Azure security announcements - October 6th 2022

This week, there are 12 announcements related to Azure Security.

Headlines:

• Azure Firewall Basic is a new SKU for Azure Firewall designed for small and medium-sized businesses
• Policy analytics for Azure Firewall, now in public preview
• Configure compute instance with managed identity for Azure Machine Learning
• The application insights Java 2.X SDK will be retired on 30 September 2025
• Azure Monitor ITSM connector feature for creating ServiceNow alerts will be retired on 30 September 2025
• Redis version 4 will be retired from Azure Cache for Redis and you'll need to upgrade to version 6 by 30 June 2023
• On 30 September 2023, we will be retiring support for Azure SDK for .NET and Golang libraries which do not conform to our current Azure SDK guidelines
• Azure Basic Load Balancer will be retired on 30 September 2025
• Support for Azure API Management self-hosted gateway version 0 and version 1 ends on 1 October 2023
• Azure App Service won’t support Ruby 2.7 or future versions of Ruby after 12 April 2023
• Smart tiering to vault-archive tier for Azure Backup is now GA
• Azure Batch TLS 1.0/1.1 will be retired on 31 March 2023

All details below.

Azure Firewall

Preview Features
Azure Firewall Basic is a new SKU for Azure Firewall designed for small and medium-sized businesses. The main benefits are:

Comprehensive, cloud-native network firewall security:

• Network and application traffic filtering
• Threat intelligence to alert on malicious traffic
• Built-in high availability
• Seamless integration with other Azure security services

Simple setup and easy-to-use:

• Setup in just a few minutes
• Automate deployment (deploy as code)
• Zero maintenance with automatic updates
• Central management via Azure Firewall Manager

Cost-effective:

• Designed to deliver essential, cost-effective protection of your resources within your virtual network

Announcement | Documentation

Preview Features
Policy analytics for Azure Firewall, now in public preview, provides enhanced visibility into traffic flowing through Azure Firewall, enabling the optimization of your firewall configuration without impacting your application performance.

As application migration to the cloud accelerates, it’s common to update Azure Firewall configuration daily (sometimes hourly) to meet the growing application needs and respond to a changing threat landscape. Frequently, changes are managed by multiple administrators spread across geographies.

Over time, the firewall configuration can grow sub optimally impacting firewall performance and security. It’s a challenging task for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule to flow match, rule hit rate, and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.

Announcement | Documentation

Azure Machine Learning

Preview Features
Configure compute instance with managed identity: This feature enables administrators to control user access to sensitive data so that it can only be accessed when working on compute instance. You will now have an increased level of data protection.

Announcement | Documentation

Azure Monitor

Retiring Features
On 30 September 2025, we’ll be retiring the application insights Java 2.X SDK; after that date it’ll no longer be supported. Before that date, we recommend you upgrade to OpenTelemetry-based Java 3.X auto-instrumentation, which provides all the functionality of the application insights Java 2.X SDK plus new ones, including:

• Expanded distributed tracing auto-collection including the most common Azure SDKs, MongoDB, Kafka, Cassandra (and more)
• JMX and micrometer metrics auto-collection
• Codeless onboarding for easier deployments and upgrades

If you choose to not upgrade, your data will continue to flow to application insights. However, we’ll be unable to support any Azure support cases opened on this SDK, and you won’t receive the latest product features.

Announcement | Documentation

Retiring Features
We are retiring the Azure Monitor ITSM connector feature for creating ServiceNow alerts on 30 September 2025. If you are using this feature to create alerts in ServiceNow from Azure Montor alerts and would like to continue receiving Azure Monitor alerts in ServiceNow you can either create incidents or create events using Secure webhook integration. Transition to Azure Monitor log alerts before this date.  From 30 September 2025, this will be the only way to send alerts to ServiceNow.

Announcement | Documentation

Azure Redis Cache

Retiring Features
Because Redis version 4 is no longer supported by the open source community, it will be retired from Azure Cache for Redis and you'll need to upgrade any cache instances that are running version 4 to version 6 by 30 June 2023. We'll continue to backport security fixes from recent versions to version 4 until that date.

