Kategorie: Microsoft Azure

How to choose the right Azure services for your applications—It’s not A or B

This post was co-authored by Ajai Peddapanga, Principal Cloud Solution Architect.

If you have been working with Azure for any period, you might have grappled with the question—which Azure service is best to run my apps on? This is an important decision because the services you choose will dictate your resource planning, budget, timelines, and, ultimately, the time to market for your business. It impacts the cost of not only the initial delivery, but also the ongoing maintenance of your applications.

Traditionally, organizations have thought that they must choose between two platforms, technologies, or competing solutions to build and run their software applications. For example, they ask questions like: Do we use Web Logic or WebSphere for hosting our Java Enterprise applications?, Should Docker Swarm be the enterprise-wide container platform or Kubernetes?, or Do we adopt containers or just stick with virtual machines (VMs)? They try to fit all their applications on platform A or B. This A or B mindset stems from outdated practices that were based on the constraints of the on-premises world, such as packaged software delivery models, significant upfront investments in infrastructure and software licensing, and long lead times required to build and deploy any application platform. With that history, it’s easy to bring the same mindset to Azure and spend a lot of time building a single platform based on a single Azure service that can host as many of their applications as possible—if not all. Then companies try to force-fit all their applications into this single platform, introducing delays and roadblocks that could have been avoided.

There's a better approach possible in Azure that yields higher returns on investment (ROI). As you transition to Azure, where you provision and deprovision resources on an as-needed basis, you don't have to choose between A or B. Azure makes it easy and cost-effective to take a different—and better—approach: the A+B approach. An A+B mindset simply means instead of limiting yourself to a predetermined service, you choose the service(s) that best meet your application needs; you choose the right tool for the right job.

Figure 1: Azure enables you to shift your thinking from an A or B to an A+B mindset, which has many benefits.

With A+B thinking, you can:

Select the right tool for the right job instead of force-fitting use cases to a predetermined solution.
Innovate and go to market faster with the greater agility afforded by the A+B approach.
Accelerate your app modernizations and build new cloud-native apps by taking a modular approach to picking the right Azure services for running your applications.
Achieve greater process and cost efficiencies, and operational excellence.
Build best-in-class applications tailored fit for your business

As organizations expand their decision-making process and technical strategy from an A or B mindset to encompass the possibilities and new opportunities offered with an A+B mindset, there are many new considerations. In our new book, we introduce the principles of the A+B mindset that you can use to choose the right Azure services for your applications. We have illustrated the A+B approach using two Azure services as examples in our book; however, you can apply these principles to evaluate any number of Azure Services for hosting your applications–Azure Spring Apps, Azure App Service, Azure Container Apps, Azure Kubernetes Service, and Virtual Machines are commonly used Azure Services for application hosting. A+B mindset applies to any application, written in any language.

Learn more

Asir and Ajai are the authors of a new Microsoft e-book that helps you transition to an A+B mindset and answer the question: “What is the right service for my applications?” Get the Microsoft e-book to learn more about how to transition to an A+B mindset to choose the right Azure services for your applications.
Quelle: Azure

MLOPs Blog Series Part 3: Testing scalability of secure machine learning systems using MLOps

The capacity of a system to adjust to changes by adding or removing resources to meet demand is known as scalability. Here are some tests to check the scalability of your model.

System testing

System tests are carried out to test the robustness of the design of a system for given inputs and expected outputs (for example, an MLOps pipeline, inference). Acceptance tests (to fulfill user requirements) can be performed as part of system tests.

A/B testing

A/B testing is performed by sending production traffic to alternate systems that will be evaluated. Statistical hypothesis testing is used to decide which system is better.

Figure 1: A/B testing

Canary testing

Canary testing is done by delivering the majority of production traffic to the current system while sending traffic from a small group of users to the new system we're evaluating.

Figure 2: Canary testing

Shadow testing

Sending the same production traffic to various systems is known as shadow testing. Shadow testing is simple to monitor and validates operational consistency.

Figure 3: Shadow testing

Load testing

Load testing is a technique for simulating a real-world load on software, applications, and websites. Load testing simulates numerous users using a software application to simulate the expected usage of the program. It measures the following:

•    Endurance: Whether an application can resist the processing load, it is expected to have to endure for an extended period.
•    Volume: The application is subjected to a large volume of data to test whether the application performs as expected.
•    Stress: Assessing the application's capacity to sustain a specified degree of efficacy in adverse situations.
•    Performance: Determining how a system performs in terms of responsiveness and stability under a particular workload.
•    Scalability: Measuring the application's ability to scale up or down as a reaction to an increase in the number of users.

