Azure Security Announcements - September 2nd 2022

September 09, 2022

This week, there are 14 announcements related to Azure Security.

Headlines:

  • Azure Cache for Redis now supports authenticating storage account connections using managed identity
  • Leverage an assignment of a server or instance identity with user-assigned managed Identity in Azure Active Directory for Azure SQL Database and Managed Instance
  • Enable automatic key rotation for Customer Managed Key in Azure SQL Database and Azure SQL Managed Instance
  • Encrypt storage account with customer-managed keys (CMK) using an Azure Key Vault hosted on a different Azure Active Directory tenant
  • Ephemeral OS disk customers can choose encryption type between platform managed keys or customer managed keys for host-based encryption

All details below.

Azure App Configuration

Preview Features
App Service and Azure Functions now support referencing configuration key-values from the Azure App Configuration service. App Configuration provides central management of configuration key-values that can span resources and deployment environments. When defining an application setting or connection string within App Service and Azure Functions, instead of providing a direct value, you can now specify a key-value in an external Azure App Configuration store. The app uses its managed identity to resolve the value from the store and expose it as an environment variable to your application.

This initial preview does not yet include support for network-restricted configuration stores or for resolution of configuration store references to Key Vault. Referenced key-values are not yet refreshed automatically, and new values will only be pulled in when the app restarts as the result of another config change such as modifying an app setting.

Announcement | Documentation

Preview Features
Azure Storage Explorer now offers an extension for Azure App Configuration–you can now work with Azure App Configuration resources under your Azure subscriptions directly in Storage Explorer.

This means that with appropriate permissions, you can add, edit, or delete the key-values in your App Configuration store directly from the Storage Explorer.

Announcement | Documentation

Azure App Services

New Features
Enterprise-grade edge for Azure Static Web Apps is now generally available. Enable faster page loads, enhance security, and optimize reliability for your global applications. Enterprise-grade edge combines the capabilities of Azure Static Web Apps, Azure Front Door, and Azure Content Delivery Network (CDN) into a single secure cloud CDN platform.

Key features:

  • Global presence in 118+ edge locations across 100 metro cities
  • Caching assets at the edge
  • Proactive protection against Distributed Denial of Service (DDoS) attacks
  • Native support of end-to-end IPv6 connectivity and HTTP/2 protocol.
  • Optimized file compression.

Announcement | Documentation

Azure Communications Services

General Availability
Azure Communication Services now supports communication experiences for Teams identities. With this capability developers can build custom standalone applications that integrate audio, video, and telephony for Teams users.

For example, developers can build specialized line of business applications that enable calling experiences for Teams users directly into the app, develop new workflows for apps that require custom management of incoming and outgoing Teams phone calls, or even bring Teams calling capabilities into devices that are not supported with the standard Teams client.

With this functionality developers can now start creating custom apps that:

  • Make and receive Teams calls as a Teams user
  • Join Teams meeting as a Teams user
  • Manage incoming and outgoing phone calls based on Teams Phone System and integration with Teams auto attendants and call queues
  • Honor assigned Teams user policies

Announcement | Documentation

Azure Databricks

Preview Features
Unity Catalog is a unified and fine-grained governance solution for all data assets including files, tables, and machine learning models in your Lakehouse.

Unity Catalog helps simplify security and governance of your data with the following key features:

  • Define once, secure everywhere: Unity Catalog offers a single place to administer data access policies that apply across all workspaces and personas.
  • Standards-compliant security model: Unity Catalog’s security model is based on standard ANSI SQL and allows administrators to grant permissions at the level of catalogs, databases (also called schemas), tables, and views in their existing data lake using familiar syntax.
  • Built-in auditing: Unity Catalog automatically captures user-level audit logs that record access to your data

Announcement | Documentation

Azure IoT Edge

General Availability
The 1.4 version is the latest long-term servicing (LTS) release of IoT Edge. This release will be serviced with fixes for regressions and critical security issues through November 12, 2024. This release also marks the end of servicing for the 1.3 release which will no longer receive bug fixes or security patches. The release is based on 1.3 and brings the following improvements in addition to long-term servicing:

  • Automatic cleanup of unused Docker images
  • Ability to pass a custom JSON payload to DPS on provisioning
  • Ability to require all modules in a deployment be downloaded before (re)starting any
  • Use of the TCG TPM2 Software Stack which enables TPM hierarchy authorization values, specifying the TPM index at which to persist the DPS authentication key, and accommodating more TPM configurations

Announcement | Documentation

Azure Monitor

General Availability
As part of our continued commitment to open source solutions, we are announcing the general availability of Azure Managed Grafana, a managed service that enables you to run Grafana natively within the Azure cloud platform. With Azure Managed Grafana, you can seamlessly and securely connect with and scale to businesses’ existing Azure services, enhancing observability and cloud management.

In addition to the features announced during preview, with general availability, we’re introducing new capabilities that include the latest Grafana v9.0 features with its improved alerting experience as well as zone redundancy (in preview) and API key support.

Announcement | Documentation

General Availability
Change analysis is an observability tool that enables efficient issue triaging and root causing by centrally showing changes inside and outside of Azure web applications. Built on top of Azure resource graph, the capability securely stores resource and application configuration change data with added role-based access control (RBAC) rules on viewing sensitive information. Change analysis supports scalable queries across multiple subscriptions.

Several key change analysis capabilities and integrations have been released into general availability (GA).

  • Fully integrated into the Azure Monitor portal as a key data source for observability
  • Performance and scalability improvement for large queries on change data
  • Simplified change data presentations aggregated by subscription and resource-groups
  • Single pane of glass observability by integrating with existing workflows and tools:
  • Diagnose and solve problems
  • Activity log change history
  • Metrics drill-into-changelogs
  • Azure workbook

Announcement | Documentation

Azure Redis Cache

New Features
Azure Cache for Redis now supports authenticating storage account connections using managed identity. Identity is established through Azure Active Directory, and both system-assigned and user-assigned identities are supported. This allows you to establish trusted access to storage for uses including data persistence and importing/exporting cache data. Using managed identity to connect to storage account limits the need to manage storage keys and gives you tighter and more secure control over storage account access.

Announcement | Documentation

Azure SQL Database

General Availability
In late August 2022, the following updates and enhancements were made to Azure SQL:

  • Leverage an assignment of a server or instance identity with user-assigned managed Identity in Azure Active Directory for Azure SQL Database and Managed Instance.
  • Increase resiliency of Azure SQL Database Hyperscale by enabling zone redundant configuration.

Announcement | Documentation

Preview Features
In late August 2022, the following updates and enhancements were made to Azure SQL:

  • Enable automatic key rotation for Customer Managed Key in Azure SQL Database and Azure SQL Managed Instance.
  • Expand support to standard editions of SQL Server 2019 with link feature for Azure SQL Managed Instance.

Announcement | Documentation

Azure Storage

New Features
Azure Storage lifecycle management offers a rule-based policy that you can use to transition blob data to the appropriate access tiers or to expire data at the end of the data lifecycle. You can configure rules to move a blob to archive tier based on last modified condition. If you rehydrate a blob by changing its tier, this rule may move the blob back to the archive tier. This can happen if the last modified time is beyond the threshold set for the policy. Now you can add a new condition, daysAfterLastTierChangeGreaterThan, in your rules, to skip the archiving action if the blobs are newly rehydrated.

Announcement | Documentation

Preview Features
Today we are releasing the ability to encrypt storage account with customer-managed keys (CMK) using an Azure Key Vault hosted on a different Azure Active Directory tenant. You can use this solution to encrypt your customers’ data using an encryption key managed by your customers.

Announcement | Documentation

Azure Virtual Machines

Preview Features
Ephemeral OS disk customers can choose encryption type between platform managed keys or customer managed keys for host-based encryption. The default is platform managed keys. This feature would enable our customers to meet your organization's compliance needs.

Announcement | Documentation

Recommended content

Comments

Leave your comment