Azure Updates - Latest from Azure Charts

Workspace Customer-Managed Keys for BYOK in Microsoft Fabric

Fri, 03 Apr 2026 10:00:00 Z

Enterprise analytics platforms increasingly operate under strict security, compliance, and regulatory requirements. For many organizations, encryption is not sufficient without clear ownership and control of cryptographic keys.
Update Type: Preview, Services: Microsoft Fabric, Categories: Compliance

Azure Data Box enhances compliance with automatic Secure Erasure Certificates

Wed, 01 Apr 2026 18:30:16 Z

Azure Data Box now automatically generates a downloadable Secure Erasure Certificate for every completed order, providing verification that all data on the device has been securely erased in accordance with NIST 800-88 Revision 2 standards. The certific
Update Type: GA, Services: Data Box, Categories: Compliance

Customer-managed keys (CMK) in Fabric SQL Database

Thu, 26 Mar 2026 11:00:00 Z

Customer-managed keys (CMK) in Fabric SQL Database is a major step forward in empowering organizations to take control of their data security and compliance.
Update Type: GA, Services: SQL Database, Categories: Compliance

Industrial Analytics delivered at-scale: Powered by Fabric Real-Time Intelligence and Fusion Data Hub

Wed, 25 Mar 2026 13:00:00 Z

Industrial organizations generate a continuous stream of operational signals—temperature, pressure, flow, vibration, energy, and more. Much of that data is captured in plant historians, systems built to collect and store sensor and equipment data over long periods, often driven by compliance needs and operational reporting.
Update Type: Announcement, Services: , Categories: Compliance

Audit columns in Copy job in Fabric Data Factory—every row is traceable for data lineage and compliance

Thu, 19 Mar 2026 10:00:00 Z

Copy job is the go-to solution in Microsoft Fabric Data Factory for simplified data movement across multiple clouds. With native support for bulk copy, incremental copy, and change data capture (CDC) replication, it can handle a wide range of movement scenarios through an intuitive, easy-to-use experience.
Update Type: Announcement, Services: Microsoft Fabric, Data Factory, Categories: Compliance

Azure Red Hat OpenShift Managed Identity and Workload Identity

Wed, 18 Mar 2026 18:30:05 Z

Azure Red Hat OpenShift now supports managed identities and workload identities as a generally available capability, enabling you to run OpenShift clusters and applications on Azure without long lived service principal credentials. This aligns Azure Red H
Update Type: GA, Services: Azure Red Hat OpenShift, Categories: Compliance

Azure Policy faster enforcement and retirement of login/logout workaround

Wed, 04 Mar 2026 21:15:02 Z

Over the years, we’ve made significant investments to improve the responsiveness of the Azure Policy service. As a result, policy assignment creation and updates for Resource Manager mode policies now get enforced within 5 minutes.In light of cache refres
Update Type: Deprecation, Services: Azure Policy, Categories: Compliance

Azure WAF Compliance with MCP-Driven SRE Agent

Thu, 12 Feb 2026 15:13:00 Z

Azure governance at scale is complex. Security teams manually review many resource types across multiple subscriptions. Finance can't track costs without tags. Compliance teams spend days cross-refer...
Update Type: Announcement, Services: SRE Agent, Categories: Compliance

Announcing Unified SOX & DORA Compliance Solutions in Microsoft Sentinel

Fri, 16 Jan 2026 00:45:00 Z

Empowering Financial Institutions to Meet Modern Regulatory Demands As financial organizations navigate increasingly complex regulatory landscapes, two frameworks stand out for their impact and ri...
Update Type: Announcement, Services: Microsoft Sentinel, Categories: Compliance

Gain even more trust and compliance with OneLake diagnostics immutability

Mon, 12 Jan 2026 12:00:00 Z

In October 2025, we introduced OneLake diagnostics—a powerful capability that helps teams “answer who accessed what, when, and how” across your Fabric Lakehouse environment. OneLake diagnostics streams JSON-based activity logs into a Lakehouse you choose, enabling rich analysis, governance, and compliance workflows. A powerful capability that helps teams “answer who accessed what, when, and how” … Continue reading “Gain even more trust and compliance with OneLake diagnostics immutability (Generally Available)”
Update Type: GA, Services: , Categories: Compliance

Long-term data retention up to 10 years: Announcing Private Preview of Azure Backup for Azure Cosmos DB

Mon, 08 Dec 2025 20:45:27 Z

Azure Backup for Azure Cosmos DB is a new option that lets you securely protect and recover your Azure Cosmos DB data for compliance, audit, and ransomware protection scenarios. It leverages Azure Backup’s vault isolation and Azure Cosmos DB’s native backup streams to deliver scalable, long-term data protection that meets regulatory requirements. How does it […] The post Long-term data retention up to 10 years: Announcing Private Preview of Azure Backup for Azure Cosmos DB appeared first on Azure Cosmos DB Blog.
Update Type: Preview, Services: Cosmos DB, Azure Backup, Categories: Compliance

Auditing for Fabric SQL database

Fri, 21 Nov 2025 08:00:00 Z

Auditing for Fabric SQL database, is a powerful feature designed to help organizations strengthen security, ensure compliance, and gain deep operational insights into their data environments. Why Auditing Matters Auditing is a cornerstone of data governance. With Fabric SQL Database auditing, you can now easily track and log database activities—answering critical questions like who accessed … Continue reading “Auditing for Fabric SQL database (Preview)”
Update Type: Preview, Services: SQL Database, Categories: Compliance

Customer-managed keys in Fabric SQL Database

Wed, 19 Nov 2025 08:00:00 Z

Customer-managed keys in Fabric SQL Database – a major step forward in empowering organizations to take control of their data security and compliance. Why customer-managed keys matter Microsoft Fabric already encrypts all data-at-rest using Microsoft-managed keys. But for organizations with strict data governance policies or regulatory requirements, CMK offers an additional layer of control and … Continue reading “Customer-managed keys in Fabric SQL Database (Preview)”
Update Type: Preview, Services: Microsoft Fabric, SQL Database, Categories: Compliance

Azure Virtual Network Manager peering compliance

Thu, 13 Nov 2025 17:00:24 Z

Azure Virtual Network Manager peering compliance is now generally available, providing a secure and compliant mechanism to protect network connectivity managed by Azure Virtual Network Manager. In large-scale environments, it’s essential to prevent uninte
Update Type: GA, Services: Virtual Network, VNet Manager, Categories: Compliance

Warehouse Snapshots in Microsoft Fabric

Mon, 10 Nov 2025 08:00:00 Z

Managing data consistency during ETL has always been a challenge for our customers. Dashboards break, KPIs fluctuate, and compliance audits become painful when reporting hits ‘half-loaded’ data. With Warehouse Snapshots, Microsoft Fabric solves this by giving you a stable, read-only view of your warehouse at a specific point in time and now, this capability is … Continue reading “Warehouse Snapshots in Microsoft Fabric (Generally Available)”
Update Type: GA, Services: Microsoft Fabric, Categories: Compliance

Locations API Update for UK Azure Regions

Wed, 15 Oct 2025 16:00:24 Z

To align with evolving compliance and regulatory requirements, Azure is updating the geographyGroup and regionalDisplayName metadata for UK-based regions in the Locations API. These changes will take effect this month, October 2025, and will apply to the
Update Type: GA, Services: , Categories: Compliance

Upgrade existing Azure Gen1 VMs to Gen2-Trusted launch

Thu, 04 Sep 2025 18:15:11 Z

Announcing general availability support to enable Trusted launch on existing Azure Gen1 VMs by upgrading the Gen1 VM to Gen2-Trusted launch. This will help improve the foundational security of existing Azure VMs. Trusted Launch VMs provide foundational co
Update Type: GA, Services: Virtual Machines, Categories: Compliance

Meet Your Healthcare Regulation and Compliance Requirements with Purview Data Loss Prevention (DLP) Policies

Wed, 27 Aug 2025 10:30:00 Z

In healthcare, data security is not just a technical priority—it’s an ethical and legal imperative. From electronic health records (EHRs) to population health analytics and research data, healthcare organizations working with platforms like Microsoft Fabric must protect sensitive health information while navigating a complex web of regulatory requirements, most notably HIPAA and regional health privacy … Continue reading “Meet Your Healthcare Regulation and Compliance Requirements with Purview Data Loss Prevention (DLP) Policies “
Update Type: Announcement, Services: Microsoft Fabric, Categories: Compliance

Customer-managed keys for Fabric workspaces is now in Public Preview

Mon, 11 Aug 2025 11:57:18 Z

We’re excited to share that customer-managed keys (CMK) for Microsoft Fabric workspaces are now available in public preview in all public regions! This expansion makes it easier for customers worldwide to meet compliance requirements and implement robust data protection strategies. Note: This feature was released in public preview in a limited set of regions earlier … Continue reading “Customer-managed keys for Fabric workspaces is now in Public Preview”
Update Type: Preview, Services: Microsoft Fabric, Categories: Compliance

Network security perimeter

Tue, 05 Aug 2025 17:00:21 Z

Network security perimeter allows organizations to define a logical network isolation boundary for PaaS resources (for example, Azure Storage account and SQL Database server) that are deployed outside your organization’s virtual networks. It restricts pub
Update Type: GA, Services: SQL Database, Azure Storage, Private Link, Categories: Compliance

Azure DNS Public Zones DNS Security Extensions (DNSSEC) is now available in our US Gov and China regions

Mon, 04 Aug 2025 18:00:01 Z

Announcing the general availability of Domain Name System Security Extensions (DNSSEC) for Azure DNS Public Zones in US Gov and China regions. With this release you can now enable DNSSEC on all existing and new public DNS Zones hosted on Azure DNS. This s
Update Type: GA, Services: Azure DNS, Categories: Compliance

Agentless multi-disk crash consistent backup for Azure VMs

Fri, 01 Aug 2025 16:00:17 Z

Azure Backup support for agentless multi-disk crash consistent backups for Azure Virtual Machines is now Generally Available.Agentless multi-disk crash consistent backups for Azure VM allows you to take VM backups without installing additional software li
Update Type: GA, Services: Virtual Machines, Azure Backup, Categories: Compliance

Standardizing Audit Operations for Warehouse, DataMarts and SQL Analytics Endpoint.

Tue, 29 Jul 2025 11:00:00 Z

As we continue to mature the Microsoft Fabric platform, we’re taking steps to streamline and simplify the experience for administrators and compliance teams who rely on audit logs. Beginning July 2025, we’re consolidating a number of redundant audit operations into a unified model that reflects our broader platform architecture. This change impacts how operations for … Continue reading “Standardizing Audit Operations for Warehouse, DataMarts and SQL Analytics Endpoint.”
Update Type: Announcement, Services: Microsoft Fabric, Categories: Compliance

Transition existing platform-managed keys (PMK) to customer-managed keys (CMK) for Azure NetApp Files volumes without data migration.

Thu, 26 Jun 2025 17:00:16 Z

Customers can now transition existing volumes from platform-managed keys (PMK) to customer-managed keys (CMK) seamlessly. This provides customers flexibility of encryption key lifecycle (renewals, rotations) and additional security for regulated industry
Update Type: GA, Services: Azure Key Vault, Azure NetApp Files, Categories: Compliance

Azure Site Recovery Support for Azure Trusted Launch VMs Running Linux OS

Thu, 12 Jun 2025 11:45:48 Z

Azure Site Recovery support for Azure Trusted Launch VMs running Linux OS is Generally Available. Azure Trusted Launch VMs provide foundational compute security to Azure Generation 2 VMs by enabling Secure Boot and vTPM capabilities. This Generally Availa
Update Type: GA, Services: Virtual Machines, Site Recovery, Categories: Compliance

Privacy by Design: PII Detection and Anonymization with PySpark on Microsoft Fabric

Thu, 12 Jun 2025 06:00:00 Z

Introduction Whether you’re building analytics pipelines or conversational AI systems, the risk of exposing sensitive data is real. AI models trained on unfiltered datasets can inadvertently memorize and regurgitate PII, leading to compliance violations and reputational damage. This blog explores how to build scalable, secure, and compliant data workflows using PySpark, Microsoft Presidio, and Faker—covering … Continue reading “Privacy by Design: PII Detection and Anonymization with PySpark on Microsoft Fabric”
Update Type: Announcement, Services: Microsoft Fabric, Categories: Compliance

Azure Backup for Elastic SAN

Thu, 29 May 2025 15:15:41 Z

Azure Backup now supports Elastic SAN, offering a fully managed solution for backing up and restoring Elastic SAN volumes. This integration helps protect data against accidental deletions, ransomware attacks, and application updates by exporting Elastic S
Update Type: Preview, Services: Azure Backup, Managed Disks, Categories: Compliance

Azure Backup enables vaulted backup for Azure Data Lake Storage for comprehensive data protection

Fri, 18 Apr 2025 13:00:53 Z

Azure Backup now supports transferring your Azure Data Lake Storage backups to the vault. A vault stores backups and recovery points created over time. You can define a backup schedule with daily or weekly backups and specify retention settings for how lo
Update Type: Preview, Services: Data Lake Storage, Azure Backup, Categories: Compliance

