Soft delete for blobs capability for Azure Data Lake Storage is now generally available. This feature protects files and directories from accidental deletes by retaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object, i.e. file or directory, to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted.
All soft deleted files and directories are billed at the same rate as active ones until the retention period has expired.
This capability is now generally available in all public regions.
You can secure access to your storage account by enabling a service endpoint for Storage in the subnet and configuring a virtual network rule for that subnet through the Azure storage firewall. You can now configure your storage account to allow access from virtual networks and subnets in any Azure region. By default, service endpoints enable connectivity from a virtual network to a storage account in the same Azure region as the virtual network or it's paired Azure region. This preview enables you to register your subnet to allow service endpoint connectivity to storage accounts in any Azure region across the globe.
Microsoft is releasing a new Azure HDInsight API version, which simplifies and updates the API design. The new API 2021-06-01 includes capabilities, such as creating clusters with availability zones, supporting private link, and private endpoint configuration. With these new enhancements, Azure HDInsight 2018-06-01 preview API will be retired on 30 November 2024.
Start using the new API by following the steps in Azure HDInsight REST API before 30 November, 2024. After 30 November 2024, 2018-06-01-preview version will not work.
Some of the key API changes you need to update include:
We’re announcing the release of CycleCloud 8.2.1 This release contains a number of Slurm improvements. Check the list of the improvements and bug fixes below:
The 2021 Q3 update to Azure App Service on Azure Stack Hub is now available. This release updates the resource provider and brings the following key capabilities and fixes:
GitHub Desktop now supports reviewing the statuses of individual check runs for a pull request directly in GitHub Desktop. This includes statuses of job steps for check runs generated through GitHub Actions. Customers can review the results of check runs on a PR, re-run jobs, and quickly navigate to the logs on github.com.
Azure Communication Services can now be used to connect users of a custom-built app with users on Microsoft Teams via voice, video, or chat. Organizations and businesses alike can offer custom branded experiences connected with Microsoft Teams where internal employees benefit from the security, familiarity, and capability of Microsoft Teams, and external users can enjoy a custom communication experience on a web or mobile app.
This is ideal for many business-to-consumer scenarios, such as healthcare professionals delivering remote care, finance advisors helping consumers with a loan application, or support staff helping end-users install a new product. As a bonus, VoIP and chat usage is only billed to your Azure resource when using Azure APIs and SDKs. Meaning usage for Microsoft Teams app users interacting with Azure Communication Services applications is free.*
*VoIP and chat usage for Microsoft Teams endpoints are included with Microsoft 365 licenses.
Availability Zones in India Central are made up of three unique physically separated locations or “zones” within a single region to bring higher availability and asynchronous replication across Azure regions for disaster recovery protection.
Availability Zones give users additional options for high availability for their most demanding applications and services as well as confidence and protection from potential hardware and software failures by providing three or more unique physical locations within an Azure region.
Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments expressed as a predicate using these attributes. This update to the preview enables the use of Azure AD custom security attributes for principals in role assignment conditions. You can now use combine principal attributes with resource and request attributes in your condition expressions.
Managing hundreds or thousands of role assignments for a subscription or a resource can be difficult. Use of these custom security attributes for principals in role-assignment conditions can help you reduce the number of role assignments on your storage account, and make them easier to manage. You can scale the management of role assignments using role assignment conditions that match attributes of a principal to attributes of the storage resource being accessed.
Immutable storage with versioning for Blob Storage is now generally available. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable, and you can set a retention period so that files can't be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed.
Immutable storage with versioning adds the capability to set an immutable policy on the account, container, or object level. It also allows for the immutable protection of all past and current versions of any blob.
To learn more, please read the documentation on immutable storage with versioning.
Immutable storage with versioning policies and legal holds are free of charge. Storage usage and transactions will be billed as normal. To learn more about pricing, visit the Azure Storage Blobs Pricing | Microsoft Azure.