Load tests can be performed to test the above factors using various software applications. Let’s look at an example of load testing an AI microservice using locust.io. The dashboard in Figure 4 reflects the total requests made to the microservice per second as well as the response times. Using these insights, we can gauge the performance of the AI microservice under a certain load.

Figure 4: Load testing using Locust.io

Learn more

To learn more about the implementation of the above test, watch this demo video and view the code of load testing AI microservices using locust.io. You can check out the code on the load testing microservices GitHub repository. For further details and to learn about hands-on implementation, check out the Engineering MLOps book, or learn how to build and deploy a model in Azure Machine Learning using MLOps in the “Get Time to Value with MLOps Best Practices” on-demand webinar.
Quelle: Azure

Microsoft Cost Management updates – June 2022

Whether you're a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you're spending, where, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Microsoft Cost Management comes in.

We're always looking for ways to learn more about your challenges and how Microsoft Cost Management can help you better understand where you're accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

Viewing cost in the Azure mobile app
Introducing a new API for configuring cost alerts
Prevent budget overages with action groups common alert schema
Amplify your learning experience in Cost Management
Help shape the future of navigation in Cost Management and Billing
What's new in Cost Management Labs
New ways to save money with Microsoft Cloud
New videos and learning opportunities
Documentation updates
Join the Microsoft Cost Management team

Let's dig into the details.

Viewing cost in the Azure mobile app

The Azure mobile app is like having the portal in your pocket, allowing you to stay connected to your Azure resources on the go. In addition to managing access, checking resource status, monitoring health, and all the other great capabilities, you can also keep an eye on the cost of your subscriptions and resource groups. Simply open any subscription or resource group and scroll down to see cost.

Let us know what you’d like to see next!

Introducing a new API for configuring cost alerts

We’ve talked about how one of the most critical aspects of cost management is staying informed about changes to your costs. You already know how to get alerted when cost exceeds predefined thresholds with budgets and you may have seen that you can subscribe to updates of cost analysis views or subscribe to anomaly alerts from the portal. These are all great resources when getting started, but when it comes to getting set up for success at scale, automation is essential. Now you can automate subscribing to views or anomaly alerts with the ScheduledActions API.

Check out the ScheduledActions API to get started today and let us know what new alerts you’d like to see next!

Prevent budget overages with action groups common alert schema

Speaking of automation, the best way to stay within your budget is to automate actions to minimize cost before you exceed your budget. If you’re interested in setting a hard limit on your budget, configure your budget to trigger an action group. Action groups allow you to run custom scripts that can shut down VMs, archive data, or even delete test resources, giving you ultimate control of your finances to ensure you never get surprised.

Cost Management budget alerts now support the Azure Monitor common alert schema, making it easier than ever to automate actions that keep you under your budget.

Learn more about configuring action groups for your budgets and how the Azure Monitor common alert schema can help.

Amplify your learning experience in Cost Management

Cost can be a daunting topic. Whether you’re just getting started or looking to learn more about specific features, there are many ways for you to learn about features – from our monthly blog posts and smaller feature updates to full product documentation and MS Learn modules to videos on YouTube. And that’s just scratching the surface. In an effort to help streamline your learning experience, you can now explore the many learning options from the Cost Management overview.

Check out Cost Management tutorials yourself and let us know what you’d like to see added.

Help shape the future of navigation in Cost Management and Billing

Do you manage the billing account or monitor cloud costs for your team or organization? We’re exploring navigation pathways for key tasks within the Azure portal and would love to get your feedback in a 30-minute, unmoderated walkthrough.

If you are interested in participating in this study, please contact our research team and we’ll schedule a time.

What's new in Cost Management Labs

With Cost Management Labs, you get a sneak peek at what's coming in Microsoft Cost Management and can engage directly with us to share feedback and help us better understand how you use the service, so we can deliver more tuned and optimized experiences. Here are a few features you can see in Cost Management Labs:

Update: Cost Management tutorials – Now available in the public portal
Whether you’re just getting started or looking to learn more about specific features, tutorials are now a click away from the Cost Management overview in Cost Management Labs.
Product column experiment in the cost analysis preview
We’re testing new columns in the Resources and Services views in the cost analysis preview for Microsoft Customer Agreement. You may see a single Product column instead of the Service, Tier, and Meter columns. Please leave feedback to let us know which you prefer.
Group-related resources in the cost analysis preview
Group-related resources, like disks under VMs or web apps under App Service plans, by adding a “costanalysis-parent” tag to the child resources with a value of the parent resource ID. Wait 24 hours for tags to be available in usage and your resources will be grouped. Leave feedback to let us know how we can improve this experience further for you.
Charts in the cost analysis preview
View your daily or monthly cost over time in the cost analysis preview. You can opt-in using Try Preview.
View cost for your resources
The cost for your resources is one click away from the resource overview in the preview portal. Just click View cost to quickly jump to the cost of that particular resource.
Change scope from the menu
Change scope from the menu for quicker navigation. You can opt-in using Try Preview.