Private Preview: Threat Detection in Azure Backup Powered by MDC

Tue, 08 Apr 2025 17:00:16 Z

We are excited to announce the Private Preview of an advanced Threat Detection capability in Azure Backup, now integrated with Microsoft Defender for Cloud (MDC). This new feature enables you to assess the health of their Azure VM backup RPs by identifyin
Update Type: Preview, Services: Virtual Machines, Defender for Cloud, Azure Backup, Categories: Compliance

Azure Networking Capabilities for Microsoft Copilot in Azure

Tue, 08 Apr 2025 17:00:16 Z

Copilot now offers contextual responses and actionable insights based on Microsoft's extensive networking knowledge and your Azure environment. These capabilities for Azure networking products are now GA: Design, Plan, Migrate & Optimize Network product
Update Type: GA, Services: Load Balancer, Virtual Network, Application Gateway, ExpressRoute, VPN Gateway, Network Watcher, Azure Firewall, Azure Front Door, Traffic Manager, Private Link, Copilot in Azure, Categories: Compliance

Secure, comply, collaborate: Item Permissions in Fabric Data Warehouse

Wed, 02 Apr 2025 07:45:00 Z

In today’s data-driven world, managing access to data is crucial for maintaining security, ensuring compliance, and optimizing collaboration. Item permissions play a vital role in controlling who can access, modify, and share data within an organization. This blog post will delve into the rationale behind the need for item permissions, what permissions can be assigned … Continue reading “Secure, comply, collaborate: Item Permissions in Fabric Data Warehouse”
Update Type: Announcement, Services: , Categories: Compliance

Introducing SQL Audit Logs for Fabric Data Warehouse

Wed, 02 Apr 2025 07:15:00 Z

Introducing SQL Audit Logs for Fabric Data Warehouse, a powerful new feature designed to enhance security, compliance, and operational insights for our users. The Role of SQL Audit Logs in Fabric Data Warehouse Security SQL Audit Logs in Microsoft Fabric Data Warehouse provide a comprehensive and immutable record of all database activities, capturing critical details … Continue reading “Introducing SQL Audit Logs for Fabric Data Warehouse”
Update Type: Announcement, Services: Microsoft Fabric, Categories: Compliance

Azure Site Recovery Support for Azure Trusted Launch VMs Running Linux OS

Fri, 07 Mar 2025 17:00:04 Z

Azure Site Recovery support for Azure Trusted Launch VMs running Linux OS is in public preview. Azure Trusted Launch VMs provide foundational compute security to Azure Generation 2 VMs by enabling Secure Boot and vTPM capabilities. This public preview is
Update Type: Preview, Services: Virtual Machines, Site Recovery, Categories: Compliance

Custom Secure Boot UEFI Keys for Azure Trusted Launch VM

Wed, 05 Mar 2025 13:45:34 Z

Trusted Launch VM now supports customizing secure boot UEFI keys. One or more of the secure boot keys and/or databases (PK, KEK, DB, or DBX) can be fully replaced or updated. This allows additional flexibility to further secure workloads using Trusted Lau
Update Type: GA, Services: Virtual Machines, VM Scale Sets, Categories: Compliance

Vaulted Backup Support for Azure Files Standard Shares

Tue, 04 Mar 2025 20:30:56 Z

Azure Backup Vaulted support for Azure Files shares standard is now generally available providing enhanced data protection with the ability to configure snapshot and vaulted backup in a single policy and offers cross account/regional recovery. Previously,
Update Type: GA, Services: Azure Backup, Categories: Compliance

Bing Search APIs with Your LLM on March 6, 2025

Tue, 04 Mar 2025 18:15:38 Z

Bing Search APIs, with your LLM is retired on March 6th 2025. Any existing instances of Bing Search APIs, with your LLM will be decommissioned completely, and the product will no longer be available for usage or new customer signups.Note that this retirem
Update Type: Deprecation, Services: Azure AI Services, Categories: Compliance

Private preview: User-defined functions for Azure confidential ledger

Sat, 01 Mar 2025 19:00:13 Z

Azure confidential ledger now allows you to deploy custom business logic written in JavaScript/TypeScript and take advantage of increased protection of data in memory by running those scripts in a trusted execution environment (TEE). For example, create c
Update Type: Preview, Services: , Categories: Compliance

Vaulted Backups by Azure Backup for Azure Database for PostgreSQL – Flexible Server in 5 Regions

Fri, 28 Feb 2025 11:45:16 Z

Microsoft is excited to announce the general availability (GA) of Vaulted Backups by Azure Backup for Azure Database for PostgreSQL Flexible Server, a robust and scalable backup solution designed to meet the needs of enterprises and developers alike. Vaul
Update Type: GA, Services: Kubernetes Service, Database for PostgreSQL, Azure Backup, Categories: Compliance

Azure DNS Public Zones DNS Security Extensions (DNSSEC) support

Mon, 03 Feb 2025 21:00:38 Z

Announcing the general availability of Domain Name System Security Extensions (DNSSEC) for Azure DNS Public Zones. With this release you can now enable DNSSEC on all existing and new public DNS Zones hosted on Azure DNS. This significant update enhances t
Update Type: GA, Services: Azure DNS, Categories: Compliance

Support for new custom error pages in Application Gateway

Tue, 28 Jan 2025 18:15:12 Z

In addition to the response codes 403 and 502, the Azure Application Gateway now lets you configure company-branded error pages for more response codes - 400, 405, 408, 500, 503, and 504. You can configure these error pages at a global level to apply to a
Update Type: GA, Services: Application Gateway, Categories: Compliance

Azure Confidential Ledger Achieves ISO 27001 Certification

Wed, 22 Jan 2025 19:45:45 Z

Azure Confidential Ledger is now ISO 27001 certified. ISO 27001 is an internationally recognized standard for information security management systems (ISMS). This certification demonstrates that Azure Confidential Ledger has implemented a comprehensive an
Update Type: GA, Services: Confidential Ledger, Categories: Compliance

Customer Managed Unplanned Failover for Azure Data Lake Storage and SSH File Transfer Protocol

Fri, 17 Jan 2025 17:15:39 Z

We are excited to announce the general availability of customer managed unplanned failover for Azure Data Lake Storage (ADLS) and storage accounts with SSH File Transfer Protocol (SFTP) enabled. Customer managed unplanned failover enables you to failover
Update Type: GA, Services: Data Lake Storage, Azure Storage, Categories: Compliance

Azure Confidential Ledger Achieves SOC 2 Type II Compliance

Mon, 13 Jan 2025 16:00:43 Z

Azure Confidential Ledger is now SOC 2 Type II compliant. The SOC 2 Type II certification is a rigorous standard for data security, availability, processing integrity, confidentiality, and privacy. It demonstrates that Azure Confidential Ledger has implem
Update Type: GA, Services: Confidential Ledger, Categories: Compliance

Private Preview: Azure Confidential Clean Rooms

Tue, 19 Nov 2024 18:15:23 Z

Microsoft is announcing the gated preview of Azure Confidential Clean Rooms, a cutting-edge solution designed for organizations that require secure multi-party data collaboration. With Confidential Clean Rooms, you can share privacy sensitive data such as
Update Type: Preview, Services: , Categories: Compliance

Monitor your Fabric workspaces

Tue, 19 Nov 2024 16:00:37 Z

We are excited to announce workspace monitoring in Fabric. Workspace monitoring is designed for admins and developers to view detailed diagnostic logs and workload metrics about their workspaces to troubleshoot performance issues, capacity performance, an
Update Type: Preview, Services: Microsoft Fabric, Categories: Compliance

OneLake catalog—a complete catalog for discovery, management, and governance

Tue, 19 Nov 2024 16:00:37 Z

OneLake catalog is a complete solution to explore, manage, and govern your entire Fabric data estate. The OneLake catalog comes with two tabs, Explore and Govern, that can help all Fabric users discover and manage trusted data, as well as provide governan
Update Type: GA, Services: Microsoft Fabric, Azure Purview, Categories: Compliance

Azure Backup for AKS: Elevating Compliance and Cyber Resilience for Cloud Native Applications

Tue, 19 Nov 2024 14:12:00 Z

Expanding Azure Backup for the Cloud-Native Ecosystem
Update Type: Announcement, Services: Kubernetes Service, Azure Backup, Categories: Compliance

TLS 1.2 to become the minimum TLS version for Azure Storage

Wed, 13 Nov 2024 18:45:27 Z

To respond to evolving technology and regulatory standards, Azure Storage will remove support for TLS version 1.1 and 1.0, and the minimum supported version will be TLS1.2 starting November 1, 2025. TLS 1.2 is more secure and faster than older TLS version
Update Type: Announcement, Services: Data Lake Storage, Azure Storage, Categories: Compliance

Immutable WORM Storage for Backups in Azure Recovery Services Vaults

Thu, 24 Oct 2024 07:00:00 Z

Azure Backup users will now have immutable WORM storage for their backups when immutability is enabled and locked on a Recovery Services Vault. When immutability is enabled, it ensures that a Recovery Point, once created, cannot be deleted or have its ret
Update Type: Preview, Services: Azure Backup, Categories: Compliance

Public Preview: Immutable WORM Storage for Backups in Azure Recovery Services Vaults

Thu, 24 Oct 2024 00:00:00 Z

With Azure Backup, you can now enable Immutable WORM storage for your backups when you lock immutability on the Recovery Services Vault.
Update Type: Preview, Services: Azure Backup, Categories: Compliance

Announcement: Introducing the Logic Apps Hybrid Deployment Model (Public Preview)

Wed, 16 Oct 2024 08:55:45 Z

Introducing the Logic Apps Hybrid Deployment Model We are excited to announce the launch of the Logic Apps Hybrid Deployment Model, a new feature that empowers our customers with additional flexibility and control. This new offering allows you to build and deploy workflows that run on customer-managed infrastructure, providing you with the option to run Logic Apps on-premises, in a private cloud, or even in a third-party public cloud. With the Logic Apps Hybrid Deployment Model, you can tailor your integration solutions to meet your specific needs, whether it's for regulatory compliance, data privacy, or network restrictions. This model ensures that you have the freedom to choose the best environment for your workflows, while still leveraging the powerful capabilities of Azure Logic Apps. The Hybrid Deployment Model supports a semi-connected architecture. What this means is that you get local processing of workflows, the data processed by the workflows remains in your local SQL Server and also provides you the ability to connect to local networks. Since the Hybrid Deployment Model is based upon Logic Apps Standard, the built-in connectors will execute in your local compute giving you access to local data sources and higher throughput. In some scenarios, you will need connectivity to external resources such as SaaS based systems like Office 365, Microsoft Teams and Dataverse. For these use cases, you can leverage our large library of Azure connectors to fulfil this need. You will also require internet connectivity to manage your Logic App from the Azure Portal. But, the semi-connected nature of our platform allows you to absorb temporary internet connectivity issues. Hybrid Deployment Model Use Cases During our early access preview, we had the opportunity to work with many customers to better understand their needs. The usage patterns that we encountered typically fall into the following segments: Billing Model Introduced A billing model has been intro
Update Type: Preview, Services: Logic Apps, Categories: Compliance

Announcing Text PII Redaction Container Release

Wed, 09 Oct 2024 17:04:19 Z

We are excited to announce the container support for pre-built Text PII services for redacting Personally Identifiable Information (PII). This release allows customers with stringent security and privacy requirements to detect and redact PII entities from text locally, ensuring that user data is secure and private. This release includes both connected and disconnected container options, with the connected container offering both Pay as You Go and Commitment Tier pricing options and the disconnected container providing Commitment Tier pricing, allowing long-term customers to also benefit from cost savings based on their commitment. Learn more about our pricing options on our pricing page. The Text PII container also supports over 70 languages and additional support for Chinese, Japanese, Korean, and Thai are in progress. This update provides a new option for our customers to redact PII in a secured on-premises environment and is one of several PII detection offerings in Azure AI Language. In the Azure-hosted service, Azure AI Language also offers PII detection optimized for speech-to-text transcripts (Conversational PII service) and native documents (Native Document PII service). Conversational PII provides better support for inputs like transcripts, chats, and other text written in a conversational style (i.e. text with “um”s, “ah”s, multiple speakers, and the spelling out of words for more clarity). We will be adding more of these capabilities to be supported by PII containers in the future based on customers' needs. These services enable our customers to adhere to the highest standards of data privacy, security, and compliance in scenarios such as anonymizing user data from customer support calls, from legal documents, or before sending it to LLMs, helping protect an individual’s identity and privacy in both generative and non-generative AI applications which are critical for highly regulated industries such as financial services, healthcare or government. To
Update Type: Announcement, Services: Azure AI Services, Categories: Compliance

What is Microsoft Entra (and why use it)?

