Things are warming up in the northern hemisphere and heating up here at Microsoft with all the additional service updates becoming available. News the AzUpdate team will be covering this week includes Azure Migrate private endpoint support is now available in public preview, The need to upgrade to TLS 1.2 or above for secure MARS agent backups by September 1, 2020, updates in policy compliance for resource type policies and a powerful Microsoft Learn module of the week.
Azure Migrate private endpoint support available in public preview
Azure Migrate Private Link support enables organizations to securely connect to the Azure Migrate service over an ExpressRoute private peering or a site-to-site VPN connection. Azure Migrate: Discovery and Assessment and Azure Migrate: Server Migration tools can now be used to securely discover, assess, and migrate servers over a private network using Azure Private Link.
Azure Migrate Private Link support can now:
Leverage existing ExpressRoute private peering circuits for greater migration velocity.
Adhere to organizational policies and requirements to not traverse public endpoints.
Achieve additional network-level protection and guard against data exfiltration risks.
The functionality is now in public preview in all public regions. Get started on how to use Azure Migrate with private endpoints. Learn how to replicate data over ExpressRoute with Azure Migrate.
Sarah also has a great Azure Migrate overview video you can review.
Azure Backup: Upgrade to TLS 1.2 or above for secure MARS agent backups by September 1, 2021
As a part of Azure-wide initiative towards using TLS 1.2 by default and removing dependencies on older versions, the Azure Backup service is working towards shifting away from legacy protocols to ensure improved security for your backup data. Hence, older versions like TLS 1.0 and TLS 1.1 will no longer be supported. These changes are expected to take effect on September 1, 2021.
In order to continue using Azure Backup without any interruptions, please ensure all resources using the Microsoft Azure Recovery Services (MARS) agent are enabled to use TLS 1.2 or above. Please refer to the steps documented in our public documentation to take appropriate action to make sure your server configuration does not force use of legacy protocols.
General availability: Update in Policy Compliance for Resource Type Policies
Starting on June 16, 2021, policies where resource type is the only evaluation criterion (e.g. Allowed Resource Types, Disallowed Resource Types) will not have 'compliant' resources stored in compliance records. This means that if there are zero non-compliant resources, the policy will show 100% compliance. If there is one or more non-compliant resources, the policy will show 0% compliance, with the total resources equaling the non-compliant resources. This change is to address feedback that resource type policies skew overall compliance percentage data (which are calculated as compliant + exempt resources out of the total resources across all policies, deduped for unique resource IDs) due to a high number of total resources.
The resource type policy has a high total resource count, because it’s the only policy where all resources in the scope of the assignment count towards ‘total resources’. Other policies only consider applicable resource types to count towards total resources (i.e. VM extension policy would only count VMs in total resources).
Going forward, the resource type policies will only count the non-compliant resources (when ‘if’ statement evaluates to true) towards the total resources. So, if there are zero-non-compliant resources, the policy will show 100% compliance. Alternatively, if there are one or more non-compliant resources, the policy will show 0% compliance (since non-compliant resources = total resources). Aggregated with other policies, this logic would provide more accurate assessment of your overall environment.
If this is a concern, and if you’d like other resource types to be reflected as compliant resources, please include the statement ‘allOf:[ field: type in [list of resource types to be counted towards total]],’, as in the built-in policy definition ‘Storage accounts should be migrated to new Azure Resource Manager resources’.
If you have a support plan and need technical help, please create a support request.
MS Learn Module of the Week
Introduction to Power Automate
Microsoft Power Automate is all about process automation. Power Automate allows anyone with knowledge of the business process to create repeatable flows that when triggered leap into action and perform the process for them.
- What is Power Automate and the business value it creates
- How two business are using Power Automate to provide better customer experiences
- See a video walkthrough of Power Automate
Learn more here: Introduction to Power Automate
Let us know in the comments below if there are any news items you would like to see covered in the next show. Be sure to catch the next AzUpdate episode and join us in the live chat.