Azure Maps Power BI visual now in preview

The Azure Maps visual for Power BI will be releasing as a preview this week. Power BI is a powerful analysis and visualization tool. Azure Maps is an important tool for gaining geospatial context and insights that can be used in decision making.

This initial release includes the following visualization layers:

Bubble layer
3D bar chart layer
Reference layer
Custom tile layer
Real-time traffic overlay

In addition to these visualization layers, this visual also leverages built-in Power BI features, such as tooltips, color themes, as wells as filter and slicer support.

Bubble layer—represent location data as scaled circles

Bubble layers are a great way to represent location data as scaled circles on the map. Customers can use a linear scaling method or customize the scaling logic using a logarithmic or Cubic-Bezier curve. Additionally, users can pass a value into the legend field and have the fill color of the circles dynamically set; and, outline the circles with a single color or enable the high contrast outline option to have a high contrast variant of the fill color assigned to the circle to help ensure the circles are clearly visible regardless of which style the map is set to. Allowing the user to easily visualize two metrics for each location on the map, scale, and category.

For example, the following image shows bicycle accident locations in North Carolina. The color indicates the speed limit of the road the accident occurred on and the size is based on the number of individuals involved in the accident.

3D bar chart layer—visualize location data as 3D bars or cylinders

3D bar charts are useful for taking data to the next dimension by allowing visualization of location data as 3D bars or cylinders on the map. Users can tilt and rotate the map by holding down the right mouse button and dragging or use one of the navigation controls to view your data from different perspectives.

Similar to the bubble layer, the bar chart later can easily visualize two metrics at the same time using color and relative height. The following map displays store locations with bar heights representing the revenue generated from each location, colored by sales region.

Reference layer—overlay additional data layers to add more context

Power BI currently allows a single data set to be connected to a visual. However, when working with maps, its often desirable to be able to overlay additional data layers to add more context to a report. With this feature, a GeoJSON file containing custom location data can be uploaded and overlaid on the map. Properties in the GeoJSON file can be used to customize the style of the shapes.

For example, the following map image adds a GeoJSON file of census tract boundaries colored by population below a layer of addresses colored by real estate value. This provides insights on how population density is related to property values.

Custom tile layer—superimpose images on top of Azure Maps base map tiles

Overlay a custom tile layer on the map to add an additional layer of context. Tile layers allow you to superimpose images on top of Azure Maps base map tiles. Overlay weather data from the Azure Maps weather services or bring your own tile service.

The following map displays a bubble layer of sales data of store selling sunglasses above a tile layer showing current weather radar from Azure Maps. In this case, we can easily see that less sales of sunglasses are occurring where it is rain.

Real-time traffic overlay—see how traffic congestion relates to your data

Users can overlay real-time traffic flow data to see how traffic congestion relates to their data. For example, the following map is showing the position of field technicians rendered as a bubble layer on the map colored by their experience level and scaled by the amount of remaining time on their current job. Real-time traffic is overlaid on the map and provides a quick visual reference of which technicians are most likely be delayed getting to their next job due to traffic congestion.

Get started with the Azure Maps visual for Power BI

To get started using the Azure Maps visual, first enable it in the Power BI desktop app. To do this, open the options panel though File > Options and settings. Go to the Preview features options and select the Azure Maps visual. Once this is done you will also be able to use this visual in the Power BI website.

This is just the beginning! We have lots of exciting new features planned. Have a feature request? Let us know or vote for an existing request on our feedback site.

Learn more about the Azure Maps Power BI visual.
Quelle: Azure

Azure Files support and new updates in advanced threat protection for Azure Storage

A year ago we announced the general availability of advanced threat protection for Azure Storage, to help our customers better protect their data in blob containers from the growing risk of cyberattacks. Since then, advanced threat protection for Azure Storage has been protecting millions of storage accounts and helping customers to detect common threats such as malware, access from suspicious sources (including TOR exit nodes), data exfiltration activities, and more.

Today we’re excited to announce the preview of extending advanced threat protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API, helping our customers to protect their data stored in file shares and data stores designed for enterprise big data analytics.

Growing demand to secure file shares and data lakes

More and more organizations are moving their data to the cloud, seeking better security and data protection, data modernization, and optimized cost and performance of IT operations. It’s expected that over 80 percent of enterprise workloads will be in the cloud by the end of 2020.

This growing demand has also increased the popularity of Azure Files Storage, which delivers secure, Server Message Block (SMB) based, fully managed cloud file shares that can also be cached on-premises for performance and compatibility.

With Azure Files, organizations get the added benefit of a secure storage infrastructure that is massively scalable, and globally available. Even with all these capabilities, it’s still essential to bolster cybersecurity, especially with the growing complexity and sophistication of cyberattacks.

In addition, we’re seeing the growing demand for data stores optimized for big data analytics, and the need to serve and manage massive amounts of data. Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob storage while focusing on performance, management and security, it supports serving multiple petabytes of information while sustaining hundreds of gigabits.

What’s included in advanced threat protection for Azure Files and ADLS Gen2 API

Advanced threat protection for Azure Storage provides an additional layer of security intelligence that provides alerts when it detects unusual and potentially harmful attempts to access or exploit your storage accounts. This layer of protection allows you to address threats without being a security expert or managing security monitoring systems.

Security alerts are triggered when anomalies in activity occur. These security alerts are integrated with Azure Security Center and are also sent via email to subscription administrators, with details of suspicious activity and recommendations on how to investigate and remediate threats.
 

Besides the built-in security of Azure file shares and data lakes, customers of advanced threat protection for Azure Storage also benefit from:

World-class algorithms that learn, profile, and detect unusual or suspicious activity in your file shares.
Actionable alerts in a centralized view in Azure Security Center with optional email notifications.
Integration with Azure Sentinel for efficient threat investigation.
Azure-native support for Azure Files with one click enablement from the Azure portal and with no need to modify your application code.

