Az Update: AMD Nested Virtualization, WAC Container Extension, Policy for Cosmos DB, and more!
Published Jun 12 2020 01:37 AM 6,554 Views

With all the changes in Azure, it is sometimes hard to keep track, that's why I thought I would give you a quick update on a couple of exciting things I learned this week. In this update, I want to share a couple of things around updates on Hyper-V Nested Virtualization with AMD, an update to the Windows Container Extension in Windows Admin Center, Azure Policy support for Cosmos DB, general availability of Azure File Share integration into on-premises Active Directory and more! Also, tune in for our live stream later today.


Hyper-V AMD Nested Virtualization Support now available

Nested Virtualization is not a new idea. The Hyper-V team announced our first preview of Nested Virtualization running on Windows way back in 2015.  Today, you can find Nested Virtualization support in Azure that gives the Azure users flexibility in how they want to set up their environments. Nested Virtualization is being used by IT Pros to set up home labs and containers. If you want to use a Hyper-V Containers inside a virtual machine (VM), you will enable Nested Virtualization.

Until this week Nested Virtualization in Hyper-V was only working with Intel processors, this week the Hyper-V team announced the preview of Nested Virtualization with AMD processors. Starting with Windows Build 19636, you will be able to try out Nested Virtualization on AMD processors. If you’re on the Windows Insider Fast ring, then you can try this out today.

You can read more here.


Windows Admin Center Windows Container Extensions

The Windows Container team announced an update for the Windows Containers extension in Windows Admin Center. This will provide some great new functionality, especially addressing the needs of IT Pros who need to modernize the IT platform using Windows Containers.

In a nutshell, the new extension not just allows you to manage Windows containers on your container hosts, but also to build docker files and container images, which you can push to a container registry, including Azure Container Registry. From there, IT Pros can then deploy the container to container hosts, Kubernetes clusters,  Azure Container Instance (ACI), or Azure Kubernetes Service (AKS).

If you want to learn more, check out the full announcement blog here.


Windows Admin Center Container ExtensionsWindows Admin Center Container Extensions



Azure Policy support for Azure Cosmos DB is now available

Azure Cosmos DB resource governance can now be implemented with Azure Policy. Use this capability to create Azure Policy assignments based on built-in or custom policy definitions to enforce rules and effects on Azure Cosmos DB resources.

Example policy assignments include—requiring features such as Advanced Threat Protection to be enabled on Azure Cosmos DB accounts; auditing Azure Cosmos DB resources for compliance with organizational standards on throughput or other properties; or securing data by enforcing network access safeguards such as IP filter rules, virtual network endpoints, or limiting the amount of throughput (RU/s) that can be provisioned.

Check out the update here.


General availability of Azure Files on-premises Active Directory Domain Services authentication

Yesterday, the Azure Files team announced the general availability of Azure Files support for authentication with on-premises Active Directory Domain Services (AD DS).

Since preview in February 2020, we’ve received great feedback and growing interest from our customers, especially because of increased work from home scenarios. With file shares migrated to the cloud, maintaining access using Active Directory credentials greatly simplifies the IT management experience and provide better mobility for remote work. Most importantly, you do not need to reconfigure your clients. As long as your on-premises servers or user laptops are domain-joined to AD DS, you can sync Active Directory to Azure AD, enable AD DS authentication on the storage account, and mount the file share directly. It makes the migration from on-premises to cloud extremely simple as the existing Windows ACLs can be seamlessly carried over to Azure Files and continue to be enforced for authorization.

You can read more about the announcement here, and if you want to learn more check out our Azure Unblogged video on Azure Files AD integration.


MS Learn Module of the Week




Manage identity and access in Azure Active Directory
This week's MS Learn module focuses on how to work with subscriptions, users, and groups by configuring Microsoft Azure Active Directory for workloads.


I wish you a good weekend, and I hope this short blog post provided you with some news from this week. I know there is much more than just the things I listed here. I recommend that you follow the Azure announcements blog. If you have any questions, feel free to leave a comment. 


Also, check out last week's Az Update here.

Version history
Last update:
‎Jul 02 2020 08:55 AM
Updated by: