Monthly Azure news May 2021

Some fresh Azure updates are online – continue reading and feel free to share with all those interested in Azure and Cloud Native exciting world! This time we also included some awesome news from Microsoft Build 2021.

Azure Static Web Apps is now generally available

Azure Static Web Apps is a turn-key solution for modern full-stack web apps with pre-built and pre-rendered static frontends and serverless backend interfaces. Design and develop your application using common front-end frameworks or static site generators. Rapidly build and test your apps locally and deploy them with a simple check-in. Focus on developing your app and let Azure take care of the rest.

Read all details in the announcement blog post and get started with the quickstarts, guides and tutorials.

Azure API Management updates from May, 2021

We started a regular Azure API Management service update on May 5, 2021. It includes the following new features, bug fixes, and other improvements.

New Features:

  • The new policy <validate-client-certificate> enables you to validate client certificates. Support and Docs will be available in the Azure portal soon.
  • Policy debugging for locally running, self-hosted gateways is now supported via Visual Studio Code extension.
  • Dapr and validation policies now supported in Visual Studio Code extension.
  • Resource owner password grant flow now supported in the developer portal.
  • A new Ciphers + Protocols page in the Azure portal for managing API gateways’ cipher and protocol configuration. It also displays a warning the enabled cipher or protocol is too weak.
  • Availability Zones can now be configured on the Locations page in the Azure portal.
  • The visual policy editor in the Azure portal, lets you now apply validation policies without having to write any policy code.
  • Support for policy expressions in the timeout attribute of the send-request policy.

Details on all new features, bug fixes, and other changes can be found here on Github.

Azure Key Vault SLA raised to 99.99% is now generally available

Resilience and availability of Azure Key Vault service is now being offered at a 99.99% availability SLA. This is an improvement to the previous 99.9% SLA. Key Vault requests will now have guaranteed availability of 99.99%.

Learn more.

Azure Arc: Run App Service on Kubernetes or anywhere (public preview)

With Azure Arc, now Azure App Service can run against Kubernetes clusters in Azure (AKS) or anywhere else. This preview feature combines the productivity of App Service and the control of Kubernetes. Choose if you want to run your Web Apps against fully managed App Service plans, or deploy against your AKS or another Kubernetes cluster connected via Azure Arc. Regardless of the cluster running on-premises, at the edge, or in a cloud.

During Web App creation, customers have the possibility to configure and select clusters as a deployment target.

App Service on Kubernetes will be available for free in a limited set of regions. Starting with West Europe and US East. Get started with the MS docs.

Learn more.

Public preview – Event Hubs Premium is now available

Event Hub Premium brings you multi-tenancy with resource isolation as well as a more predictable high-throughput and low latency workloads, with higher limits and extending support to more Apache Kafka workloads.

Learn more.

Free offer coming soon: Azure Database for MySQL – Flexible Server

Starting in June 2021, Azure Database for MySQL – Flexible Server will be available for free with an Azure Free Account. Getting started with your development with Azure Database for MySQL will be easier than ever. Develop and test your applications and run small workloads for free.

Features (free for the first 12 months, after that standard pay-as-you-go):

  • 750 hours of B1ms SKU
  • 32GB storage

Learn more.

General Availability: Managed Certificates for Azure App Service

With App Service Managed Certificate, one of the most requested features of Azure App Services is now generally available. We already wrote a blog post about the feature in November 2019.

Managed Certificates allows you to secure your custom domains with a free TLS / SSL certificate. Since this is a managed offering, you don’t have to deal with certificate renewal because the lifecycle and rollover is completely managed by Microsoft.

Learn more.

Public Preview: Log Analytics Workspace Insights

With Log Analytics Workspace Insights, you get a unified monitoring view for your Log Analytics workspaces. This includes workspace usage, health, performance, and more. The “at scale” perspective shows you how your workspaces are distributed across the globe and allows you to drill through to gain further insights.

Screenshot that shows Log Analytics Workspace Insights list of workspaces

Learn more.

General Availability: Operational backup for Azure Blobs

Azure Blob Operational Protection is a managed solution that helps you protect your data from various data loss threats such as blob corruption, blob deletion, and accidental deletion of storage accounts.

