Infrastructure updates for Microsoft Azure – November 2023

There were a lot of updates this month with Micosoft Ignite happening mid-month. Here is a summary of some of the more important infrastructure updates for Microsoft Azure you might have missed:

Azure support for TLS 1.0 and TLS 1.1 will end by 31 October 2024 (11th November 2023)

Microsoft have announced that as they continue to look to provide best-in-class encryption and enhanced security, interactions with Azure services will need to be secured using Transport Layer Security (TLS) 1.2 or higher from the 31st October. TLS 1.0 and 1.1 do not support modern cryptographic algorithms and cipher suites. and were deprecated and not recommended for use since 2021. TLS 1.2, released in 2008, is faster and more secure than previous versions. TLS 1.3 is more improved again and was released in 2018. For those customes already using TLS 1.2 or higher, there is no impact, but for customers using TLS 1.0 and 1.1, you will need to transition before then.

Preview: Latency metrics for disks and performance metrics for temporary disks on Azure Virtual Machines (6th November 2023)

On the 6th November, Microsoft announced the introduction of latency monitoring (currently in preview) for OS, data, and temporary disks, utilizing the SCSI protocol by default. With this update, you can now monitor disk operation latency on OS, data, and temporary disks through Azure Monitor metrics. This update is important to customers running highly transactional workloads, like SAP Hana and OLTP databases, where latency is pivotal for read and write operations.

Public preview: Microsoft Copilot for Azure (Microsoft Ignite)

At Microsoft Ignite, Microsoft announced the preview of Copilot for Azure. An AI companion that streamlines cloud infrastructure management. Utilizing advanced language models and the Azure Resource Model, Copilot enhances understanding and control across Azure, from the cloud to the edge. Addressing the challenges of a growing cloud landscape, Copilot accelerates complex tasks, provides deep insights, and supports tasks such as design, operation, troubleshooting, and optimization. Integrated with Azure tools, Copilot ensures adherence to policies and security measures. It facilitates learning about Azure services, aids in cost optimization, offers metrics-based insights, assists with CLI scripting, provides support and troubleshooting guidance, and extends to hybrid management with Azure Arc. Developed responsibly, Copilot prioritizes data security, privacy, and compliance with Azure policies.

General Availability: Azure Boost (15th November, 2023)

Microsoft has announced the general availability of Azure Boost, an infrastructure solution that shifts server virtualization processes from the hypervisor and host operating system to purpose-built hardware and software. This offloading enhances network and storage performance at scale, bolsters security with an additional layer of logical isolation, and reduces maintenance impact during Azure software and hardware upgrades. Azure Boost allows customers to achieve storage throughput and IOPS, both remotely and locally, offering the fastest storage workloads. Additionally, users can attain up to 200 Gbps networking throughput, with experimental SKUs available for access to specific performance metrics.

Public preview: Private subnet (16th November, 2023)

Currently, virtual machines created in a virtual network without explicit outbound connectivity receive default outbound public IP addresses. Explicit outbound connectivity examples include assigned public IP address, belonging to a public load balancer back end pool or belonging to a subnet with a NAT gateway configured. Not having outbound connectivity defined can lead to issues like changeability, lack of subscription association, and challenges in troubleshooting.

To align with Azure’s “secure by default” model, which prioritizes strong security without extra steps, a new private subnet feature is introduced. This feature, by setting the “default outbound access” parameter to false, prevents insecure implicit connectivity for newly created subnets. Users can then choose their preferred method for explicit outbound connectivity to the internet. Read more about this update here.

Read more recent blogs

Get started on the right path to cloud success today. Our Crew are standing by to answer your questions and get you up and running.