Tune in today: Learn Live experts are ready to accelerate your skilling

There is a treasure trove of information available at Microsoft Learn, including self-paced lessons, assessments, and certifications waiting to be explored—for every skill level. Whether you’re kicking off your IT career or a seasoned pro looking to master new skills to stay competitive, anyone can get blocked on their path to educational growth. That’s where our interactive Learn Live video series comes to the rescue—Instructors with deep knowledge of Microsoft technology walk participants through a wide array of Microsoft Learn modules in real time and answer your questions live. It’s like having your own virtual tutor for anything Azure.

Many learners benefit from instantaneous communication and feedback. Whether you tune in live or watch the videos on demand, our 60-to-90-minute Learn Live episodes take the time to guide learners through lessons and provide guidance on Microsoft Learn modules. Have a nagging uncertainty about evaluating classification models? Don’t know where to begin implementing your Cosmos DB SQL API account? Glean insights from a live Q&A hosted by professionals—sometimes from the very engineers who built the solutions you’re studying.  From Azure engineers to program managers, cloud advocates, and technical trainers, our team of experts is available for your questions during the episode as well as after through social media.

Your learning path is waiting

If your goal is to get certified in your role, Learn Live sessions are your chance to practice technical skills in an interactive environment with Azure experts and other developers from around the world. Every episode is closed-captioned and offered in several languages. If you are restricted from watching live by time or location, know that after livestreaming each episode can be watched on-demand, and live airings are staggered to accommodate learners worldwide.

Register for one of our ongoing or upcoming series, or dive into our deep roster of previous episodes.

Current Learn Live series

Azure Core IaaS Study Hall

22 episodes; began Dec. 1, 2022, runs every week through May 18, 2023

Discover how to build infrastructure solutions with Azure infrastructure as a service (IaaS) services and products. Start maximizing the value of your IT investments by learning about highly secure, available, and scalable cloud services. Modernize your IT with enterprise-grade cloud infrastructure and migrate your apps with confidence.

Automate your Azure deployments by using Bicep and GitHub Actions

8 episodes; began Nov. 30, 2022, runs every week through Feb. 8, 2023

Gain all the benefits of infrastructure as code by using an automated workflow to deploy your Bicep templates and integrate other deployment activities with your workflows. You'll build workflows using GitHub Actions.

FastTrack for Azure, Live, and On-Demand Series

Beginning February 2023, runs every week through June 2023

Join expert Azure engineers in our regular virtual sessions, designed for Azure users to come together and discuss a specific Azure technology or theme in an interactive setting in a multi-customer, informal environment.

 

On-Demand Learn Live series (see complete list here)

FastTrack for Azure, Season 1

13 episodes, ran Sept. 13-Dec. 15, 2022

Accelerate your Azure solution implementation with hands-on exercises and demos. This on-demand series will cover a variety of Azure solution areas as directly requested by customers.

Build mobile and desktop apps with .NET MAUI

7 episodes, ran Sept. 7-Nov. 16, 2022

Learn how to use .NET MAUI to build apps that run on mobile devices and on the desktop using C# and Visual Studio. You'll learn the fundamentals of building an app with .NET MAUI and more advanced topics such as local data storage and invoking REST-based web services.

Create machine learning models with R and tidymodels

4 episodes, ran Sept. 2-Sept. 23, 2022

Explore and analyze data by using R, and get an introduction to regression models, classification models, and clustering models by using tidymodels and R.

Azure Hybrid Cloud Study Hall

14 episodes

Learn how to configure, deploy, and manage your hybrid cloud resources using services and hybrid cloud technologies, and walk through Microsoft Learn modules focused on Azure Arc and Azure Stack HCI. You will learn how to manage your on-premises, edge, and multicloud resources and deploy Azure services anywhere with Azure Arc and Azure Stack.

Use Bicep to deploy your Azure infrastructure as code

15 episodes

Discover how to deploy Azure resources by using Bicep, a language and set of tools to help you to deploy your infrastructure as code. Bicep makes your deployments more consistent and repeatable.

Run VMware workloads on Azure VMware Solution

3 episodes (launched at the VMware Solution Event 2022)

Work out how to easily extend your VMware workloads, skills, and tools to the cloud with Azure VMware Solution—the cloud service that lets you run VMware infrastructure natively on Azure.

Hybrid Infrastructure Study Hall

7 episodes

Hone your skills in configuring advanced Windows Server services using on-premises, hybrid, and cloud technologies, and walk through Microsoft Learn modules related to the new Windows Server Hybrid Administrator Associate certification.

Start your learning journey into Azure AI with a Helping Hand (powered by Women in AI)

3 episodes

 

No matter your previous AI knowledge, this series will take you through what is available in Azure AI, Computer Vision, and Conversational AI. Through a partnership with Microsoft Certified, you will be well on your way to taking the Azure AI Fundamentals certification exam.

Create microservices with .NET and ASP.NET

8 episodes

 

Create independently deployable, highly scalable, and resilient services using the free and open-source .NET platform. In addition, learn how to develop microservices with .NET and ASP.NET

Azure Cosmos DB certification study hall

 

24 episodes

 

Learn how to design, implement, and monitor cloud-native applications that store and manage data. Work on getting certified with the Azure Cosmos DB Developer Specialty certification.

Deploy your apps with Java on Azure using familiar tools and frameworks

3 episodes

 

Discover how you can build, migrate, and scale Java applications on Azure using the tools and frameworks you know and love, from Spring to Kubernetes to Java EE.

 

Additional video paths for growth

Learn Live is only part of the Microsoft Learn TV ecosystem—in other words, just one of the hit shows on the Learn TV network. Even with the extensive lineup of series provided by Learn Live, there is even more video content to discover on Learn TV.

Keep up to date on Azure tips, demos, and technical skill-building resources with episodes of Inside Azure for IT and stay on the forefront of key insights, tools, and best practices for optimizing all of your infrastructure for performance, cost efficiency, security, and reliability on Azure.

On the Azure Enablement Show, experts share technical advice, tips, and best practices to accelerate your cloud journey, build well-architected cloud apps, and optimize your solutions in Azure.

Finally, the SAP on Microsoft Azure video tutorial series provides technical guidance and enablement for customers and partners. Improve your cloud infrastructure skills with advanced guidance from Azure experts in this on-demand video series.
Quelle: Azure

Secure your application traffic with Application Gateway mTLS

I am happy to share that Azure Application Gateway now supports mutual transport layer security (mTLS) and online certificate status protocol (OCSP). This was one of the key questions from our customers as they were looking for more secure communication options for the cloud workloads. Here, I cover what mTLS is, how it works, when to consider it, and how to verify it in Application Gateway.

What is mTLS?