Fri, 04 Oct 2024 15:41:41 Z

Microsoft Entra is a family of identity and network access products designed to implement a Zero Trust security strategy. It is part of the Microsoft Security portfolio which also includes Microsoft Defender for cyberthreat protection and cloud security, Microsoft Sentinel for security information and event management (SIEM), Microsoft Purview for compliance, Microsoft Priva for privacy and Microsoft Intune for endpoint management. Zero-trust strategy The Zero Trust security strategy is a modern approach to cybersecurity that assumes no user or device, whether inside or outside the network, should be trusted by default. Instead, every access request must be verified and authenticated before granting access to resources. This strategy is designed to address the complexities of the modern digital environment, including remote work, cloud services, and mobile devices. Why use Entra Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management solution that offers several benefits over traditional on-premises solutions: - Unified Identity Management: Entra provides a comprehensive identity and access management solution that spans across hybrid and cloud environments. This means you can manage user identities, access rights, and entitlements in a unified manner, which simplifies administration and enhances security. - Seamless User Experiences: Entra supports Single Sign-On (SSO), allowing users to access multiple applications with a single set of credentials. This reduces password fatigue and improves user experience. - Adaptive Access Policies: Entra enables strong authentication and real-time, risk-based adaptive access policies without compromising user experience. This helps in securing access to resources and data effectively - Integration with External Identities: Entra External ID allows organizations to securely manage and authenticate users who are not p
Update Type: Announcement, Services: Microsoft Entra ID, Azure AD EI, Azure Purview, Microsoft Sentinel, Categories: Compliance

Reminder New E-mail templates for Log search alerts - API version 2021-08-01 and up

Thu, 03 Oct 2024 07:00:00 Z

Log alerts are one of the alert types that are supported in Azure Monitor. Log alerts allow users to use a log analytics query to evaluate resources logs every set frequency, and fire an alert based on the results. Rules can trigger one or more actions us
Update Type: GA, Services: Azure Monitor, Categories: Compliance

Generally Available: Reminder New E-mail templates for Log search alerts - API version 2021-08-01 and up

Thu, 03 Oct 2024 00:00:00 Z

As we continue to enhance your experience with Azure Monitor, we want to remind you about an important update of Log search alerts V2 non common scheme e-mail templates.
Update Type: GA, Services: Azure Monitor, Categories: Compliance

Public Preview of Azure Migrate from VMware to Azure Stack HCI

Tue, 01 Oct 2024 17:20:00 Z

Today, we are thrilled to announce the public preview of the Azure Migrate functionality to migrate VMs from VMware to Azure Stack HCI, a significant enhancement in our cloud migration capabilities that seamlessly extends to the edge, in line with our adaptive cloud approach. Seamless Migration with Azure Migrate The core of this release lies within the integration of Azure Migrate with our adaptive cloud framework, facilitating a smooth transition of Virtual machines from VMware to Azure Stack HCI. Azure Migrate is a proven solution used by numerous organizations to move on-premises workloads to Azure, and now, it extends its capabilities to support Azure Stack HCI as well. Key Benefits of Azure Migrate for VMware to HCI Agent-less Replication: Migrate your virtual machines without the need for installing agents inside the VMs, simplifying the process and reducing the risk of disruptions. Configure your workload during Migration: Azure Migrate provides the ability to reconfigure the properties of yuor VMs such as CPU, RAM and more directly from the migration experience. No workload impact during replication: Azure Migrate uses technologies such as LEDBAT++ to optimize the network traffic and ensure reliable transfer from source to target. It also interacts directly with the vCenter APIs to copy the disks in the background. This means your workload n VMware will continue to run with no disruption during the copy process. Data stays on premises: The VMs being migrated go directly from the VMware infrastructure to the Azure Stack HCI infrastructure without going through the cloud. This allows you to stay in control of your data and ensure compliance. Minimal Cutover Time: Designed to minimize downtime, our migration solution ensures a quick and efficient cutover to Azure Stack HCI, maintaining business continuity. Why Choose Azure Stack HCI for VMware Workloads? Migrating to Azure Stack HCI offers numerous advantages that can transform your IT infrastr
Update Type: Preview, Services: Virtual Machines, Azure Migrate, Categories: Compliance

Azure Automange Best Practices Migrating to Azure Policy

Thu, 26 Sep 2024 07:00:00 Z

Azure Automanage Best Practices was useful for automating the configuration and management of virtual machines according to Azure's best practices. It achieved this by automatically onboarding VMs to services like Azure Monitor, Backup, and Microsoft Defe
Update Type: Deprecation, Services: Virtual Machines, Azure Monitor, Azure Policy, Azure Automanage, Categories: Compliance

Retirement: Azure Automanage Best Practices Retirement. Migrate to Azure Policy

Thu, 26 Sep 2024 00:00:00 Z

Azure Product Retirement: Azure Automanage Best Practices on 09/30/2027. Replace with Azure Policy.
Update Type: Deprecation, Services: Azure Policy, Azure Automanage, Categories: Compliance

Unlock the Future of API Compliance with AI and Azure API Center

Thu, 19 Sep 2024 15:30:00 Z

Discover how you can revolutionize your API compliance process using Azure API Center, Logic Apps, GitHub, and cutting-edge AI technology. Learn how our innovative approach analyzes your API design governance, generates insightful compliance reports, and seamlessly notifies developers with actionable feedback. Stay ahead of the curve and ensure your APIs meet the highest standards with our automated, AI-driven solution. Introduction API compliance is crucial for organizations to make sure that APIs designed and built follow the established rules, standards, and guidelines defined by the organization as well as industry best practices, which developers must adhere to while developing APIs. Further, it becomes time consuming to review APIs and identify design guidelines gaps manually, and integrating compliance with existing eco-system, which impacts developer productivity. This article shows how you can revolutionize and enhance your API compliance process using Azure API Center’s Analysis capabilities and Integration Services, and generate insightful compliance reports using Azure OpenAI, notifying developers with actionable feedback to ensure APIs adhere to organization’s API guidelines and industry best practices. The solution will achieve following objectives. Improved Developer Productivity: The use of AI-driven insights reduces the time developers spend manually reviewing APIs, allowing them to focus on critical tasks with real-time, actionable feedback on API design gaps. Automate API Compliance: By integrating Azure API Center with Azure OpenAI, the solution ensures that APIs comply with organizational design standards and best practices through automated analysis. Seamless Integration: The solution automates the workflow by integrating with GitHub and Azure services, streamlining the compliance review process and creating an efficient feedback loop for developers. Intelligent API Compliance Solution using Azure API Center and Azure OpenAI Azure API Cent
Update Type: Announcement, Services: Logic Apps, Azure AI Services, API Center, Categories: Compliance

Advanced Container Networking Services: Enhancing security and observability in AKS

Thu, 19 Sep 2024 07:00:00 Z

Advanced Container Networking Service offers advanced security feature, FQDN filtering. FQDN filtering allows you to define granular network policies based on domain names rather than IP addresses. This simplifies policy management, reduces administrative
Update Type: Preview, Services: Kubernetes Service, Categories: Compliance

Public Preview: Advanced Container Networking Services: Enhancing security and observability in AKS

Thu, 19 Sep 2024 00:00:00 Z

Microsoft’s Azure container Networking team is announcing availability of FQDN filtering and HA DNS proxy within Advanced Container Networking Services on Azure Kubernetes Service (AKS). These new features provide a robust and secure solution for managing network traffic in containerized environments.
Update Type: Preview, Services: Kubernetes Service, Categories: Compliance

[In development] Private Preview: Azure Site Recovery support for Azure Trusted Launch VMs (Linux OS)

Thu, 12 Sep 2024 07:00:00 Z

We are excited to announce the private preview of Azure Site Recovery support for Azure Trusted Launch VMs. Azure Trusted Launch VMs provide foundational compute security to Azure Generation 2 VMs by enabling Secure Boot and vTPM capabilities. This privat
Update Type: Preview, Services: Virtual Machines, Site Recovery, Categories: Compliance

Private Preview: Azure Site Recovery support for Azure Trusted Launch VMs (Linux OS)

Thu, 12 Sep 2024 00:00:00 Z

Azure Site Recovery support for Azure Trusted Launch VMs (Linux OS) is now available for private preview.
Update Type: Preview, Services: Virtual Machines, Site Recovery, Categories: Compliance

Auto-renewal of certificates for on-premises to Azure Site Recovery

Thu, 05 Sep 2024 07:00:00 Z

Azure Site Recovery has introduced automatic renewal of certificates for on-premises to Azure disaster recovery. Azure Site Recovery uses various components for doing disaster recovery (DR) from on-premises to Azure. Certificates are essential for communi
Update Type: GA, Services: Virtual Machines, Site Recovery, Categories: Compliance

Generally Available: Auto-renewal of certificates for on-premises to Azure Site Recovery

Thu, 05 Sep 2024 00:00:00 Z

Auto-renewal of certificates for on-premises to Azure Site Recovery.
Update Type: GA, Services: Site Recovery, Categories: Compliance

Azure Extended Zones: Optimizing Performance, Compliance, and Accessibility

Mon, 02 Sep 2024 00:00:00 Z

Azure Extended Zones are small-scale Azure extensions located in specific metros or jurisdictions to support low-latency and data residency workloads. They enable users to run latency-sensitive appli...
Update Type: Announcement, Services: , Categories: Compliance

Effortless Private Endpoint Management in Azure Landing Zones: A Streamlined and Compliant Approach

Thu, 29 Aug 2024 16:56:24 Z

1. Challenge In Azure Landing Zones, the network infrastructure, including components like VNET Gateways and ExpressRoute circuits, is part of the platform landing zone. However, in line with the subscription democratization principle, workload owners should be empowered to deploy infrastructure as needed while remaining compliant with corporate policies. To achieve this in Azure Landing Zones, a custom Subscription Owner role grants workload (VNET) owners full access, excluding role assignments and networking. While this setup generally works, it poses a challenge for Private Endpoints. Registering a Private Endpoint into the required Private DNS Zone, which is centrally managed in the platform landing zone, is not possible because workload subscription owners lack access to these Private DNS Zones. Although they can be granted access using the Private DNS Zone Contributor role, assigned to the “connectivity” subscriptions or management groups, this role provides too much access, such as editing or deleting records. Ideally, only the (de-)registration of the CNAME record for the Private Endpoint should be allowed. This article describes a simple solution to this problem while ensuring compliance with Azure Landing Zone policies. MS Learn outlines an approach for "Private Link and DNS integration at scale", but it has several drawbacks: The policies can quickly become large and complex. Each Private Link Resource type requires dedicated code in the policy. This method is incompatible with several resource types such as AKS and PostgreSQL Flexible Server. The approach described in this article is easy to deploy and provides a seamless, Azure Landing Zones-compliant solution. 2. AZURE Landing Zones The diagram below shows the resource structure in an AZURE Landing Zone. A subscription in the "Landing Zones" management group serves as boundary for a single workload. The owners of the workload are assigned the "Subscription Owner" role on the su
Update Type: Announcement, Services: Kubernetes Service, Database for PostgreSQL, Virtual Network, ExpressRoute, Private Link, Categories: Compliance

Designing and running a Generative AI Platform based on Azure AI Gateway

Tue, 27 Aug 2024 23:10:10 Z

Designing and Operating a Generative AI Platform Summary Are you in a platform team who has been tasked with building an AI Platform to serve the Generative AI needs of your internal consumers? What does that mean? It’s a daunting challenge to be set, and even harder if you’re operating in a highly regulated environment. As enterprises scale out usage of Generative AI past a few initial use-cases they will face into a new set of challenges - scaling, onboarding, security and compliance to name a few. This article discusses such challenges and approaches to building an AI Platform to serve your internal consumers. Needs and more needs To successfully run Generative AI at scale, organisations are utilising new features in API Management platforms such as Azure API Management's AI Gateway (https://techcommunity.microsoft.com/t5/azure-integration-services-blog/introducing-genai-gateway-capabilities-in-azure-api-management/ba-p/4146525). The key to success for these platforms will be based on effective CI / CD and automation strategies. As we will see, an architecture to run Azure Open AI safely at scale involves safely deploying and managing lots of moving pieces, which together solve for scenarios such as: How many Azure Open AI (AOAI) APIs should I create? How do I version AOAI APIs? How do I support consumers with different content-safety and model requirements? How do I restrict throughput per Consumer, per deployment? How do I scale out AOAI services? How do I log all prompts and responses including streaming, without disruption? What other value add services should a platform offer consumers? Further, we need to understand how common services and libraries involved in building Generative AI Services fit into the architecture. We can build the best AI Platform in the world but if our consumers find they cannot use common Generative AI Libraries with it, have we really succeeded? This document iterates through use-cases to build out a reference impleme
Update Type: Announcement, Services: API Management, Azure AI Services, Categories: Compliance

