Monthly Azure news September 2021

In the September issue of monthly Azure news read about some updates related to the Azure Policy for Kubernetes, Azure SQL, daprCon and much more. Grab a cup of coffee or tea and enjoy the read. 


Azure AD Graph is retiring on 30 June 2022

Microsoft announced that the Azure AD Graph becomes obsolete on 30 June 2022. Application owners have enough time to prepare their software to be able to handle the retirement of this important and often used API. Microsoft doesn’t leave their customers to twist in the wind and offers help for migrating to Microsoft Graph as a PowerShell script to identify the applications which use the Azure AD Graph. A descriptive checklist is also available so that the switch shouldn’t be a big deal. Customers who run into trouble can share their questions and learn from other peoples’ experiences. The new Microsoft Graph includes all functionality of its predecessor but is also fully packed with new features as Microsoft describes in this article – What’s new in Microsoft Graph.

Source: Microsoft

Azure SQL Update now available – automated removal of virtual clusters

This month Azure SQL Managed Instance got an important update for those who depend on Infrastructure-as-Code deployment.

With this update, virtual cluster and further dependencies are withdrawn with last instance removal in the subnet (only if no create operations are running at the same time). The second group, who will take advantage of this update, are customers that were not familiar with the virtual clusters used by their Azure SQL MI.

A brief overview and a comparison of the removal process before and after the update can be found here.

Azure Policy for Kubernetes now supports custom policies – currently as a public preview

This feature allows the creation and assignment of custom policies and constraint templates to the Azure Kubernetes Service clusters. The main enhancements are:

  • TemplateInfo as a new property of the Azure Policy – This property enables users to define the source type for the constraint template. While using TemplateInfo in policy definition there is no need to take care of constraint properties because they will be generated automatically. TemplateInfo provides a couple of ways to define the constraint template source type – using Base64Encoded and PublicUrl, whereby Base64Encoded enables users to insert the constraint template privately inside a policy definition.
  • Azure Policy as a Visual Studio Code extension – In short, this add-on is responsible for auto-generation of an Azure Policy custom definition from a constraint template based on the type provided for the TemplateInfo. Briefed information how to use and which features are available can be found here.
  • Error State Reporting & Compliance Reason Codes has been released.

   Learn more here.

Compliance reason codes and error state reporting for Azure Kubernetes Service Policies are available now

Azure data-plane policies for Kubernetes clusters make compliance reason codes available and generate reports if there are any policy conflicts.

Due to this update, there is no way to install two conflicting policies until the conflict issue has been resolved. If already installed policies run into a conflict, they won’t stop working but a report will be generated.

Following this link, you will find the complete list of possible compliance reasons.

Learn more here.

Zone-redundant storage for Azure Disk Storage available now

Continuous expansion of cloud computing in the industries forces Microsoft to bring the reliability of the provided infrastructure  to the next level. The already excellent availability continues to increase because of the new zone-redundant storage (ZRS) for Azure Disk Storage.

Application availability:

Using Availability Zones, virtual machines can be set up in different zones, and additionally connecting a shared ZRS disk to the VMs improves their availability. If a primary VM runs into a failure, then the secondary virtual machine will take over, so that the application remains available.

The advantage for Azure Kubernetes Service clusters:

ZRS disks are also supported for applications located on multi-zone Azure Kubernetes Service. 

Legacy applications: 

For those applications which don’t support application-level synchronous replication (like older SQL Server versions) ZRS disks offer the opportunity to increase availability by using storage-level replication. 

Cost reduction: 

Based on shared ZRS disks ISVs are able to reduce costs for hosting several disks in different zones,  completely avoid replication costs and reduce write latency because there is no need to copy data from zone to zone. 

Performance for ZRS disks: 

ZRS offers the same performance and bandwidth as the equivalent LRS disks. Latency for ZRS disks is higher if compared to LRS, because of copying data between zones. 

Learn more.

Public preview: AKS offers users to choose what should happen while scaling down a deployment

With this preview users are enabled to decide how to handle the nodes while scaling down the deployment. Nodes can be either deleted or deallocated. Deallocating a node implies that attached storage and image are still present on the node. Later while scaling up the deployment the deallocated nodes will be started first before supplying new nodes. Due to scale-down mode, there is no need to have pre-provision nodes and pre-pull images.

Learn more.

V4 Cosmos DB extensions for Azure Functions in public preview now

Cosmos DB extension v4 delivers updates for DB triggers, input bindings, and output bindings. It includes performance improvement and supports identity-based connections.

Please follow the link for further information on usage and some temporary restrictions.

AKS Run command is available now

AKS Run command enables remote command call into an AKS cluster using the AKS API. This new API offers a secure option to execute commands from a remote machine (not being in the cluster’s private network) to a private cluster.

Learn more.

Private link for Resource management in Azure portal

Azure Private link enables private connection between resources as if both resources were part of the same network. To take advantage of this service a Private Link endpoint should be created. Using the private endpoint IT teams can operate with resources from a private network via a private endpoint, there is no need for communication via public IP addresses.

Private endpoints can be mapped to fixed resources. Access to other resources which are not included in the mapping will be denied. Thereby the risk of data exfiltration decreases rapidly.

Source: Microsoft

Follow the link for more details and step-by-step guide.

Azure DevOps: Azure Audit Stream available as a public preview

Auditing is important and that is the reason why it is per default enabled for Azure DevOps. It is not possible to turn it off. So, all logged data get stored for three months. Until now DevOps Project Admins had to retrieve Audit logging, validate the activities inside the organization, and export to a JSON- or CSV-file for further processing or investigation.

With Azure Audit Stream it is possible to send auditing data continuously to other services and tools outside of Azure DevOps. Three targets are available for configuration currently: Splunk (Logging, monitoring, and reporting platform), Azure Monitor Logs, and Azure Event Grid.

A step-by-step guide for the Azure Event Grid as a target is available here.

DaprCon 2021

Save the date – on October 19th, 2021 two years after release, the very first Dapr convention will be held as an online event. Besides the chance to talk to founders and maintainers of Dapr, attendees will benefit from experience reports of other companies across the globe.

Further information about the agenda, speakers, and sessions will be available soon! Find more details on the Dapr blog.

dapr logo
Source: GitHub