Mutual transport layer security (TLS) is a communication process where both parties verify and authenticate each other’s digital certificates prior to setting up an encrypted TLS connection. mTLS is an extension of the standard TLS protocol, and it provides an additional layer of security over TLS. With traditional TLS, the server is authenticated, but the client is not. This means that anyone can connect to the server and initiate a secure connection, even if the client or user is not authorized to do so. By using mTLS you can make sure that both the client and the server must authenticate each other prior to establishing the secure connection, this will make sure there is no unauthorized access possible on either side. mTLS works on the framework of zero trust—never trust, always verify. This framework ensures that no connection should be trusted automatically.

How does mTLS work?

mTLS works by using a combination of secure digital certificates and private keys to authenticate both the client and the server. The client and the server each have their own digital certificate and private key, which are used to establish trust and a secure connection. The client verifies the server's certificate, and the server verifies the client's certificate—this ensures that both parties are who they claim to be.

How are TLS and mTLS different?

TLS and mTLS protocols are used to encrypt network communication betweenclient and server. In TLS protocol only the client verifies the validity of the server prior to establishing the encrypted communication. The server does not validate the client during the TLS handshake. mTLS, on other hand, is a variation of TLS that adds an additional layer of security by requiring mutual authentication between client and server. This means that both the client and server must present a valid certificate before the encrypted connection can be established. This makes mTLS more secure than TLS as it adds an added layer of security by validating authenticity of client and server.

TLS call flow:

mTLS call flow:

 

When to consider mTLS

mTLS is useful where organizations follow a zero-trust approach. This way a server must ensure of the validity of the specific client or device that wants to use server information. For example, an organization may have a web application that employees or clients can use to access very sensitive information, such as financial data, medical records, or personal information. By using mTLS, the organization can ensure that only authorized employees, clients, or devices are able to access the web application and the sensitive information it contains.
Internet of Things (IoT) devices talk to each other with mTLS. Each IoT device presents its own certificate to each other to get authenticated.
Most new applications are working on microservices-based architecture. Microservices communicate with each other via application programming interfaces (APIs), by using mTLS you can make sure that API communication is secure. Also, by using mTLS you can make sure malicious APIs are not communicating with your APIs
To prevent various attacks, such as brute force or credential stuffing. If an attacker can get a leaked password or a BOT tries to force its way in with random passwords, it will be of no use—without a valid TLS certificate the attacker will not be able to pass the TLS handshake.

At high level now you understand what is mTLS and how it offers more secure communication by following zero trust security model. If you are new to Application Gateway and have never setup TLS in Application Gateway, follow the link to create APPGW and Backend Servers. This tutorial uses self-signed certificates for demonstration purposes. For a production environment, use publicly trusted CA-signed certificates. Once end-to-end TLS is set up, you can follow this link for setting up mTLS. To test this setup the prerequisite is to have OpenSSL and curl tool installed on your machine. You should have access to the client certificate and client private key.

Let’s dive into how to test mTLS Application Gateway. In the command below, the client's private key is used to create a signature for the Certificate Verify message. The private key does not leave the client device during the mTLS handshake.

Verify your mTLS setup by using curl/openssl

curl -vk https://<yourdomain.com> –key client.key –cert client.crt
<Yourdomain.com> -> Your domain address
client.key -> Client’s private key
client.crt -> Client certificate

In the above output, we are verifying if mTLS is correctly set up. If it is set up correctly, during the TSL handshake server will request the client certificate. Next, in the handshake, you need to verify if the client has presented a client certificate along with the Certificate Verify message. Since the client certificate was valid, the handshake was successful, and the application has responded with an HTTP "200" response.

If the client certificate is not signed by the root CA file that was uploaded as per the link in step 8, the handshake will fail. Below is the response we will get if the client certificate is not valid.

Alternatively, you can verify the mTLS connectivity with an OpenSSL command.

openssl s_client -connect <IPaddress> :443 -key client.key -cert client.crt

Once the SSL connection is established type as written below:

GET / HTTP/1.1

Host: <IP of host>

You should get the Response code—200. This validates that mutual authentication is successful.

Conclusion

I hope you have learned now what mTLS is, what problem it solves, how to set it up in Application Gateway and how to validate the setup.  It is one of the several great features of Application gateway that provides our customer with an extra layer of security for the various use cases that we have discussed above. One thing to note is that currently Application Gateway supports mTLS in frontend only (between client and Application gateway). If your backend server is expecting a client certificate during SSL negotiation between Application gateway and backend server, that request will fail. If you want to learn how to send certificates to backend application via http header please wait for our next blog of  mTLS series. In that blog I will go over how to use Rewrite feature to send the client certificate as http header. Also we will discuss how we can do OCSP validation of client certificate.
 

Learn more and get started with Azure Application Gateway

What is Azure Application Gateway | Microsoft Learn

Overview of mutual authentication on Azure Application Gateway | Microsoft Learn

Frequently asked questions about Azure Application Gateway | Microsoft Learn
Quelle: Azure

Roundup of AI breakthroughs by Microsoft and NVIDIA

In terms of AI developments, 2022 proved to be a banner year. AI production and usage increased and both deep learning and machine learning models steadily conquered increasingly complex problems. But AI evolution goes beyond impressive production and adoption levels to include breakthroughs in new computing methods, applications, and mega-scale supercomputers. Two of the leaders in this space are Microsoft Azure and NVIDIA and here are some of their most noteworthy achievements this year.

Massive cloud AI supercomputer for mega-sized AI models

The two computing giants are collaborating to provide one of the most powerful AI supercomputing platforms in the world. Powered by Microsoft Azure’s advanced supercomputing infrastructure combined with NVIDIA GPUs, networking, and the full stack of AI software, this cloud supercomputer will help enterprises train, deploy, and scale AI, including large, state-of-the-art models.

Azure is the first public cloud to incorporate NVIDIA’s advanced AI stack, adding tens of thousands of NVIDIA A100 and H100 GPUs, NVIDIA Quantum-2 400Gb/s InfiniBand networking, and the NVIDIA AI enterprise software suite to its platform.

This effort isn’t limited to spinning up better outputs in lean times—there’s also the need to advance knowledge and discoveries to benefit all of mankind’s endeavors and needs. All told, it’s an impressive AI system that performs at scales rarely imagined to be possible.

A quantum leap for AI-fueled scientific discoveries

AI can do far more than traditional data mining and advanced analytics. AI is dramatically changing scientific methods, handling complexities that a human mind cannot comprehend.

At Supercomputing 2022 (SC22), NVIDIA announced broad adoption of its next-generation H100 Tensor Core GPUs and Quantum-2 InfiniBand, including new offerings on Microsoft Azure cloud and over 50 new partner systems for accelerating scientific discovery.

H100 and Quantum-2 are part of NVIDIA’s high-performance computing (HPC) platform—a full technology stack with CPUs, GPUs, DPUs, systems, networking, and a broad range of AI and HPC software—that provides researchers the ability to efficiently accelerate their work on powerful systems, on-premises or in the cloud.