Introducing the Azure Policy Community Repo

Thu, 15 Aug 2024 18:31:09 Z

Introducing the Azure Policy Community Repo What is the Azure Policy Community Repo? The Azure Policy Community Repo is a collaborative space for Azure customers and Microsoft teams to share and create custom policies, enhancing cloud governance and compliance. Benefits of Contributing to the Community Repo Direct Impact: Support organizations in enforcing standards and assessing compliance at scale. Recognition: Share innovative solutions to gain visibility within the Azure community. Enhanced Resource Pool: Access and contribute to a growing repository, amplifying the success of the Azure ecosystem in achieving robust compliance. How to Contribute To contribute, submit a Pull Request to the Azure Community Policy Repo. For your convenience, we have attached detailed steps for submitting your Pull Request, ensuring a smooth process. Ensure your submission includes a consent statement for use and sharing, and that your policies are generic enough to maintain privacy and confidentiality while providing valuable insights for compliance and standard enforcement. How to Create a Pull Request for Azure Community Policy Contributions Contributing to the Azure Community Policy repository is a valuable way to share your Azure policy solutions with a wider audience. Follow these step-by-step instructions to create and submit your Pull Request. Step 1: Fork the Repository Visit the Azure Community Policy repository on GitHub. Click on the "Fork" button at the top right corner to create a copy of the repository in your GitHub account. Step 2: Clone the Repository Navigate to your forked repository. Use the "Clone or download" button to copy the repository URL. Clone the repository to your local machine using the Git command: git clone [URL] Step 3: Create a New Branch Navigate into the cloned repository directory on your machine. Create a new branch for your contributions: git checkout -b [branch_name] Step 4: Make Your Changes Add or modify policies in your b
Update Type: Announcement, Services: Azure Policy, Categories: Compliance

Public preview: Microsoft Entra ID FIDO2 provisioning APIs

Wed, 07 Aug 2024 16:00:00 Z

Today I'm excited to announce a great new way to onboard employees with admin provisioning of FIDO2 security keys (passkeys) on behalf of users. Our customers love passkeys as a phishing-resistant method for their users, but some were concerned that registration was limited to users registering their own security keys. Today we’re announcing the new Microsoft Entra ID FIDO2 provisioning APIs that empowers organizations to handle this provisioning for their users, providing secure and seamless authentication from day one. While customers can still deploy security keys in their default configuration to their users, or allow users to bring their own security keys which requires self-service registration by a user, the APIs allow keys to be pre-provisioned for users, so users have an easier experience on first use. Adopting phishing-resistant authentication is critical - attackers have increased their use of Adversary-in-the-Middle (AitM) phishing and social engineering attacks to target MFA-enabled users. Phishing-resistant authentication methods, including passkeys, certificate-based authentication (CBA), and Windows Hello for Business, are the best ways to protect from these attacks. Phishing-resistant authentication is also a key requirement of Executive Order 14028 which requires phishing-resistant authentication for all agency staff, contractors, and partners. While most federal customers use preexisting smartcard systems to achieve compliance, passkeys provide a secure alternative for their users looking for improved ways to securely sign in. With today’s release of admin provisioning, they also have a simplified onboarding process for users. With the Microsoft Entra ID FIDO2 provisioning APIs organizations can build their own admin provisioning clients, or partner with one of the many leading credential management system (CMS) providers who have integrated our APIs in their offerings. Tim Larson, Senior Product Manager on Microsoft Entra, will n
Update Type: Preview, Services: Microsoft Entra ID, Categories: Compliance

Enhancing Security and Control: Bring Your Own NSG to Microsoft Azure Red Hat OpenShift Clusters

Wed, 07 Aug 2024 15:19:39 Z

Microsoft Azure Red Hat OpenShift (ARO) has taken a significant step forward in empowering organizations with greater control over their cluster security. The "bring your own" Network Security Group (NSG) feature offers a flexible approach to managing network security for ARO clusters. Let us explore this feature and see how it can benefit your organization. What is an NSG? Network Security Groups (NSGs) are crucial for maintaining robust security and efficient traffic management within cloud environments. They provide essential control over network traffic by defining rules that determine which IP addresses, ports, and protocols are allowed or denied, thereby safeguarding resources from unauthorized access and cyber threats. By segmenting security policies according to specific network segments or resources, NSGs enable tailored and precise protection, ensuring sensitive data and systems are shielded while allowing necessary traffic to flow seamlessly. Additionally, NSGs support compliance with regulatory standards by enforcing strict access controls and facilitating effective monitoring and auditing of network activity. Overall, NSGs play a vital role in securing cloud infrastructure, making network management more streamlined and responsive to evolving security needs. Understanding the NSG Challenge Traditionally, when creating an ARO cluster, the ARO Resource Provider (RP) would generate a dedicated resource group containing cluster-specific resources, including Network Security Groups (NSGs). While this approach ensured a baseline level of security, organizations often sought more flexibility and control over their network security configurations. The new "bring your own" Network Security Group (NSG) feature addresses these needs by offering: Enhanced Control: Customers can now configure NSGs to meet their specific security requirements. Organizational Alignment: The ability to customize NSGs allows for better alignment between security, networking, and cl
Update Type: Announcement, Services: Azure Red Hat OpenShift, Categories: Compliance

Announcing General Availability of Workspaces in Azure API Management

Wed, 07 Aug 2024 15:00:00 Z

We are excited to announce the general availability of workspaces in Azure API Management! Workspaces enable organizations to manage APIs more productively, securely, and reliably using a federated approach. Enhanced Autonomy and Productivity Workspaces bring a new level of autonomy to API teams, enabling them to create, manage, and publish APIs faster, more reliably, securely, and productively within an API Management service. By providing isolated administrative access and API runtime, workspaces empower API teams, while allowing the API platform team to retain oversight with central monitoring, enforcement of API policies and compliance, and publishing APIs for discovery through a unified developer portal. Isolated Administrative Access and API Runtime Workspaces function like "folders" within an API Management service. Each workspace contains APIs, products, subscriptions, named values, and related resources. Access to resources within a workspace is managed through Azure's role-based access control (RBAC) with built-in or custom roles assignable to Microsoft Entra accounts. Workspaces now offer API runtime isolation through association with a workspace API gateway, allowing teams to manage gateways and their configurations. Segregated runtimes ensure that faults, such as gateway resource starvation or cybersecurity incidents, are contained within individual workspaces, preventing them from affecting all organization’s APIs. Runtime isolation also enables attribution of issues and platform usage to a workspace. Learn how to create a workspace in API Management. Workspaces contain APIs, products and related resources that API teams manage. API runtime is provided by an associated workspace gateway. Developer portal, all-APIs policy, and logs and metrics may apply across workspaces. Independent Deployment Lifecycles Each workspace typically follows its own deployment lifecycle. The APIOps toolkit release 6.0.2 introduces support for automated deployment of w
Update Type: GA, Services: API Management, Categories: Compliance

Public Preview: Customer Managed Planned Failover for Azure Storage

Tue, 06 Aug 2024 15:59:06 Z

We are excited to announce customer managed Planned Failover for Azure Storage is now available in public preview. Over the past few years Azure Storage has offered customer managed (unplanned) failover as a disaster recovery solution for geo-redundant storage accounts. This has enabled our users to meet their business requirements for disaster recovery testing and compliance. Planned failover now provides the same benefits while introducing additional benefits to our storage users. Planned Failover provides the ability to swap your geo primary and secondary regions while the storage service endpoints are still healthy. As a result, a user can now failover their storage account while keeping geo-redundancy and with no data loss or additional cost. Users will no longer need to reconfigure geo-redundant storage (GRS) after their planned failover operation which will save them both time and cost. Once the planned failover operation is completed all new writes will be made to your original secondary region, which will now be your primary region. After the planned failover is complete, the original primary region becomes the new secondary and the original secondary region becomes the new primary. There are multiple scenarios where Planned Failover can be utilized including: Planned disaster recovery testing drills to validate business continuity and disaster recovery. Recovering from a partial outage that occurs in the primary region where storage is not impacted. For example, if your storage service endpoints are healthy in both regions, but another Microsoft or 3rd party service is facing an outage in the primary region you can failover your storage services. In this scenario, once you failover the storage account and all other services your workloads can continue to work. A proactive solution in preparation of large-scale disasters that may impact a region. To prepare for a disaster such as a hurricane, users can leverage Planned Failover to failover to their se
Update Type: Preview, Services: Azure Storage, Categories: Compliance

OpenAI’s GPT-4o mini Now Available in API with Vision and Fine-tuning Text Capabilities on Azure AI

Sat, 03 Aug 2024 00:35:04 Z

We recently launched OpenAI’s fastest model, GPT-4o mini, in the Azure OpenAI Studio Playground, simultaneously with OpenAI. The response from our customers has been phenomenal. Today, we are excited to bring this powerful model to even more developers by releasing the GPT-4o mini API with vision support for Global and East US Regional Standard Deployments. From Playground to API: Expanding Accessibility Launching GPT-4o mini in the Azure OpenAI Studio Playground provided our customers with the opportunity to experiment and innovate with the latest AI technology. Now, by extending its availability to the API with global and regional pricing, we are empowering developers to seamlessly integrate GPT-4o mini into their applications, leveraging its incredible speed and versatility for a wide range of tasks. Unlocking New Possibilities with Vision and Text Capabilities With the addition of vision input capabilities, GPT-4o mini expands its versatility and opens new horizons for developers and businesses. This enhancement allows users to process and analyze visual data, extracting valuable insights and generating comprehensive text outputs. Whether it's interpreting images or processing documents, GPT-4o mini is designed to handle a wide range of tasks and use cases efficiently. Flexible Pricing: Regional and Global Options GPT4o-mini is available for Global Standard deployments in all regions and Standard Regional deployments in East US, with more regions coming soon. Operating costs can vary significantly across different regions due to factors such as data center expenses and local costs for renewable energy. Additionally, the strict compliance and residency requirements offered by Azure necessitate increased infrastructure investments. To provide our customers with the best possible price while maintaining high standards, we are introducing price tiers for regional Standard and Global Standard for GPT-4o mini. Global Standard provides the lowest price with the hig
Update Type: Announcement, Services: Azure AI Services, Azure AI Foundry, Categories: Compliance

OpenAI’s GPT-4o mini Now Available in API with Vision Capabilities on Azure AI

Wed, 31 Jul 2024 22:03:39 Z

Retirement: API “Microsoft.AlertsManagement alerts 2018-05-05-preview”

Thu, 18 Jul 2024 00:00:00 Z

The API “Microsoft.AlertsManagement alerts 2018-05-05-preview” that is in preview mode will be deprecated from the date 10-10-2024
Update Type: Deprecation, Services: Azure Monitor, Categories: Compliance

Public Preview Announcement: Azure Policy Built-in Versioning

Tue, 09 Jul 2024 18:00:00 Z

Welcome to a new era of policy management, where policy definitions are more agile, adaptable, and accessible than ever before! We are thrilled to introduce version management support for controlled built-in definition and initiative updates through Azure Policy. In a push to empower and simplify policy management, built-in definitions and initiatives will have the ability to store & reference multiple versions within a single definition ID. This new development will enhance your ability to govern, enforce and evolve your cloud governance policies. Keep reading for more information and be sure to check out our video walk-through of versioning to get started and learn more. What's new? Now, built-in definitions and initiatives can reference multiple versions within a single definition ID! This will help with: Regulated updates: All built-in definitions will be reviewed and evaluated to stay aligned with versioning guidelines standards. Change Management: Version will provide visibility into the evolution of built-in definitions and initiatives over each iteration. Controlled application and enforcement: Users can specify what version of the definition or initiative to be assessed against at assignment time. Gradual Rollout: Versioning in collaboration with assignment resource selectors and overrides can be used to introduce new versions of definitions gradually into the environment. Testing and quality assurance: Different versions of definitions may undergo different stages of roll out and application. Versioning awareness: Applicable version number will be shown in compliance logs on a per resource basis. Ready to dive in? Keep reading to discover how you can get started with Policy versioning and make the most of these new capabilities! Getting started: All built-in definitions and initiatives have been updated to be on the latest current version. This can be seen in the portal, or through maki
Update Type: Preview, Services: Azure Policy, Categories: Compliance

Generally Available: Azure Site Recovery support for Azure Trusted Launch VMs (Windows OS)

Tue, 09 Jul 2024 00:00:00 Z

Azure Site Recovery support for Azure Trusted Launch VMs (Windows OS)
Update Type: GA, Services: Virtual Machines, Site Recovery, Categories: Compliance

