Microsoft Azure developments I am following in 2020
Microsoft uses its comprehensive technology conference of the year, “Microsoft Ignite 2019” to make many new announcements. This event serves as a platform to share their latest product and service announcements, insights on future updates, successful use cases and their vision for technology.
With that in mind, I wanted to recap some of the highlights of the sold-out conference that will all be evolving in 2020. While there were a number of new announcements on Microsoft products including Microsoft 365, Power BI, and more, I’d like to focus on the exciting innovations on the Azure cloud platform.
But before I do that, I’d like to reiterate a message that Microsoft CEO Satya Nadella shared in his keynote address that resonates across industries.
To speed adoption of key technology improvements, Mr. Nadella stressed that organizations need to be able to access the latest platform, tools, and training.
This is the first step in what he describes as building “tech intensity.” For an organization to have the digital capabilities to transform their business, they require tech intensity, which Nadella described in the form of an equation — (tech adoption multiplied by tech capability) ^ “encroached” in trust in the technology.
Organizations that embrace tech intensity are thriving and maximizing their impact.
Additionally, Nadella noted the key role partners can play in helping companies use technology to build a competitive advantage.
There were eight categories of new announcements for Azure that stood out to me — Containers, Databases, Hybrid, Management & Governance, Security, AI and Machine Learning, Networking, and DevOps. In this blog, I’ll focus on four of those areas that I feel will be of the most interest to our readers.
Containers
In the Containers space, Microsoft announced new features to both streamline the developer experiences for Azure Kubernetes Service (AKS) as well as enhanced governance for logging, monitoring, and threat protection for applications delivered on Azure. There are continued efforts at the integration of Microsoft’s GitHub with GitHub Actions that can easily deploy versions of applications to a sandbox environment that accelerates the testing process. On the governance front, users can now register Kubernetes clusters in Azure no matter where they are running and provide a unified management and policy control approach. These can be managed from the Azure portal, and in combination with hybrid services, offers a way to maintain governance. Azure Monitor was enhanced for capturing cloud-native system metrics to measure AKS performance.
Hybrid
Microsoft understands that businesses have complex environments with thousands of apps, diverse hardware, and multiple clouds. In short — a hybrid environment. Customers need to be able to operate in these disparate environments while remaining innovative, have developer agility at scale, and retain the requisite security and management across platforms.
One of the most significant new announcements at this event was Azure Arc, which extends Azure management to any infrastructure for unified management, governance, and control across clouds, data centers, and the edge. This exciting new service allows developers to build containerized apps with the tools of their choice. IT teams can then ensure that the apps are deployed and configured in a governed, unified manner with role-based access control and security policies. This allows customers to stay current with the latest innovations from Azure by deploying and managing Kubernetes applications using DevOps techniques while ensuring they are configured from a source control in a consistent manner.
Azure Arc was announced for public preview for servers (Windows and Linux) with more to follow to help unlock hybrid scenarios. Customers and providers will be able to connect both physical and virtual servers directly in the Azure console and apply tags, role-based access control (RBAC,) and more all within the same console. This announcement is one we at CentriLogic will be closely following with our partner team at Microsoft. It is also gaining significant attention including in a recent article in Forbes which called the Azure Arc announcement a “game-changer” for Microsoft due to its unique approach and major revamp of the hybrid strategy.
Networking
Microsoft’s global network that connects data centers that run Azure, Office 365, XBOX, and other services is one of the largest networks in the world.
The Azure Firewall Manager was one of many network-related enhancements announced at Microsoft Ignite. The new feature was unveiled in preview mode and provides a simplified central configuration and management of rules for multiple Azure Firewall instances and across Azure regions and subscriptions.
Azure Firewall was announced last year, and this new service will help users define rules and central management from a single place — simplifying the use of the service.
Another significant announcement was for Azure Bastion which became Generally Available (GA) on November 4th. Customers who connect to workloads and virtual machines on private networks continue to face security risks. Exposing network assets to the public internet through RDP or SSH increases these security concerns. Azure Bastion provides secure and seamless RDP and SSH access to VMs, can be provisioned in a customer’s virtual network, and supports all VMs in their VNet without any exposure through public IP addresses by always using its private IP.
Security
Azure Security continues to be a significant area of emphasis and investment from Microsoft. Some of the announced advances include enhanced cloud resource threat protection, customer lockbox extensions, the release of a Secure Code Analysis toolkit, and updates to Azure Security Center. The Center, a unified infrastructure security management system, strengthens the security posture of customer data in data centers and in the cloud and provides advanced threat protection across hybrid workloads in the cloud — whether these are in Azure or in data centers.
Most significantly, the new security score (now in public preview) allows users to create custom rules in Azure Policy that meet their specific security requirements. These rules will be reflected in the new security score along with the corresponding remediation and regulatory compliance recommendations which are displayed on the Security Center dashboard.
When a customer activates Security Center, a monitoring agent is deployed automatically into Azure virtual machines. For on-premises VMs, agents can be deployed manually. Security Center will then assess the security stats of the entirety of a customer’s environment — networks, applications, hybrid infrastructure, and data. In addition, the aggregation of the security data information in an Azure workspace allows for big data querying capabilities and greater analytics. This tool will help customers implement best practices related to security and compliance.
In combining both the Containers and the Security areas, Microsoft announced that Azure Security Center will now have the ability to assess the security of customer Azure Kubernetes Service (AKS) cluster. This release is in preview mode and provides three key things — continuous discovery of managed AKS instances, recommendation on security best practices specific to AKS, and Host and Cluster threat detection analysis.
With over 1,000 sessions and 175 separate announcements — the sheer scale of the conference can be overwhelming. You can view many of the on-demand sessions on Microsoft’s session catalog. Our team at CentriLogic is working with our partner at Microsoft on a regular basis to help educate our teams and work with our customers and deliver solutions to meet their needs.
