This month, Azure portal includes the ability to create custom RBAC roles, updates to Networking features and Azure Security Center.
Here’s the list of updates to the Azure portal this month:
Let’s look at each of these updates in greater detail.
We are happy to announce that you can now create, edit, or delete a custom role without ever leaving the Azure Portal. This capability was only available in the past using command line tools.
You can create a custom role by cloning an existing role, starting from scratch, or by starting with a JSON template.
We’ve made it easy to add permissions to custom roles by using selectors.
You can further edit your custom role using the JSON editor, or simply download it to use on CLI.
To try out custom RBAC roles:
Azure Private Link is a secure and scalable way for you to consume services (such as Azure PaaS, Partner Service, BYOS) on the Azure platform privately from within your virtual network.
Private Link landing page
You can learn more about Azure Private Link on this page.
To try out Azure Private Link:
Azure Virtual Network service endpoint policies enable you to prevent unauthorized access to Azure Storage accounts from your virtual network. It enables you to limit access to only specific Azure Storage resources by applying endpoint policies over the service endpoint configuration.
This feature is now generally available in all Azure public regions. To learn more, visit this blog.
To try out service endpoint policies:
Virtual Network NAT (network address translation) simplifies outbound-only Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses your specified static public IP addresses. Outbound connectivity is possible without load balancer or public IP addresses directly attached to virtual machines.
To learn more about Virtual Network NAT, visit this page.
The vulnerability scanning (powered by Qualys) for container images stored in Azure Container Registry is now generally available.
Security Center’s image scanning parses the packages or other dependencies defined in the container image file, then checks for known vulnerabilities in those packages or dependencies.
Whenever you push an image to your registry, Security Center automatically scans that image. To trigger the scan of an image, push it to your container registry. When the scan completes (typically after approximately 10 minutes), findings are available in Security Center recommendations and included in the Secure Score together with information on how to remediate the issues and protect the vulnerable attack surface.
Azure Security Center now supports integration with Azure Monitor alerts.
By leveraging Security Center's continuous export capabilities to Log Analytics Workspace, you can configure Azure Monitor Log Alert rules for recommendations and alerts exported from Security Center. They will then be reflected directly as alerts in Azure Monitor. You can also configure the alert rules to trigger an Action Group to enable automation scenarios supported by Azure Monitor.
The features, operation, and UI for Azure Security Center’s just-in-time tools that secure your management ports have been enhanced as follows:
The following two security recommendations related to web applications are being deprecated:
These recommendations will no longer appear in Azure Security Center’s list of recommendations and their related policies will no longer be included in the ASC Default initiative.
The Microsoft Intune team has been hard at work on updates as well. You can find the full list of updates to Intune on the What's new in Microsoft Intune page, including changes that affect your experience using Intune.
The following new videos are available to help you make the most out of the Azure portal:
Have you checked out our Azure portal “how to” video series yet? The videos highlight specific aspects of the portal so you can be more efficient and productive while deploying your cloud workloads from the portal. Keep checking our playlist on YouTube for new videos.
The Azure portal has a large team of engineers that wants to hear from you, so please keep providing us your feedback in the comments section below or on Twitter @AzurePortal.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.