Microsoft Azure will be the first to offer NVIDIA Quantum-2 for HPC Workloads, providing a world-class supercomputing cloud infrastructure that allows researchers and scientists using Azure to achieve their life’s work.

Innovation is the lifeblood of all industries and this Microsoft Azure and NVIDIA breakthrough puts it at the fingertips of all users.

AI brings medical imagery diagnostics into sharper focus

A powerful collaboration between Microsoft Azure, NVIDIA, and the Nuance Precision Imaging Network puts AI-based medical image diagnostic tools directly into the hands of radiologists and other clinicians. This enables the capture of economies at scale, meaning patient care improves while costs drop.

A powerful collaboration between Microsoft Azure, NVIDIA, and the Nuance Precision Imaging Network puts AI-based medical image diagnostic tools directly into the hands of radiologists and other clinicians. This enables the capture of economies at scale, meaning patient care improves while costs drop. 

Powered by Microsoft Azure, the Nuance Precision Imaging Network provides access to an entire ecosystem of AI-powered tools and insights within clinical workflows to more than 12,000 healthcare facilities and the 80 percent of U.S. radiologists who use Nuance's PowerScribe radiology reporting and PowerShare image sharing solutions1. 

Mass General Brigham will be among the first to accelerate end-to-end AI model development and deployment in clinical workflows on the Nuance Precision Imaging Network.

Wrapping up the roundup

Azure collaborates with Hazy Research and NVIDIA to achieve unmatched MLPerf results. Azure-Hazy Research is the only submitter that reached below the 2-minute mark with BERT on 16 virtual machines.
Azure scales 530B Parameter GPT-3 Model with NVIDIA NeMo Megatron. Combining NVIDIA NeMo Megatron with Azure AI infrastructure offers a powerful platform that anyone can spin up in minutes without having to incur the costs and burden of managing their own on-premises infrastructure.
Azure and NVIDIA scored Top500 and Green500 ranking for AI purpose-built infrastructure
HPCwire bestowed Microsoft Azure and NVIDIA top awards in Best Use of HPC in Financial Services Editors’ Choice, Best AI Product or Technology—Readers’ Choice, and Best Use of High-Performance Data Analytics & Artificial Intelligence.
At Supercomputing 2022, Nidhi Chappell, General Manager, Microsoft Azure HPC + AI, and Ian Buck, VP/General Manager Hyperscale and HPC Computing, NVIDIA discussed game changers in AI and cloud infrastructure. And NVIDIA founder and CEO Jensen Huang shared the latest news, innovations, and technologies in NVIDIA’s SC22 Special Address.

Stay tuned for our 2023 advancements

Keep up to date with Microsoft and NVIDIA. Visit our HPCwire Solution Channel.

 

 

Sources: NVIDIA Teams With Microsoft to Build Massive Cloud AI Computer, NVIDIA news, November 16, 2022.
 
Quelle: Azure

Azure Red Hat OpenShift for Microsoft Azure Government—now generally available

Today we’re pleased to announce the general availability of Azure Red Hat OpenShift on Microsoft Azure Government. With this release, we are combining world-class Azure infrastructure with a leading enterprise Kubernetes platform as a jointly operated and supported service for Azure Government customers to run their containerized workloads in production.

Azure Red Hat OpenShift (ARO) on Azure Government enables compliance with strict government regulations and certifications, such as FedRAMP and CJIS, which makes it a secure and compliant option for running containerized workloads at production scale. Agencies can take advantage of the stringent security and compliance features of Azure Government and leverage the flexibility and scalability of OpenShift.

Azure Red Hat OpenShift for Azure Government includes key IT security and regulatory certifications, including:

FedRAMP High Authorization.
International Traffic in Arms Regulations (ITAR).
Defense Federal Acquisition Regulation Supplement (DFARS).
Internal Revenue Service (IRS) 1075 forms.
Criminal Justice Information Services (CJIS).

As a managed service, Azure Red Hat OpenShift also offers several benefits for agencies looking to innovate, including:

Scalability: OpenShift provides automatic scaling, self-healing, and rolling updates, which help to ensure that applications can handle increased loads and recover from failures quickly.
Flexibility: OpenShift allows developers to use their preferred languages, frameworks, and tools to build and deploy containerized applications, making it easy to work with existing applications and technologies.
Enterprise-grade management: OpenShift provides a centralized management console, role-based access control, and built-in monitoring and logging, making it easy for IT teams to manage and troubleshoot containerized applications.
Interoperability: Azure Red Hat OpenShift runs on top of Azure and integrates with other Azure services, such as Azure Database for PostgreSQL, Azure Cosmos DB, and Azure Virtual Network, making it easy to build and deploy applications that leverage the full range of Azure services.
Support: Azure Red Hat OpenShift is a jointly managed product, which means that it is supported by both Microsoft and Red Hat, providing customers with access to the expertise and resources of both companies.

Launched in 2019, Azure Red Hat OpenShift was the first codeveloped, jointly operated Red Hat OpenShift service on the public cloud, offering a powerful on-ramp to the hybrid cloud by extending the same enterprise-grade Kubernetes used in private datacenters to the scale of Microsoft Azure.

Get started with Azure Red Hat OpenShift

Kickstart your Azure Red Hat OpenShift journey in Azure Government.
Check out our documentation and the tutorial on how to create an Azure Red Hat OpenShift 4 cluster.
Stay in touch with us on our GitHub and follow our roadmap.
Connect with us on Q&A, we would love to hear from you.

Quelle: Azure

Scale Azure Firewall SNAT ports with NAT Gateway for large workloads

This post was co-authored by Suren Jamiyanaa, Product Manager II, Azure Networking.

As large organizations across all industries expand their cloud business and operations, one core criteria for their cloud infrastructure is to make connections over the internet at scale. However, a common outbound connectivity issue encountered when handling large-scale outbound traffic is source network address translation (SNAT) port exhaustion. Each time a new connection to the same destination endpoint is made over the internet, a new SNAT port is used. SNAT port exhaustion occurs when all available SNAT ports run out. Environments that often require making many connections to the same destination, such as accessing a database hosted in a service provider’s data center, are susceptible to SNAT port exhaustion. When it comes to connecting outbound to the internet, customers need to not only consider potential risks such as SNAT port exhaustion but also how to provide security for their outbound traffic.

Azure Firewall is an intelligent security service that protects cloud infrastructures against new and emerging attacks by filtering network traffic. All outbound internet traffic using Azure Firewall is inspected, secured, and undergoes SNAT to conceal the original client IP address. To bolster outbound connectivity, Azure Firewall can be scaled out by associating multiple public IPs to Azure Firewall. Some large-scale environments may require manually associating up to hundreds of public IPs to Firewall in order to meet the demand of large-scale workloads, which can be a challenge to manage long-term. Partner destinations also commonly have a limit on the number of IPs that can be whitelisted at their destination sites, which can create challenges when Firewall outbound connectivity needs to be scaled out with many public IPs. Without scaling this outbound connectivity, customers are more susceptible to outbound connectivity failures due to SNAT port exhaustion.