Managing secrets and credentials that are used to establish secure connections between Azure services is a common challenge for developers. You often need to rotate and store these credentials in a secure place within their code. This update adds support for System Assigned Managed Identity in IoT Central allowing developers to seamlessly configure their data export destinations.
Azure Managed Identity completely eliminates the need to manage credentials and connection strings for your data export destinations within your IoT Central application. It provides with you with a secure identity that can be used to connect with other Azure resources that support Azure Active Directory authentication.
Please check out the IoT Show demo video for this feature, where you are walked through how to eliminate the management of secrets and credentials by leveraging a system-assigned managed identity for your IoT Central application to securely and seamless access other Azure-AD protected resources.
Learn more about configuring a managed identity.
Learn more about creating an Event Hubs destination.
Last year, Microsoft announced Azure Space, bringing together the possibilities of Space with the power of the cloud to help people and organizations achieve more on and off the planet.
Today we are announcing new partnerships and capabilities for Azure Space including:
Today we're announcing the public preview of VM restore point, a new resource that stores VM configuration and a point-in-time snapshot of one or more managed disks attached to a VM. VM restore points supports multi-disk application consistent snapshots and can be leveraged to easily capture backups of your VM and disks. You can easily restore the VM using VM restore points in cases of data loss, corruption, or disasters.
We are also introducing a new Azure Resource Manager (ARM) resource called Restore Point Collection, which will act as a container for all the restore points of a specific VM.
Azure Application Gateway now supports the use of wildcard characters such as asterisk (*) and question mark (?) for hostnames on a multi-site HTTP(S) listener. You can now route requests from multiple host-names such as shop.contoso.com, accounts.contoso.com, pay.contoso.com to the same backend pool through a single listener configured with a wildcard hostname such as *.contoso.com.
Geo-redundant backup helps you protect against outages impacting the primary region and allows you to restore your server to the geo-paired region. Currently, geo-redundancy can only be enabled or disabled when a server is initially created. Geo-restore allows you to instantiate a server in the paired Azure region using the geo-backup. The geo-redundant backup for Azure Database for PostgreSQL – Flexible Server is available in selected regions only at this time. Refer to the documentation for the latest list of regions supported for this feature.
SMS is one of the fastest-growing methods of connecting with customers and helps businesses deliver important information almost anywhere. With SMS from Azure Communication Services, developers can easily add text messaging capabilities to their applications with features like high-velocity message support, bulk messaging, two-way communication, reliable delivery, and so much more.
SMS short codes, now in public preview, are short numbers typically 5 or 6 digits long, that can only be used for sending text messages. Short codes are an addition to existing number types supported by Azure Communication Services. This is important for scenarios, like two-factor authentication, promotional campaigns, or appointment reminders. With this functionality, developers can now register for a new short code through an easy, automated registration service, providing many benefits for driving customer engagement at scale.
Azure Communication Services SMS and short code functionality is also built to work with other Azure services. For example, businesses can reliably send messages while exposing deliverability and response metrics through Azure Monitor. SMS-based workflows can be added into applications with a Logic Apps connector or receive SMS notifications with Azure Event Grid.
Check out this blog to learn more about how these services can work together: Prototyping sentiment analysis of SMS with Logic Apps.
Azure Kubernetes Service (AKS) uses certificates for authentication with many of its components. Periodically, you may need to rotate those certificates for security or policy reasons. AKS will now automatically rotate non-CA certificates on both the control plane and agent nodes before they expire with no downtime for the cluster.
AKS auto-certificate feature is currently available in selected regions. This capability is being rolled out to other regions and will become available in the remaining Azure regions by end of Feb 2022.
Azure Load Testing is a fully managed Azure service that enables developers and testers to generate high-scale load and run simulations with custom JMeter scripts, gain actionable insights to catch and fix performance bottlenecks at scale, and shifts testing left in automated CI/CD pipelines.
The release of .NET 6 helps developers build the apps they want to build, the platforms they want to target, and the operating systems they want to use for development. Azure App Service for .NET 6 is generally available now, meaning application developers can utilize the capabilities offered by .NET 6 and run those web apps in App Service.