Get started today

We encourage you to try out advanced threat protection for Azure Storage and start detecting potential threats on your Azure Files shares and Azure Blob containers. Advanced threat protection for Azure Storage needs to be enabled on the storage accounts containing the files shares and blob containers you want to protect.

We recommend enabling advanced threat protection for Azure storage on the subscription level by following the instructions here: Configure advanced threat protection for Azure Storage.

Learn more about the pricing of advanced threat protection for Storage price in Azure Security Center pricing page.

For more information on Azure Security Center, please visit Azure Security Center web page.
Quelle: Azure

Making buildings smarter with Azure IoT

Commercial real estate developers, building owners, facilities management companies, and tenants have a huge opportunity to address, and solve for, the unique business challenges faced by their industry, by applying the Internet of Things (IoT) to buildings. For example, by leveraging data from IoT sensors and building management systems, companies can gain insights that enable them to save energy, reduce operational expenses, increase occupant comfort, and optimize space.

However, the COVID-19 crisis has presented a new set of challenges for developers, owners, and management companies. New forecasts show the smart building market size growing between 7.3 percent and 11.6 percent annually to overall market revenues of between $65.2 billion and $82.7 billion USD in 2025.1

Smart buildings also help companies meet regulations for tracking and reducing greenhouse gas emissions.

Let’s look at how Bosch Building Technologies, Bentley Systems, Schneider Electric, and ICONICS use Azure IoT to deliver the benefits of smart buildings.

Decreasing energy requirements

The American Council for an Energy-Efficient Economy estimates that implementing smart building technology in an existing building can result in energy savings of 30–50 percent.2 For example, companies can combine data from occupancy sensors with data from HVAC and lighting systems to lower room temperatures and turn lights off in unoccupied rooms.

Bosch Building Technologies developed an in-house Energy Platform to analyze energy consumption and pursue ongoing energy efficiency. Based on Microsoft Azure, the Energy Platform monitors and analyzes energy consumption in real-time. Bosch customers use the Energy Platform to connect to IoT enabled devices and then link to existing meters, sensors, and machines. Customers can make informed decisions to improve energy and resource efficiency.

Bosch offers the solution to customers and uses it internally at more than 100 manufacturing plants worldwide. At one of their larger plants, Bosch saves up to €1.2 million (approximately $1.3 million USD) a year.

Bosch also created a Building Intelligence as a Service program to provide new IoT-based services for customers. Bosch adopted Azure Digital Twins as part of their Connected Building Services offering. By leveraging Azure Digital Twins, the company can query data from entire rooms or spaces, rather than from disparate sensors, to build complete digital models of the physical building environment.

By using Azure Digital Twins, Bosch gains more precise data for a wide range of building technology systems. With this level of precision, it’s easier for customers to fully understand data points, consumption results, context, and how they relate to the physical environment to quickly gain insights on energy usage to inform their business decisions.

Human factor design of new buildings can help decrease energy requirements.

Creating a connected workplace

At Microsoft’s Frasers Tower in Singapore, Bentley Systems and Schneider Electric implemented sensors and telemetry to create a connected workplace. They used a mix of 179 Bluetooth beacons in meeting rooms and 900 sensors for lighting, air quality, and temperature. The platform generates nearly 2,100 data points that are stored and analyzed in Azure. Using the data, Microsoft optimizes various aspects of the spaces, making them more comfortable for employees, while reducing energy consumption in a sustainable and economical manner.

Additionally, Bentley Systems built a digital twin of the Fraser Towers on its Bentley iTwin platform—using Azure Digital Twins, Azure IoT Hub, and Azure Time Series Insights. The iTwin platform uses both historical and real-time data from IoT sensors to create an exact digital replica of the physical building. The building management team uses the information to dynamically allocate space, increase utilization, reduce costs, improve competitiveness, and enhance collaboration and productivity.

Sensors generate data that is stored and analyzed to decrease energy use.

Monitoring occupancy and reducing costs

ICONICS smart building software has run on Microsoft Azure since 2015. The software is an integration hub for building management systems that control heating, ventilation, and lighting and collect and centralize each system’s sensor data. ICONICS relies on Azure Digital Twins to boost solution scalability and rapidly deliver innovative capabilities to customers, such as viewing space occupancy and spatial analytics.

Microsoft uses the ICONICS smart building software to collect sensor data in office buildings in the Puget Sound area of Washington State. The ICONICS solution aggregates the data over multiple buildings to give facility managers visibility into building health and applies big data analytics to provide insights that drive decisions in order to deliver energy savings. In fact, the Microsoft Energy Smart Buildings program, leveraging ICONICS software, has saved Microsoft 20 percent off its energy bills.

Next steps

Smart buildings provide insights that enable real estate developers, commercial building owners, facilities managers, and tenants to save energy, reduce operational expenses, increase occupant comfort, and meet regulatory and sustainability goals.

To learn more about best practices for planning smart building projects, download the white paper, Smart buildings: From design to reality, co-written by Microsoft and L&T Technology Services.

Also visit, Azure IoT to find the right IoT approach for your solutions.

 

1Impact of COVID-19 on the Global IoT in Smart Commercial Buildings Market to 2025 – ResearchAndMarkets.com.

2 Smart Buildings: Using Smart Technology to Save Energy in Existing Buildings.
Quelle: Azure

Azure AI: Build mission-critical AI apps with new Cognitive Services capabilities

As the world adjusts to new ways of working and staying connected, we remain committed to providing Azure AI solutions to help organizations invent with purpose.

Building on our vision to empower all developers to use AI to achieve more, today we’re excited to announce expanded capabilities within Azure Cognitive Services, including:.

Text Analytics for health preview.
Form Recognizer general availability.
Custom Commands general availability.
New Neural Text to Speech voices.

