Welcome to Ironstone Advent blog series. We will discuss some of our favourite features from Microsoft that were released during 2018, in addition to some features we're looking forward to in 2019.
Microsoft release new features to their cloud platforms at a rapid pace, so we will only dive into some of the ones we like the most. We will also list some other honorable mentions. You might disagree with our lists, but they are completely subjective, based on our day to day operation, and have affected us in a positive way.
The blog series will consist of four blogposts:
- Top 5 new Azure features from 2018
- Top 5 new Microsoft 365 features from 2018
- Top 10 new features we're looking forward to in 2019
1. Azure Monitor – Monitor all the things
We finally have a centralized solution for monitoring everything in Azure. The newly announced "Azure Monitor" is already helping us a lot by centralizing the monitor capabilities in Azure. This results in much greater control, less overhead management and consequently more efficiency, and better governance/overview, even in larger environments.
Azure Monitor also gained some new tricks during this year, worth mentioning is:
- Azure AD Sign In and Audit logs connected to a Log Analytics Workspace. Announcement>
Here are a few key components you should search for when you start using Azure Log Analytics:
- Azure Monitor Action Groups
- Azure Monitor Alert Rules
- Azure Log Analytics Query Language (aka Kusto)
- Azure Service Health Alerts
2. Governance – Get full control
If you’re having a bad day or are inexperienced, you may find yourself throwing money down the drain in Azure. Or maybe your developers are unknowingly making you not comply to GDPR by placing customer data in a distant Azure Region? Microsoft provides an increasing number of features to fix these problems for you, once and for all. Lock down and control your Azure environment, no matter the amount or kind of Azure Subscriptions, users, or resources.
Azure Governance is a series of products you can use to govern your Azure environment. Already existing features include:
- Azure Policy (On a subscription scope)
- Azure Role-based Access Control (RBAC)
Here's a list of the most exciting new features of 2018:
- Azure Blueprint (Preview): Create policies, configurations, limitations, and features that can be automatically added to all your existing and feature Azure Virtual Machines. Read more about the service here
- Azure Management groups: Apply control and governance features such as Azure Policies and Role-based Access Controls (RBAC) across some or all your subscriptions
Announced July 31, 2018
3. Update Management – Finally mature
Update Management is so ingenious, simple, and powerful that we use it for all our VMs. We also try to convince our customers to use this, especially for Azure VMs, but also for on-prem machines (waiting to be migrated to Azure, of course).
The features that have been added in 2018 ensure more flexibility and control. Here are some worth mentioning:
- Reboot control: Control whether your VMs should reboot if an update requires it. Announced August 16, 2018.
- Dynamic groups automatically enroll VMs added to resource group(s) after Update Management schedule creation
- Pre/post tasks: Run tasks, like PowerShell, before and/or after an Update Management run.
- Update inclusion: Specify KBs you'd like to force to your machines. All last three features was announced September 21, 2018
4. Log Analytics (previously OMS) fully integrated with the Azure Portal
Microsoft is doing the right thing when bringing all the things into the Azure Resource Model Portal and creating a universal, user friendly GUI. We use Log Analytics a lot, across all kinds of services offered in Azure. Tighter integration to the rest of the ecosystem, like Azure Automation Account (also with Update Management) and Azure Monitor, makes Log Analytics more powerful than ever.
This enables your tech team to monitor your whole environment, both on-prem and Azure. If you're not taking advantage of the dirt cheap but awesome features of Azure Log Analytics, you are doing something wrong.
The Log Analytics merge into the Azure Portal was announced August 16, 2018, along with the planned retirement of the old OMS portal which is set to January 15, 2018.
5. Azure Active Directory Domain (AADDS) available for CSP subscriptions
Now we can finally deploy a highly available, cheap, secure solution for authenticating and domain joining Azure Virtual Machines, enabling Single sign-on (SSO) among other benefits. Azure Active Directory Domain Services (AADDS) consist of two VMs, a load balancer, managed disks, and other Azure resources in the backend. Controlled, updated, and secured by Microsoft, available as a PaaS service in Azure. Even the NSGs can be preconfigured for you. Unless you have a very specific use for legacy domain controllers in Azure, you should really consider AADDS for your cloud environment.
The announcement from December 17, 2017 can be found here (not really 2018, but hey, didn’t you too have a holiday break around that time?). Microsoft Docs provide great documentation, available here.
Some other feature enhancements were added during this year, and worth mentioning are:
- Improved synchronization performance from Azure AD to Azure AD DS managed domain: This enables bigger customers to get better sync performance—for both initial and ongoing sync from Azure AD. Announced October 17, 2018.
- Scoped sync from AAD to AADDS: Only sync some objects from your Azure AD. Announced October 17, 2018.
- AADDS now uses managed disks in backend, which gives you even more availability and redundancy. Announced October 17, 2018.
We are thrilled that Microsoft is going all in with the Cloud Solution Provider (CSP) program, adding new features frequently. A complete comparison list of available first-party Azure products, services and features in Azure CSP from Microsoft can be found here.
We're always here for you, if you have any comments or want to learn more about what the Azure platform can do for you, don’t hesitate to contact us.
Azure Data Explorer
It's finally easy to view data in Azure Storage Accounts
Announced September 24, 2018
- Azure Serial Console
Pass commands down to the local machine even if RDP breaks
Announced September, 17 2018
- Azure Resource Graph
- Azure Portal – New account manager
Switch between multiple accounts without reauthenticating. A truly useful feature for Microsoft Cloud administrators.
Read more about it here
- PowerShell - Az module
Superseding the AzureRM module, using the new .NET Core framework
- Azure Load Balancer - HTTPS Probes on the standard SKU
Announced August, 13 2018
- Azure VMs - Reserved Instances
Save up to 80% of Azure Virtual Machine costs by reserving VMs for a period of time and combining with your existing Microsoft licenses.
Announced May 10, 2018