Azure.Source – Volume 28

Azure Security News at RSA Conference 2018

Last week, we made several Azure Security announcements in conjunction with RSA Conference 2018 in San Francisco:

• Introducing Microsoft Azure Sphere: Secure and power the intelligent edge – Microsoft Azure Sphere is a new solution for creating highly-secured, Internet-connected microcontroller (MCU) devices. Azure Sphere includes three components that work together to protect and power devices at the intelligent edge: Azure Sphere certified microcontrollers (MCUs), Azure Sphere OS, and Azure Sphere Security Service.

  Microsoft Azure Sphere Leadership Vision – Microsoft product and business leaders introduce Azure Sphere, the latest IoT offering from Microsoft that extends security and new consumer experiences to a whole new class of devices at the intelligent edge.

• The 3 ways Azure improves your security – Learn how Azure provides value in three key areas – a secure foundation that is provided by Microsoft, built-in security controls to help you quickly configure security across the full-stack, and unique intelligence at cloud scale to help you safeguard data and respond to threats in real-time.
• Announcing new Azure Security Center capabilities at RSA 2018 – Azure Security Center provides centralized visibility of the security state of your resources and uses the collective intelligence from machine learning and advanced analytics to not only detect threats quickly but to help you prevent them. A new overview dashboard provides visibility into your security state from an organizational level instead of a subscription level, security configuration is now integrated into the virtual machine experience, new capabilities to reduce your exposure to threats and quickly detect and respond to threats, and new partner solutions from Palo Alto Networks and McAfee.
• Password-less Sign-In to Windows 10 & Azure AD using FIDO2 is coming soon (plus other cool news)! – A limited-preview of Password-less sign-in using a FIDO2 security key will available in the next update to Windows 10, which includes single-sign-on access to all your Azure AD protected cloud resources. Azure AD Conditional Access policies can now check device health as reported by Windows Defender Advanced Threat Protection. Azure AD access reviews, Privileged Identity Management and Terms of Use features are all now Generally Available. With the addition of domain allow and deny lists, Azure AD B2B Collaboration now gives you the ability to control which partner organizations you work with
• Streamlining GDPR requests with the Azure portal – The new Azure portal Data Subject Request (DSR) capability will help you to fulfill DSRs. Using it, you can identify information associated with a data subject and will be able to execute DSRs against system-generated logs (data Microsoft generates to provide a given service). Azure enables the fulfillment of DSRs against customer data (data you and your users upload or create) through pre-existing application programming interfaces (APIs) and user interfaces (UIs) across the breadth of services provided.
• Connect to the Intelligent Security Graph using a new API – Microsoft announced the public preview of a Security API empowers customers and partners to build on the Intelligent Security Graph. The Security API is part of the Microsoft Graph, which is a unified rest API for integrating data and intelligence from Microsoft products and services. The Security API opens up new possibilities for integration partners, such as Anomali, Palo Alto Networks, and PwC, to build with the Intelligent Security Graph. In addition, customers managed service providers, and technology partners, can leverage the Security APIs to build and integrate a variety of applications.

• Announcing new Microsoft Azure Information Protection policy decision point capabilities with Ionic Security – Files protected with Azure Information Protection (AIP) further enhance security for your sensitive files. With the integration of AIP and Azure Active Directory (AAD), conditional access can be set up to allow or block access to AIP protected documents or enforce additional security requirements such as Multi-Factor Authentication (MFA) or device enrollment based on the device, location or risk score of users trying to access sensitive documents. Azure Active Directory conditional access extensibility features help solve two of the biggest challenges customers face today: usability and policy consistency. Using Azure Active Directory conditional access extensibility features, we are building a model where the customer can choose to apply externalized policies per AIP label. Ionic Security’s cross-cloud Data Trust platform is the first such provider of external decision points to our new extensibility service.
• Tapping the intelligent cloud to make security better and easier – Conversations with customers have gone from asking ‘can we still keep our assets secure as we adopt cloud services?,’ to declaring, ‘we are adopting cloud services in order to improve our security posture.’ Learn more about the new technologies and programs that build on our unique cloud and intelligence capabilities to make it easier for enterprises to secure their assets from the cloud to the edge.

Now in preview

Preview: programmatically create Azure enterprise subscriptions using ARM APIs – As an Azure customer on Enterprise Agreement (EA), you can now create EA (MS-AZR-0017P) and EA Dev/Test (MS-AZR-0148P) subscriptions programmatically. To give another user or service principal the permission to create subscriptions billed to your account, give them Role-Based Access Control (RBAC) access to your enrollment account.