Of course, that's not all. Every change in Microsoft Cost Management is available in Cost Management Labs a week before it's in the full Azure portal. We're eager to hear your thoughts and understand what you'd like to see next. What are you waiting for? Try Cost Management Labs today.

New ways to save money with Microsoft Cloud

Lots of cost optimization improvements over the last month! Here are some of the generally available offers you might be interested in:

NC A100 v4 virtual machines for AI.
DCsv3 and DCdsv3 series virtual machines.
Azure Arc-enabled SQL Managed Instance Business Critical.
Increased size of Stream Analytics jobs and cluster.
Azure Ebsv5 now available in 13 additional regions.
Azure Databricks available in Sweden Central and West Central US.

And here are some of the new previews:

New Cosmos DB features for scalable, cost-effective application development.
Azure Cosmos DB serverless container storage limit increase to 1TB.
16MB limit per document in API for MongoDB.
Autoscale Stream Analytics jobs.

New videos and learning opportunities

Here’s a new video you might be interested in:

MySQL Developer Essentials Season 1 Episode 3: Cost management and optimization (9 minutes).

Follow the Microsoft Cost Management YouTube channel to stay in the loop with new videos as they’re released and let us know what you'd like to see next.

Want a more guided experience? Start with Control Azure spending and manage bills with Microsoft Cost Management.

Documentation updates

Here are a few documentation updates you might be interested in:

New FAQ: When does Azure finalize or close the billing cycle of a closed month?
New tutorial: Update tax details for an Azure billing account.
New tutorial: Elevate access to manage billing accounts.
New tutorial: How to create an anomaly alert.
Added additional details about the anomaly detection model.
Payment updates to account for the Reserve Bank of India regulation for recurring payments.
Split out tutorials for creating subscriptions for EA, CSP, MCA (same directory), and MCA (separate directory).
Marketplace price list in the EA portal has been retired.
Budget API is preferred over Azure PowerShell/CLI.

Want to keep an eye on all of the documentation updates? Check out the Cost Management and Billing documentation change history in the azure-docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request.

Join the Microsoft Cost Management team

Are you excited about helping customers and partners better manage and optimize costs? We're looking for passionate, dedicated, and exceptional people to help build best in class cloud platforms and experiences to enable exactly that. If you have experience with big data infrastructure, reliable and scalable APIs, or rich and engaging user experiences, you'll find no better challenge than serving every Microsoft customer and partner in one of the most critical areas for driving cloud success.

Watch the video below to learn more about the Microsoft Cost Management team:

Join our team.

What's next?

These are just a few of the big updates from last month. Don't forget to check out the previous Microsoft Cost Management updates. We're always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow @MSCostMgmt on Twitter and subscribe to the YouTube channel for updates, tips, and tricks. You can also share ideas and vote up others in the Cost Management feedback forum or join the research panel to participate in a future study and help shape the future of Microsoft Cost Management.

We know these are trying times for everyone. Best wishes from the Microsoft Cost Management team. Stay safe and stay healthy.
Quelle: Azure

Azure Orbital Ground Station as Service extends life and reduces costs for satellite operators

How can Microsoft empower satellite operators to focus on their mission and enable them to continue the operation of their satellites, without making capital investments in their ground infrastructure?

To answer that question, Microsoft worked alongside the National Oceanic and Atmospheric Administration (NOAA), and our partner Xplore, to demonstrate how the commercial cloud can provide satellite mission management for NOAA’s legacy polar satellites (NOAA-18)—extending the mission life of these satellites while reducing the cost of operation through Azure Orbital Ground Station as-a-Service (GSaaS).

Partnering with the National Oceanic and Atmospheric Administration and Xplore

The initiative was part of a year-long cooperative research and development agreement (CRADA) with NOAA, where we worked together to determine the ability of the Azure Orbital platform to connect and downlink data from NOAA satellites. NOAA also tested the ability of Microsoft Azure to comply with specified security controls in a rapid and effective manner. Our cloud-based solutions performed successfully across all measures.

