This month, Azure portal updates include updates to Azure Security Center, the ability to use ephemeral OS disks on Azure VMs, and to send Windows diagnostics data to Azure Monitor.
Here’s the list of June updates to the Azure portal:
Let’s look at each of these updates in greater detail.
During the creation of a VM or VMSS in the Portal, you can now choose to use an ephemeral OS disk allowing for faster reimaging of VMs, reduced storage costs, and lower read/write latency to the OS disk. You can create these VMs with marketplace or custom images to fit your needs. If you have previously created a VM or VMSS with ephemeral OS disks via PowerShell or CLI, it will automatically show in the Portal.
Use ephemeral OS disk option
To try out ephemeral OS disks:
On virtual machines:
On virtual machine scale sets:
To learn more about ephemeral OS disks for Azure VMs, visit the documentation page.
Azure Diagnostics is the capability within Azure that enables the collection of diagnostic data on a deployed application. You can use the diagnostics extension to collect diagnostic data like application logs or performance counters from an Azure virtual machine (VM) that is running Windows.
Traditionally, diagnostics data are stored in a storage account in your subscription. In this preview release, you can now send diagnostics data directly into Azure Monitor, a centralized, fully managed data store for monitoring, analyzing and visualizing all your operational telemetry. While in preview, this feature is available in specific Azure regions: East US, South Central US, West US 2 South East Asia, North Europe, West Europe
Send diagnostic data to Azure Monitor option
To try out sending Windows Diagnostics data to Azure Monitor:
To illustrate the connection between recommendations and their matching security policies, we have now changed the names to be the same. It is now easier to find the relevant policy referred to in a recommendation and enable/disable it. For example:
This has no effect on the actual feature functionalities.
To explore your Azure Security Center recommendations:
For more information about Azure Security Center recommendations, visit the documentation page.
Some of the biggest attack surfaces for workloads running in the public cloud are connections to and from the public Internet. You may find it hard to know which Network Security Group (NSG) rules should be in place to make sure that Azure workloads are only available to required source ranges. With this feature, Security Center learns the network traffic and connectivity patterns of Azure workloads and provides NSG rule recommendations, for Internet facing virtual machines. This helps our customer better configure their network access policies and limit their exposure to attacks.
Adaptive Network Hardening
To explore Adaptive Network Hardening:
For more information about network hardening, see Adaptive network hardening.
You can now view a detailed summary of your security recommendations and a summary of your security alerts, from within Azure Advisor. In addition, you can now consume the security recommendations directly from the Azure Advisor API, and use Azure Advisor to generate PDF and CSV reports.
Detailed view of Security Center recommendations on Azure Advisor
To explore Security Center recommendations on Azure Advisor:
Just-in-time (JIT) virtual machine (VM) access can now be used with Azure Firewall.
When just-in-time was enabled, Security Center created a just-in-time policy which locked down inbound traffic to your Azure VMs (on ports that you select) by creating a Network Security Groups (NSG) rule. Now, JIT is also available to VMs protected by Azure Firewall.
When a user requests access to a VM with a JIT policy, Security Center first checks that the user has Role-Based Access Control (RBAC) permissions to request access to a VM with a JIT policy. If the user has permissions and the request is approved, Security Center automatically configures the NSG and the Azure Firewall rules to allow inbound traffic with the following restrictions:
After the time expires, Security Center restores the NSGs and Azure Firewalls to their previous states. In addition, after a request is approved for a VM protected by Azure Firewall, Security Center provides the user with the proper connection details (the port mapping from the DNAT table) to use to connect to the VM.
By using JIT access for VMs protected by Azure Firewall, you can now protect a wider range of resources and further limit exposure to attacks.
To configure JIT access on a virtual machine in Security Center:
To learn more, see Manage virtual machine access using just-in-time.
The Microsoft Intune team has been hard at work on updates as well. You can find the full list of updates to Intune on the What's new in Microsoft Intune page, including changes that affect your experience using Intune.
Have you checked out our Azure portal “how to” video series yet? The videos highlight specific aspects of the portal so you can be more efficient and productive while deploying your cloud workloads from the portal. Recent videos include a demonstration of how to create a storage account and upload a blob and how to create an Azure Kubernetes Service cluster in the portal. Keep checking our playlist on YouTube for a new video each week.
The Azure portal’s large team of engineers always wants to hear from you, so please keep providing us with your feedback in the comments section below or on Twitter @AzurePortal.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.