The data is stored locally in the source storage account itself and can be restored at any selected time (Point-in-time restore). The solution also integrates well with Azure Backup, including Backup Center, to provide scalable data protection.

Right now, Operational backup supports block blobs in standard general-purpose v2 storage accounts only. Refer to the support matrix to learn more about the current limitations.

Learn more.

Azure IoT Central API is now generally available

Azure IoT Central API service is now generally available and can be accessed through the production v1.0 endpoint. Use these APIs to develop production-ready solutions. With the help of customer feedback, Microsoft has updated the API with new capabilities. With the updated API, you can:

  • Manage API tokens.
  • Create, onboard, and manage devices.
  • Create and manage DTDLv2 device templates.
  • Add, update, and remove users.
  • List the user roles in your application.

Learn more.

Public preview – Zone redundant storage for Azure managed disks

Zone redundant storage (ZRS) option for Azure managed disks is now available in public preview for Premium SSDs and Standard SSDs in following regions:

  • West Europe
  • North Europe
  • West US 2
  • France Central

Synchronous replication of data across zones in a region enables disks to tolerate outages due to natural disaster or hardware failures. You can maximize the availability of your virtual machines without the replication of application-level data, which in some cases might not even be supported, e.g for legacy applications and old industry-specific proprietary software. If a VM becomes unavailable, you can mount the disk to a VM in a different zone. The ZRS option can also be used to share disks to improve the availability of clustered distributed applications.

Learn more.

Application Gateway Mutual Authentication is now in public preview

Frontend mutual authentication is now supported by Azure Application Gateway. Additional to the client authenticating Application Gateway, Application Gateway can now also authenticate the client. Multiple client Certificate Authority (CA) certificate chains for Application Gateway can be uploaded and used for client authentication.
Enable mutual authentication at a per listener level on your gateway or choose to use server variables, for passing client authentication information to the backends. This enables scenarios where the client needs to authenticate Application Gateway and vice versa.

Learn more.

Public preview – Azure Arc: Run Event Grid on Kubernetes in Azure or anywhere

With Azure Arc, it is now possible to run Azure Event Grid on AKS or anywhere else. This preview feature combines a fully managed Event Grid on Azure and the control of Kubernetes. Choose if you want to run Event Grid, or deploy on your AKS or another Kubernetes cluster connected via Azure Arc. Regardless of the cluster running on-premises, at the edge or in a cloud.

Event Grid provides customers with a single service for managing routing of all events from any source to any destination. This vastly simplifies event-based application development. During preview, Event Grid on Kubernetes (using Azure Arc) will be available in:

  • West Europe
  • US East

More regions will be added in time. Learn more.

New Durable Functions storage provider options (public preview)

By default, Durable Functions use Azure Storage as its storage provider. With this public preview, Durable Functions will now support two additional storage providers:

  • Netherite storage provider – powered by Azure Event Hubs and Azure Page Blobs. Using the faster database technology from Microsoft Research, it supports significantly higher throughput than other Durable Functions storage providers and is at the same time more cost-effective for high-throughput workloads.
  • Microsoft SQL Server provider – Run Durable Functions wherever SQL Server is available. This includes on-premises environments as well as Kubernetes. Organizations can leverage existing investments in SQL Server, management expertise, and strategies for e.g. failover, compliance, or backup/restore.

Learn more.

General availability: PowerShell support in Durable Functions

Durable Functions now supports PowerShell. Using familiar language constructs in PowerShell 7, it is now possible to orchestrate complex automation workflows in Azure Functions. This includes common scenarios such as complex Azure Resource deployments involving sequential and/or parallel steps. Durable Functions provide built-in HTTP endpoints for monitoring the progress of long-running workflows.

For getting started check out this quickstart.

Learn more.

Public preview: Azure Security Center integration with GitHub Actions

The integration of Azure Security Center with GitHub Actions enables you to integrate security and compliance into the early stages of your software development lifecycle. This integration offers visibility in CI/CD pipeline and registry container security scans with Azure Security Center. Improve remediation time and strengthen your cloud security posture by identifying issues faster with the help of end-to-end traceability.

Additionally, Microsoft is introducing a new container scanning action. This action scans container images for vulnerabilities before images are pushed into Azure container registries.

Learn more.