Partners are central to Microsoft’s approach to space, and they played a key role in this project. As part of the CRADA, we leveraged our partner network to bring together Azure Orbital with Xplore’s Major Tom mission control software platform. This approach enabled NOAA to transmit commands to the NOAA-18 spacecraft and verify the receipt of these commands. This test was conducted in real-time, and data was flowing bi-directionally with the NOAA-18 satellite.

Commercial technology enabled the rapid demonstration of these innovative capabilities. Xplore was able to move quickly to bring functions of NOAA’s heritage space system architecture to the Azure cloud through their Major Tom platform. This highlights the power of Azure as a platform to bring together Azure Orbital as the ground station, Major Tom to provide the mission control software for commanding and telemetry viewing, and the NOAA operators to monitor the scenarios.

This successful demonstration shows that the Azure Orbital GSaaS, and the partner network it brings together, enables sustainable outcomes for satellite operators. Our work with NOAA is just the beginning of the journey. We look forward to partnering with additional satellite operators to help them reduce their infrastructure management costs, lower latency, increase capacity and resiliency, and empower their missions through the power of Azure Orbital GSaaS and the Azure cloud.

Learn more about Azure Orbital and Azure Space

To learn more about Azure Orbital GSaaS, visit our product page, or take a look at the session with Microsoft Mechanics, which goes into more detail on how we connect space satellites around the world and bring earth observational data into Azure for analytics via Microsoft and partner ground stations. We demonstrate how it works and how it fits into Microsoft’s strategy with Azure Space to bring cloud connectivity everywhere on earth and to make space satellite data accessible for everyday use cases.

More broadly, Azure Space marks the convergence between global satellite constellations and the cloud. As the two join together, our purpose is to bring cloud connectivity to even the most remote corners of the earth, connect to satellites, and harness the vast amount of data collected from space. This can help solve both long-term trending issues affecting the earth like climate change, or short-term real-time issues such as connected agriculture, monitoring and controlling wildfires, or identifying supply chain bottlenecks.

Learn more about Azure Space today.
Quelle: Azure

MLOPs Blog Series Part 2: Testing robustness of secure machine learning systems using machine learning ops

Robustness is the ability of a closed-loop system to tolerate perturbations or anomalies while system parameters are varied over a wide range. There are three essential tests to ensure that the machine learning system is robust in the production environments: unit testing, data and model testing, and integration testing.

Unit testing

Tests are performed on individual components that each have a single function within the bigger system (for example, a function that creates a new feature, a column in a DataFrame, or a function that adds two numbers). We can perform unit tests on individual functions or components; a recommended method for performing unit tests is the Arrange, Act, Assert (AAA) approach:

1.    Arrange: Set up the schema, create object instances, and create test data/inputs.
2.    Act: Execute code, call methods, set properties, and apply inputs to the components to test.
3.    Assert: Check the results, validate (confirm that the outputs received are as expected), and clean (test-related remains).

Data and model testing

It is important to test the integrity of the data and models in operation. Tests can be performed in the MLOps pipeline to validate the integrity of data and the model robustness for training and inference. The following are some general tests that can be performed to validate the integrity of data and the robustness of the models:

1.    Data testing: The integrity of the test data can be checked by inspecting the following five factors—accuracy, completeness, consistency, relevance, and timeliness. Some important aspects to consider when ingesting or exporting data for model training and inference include the following:

•    Rows and columns: Check rows and columns to ensure no missing values or incorrect patterns are found.

•    Individual values: Check individual values if they fall within the range or have missing values to ensure the correctness of the data.

•    Aggregated values: Check statistical aggregations for columns or groups within the data to understand the correspondence, coherence, and accuracy of the data.

2.   Model testing: The model should be tested both during training and after it has been trained to ensure that it is robust, scalable, and secure. The following are some aspects of model testing:

•    Check the shape of the model input (for the serialized or non-serialized model).

•    Check the shape and output of the model.

•    Behavioral testing (combinations of inputs and expected outputs).

•    Load serialized or packaged model artifacts into memory and deployment targets. This will ensure that the model is de-serialized properly and is ready to be served in the memory and deployment targets.

•    Evaluate the accuracy or key metrics of the ML model.

Integration testing

Integration testing is a process where individual software components are combined and tested as a group (for example, data processing or inference or CI/CD).

Figure 1: Integration testing (two modules)

Let’s look at a simple hypothetical example of performing integration testing for two components of the MLOps workflow. In the Build module, data ingestion and model training steps have individual functionalities, but when integrated, they perform ML model training using data ingested to the training step. By integrating both module 1 (data ingestion) and module 2 (model training), we can perform data loading tests (to see whether the ingested data is going to the model training step), input and outputs tests (to confirm that expected formats are inputted and outputted from each step), as well as any other tests that are use case-specific.