Companies in healthcare, insurance, sustainable farming, and other fields continue to choose Azure AI to build and deploy AI applications to transform their businesses. According to IDC1, by 2022, 75 percent of enterprises will deploy AI-based solutions to improve operational efficiencies and deliver enhanced customer experiences.

To meet this growing demand, today’s product updates expand on existing language, vision, and speech capabilities in Azure Cognitive Services to help developers build mission-critical AI apps that enable richer insights, save time and reduce costs, and improve customer engagement.

Get rich insights with powerful natural language processing

One of the ways organizations are adapting is scaling the ability to rapidly process data and generate new insights from data. COVID-19 has accelerated the urgency, particularly for the healthcare industry. With the overwhelming amount of healthcare data generated every year2, it is increasingly critical for providers to quickly unlock access to this information to find new solutions that improve patient outcomes.

We are excited to introduce Text Analytics for health, a new feature of Text Analytics that enables health care providers, researchers, and companies to extract rich insights and relationships from unstructured medical data. Trained on a diverse range of medical data—covering various formats of clinical notes, clinical trials protocols, and more—the health feature is capable of processing a broad range of data types and tasks, without the need for time-intensive, manual development of custom models to extract insights from the data.

In response to the COVID-19 pandemic, Microsoft partnered with the Allen Institute of AI and leading research groups to prepare the COVID-19 Open Research Dataset. Based on the resource of over 47,000 scholarly articles, we developed a COVID-19 search engine using Text Analytics for health and Cognitive Search, enabling researchers to generate new insights in support of the fight against the disease.

Additionally, we continue to make advancements in natural language processing (NLP) so developers can more quickly build apps that generate insights about sentiment in text. The opinion mining feature in Text Analytics assigns sentiment to specific features or topics so that users can better understand customer feedback from social media data, review sites, and more.

Save time and reduce costs by turning forms into usable data

A lot of the unstructured data is contained in forms that have tables, objects, and other elements. These types of documents typically take manual labeling by document type or intensive coding to extract insights.

We’re making Form Recognizer generally available to help developers extract information from millions of documents efficiently and accurately—no data science expertise needed.

Customers like Sogeti, part of the Capgemini Group, are using Form Recognizer to help their clients more quickly process large volumes of digital documents.

“Sogeti constantly looks for new ways to help clients in their digital transformation journey by providing cutting-edge solutions in AI and machine learning. Our Cognitive Document Processing (CDP) offer enables clients to process and classify unstructured documents and extract data with high accuracy resulting in reduced operating costs and processing time. CDP leverages the powerful cognitive and tagging capabilities of the Form Recognizer to extract effortlessly, keyless paired data and other relevant information from scanned/digital unstructured documents, further reducing the overall process time.” – Mark Oost – Chief Technology Officer at Sogeti, Artificial Intelligence and Machine Learning

Wilson Allen, a leading provider of consulting and analytics solutions, is using Form Recognizer to help law and other professional services firms process and evaluate documents (PDFs and images, including financial forms, loan applications, and more), and train custom models to accurately extract values from complex forms.

“The addition of Form Recognizer to our toolkit is helping us turn large amounts of unstructured data into valuable information, saving more than 400 hours of manual data entry and freeing up time for employees to work on more strategic tasks.” – Norm Mullock – VP of Strategy at Wilson Allen

Improve customer engagement with voice-enabled apps

People and organizations continue to look for ways to enrich customer experiences while balancing the transition to digital-led, touch-free operations2. Advancements in voice technology are empowering developers to create more seamless, natural, voice-enabled experiences for customers to interact with brands.

One of those advancements, Custom Commands, a capability of Speech in Cognitive Services, is now generally available. Custom Commands allows developers to create task-oriented voice applications more easily for command-and-control scenarios that have a well-defined set of variables, like voice-controlled smart home thermostats. It brings together Speech to Text for speech recognition, Language Understanding for capturing spoken entities, and voice response with Text to Speech, to accelerate the addition of voice capabilities to your apps with a low-code authoring experience.

In addition, Neural Text to Speech is expanding language support with 15 new natural-sounding voices based on state-of-the-art neural speech synthesis models: Salma in Arabic (Egypt), Zariyah in Arabic (Saudi Arabia), Alba in Catalan (Spain), Christel in Danish (Denmark), Neerja in English (India), Noora in Finnish (Finland), Swara in Hindi (India), Colette in Dutch (Netherland), Zofia in Polish (Poland), Fernanda in Portuguese (Portugal), Dariya in Russian (Russia), Hillevi in Swedish (Sweden), Achara in Thai (Thailand), HiuGaai in Chinese (Cantonese, Traditional) and HsiaoYu in Chinese (Taiwanese Mandarin).

Customers are already adding speech capabilities to their apps to improve customer engagement. With Cognitive Services and Bot Service, the BBC created an AI-enabled voice assistant, Beeb, that delivers a more engaging, tailored experience for its diverse audiences.

We are excited to introduce these new product innovations that empower all developers to build mission-critical AI apps. To learn more, check out our resources below.

Get started today

Learn more with the resources below and get started with Azure Cognitive Services and an Azure free account.

Text Analytics for health: Read the technical blog for more information. See it in action with the COVID-19 search engine demo. Enter medical terms such as “ibuprofen” in the search bar and try exploring graph relationships.
Form Recognizer: Read the technical blog for more information. See it in action with the Form Recognizer demo, showcasing the ability to extract information from different types of forms. Access the code samples.
Custom Commands: Read the technical blog for more information. See it in action with the inventory, hospitality, and automotive demos. Start by selecting your scenario and saying a command out loud per the prompt. Access the code samples.
Neural Text to Speech: Read the technical blog for more information. See it in action with the demo. Use the pre-populated text or add your own, and try finetuning audio output. Access the code samples.

