Azure World Newsletter – Issue 2.17

September 10, 2021

September 8, 2021

Welcome to the seventeenth edition of the Azure World Newsletter in 2021. 

Here in Toronto, the kids are heading back to school this week and the temperatures are a bit cooler. It’s funny how the weather changes in a single day. One day, stifling heat. And the next, you can easily be without air conditioning. I expect the stifling heat will return later this month. But you really miss it that first week that it’s gone.

Thanks so much for subscribing. The unsubscribe link is at the bottom if you want to stop receiving these emails.

Sign up for this bi-weekly newsletter

ONE.

Microsoft is rolling out support for Availability Zones in App Service Plans. It’s in general availability as of now.

As you know, Availability Zones gives us increased availability within a region. Of course, you can deploy your applications across multiple regions (using an App Gateway for instance) to get global availability. But now we can get increased availability inside the same region.

There are some very specific requirements in order to use Availability Zones with App Services.

  1. You must be running on Premium V2 or V3 level plans
  2. Minimum of 3 instances (one for each zone)
  3. Must be running in a supported region
  4. Must be a NEW app service plan
  5. Must be deployed using ARM templates

Currently, converting a pre-existing App Service Plan to support availability zones is not supported. So if you want to take advantage of this, you must recreate the service plan and redeploy.

It’s also only supported in the “new portion” of the data center, so that’s why you need to be on Premium V2 or V3 in order to get this new feature.

The last requirement is interesting. It’s currently not supported in the Azure Portal or with either of the command-line SDKs. So you must deploy this using ARM templates. Hopefully, they add that function to those interfaces soon.

https://azure.github.io/AppService/2021/08/25/App-service-support-for-availability-zones.html

TWO.

I probably should mention the vulnerability that was discovered in Cosmos DB a couple of weeks ago.

Apparently, it was not actually used by “bad guys” (as far as Microsoft can tell), but security researchers discovered a way to access any Cosmos DB account through an exploit in Jupyter Notebooks functionality.

The researchers were able to gain privilege escalation through Notebooks, which gave them the ability to get the “access keys” of any other Cosmos DB account. Which as you know, gives you full read/write access.

Around 30% of customers received an email from Microsoft telling them to regenerate their Cosmos DB access keys. But the security researchers suggest that every Cosmos DB customer regenerates their keys.

If you’re in a position to do so, I’d look to regenerate your access keys. Maybe this is a good opportunity to make it easy for yourself to update the keys by putting a reliable process in place to do so and testing that process. Like changing a password, you can do that every few months on a schedule.

https://arstechnica.com/information-technology/2021/08/worst-cloud-vulnerability-you-can-imagine-discovered-in-microsoft-azure/

Sign up for this bi-weekly newsletter

AZURE PLATFORM UPDATES.

The following announcements were made in the last two weeks: 

  • Automatic key rotation of customer-managed keys for encrypting Azure disks, now in GA
  • Change performance tiers for Azure Premium SSDs with no downtime, now in GA.
  • Windows Server IoT 2022, now generally available
  • Azure Spring Cloud Enterprise, in private preview
  • Custom AKS policy support, now public preview
  • Azure Route Server, now in GA
  • NSG support for Private Link, now in public preview
  • User-Defined Routes (UDR) support for Private Link, now in public preview
  • Azure Files supports reservations for storage capacity
  • Azure App Service support for Availability Zones, now in GA

The last newsletter contained a lot of service retirements. There are still a few more to come:

  • Java 7 to be retired from App Service on 29 July 2022
  • ND-series Azure Virtual Machines will be retired by 31 August 2022
  • Multi-step web tests will be retired on 31 August 2024
  • Azure Functions support for Python 3.6 is ending on 30 September 2022
  • Azure Functions support for Node 6 is ending on 28 February 2022
  • Azure Functions support for Node 8 is ending on 28 February 2022
  • Azure Functions support for Node 10 is ending on 30 September 2022
  • Azure Functions support for PowerShell 6 is ending on 30 September 2022
  • Community support for Python 3.7 is ending on 27 June 2023
  • Azure AD Graph is retiring on 30 June 2022
  • Upgrade to the latest version of Azure AD Connect before 31 August 2022

Be sure and check out the Azure Updates page if any of these affect you.

https://azure.microsoft.com/en-us/updates/

COMING UP FOR ME.

My SC-300 course is now live. It’s available for students in Udemy Business, or you can pick it up using the link below. It’s rated 4.96 stars right now. This course covers the exam SC-300: Microsoft Identity and Access Administrator. Passing that exam gets you Microsoft Certified: Identity and Access Administrator Associate certification.

https://www.udemy.com/course/sc300-azure/?couponCode=SEP2021

I now turn my attention to something people have been asking me to create for years. Another security-related exam, AZ-500. I hope to have that out this month. So stay tuned to this space in future newsletters for updates.

WHERE TO FIND ME.

And that’s it for issue 2.17. Thanks for reading this far.

What is your favorite platform to be on? Perhaps we can connect there.

Facebook Page: https://www.facebook.com/getcloudskills/ 

LinkedIn: https://www.linkedin.com/in/scottjduffy/

Instagram: https://www.instagram.com/getcloudskills.ca/

Twitter: https://twitter.com/scottjduffy

Udemy: https://www.udemy.com/user/scottduffy2/

LinkedIn Learning: https://www.lynda.com/Scott-Duffy/1993589682-1.html

Sign up for this bi-weekly newsletter