In general, integration testing can be done in two ways:

1.    Big Bang testing: An approach in which all the components or modules are integrated simultaneously and then tested as a unit.

2.    Incremental testing: Testing is carried out by merging two or more modules that are logically connected to one another and then testing the application's functionality. Incremental tests are conducted in three ways:

•    Top-down approach

•    Bottom-up approach

•    Sandwich approach: a combination of top-down and bottom-up

Figure 2: Integration testing (incremental testing)

The top-down testing approach is a way of doing integration testing from the top to the bottom of the control flow of a software system. Higher-level modules are tested first, and then lower-level modules are evaluated and merged to ensure software operation. Stubs are used to test modules that aren't yet ready. The advantages of a top-down strategy include the ability to get an early prototype, test essential modules on a high-priority basis, and uncover and correct serious defects sooner. One downside is that it necessitates a large number of stubs, and lower-level components may be insufficiently tested in some cases.

The bottom-up testing approach tests the lower-level modules first. The modules that have been tested are then used to assist in the testing of higher-level modules. This procedure is continued until all top-level modules have been thoroughly evaluated. When the lower-level modules have been tested and integrated, the next level of modules is created. With the bottom-up technique, you don’t have to wait for all the modules to be built. One downside is those essential modules (at the top level of the software architecture) that impact the program's flow are tested last and are thus more likely to have defects.
The sandwich testing approach tests top-level modules alongside lower-level modules, while lower-level components are merged with top-level modules and evaluated as a system. This is termed hybrid integration testing because it combines top-down and bottom-up methodologies.

Learn more

For further details and to learn about hands-on implementation, check out the Engineering MLOps book, or learn how to build and deploy a model in Azure Machine Learning using MLOps in the “Get Time to Value with MLOps Best Practices” on-demand webinar. Also, check out our recently announced blog about solution accelerators (MLOps v2) to simplify your MLOps workstream in Azure Machine Learning.
Quelle: Azure

Responsible AI investments and safeguards for facial recognition

A core priority for the Cognitive Services team is to ensure its AI technology, including facial recognition, is developed and used responsibly. While we have adopted six essential principles to guide our work in AI more broadly, we recognized early on that the unique risks and opportunities posed by facial recognition technology necessitate its own set of guiding principles.

To strengthen our commitment to these principles and set up a stronger foundation for the future, Microsoft is announcing meaningful updates to its Responsible AI Standard, the internal playbook that guides our AI product development and deployment. As part of aligning our products to this new Standard, we have updated our approach to facial recognition including adding a new Limited Access policy, removing AI classifiers of sensitive attributes, and bolstering our investments in fairness and transparency.

Safeguards for responsible use

We continue to provide consistent and clear guidance on the responsible deployment of facial recognition technology and advocate for laws to regulate it, but there is still more we must do.

Effective today, new customers need to apply for access to use facial recognition operations in Azure Face API, Computer Vision, and Video Indexer. Existing customers have one year to apply and receive approval for continued access to the facial recognition services based on their provided use cases. By introducing Limited Access, we add an additional layer of scrutiny to the use and deployment of facial recognition to ensure use of these services aligns with Microsoft’s Responsible AI Standard and contributes to high-value end-user and societal benefit. This includes introducing use case and customer eligibility requirements to gain access to these services. Read about example use cases, and use cases to avoid, here. Starting June 30, 2023, existing customers will no longer be able to access facial recognition capabilities if their facial recognition application has not been approved. Submit an application form for facial and celebrity recognition operations in Face API, Computer Vision, and Azure Video Indexer here, and our team will be in touch via email.

Facial detection capabilities (including detecting blur, exposure, glasses, head pose, landmarks, noise, occlusion, and facial bounding box) will remain generally available and do not require an application.

In another change, we will retire facial analysis capabilities that purport to infer emotional states and identity attributes such as gender, age, smile, facial hair, hair, and makeup. We collaborated with internal and external researchers to understand the limitations and potential benefits of this technology and navigate the tradeoffs. In the case of emotion classification specifically, these efforts raised important questions about privacy, the lack of consensus on a definition of “emotions,” and the inability to generalize the linkage between facial expression and emotional state across use cases, regions, and demographics. API access to capabilities that predict sensitive attributes also opens up a wide range of ways they can be misused—including subjecting people to stereotyping, discrimination, or unfair denial of services.

To mitigate these risks, we have opted to not support a general-purpose system in the Face API that purports to infer emotional states, gender, age, smile, facial hair, hair, and makeup. Detection of these attributes will no longer be available to new customers beginning June 21, 2022, and existing customers have until June 30, 2023, to discontinue use of these attributes before they are retired.