1 Worldwide Artificial Intelligence Predictions (IDC FutureScape 2020).

2 Adapting customer experience in the time of coronavirus (McKinsey 2020).

Quelle: Azure

Plan your migration to Azure VMware solution using Azure Migrate

Azure Migrate now supports assessments for Azure VMware Solution (AVS), providing even more options for you to plan your migration to Azure. AVS enables you to run VMware natively on Azure. AVS provides a dedicated Software Defined Data Center (SDDC) for your VMware environment on Azure, ensuring you can leverage familiar VMware tools and investments, while modernizing applications overtime with integration to Azure native services. Delivered and operated as a service, your private cloud environment provides all compute, networking, storage, and software required to extend and migrate your on-premises VMware environments to Azure.

As organizations now more than ever look for cost efficiencies, business stability, and consistency, choosing the most efficient migration path is imperative. This means considering a number of different workload scenarios and destinations, such as migrating your servers to Azure Virtual Machines or running your existing VMware workloads natively on Azure with AVS.

Previously, Azure Migrate tooling provided support for migrating Windows and Linux servers to Azure Virtual Machines, as well as support for database, web application, and virtual desktop scenarios. Now, you can use the migration hub to assess machines for migrating to AVS as well.

With the Azure Migrate: Server Assessment tool, you can analyze readiness, Azure suitability, cost planning, performance-based rightsizing, and application dependencies for migrating to AVS. The AVS assessment feature is currently available in preview.

This expanded support allows you to get an even more comprehensive assessment of your datacenter. Compare cloud costs between Azure native virtual machines (VMs) and AVS to make the best migration decisions for your business. Azure Migrate acts as an intelligent hub, gathering insights throughout the assessment to make suggestions, including tooling recommendations for migrating VM or VMware workloads.

How to perform an AVS assessment

You can use all the existing assessment features that Azure Migrate offers for Azure Virtual Machines to perform an AVS assessment. Plan your migration to AVS with up to 35,000 VMware servers in one Azure Migrate project.

Discovery: Use the Azure Migrate: Server Assessment tool to perform a datacenter discovery, either by downloading the Azure Migrate appliance or by importing inventory data through a CSV upload. Read Assess your servers with a CSV import into Azure Migrate to learn more about the import feature.
Group servers: Create groups of servers from the list of machines discovered. Here, you can select whether you’re creating a group for an Azure Virtual Machine assessment or AVS assessment. Application dependency analysis features allow you to refine groups based on connections between applications.
Assessment properties: You can customize the AVS assessments by changing the properties and recomputing the assessment. Select a target location, node type, and Redundant Array of Independent Disks (RAID) level—there are currently three locations available—including East US, West Europe, and West US, and more will continue to be added as additional nodes are released.
Suitability analysis: The assessment gives you a few options for sizing nodes in Azure, between performance-based or as on-premises. It checks AVS support for each of the discovered servers and determines if the server can be migrated “as is” to AVS. If there are any issues found, the assessment automatically provides remediation guidance.
Assessment and cost planning report: Run the assessment to get a look into how many machines are in use and what estimated monthly and per-machine costs will be in AVS. The assessment also recommends a tool for migrating the machines to AVS. With this, you have all the information you need to plan and execute your AVS migration as efficiently as possible.
 

AVS Assessment and cost planning report.

 
AVS Readiness report with suggested migration tool.

Learn more

For detailed instructions on how to perform an AVS assessment, go to the documentation page.
Read more about Azure VMware Solution on the website or documentation page.
Learn more about Azure Migrate on the Azure Migrate website.
Watch the latest Azure Migrate video for a demo of performing a server migration.
Check out the new Azure Migrate e-book.

Quelle: Azure

Azure Firewall Manager is now generally available

Azure Firewall Manager is now generally available and includes Azure Firewall Policy, Azure Firewall in a Virtual WAN Hub (Secure Virtual Hub), and Hub Virtual Network. In addition, we are introducing several new capabilities to Firewall Manager and Firewall Policy to align with the standalone Azure Firewall configuration capabilities.

Key features in this release include:Threat intelligence-based filtering allow list in Firewall Policy is now generally available.Multiple public IP addresses support for Azure Firewall in Secure Virtual Hub is now generally available.Forced tunneling support for Hub Virtual Network is now generally available.Configuring secure virtual hubs with Azure Firewall for east-west traffic (private) and a third-party security as a service (SECaaS) partner of your choice for north-south traffic (internet bound). Integration of third-party SECaaS partners are now generally available in all Azure public cloud regions.Zscaler integration will be generally available on July 3, 2020. Check Point is a supported SECaaS partner and will be in preview on July 3, 2020. iboss integration will be generally available on July 31, 2020.Support for domain name system (DNS) proxy, custom DNS, and fully-qualified domain name (FQDN) filtering in network rules using Firewall Policy are now in preview.

Firewall Policy is now generally available

Firewall Policy is an Azure resource that contains network address translation (NAT), network, and application rule collections, as well as threat intelligence and DNS settings. It’s a global resource that can be used across multiple Azure Firewall instances in Secured Virtual Hubs and Hub Virtual Networks. Firewall policies work across regions and subscriptions.

You do not need Firewall Manager to create a firewall policy. There are many ways to create and manage a firewall policy, including using REST API, PowerShell, or command-line interface (CLI).

After you create a firewall policy, you can associate the policy to one or more firewalls using Firewall Manager or using REST API, PowerShell, or CLI.  Refer to the policy-overview document for a more detailed comparison of rules and policy.

Migrating standalone firewall rules to Firewall Policy

You can also create a firewall policy by migrating rules from an existing Azure Firewall. You can use a script to migrate firewall rules to Firewall Policy, or you can use Firewall Manager in the Azure portal.

Importing rules from an existing Azure Firewall.

Firewall Policy pricing

If you just create a Firewall Policy resource, it does not incur any charges. Additionally, a firewall policy is not billed if it is associated with just a single Azure firewall. There are no restrictions on the number of policies you can create.