This is where network address translation (NAT) gateway comes in. NAT gateway can be easily deployed to an Azure Firewall subnet to automatically scale connections and filter traffic through the firewall before connecting to the internet. NAT gateway not only provides a larger SNAT port inventory with fewer public IPs but NAT gateway’s unique method of SNAT port allocation is specifically designed to handle dynamic and large-scale workloads. NAT gateway’s dynamic allocation and randomized selection of SNAT ports significantly reduce the risk of SNAT port exhaustion while also keeping overhead management of public IPs at a minimum.

In this blog, we’ll explore the benefits of using NAT Gateway with Azure Firewall as well as how to integrate both into your architecture to ensure you have the best setup for meeting your security and scalability needs for outbound connectivity.

Benefits of using NAT Gateway with Azure Firewall

One of the greatest benefits of integrating NAT gateway into your Firewall architecture is the scalability that it provides for outbound connectivity. SNAT ports are a key component to making new connections over the internet and distinguishing different connections from one another coming from the same source endpoint. NAT gateway provides 64,512 SNAT ports per public IP and can scale out to use 16 public IP addresses. This means, when fully scaled out with 16 public IP addresses, NAT gateway provides over 1 million SNAT ports. Azure Firewall, on the other hand, supports 2,496 SNAT ports per public IP per virtual machine instance within a virtual machine scale set (minimum of 2 instances). This means that to achieve the same volume of SNAT port inventory as NAT gateway when fully scaled out, Firewall may require up to 200 public IPs. Not only does NAT gateway offer more SNAT ports with fewer public IPs, but these SNAT ports are allocated on demand to any virtual machine in a subnet. On-demand SNAT port allocation is key to how NAT gateway significantly reduces the risk of common outbound connectivity issues like SNAT port exhaustion.

NAT gateway also provides 50 Gbps of data throughput for outbound traffic that can be used in line with a standard SKU Azure Firewall, which provides 30 Gbps of data throughput. Premium SKU Azure Firewall provides 100 Gbps of data throughput.

With NAT gateway you also ensure that your outbound traffic is entirely secure since no inbound traffic can get through NAT gateway. All inbound traffic is subject to security rules enabled on the Azure Firewall before it can reach any private resources within your cloud infrastructure.

To learn more about the other benefits that NAT gateway offers in Azure Firewall architectures, see NAT gateway integration with Azure Firewall.

How to get the most out of using NAT Gateway with Azure Firewall

Let’s take a look at how to set up NAT gateway with Azure Firewall and how connectivity to and from the internet works upon integrating both into your cloud architecture.

Production-ready outbound connectivity with NAT Gateway and Azure Firewall

For production workloads, Azure recommends separating Azure Firewall and production workloads into a hub and spoke topology. Introducing NAT gateway into this setup is simple and can be done in just a couple short steps. First, deploy Azure Firewall to an Azure Firewall Subnet within the hub virtual network (VNet). Attach NAT gateway to the Azure Firewall Subnet and add up to 16 public IP addresses and you’re done. Once configured, NAT gateway becomes the default route for all outbound traffic from the Azure Firewall Subnet. This means that internet-directed traffic (traffic with the prefix 0.0.0.0/0) routed from the spoke Vnets to the Hub Vnet’s Azure Firewall Subnet will automatically use the NAT gateway to connect outbound. Because NAT gateway is fully managed by Azure, NAT gateway allocates SNAT ports and scales to meet your outbound connectivity needs automatically. No additional configurations are required.

 

Figure: Separate the Azure Firewall from the production workloads in a hub and spoke topology and attach NAT gateway to the Azure Firewall Subnet in the hub virtual network. Once configured, all outbound traffic from your spoke virtual networks is directed through NAT gateway and all return traffic is directed back to the Azure Firewall Public IP to maintain flow symmetry. 

How to set up NAT Gateway with Azure Firewall

To ensure that you have set up your workloads to route to the Azure Firewall Subnet and use NAT gateway for connecting outbound, follow these steps:

Deploy your Firewall to an Azure Firewall Subnet within its own virtual network. This will be the Hub Vnet.
Add NAT gateway to the Azure Firewall Subnet and attach at least one public IP address.
Deploy your workloads to subnets in separate virtual networks. These virtual networks will be the spokes. Create as many spoke Vnets for your workload as needed.
Set up Vnet peering between the hub and spoke Vnets.
Insert a route to the spoke subnets to route 0.0.0.0/0 internet traffic to the Azure Firewall.
Add a network rule to the Firewall policy to allow traffic from the spoke Vnets to the internet.

Refer to this tutorial for step-by step guidance on how to deploy NAT gateway and Azure Firewall in a hub and spoke topology.

Once NAT gateway is deployed to the Azure Firewall Subnet, all outbound traffic is directed through the NAT gateway. Normally, NAT gateway also receives any return traffic. However, in the presence of Azure Firewall, NAT gateway is used for outbound traffic only. All inbound and return traffic is directed through the Azure Firewall in order to ensure traffic flow symmetry.

FAQ

Can NAT gateway be used in a secure hub virtual network architecture with Azure Firewall?

No, NAT gateway is not supported in a secure hub (vWAN) architecture. A hub virtual network architecture as described above must be used instead.

How does NAT gateway work with a zone-redundant Azure Firewall?

NAT gateway is a zonal resource that can provide outbound connectivity from a single zone for a virtual network regardless of whether it used with a zonal or zone-redundant Azure Firewall. To learn more about how to optimize your availability zone deployments with NAT gateway, refer to our last blog.

Benefits of NAT Gateway with Azure Firewall

When it comes to providing outbound connectivity to the internet from cloud architectures using Azure Firewall, look no further than NAT gateway. The benefits of using NAT gateway with Azure Firewall include:

Simple configuration. Attach NAT gateway to the Azure Firewall Subnet in a matter of minutes and start connecting outbound right away. No additional configurations required.
Fully managed by Azure. NAT gateway is fully managed by Azure and automatically scales to meet the demand of your workload.
Requires fewer static public IPs. NAT gateway can be associated with up to 16 static public IP addresses which allows for easy whitelisting at destination endpoints and simpler management of downstream IP filtering rules.
Provides a greater volume of SNAT ports for connecting outbound. NAT gateway can scale to over 1 million SNAT ports when configured to 16 public IP addresses.
Dynamic SNAT port allocation ensures that the full inventory of SNAT ports is available to every virtual machine in your workload. This in turn helps to significantly reduce the risk of SNAT port exhaustion that is common with other SNAT methods.
Secure outbound connectivity. Ensures that no inbound traffic from the internet can reach private resources within your Azure network. All inbound and response traffic is subject to security rules on the Azure Firewall.
Higher data throughput. A standard SKU NAT gateway provides 50 Gbps of data throughput. A standard SKU Azure Firewall provides 30 Gbps of data throughput.