.NET 6 extends our .Net unification vision, making it easier for web and cloud developers to expose services to .NET mobile apps and share code with them.
You can now enable the full mode of SQL Server IaaS Agent extension with no restart, giving you access to more manageability features for SQL Server on Azure Virtual Machines without interruption to your workloads. Previously, you had to restart the SQL Server services to enable these features. The full mode of SQL Server IaaS Agent extension unlocks many benefits such as Automated Backup, Automated Patching, Storage Optimization, and more, along with license management that comes with lightweight mode.
Flexible Server is a new deployment option that provides more control and flexibility over databases, zone resilient high availability, cost optimization controls, and competitive ready-to-use performance/latency.
Flexible Server provides maximum control through custom maintenance windows and additional configuration parameters for fine-grained tuning. You can now benefit from zone redundant high availability and control the timing for patches and upgrades. Deploying a new server is simpler with a guided experience.
You can also optimize the total cost of ownership with burstable instances for your servers and stop/start capabilities that enable you to only pay for compute when the server is in use. Flexible Server is also fully compatible with community PostgreSQL, available with PostgreSQL 11, 12, and 13 support, and can be used for a variety of workloads.
Learn more about this announcement on the Tech Community blog.
Application volume group (AVG) for SAP HANA enables you to deploy all volumes required to install and operate an SAP HANA database according to best practices in a single one-step and optimized workflow. The application volume group feature includes the use of proximity placement group (PPG) with VMs to achieve automated, low-latency deployments. Application volume group for SAP HANA has implemented many technical improvements that simplify and standardize the entire process to help you streamline volume deployments for SAP HANA - instead of creating the SAP HANA volumes (data, log, shared, log-backup, file-backup) individually, the new application volume group for SAP HANA creates these volumes in a single 'atomic' operation (GUI, RP, API).
Azure NetApp Files application volume group will shorten SAP HANA landscape deployment time and increase overall application performance and stability, and eliminate the need for ‘manual pinning’ of the Azure NetApp Files volumes. The application volume group feature supports both Single-Node (scale-up) and Multi-Node (scale-out) standardized and optimized HANA deployments. The application volume group feature also proposes optimized sizing, standard naming conventions, and includes support for both HANA System Replication (HSR) for high availability and Azure NetApp Files cross region replication (CRR) for regional disaster recovery with storage based replication. This feature is now in public preview.
This update provides the following improvements for the latest version of Azure Site Recovery components.
It also provides the latest updates for the following Azure Site Recovery scenarios.
Apps can be configured with any OpenID provider as a custom identity provider for the App Service Authentication feature.
To learn more, see Configure an OpenID Connect provider.
The max number of Site-to-Site/VNet-to-VNet connections on a VPN Gateway has been increased from 30 to 100 tunnels for SKUs VpnGw4, VpnGw5, VpnGw4AZ, and VpnGw5AZ.
This change does not affect legacy gateways with the High-Performance SKU.
You can now further customize autoscale Apache Spark in Azure Synapse by enabling the ability to scale within a minimum and a maximum number of executors required at the pool, Spark job, or notebook session-level. This enhances the autoscale capabilities within Apache Spark on Synapse by allowing you to customize how your clusters scale based on specific workload requirements.
Web PubSub makes it easy to scale web apps so that developers can focus on the user experience for their chat apps, games, and other communication-intensive scenarios.
Web PubSub supports both native and serverless WebSockets, so developers can leverage the publish-subscribe messaging pattern and let Web PubSub handle the real-time communication requirements between an application and web and mobile clients. This enables scenarios such as chats, live broadcasting, and IoT dashboards.
Azure Kubernetes Service (AKS) feature to allow for Azure Active Directory (AAD) integrated clusters to be created without any local admin user account is now generally available.
By default, when you create a Kubernetes cluster, access to the cluster is through a local admin account. This is not desirable for security reasons as anyone can use a local account. It is also harder to manage such local accounts.
With AAD integration, there is no need for local accounts. You can now disable local accounts when you setup AAD with your AKS cluster.