Azure Policy Support is Generally Available for PostgreSQL Flexible Server

Mon, 01 Jul 2024 18:06:08 Z

What is Azure Policy? Azure Policy is a service within Microsoft Azure that allows organizations to create, assign, and manage policies. These policies define rules and effects over resources, identities, and groups, in an effort to ensure compliance and uphold security. Enforcement comes in two forms – flagging noncompliance so your team can remediate the concern or simply blocking deployment. Core Concepts of Azure Policy At the heart of Azure Policy are two core components: policies and initiatives. Policies in Azure are the specific rules or guidelines, while initiatives are collections of policies that help achieve a broader compliance goal. Let’s break down the components of policies below. A policy definition expresses what to evaluate and what action to take. Each policy definition in Azure Policy has a set of conditions under which it’s enforced and an accompanying effect that takes place if the conditions are met. Policy effects is what happens when the conditions are met. Some common effects include: Deny, Audit, Append, Disabled, and DeployIfNotExists Policy parameters are used to provide flexibility and reduce policy definition redundancy. They allow you to reuse the policy definition for different scenarios. Think of them as fields on a form to fill out – name, city, birthdate, address, etc. They remain, but how you fill them out can change. Policy assignments are the application of a policy or initiative to a specific scope (subscription, management group, etc.) Pic 1. Structure of Azure Policy (credit Sonrai Security) Advantages of Azure Policy Main benefits of using Azure Policy include consistent governance across all resources, streamlined management of policy enforcement, improved security and compliance, and increased visibility and control over cloud resources. Azure Policy vs. Azure Role Based Access Control (RBAC) Azure Policy and Azure Role-Based Access Control (RBAC) differ significantly. While Azure Policy focuses on reso
Update Type: GA, Services: Database for PostgreSQL, Azure Policy, Categories: Compliance

Announcing conversational PII detection service’s general availability in Azure AI language

Wed, 26 Jun 2024 17:30:00 Z

We are ecstatic to share the release of general availability (GA) support for our Conversational PII redaction service in English-language contexts. GA support ensures better Azure SLA support, production environment support, as well as enterprise-grade security. Conversational PII (Personally Identifiable Information) redaction is one the many high quality, cost effective, task-optimized language AI capabilities offered by Azure AI Language. This collection of machine learning and AI algorithms in the cloud have helped many customers and enterprises across the globe develop intelligent applications and include models for summarization, sentiment analysis, health text analytics, opinion mining, and much more. The PII detection service supports a rich set of features with fine-tuned models for various use cases, included text based, conversation based with Conversational PII, as well as Native Document PII redaction where the input and output are structured document files in .pdf, .docx and .txt file format. These services can help to detect sensitive information and protect an individual’s identity and privacy in both generative and non-generative AI applications which are critical for highly regulated industries such as financial services, healthcare or government, enabling our customers to adhere to the highest standards of data privacy, security, and compliance. We have been proud to regularly iterate on the collaboration and feedback from a variety of satisfied customers of the service since its initial release in private then public preview before this GA release and are pleased to now announce the general availability of Conversational PII. The Conversational PII redaction service expands upon the Text PII redaction service, supporting customers looking to identify, categorize, and redact sensitive information such as phone numbers and email addresses in unstructured text. This Conversational PII language model is specialized for conversational style i
Update Type: GA, Services: Azure AI Services, Machine Learning, Categories: Compliance

Five Key Updates on WS2012 ESUs enabled by Azure Arc

Mon, 24 Jun 2024 16:49:47 Z

We have a myriad of key updates for customers enrolled in WS2012/R2 ESUs enabled by Azure Arc! As we continue to refine and expand the offer, investments have focused on reducing friction and improve the usability of WS2012/R2 ESUs enabled by Azure Arc. We’re excited to announce our brand-new usage view, preview of the transition scenario, and improvements to pre-requisites, billing, and included capabilities. The ESU Usage View is now Public Preview for customers in Azure Portal. With the ESU Usage View, customers get visibility into their coverage of Azure Arc-enabled WS2012/R2 servers with Extended security Updates. Moreover, the view surfaces licenses that may be over-provisioned or under-provisioned comparing the licensed cores with linked servers helping ensuring licensing compliance. The ESU Usage View offers a bird’s eye summary for the ESU Deployment and Licensing for customers. The ESU Transition Scenario from Volume Licensing to Azure Arc is now in Public Preview. Customers can using Azure CLI to programmatically generate new licenses, specifying the new Volume License Details parameter in az connectedmachine license | Microsoft Learn their Year 1 Volume Licensing entitlements by entering their respective Invoice Numbers. By specifying Year 1 Volume Licensing entitlements, the provisioned WS2012/R2 ESU Azure Arc licenses will not be backbilled for Year 1 with billing starting from Year 2 of WS2012/R2 ESUs in October 2024. Customers must specify this entitlement in their license provisioning to be exempt from Year 1 back billing, with the Portal Experience for this to be available by July end. Customers no longer need Intermediate Certificates to receive WS2012/R2 ESUs through Azure Arc. Customers must update to Connected Machine Agent Version 1.40 or higher and install the Windows Server Servicing Stack Update (SSU) for April 2024 to eliminate the need for intermediate certificate installation and updates. For customers that are not ru
Update Type: Announcement, Services: Azure Arc, Categories: Compliance

Enhancing Azure Files resilience and performance

Mon, 17 Jun 2024 22:41:14 Z

Azure Files provides the best-in-class fully managed file share solution in the cloud. We are excited to showcase several new capabilities, some already launched and others upcoming, all aimed at enhancing your application reliability and performance, when using Azure Files. Snapshot support for NFS File SharesYou can now take point-in-time snapshots of Azure File shares using NFS. This enables users to roll back their entire file share to a previous point in time or restore specific files that were accidentally deleted or corrupted. Customers can now perform share-level snapshot management via the Azure portal, REST API, Azure PowerShell, and Azure CLI. This feature is now available in all Azure public cloud regions. Get started with snapshots here. Soft Delete Support for NFS File SharesSoft delete which is currently available on SMB file shares will light up for NFS File Shares (soon to be in preview). This will enable you to easily recover data that may be mistakenly deleted by an application or due to user error. Soft delete for file shares is enabled at the storage account level and will apply to all file shares (incl. SMB and NFS) within a storage account. Soft delete is enabled by default for new storage accounts and can be disabled or enabled at any time. Soft delete is not automatically enabled for existing storage accounts. Keep an eye on the what’s new page for the upcoming announcement. Geo-redundancy for large file sharesGeo-redundancy is now supported for large file shares using SMB. Previously, Azure Files provided 100 TiB standard SMB shares with both locally redundant storage (LRS) and zone-redundant storage (ZRS). However, geo-redundant file shares had a 5 TiB capacity limit and were also limited on IO operations per second (IOPS) and throughput. Now, geo-redundant standard SMB file shares support up to 100 TiB capacity with higher IOPS and throughput limits. Geo-redundancy is vital for meeting various compliance and regulatory requirements
Update Type: Announcement, Services: , Categories: Compliance

Announcing the Public Preview of the Azure Logic Apps Rules Engine!

Sat, 15 Jun 2024 22:37:12 Z

Business rules engines offer a low-code environment that lets you build applications faster and easier, reducing dependencies on programming. Rules engine help to create and change business logic without having to write code or restart the applications that use them. Also, In a world of microservices that promotes decoupling, rules engines provide consistency, clarity, and compliance across different services and domains. Those are some of the benefits of using a Rules Engine. BizTalk Server includes a Business Rules Engine. We have incorporated the RETE runtime included in the product along with support of .net and XML facts into Azure Logic Apps. This means that customers migrating from BizTalk Server can leverage their existing BRE implementations in Azure Logic Apps now. This includes our customers looking to migrate their BizTalk Server SWIFT solutions to Azure Logic Apps. The Microsoft Rules Composer To help you create rules for use with your Azure Logic Apps Rules Engine project, the Microsoft Rules Composer provides a visual tool for authoring and versioning rulesets and vocabularies. It is an stand along application that can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=106092. Rules Rules are declarative statements that include a condition and actions where the condition is evaluated. If the result is true, the rules engine performs one or more actions. The following diagram shows the relationship between Rulesets, Rules, Facts, Conditions and Actions: What are Vocabularies? Vocabularies are collections of definitions consisting of friendly names for the facts used in rule conditions and actions. They make the rules easier to read, understand, and share by people in a particular business domain. For instance: “Status”. Vocabularies can be of the following types: Constant Value Range of Values Set of Values Control functions and Forward Chaining Control functions help applications to control the fact
Update Type: Preview, Services: Logic Apps, Categories: Compliance

Added support for Azure Monitor log search alert rules in Resource Health

Mon, 03 Jun 2024 00:00:00 Z

Azure Resource Health helps you diagnose and get support for service problems that affect your Azure resources. Azure Resource Health now supports log search alert rules, so that you can use the activity log to check the health status of your log search alert rules.
Update Type: Announcement, Services: Azure Monitor, Categories: Compliance

Log search alert rules using linked storage will require using a managed identity staring July 2024

Mon, 03 Jun 2024 00:00:00 Z

Starting July 2024, alert rules using linked storage will require a managed identity to access the linked storage. This requirement will be enforced on alert rules created with API version 2023-12-01 or newer. Creating or updating linked storage rules using an older API version will be blocked.
Update Type: Announcement, Services: , Categories: Compliance

Added support for Azure Monitor log search alert rules in Resource Health

Mon, 03 Jun 2024 00:00:00 Z

Log search alert rules using linked storage will require using a managed identity staring July 2024

Mon, 03 Jun 2024 00:00:00 Z

Universal API Center - a truly comprehensive API catalog that warmly welcomes all your APIs!

Fri, 31 May 2024 23:55:27 Z

Silent yet powerful, APIs are the unsung heroes of our digital era! Welcome! Your presence here, fully engaged in this article, indicates an insightful understanding of the immense importance and catalytic role that APIs, or Application Programming Interfaces, play in shaping our technology-driven lives today! Findings show that businesses across sectors have been amassing APIs year after year, a trend that has sharply escalated in recent months due to groundbreaking advancements in the field of Artificial Intelligence (AI). Have you ever counted the number of APIs used within your organization? Moreover, do you know how many of these APIs are efficiently governed, securely managed, and observed to verify their compliance with service-level objectives? Quite probably, you don't - simply because managing these governance tasks isn't easy and often doesn't take the top priority. Various factors contribute to the challenges of managing the API landscape: A key factor is the deployment of APIs across a vast selection of hybrid and multi-cloud environments. This encompasses SaaS applications, no code/low code platforms, cloud platforms utilizing containers and microservices, as well as legacy systems. Each of these environments possesses distinctive attributes that affect the API lifecycle and its effective governance. Another consideration is the diverse spectrum of API protocols, specifications, and architectural styles available. At present, REST APIs, primarily using the OpenAPI specification for newer APIs, enjoy the highest popularity. Nonetheless, it's crucial to note that the API landscape incorporates other protocols and specifications including but not limited to AsyncAPI, GraphQL, SOAP, WebSockets and more. Additionally, the enterprise scene features a diverse array of API Gateways and API management solutions. Numerous vendors offer a wide spectrum of services, extending from distinct API gateway functionality to
Update Type: Announcement, Services: API Center, Categories: Compliance

Public preview: Advanced Container Networking Services for Azure Kubernetes Services (AKS)

Tue, 28 May 2024 00:00:00 Z

Advanced Container Networking Services for Azure Kubernetes Service (AKS) is a suite of services that tackles observability, security, and compliance challenges in your containerized applications. Gain deep insights with Advanced Network Observability, our first feature of the suite that unlocks Hubble metrics, CLI, and UI for powerful traffic monitoring and performance optimization.
Update Type: Preview, Services: Kubernetes Service, Network Watcher, Categories: Compliance

General availability: Activity log alerts can now run in EU Data Boundary

Tue, 28 May 2024 00:00:00 Z

Activity log alert rules can now be saved in European regions, ensuring the alert metadata and processing remains within EU Data Boundary.
Update Type: GA, Services: Azure Monitor, Categories: Compliance

Monitor effectively using Azure Monitor for Azure Site Recovery

Mon, 27 May 2024 00:00:00 Z

Azure Site Recovery (ASR) now surfaces default alerts via Azure Monitor for critical events such as replication health turning unhealthy, failover failures, agent expiry, and so on. You can monitor these alerts via the Azure Business Continuity Center, Azure Monitor dashboard, or your Recovery Services vault and route these alerts to various notification channels of choice (Email, ITSM, Webhook, SMS).
Update Type: Announcement, Services: Site Recovery, Azure Monitor, Categories: Compliance

Preview: Introducing Reporting Capabilities for Azure Site Recovery

Mon, 27 May 2024 00:00:00 Z

Azure Site Recovery is introducing reporting capabilities to enable your BCDR Admin get rich insights into your estate protected with Site Recovery for audit and tracking purposes. These reports are highly customizable and are available out of box on Business Continuity Center, Recovery Service Vault and Backup Center. These reports provide historical evidence on failover jobs and replicated items.
Update Type: Preview, Services: Site Recovery, Categories: Compliance

