Monthly Azure news April 2022

In this issue of Monthly Azure news find out about numerous new features, announcements, and previews from the Azure/Cloud Native universe. 🚀 Feel free to share the news with your team and community.


Azure AD Graph retirement

Microsoft has announced, that Azure AD Graph will not be retired on 30 June 2022. Although support for Azure AD Graph will continue there will be no new features implemented. The announcement of the final retirement date is planned before 31 December 2022.

Generally available: Azure storage table access using Azure Active Directory

Authorize requests to Azure Table Storage using Azure Active Directory (Azure AD) is now generally available. Therefore, you can now leverage Azure role-based access control (RBAC) to easily grant permissions to a user, group, application service principal, or managed identity. Microsoft recommends using Azure AD authorization over Shared Key authorization with your table applications when possible to assure access with minimum required privileges. Learn more.

Azure Static Web Apps news

Azure Static Web Apps has been extended with the following features:

  • Skip API builds (public preview) – The API build can now be skipped via GitHub Actions.
  • Custom deployment sources (public preview) – GitLab or Bitbucket projects can now be used as the deployment source for Static Web Apps.
  • Stable URLs (public preview) – This feature will prevent the creation of temporary URLs during development.
  • Private endpoint – Securely access your Static Web Apps through a private IP address in the virtual network is now Generally Available.

Azure Container Apps news

Azure Container Apps, a service for building and deploying modern applications and microservices using serverless containers, has been extended with long-awaited features this month:

  • Health probes (public preview) – You can now set up Liveness, Readiness, and Startup probes over HTTP(S) and TCP protocols. The health probes are based on Kubernetes health probes.
  • Metrics & Alerts (public preview) – With the Azure Monitor integration you can now monitor the CPU, Memory, and network usage of your Container App and also send notifications based on those metrics.
  • Managed identities (public preview) – Maybe THE most awaited feature. Accessing other Azure AD-protected resources like Azure Key Vault is now possible with a system- or user-assigned Identity.
  • Built-in authentication (public preview) – Integrate supported identity providers to enable built-in authentication for your containers with almost no code.
  • Visual Studio – Deploy .NET Core applications to Azure Container Apps using Visual Studio 2022 Preview 2.
  • Visual Studio Code – This extension for Azure Container Apps lets you deploy .NET Core applications directly from Visual Studio Code.

Furthermore, you can now simply run az containerapp up –name my-app –source ./my-app to get your app up and running in Azure Container Apps. This requires the Container Apps Azure CLI extension version 0.3.2. You can check the details about this here.

Azure Kubernetes Service news

The public preview features scale-down mode and node pool snapshots went generally available. Scale-down mode lets you choose if you want to delete or deallocate nodes upon scaling down. Node pool snapshots will allow the creation of new node pools or clusters based on snapshots from an existing node pool. In addition, Group Managed Service Accounts for workloads on Windows is Generally Available.

Bicep news

Bicep is a declarative language for describing and deploying Azure resources.

The Bicep product group released version 0.5.6 earlier this month. With the new release, a module alias called public was added. Basically, this alias lets you access the Bicep public module registry to reuse supported Bicep modules. In addition, the very experimental feature of deploying Bicep directly from Visual Studio Code using the Bicep extension was added.

Terraform news

HashiCorp Terraform is an infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files. Microsoft published new features to make the use of Terraform on Azure easier:

  • The AzAPI Terraform provider will let you deploy public preview services and features that are not yet available in the AzureRM provider like Azure Container Apps.
  • Aztfy is a tool that allows to import Azure Resources within a resource group into Terraform state and create corresponding Terraform files. The goal of this official Azure project is to bring existing Azure services under the management of Terraform.

Public preview: Arm64-based Azure VMs 

Getting up to 50% better price-performance sounds like a good deal. This is now possible on Linux workloads with the public preview of ARM64-based Azure VMs. You can check the different available VM series and details by visiting this blog article. Furthermore, ARM64-based VMs are also supported with Azure Kubernetes Service.

Generally available: Automated key rotation in Azure Key Vault

Scheduling automated key rotation via policy and configuring expiry notifications on keys is now generally available. This feature also integrates with customer-managed keys (CMK) stored in the key vault. To learn more visit this page.

App Service: Virtual network integration moved to the basic tier

If you are using the Azure App Service Basic SKU, you can now enjoy full network capabilities. Eliminate public exposure by routing incoming traffic completely private to your App Service by using private endpoints. Moreover, virtual network integration will control network flow for outgoing traffic from your Apps. For more information visit this site.

IoT Central: Private link support

You can now route traffic from IoT devices privately from your premise to IoT Central applications by using the Microsoft backbone network. This can be done with the Azure Private Link feature. As shown in the below picture, traffic will flow over a VPN / Express route directly into the customer virtual network using a private endpoint and private IP address. In addition, Private Link eliminates exposure to the public internet.

Source: Microsoft

Public preview: Azure Monitor and Azure Managed Grafana integrations

The wait is over: Azure Managed Grafana public preview has finally arrived. Grafana is an open and composable observability and data visualization platform. Grafana allows you to query, visualize, alert on and understand your metrics no matter where they are stored. Along with it comes the Grafana Azure monitor integration and out-of-the-box dashboards for popular Azure Monitor insights. This Tech Community blog article shows how to enable full-stack observability with Azure Monitor and Grafana.

Opt-in to Auditing on Azure DevOps

For the past couple of years, Microsoft continuously worked on extending the auditing features on Azure DevOps. With the new opt-in feature, you can now explicitly enable the logging of audit events for your organization. You should be able to see these new settings within the next 2 weeks, if not already, on your Organization Settings under Policies:

Join us: Azure Rosenheim Meetup – First look: Azure Managed Grafana, AZApi Terraform Provider, Azure Terrafy

As you read before, Azure Managed Grafana has arrived. We’ll take a look at the long-awaited offering with you and tell you whether it will outperform Azure Monitor in the future.

In the second part, we introduce you to the new AzAPI Terraform Provider and explain how and why. Last but not least, we will show you how you can convert existing Azure resources into Terraform with Azure Terrafy.

Please visit this page to find more information about the meetup.