Firewall Policy pricing is fixed per Firewall Policy per region. Within a region, the price for Firewall Policy managing five firewalls or 50 firewalls is the same. The following example uses four firewall policies to manage 10 distinct Azure firewalls:

Policy 1: cac2020region1policy—Associated with six firewalls across four regions. Billing is done per region, not per firewall.
Policy 2: cac2020region2policy—Associated with three firewalls across three regions and is billed for three regions regardless of the number of firewalls per region.
Policy 3: cac2020region3policy—Not billed because the policy is not associated with more than one firewall.
Policy 4: cacbasepolicy—A central policy that is inherited by all three policies. This policy is billed for five regions. Once again, the pricing is lower compared to per-firewall billing approach.

Firewall Policy billing example.

Configure a threat intelligence allow list, DNS proxy, and custom DNS

With this update, Firewall Policy supports additional configurations including custom DNS and DNS proxy settings (preview) and a threat intelligence allow list. SNAT Private IP address range configuration is not yet supported but is in our roadmap.

While Firewall Policy can typically be shared across multiple firewalls, NAT rules are firewall specific and cannot be shared. You can still create a parent policy without NAT rules to be shared across multiple firewalls and a local derived policy on specific firewalls to add the required NAT rules. Learn more about Firewall Policy.

Firewall Policy now supports IP Groups

IP Groups is a new top-level Azure resource in that allows you to group and manage IP addresses in Azure Firewall rules. Support for IP Groups is covered in more detail in our recent Azure Firewall blog.

Configure secured virtual hubs with Azure Firewall and a third-party SECaaS partner

You can now configure virtual hubs with Azure Firewall for private traffic (virtual network to virtual network/branch to virtual network) filtering and a security partner of your choice for internet (virtual network to internet/branch to internet) traffic filtering.

A security partner provider in Firewall Manager allows you to use your familiar, best-in-breed, third-party SECaaS offering to protect internet access for your users. With a quick configuration, you can secure a hub with a supported security partner, and route and filter internet traffic from your virtual networks (VNets) or branch locations within a region. This is done using automated route management, without setting up and managing User Defined Routes (UDRs).

You can create a secure virtual hub using Firewall Manager’s Create new secured virtual hub workflow. The following screenshot shows a new secure virtual hub configured with two security providers.

Creating a new secure virtual hub configured two security providers.

Securing connectivity

After you create a secure hub, you need to update the hub security configuration and explicitly configure how you want internet and private traffic in the hub to be routed. For private traffic, you don’t need to specify prefixes if it’s in the RFC1918 range. If your organization uses public IP addresses in virtual networks and branches, you need to add those IP prefixes explicitly.

To simplify this experience, you can now specify aggregate prefixes instead of specifying individual subnets. Additionally, for internet security via a third-party security provider, you need to complete your configuration using the partner portal. Please see the security partner provider page for more details.

Selecting a third-party SECaaS for internet traffic filtering.

Secured virtual hub pricing

A secured virtual hub is an Azure Virtual WAN Hub with associated security and routing policies configured by Firewall Manager. Pricing for secured virtual hubs depends on the security providers configured.

See the Firewall Manager pricing page for additional details.

Next steps

For more information on these announcements, see the following resources:

Firewall Manager documentation.
Azure Firewall Manager now supports virtual networks blog.
New Azure Firewall features in Q2 CY2020 blog.

Quelle: Azure

Build, distribute, and deploy application updates to Azure virtual machine scale sets

As the needs of your business grow, and you deploy business-critical applications at cloud scale, the complexity and administrative overhead of managing those applications can increase substantially. To help reduce this management overhead, Azure continues to invest in new capabilities that make it easier to build and distribute application updates across distributed cloud environments.

We recently announced the general availability of automatic image-based upgrades for custom images, providing you the ability to automatically deploy new versions of virtual machine (VM) images to your virtual machine scale sets. Automatic image upgrade natively integrates with Shared Image Gallery, combining the scalable distribution of VM images with the ease and safety of orchestrated infrastructure updates, to offer an end-to-end solution from image publishing to workload deployment.

This blog describes how you can use integrated Azure services to build custom images with your application updates, distribute those images across your organization and automatically deploy the new images to your virtual machine scale sets.

Build images with application updates

Deploying application and security updates across an organization can often be a complex process, involving multiple stages of deployments across disjointed systems. Standardized VM images allow organizations to ensure consistency across deployments, and these images typically include predefined security and configuration settings, and software workloads.

You can build standardized images through your own imaging pipeline or use the Azure VM Image Builder service. Using Azure VM Image Builder (currently in preview), you can quickly start building standardized images without needing to set up your own imaging pipeline. Just provide a simple configuration describing your image, submit it to the Image Builder service, and the image is built and distributed.

The Azure VM Image Builder lets you start with a Windows or Linux-based Azure Marketplace image, as well as existing custom images, and add your own customizations.

Distribute your images

Shared Image Gallery enables image distribution across multiple subscriptions and regions through a centralized image management platform. Shared Image Gallery helps you organize images in logical groups by specifying different image definitions and image versions, allowing you to iterate new image builds for different applications.

As you build new image versions with Image Builder, you can also distribute these images globally by replicating the images across multiple Azure regions based on your organization’s needs. You only need to specify the target regions and Shared Image Gallery will replicate your image versions to the regions you selected.

Shared Image Gallery also allows you to share your images across subscriptions and Azure Active Directory (Azure AD) tenants, so you can centralize image management across your entire organization.

Deploy your images

The final step in the process is the deployment of your newly created images to your virtual machine scale sets. With automatic OS image upgrade enabled for your scale sets, you do not need to take any additional action to deploy your images. Automatic OS image upgrade monitors your image gallery and automatically begins scale set upgrades when a new image version is deployed, facilitating faster image deployment without manual overhead.

