Microsoft Azure portal May 2019 update
This month is packed with updates on the Azure portal, including enhancements to the user experience, resource configuration, management tools and more.
Here’s the list of May updates to the Azure portal:
- Improved VMSS Diagnostics and troubleshooting with Boot Diagnostics, Serial Console access, and Resource Health
- Updated VM computer name and Hostname display
- New full-screen create experience for Azure Container Instances
- New integrations for Azure Kubernetes Service
- Multiple node pools for Azure Kubernetes Service (preview)
Create your first cloud project with confidence
- Changing a VM group membership on adaptive application controls
- Advanced Threat Protection for Azure Storage now generally available
- Virtual machine scale set support now generally available
- Adaptive network hardening now in public preview
- Regulatory Compliance Dashboard in now generally available
- Add a disk to an already replicated Azure VM
- Enhancements to Process Server monitoring
- Dynamic Non-Azure groups for Azure Update Management public preview
Let’s look at each of these updates in greater detail.
Several new improvements this month help enrich your experience in the Azure portal:
- Improvements to Global Search
- Faster and more intuitive resource browsing
- Powerful resource querying capabilities
For a detailed view of all these improvements, please visit this blog, “Key improvements to the Azure portal user experience.”
We have heard your feedback that despite being a single page application, the portal should behave like a normal web site in as many cases as possible. With this month's release you can open many more of the portal's links in a new tab using standard browser mechanisms such as right click or CtrlShift + Left click. The improvement is most visible in the pages that list resources. You'll find that the links in the NAME, RESOURCE GROUP, and SUBSCRIPTION columns all support this behavior. A normal click will still result in an in place navigation.
Improved VMSS diagnostics and troubleshooting with boot diagnostics, serial console access, and resource health
Azure Virtual Machine Scale Sets (VMSS) let you create and manage a group load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update a large number of VMs.
You can now manage and access additional diagnostic tools for your VMSS instances via the portal:
- Boot diagnostics: access console output and screenshot support for Azure Virtual Machines.
- Serial console: this serial connection connects to the COM1 serial port of the virtual machine, providing access independent of the virtual machine's network or operating system state.
- Resource health: resource health informs you about the current and past health of your resources, including times your resources were unavailable in the past because of Azure service problems.
To try out these tools, take the following steps:
- Navigate to an existing Virtual Machine Scale Set instance.
- In the left navigation menu, you'll find the Boot Diagnostics tab in the Support + troubleshooting section. Ensure that Boot diagnostics is enabled for the scale set (you'll need to create or select a storage account to hold the diagnostic logs).
- If your scale set is set to automatic or rolling upgrade mode, each instance will be updated to receive the latest scale set model. If your scale set is set to manual upgrade mode, you will have to manually update instances from the VMSS > Instances blade.
Once each instance has received the latest model, boot diagnostics and serial console will be available for you.
The Azure naming convention documentation reminds you that Azure virtual machines have two names:
- Virtual machine resource name: this is the Azure identifier for the virtual machine resource. It is the name you use to reference the virtual machine in any Azure automation. It cannot be changed.
- Computer hostname: the runtime computer name of the in-guest operating system. The computer name can be changed at will.
If you create a VM using the Azure portal, for simplicity we use the same name for both the virtual machine resource name, and the computer hostname. You could always log into the VM and change the hostname; however, the portal only showed the virtual machine resource name. With this change, the portal now exposes both the virtual machine name, and the computer hostname in the VM overview blade. We also added more detailed operation system version info. These properties are visible for running virtual machines that have a healthy running VMAgent installed.
The resource name and guest computer hostname
The Azure Container Instances creation experience in portal has been completely redone, moving it to the new create style with convenient tabs and a simplified flow. Specific improvements to adding environment variables and specifying container sizes (including support for GPU cores) were also included.
ACI now uses the same create pattern as other services
To try out the new create experience:
- Go to the "+ Create a resource" button in the top-left of the portal
- Choose the "Containers" category, and then choose "Container Instances".
From an Azure Kubernetes Service cluster in the portal you can now add integrations with other Azure services including Dev Spaces, deployment center from Azure DevOps, and Policies. With the enhanced debugging capabilities offered by Dev Spaces, the robust deployment pipeline offered through the deployment center, and the increased control over containers offered by policies, setting up powerful tools for managing and maintaining Kubernetes clusters in Azure is now even easier.
New integrations now available
To try out the new integrations:
- Go to the overview for any Azure Kubernetes Service cluster
- Look for the following new menu items on the left:
- Dev Spaces
- Deployment center (preview)
- Policies (preview)
Multiple node pools for Azure Kubernetes Service are now shown in the Azure portal for any clusters in the preview. New node pools can be added to the cluster and existing node pools can be removed, allowing for clusters with mixed VM sizes and even mixed operating systems. Find more details on the new multiple node pool functionality.
Node pools blade
Add a node pool
To try out multiple node pools:
- If you are not already participating, please visit the multiple node pools preview to learn more about multiple node pools.
- If you already have a cluster with multiple node pools, look for the new 'Node pools (preview)' option in the left menu for your cluster in the portal.
Azure has numerous data transfer offerings catering to different capabilities in order help users transfer data to a storage account. The new Data Transfer feature presents the recommended solutions depending on the available network bandwidth in your environment, the size of the data you intend to transfer, and the frequency at which you transfer. For each solution, a description, estimated time to transfer and best use case is shown.