While API access to these attributes will no longer be available to customers for general-purpose use, Microsoft recognizes these capabilities can be valuable when used for a set of controlled accessibility scenarios. Microsoft remains committed to supporting technology for people with disabilities and will continue to use these capabilities in support of this goal by integrating them into applications such as Seeing AI.

Responsible development: improving performance for inclusive AI

In line with Microsoft’s AI principle of fairness and the supporting goals and requirements outlined in the Responsible AI Standard, we are bolstering our investments in fairness and transparency. We are undertaking responsible data collections to identify and mitigate disparities in the performance of the technology across demographic groups and assessing ways to present this information in a way that would be insightful and actionable for our customers.

Given the potential socio-technical risks posed by facial recognition technology, we are looking both within and beyond Microsoft to include the expertise of statisticians, AI/ML fairness experts, and human-computer interaction experts in this effort. We have also consulted with anthropologists to help us deepen our understanding of human facial morphology and ensure that our data collection is reflective of the diversity our customers encounter in their applications.

While this work is underway, and in addition to the safeguards described above, we are providing guidance and tools to empower our customers to deploy this technology responsibly. Microsoft is providing customers with new tools and resources to help evaluate how well the models are performing against their own data and to use the technology to understand limitations in their own deployments. Azure Cognitive Services customers can now take advantage of the open-source Fairlearn package and Microsoft’s Fairness Dashboard to measure the fairness of Microsoft’s facial verification algorithms on their own data—allowing them to identify and address potential fairness issues that could affect different demographic groups before they deploy their technology. We encourage you to contact us with any questions about how to conduct a fairness evaluation with your own data.

We have also updated the transparency documentation with guidance to assist our customers to improve the accuracy and fairness of their systems by incorporating meaningful human review to detect and resolve cases of misidentification or other failures, by providing support to people who believe their results were incorrect, and by identifying and addressing fluctuations in accuracy due to variation in operational conditions.

In working with customers using our Face service, we also realized some errors that were originally attributed to fairness issues were caused by poor image quality. If the image someone submits is too dark or blurry, the model may not be able to match it correctly. We acknowledge that this poor image quality can be unfairly concentrated among demographic groups.

That is why Microsoft is offering customers a new Recognition Quality API that flags problems with lighting, blur, occlusions, or head angle in images submitted for facial verification. Microsoft also offers a reference app that provides real-time suggestions to help users capture higher-quality images that are more likely to yield accurate results.

To leverage the image quality attribute, users need to call the Face Detect API. See the Face QuickStart to test out the API.

Looking to the future

We are excited about the future of Azure AI and what responsibly developed technologies can do for the world. We thank our customers and partners for adopting responsible AI practices and being on the journey with us as we adapt our approach to new responsible AI standards and practices. As we launch the new Limited Access policy for our facial recognition service, in addition to new computer vision features, your feedback will further advance our understanding, practices, and technology for responsible AI.

Learn more at the Limited Access FAQ.
Quelle: Azure

Discover how you can innovate anywhere with Azure Arc

Welcome to Azure Hybrid, Multicloud, and Edge Day—please join us for the digital event. Today, we’re sharing how Azure Arc extends Azure platform capabilities to datacenters, edge, and multicloud environments through an impactful, 90-minute lineup of keynotes, breakouts, and technical sessions available live and on-demand. As part of today’s event, we’re announcing the general availability of Azure Machine Learning for hybrid and multicloud deployments with Azure Arc. Now you can build, train, and deploy your machine learning models right where the data lives, such as your new or existing hardware and IoT devices.

When I talk with customers, one of the things I hear most frequently is how new cloud-based applications drive business forward. And as these new applications are built, they need to take full advantage of the agility, efficiency, and speed of cloud innovation. However, not all applications and infrastructure they run on can physically reside in the cloud. That’s why 93 percent of enterprises are committed to hybrid deployments for their on-premises, multicloud, and edge workloads.1

With Azure, we meet you where you are, so you can innovate anywhere. The Azure cloud platform helps you bring new solutions to life—to solve today’s challenges and create the future. Azure Arc is a bridge that extends the Azure platform so you can build applications and services with the flexibility to run across datacenters, edge, and multicloud environments.

Azure Arc provides a consistent development, operations, and security model for both new and existing applications. Our customers are using it to revolutionize their businesses, whether they’re building on new and existing hardware, virtualization and Kubernetes platforms, IoT devices, or integrated systems.

