability-for-july/

Documentation: https://azure.microsoft.com/updates/azure-machine-learning-general-availability-for-july/

Preview Features

New features now available in Public Preview enable you to create AI workflows that connect to various language models and data sources and use prompt flow and Azure OpenAI models to build LLM applications.

Build high quality intelligent applications with prompt flow – You can now utilize one platform to build, tune, evaluate, deploy, and test AI workflows.

Discover Azure OpenAI Service models in the model catalog – You can now access Azure OpenAI models in Azure Machine Learning through the model catalog.

Leverage LLaMA foundation models in the model catalog - You can now find, fine-tune, and deploy LLaMa models from Meta in Azure Machine Learning through the model catalog.

Announcement: https://azure.microsoft.com/updates/azure-machine-learning-public-preview-for-july/

Documentation: https://azure.microsoft.com/updates/azure-machine-learning-public-preview-for-july/

Azure Service: Media Services

Retiring Features

Azure Media Services will be retired on 30 June 2024. This is a result of Microsoft focusing on strategic areas of secular growth and long-term competitiveness for the company. We're also accelerating media services solutions from the Microsoft partner ecosystem across integrated solution vendors and system integrators.

From now through 30 June 2024, you can continue to use Azure Media Services without any disruptions. After 30 June 2024, Azure Media Services won’t be supported, and customers won’t have access to their Azure Media Services accounts.

Required action

To avoid any service disruptions, you’ll need to transition to Azure Video Indexer for on-demand video and audio analysis workflows or to a Microsoft partner solution for all other media services workflows before 30 June 2024.

Announcement: https://azure.microsoft.com/updates/retirement-notice-azure-media-services-is-being-retired-on-30-june-2024/

Documentation: https://azure.microsoft.com/updates/retirement-notice-azure-media-services-is-being-retired-on-30-june-2024/

Azure Service: Traffic Manager

General Availability

Today we are announcing that Always Serve for Azure Traffic Manager (ATM) is now generally available. You can disable endpoint health checks from an ATM profile and always serve traffic to that given endpoint. You can also now choose to use 3rd party health check tools to determine endpoint health, and ATM native health checks can be disabled, allowing flexible health check setups.

When creating or updating an endpoint, one can enable Always Serve. The feature is enabled in the Azure portal, the API version “2022-04-01”, and Azure PowerShell.

Announcement: https://azure.microsoft.com/updates/alwaysservega/

Documentation: https://azure.microsoft.com/updates/alwaysservega/

Azure Service: Virtual Machines

Preview Features

Today we are introducing the preview Azure Boost, one of Microsoft Azure’s latest infrastructure innovations. Azure Boost is a new system that offloads virtualization processes traditionally performed by the hypervisor and host OS onto purpose-built hardware and software, such as networking, storage, and host management. By separating hypervisor and host OS functions from the host infrastructure, Azure Boost enables greater network and storage performance at scale, improves security by adding another layer of logical isolation, and reduces the maintenance impact for future Azure software and hardware upgrades.

This innovation enables Azure customers participating in the preview to achieve a 200 Gbps networking throughput and a leading remote storage throughput up to 10 GBps and 400K IOPS, enabling the fastest storage workloads available today.

Azure Boost allows preview users to achieve this performance through access to experimental SKUs. This preview will be important for many customers and partners to integrate critical components of Azure Boost into their current VM solutions, ensuring smooth operation on this new system in the future.

While we are announcing the preview of Azure Boost today, Azure Boost has been providing benefits to millions of existing Azure VMs in production today, such as enabling the exceptional remote storage performance of the Ebsv5 VM series and networking throughput and latency improvements for the entire Ev5 and Dv5 VM series. Azure Boost will continue to innovate and provide benefits for Azure infrastructure users going forward.

Azure Boost marks a significant leap forward in Azure infrastructure innovation. We invite Azure partners and customers with high-performance network and storage needs, particularly those using the Data Plane Development Kit (DPDK), to take part in the preview.