Now generally available

Azure DDoS Protection for virtual networks generally available – The Azure DDoS Protection Standard service, which is integrated with Azure Virtual Networks (VNet) and provides protection and defense for Azure resources against the impacts of DDoS attacks, is now generally available in all public cloud regions. Basic protection is integrated into the Azure platform by default and at no additional cost. Azure DDoS Protection Standard provides enhanced DDoS mitigation capabilities for your application and resources deployed in your virtual networks. To assist with establishing a well-vetted DDoS incident management response plan, we published the Best Practices & Reference Architecture guide.

Azure Service Fabric – announcing Reliable Services on Linux and RHEL support – Service Fabric is the foundational technology powering core Azure infrastructure as well as other Microsoft services such as Skype for Business, Intune, Azure Event Hubs, Azure Data Factory, Azure Cosmos DB, Azure SQL Database, Dynamics 365, and Cortana. Recently, we open sourced Service Fabric with the MIT license to increase opportunities for customers to participate in the development and direction of the product. Learn more about the release of Service Fabric runtime v6.2 and corresponding SDK and tooling updates.

Also generally available

• Azure Database for PostgreSQL
• Azure Database for MySQL
• Region expansion: Global VNet Peering

News & updates

Gartner recognizes Microsoft as a leader in enterprise integration – Gartner’s Magic Quadrant for Enterprise Integration Platform as a Service (eiPaaS), 2018 positions Microsoft as a leader and it reflects Microsoft’s ability to execute and completeness of vision. For more information, download Gartner’s Magic Quadrant for Enterprise Integration Platform as a Service (eiPaaS), 2018 today.

Spring Data Azure Cosmos DB: NoSQL data access on Azure – Microsoft's Spring Boot Starter with the Azure Cosmos DB SQL API enables developers to use Spring Boot applications that easily integrate with Azure Cosmos DB by using the SQL API. With Spring Data Azure Cosmos DB, Java developers now can get started quickly to build NoSQL data access for their apps on Azure. It offers a Spring-based programming model for data access, while keeping the special traits of the underlying data store with Azure Cosmos DB. Features of Spring Data Azure Cosmos DB include a POJO centric model for interacting with an Azure Cosmos DB Collection, and an extensible repository style data access layer.

Iterative development and debugging using Data Factory – There is increasingly a need among users to develop and debug their Extract Transform/Load (ETL) and Extract Load/Transform (ELT) workflows iteratively. Azure Data Factory (ADF) visual tools now enable you to do iterative development and debugging. Data Factory visual tools also enable you to do debugging until reaching a breakpoint you place in your pipeline canvas.

Recovery Services vault limit increased to 500 vaults per subscription per region – Scale limits for Azure Backup have been increased. Users can now create as many as 500 Azure Recovery Services vaults in each subscription per region. Also, the number of Azure virtual machines that can be registered against each vault has increased to 1,000, from an earlier limit of 200 machines under each vault.

Azure Marketplace new offers in March 2018 – In March, we published 55 new offers to the Azure Marketplace, which is the premier destination for all your software needs – certified and optimized to run on Azure. Find, try, purchase, and provision applications & services from hundreds of leading software providers.

Azure Backup now supports storage accounts secured with Azure Storage Firewalls and Virtual Networks – Azure infrastructure as a service (IaaS) virtual machine backup now supports network-restricted storage accounts. Use storage firewalls and virtual networks to allow traffic only from selected virtual networks and subnets. This helps you create a secure network boundary for your unmanaged disks in storage accounts. You can also grant access to on-premises networks and other trusted internet traffic by using network rules based on IP address ranges. With this announcement, you can perform scheduled and ad-hoc IaaS virtual machine backups and restores for virtual network-configured storage accounts.

Additional news & updates

• What's new in Azure DNS – Metrics and alerting
• What's new in Azure Log Analytics – April 2018
• Updates to global subscription filtering
• Deployment for Azure MySQL, Kubernetes Helm, and Ruby – VSTS Sprint 133 Update
• HTTP/2 support for Azure App Service is now available
• Configuration of TLS versions in App Service and Functions apps now available
• Name changes: Azure Cosmos DB, US Government regions, Cosmos DB, Azure SQL Database long-term backup retention, and Azure SQL Database long-term backup retention, US Government regions
• GUID migration: Azure Redis Cache, Azure Security Center, Linux support, Zone Redundant Storage, Azure Redis Cache, US Government regions, and GUID migration: Azure Security Center, US Government regions

Azure Friday

Azure Friday | Continuous integration and deployment using Azure Data Factory – Gaurav Malhotra joins Scott Hanselman to discuss how you can follow industry-leading best practices to do continuous integration and deployment for your Extract Transform/Load (ETL) and Extract Load/Transform (ELT) workflows to multiple environments such as Dev, Test, Prod, and more.