Learn more

For more information on NAT Gateway, Azure Firewall, and how to integrate both into your architectural setup, see:

What is Azure Virtual Network NAT?
Azure Firewall documentation.
Scale SNAT ports with Azure Virtual Network NAT.
Integrate NAT gateway with Azure Firewall in a hub and spoke network.

Quelle: Azure

Microsoft named a Leader in the IDC MarketScape: Worldwide MLOps Platforms 2022 Vendor Assessment

We’re excited to share that Microsoft has been recognized as a Leader in the IDC MarketScape Worldwide Machine Learning Operations (MLOps) Platforms 2022 Vendor Assessment. Microsoft holds a deep understanding of MLOps market trends, strong customer adoption, broad partner ecosystem, and continued product investments in building a differentiated MLOps platform.

The report cited several key strengths including product and business capabilities across the entire machine learning (ML) lifecycle as well as an expansive customer footprint and partner network. 

"Microsoft provides a wide array of enterprise-grade MLOps tools for quality and compliance that can augment any ML development environment on-premises, across clouds, or in a hybrid cloud environment." —IDC MarketScape: Worldwide Machine Learning Operations Platforms 2022 Vendor Assessment

Source: "IDC MarketScape: Worldwide Machine Learning Operations Platforms 2022 Vendor Assessment", By: Kathy Lange, Raghunandhan Kuppuswamy, and David Schubmehl, December 2022, IDC #US48325822.

Do more with less with MLOps on Azure

While machine learning becomes more mainstream across industries, there are many challenges like data governance, security, data compliance, and auditability that companies need to consider when productionizing machine learning models. These organizations look to a unified machine learning platform to manage the entire ML lifecycle to bring models to production faster and at scale, improving operational efficiencies of data science teams with MLOps. At Microsoft, we consider MLOps as a philosophy rather than a product and, as such, our approach incorporates people, processes, and platform to deliver continuous value with fewer resources for machine learning. MLOps bring benefits to organizations by automating repeatable actions, facilitating collaboration across teams, and ensuring full visibility and reproducibility into the end-to-end ML lifecycle.

Azure Machine Learning helps data scientists and ML engineers streamline training, deployment, and management of thousands of models across on-premises, multicloud, and even at the edge using native MLOps capabilities such as model registry, CI/CD pipelines with deep integration with Azure DevOps and GitHub, managed online endpoints for real-time inference, and experiment tracking and lineage with MLflow. PepsiCo has been using MLOps capabilities in Azure Machine Learning to automate model creation and deployment and analyze store customer data to respond to customer demand more efficiently. In fact, they have succeeded in eliminating 4,300 days of manual work a year.

Enhance collaboration across the organization

We believe machine learning is a team sport that requires collaboration across people with a different range of skill sets, such as data scientists, machine learning engineers, and IT admins. One of the key features mentioned in the report is that Azure Machine Learning enables greater collaboration across multiple data science teams through registries. Registries in Azure Machine Learning are organization-wide repositories of machine learning assets: models, environments, and components. Registries make multi-environment MLOps easier by helping teams share and reuse models developed in a different workspace, by a different team without manually copying them over.

Another feature that fosters collaboration between data scientists and business professionals is the Responsible AI dashboard and scorecard, a single interface to help organizations implement Responsible AI in practice effectively and efficiently. The Responsible AI scorecard helps contextualize the model and data health insights with both technical and non-technical audiences, bringing stakeholders along as well as assisting in compliance reviews. Microsoft is committed to accelerating our innovations in Responsible AI.

Microsoft is proud to be recognized as a Leader in the IDC MarketScape Worldwide MLOps Platforms 2022 Vendor Assessment, and we are excited by innovations happening at Microsoft and across the industry that empower data scientists and machine learning engineers to fully operationalize the ML lifecycle. You can read and learn from the report excerpt.

Learn more

Explore other analyst reports for Azure AI.
Read the latest feature announcements from Azure Machine Learning on the Tech Community blog.
Download an excerpt of the IDC Marketscape Worldwide MLOps Platforms 2022 Vendor Assessment to learn why Microsoft is named a Leader.

 

 

About the graphic:

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market, and business execution in the short term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the circles. Vendor year-over-year growth rate relative to the given market is indicated by a plus, neutral, or minus next to the vendor name.
Quelle: Azure

Azure high-performance computing powers energy industry innovation

Azure high-performance computing provides a platform for energy industry innovation at scale.

The rising demand for energy

Global energy demand has rapidly increased over the last few years and looks set to continue accelerating at such a pace. With a booming middle class, economic growth, digitization, urbanization, and increased mobility of populations, energy suppliers are in a race to leverage the development of new technologies that can more optimally and sustainably generate, store, and transport energy to consumers.

With the impact of climate change adding urgency to minimizing energy waste, in addition to optimizing power production leaders in the renewable energy as well as oil and gas industries are accelerating sector-wide innovation initiatives that can drive differentiated impact and outcomes at scale.

As the population of developing countries continues to expand, the energy needs of billions of additional people in rural and especially urban areas will need to be catered to. McKinsey estimates that global energy consumption will triple by 2050, with oil and gas accounting for 65 percent of power consumption by then.

In addition, supplies of conventional oil and gas are also expected to decline in the not-too-distant future, shrinking in concentration to mostly the Middle East (oil) and countries like Russia, Iran, and Qatar (gas). As a result, the transition to more sustainable sources of power is leading global energy producers to leverage next-generation technologies to transform their solutions while simultaneously optimizing their operations.

New innovators in the renewable energy industry are also adopting next-generation technologies such as artificial intelligence (AI), advanced analytics, 3-D imaging, and the internet of things (IoT), supported by high-performance computing (HPC) capabilities, to maximize energy production and ensure a smoother transition to a more sustainable path.

Optimizing operational excellence in the energy industry

Instead of investing in complex, costly, and time-intensive on-premises resources, global energy leaders are leveraging the power of cloud capabilities such as Azure HPC + AI, to simulate highly complex, large-scale models and visualize seismic imaging and modeling, resulting in huge economic gains.

One of the key innovations enabling this strategic advantage is the dynamic scaling capability of Azure HPC + AI, powered by GPUs, which are ideal for running remote visualization, optimized virtual machines, and can be augmented with deep learning and predictive analytics, allowing customers to have on-demand intelligent computing to solve complex problems and drive tangible business outcomes.

Energy multinational bp, for example, believes technology innovation is the key to making a successful transition to net zero. The company chose to create digital twins to find opportunities for optimization and carbon reduction.

Drawing on over 250 billion data signals from an IoT network spanning bp's global operating assets, the company identified various opportunities to scale the digital twin solution to its entire operating base and reduce emissions by as much as 500,000 tons of CO2 equivalent every year.

Going green—Energy industry innovation abounds

The green energy sector is also grabbing hold of the opportunity presented by these exponential technologies to speed up the journey toward a more sustainable energy ecosystem.