An upgrade works by replacing the OS disk of a VM with a new disk created using the latest image version. Any configured extensions and custom scripts are run on the OS disk, while data disks are retained. To minimize the application downtime, upgrades take place in batches, with no more than 20 percent of the scale set upgrading at any time. The update orchestrator monitors the health of the VMs being upgraded as well as the health of the scale set during the upgrade process. If more than 20 percent of the scale set virtual machines become unhealthy, then the scale set upgrade stops at the end of the current batch. The upgrade process also supports automatic rollback for upgrade failures. This ensures that rollouts are gradual and orchestrated in a safe manner, preventing any scale set-wide disruption caused by a customization in the image.

An upgrade on a scale set only starts when the new image version is replicated to the region of the scale set. You can stagger global deployments by staging imaging replication to different regions at different times, further increasing global application uptime.

Get started

You can start from your image definition under Shared Image Gallery through the Azure portal and use the + Create VMSS option to create a new scale set from your image.

In the create experience for virtual machine scale set, under the Management tab, simply select the On option for Automatic OS upgrades.

You can also further customize the process and integrate your existing image building pipeline with Shared Image Gallery to benefit from automatic OS image upgrade.

Read the Azure documentation to learn more about the powerful capabilities described above.

Automatic OS image upgrade
Shared Image Gallery
Azure VM Image Builder

Quelle: Azure

New Azure Firewall features in Q2 CY2020

We are pleased to announce several new Azure Firewall features that allow your organization to improve security, have more customization, and manage rules more easily. These new capabilities were added based on your top feedback:

Custom DNS support now in preview.
DNS Proxy support now in preview.
FQDN filtering in network rules now in preview.
IP Groups now generally available.
AKS FQDN tag now generally available.
Azure Firewall is now HIPAA compliant. 

In addition, in early June 2020, we announced Azure Firewall forced tunneling and SQL FQDN filtering are now generally available.

Azure Firewall is a cloud-native firewall as a service (FWaaS) offering that allows you to centrally govern and log all your traffic flows using a DevOps approach. The service supports both application and network-level filtering rules and is integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto scaling.

Custom DNS support now in preview

Since its launch in September 2018, Azure Firewall has been hardcoded to use Azure DNS to ensure the service can reliably resolve its outbound dependencies. Custom DNS provides separation between customer and service name resolution. This allows you to configure Azure Firewall to use your own DNS server and ensures the firewall outbound dependencies are still resolved with Azure DNS. You may configure a single DNS server or multiple servers in Azure Firewall and Firewall Policy DNS settings.

Azure Firewall is also capable of name resolution using Azure Private DNS, as long as your private DNS zone is linked to the firewall virtual network.

DNS Proxy now in preview

With DNS proxy enabled, outbound DNS queries are processed by Azure Firewall, which initiates a new DNS resolution query to your custom DNS server or Azure DNS. This is crucial to have reliable FQDN filtering in network rules. You may configure DNS proxy in Azure Firewall and Firewall Policy DNS settings. 

DNS proxy configuration requires three steps:

Enable DNS proxy in Azure Firewall DNS settings.
Optionally configure your custom DNS server or use the provided default.
Finally, you must configure the Azure Firewall’s private IP address as a Custom DNS server in your virtual network DNS server settings. This ensures DNS traffic is directed to Azure Firewall.

 
Figure 1. Custom DNS and DNS Proxy settings on Azure Firewall.

FQDN filtering in network rules now in preview

You can now use fully qualified domain names (FQDN) in network rules based on DNS resolution in Azure Firewall and Firewall Policy. The specified FQDNs in your rule collections are translated to IP addresses based on your firewall DNS settings. This capability allows you to filter outbound traffic using FQDNs with any TCP/UDP protocol (including NTP, SSH, RDP, and more). As this capability is based on DNS resolution, it is highly recommended you enable the DNS proxy to ensure your protected virtual machines and firewall name resolution are consistent.

FQDN filtering in application rules for HTTP/S and MSSQL is based on application level transparent proxy. As such, it can discern between two FQDNs that are resolved to the same IP address. This is not the case with FQDN filtering in network rules, so it is always recommended you use application rules when possible.

 
Figure 2. FQDN filtering in network rules.

IP Groups now generally available

IP Groups is a new top-level Azure resource that allows you to group and manage IP addresses in Azure Firewall rules. You can give your IP group a name and create one by entering IP addresses or uploading a file. IP Groups eases your management experience and reduce time spent managing IP addresses by using them in a single firewall or across multiple firewalls. IP Groups is now generally available and supported within a standalone Azure Firewall configuration or as part of Azure Firewall Policy. For more information, see the IP Groups in Azure Firewall documentation.

Figure 3. Creating a new IP Group.

AKS FQDN tag now in generally available

An Azure Kubernetes Service (AKS) FQDN tag can now be used in Azure Firewall application rules to simplify your firewall configuration for AKS protection. Azure Kubernetes Service (AKS) offers managed Kubernetes cluster on Azure that reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure.

For management and operational purposes, nodes in an AKS cluster need to access certain ports and FQDNs. For more guidance on how to add protection for Azure Kubernetes cluster using Azure Firewall, see Use Azure Firewall to protect Azure Kubernetes Service (AKS) Deployments. 

  Figure 4. Configuring application rule with AKS FQDN tag.

Next steps

For more information on everything we covered here, see these additional resources:

Azure Firewall documentation.
Azure Firewall Forced Tunneling and SQL FQDN filtering now generally available.
Azure Firewall IP Groups.
Azure Firewall Custom DNS, DNS Proxy (preview).
Azure Firewall FQDN filtering in network rules (preview).
Use Azure Firewall to protect Azure Kubernetes Service (AKS) Deployments. 

Quelle: Azure

Azure Cost Management + Billing updates – June 2020

Whether you're a new student, thriving startup, or the largest enterprise, you have financial constraints and you need to know what you're spending, where, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Azure Cost Management + Billing comes in.