General Availability of license-free standby replica for Azure SQL database

Tue, 21 May 2024 16:55:47 Z

We are excited to announce General Availability of license-free standby replica for Azure SQL Database letting you to save on licensing costs by designating your secondary disaster recovery database as standby replica. Typically license costs constitute to be about 40% and so with license-free standby replica the secondary will be about 40% less expensive. To protect database powering the application from region failures and achieving higher business continuity it is crucial to enable disaster recovery for database. In some industries it is mandatory and part of compliance requirement to have disaster recovery in place and frequently conduct drills. One of the biggest hindrances in enabling disaster recovery has been cost as secondary database is mainly used in the event of a disaster. When a secondary database replica is used only for disaster recovery, and doesn't have any workloads running on it, or applications connecting to it, you can save on licensing costs by designating the database as a standby replica. Microsoft provides you with the number of vCores licensed to the primary database at no extra charge under the failover rights benefit in the product licensing terms for standby replica. You're still billed for the compute and storage that the secondary database uses. The standby database replica must only be used for disaster recovery. The following lists the only activities that are permitted on the standby database: Perform maintenance operations, such as checkDB Connect monitoring applications Run disaster recovery drills You can designate one secondary single database deployment model as license-free standby replica in General Purpose & Business Critical service tier and provisioned compute tier. It is possible to configure license-free standby replica using portal, powershell or CLI. Additional capabilities added for general availability
Update Type: GA, Services: SQL Database, Categories: Compliance

Announcing new pub-sub capabilities in Azure Event Grid

Tue, 21 May 2024 16:00:56 Z

Azure Event Grid is a highly scalable, fully managed publish-subscribe message distribution service that offers flexible message consumption patterns using the MQTT and HTTP protocols. Our recent efforts have been dedicated to enhancing MQTT compliance, simplifying security for IoT and event-driven solutions, and facilitating seamless integrations. Today, we announce the newest features in these critical areas and their potential impact on your solutions. Event Grid’s MQTT Broker capability The MQTT broker capability leverages standard MQTT features and secure authentication methods to enable your clients to communicate in a compliant, secure, and flexible manner. This capability is vital for IoT solutions where efficient communication is essential for seamless operations and where security is critical to protect sensitive data and maintain device integrity. We are excited to announce the release of the following features, reinforcing our commitment to these goals. Last Will and Testament (LWT): is now generally available (GA), enabling MQTT clients to notify other MQTT clients of their abrupt disconnections through a will message. You can use LWT to ensure predictable and reliable flow of communication among MQTT clients during unexpected disconnections, which is valuable for scenarios where real-time communication, system reliability, and coordinated actions are critical. Now, you’re able to use will delay interval to reduce the noise from fluctuating disconnections. OAuth 2.0 authentication: is now public preview, allowing clients to authenticate and connect with the MQTT broker using JSON Web Tokens (JWT) issued by any third-party OpenID Connect (OIDC) identity provider, aside from Microsoft Entra Id. MQTT clients can get their token from their identity provider (IDP) and provide the token in the MQTTv5 or MQTTv3.1.1 CONNECT packets to authenticate with the MQTT broker. This authentication method provides a lightweight, secure, and flexible option for
Update Type: Announcement, Services: Event Grid, Categories: Compliance

Introducing the Unified Azure Maps Experience

Tue, 21 May 2024 12:00:37 Z

We are thrilled to announce the unification of Bing Maps for Enterprise (BME) with Azure Maps, marking a significant milestone in our geospatial services at Microsoft. Azure Maps now boasts a robust stack of geospatial offerings, leveraging the powerful capabilities of Microsoft Maps, which also drives Bing Maps (our consumer maps experience). Over the past year, our team has dedicated significant time and effort to combine the strengths of Bing Maps for Enterprise into Azure Maps, enhancing our global quality and coverage. One of the major enhancements is the adoption of vector tiles in Azure Maps for a more responsive map experience. When utilizing Azure Maps in your solutions, you not only leverage the security and compliance advantages of Azure but also benefit from the extensive quality and coverage provided by Microsoft Maps. This unification ensures that users of Azure Maps receive a comprehensive mapping solution backed by the unparalleled strengths of Azure’s infrastructure, Microsoft Maps’ data quality and coverage, and many of the same advanced geospatial capabilities that Bing Maps for Enterprise customers depend on. We are excited about the opportunities this integration presents and look forward to continuing to deliver innovative mapping solutions to our customers worldwide. Azure Maps has many of the same features that BME customers have come to rely on. Nevertheless, this unification also introduces exciting new features to Azure Maps, such as weather APIs, private indoor maps, multiple authentication methods, geolocation service, and robust privacy and compliance benefits. Ready to Make the Move? For customers that are using Bing Maps for Enterprise and are migrating over to Azure Maps, some development will be needed. To help you in this transition period, we have written migration documents for our REST APIs and as well for the Azure Maps web control.
Update Type: Announcement, Services: Azure Maps, Categories: Compliance

Getting started with Private Clusters on HDInsight on AKS for securing your analytics workloads

Wed, 15 May 2024 04:08:46 Z

HDInsight on AKS is a managed Platform as a Service (PaaS) that runs on Azure Kubernetes Service (AKS). HDInsight on AKS allows you to deploy popular Open-Source Analytics workloads like Apache Spark™, Apache Flink:registered:, and Trino without the overhead of managing and monitoring containers. HDInsight on AKS clusters allow you to setup outbound network connections from cluster to any destination, if the destination is reachable from the node's network interface. This means that cluster resources can access any public or private IP address, domain name, or URL on the internet or on your virtual network.However, in some scenarios, you may want to control or restrict the egress traffic from your cluster for security, compliance reasons. For example, you may want to: Prevent clusters from accessing malicious or unwanted services. Enforce network policies or firewall rules on the outbound traffic. Monitor or audit the egress traffic from cluster for troubleshooting or compliance purposes. There are different methods for managing the traffic flow. You can learn more about it here. In this blog, we will discuss about how to control or restrict the egress traffic from your HDInsight on AKS cluster using User Defined Routing (UDR) in your virtual network. With this setup, there won't be any Public IP created when you spin up an HDInsight on AKS cluster.Note: UDR setup requires you to setup firewall rules and define the routing using custom VNet and subnet before creating an HDInsight on AKS clusterLet's get started. Step 1: Setup the virtual network (VNet). Required if you don't have existing VNet From the Azure portal, search for virtual networks and click to create new. Create a VNet named "contoso-hdi-vnet". Step 2: Setup the firewall. Deploy the firewall in your virtual network (contoso-hdi-vnet).To deploy a firewall into the integrated virtual network, you need a subnet called AzureFirewallSubnet Navigate to your VNet
Update Type: Announcement, Services: HDInsight, Kubernetes Service, Virtual Network, HDInsight on AKS, Categories: Compliance

General Availability: Azure Files geo-redundancy for standard large file shares

Wed, 15 May 2024 01:04:36 Z

Azure Files is excited to announce that geo-redundancy for 100 TiB standard SMB file shares is now generally available, enabling customers to achieve higher resiliency for production scale workloads. We previously offered 100 TiB standard SMB shares for locally redundant storage (LRS) and zone-redundant storage (ZRS) options but geo-redundant storage (GRS/GZRS) was limited to 5 TiB, restricting higher capacity and performance workloads from using this resiliency option. Geo-redundancy is critical to ensure high availability and to meet various compliance and regulatory requirements for your production workloads (for example, line-of-business (LOB) applications). Geo-redundant storage asynchronously replicates to a secondary region enabling you to failover to the secondary region, if the primary region becomes unavailable. You don't have to compromise on performance and scale or geo-redundancy for your SMB file shares anymore! All standard SMB file shares that are geo-redundant (both new and existing) can now scale up to 100TiB capacity and have much higher performance limits: Azure Files (GRS and GZRS file shares) Previous limits New limits Capacity per share 5 TiB 100 TiB (20x increase) Max IOPS per share 1,000 IOPS Up to storage account limit (20x increase) Max throughput per share Up to 60 MiB/s Up to storage account limit (150x increase) For more information on Azure storage redundancy and choosing what’s right for you, see Azure Storage redundancy. Pricing and availability Pricing is based on the standard file share tier and redundancy option configured for the storage account. To learn more, see Azure Files Pricing. Azure Files geo-redundancy for large file shares is now generally available in most regions and we will be expanding to all regions in the coming months. To view the latest information, see regional availability. Getting started Getting started is simple. In regions that are now generally available:&n
Update Type: GA, Services: Azure Storage, Categories: Compliance

Public Preview: Azure Site Recovery support for Azure Trusted Launch VMs (Windows OS)

Mon, 13 May 2024 00:00:00 Z

Azure Site Recovery support for Windows Trusted launch VMs
Update Type: Preview, Services: Virtual Machines, Site Recovery, Categories: Compliance

Platform SSO for macOS now in public preview

Mon, 06 May 2024 17:44:22 Z

Today we’re announcing that Platform SSO for macOS is available in public preview with Microsoft Entra ID. Platform SSO is an enhancement to the Microsoft Enterprise SSO plug-in for Apple devices that makes usage and management of Mac devices more seamless and secure. At the start of public preview, Platform SSO will work with Microsoft Intune. Additional mobile device management (MDM) providers will be added during the public preview. Please contact your MDM provider for more information on support and availability. As part of this release, we’re introducing Microsoft Entra Join for macOS. This feature uses the Enterprise SSO plug-in to create a hardware-bound device record in Entra ID. Entra Join requires the use of an Entra ID organizational account. In addition, we’re making three new ways to authenticate available, all configurable with MDM and available as part of Microsoft Entra ID Free: Passwordless authentication with Secure Enclave: Like Windows Hello for Business, this method allows the user to interactively sign in to the desktop with their local account and password. Once the user signs in, a hardware-bound cryptographic key stored in the device’s Secure Enclave can be used as a trusted credential with Entra ID, giving the user SSO across applications that use Entra ID for authentication. This method allows users to go passwordless with Touch ID to unlock their device and be signed into Entra ID under the hood using a device-bound key. It can save organizations money by removing the need to purchase security keys, card readers, or other hardware. For information on our security and compliance standards, please see this guide.  Passwordless authentication with smart cards: With this method, the user signs into the Mac using an external smart card (or smart-card-compatible hard token like Yubikey). Once the device is unlocked, the smart card is further used with Entra ID to grant SSO across apps that use Entra ID for authentication.  Password synchro
Update Type: Preview, Services: Microsoft Entra ID, Categories: Compliance

Public Preview – DR for Shared Disks – Azure Site Recovery

Fri, 19 Apr 2024 00:00:00 Z

Now you can use the benefits of Shared Disk for your mission-critical applications such as SQL FCI, SAP ASCS, Scale-out File Servers, etc., while ensuring business continuity and disaster recovery with Azure Site Recovery.
Update Type: Preview, Services: Site Recovery, Categories: Compliance

Azure Database for MySQL - March 2024 updates and latest feature roadmap

Thu, 18 Apr 2024 08:58:34 Z

We're pleased to share a summary of the Azure Database for MySQL - Flexible Server feature updates and announcements from last month, as well as the latest roadmap of upcoming features! April 2024 Live webinar These feature updates are also covered in our Monthly Live Webinar on YouTube (Click here to subscribe to our YouTube channel!), which streams the second Wednesday of every month, at 7:30 AM Pacific time. Below is a link to the session recording of the live webinar we delivered this week: March 2024 updates and announcements Microsoft Defender for Cloud support - General Availability We’re excited to announce the general availability of Microsoft Defender for Cloud support for Azure Database for MySQL - Flexible Server. The Defender for Cloud Advanced Threat Protection (ATP) feature simplifies security management of your MySQL flexible server by enabling effortless threat prevention, detection, and mitigation through increased visibility into and control over harmful events. With the Defender for Cloud ATP feature, you don’t need to be a security expert to safeguard your MySQL flexible server against today’s growing threat landscape. ATP uses integrated security monitoring to detect anomalous database access and query patterns, as well as suspicious database activities, to provide security recommendations and alerts. Learn more: Demo video | Announcement blog Long Term Retention of Backups - Public Preview Long Term Retention of backups is now in Public Preview! You can use long-term retention independently or in addition to the automated (and on-demand) backup solution offered by Azure Database for MySQL flexible server, which offers retention of up to 35 days. Automated backups are snapshot backups suited for operational recoveries, especially when you want to restore from the latest backups. Long-term backups help you with your compliance needs and auditing needs. Learn more: Documentation | Demo video Reminder: Upgrade
Update Type: Announcement, Services: Database for MySQL, Defender for Cloud, Categories: Compliance

Announcing MQTT Last Will and Testament Public Preview in Azure Event Grid

Wed, 10 Apr 2024 15:27:17 Z

Overview Azure Event Grid is a pub-sub message broker that enables you to integrate your solutions at scale using HTTP pull delivery, HTTP push delivery, and MQTT broker capability. The MQTT broker capability leverages standard features from MQTT protocol to enable your clients to communicate in a reliable, secure, and scalable manner. This capability is vital for IoT solutions where efficient communication is essential for seamless operations, driving the digital transformation of organizations across various industries. Today, I am thrilled to announce the public preview release of the Last Will and Testament (LWT) support in Azure Event Grid's MQTT broker capability, in compliance with the MQTTv3.1.1 and MQTTv5 specifications. LWT enables your MQTT clients to get notified with the abrupt disconnections of other MQTT clients. This powerful feature ensures predictable and reliable flow of communication among MQTT clients during unexpected disconnections, which is valuable for scenarios where real-time communication and coordinated actions are critical. Need for client disconnection notifications IoT devices usually operate in environments characterized by unreliable network connectivity, where connections might be sporadic or prone to disruptions due to signal loss, limited power, or other factors. Consequently, MQTT clients might disconnect from the MQTT broker without clear indication whether the disruption was intentional or unexpected. The absence of notifications about the unexpected client disconnections poses a significant challenge across industries, potentially causing service unavailability, increased downtime, and communication failures. In scenarios where multiple MQTT clients collaborate to execute intricate tasks or distribute workload, real-time communication and reliability are critical. These disconnections disrupt the coordination of tasks within the system, leading to inefficiency and performance degradation. LWT support in Event
Update Type: Preview, Services: Event Grid, Categories: Compliance