Azure Friday | Deploy Bitnami Node.js HA Cluster with Azure Cosmos DB – Rick Spencer joins Donovan to chat about deploying Bitnami Node.js High Availability with Azure Cosmos DB, a free listing in Azure Marketplace that uses ARM to automatically spin up a three-node Node.js cluster behind a load balancer with a shared file system and Azure Cosmos DB integration. See how you can quickly get a sample MEAN app from GitHub to a highly available production environment in the Azure cloud, with very little configuration or sysadmin knowledge required.

Technical content & training

Azure Advanced Threat Protection: CredSSP Exploit Analysis – In this blog, we provide network behavior analysis of the CredSSP exploitation of this vulnerability and the techniques it uses to propagate in the network. Additionally, we highlight how you can use Azure ATP to detect and investigate a variety of advanced cyberattack attempts.

Webcast: Microsoft Security Intelligence Report Volume 23—Breaking Botnets and Wrestling Ransomware – In this on-demand webcast, you’ll hear key insights and takeaways from the Security Intelligence Report Volume 23. Join us for a deep-dive analysis of the top threat trends we saw in 2017, learn about attack vectors, and get recommendations from a security industry veteran and a former CISO. You'll also learn how Microsoft took down the Gamarue botnet, and how you can stay vigilant against malware.

The Azure Podcast

The Azure Podcast | Episode 225 – Azure CXP – We talk to Jeremy Hollett, a Principal Service Engineering Manager, about the CXP organization and how it helps both Azure internally as well its customers, gain the ultimate in reliability. Evan also works for the same organization so the two of them share some good insights.

Events

Microsoft at PostgresConf US 2018 – As noted above, we released Azure Database for PostgreSQL to general availability last week. In this post, Rohan Kumar, Corporate Vice President, Azure Data, shares his thoughts about what we learned during the preview period, and about attending the 7th annual PostgresConf US 2018, which was held last week in Jersey City, New Jersey.

Automating Industrial IoT Security – This week, Microsoft is at Hannover Messe Industrie (HMI) 2018 in Hannover, Germany. Industrial IoT is the largest IoT opportunity. At Microsoft, we serve this vertical by offering an Industrial IoT Cloud Platform Reference Architecture, which we bundle into an open-source Azure IoT Suite solution called Connected Factory and launched it at HMI 2017 a year ago. In this post, learn about our continued collaboration with the OPC Foundation, the non-profit organization developing the OPC UA Industrial Interoperability Standard.

Customer and partners

Altair democratizes access to computer-aided engineering with Azure – Altair is democratizing access to CAE by building their Software-as-a-Service (SaaS) offerings on Microsoft Azure. In a case study we recently published, Altair describes how their HyperWorks Unlimited Virtual Appliance gives customers the combination of software and scale they need to quickly run their CAE workloads.

Azure tips & tricks

Underlying Software in Azure Cloud Shell

Use PowerShell with Azure Cloud Shell

Developer spotlight

Big Data & Analytics: Incorporate intelligence into your applications – Incorporating intelligence into your application, while processing big data and employing advanced analytics, is unfamiliar territory for many. The trouble is, the world of software development and those of big data and advanced analytics seem like they are light years apart. There are lots of choices to solve very different problems. They use different software stacks, different engineering approaches, and different terminology. Read this unified development white paper to learn how to solve common challenges in this space.

Azure SQL Data Warehouse Workload Patterns and Anti-Patterns – Confused about data mart vs. data warehouse vs. data lake. Read this guidance to understand what’s a good use case for a cloud data warehouse services and what’s not. We would like to clarify some of the concepts around RDBMS usage related to OLTP and OLAP workload, Symmetric Multiprocessing (SMP) and Massively Parallel Processing (MPP).

Azure SQL Data Warehouse Cheat Sheet – Azure SQL Data Warehouse lest you spin up a MPP architecture data warehouse in cloud in minutes and load TBs of data in hours. This cheat sheet provides helpful tips and best practices for building your Azure SQL Data Warehouse solution.

Azure Container Instances for Multiplayer Gaming – Azure Container Instances allow you to host and run Docker images without the hassle of maintaining underlying servers or learning new orchestration concepts. In this session, we will explore using Azure Container Instances, Event Grid and Azure Functions to host a scalable multiplayer backend, using the open source game OpenArena as an example, without any code changes to the existing backend service.

Git with Unity for Game Development – Unity is the ultimate game development platform. Git is the ultimate version control system. But Unity and Git don't always get along so well. How can Unity and Git interact better? We'll look at some best practices for using Unity with the Git version control system.

Continuously Test, distribute and monitor your game with App Center – Connect your repository and, within minutes, build in the cloud, test on thousands of real devices, distribute to beta testers and app stores, and monitor real-world usage with crash and analytics data. All in one place: Visual Studio App Center.

Claim over $2500 in free gaming services – Start building exceptional iOS and Android games with a promotional offer from PlayFab and Visual Studio App Center.

Source: Azure Blog Feed