We're always looking for ways to learn more about your challenges and how Azure Cost Management + Billing can help you better understand where you're accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

More flexibility for budget notifications.
Subscribe to active cost recommendations with Advisor digests.
Automate subscription creation in Azure Government.
Subscription ownership transfer improvements.
New ways to save money with Azure.
New videos and learning opportunities.
Documentation updates.

Let's dig into the details.

 

More flexibility for budget notifications

You already know Azure Cost Management budgets keep you informed as your costs increase over time. We're introducing two changes to make it easier than ever to tune your budgets to suit your specific needs.

You can now specify a custom start month for your budget, allowing you to create a budget that starts in the future. This will allow you to plan ahead and pre-configure budgets to account for seasonal changes in usage patterns or simply preparing for the upcoming fiscal year, just to name a couple examples.

You can also add alert thresholds above 100 percent for even greater awareness about how far over budget you are. Not only can you send a separate email to a broader audience when you've hit, let's say 110 percent of your budget, you can also trigger more critical actions to be performed if costs continue to rise above 100 percent. This can be especially useful for organizations tracking internal margins.

We hope these changes help you plan ahead and take action on overages better. How will you use start dates and alert thresholds to better monitor and optimize costs?

 

Subscribe to active cost recommendations with Advisor digests

Running a truly optimized environment requires diligence. As your environment grows and usage patterns change, it's critical to stay on top of new opportunities to optimize costs. This is where Azure Advisor recommendation digests come in.

Recommendation digests provide an easy and proactive way to stay on top of your active recommendations. You can receive periodic notifications via email, SMS, or other channel by using action groups. Each digest notification includes a summary of your active recommendations and complements Advisor alerts to give you a more complete picture of your cost optimization opportunities.

Advisor alerts notify you about new recommendations as they become available, while recommendation digests summarize all available recommendations that you haven’t yet acted on. Together, Advisor recommendation digests and alerts help you stay current with Azure best practices.

Learn more about Advisor recommendation digests.

 

Automate subscription creation in Azure Government

Managing subscriptions efficiently at scale requires automation. Now, organizations with Azure Government accounts can automate the creation of subscriptions with the Microsoft.Subscription/createSubscription API. This expands on previous subscription management capabilities and brings API parity between Azure Global and Azure Government. What would you like to see next?

 

Subscription ownership transfer improvements

Whether you're restructuring your environment or simply expanding your scope, you may run into situations where you need to transfer ownership of your Azure subscriptions to another person or organization. And now, you can do that directly from within the Azure portal for even more subscription types. In addition to existing support for Pay-As-You-Go (PAYG) subscriptions, you can now transfer any of the following subscription types to a new owner from the Azure portal:

Microsoft Customer Agreement.
Visual Studio Enterprise.
Microsoft Partner Network (MPN).
Microsoft Azure Sponsorship.

The portal will also clarify and explain why certain subscriptions cannot be transferred and surface any potential issues and reservation warnings, helping you transfer with ease, avoiding any unintended consequences.

Learn more about subscription ownership transfers and let us know how we can improve your ownership transfer experience.

 

New ways to save money with Azure

We're always looking for ways to help you optimize costs. Here's what's new this month:

Save up to 70 percent on spiky and unpredictable workloads with Cosmos DB autoscale.
Save up to 61 percent on Azure Spring Cloud with the new Basic tier.
Azure Dedicated Hosts supports additional virtual machine sizes offering more opportunities to save.
Azure SQL database serverless auto-scaling limits increased from 16 to 40 vCores.
Azure DevTest Labs environments are now available in Azure Government.
Azure DevTest Labs is now available in Switzerland regions.

 

New videos and learning opportunities

For those visual learners out there, here's one new video you might be interested in:

Evaluate and optimize your costs using the Microsoft Azure Well-Architected Framework (29 minutes).

Follow the Azure Cost Management + Billing YouTube channel to stay in the loop with new videos as they're released and let us know what you'd like to see next.

Want a more guided experience? Start with Control Azure spending and manage bills with Azure Cost Management + Billing.

 

Documentation updates

Here are a couple documentation updates you might be interested in:

Moved group and filter options into its own document (with a video).
Updated the analyze and manage costs section of the Cost Management best practices.
Added note about using the Monitoring Reader role to analyze resource usage for RBAC scopes.
Clarified what subscriptions are supported by Cost Management within management groups.
Documented Invoices API support for Enterprise Agreement billing accounts.
Documented more Azure Advisor cost optimization recommendations.

Want to keep an eye on all of the documentation updates? Check out the Cost Management + Billing doc change history in the azure-docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request.

 

What's next?

These are just a few of the big updates from last month. Don't forget to check out the previous Azure Cost Management + Billing updates. We're always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow @AzureCostMgmt on Twitter and subscribe to the YouTube channel for updates, tips, and tricks. And, as always, share your ideas and vote up others in the Cost Management feedback forum.

We know these are trying times for everyone. Best wishes from the Azure Cost Management team. Stay safe and stay healthy!
Quelle: Azure

Azure Digital Twins: Powering the next generation of IoT connected solutions

Last month at Microsoft Build 2020, we announced the new features for Azure Digital Twins, the IoT platform that enables the creation of next-generation IoT connected solutions that model the real world. Today, we are announcing that these updated capabilities are now available in preview. Using the power of IoT, businesses have gained unprecedented insights into their assets. But as connected solutions continue to evolve, companies are looking for ways to create richer models of entire business environments, which is quite challenging even for sophisticated businesses.

Our goal with Azure Digital Twins is to make the creation of sophisticated digital twin solutions easy. With today’s announcement, you can apply your domain expertise on top of Azure Digital Twins to design and build comprehensive digital models of entire environments.

Using Azure Digital Twins, you can gain insights that drive better products, optimization of operations, cost reduction, and breakthrough customer experiences. And you can now do so across environments of all types, including buildings, factories, farms, energy networks, railways, stadiums—even entire cities.

What’s new?