I’m constantly amazed by the ways people are using Azure and Azure Arc to create innovative solutions, and at the same time, overcome longstanding security and governance challenges.

John Deere brings modern cloud benefits on-premises and at the edge with hybrid data services

The iconic green and yellow John Deere tractors are a familiar sight in fields around the world. With a well-stocked technology portfolio that spans cloud platforms, on-premises datacenters, and edge devices at factories, John Deere’s modernization strategy makes the most of its assets while cultivating a path for the future.

Together with Azure Arc–enabled SQL Managed Instance, John Deere helps connect the dots across all these environments and puts the power of the cloud to work in the company’s existing infrastructure. The result? A unified view of operations across platforms that pivots on Azure Arc, helping John Deere to optimize manufacturing operations. Together with Azure Arc–enabled SQL Managed Instance, the hybrid solution is helping John Deere drive down operational costs and accelerate innovation.

Another opportunity the cloud provides is to transform data insights into new products and services. For years, Azure has provided machine learning and IoT solutions to unlock signals and data from the physical world. Azure Arc brings data services from Azure, like SQL, PostgreSQL, and Machine Learning so you can harness data insights from edge to cloud with an end-to-end solution from local data collection, compute, storage, and real-time analysis.

We recently announced Azure Arc–enabled SQL Managed Instance Business Critical is now generally available. The Business Critical tier of Azure Arc–enabled SQL Managed Instance is built for mission-critical workloads requiring the most demanding performance, high availability, and security. Azure Arc–enabled SQL Managed Instance comes from the same evergreen SQL in Azure that is always up to date with no end of support.

Wolverine Worldwide analyzes sensitive data on-premises to optimize the supply chain

Wolverine Worldwide owns beloved activewear and lifestyle brands such as Chaco, Saucony, Merrell, Keds, Sperry, and more. When the pandemic created a new set of unanticipated supply chain challenges across the global economy, Wolverine turned to cloud innovation to help its 13 brands.

“Previously, data was a little tough to get at. It was either a gut feel, or the opportunity bypassed us while we were doing our analysis. With Azure Arc, Wolverine can use Azure Machine Learning and data services to analyze holistically data from the supply chain, manufacturing, and its ecommerce business while keeping sensitive data on-premises.”—Jason Miller, Vice President for Enterprise Data, Planning & Analytics, Wolverine Worldwide

Whether you want to secure and govern servers or create a self-service experience on VMware from Azure, Azure Arc is validated on a variety of infrastructures so you can always get your applications and data to run where you need them.

Businesses can start with Azure Stack HCI support for single-node clusters, which is generally available, for flexibility to deploy Azure Stack HCI in smaller spaces and with lower processing needs. Additionally, we’re announcing today that Windows Admin Center can now manage your Azure Arc–enabled servers and Azure Stack HCI clusters from the Azure Portal. Using this functionality, you can securely manage your servers and clusters from Azure—without needing a VPN, public IP address, or other inbound connectivity to your machine.

Greggs modernizes security and operations

A bakery and coffee shop in the UK with over 2,200 retail locations, Greggs is another customer using Azure Arc–enabled security and management tools. The company needed visibility across its digital estate from on-premises Windows Servers to Kubernetes running in AKS.

“By deploying Azure Arc, we can use Microsoft Defender for Cloud for our on-premises server estate, something we couldn’t do before. We’ve gained significant security benefits—like secure risk score, compliance scoring, and assessments. The central aggregation of logs shows us if a security event actually occurs across multiple devices so that we can pinpoint potential causes.”—Scott Clennell, Head of Infrastructure and Networks, Greggs

For customers like Greggs, we continue to innovate on Azure Arc–enabled servers. We recently announced Azure Arc–enabled servers support for private endpoints, a new servers monitoring workbook created in the public Azure Monitor GitHub repository, and a preview of SSH access to Azure Arc–enabled servers.

With Azure Arc, you have access today to a comprehensive set of Azure services, such as Microsoft Defender for Cloud, Microsoft Sentinel, Azure Policy, Azure Monitor, and more to secure and manage resources and data anywhere.

Millennium bcp streamlines multicloud app deployments with Azure Arc

“We needed…the ability to move a workload running in an Azure Kubernetes Service (AKS) cluster to a Google Cloud Platform or Amazon Web Services cluster, or vice versa, in case of emergency. We needed something that could help us turn those into an enterprise-level service. That’s where Azure Arc came in.”—Nuno Guedes, Cloud Compute Lead, Millennium bcp

Millennium bcp is the largest private bank in Portugal and uses Azure Arc for a standard approach to deploy containers to its multicloud environment. Azure Arc helps companies like Millennium build and modernize cloud-native apps on any Kubernetes using familiar developer tools, like Visual Studio Code and GitHub, as well as implement consistent GitOps and policy-driven deployments across environments.