Announcement | Documentation

Azure SDKs

Retiring Features
On 30 September 2023, we will be retiring support for Azure SDK for .NET and Golang libraries which do not conform to our current Azure SDK guidelines. The new Azure SDK libraries are updated regularly to drive consistent experiences and strengthen your security posture. Please transition to the new Azure SDK for .NET and Golang libraries to take advantage of the new capabilities and critical security updates before 30 September 2023.

Although the older libraries can still be used beyond 30 September 2023, they will no longer receive official support and updates from Microsoft after that date. These older libraries may receive targeted feature updates through 31 March 2023.

If you prefer not to transition to the new Azure SDK for .NET and Go libraries, source code for the current Azure SDKs libraries is available on GitHub as open source. You can continue to use the code and apply your own fixes, as required.

Announcement

Azure Virtual Network

Retiring Features
On 30 September 2025, Azure Basic Load Balancer will be retired. You can continue to use your existing Basic Load Balancers until then, but you'll no longer be able to deploy new ones after 31 March 2025.

To keep your workloads appropriately distributed, you'll need to upgrade to Standard Load Balancer, which provides significant improvements including:

• High performance, ultra-low latency, and superior resilient load-balancing.
• Security by default—closed to inbound flows unless allowed by a network security group.
• Diagnostics such as multi-dimensional metrics and alerts, resource health, and monitoring.
• SLA of 99.99 percent availability.

If you have any Basic Load Balancers deployed in Azure Cloud Services (extended support), those deployments will not be affected by this retirement and you don't need to take any action for them.

Announcement | Documentation

Azure API Management

Retiring Features
Support for Azure API Management self-hosted gateway version 0 and version 1 ends 1 October 2023. Version 2 of the self-hosted gateway is already available, and includes the following improvements:

• A new configuration API that removes the dependency on Azure Storage, unless you're using API inspector or quotas.
• We have introduced new container images, and new container image tags to let you choose the best way to try our gateway and deploy it in production.

If you're using version 1 and/or version 0 of the self-hosted gateway, you'll need to manually migrate both the components, container image and configuration API. Migrate your v0/v1 container images to the newest v2 image and switch the v0/v1 configuration API to the v2 configuration API.

From now through 1 October 2023, if you have existing self-hosted gateways deployment using version 0 and/or version 1, you can continue to use it normally. You can transition to your existent version 0 and/or version 1 container image and configuration API to version 2 at any point prior to 1 October 2023. After that date, the configuration API for version 0 and version 1 won't be available.

Announcement | Documentation

Azure App Services

Retiring Features
Ruby 2.7 support is ending on 12 April 2023. After this date, App Service won’t support Ruby 2.7 or future versions of Ruby. Your applications will continue to run unchanged but won’t receive patches after 12 April 2023.

Recommended action: To minimize risk, follow the steps to migrate your applications to run in a custom container before 12 April 2023.

Announcement | Documentation

Azure Backup

General Availability
Smart tiering to vault-archive tier for Azure Backup is now GA.

Configure your backup policy to automate your vault-archive tier for Azure Virtual Machines, SQL Server/SAP HANA in Azure Virtual Machines. This will ensure that the eligible and recommended recovery points (in the case of Azure Virtual Machines) are automatically moved to the vault-archive tier. This is done on a periodic and interval timeline and based on the settings mentioned in the policy. You can also specify the number of days after which you want your recovery points to be moved to the vault-archive tier.

Announcement | Documentation

Azure Batch

Retiring Features
To follow security best practices and remain in compliance with industry standards toward the exclusive use of TLS version 1.2 or later, we’ll retire Azure Batch TLS 1.0/1.1 on 31 March 2023. Please transition to using Batch TLS 1.2 by that date.

Announcement | Documentation

• Azure security announcements - December 9th 2022

  December 12, 2022

• Azure security announcements - November 11th 2022

  November 17, 2022

• Azure security announcements - October 28th 2022

  November 04, 2022

• Azure security announcements - October 14th 2022

  October 18, 2022

• Azure Security Announcements - September 30th 2022

  October 05, 2022

• Azure Security Announcements - September 16th 2022

  September 20, 2022

• Azure Security Announcements - September 9th 2022

  September 12, 2022

Leave your comment