Italian energy infrastructure operator Snam is harnessing Azure AI and a full stack of Azure IoT services to reduce carbon emissions and help meet its net-zero targets. Energy efficiency is top of the company's agenda. Snam aims to cut methane emissions by 55 percent by 2025, reach net zero by 2040, and exclusively transport decarbonized gas by 2050.

With any leakage in its operations posing a threat to field workers, maintenance staff, and people living near their network—not to mention the environment—Snam deployed an IoT network for real-time monitoring and to enhance its data collection and processing capabilities.

For wind energy solutions provider Vestas Wind Systems, a combination of Azure HPC and partner Minds.ai's machine learning platform, DeepSim, helped its wind farms mitigate the wake effect, generate more energy, and build a sustainable energy future.

Drawing on the Azure HBv3 virtual machines using third-generation AMD EPYCTM processors, Vestas can scale up and run millions of complex simulations that inform how controllers adjust turbines to optimize energy production.

The computing power offered by the AMD-based Azure HBv3 nodes allows Vestas to drive efficiencies that have the potential to unlock significantly more power and higher profits for wind farm operators by minimizing the estimated 10 percent of wind energy that is lost to wake effects.

Key takeaways

As the energy industry eyes a period of unprecedented growth and change, the role of technology will become ever more profound.

Leveraging powerful Microsoft Cloud capabilities such as HPC, AI, advanced analytics, big data, and IoT, the integrated advanced technology capabilities that have previously been the reserve of only a handful of the largest companies are now truly available to anyone.

Supported by these powerful next-generation technologies, energy companies can unlock greater efficiency, innovation, and growth to achieve gains across their operations and drive the world towards a brighter energy future.

Learn more

To learn more about Microsoft Azure HPC + AI for energy.
Request a demo or contact HPCdemo@microsoft.com.

Quelle: Azure

Azure Native NGINXaas makes traffic management secure and simple—now generally available

Continuing Microsoft Azure’s commitment to empower our ISV partners and customers to adopt and modernize their application of choice and run in the cloud, we are excited to announce general availability (GA) of the NGINXaaS offering on Azure.

In facilitating the cloud transformation journey for cloud architects, developers, IT professionals, and business decision makers who are all working towards their digital transformations, we are expanding on our more than a decade of partnership with F5, the company behind NGINX to provide a deeper integration of NGINX into the Azure ecosystem.

NGINX provides load balancing, traffic management, and security tools for users to configure and manage the incredibly complex make-up of the architectures traffic patterns on their cloud and on-premises environments.

“We are excited to expand our Azure ecosystem with the General availability of NGINX for Azure. This strategic partnership with F5 immediately brings together the power of Azure and NGINX’s application delivery expertise to give our developers and customers more native options on Azure.”—Julia Liuson President, Microsoft Developer Division.

Do more with less

Based on inputs from customers in the Open Source world and other users of the NGINX offering, we worked with F5 to simplify the infrastructure management and provide a seamless experience by integrating the deployment, billing, and support of the NGINX solution on the Azure cloud platform, available via the Azure Marketplace.

By taking the management burden away from the user as part of the managed offering, the customer can now focus on the core elements of their business while the custodians of the NGINX and Azure offering bring our strengths to provide a fully managed, secure, and reliable NGINX offering on Azure.

The deep integration into the Azure Control plane also provides another layer of optimization by promoting all the latest relevant features from the Azure Platform to be automatically available to this service.

Deploying and managing load balancer and traffic manager on Azure

The service integrates the NGINX offering into the Azure Control plane. Through this integration, customers can provision a new NGINX service and configure their Azure resources to seamlessly extend workloads to the cloud and deliver secure and high-performance applications using the familiar and trusted load balancing solution. This gives the user consistency in performance and security across their ecosystem via a one-click deployment. In addition, the customers can manage all of the advanced traffic management features they demand, including JSON Web Token authentication and integrated security, to name a few.

Lift and shift from existing deployments

The integrated offering makes it very easy to migrate application delivery from on-premises to Azure cloud. Enterprises and users can now lift and shift apps to Azure cloud seamlessly by bringing their own or existing configurations of NGINX and deploying them from the Azure portal or Marketplace. Users can then configure advanced traffic management and security, leverage state-of-the-art monitoring capabilities, and port custom configurations.

Unified experience

Build end-to-end traffic management solutions with a unified experience. This service gives the user consistency in performance and security across their portfolio of on-premises and Azure cloud apps by using the same load balancing solution and configurations everywhere via the one-click step deployment.

Secure deployments

The ability to control traffic via virtual networks is a critical consideration for our customers. With this integration, users can seamlessly manage configurations between their own virtual network and the NGINX Cloud virtual network via a custom solution leveraging service, Injection. This is further complemented with unified billing for the NGINX service through Azure subscription invoicing.

Getting started with Azure Native NGINX Service:

Discovery and procuring: Azure customers can find the service listed on Azure Marketplace and review the different purchasing plans offered, and purchase it directly with single billing enabled.

Provisioning the NGINX resources: Within several clicks, you can deploy NGINX service in your desired subscription and datacenter regions with your preferred plan.

In Azure Portal experience: Configure the NGINX Networking components:

Configuring logs and metrics: Customers can determine which Azure resource logs and metrics are sent to the NGINX resource.

Learn more

Introducing F5 NGINX for Azure: An Azure Native SaaS Solution for Modern App Delivery.
A Comprehensive Guide to F5 NGINX for Azure: How to get the most out of Azure Native SaaS Solution for Modern App Delivery.
Introducing F5 NGINX for Azure.

Quelle: Azure

Microsoft Azure Load Testing is now generally available

This blog has been coauthored by Ashish Shah, Partner Director of Engineering, Azure Developer Experience.

We are announcing the general availability of Azure Load Testing. Azure Load Testing is a fully managed load-testing service that enables you to generate high-scale load, gain-actionable insights, and ensure the resiliency of your applications and services regardless of where they're hosted. Developers, testers, and engineering teams can use it to optimize application performance, scalability, or capacity.

Get started with Azure Load Testing now, by quickly creating a load test for your web application by using a URL. If you already have load tests leveraging JMeter, you can easily get started by reusing existing Apache JMeter test scripts.

Building resiliency testing into developer workflows

Our goal at Microsoft is to help developers do more with less effort. When performance, scalability, or resiliency issues are identified in production or even close to production they can be extremely difficult and costly to resolve. With Azure Load Testing developers can catch issues closer to code authoring time as part of their developer workflows saving them valuable time and energy.