To support our customers’ app development, we recently announced GitOps with Flux v2 in AKS and Azure Arc–enabled Kubernetes, general availability of Arc–enabled Open Service Mesh, general availability of Azure Key Vault Secrets Provider extension, and the landing zone accelerator for Azure Arc–enabled Kubernetes.

Finally, a huge thank you to our partners and customers in the Azure Arc community. We hope you will enjoy the event and learn how Azure Arc can benefit your organization. We look forward to connecting and listening to your feedback.

Azure Hybrid, Multicloud, and Edge Day highlights

You can access everything on-demand, and check out the additional demos and customer stories in the event portal. Enjoy the event experience. I can’t wait to see how you innovate anywhere.

1Hybrid & Multicloud Perceptions Survey, Microsoft.
Quelle: Azure

Simplify and centralize network security management with Azure Firewall Manager

We are excited to share that Azure Web Application Firewall (WAF) policy and Azure DDoS Protection plan management in Microsoft Azure Firewall Manager is now generally available.

With an increasing need to secure cloud deployments through a Zero Trust approach, the ability to manage network security policies and resources in one central place is a key security measure.

Today, you can now centrally manage Azure Web Application Firewall (WAF) to provide Layer 7 application security to your application delivery platforms, Azure Front Door, and Azure Application Gateway, in your networks and across subscriptions. You can also configure DDoS Protection Standard for protecting your virtual networks from Layer 3 and Layer 4 attacks.

Azure Firewall Manager is a central network security policy and route management service that allows administrators and organizations to protect their networks and cloud platforms at a scale, all in one central place. 

Azure Web Application Firewall is a cloud-native web application firewall (WAF) service that provides powerful protection for web apps from common hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting.

Azure DDoS Protection Standard provides enhanced Distributed Denial-of-Service (DDoS) mitigation features to defend against DDoS attacks. It is automatically tuned to protect all public IP addresses in virtual networks. Protection is simple to enable on any new or existing virtual network and does not require any application or resource changes. 

By utilizing both WAF policy and DDoS protection in your network, this provides multi-layered protection across all your essential workloads and applications.

WAF policy and DDoS Protection plan management are an addition to Azure Firewall management in Azure Firewall Manager.

Centrally protect your application delivery platforms using WAF policies 

In Azure Firewall Manager, you can now manage and protect your Azure Front Door or Application Gateway deployments by associating WAF policies, at scale. This allows you to view all your key deployments in one central place, alongside Azure Firewall deployments and DDoS Protection plans.

Upgrade from WAF configuration to WAF policy

In addition, the platform supports administrators to upgrade from a WAF config to WAF policies for Application Gateways, by selecting the service and Upgrade from WAF configuration. This allows for a more seamless process for migrating to WAF policies, which supports WAF policy settings, managed rulesets, exclusions, and disabled rule-groups.

As a note, all WAF configurations that were previously created in Application Gateway can be done through WAF policy.

Manage DDoS Protection plans for your virtual networks

You can enable DDoS Protection Plan Standard on your virtual networks listed in Azure Firewall Manager, across subscriptions and regions. This allows you to see which virtual networks have Azure Firewall and/or DDoS protection in a single place.

View and create WAF policies and DDoS Protection Plans in Azure Firewall Manager

You can view and create WAF policies and DDoS Protection Plans from the Azure Firewall Manager experience, alongside Azure Firewall policies.

In addition, you can import existing WAF policies to create a new WAF policy, so you do not need to start from scratch if you want to maintain similar settings.

Monitor your overall network security posture

Azure Firewall Manager provides monitoring of your overall network security posture. Here, you can easily see which virtual networks and virtual hubs are protected by Azure Firewall, a third-party security provider, or DDoS Protection Standard. This overview can help you identify and prioritize any security gaps that are in your Azure environment, across subscriptions or for the whole tenant.

Coming soon, you’ll also be able to view your Application Gateway and Azure Front Door monitors, for a full network security overview.

Learn more

To learn more about these features in Azure Firewall Manager, visit the Manage Web Application Firewall policies tutorial, WAF on Application Gateway documentation, and WAF on Azure Front Door documentation. For DDoS information, visit the Configure Azure DDoS Protection Plan using Azure Firewall Manager tutorial and Azure DDoS Protection documentation.

To learn more about Azure Firewall Manager, please visit the Azure Firewall Manager home page.
Quelle: Azure