Monthly Azure news July 2021
The most important news from the Azure world is summarized in the this blogpost. We hope you will enjoy the read and share this blogpost with your team and/or community.
- OWASP ModSecurity Core Rule Set 3.2 for Azure Web Application Firewall in public preview
- Updates to secrets configuration options in App Service and Azure Functions is now generally available
- Public preview: Azure Bastion Standard SKU
- Create AKS clusters without local user accounts (public preview)
- Azure Kubernetes Service smart defaults in public preview
- Event Grid integration with AKS in public preview
- API Management and Event Grid integration now in public preview
- General availability on July 30, 2021: Azure SQL enabled by Azure Arc
- Application Insights integration with App Services for Java & Node.js apps is now generally available
- AAD authentication for Application Insights
- General availability: Session and cache provider using Azure Cosmos DB
- General availability: Azure Monitor and Grafana integration enhanced
- Python Functions support for custom telemetry in Application Insights is generally available
OWASP ModSecurity Core Rule Set 3.2 for Azure Web Application Firewall in public preview
Microsoft is announcing the public preview of the OWASP ModSecurity Core Rule Set 3.2 for Azure Web Application Firewall (WAF) deployments running on Application Gateway.
The release includes:
- improved security from web vulnerabilities
- reduced false positives
- performance improvements
- file upload limit increased to 4GB
- request body size limit increased to 2MB
Updates to secrets configuration options in App Service and Azure Functions is now generally available
Expanded networking support on Windows and Linux is now offered with Key Vault references. Additionally, Key Vault references offer the ability to designate a user-assigned identity. Apps are also enabled to access their content package (from blob storage) using their app identity.
With Key Vault references, you can resolve secrets in apps and expose them as environment variables using a managed identity. The ability for apps to use virtual network integrations when resolving Key Vault secrets is now additionally available for Linux apps.
Key Vault references do not rely solely on the app’s system-assigned identity anymore. Apps can now use a user-assigned identity to access their secrets. Identities can be created and assigned permission to the vault before the app itself is created, which can simplify automation workflows.
Public preview: Azure Bastion Standard SKU
The new Azure Bastion Standard SKU allows you to perform/configure the following:
- Manually scaling of Bastion host Virtual Machine instances to facilitate Bastion connectivity. It is possible to configure 2-50 instances to manage the number of concurrent SSH and RDP sessions Azure Bastion can support.
- Enabling/Disabling of features accessed by the Bastion host through the Azure Bastion admin panel.
Create AKS clusters without local user accounts (public preview)
Azure Active Directory integrated AKS clusters can now be created without any local admin user account.
For security reasons, accessing the Kubernetes cluster through a local admin account is not desirable, as anyone can use it. Local accounts are also harder to manage. With this public preview feature, you can disable local account when setting up AAD with your Azure Kubernetes Service cluster.
Azure Kubernetes Service smart defaults in public preview
Smart defaults are a set of scenario-specific cluster configurations that can be applied in a single click. They help you to avoid common pitfalls when setting up your AKS.
They will cover scenarios such as:
- batch processing
- hardened cluster access
It is also possible to quickly apply preset configurations for node pool sizes, configure auto-scaling, Azure Monitor and further customize settings as needed to meet unique needs. This will save you time testing different settings or navigating through documentation.
Event Grid integration with AKS in public preview
Microsoft is announcing Azure Kubernetes Service as an event source for Azure Event Grid. This public preview feature will help you to automate AKS operations.
With this public preview feature, the following events can be subscribed to Azure Event Grid:
- New Kubernetes version upgrade availability
- New node image version upgrade availability
API Management and Event Grid integration now in public preview
Azure API Management has now a public preview integration with Azure Event Grid. This allows you to publish events from API Management to Azure Event Grid and send notifications to other services and trigger downstream processes. Examples for events on an API Management resource could be:
- new user created
- new subscription created
General availability on July 30, 2021: Azure SQL enabled by Azure Arc
On July 30, 2021, Azure SQL enabled by Azure Arc will be generally available. This includes:
- Arc-enabled SQL Managed Instance (originated from Azure SQL Managed Instance)
- SQL Server on Arc-enabled servers (originated from SQL Server on Azure virtual machines)
General availability for Azure Arc-enabled PostgreSQL Hyperscale will be available soon.