Public preview: Azure Backup supports long term retention for backup of Azure Database for MySQL– Flexible Server

Mon, 01 Apr 2024 00:00:00 Z

Now you can retain backups for up to 10 years by defining your own backup and retention policy for MySQL- Flexible server.
Update Type: Preview, Services: Database for MySQL, Azure Backup, Categories: Compliance

Public Preview: Use Azure Blob Storage on Windows as a file share using Network File System(NFS) 3.0

Tue, 26 Mar 2024 16:56:46 Z

Azure Blob Storage team is announcing the Public Preview of the capability to use Blob storage on Windows using Network File System (NFS) 3.0 protocol, while capability to access Blob Storage using NFS on Linux is generally available (GA). Standard NFS version 3.0 protocol is natively supported as a Storage Endpoint, and typically used in large scale read-heavy workloads. Mounting Blob Storage as a file share using NFS has following advantages: Works with existing applications - Customer can take advantage of widely used NFS protocol with POSIX compliance on top of Blob Storage on cloud without refactoring their existing applications. They can easily replace the path of on-premises file share with path of Blob Storage mounted as a file share using NFS. Open & Interoperable - Customer can bring data via. rest or sftp protocol and operate on the same data using NFS and vice versa. Scalable & Performant – Offers petabyte scale and high throughput as it is built on top of Azure Blob Storage. Durable & Available – Multiple redundancy options to protect customers from disaster and data loss. Manageable and Secure - Data management and security features such as lifecycle management, immutable storage, customer-managed key for encryption. Cost efficient - Flexible pay-as-you-go blob pricing model allows for cost-optimizations and low total cost of ownership (TCO). Data is billed at the same rate as Azure Blob Storage capacity charges. Some of the common use cases of using Blob Storage mounted as a file share via. NFS on Windows are as follows: Analytics – Windows analytics applications can operate on the large amount of data stored on Blob Storage as a file share on Windows reducing the cost of data storage with advantages of high throughput and TPS. Multi-client log aggregation – Applications running on multiple Windows/Linux nodes can mount the same Blob Storage account as a file share and aggregate the logs in a single storage account for anal
Update Type: Preview, Services: Azure Storage, Categories: Compliance

Dremio Cloud on Microsoft Azure enables customers to drive value from their data more easily

Mon, 25 Mar 2024 19:17:33 Z

Disclaimer: The following post shares product details and their benefits from our partner Dremio. Some of the content has been provided by Dremio. Introduction Today, Dremio is introducing Dremio Cloud on Microsoft Azure, an innovative solution for Microsoft Azure customers. This cloud-native data lake engine delivers high-performance SQL analytics at scale, with no data movement or copies needed. Microsoft Azure is a leading cloud platform, offering a wide range of services and solutions for businesses of all sizes across all industries. Microsoft Azure enables customers to build, deploy, and manage applications and data globally, with security, reliability, and innovation at its core. As a cloud provider, Azure enables a robust partner ecosystem, where customers can leverage the expertise, solutions, and support of thousands of partners in the Microsoft Cloud Partner Program. The Microsoft Azure partner ecosystem is crucial to our value proposition by providing customers access to top-tier technologies and tools that compliment and strengthen the Microsoft Azure platform. Whether it is data analytics, artificial intelligence, machine learning, Internet of Things, or any other domain, Microsoft Azure customers can find a partner solution that meets their needs and helps them achieve their goals. Challenges Traditional analytic architectures are costly due to their cumbersome, insecure, and difficult-to-maintain nature. Traditional IT infrastructure has grown over time, and so has the landscape of data lakes and databases. This leads to significant complexity that is hard to manage. Many consumers find there is no easy path to mitigate this complexity without an architectural change. Copies of data that have to be managed and secured. Keeping environments secure in a complex environment is a major challenge without appropriate controls in place. Non-compliance leads to exposure to threats or attacks, that can become costly and lead to fine
Update Type: Announcement, Services: Machine Learning, Categories: Compliance

Public Preview: Agentless multi-disk crash consistent backup by Azure Backup for VM

Mon, 25 Mar 2024 00:00:00 Z

Azure VM backup now supports agentless multi-disk crash consistent backups in public preview.
Update Type: Preview, Services: Virtual Machines, Azure Backup, Categories: Compliance

Some compliance features in Microsoft Defender for Cloud will be retired on September 30, 2025

Fri, 22 Mar 2024 00:00:00 Z

Microsoft Actions and Compliance offerings, two regulatory compliance features in public preview, will no longer be available through the Defender for Cloud portal pages starting September 30, 2025.
Update Type: Deprecation, Services: Defender for Cloud, Categories: Compliance

Billing for Azure Monitor stateful log search alerts

Tue, 19 Mar 2024 00:00:00 Z

Starting from May 1, 2024, you will be charged for stateful log alerts in Azure Monitor.
Update Type: Preview, Services: Azure Monitor, Categories: Compliance

Now available: Free data transfer out to internet when leaving Azure

Wed, 13 Mar 2024 00:00:00 Z

Learn how to qualify for free egress when moving your data out of Azure.
Update Type: Announcement, Services: , Categories: Compliance

Migration of Apache Spark from HDInsight 5.0 to HDInsight 5.1

Tue, 27 Feb 2024 16:27:15 Z

Azure HDInsight Spark 5.0 to HDI 5.1 Migration A new version of HDInsight 5.1 is released with Spark 3.3.1. This release improves join query performance via Bloom filters, increases the Pandas API coverage with the support of popular Pandas features such as datetime.timedelta and merge_asof, simplifies the migration from traditional data warehouses by improving ANSI compliance and supporting dozens of new built-in functions. In this article we will discuss about the migration of user applications from HDInsight 5.0(Spark 3.1) to HDInsight 5.1 (Spark 3.3). The sections include, 1. Changes which are compatible with minor changes 2. Changes in Spark that require application changes Application Changes with backport. The below changes are part of HDI 5.1 release. If these functions are used in applications, the given steps can be taken to avoid the changes in application code. Since Spark 3.3, the histogram_numeric function in Spark SQL returns an output type of an array of structs (x, y), where the type of the ‘x’ field in the return value is propagated from the input values consumed in the aggregate function. In Spark 3.2 or earlier, x’ always had double type. Optionally, use the configuration spark.sql.legacy.histogramNumericPropagateInputType since Spark 3.3 to revert to the previous behavior. Spark 3.1 (pyspark) Spark 3.3: In Spark 3.3, the timestamps subtraction expression such as timestamp '2021-03-31 23:48:00' - timestamp '2021-01-01 00:00:00' returns values of DayTimeIntervalType. In Spark 3.1 and earlier, the type of the same expression is CalendarIntervalType. To restore the behavior before Spark 3.3, you can set spark.sql.legacy.interval.enabled to true. Since Spark 3.3, the functions lpad and rpad have been overloaded to support byte sequences. When the first argument is a byte sequence, the optional padding pattern must also be a byte sequence and
Update Type: Announcement, Services: HDInsight, Categories: Compliance

Sending a log search alert with cross tenant target resource will no longer be supported

Wed, 21 Feb 2024 00:00:00 Z

As of March 15, 2024, this behavior will change and sending a log search alert with a cross tenant target resource (except for the lighthouse case) will no longer be supported. Alerts will not be sent to unauthorized target resources, and log search alert rules with an unauthorized target will be ignored. This will ensure that only authorized users can receive and investigate log search alerts.
Update Type: Announcement, Services: , Categories: Compliance

Generally available: Support for Azure VMs using Ultra disks in Azure Backup

Mon, 19 Feb 2024 00:00:00 Z

General availability for the support for Azure VMs using Ultra disks in Azure Backup.
Update Type: GA, Services: Virtual Machines, Azure Backup, Categories: Compliance

Generally available: Support for Azure VMs using Premium SSD v2 in Azure Backup

Mon, 19 Feb 2024 00:00:00 Z

General availability for the support for Azure VMs using Premium SSD v2 in Azure Backup.
Update Type: GA, Services: Virtual Machines, Azure Backup, Categories: Compliance

General Availability: Trusted launch for Azure VMs in China regions

Mon, 19 Feb 2024 00:00:00 Z

Azure China cloud regions now support Trusted Launch Virtual Machines to improve security posture of an Azure Virtual Machine.
Update Type: GA, Services: Virtual Machines, Categories: Compliance

Integrity protect your Azure blob storage data with Azure confidential ledger

Wed, 07 Feb 2024 14:00:00 Z

To support customers in regulated industries and compliance scenarios who asked about higher integrity protection of storage blobs, the Azure confidential ledger team has launched a preview of a managed Marketplace application that will further protect data: Blob Storage Digests Backed by Confidential Ledger (Preview). Data signatures from blob can be harvested and stored in a confidential ledger for tamper protection. At a later point in time and to demonstrate tamper proofness for compliance and auditing purposes, signatures can be recalculated and validated against the signature in Azure confidential ledger. To express your interest, join the preview. Customers needing confidentiality guarantees in key-value store can continue utilizing Azure confidential ledger directly and can leverage the integration between Azure SQL Database ledger with digest stores in Azure confidential ledger for continuing to protect their relational data. The Azure confidential ledger team has also launched new features to enhance product and auditing experience: The Azure confidential ledger Portal experience has been improved with a new Ledger Explorer feature that allows observing transactions and validating the cryptographic proofs of ledger transactions. The multi-admin delete (upcoming) feature will allow deleting ledgers only with approval from multiple administrators, compared to a single administrator requested delete today. Quick Glance of the new Marketplace App: Blob Storage Digests Backed by Confidential Ledger (Preview) Step 1: When a new blob gets created, the transaction table will be populated with a new entry Step 2: When enough blob records have been created, a digest will be calculated and stored in to Azure Confidential Ledger. An entry will be created within the block table and contain the Azure Confidential Ledger Transaction ID. Step 3: When it comes time to performing an audit, a history of audit records can be vie
Update Type: Announcement, Services: SQL Database, Azure Storage, Confidential Ledger, Categories: Compliance

What's New: CrowdStrike Falcon Data Replicator V2 Data Connector is now Generally Available!

Mon, 05 Feb 2024 14:42:31 Z

The CrowdStrike Falcon Data replicator V2 Data connector is now Generally Available as a part of the CrowdStrike Falcon Endpoint Protection solution in Microsoft Sentinel Content Hub. The connector leverages an Azure Function based backend to poll and ingest CrowdStrike FDR logs at scale. Some of the advantages this new V2 data connector offers are: Improved scaling as per data volume - keeping the performance of ingestion high. More data ingestion with the Consumption plan, hence, optimizing cost. Ingestion-time Normalization to the ASIM data model, enabling customers to use various normalized solutions and associated content (Analytics, hunting, workbooks). Query time parsing is faster because of data split into multiple tables based on event category (like Network, Authentication, File, DNS etc.). CrowdStrike secondary data (like appinfo, assetinfo, userinfo etc) can also be ingested. It supports ingestion of raw logs in addition to normalized logs (for compliance purposes if needed). High level design of this connector The CrowdStrike logs collected from AWS S3 bucket will be stored in relevant normalized ASIM tables by default and if one opts for storing the raw logs then it will get stored in CrowdStrike custom tables. Getting started Installing the solution from Content Hub will deploy all 3 data connectors in data connector gallery (if one already has the CS solution installed, they will get an option to update the solution this add the new V2 data connector along with the existing ones in the data collector gallery) Once the solution is installed click on manage solution, select the V2 data connector and click open data connector page on the right-side panel. Note: Ensure all the listed prerequisites are taken into consideration. The ingestion requires an Azure Function to be deployed. Click on the Deploy to Azure button, or alternatively, follow the manual steps to deploy. For configuring the Azure Function App parameters, Set t
Update Type: GA, Services: Azure Functions, Microsoft Sentinel, Categories: Compliance

Support for log alert rules that use cross-workspace queries with resource names or qualified name identifiers will be retired on 31 May 2024

Thu, 01 Feb 2024 00:00:00 Z

As of May 31, 2024, log alert rules will no longer support cross-workspace queries that use resource names or qualified name identifiers.
Update Type: Deprecation, Services: , Categories: Compliance

Private Preview: Azure Site Recovery support for Azure Trusted Launch VMs (Windows OS)

Thu, 01 Feb 2024 00:00:00 Z

Azure Site Recovery support for Azure Trusted Launch VMs
Update Type: Preview, Services: Virtual Machines, Site Recovery, Categories: Compliance