“As part of our quality shift left initiatives, the Cloud Ecosystem Security teams were able to prevent multiple unique load related bugs from reaching production by gating production builds using Azure Load Testing as part of our CI/CD pipeline. The service teams have also combined the load from Azure Load Testing with fault injection scenarios from Azure Chaos Studio to replicate, root cause and prevent non happy path scenarios that are hard to catch using regular testing frameworks. Along with service resiliency validation, Azure Load Testing has helped uncover the bounds of the distributed system and saved us costs by eliminating unused resources and frameworks.”—Microsoft Cloud Ecosystem Security engineering team

“The Azure Synapse team uses Azure Load Testing to generate different levels of workloads from high concurrency to large input data sequential execution targeting Synapse SQL Serverless endpoints. With the flexibility of JMeter we can start/stop other services within a cluster that can inject different failures, thus truly testing the resiliency of our service.”—Microsoft Azure Synapse engineering team

Pay only for what you need

Optimize your infrastructure while ensuring your application and services are resilient to severe spikes in customer traffic. Leverage Azure Load Testing to optimize your infrastructure before production, planning for the customer traffic you are expecting, paying only for what you need. Then leverage Azure Load Testing to test for unplanned increases in load.

Figure 1: Easily scale load in Azure Load Testing to check the resiliency of your applications and services.

Regression testing

For Azure-based applications, Azure Load Testing collects detailed resource metrics to help you identify performance bottlenecks across your Azure application components. You can automate regression testing by running load tests as part of your continuous integration and continuous deployment (CI/CD) workflow.

 

Figure 2: Build Load Testing into your developer workflow with pass/fail criteria.

Azure-specific insights can help you understand how different load scenarios impact all the parts of your application, and you can compare test results across different load tests to understand behavior changes over time.

Azure Load Testing creates monitoring data using Azure Monitor, including Application insights and Container insights, to capture details from the Azure services. Depending on the type of service, different metrics are available. For example, the number of database reads, the type of HTTP responses, or container resource consumption. Both client-side and server-side metrics are available in the Azure Load Testing dashboard.

Figure 3: Get performance insights across client and Azure service side metrics with Azure Load Testing.

Enable advanced load testing scenarios

For more advanced load testing scenarios, you can create a JMeter-based load test, a popular open-source load and performance tool. For example, your test plan might consist of multiple application requests, or input data and parameters to make the test more dynamic. And if you already have existing JMeter test scripts you can reuse them to create load tests with Azure Load Testing.

Figure 4: Azure Load Testing architecture overview.

What has changed since preview?

Since we debuted Azure Load Testing, we have enabled several new capabilities based on customer feedback.

Quick test creation

Quick test creation of Azure Load Testing with URL. Quick test creation lets you create a load test without a JMeter script, enabling you to set up, run, and test your URL in less than five minutes.

Azure SDK Load Testing Libraries

.NET Azure Load Testing Library
Java Azure Load Testing Library
JavaScript Azure Load Testing Library
Python Azure Load Testing Library

JMeter capabilities

Support for user specified JMeter properties. Support for user-specified JMeter properties, making load tests more configurable.
Splitting input data across multiple test engines. If you're using CSV data in your JMeter script, you can process the input data in parallel across multiple test engines. Azure Load Testing enables you to configure a test to split the data evenly across all engine instances.

Authentication, user-managed identities, and customer-managed keys

Authenticate with Client Certificates. Azure Load Testing now enables you to authenticate application endpoints which require a client certificate.
Test Private Endpoints or applications hosted on-premises. Azure Load Testing enables you to test private application endpoints or applications that you host on-premises.
System assigned and user-assigned managed identities. Azure Load Testing now supports both system-assigned and user-assigned managed identities.
Customer managed keys. Azure Load Testing support for customer-managed keys.

Additional metrics

Additional Client-side metrics for pass/fail criteria. Azure Load Testing enables you to leverage pass/fail criteria metrics including additional client-side metrics of requests per second and latency.
View load engine metrics. Ability to view engine health metrics to understand the performance of the test engine during the run, enabling confidence in the test results and improve test configuration.

Compliance and regional availability

Azure Load Testing is HITRUST certified.
Azure Load Testing Regional availability. Azure Load Testing is now available in 11 regions; Australia East, East Asia, East US, East US2, North Europe, South Central US, Sweden Central, UK South, West Europe, West US2, and West US3.

Get started with Azure Load Testing

You can get started with Azure Load Testing by creating an Azure Load Testing resource in the Azure portal. Check out the Azure Load Testing documentation and create your first load test.

Learn more about pricing details on the Azure Load Testing pricing page.

Watch the new DevOps Lab episode, "What's new in Azure Load Testing?"

Azure Load Testing on DevOps Lab

Figure 5: What’s new in Azure Load Testing with April Edwards and Nikita Nallamothu.

Share your feedback

We’d love to hear from you through our feedback forum.
Quelle: Azure

Microsoft Cost Management updates—January 2023

Whether you're a new student, a thriving startup, or the largest enterprise, you have financial constraints and you need to know what you're spending, where it’s being spent, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Microsoft Cost Management comes in.

We're always looking for ways to learn more about your challenges and how Microsoft Cost Management can help you better understand where you're accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

Manage your Enterprise Agreement billing account in the Azure portal.
Recent and pinned views in the Cost analysis preview.
Consistent global pricing for the Microsoft Cloud.
Help shape the future of invoice experiences.
Help shape the future of cost management for cloud services.
What's new in Cost Management Labs.
New ways to save money with Microsoft Cloud.
New videos and learning opportunities.
Documentation updates.

Let's dig into the details.

Manage your Enterprise Agreement billing account in the Azure portal

In March, we announced the general availability of the Enterprise Agreement (EA) billing experience in the Azure portal for direct customers working with Microsoft. Now that same experience is generally available for our indirect customers working with partners. All the same EA tools are available from Cost Management and Billing in the Azure portal:

Seamlessly create and manage departments, accounts, and subscriptions.
Manage access to departments, accounts, and subscriptions.
View properties and manage policies, like the ability to view charges and purchase reservations.
View notification contacts for enrollment emails.
View your monthly Azure usage and charges.
Generate and manage API access keys.

Looking beyond account management, you’ll also see new tools to help you monitor and manage costs:

View and download consolidated usage and charges, including options for amortized reservation charges.
Analyze and drill into your costs in the portal or schedule automated exports.
Enable tag inheritance to streamline tag-based cost analysis within your account.
Split shared costs to drive more visibility and accountability throughout the organization with cost allocation.
Configure budgets to get alerted before costs exceed predefined thresholds.

With these updates, EA billing account administrators should start to use the Azure portal for all account management needs. Account management from the EA portal will no longer be available for indirect customers starting on February 20, 2023.

Stay tuned for more updates, including support for indirect partners. To learn more, see EA billing administration on the Azure portal or check out the EA billing administration video series.

Recent and pinned views in the Cost analysis preview

Cost analysis is your tool for interactive analytics and insights. It should be your first stop when you need to explore or get quick answers about your costs. Over the past year, you've seen the addition of new smart views and capabilities, like anomaly detection, that offer more insights and help you understand costs more easily in the Cost analysis preview, but many of you have asked where you should start–in Cost analysis or the Cost analysis preview? Now, you don’t have to choose. The Cost analysis preview lets you decide where to start and remembers which views you use most, helping you jump back in and get the answers you need quicker than ever.