Azure Kubernetes Service News

There were also a ton of news around Azure Kubernetes Service:

Cluster auto-upgrade now respects planned maintenance windows (public preview)

Scheduled weekly maintenance windows for updates allow minimizing workload impact. Planned maintenance windows in Azure Kubernetes Service can now be used in combination with cluster auto-upgrade. Automatic upgrades can be scheduled during a specific time slot that was allocated.

Learn more.

Public preview: AKS support for Secrets Store Container Storage Interface

AKS support for Secrets Store CSI is now in public preview. The Container Storage Interface (CSI) driver for secret storage allows you to mount multiple secrets, keys, and certificates stored in your secret storage into your Pod as a CSI volume. By attaching a volume in this way, secure access to secrets is significantly simplified because the data can be accessed through the container’s file system.

Learn more.

Public preview: AKS support for containerd for Windows server containers

Containerd is the industry-standard container runtime. Utilizing containerd increases both the speed of pod creation and stability. Containerd is available on Azure Kubernetes Service (AKS) with Kubernetes version 1.20 and higher.

Windows containerd support on AKS is available in East US, UK Southwest, and Central US. Other regions will join within the next weeks.

Public preview: Kubernetes 1.21 support in AKS

Kubernetes release 1.21 is now supported with AKS in public preview. Kubernetes 1.21 offers a total of 50 enhancements at various levels of maturity, including 19 entirely new features.

Learn more.

General availability: Azure RBAC for Kubernetes Authorization in AKS

With Azure’s role-based access control (RBAC) for Kubernetes authorization, you can gain consistent governance and access control across Azure and AKS resources. When this integration is enabled, you can use Azure Active Directory (AAD) users, groups, or service principals natively as entities in Kubernetes RBAC.

Learn more.

Azure Cosmos DB updates

As with AKS, there were also quite a few updates around Azure Cosmos DB:

Partial document update for Azure Cosmos DB in private preview

Partial document update for Azure Cosmos DB now allows you to perform path-level updates for specific fields/properties within a single document without having to perform a full read-replace operation on the document. With this update, there are significant productivity benefits for developers by removing the need to perform explicit document reads, OCC checks, and document replacement operations on the client-side. This provides programming flexibility by allowing conditional partial document updates based on a predicate filter as well as supporting modes such as bulk, transactional batch, and multiple patch operations.

Sign up today to access this feature in private preview.

Azure Cosmos DB role-based access control (RBAC) now in general availability

Azure Cosmos DB’s role-based access control, now available for the Core (SQL) API, lets you enable fine-grained access control by assembling allowed actions into role definitions and associating such roles to Azure Active Directory (AAD) identities. This access control method is ideal when different data access permissions for different users or applications need to be strictly enforced.

RBAC concepts

Learn more about Azure Cosmos DB role-based access control.

Azure Cosmos DB Linux emulator in public preview

The Azure Cosmos DB Linux provides a local environment on Linux and macOS that emulates the Azure Cosmos DB service for development purposes. During the preview, the emulator supports only the Core (SQL) API.

Learn more about Azure Cosmos DB Linux emulator.

Azure Cosmos DB integrated cache now in public preview

With Azure Cosmos DB’s built-in cache, you can now optimize read costs and latency. Azure Cosmos DB integrated cache is an in-memory cache that is integrated with a dedicated Azure Cosmos DB gateway used for caching data and queries. The integrated cache is currently only supporting the Core (SQL) API.

Learn more about Azure Cosmos DB integrated cache.

Azure Cosmos DB serverless now in general availability

Azure Cosmos DB serverless is now available for all APIs. It is a cost-effective pricing model that charges only for the resources consumed by your database operations. It is ideal for apps with moderate performance requirements and little traffic.

Learn more about Azure Cosmo DB serverless.

Expanded Azure Cosmos DB free tier now in general availability

Use the free Azure Cosmos DB tier to develop and test your applications, run small workloads in production for free. With this update to the Azure Cosmos DB free tier, you will now get the first 1000 Request Units per second of provisioned throughput and 25 GB storage each month with no costs.

Microsoft Build 2021

Also don’t miss to replay all the great sessions and highlights from Microsoft Build 2021. We would like to specially highlight the session with our Founder and CEO Markus SĂĽmmchen. He participated in a session on “The future of the developer workplace” (German only):