This article was originally posted in the Microsoft Azure blog.
This month’s updates include improvements to IaaS, Azure Data Explorer, Security Center, Recovery Services, Role-Based Access Control, Support, and Intune.
Here’s the list of April updates to the Azure portal:
Azure Data Explorer
- Public preview: Adaptive network hardening in Azure Security Center
- Azure Security Center adaptive application control updates
- Support for virtual network peering in Azure Security Center
- Azure Security Center: Secure score impact changes
Azure Site Recovery
Role-Based Access Control
Managed disks now have the latest UI pattern for creating resources in Azure. This updated flow eliminates horizontal scrolling during the creation workflow and follows the same UI patterns that we use in other popular services like VM, Storage, Cosmos DB and AKS, resulting in easier to learn and better customer experiences.
We loosened the restrictions on the characters you can use to name a virtual machine in the portal to include non-ASCII characters. Azure virtual machine naming in the portal is constrained by two sets of rules: Azure resource naming rules and guest operating system hostname naming rules, which can be more restrictive. With this release, we allow more Unicode characters in the virtual machine name, which is used as both the Azure resource name and the guest hostname. While the Azure resource name is immutable, you can update the in-guest hostname after the VM is created.
Azure Data Explorer
We’ve changed the way users create clusters. The new experience contains the new UX pattern of “review + create” which appears in several Azure products.
Azure Security Center can now learn the network traffic and connectivity patterns of your Azure workload and provide you with network security group (NSG) rule recommendations for your internet-facing virtual machines. This is called adaptive network hardening, and it’s now in public preview. It helps you secure connections to and from the public internet (made by workloads running in the public cloud), which are one of the most common attack surfaces.
It can be hard to know which NSG rules should be in place to make sure that Azure workloads are available only to required source ranges. These new recommendations in Security Center help you configure your network access policies and limit your exposure to attacks. Security Center uses machine learning to fully automate this process, including an automated enforcement mechanism. These recommendations also use Microsoft’s extensive threat intelligence reports to make sure that known malicious actors are blocked.
To view these recommendations, in the Security Center portal, select Networking and then Adaptive network hardening.
In Azure Security Center, adaptive application control in audit mode is now available for Azure Linux VMs. This whitelisting solution is also available for non-Azure Windows and Linux VMs and servers that are connected to Security Center.
In addition, you can now rename groups of virtual machine and server clusters in Security Center. They’re still automatically named group1, group2, and so on. But you can then edit them to provide a more meaningful name to your machine cluster groups to help you better represent those application control policy groups. Learn more about automated end-to-end application control in Security Center by visiting our documentation, “Adaptive application controls in Azure Security Center.”
The network map in Azure Security Center now supports virtual network peering. You can view directly from the network map allowed traffic flows between peered virtual networks and deep dive into the connections and entities.
In Azure Security Center, the number for secure score impact represents how much your overall secure score will improve if you follow recommendations.
Security Center fine tunes the score of the recommendations, continuously adjusting them to make sure they reflect the necessary prioritization. As part of this effort, the secure score has changed for several recommendations. The change might affect your overall secure score. You can learn more about secure score by visiting our documentation, “Improve your secure score in Azure Security Center.”
Azure Site Recovery
Azure Site Recovery (ASR) now supports disaster recovery of VMware virtual machines and physical servers by directly replicating to Managed Disks. All new protections now have this capability available on the Azure portal. In order to enable replication for a machine, you no longer need to create storage accounts. For more details, refer to the announcement blog post, “Simplify disaster recovery with Managed Disks for VMware and physical servers.”
Role-based access control
If you are still using the classic deployment model, we’ve consolidated the management of Co-administrators on a new tab named Classic administrators. If you need to add or remove Co-administrators, you can use this new tab. To learn more about this tab, see Azure classic subscription administrators.
To see the new Classic administrators tab:
- In the Azure portal, select All services and then Subscriptions.
- Select your subscription.
- Select Access control (IAM) and then the Classic administrators tab.
We have updated the support request creation experience, improving screen real estate usage and creating better interaction patterns.
During support case creation, customers can take advantage of our rich self-help content and diagnostics to troubleshoot their issues and get immediate solutions to their problems. The self-help and troubleshooting steps are available to all customers, including those that have not purchased a technical support plan with Microsoft.
The Microsoft Intune team has been hard at work on updates as well. You can find the full list of updates to Intune on the “What’s new in Microsoft Intune” page, including changes that affect your experience using Intune.
Azure portal “how to” video series
Have you checked out our Azure portal “how to” video series yet? The videos highlight specific aspects of the portal so you can be more efficient and productive while deploying your cloud workloads from the portal. Recent videos include a demonstration of how to create a storage account and upload a blob and how to create an Azure Kubernetes Service cluster in the portal. Keep checking our playlist on YouTube for a new video each week.
The Azure portal’s large team of engineers always wants to hear from you, so please keep providing us with your feedback in the comments section below or on Twitter @AzurePortal.