Announcement: https://azure.microsoft.com/updates/preview-azure-boost/

Documentation: https://techcommunity.microsoft.com/t5/azure-infrastructure-blog/introducing-microsoft-azure-boost-preview/ba-p/3876742

Preview Features

Announcing public preview support for multi disk crash consistency mode in VM restore points. A crash consistent VM restore point is an agentless solution that stores the VM configuration and point-in-time write-order consistent snapshots for all managed disks attached to a Virtual Machine. This is same as the status of data in the VM after a power outage or a crash. Using Crash consistent restore points you can plan and protect your Azure VMs backup and/or disaster requirements.

Regions supported: West Europe and EastUS2. We will continue to rollout support in all regions in the coming weeks.

Announcement: https://azure.microsoft.com/updates/public-preview-crash-consistent-vm-restore-points/

Documentation: https://learn.microsoft.com/azure/virtual-machines/virtual-machines-create-restore-points

Announcements Details

Azure Service: Application Gateway

Preview Features

We are announcing Azure Application Gateway for Containers as a new SKU to the Application Gateway family. Application Gateway for Containers is the next evolution of Application Gateway + Application Gateway Ingress Controller (AGIC), providing application (layer 7) load balancing and dynamic traffic management capabilities for workloads running in a Kubernetes cluster.

Application Gateway for Containers introduces the following improvements over AGIC:

Performance: Achieve near-to-real-time convergence times to reflect add/remove of pods, routes, probes, and other load balancing configuration within Kubernetes yaml configuration.

Scale: Push boundaries past current AGIC limits, exceeding 1400 backend pods and 100 listeners with Application Gateway for Containers.

Deployment: Enable a familiar deployment of ARM resources via ARM, PowerShell, CLI, Bicep, and Terraform or define all configuration within Kubernetes and have Application Gateway for Containers manage the rest in Azure!

Gateway API support: The next evolution in defining Kubernetes service networking through expressive, extensible, and role-oriented interfaces.

Weighted / Split traffic distribution: Enable blue-green deployment strategies and active / active or active / passive routing.

Announcement: https://azure.microsoft.com/updates/public-preview-application-gateway-for-containers/

Documentation: https://learn.microsoft.com/azure/application-gateway/for-containers/overview

Updated Features

We have updated the default TLS configuration for new deployments of the Application Gateway to Predefined AppGwSslPolicy20220101 policy to improve the default security. This recently introduced, generally available, predefined policy ensures better security with minimum TLS version 1.2 (up to TLS v1.3) and stronger cipher suites.

The default policy change applies to API versions (2023-02-01 or higher). The AppGwSslPolicy20220101 policy gets auto applied when no specific TLS policy is defined in the resource configuration during deployment. You can, however, choose to modify to any other TLS policy later, depending on your needs.

Announcement: https://azure.microsoft.com/updates/default-tls-policy-2022/

Documentation: https://learn.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview#default-tls-policy

Azure Service: Cognitive Services

Retiring Features

Speech-to-text REST API v3.0 will be retired by 31 March 2026. Update your code that uses Speech-to-text REST API.

We recently updated the Speech-to-text REST API to version 3.1. Version 3.1 builds on the capabilities of the previous version and adds new features including language identification and multi-speaker diarization. With these enhancements, we'll retire version 3.0 of the API on 31 March 2026.

Announcement: https://azure.microsoft.com/updates/speechtotext-rest-api-v30-will-be-retired-by-31-march-2026/

Documentation: https://learn.microsoft.com/azure/ai-services/speech-service/migrate-v3-0-to-v3-1

Azure Service: DevOps

Updated Features

In July, we've delivered multiple improvements across Azure DevOps services. You can now dismiss dependency scanning alerts in Advanced Security that you believe to be a false positive or acceptable risk. In Azure Repos, we changed the default behavior to remove "Edit policies" permission when creating a new branch.

Announcement: https://azure.microsoft.com/updates/azure-devops-july-2023-updates/

Documentation: https://azure.microsoft.com/updates/azure-devops-july-2023-updates/