To try out Azure Storage Data Transfer:
- Select a Storage Account
- Click on the "Data transfer" ToC menu item on the left-hand side
- Select an item in the drop down for 3 different fields:
- Estimate data size for transfer
- Approximate available network bandwidth
- Transfer frequency
For more in-depth information, check out the documentation.
The Activity Log shows you what changes happened to a resource during an event. Now you can view this information with Change history in preview.
For more details visit the blog, “Key improvements to the Azure portal user experience” and scroll to the “View change tracking in Activity Log” section.
Create your first cloud project with confidence
The Azure Quickstart Center is a new experience to help you create and deploy your first cloud projects with confidence. We launched it as a preview at Microsoft Build 2018 and are now proud to announce it is generally available.
For more details, including the updated design please visit the blog,“Key improvements to the Azure portal user experience” and scroll to the “Take your first steps with Azure Quickstart Center” section.
Users can now move a VM from one group to another, and by doing that, the application control policy applied to it will change according to the settings of that group. Up to now, after a VM was configured within a specific group, it could not be reassigned. VMs can now also be moved from a configured group to a non-configured group, which will result in removing any application control policy that was previously applied to the VM. For more information, see Adaptive application controls in Azure Security Center.
Advanced Threat Protection (ATP) for Azure Storage provides an additional layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit storage accounts. This layer of protection allows you to protect and address concerns about potential threats to your storage accounts as they occur, without needing to be an expert in security. To learn more, see Advanced Threat Protection for Azure Storage or read about the ATP for Storage price in Azure Security Center pricing page.
Azure Security Center now identifies virtual machine scale sets and provides recommendations for scale sets. For more information, see virtual machine scale sets.
One of the biggest attack surfaces for workloads running in the public cloud are connections to and from the public Internet. Our customers find it hard to know which Network Security Group (NSG) rules should be in place to make sure that Azure workloads are only available to required source ranges. With this feature, Security Center learns the network traffic and connectivity patterns of Azure workloads and provides NSG rule recommendations, for internet facing virtual machines. This helps our customer better configure their network access policies and limit their exposure to attacks.
For more information about network hardening, see Adaptive Network Hardening in Azure Security Center.
The Regulatory Compliance Dashboard helps Security Center you streamline your compliance process, by providing insights into your compliance posture for a set of supported standards and regulations.
The compliance dashboard surfaces security assessments and recommendations as you align to specific compliance requirements, based on continuous assessments of your Azure and hybrid workload. The dashboard also provides actionable information for how to act on recommendations and reduce risk factors in your environment, to improve your overall compliance posture. The dashboard is now generally available for Security Center Standard tier customers. For more information, see Improve your regulatory compliance.
Azure Site Recovery feature updates
Azure Site Recovery for IaaS VMs now support the addition of new disks to an already replicated Azure virtual machine.
Adding new disks
To try out this feature:
- Select any virtual machine which is protected using ASR.
- Add new disk to this virtual machine.
- Navigate to the Recovery services vault where you will see warning about the replication health of this virtual machine.
- Click on the this VM and navigate to Disks > click on unprotected disk >Enable Replication.
- Refer documentation for more details
Azure Site Recovery has enhanced the health monitoring of your workloads on VMware or physical servers by introducing various health signals on the replication component, Process Server. Notifications are raised on multiple parameters of Process Server: free space utilization, memory usage, CPU utilization, and achieved throughput.
Enhancements to Process Server monitoring
For more details refer to this blog, “Monitoring enhancements for VMware and physical workloads protected with Azure Site Recovery.”
The new enhancement on Process Server alerts for VMware and physical workloads also helps in new protections with Azure Site Recovery. These alerts also help with load balancing of Process Servers. The signals are powerful as the scale of the workloads grows. This guidance ensures that the apt number of virtual machines are connected to a Process Server, and that related issues can be avoided.
To try out the new alerts:
- Start the enable replication workflow for a Physical or a VMware machine.
- At the time of source selection, choose the Process Server from the dropdown list.
- The health of the Process Server is displayed against each Process Server. Warning health status deters the user’s choice by raising warning, while critical health completely blocks the PS selection.
Non-Azure group targeting for Azure update management is now available in public preview. This feature supports dynamic targeting of patch deployments to non-Azure machines based on Log Analytics saved searches.
This feature enables dynamic resolution of the target machines for an update deployment based on saved searches. After the deployment is created, any new machines added to update management that meet the search criteria will be automatically picked up and patched in the next deployment run without requiring the user to modify the update deployment itself.
Dynamic non-Azure groups
To try out this feature:
- Deploy Azure Update Management and add 1 or more non-Azure machines to be managed by the service.
- Create a saved search that targets your non-Azure machines.
- Create a new periodic Update Deployment in Azure Update Management.
- For target machines, select Groups to Update and choose your saved search from the Non-Azure (preview) tab.
- Complete your Update Deployment.
- When new machines are added to update management that match the saved search, they will be picked up by this deployment.
To learn more about Azure Update Management and creating saved searches, see the documentation.
The Microsoft Intune team has been hard at work on updates as well. You can find the full list of updates to Intune on the What's new in Microsoft Intune page, including changes that affect your experience using Intune.
Azure portal “how to” video series
Have you checked out our Azure portal “how to” video series yet? The videos highlight specific aspects of the portal so you can be more efficient and productive while deploying your cloud workloads from the portal. Recent videos include a demonstration of how to create a storage account and upload a blob and how to create an Azure Kubernetes Service cluster in the portal. Keep checking our playlist on YouTube for a new video each week.
The Azure portal’s large team of engineers always wants to hear from you, so please keep providing us with your feedback in the comments section below or on Twitter @AzurePortal.