Azure World Newsletter – Issue 4.18

September 6, 2023

Welcome to the seventeenth edition of the Azure World Newsletter in 2023.

Hello again, my friends from around the world. I’m so happy you continue to subscribe and read this bi-weekly newsletter on Azure. I enjoy sitting down each week to research and write this, and hopefully, you will continue to find value in it. Feel free to invite your co-workers or others to subscribe if you think they would find it helpful.

The unsubscribe link is at the bottom if you want to stop receiving these emails.

ONE.

If you’ve created virtual machines recently using the Azure Portal, you might have noticed a new change: trusted machines are now the default setting.

You can still choose the old security setting using a dropdown on the Portal. And other ways of launching VMs remain unchanged for now.

A trusted launch adds security features to launching virtual machines using verified and signed bootloaders, OS kernels, and a boot policy. This protects against boot kits, rootkits, and kernel-level malware.

The four security features enabled by Trusted Launch are:

Secure Boot
Virtual TPM (vTPM)
Measured Boot
Boot integrity monitoring

Modern physical machines (such as your laptop) have a security processor called a TPM. This provides cryptographic storage that can be used to confirm that the operating system and firmware on your device are what they’re supposed to be. In fact, with Windows 11, Microsoft requires TPM 2.0 to be available on the machine hardware, and many machines (even newer ones) don’t support that. This is why many machines, even powerful ones, can’t be updated to Windows 11.

With virtual machines, there is a virtual TPM (vTPM). This allows customers to protect keys, certificates, and secrets in the virtual machine.

You’ll need a trusted virtual machine to launch a Windows 11 VM.

See more:
https://techcommunity.microsoft.com/t5/azure-confidential-computing/announcing-trusted-launch-as-default-in-azure-portal/ba-p/3854872

TWO.

Azure App Services have a WebJobs feature that allows you to run a background job such as an executable or a script. These background tasks operate independently of the web app itself, and there is no extra cost to run a WebJob.

Now, Azure Container Apps also support WebJobs.

Jobs enable you to run serverless containers that perform background tasks that run to completion. These jobs can either be started manually, scheduled on a timer or can respond to some event.

You can use these background jobs for many different purposes. You can schedule a job to run every night at a specific time to perform an end-of-day task that your app might require.

You can also respond to an event, such as a new message arriving in a queue. That can trigger a job to run. In this way, it can be like Azure Functions.

Jobs can run multiple executions concurrently. So if there are multiple messages that arrive in queue in a short period of time, all of them can be processed at the same time.

Check the blog post for more information.

See more:
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/generally-available-azure-container-apps-workload-profiles-more/ba-p/3913345

AZURE PLATFORM UPDATES.

A few updates for you this week.

The following updates to the Azure platform were announced in the last two weeks:

Cross Subscription Restore for Azure Virtual Machines
Rate-limit rules for Application Gateway Web Application Firewall, in preview
Quick create Azure Front Door endpoints for Azure Storage accounts
Improve VM resiliency with Azure Advisor’s Availability Zone recommendation
Azure Portal experience for Azure Database Migration Service, in preview
Auto-upgrade scheduled maintenance for AKS, in GA
Azure Container Apps dedicated plan, in GA
Azure Container Apps supports additional TCP ports
Azure Container Apps jobs
Azure Container Apps supports environment level mTLS encryption, in preview
Azure Functions .NET 8 support in Linux plans, in preview
Trusted launch as default for VMs deployed through the Azure portal
Azure Firewall: Auto-Learn SNAT routes feature is now in public preview, in preview
Azure Firewall: Explicit Proxy is now in public preview
Azure Firewall Single-Click Upgrade and Downgrade is now in general availability
Azure Monitor VM Insights using Azure Monitor Agent, in GA

Be sure and check out the Azure Updates page if any of these affect you.

https://azure.microsoft.com/en-us/updates/

COMING UP FOR ME.

Did you know I have Azure practice labs?

At the GetCloudSkills labs website, you can buy 3-month passes to a whole set of Azure labs around a particular exam, including time in Azure to practice them! If your free account is over, no need to worry. For only $24.99, you can get 3-months of Azure time and a bundle of labs to practice with.

I also have a 12-month lab package available that comes with over 700 labs, including Azure, AWS, Linux, Cybersecurity, and more.

Check out my website for details.

http://www.getcloudskills.com/