Azure Advisor integration with Azure Monitor Log Analytics Workspace

Mon, 22 Jan 2024 00:00:00 Z

Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability, and security of your Azure resources.  We in Azure Monitor believe that observability should be cost effective, and we want to help our customers control their cost, operational excellence, performance, reliability, and security of their  Azure  resources. This, in turn, helps grow their overall satisfaction with, and usage of Azure. We have introduced several cost optimization related recommendations and added Azure Advisor to the Log Analytics Workspace admin experience. more recommendations are on the way.
Update Type: Announcement, Services: Azure Advisor, Azure Monitor, Categories: Compliance

Private Preview: Support for Azure VMs using Premium SSD v2 in Azure Site Recovery

Mon, 22 Jan 2024 00:00:00 Z

Private preview for the support for Azure VMs using Premium SSD v2 in Azure Site Recovery.
Update Type: Preview, Services: Virtual Machines, Site Recovery, Categories: Compliance

Windows Server 2012/R2 Extended Security Updates Licensing and Billing

Fri, 19 Jan 2024 16:33:38 Z

While more and more organizations are moving towards cloud they are all using cloud in their own way depending on size and scale. Some have adopted cloud native model using Microsoft Azure, but some decided to use cloud services while still maintaining their on-premises footprint. The latter approach is known as Hybrid model. Hybrid also means having presence in more than one cloud provider. While the Hybrid model comes with some advantages and flexibility it has certain challenges too. One of the biggest challenges is the added management complexity. In a Hybrid model as the workload grows, organizations might struggle to control the growing complex environments which could be extending across data centers, multiple clouds and even the edge. One common struggle which we will be covering in this blog post today is… the ability to protect your end-of-support Windows Servers which are either in multi-cloud environment or on-premises. What options do Customers have for end-of-support Windows Servers 2012/R2? It’s not always easy for clients to upgrade all older Windows Servers to Win2016 or later. As the on-premises or multi-cloud environment servers reach the end of support, it also means end of security updates which can put business applications running on the server at security risk and can cause compliance issues. The Extended Security Updates (ESU) program is an option that can be used by customers to run Windows servers past the end of support for a maximum period but not indefinitely. The updates provided through ESUs are only Security updates as well as critical and important rated bulletins. Below are options for customers to use ESU: Migrate workload to Azure: Migrate existing affected Windows Server workloads as-is to Azure Virtual Machines which will automatically provide ESU for a defined period without being additionally charged for these updates on top of Azure VM's cost. Migrating workloads to Azure VMware Solution (AVS) also makes them eligible for
Update Type: Announcement, Services: Virtual Machines, Azure VMware Solution, Categories: Compliance

Private Preview: Upgrade existing Azure Gen1 VMs to Gen2-Trusted launch

Thu, 18 Jan 2024 00:00:00 Z

Support to upgrade existing Gen1 VMs to Trusted launch in preview.
Update Type: Preview, Services: Virtual Machines, Categories: Compliance

General Availability: Premium SSD v2 and Ultra disks support with Trusted launch

Wed, 10 Jan 2024 00:00:00 Z

Trusted launch VMs now support Azure Premium SSD v2 and Ultra disks storage.
Update Type: GA, Services: Virtual Machines, Azure Storage, Managed Disks, Categories: Compliance

Announcing Preview of Run Command on Arc-enabled servers

Wed, 20 Dec 2023 20:01:22 Z

We are excited to announce the Public Preview of Run Command on Azure Arc-enabled servers. This feature is a game-changer for remotely and securely managing your Azure Arc-enabled servers. You can start using Azure CLI or API for Run Command today, without requiring any additional extensions or configurations, and at no additional cost. Run Command is built in the Connected Machine agent and supports not just the ability to run scripts but to centralize script management across creation, update, deletion, sequencing, and listing operations. Run Command empowers you to perform myriad server management tasks on your Arc-enabled servers, such as application management, security, and diagnostics. For example, you can use Run Command to install or update software, configure firewall rules, run health checks, or troubleshoot issues. One of the key scenarios is using Run Command to enhance your security posture. You can use Run Command to remotely apply security patches, enforce compliance policies, or remediate vulnerabilities on your Arc-enabled servers. You can also use Run Command to automate common security tasks, such as rotating passwords, encrypting data, or auditing logs. Through Azure Arc, you can perform these tasks consistently across your hybrid, multi-cloud, and edge environments, helping reduce operational overhead and response time. As we expand Run Command capabilities on Azure Arc, both developing our gallery view with a collection of built in scripts and delivering on a robust Azure portal experience, we would love to hear your feedback on the scenarios you’re using Run Command through Azure Arc. To connect with our product group, please fill out the form at https://aka.ms/RunCommandPublicPreviewForm. To get started with Run Command Version on Azure Arc-enabled servers, go to https://aka.ms/RunCommandPublicPreviewDocs or check out this awesome video at Arc-Enabled Server Run Command (youtube.com). What are you waiting for? Start r
Update Type: Announcement, Services: , Categories: Compliance

Public Preview: IT Service Management Connector (ITSMC) is now certified with ServiceNow Vancouver version

Mon, 11 Dec 2023 00:00:00 Z

The ITSM connector provides a bi-directional connection between Azure and ITSM tools to help track and resolve issues faster.
Update Type: Preview, Services: , Categories: Compliance

Application Insights Availability Tests TLS 1.3 Enablement

Fri, 01 Dec 2023 00:00:00 Z

TLS 1.3 will be enabled for Availability Tests in Azure Monitor Application Insights starting on 4 December 2023
Update Type: Announcement, Services: Azure Monitor, Categories: Compliance

Announcing the General Availability of AMD-based Confidential VMs on Azure Databricks

Wed, 15 Nov 2023 16:00:01 Z

We are excited to announce the general availability of AMD-based confidential virtual machines (VMs) for cluster nodes on Azure Databricks. Confidential VMs are part of the Azure confidential computing (ACC) portfolio and provide a trusted execution environment (TEE) for Azure Databricks clusters, protecting data while in use in memory. It is important to note that Azure already encrypts data at rest and in transit, and the introduction of confidential VMs provides an additional layer of security for sensitive data in use, helping organizations meet compliance requirements and protect their most valuable data. By using Azure confidential computing on Azure Databricks, you gain the capability to encrypt your data end-to-end. This is valuable not only for confidential workloads but also for any scenario where you need to protect highly sensitive data residing in memory and prevent unauthorized access or tampering. The solution also supports Azure Managed HSM, a hardware security module that allows the customer to manage their own encryption keys for data at-rest, in-use, and in-transit. To use confidential VMs on Azure Databricks, customers need to select one of the confidential VM types when creating a cluster. This type of cluster can then be used for any workload that requires the protection of highly sensitive data in memory. For compute-optimized needs, DCasv5 confidential VMs are available, and for memory-optimized needs, ECasv5 confidential VMs can be used. These VMs are currently available in the following regions: East US, West US, North Europe, West Europe, Southeast Asia, Central India, East Asia, Switzerland North, Japan East and Italy North, and coming to additional regions soon. Databricks partnership in Confidential Computing: "We are thrilled to have collaborated with Microsoft to introduce Azure Databricks support for Azure confidential computing,” said David Meyer, Senior Vice President of P
Update Type: GA, Services: Databricks, Virtual Machines, Categories: Compliance

Public Preview: Azure Monitor Alerts integration with Event Grid for Azure Key Vault system events

Mon, 13 Nov 2023 00:00:00 Z

Azure Monitor alerts as a destination in Event Grid event subscriptions allow you to receive notification of critical events via action groups as Short Message Service (SMS), email, push notification, and more. You can leverage on the low latency event delivery of Event Grid with the flexibility and direct-to-customer notifications of Azure Monitor alerts.
Update Type: Preview, Services: Event Grid, Azure Key Vault, Azure Monitor, Categories: Compliance

Announcing more Azure VMware Solution enhancements

Sun, 12 Nov 2023 12:34:41 Z

Announcing more Azure VMware Solution enhancements Greetings from Barcelona, where the Microsoft team is thrilled to be part of VMware Explore 2023. My team and I will be presenting and are eager to meet with customers and partners in person! Having been at Microsoft for over two decades, I have recently taken the helm of the Azure VMware Solution team and I am excited to hear about your thoughts and experiences using our product. Here is some of what I have already heard from customers about how Azure VMware Solution is helping their organizations: “As a public institution, we were very sensitive to the security implemented by Azure VMware Solution in terms of data protection. Our data is hosted in the European Union. On one hand, there is protection for the container that hosts our data, on the other hand, data transmission between SOLIDEO and the Microsoft servers. There's really a portability between the VMware-based SOLIDEO virtual machines, and the Azure cloud. It's a perfect match.” —Dominique Renard, Director of Information Systems Security, SOLIDEO “As a large, mature organization, we couldn’t undertake a greenfield implementation, but we were able to quickly migrate and stand up our environment in the cloud with Azure VMware Solution” and “Our migration to Azure VMware Solution extended compliance to workloads approaching end of service because of Microsoft support.” —Mark Wiltshire, IT Director, Kier Group These stories underscore the versatility and efficiency of Azure VMware Solution in addressing diverse organizational needs. We’re eager to hear your experiences too! Please stop by our booth and connect with me and the team. Check out what’s new in Azure VMware Solution I am also excited to share some of the recent updates we’ve made to Azure VMware Solution. Azure Elastic SAN, in preview, is a cloud-native managed SAN offering scalability, cost-efficiency, high performance, and security. It now supports snapshots, enhanced security, and integra
Update Type: Announcement, Services: Virtual Machines, Azure VMware Solution, Azure Elastic SAN, Categories: Compliance

Ability to add dynamic values in Alert’s custom fields

Mon, 06 Nov 2023 00:00:00 Z

Alerts help you detect and address issues before users notice them by proactively notifying you when Azure Monitor data indicates there might be a problem with your infrastructure or application. We added to the Custom properties section in the alert payload ability to add dynamic value extracted from the alert payload, or a combination of both can be added to the alert notification payload.
Update Type: Announcement, Services: Azure Monitor, Categories: Compliance

TLS 1.2 to become the minimum TLS version for Azure Storage

Wed, 01 Nov 2023 00:00:00 Z

TLS 1.2 to become the minimum TLS version for Azure Storage
Update Type: Announcement, Services: Data Lake Storage, Azure Storage, Categories: Compliance

New E-mail templates for Log search alerts - API version 2021-08-01 and up

Mon, 30 Oct 2023 00:00:00 Z

During November, we will replace log search alerts (API version 2021-08-01 and up) that uses non-common schema template with an upgraded and more informative email template.
Update Type: Announcement, Services: , Categories: Compliance

LSA payload update for fixes on 15-Jan

Tue, 10 Oct 2023 00:00:00 Z

On the 15-Jan we are going to fix those 2 values in LSA payload to contain the correct values according to our other alerts services.
Update Type: Announcement, Services: , Categories: Compliance

Public Preview: Customer-managed keys for Azure NetApp Files volume encryption is now available in US Gov regions (Preview)

Thu, 05 Oct 2023 00:00:00 Z

Customer keys are protected from attacks for maximum security of their Azure NetApp File volumes; the feature is now available in US Gov regions (Preview)
Update Type: Preview, Services: Azure NetApp Files, Categories: Compliance

General Availability: Upgrade your existing Azure Gen2 VMs to Trusted Launch

Wed, 04 Oct 2023 00:00:00 Z

Enable Trusted Launch foundational compute security on existing Azure Generation 2 VMs.
Update Type: GA, Services: Virtual Machines, Categories: Compliance

Public Preview: Azure Log Alerts support for Azure Resource Graph (ARG)

Mon, 02 Oct 2023 00:00:00 Z

We are now introducing support for running queries also on Azure Resource Graph (ARG) tables, and even joining data between Azure Resource Graph (ARG) data sources from your Log Analytics workspace and Application Insights resources in a single query.
Update Type: Preview, Services: Azure Monitor, Categories: Compliance

Action required: Migrate to using ARG query for “Get Alert Summary” in Azure Monitor

Fri, 29 Sep 2023 00:00:00 Z

The GetAlertSummary API will be retired on 30-Sep-2026.
Update Type: Deprecation, Services: Azure Monitor, Categories: Compliance

Authenticate Azure Monitor logs connector in Logic App with managed identity

Mon, 18 Sep 2023 00:00:00 Z

When you enable managed identity authentication in Logic App, and grant it permissions in Log Analytics workspace, or Application Insights component, you can query data without needing...
Update Type: Announcement, Services: Logic Apps, Azure Monitor, Categories: Compliance

Microsoft releases automation for HIPAA/HITRUST compliance

Mon, 05 Mar 2018 00:00:00 -0800

“The best part of the Azure Security & Compliance Blueprint is that it encompasses the exact Azure services architecture required to help customers meet their HIPAA and HITRUST security, privacy, and compliance obligations, along with supporting documentation and a fully-automated deployment process.”   Tibi Popp, CTO, Archive360
Update Type: Announcement, Services: , Categories: Compliance