We received a lot of valuable feedback from the Azure Digital Twins preview and we are excited to share the expanded capabilities of Azure Digital Twins that will simplify and accelerate your creation of IoT connected solutions.

Open modeling language

The new preview of Azure Digital Twins lets you create custom models of any connected environment. The new preview of Azure Digital Twins lets you create custom models of any connected environment. Using the rich and flexible Digital Twins Definition Language (DTDL), based on the JSON-LD standard, you can configure your Azure Digital Twins service to tailor to the specific needs of your use case.

Real-world environments are created from connected twins. Each twin is modeled using properties, telemetry events, components, and relationships that define how twins can be connected into rich knowledge graphs. DTDL is also used for models throughout other Azure IoT services, including IoT Plug and Play and Azure Time Series Insights.

DTDL is the glue that helps you keep your Azure Digital Twins solution connected and compatible with other parts of the Azure ecosystem.

As part of our commitment to openness and interoperability, we will continue to promote best practices and shared digital twin models for a wide range of businesses and industry domains through the Digital Twins Consortium and other channels to accelerate your time building valuable IoT connected solutions that span many industry verticals and use cases.

Live execution environment

Azure Digital Twins lets you bring your digital twins to life using data from IoT and other data sources, creating an always-up-to-date digital representation of your environment that is scalable and secure.

Using a robust event system, you can build dynamic business logic and data processing as data flows through the execution environment, and now, you can harness the power of external compute resources, such as Azure Functions. This makes it easy to use pre-existing code with Azure Digital Twins, which provides freedom of choice in terms of programming languages and compute models.

To extract insights from the live execution environment, Azure Digital Twins provides a powerful query system that allows you to search for twins based on a wide range of conditions and relationships.

Input from IoT and business systems

You can easily connect assets such as IoT and IoT Edge devices, as well as existing business systems such as ERP and CRM, to Azure Digital Twins to drive the live execution environment.

You can now use a new or existing Azure IoT Hub to connect, monitor, and manage all of your assets at scale, taking advantage of the full device management capabilities that IoT Hub provides. The ability to use any existing Hub makes it easier to add Azure Digital Twins to existing IoT solutions incrementally.

Using the Azure Digital Twins REST APIs, you can also use data sources other than IoT, unlocking even more actionable insights with Azure Digital Twins.

Output to Azure Time Series Insight, storage, and analytics

You can integrate Azure Digital Twins with other Azure services to build complete end-to-end solutions. You can define event routes that send selected data to downstream services through endpoints that support Event Hubs, Event Grid, or Service Bus Event routes to send data to Azure Data Lake for long term storage; to data analytics services such as Azure Synapse Analytics to apply machine learning; to Logic Apps for workflow integration; or to Power BI to extract insights. Another important use case is time series data integration and historian analytics with Azure Time Series Insight.

Combined, these capabilities greatly simplify today’s difficult tasks of modeling and creating a digital representation of an environment, helping you focus on what differentiates your business rather than building and operating complex, distributed systems architecture securely and at scale.

Innovating with customers and partners

Azure Digital Twins is already being used by a broad set of customers and partners. Below are a few examples showcasing the applicability of Azure Digital Twins across a wide range of industries:

Ansys Twin Builder: physics-based digital twins

Physics-based simulation has long been an essential part of the product design process, helping engineers to optimize and validate design choices. With the broad deployment of IoT sensors in products and their environment, it is now possible to apply the same simulation technology after a product has been built, shipped and deployed in the field.  Simulation technology can be used to optimize performance and energy usage or predict failures in a highly accurate and immediate way, without the complexities associated with alternative techniques.

“Ansys Twin Builder lets engineers quickly deliver real-time simulation models for operational use. With Microsoft’s Azure Digital Twins platform, it is now possible to efficiently integrate the simulation-based twins into a broader IoT solution.” —Sameer Kher, Senior Director,Twin Builder Product Line for Ansys 

Bentley iTwin: infrastructure digital twins

In the world of infrastructure development, complex CAD data is the backbone of planning, execution and operation of major infrastructures, such as road and rail networks, public works and utilities, industrial plants, and commercial and institutional facilities. Bentley’s iTwin platform captures geometry and metadata of the project and its environment as the source of truth that drives daily decisions throughout the entire lifecycle of the project. As a developer, you can think of it as GitHub for CAD.

“Using Azure Digital Twins, we can bring this backbone to life using raw and processed information from IoT sensors distributed throughout the infrastructure. By bringing a wide range of information sources together into a comprehensive Digital Twin, including CAD data, real-world scans and photometry, IoT sensor data, weather feeds and many more, we can revolutionize the way infrastructure projects are planned, built and operated.” —Pavan Emani, Vice President, iTwin software development for Bentley 

To learn more about the customers and partners using Azure Digital Twins in exciting ways, we encourage you to visit the customer stories covering a spectrum of industry use cases.
  

Get started

We look forward to continuing to deliver on our commitment of simplifying and accelerating your time to value building next-generation IoT connected solutions. We are excited about the role Azure Digital Twins will play helping you gain valuable insights across your environments.

Watch this video to learn more:

 

Get started with Azure Digital Twins today.

Visit the Azure Digital Twins product page.

See the Azure Digital Twins documentation and quick start guides.

Watch the Deep Dive: Azure Digital Twins webinar for technical walkthrough. Join event at 9 AM PT June 29, 2020 for Live Q & A.

Watch the Deep Dive: Bentley and Azure Digital Twins webinar for architectural overview. Join event at 9 AM PT August 3, 2020 for Live Q & A.

Watch how Bentley uses Azure Digital Twins to build Bentley iTwin solution.

Watch the Azure Digital Twins Microsoft Build event session.

Read our customer stories from Ansys and Bentley.

Read Announcing Azure Digital Twins: Create digital replicas of spaces and infrastructure using cloud, AI and IoT to get familiar with the previous release.

Quelle: Azure