Azure Arc-enabled SQL Managed Instance can run on any Kubernetes in multi-cloud environments, at the edge, in customers own datacenters, and can bring you several benefits. Optimize data workload performance by bringing cloud elasticity on-premises for existing infrastructure and dynamically scale up or down, without application downtime. Running the service is possible under different connectivity models, e.g. with or without continuous and direct connection to Azure. Leverage built-in management capabilities including HA and backup/restore, to automate routine-based administrator tasks.
Bring all the management benefits of Arc-enabled servers to your existing SQL Server, running on VMs or physical servers, with SQL Server on Arc-enabled servers.
- searchable inventory lists
- enhanced security from Azure Defender
- free SQL assessment runs
Application Insights integration with App Services for Java & Node.js apps is now generally available
Azure portal makes Application insights for Java and Node.js App Services now generally available, without requiring code changes. With the click of a button, telemetry data will give you insights into requests, performance, dependencies, and allow you to perform deep root cause analysis.
Application insights integration with App Services can be enabled when creating new apps as well as for existing apps.
This integration will allow you to monitor popular Java technologies, such as Kafka, JMS, Webflux/Netty, and Java logging frameworks. More is available by default. You can check out additional configuration options that are already in general availability are available here.
AAD authentication for Application Insights
AAD authentication is now supported by Azure Monitor application insights. This feature ensures that Application Insights resources receive only authenticated telemetry.
Managing credentials at a large scale (due to various authentication systems) can be cumbersome and pose risks. Now you have the possibility to opt-out of local authentication and make sure only exclusively authenticated telemetry, using AAD and Managed Identities is ingested in your Application Insights resources. This enhances the reliability and security of the telemetry used for business decisions and other critical operations.
General availability: Session and cache provider using Azure Cosmos DB
Azure Cosmos DB can be used now as a distributed cache and session state provider. Your web application can store session state data by using Azure Cosmos DB as a performant and distributed session state provider. For that, the provider leverages the Azure Cosmos DB .NET SDK. The provider can also be used for any application that requires a distributed cache for improving performance and scalability.
General availability: Azure Monitor and Grafana integration enhanced
Recent updates to the integration between Azure Monitor and Grafana (the Azure Monitor plugin for Grafana) have enabled additional data sources and simplified authentication leveraging managed identity.
Below are the details of the new enhancements. Some of the new enhancements include:
- Azure Resource Graph in Grafan’s Azure Monitor data source. Azure Resource Graph lets you govern your environment effectively by allowing queries across a given set of subscriptions. With Grafana 8.0, querying ARG is supported by Azure Monitor data source.
- Managed Identity for Azure Monitor data source and Azure hosted Grafana. Managed identity enabled VM’s hosting Grafana in Azure, will now be able to use the managed identity to configure Azure Monitor in Grafana. Data source configuration, requiring the data source to be authenticated will be simplified. Configuring credentials manually via Azure AD App Registrations will not be needed.
- Deep links for Metrics from Grafana. Query results of metrics in Grafana will be linked (via context menu) directly to a corresponding chart in Azure Portal Metrics Explorer.
Python Functions support for custom telemetry in Application Insights is generally available
Azure Monitor Application Insights is a cloud native application monitoring offering that makes the observation of failures, bottlenecks, and usage patterns possible in order to resolve incidents faster and reduce downtime.
The release of OpenCensus Python Azure Functions Extension enables DevOps professionals and application owners to expand the reach of their distributed tracing and use custom dependency calls from Python Function workers, using popular libraries.
E.g. pymongo, postgresql, pymysql, mysql, django.
Python Function customers can make better use of existing experiences in Azure Monitor Application Insights. The additional telemetry will help to find issues such as performance bottlenecks and drive down Mean Time to Resolution.