Cost analysis comes with various built-in views that summarize:

Cost of your resources at various levels.
Overarching services spanning all your resources.
Amortized reservation usage.
Cost trends over time.

Cost analysis has two types of views: smart views that offer intelligent insights and more details by default and customizable views you can edit, save, and share to meet your needs. The first time you open the Cost analysis preview, you start with a list of all available cost views.

Smart views open in tabs within the Cost analysis preview, allowing you to switch between views as you investigate issues. To open a second view, select the + to the right of the list of tabs. Customizable views open outside of the tabs in Cost analysis, a customizable view editor.

As you explore the different views, you’ll notice that the Cost analysis preview remembers which views you’ve used in the Recent section. Switch to the All views section to explore all built-in and saved views. If there’s a specific view you’d like quick access to, select Pin to recent from the All views list. You also have quick access rename, subscribe, copy a link to, or delete views from this list.

We encourage you to check out these updates and let us know what you’d like to see next. We’re eager to get your feedback as we continue to evolve the experience for you.

Consistent global pricing for the Microsoft Cloud

Earlier this month, we announced that we are taking several steps to align the pricing of our Microsoft Cloud products (such as, Azure, Microsoft 365) globally, meaning organizations will have consistent pricing reflecting the exchange rate of the local currency to the US dollar (USD). Starting April 1, 2023, pricing for Microsoft Cloud products will be adjusted in the following currencies:

GBP: +9%
DKK, EUR and NOK: +11%
SEK: +15%

In the future, we will assess pricing in local currency as part of a regular twice-a-year cadence, taking into consideration currency fluctuations relative to USD. This will provide increased transparency and predictability globally and move to a pricing model that is most common in our industry.

The Microsoft Cloud continues to be priced competitively, and Microsoft remains deeply committed to the success of its customers and partners. We will continue to invest to enable customers to innovate, consolidate and eliminate operating costs, optimize business performance and efficiency, and provide the foundation for a strong security strategy that customers around the world have come to rely on.

Help shape the future of invoice experiences

Do you view, manage, or pay invoices within the Azure portal or Microsoft 365 admin center? We're exploring new capabilities to improve your invoice experience and would love to get your feedback.

If you are interested in chatting about your experience, please sign up here.

Help shape the future of cost management for cloud services

Are you responsible for purchasing, managing, and optimizing cloud solutions and software for your organization? Does your daily job role involve understanding and monitoring cloud spending, discovering services, acquiring or updating licenses and subscriptions, analyzing resource utilization, or paying invoices?

If so, we’d love to talk to you and learn more about your job role in a 60-minute discussion. Please send an email to CE_UXR@microsoft.com and we will get back to you.

What's new in Cost Management Labs

With Cost Management Labs, you get a sneak peek at what's coming in Microsoft Cost Management and can engage directly with us to share feedback and help us better understand how you use the service, so we can deliver more tuned and optimized experiences. Here are a few features you can see in Cost Management Labs:

New: Remember preview features across sessions.
Select the preview features you're interested in from the Try preview menu and you'll see them enabled by default the next time you visit the portal. No need to enable this option—preview features will be remembered automatically in the preview portal.
New: Customers view for Cloud Solution Provider partners.
View a breakdown of costs by customer and subscription in the Cost analysis preview. Note this view is only available for CSP billing accounts and billing profiles. You can enable this option from the Try preview menu.
New: Total KPI tooltip.
View additional details about what costs are included in the Cost analysis preview. You can enable this option from the Try Preview menu.
Update: Recent and pinned views in the cost analysis preview—Now available in the public portal.
Show all classic and preview views in the cost analysis preview and streamline navigation by prioritizing recently used and pinned views. You can see this in the Cost Management Labs or by opting in using Try Preview.
Recommendations view.
View a summary of cost recommendations that help you optimize your Azure resources in the cost analysis preview. You can opt in using Try Preview.
Forecast in the cost analysis preview.
Show your forecast cost for the period at the top of the cost analysis preview. You can opt in using Try preview.
Group related resources in the cost analysis preview.
Group related resources, like disks under VMs or web apps under App Service plans, by adding a “cm-resource-parent” tag to the child resources with a value of the parent resource ID.
Charts in the cost analysis preview.
View your daily or monthly cost over time in the cost analysis preview. You can opt in using Try Preview.
View cost for your resources.
The cost for your resources is one click away from the resource overview in the preview portal. Just click View cost to quickly jump to the cost of that resource.
Change scope from the menu.
Change scope from the menu for quicker navigation. You can opt-in using Try Preview.

Of course, that's not all. Every change in Microsoft Cost Management is available in Cost Management Labs a week before it's in the full Azure portal or Microsoft 365 admin center. We're eager to hear your thoughts and understand what you'd like to see next. What are you waiting for? Try Cost Management Labs today.

New ways to save money in the Microsoft Cloud

This month I’ll share a few updates spread across the Microsoft Cloud:

General availability: DR secondary free with SQL Server on Azure Virtual Machines.
General availability: Arm-based VMs now available in four additional Azure regions.
Preview: License Geo-redundant Disaster Recovery for SQL Managed Instance for free.
Forrester study finds 228 percent ROI when modernizing applications on Azure PaaS.
Microsoft 365 Basic and more.
Microsoft 365 expands data residency offerings.
Dynamics 365 and Power Platform help you do more with less.

New videos and learning opportunities

Sharing a recent Azure Friday video that does a good job of providing an overview of cost management and optimization for Azure:

Managing, reporting, and reducing your costs in Azure (26 minutes).

Follow the Microsoft Cost Management YouTube channel to stay in the loop with new videos as they’re released and let us know what you'd like to see next.

Want a more guided experience? Start with Control Azure spending and manage bills with Microsoft Cost Management.

Documentation updates

As usual, there were plenty of documentation updates since our last update. Here are a few documents that were updated that you might be interested in:

Group and allocate costs using tag inheritance.
Buy an Azure savings plan.
Microsoft Customer Agreement Azure usage and charges file terms.
Assign roles to Azure Enterprise Agreement service principal names.
Troubleshoot a declined card.
Troubleshoot common Cost Management errors.
30 updates based on your feedback.

Want to keep an eye on all documentation updates? Check out the Cost Management and Billing documentation change history in the azure-docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request. You can also submit a GitHub issue. We welcome and appreciate all contributions!

What's next?

These are just a few of the big updates from the last couple of months. Don't forget to check out the previous Microsoft Cost Management updates. We're always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow @MSCostMgmt on Twitter and subscribe to the YouTube channel for updates, tips, and tricks. You can also share ideas and vote up others in the Cost Management feedback forum or join the research panel to participate in a future study and help shape the future of Microsoft Cost Management.
Quelle: Azure