This is a blog post for a new, ongoing series of consolidated updates from the Cloud Platform team.
We’re here to help you embrace the cloud. Realize your true potential with our unique innovations, comprehensive mobile solutions, and developer tools across the breadth of our product portfolio. To help you stay current, here are our latest releases.
- Azure Reserved Virtual Machine (VM) Instances | Reserved VM Instances
- Azure security and operations management | Cloudyn, Azure Security Center, Monitor
- Availability Zones | Preview
- Azure Batch | Low Priority VMs GA
- Azure Batch | Rendering service GA
- Azure Cloud Shell | PowerShell Preview
- Azure Data Box | Limited Preview
- Azure DDOS Protection | Azure DDoS Preview
- Azure Files Sync | Preview
- Azure IoT Hub Device Provisioning Service | PP: Feature (Device Provisioning Service)
- Azure IoT Suite—Remote Monitoring | Available to purchase
- Azure Migrate | Preview
- Azure Network Watcher | Connectivity Check for Express Route
- Azure Traffic Manager Real User Measurements | Preview
- Azure Traffic Manager Traffic View | Preview
- Azure VPN Gateway | P2S VPN from Apple Macs—GA
- Load Balancer Standard | HA Ports Preview
- Load Balancer Standard | Preview
- Project “Honolulu” | Preview
- SDN – Global Virtual Network Peering | Preview
- System Center | System Center preview build (semi-annual channel)
- Virtual Network service endpoints for Azure Storage and Azure SQL | Preview
- Windows Server | Windows Server, version 1709 GA
- SDN – Ip Service Tags | Preview
- ExpressRoute IPv6 support for Azure and Office365 | GA
- Azure Essentials–new Azure offer | Preview
- FastTrack for Azure | Preview
- Azure Machine Learning updates | Preview
- Azure SQL Database | Azure SQL DB Easy lift + shift cloud preannounce
- AI Solutions | Disclosure
- SQL Server 2017 (Windows, Linux, and Docker) | SQL Server 2017—GA
- Azure SQL Database | Native Scoring Preview
- Azure SQL Database | Pools storage up to 4 TB premium tier—GA
- Azure SQL Database | Virtual Network service endpoints Preview
- Azure SQL Database | Vulnerability Assessment Preview
- Cognitive Services Updates | GA announcements of Text Analytics, Bing Search v7 and Bing Custom Search
- Machine Learning Services | ML Server Software Assurance benefit for Hadoop—GA
- Machine Learning Services | Rename R Server to Machine Learning Server—GA
- Power BI Desktop | GA
- Azure Cosmos DB | Database Auditing—GA
- Azure Cosmos DB | Integration with Azure Functions Preview
- Azure Cosmos DB | New Metrics and Heatmaps—GA
- Azure Data Factory | Azure Data Factory updates Preview
- Azure SQL Database | Adaptive query processing—GA
- Azure SQL Database | Graph support—GA
- Azure SQL Database | Intelligent Insights Preview
- Power BI service | GA
- SQL Data Warehouse | New performance tier for analytics workloads
- Azure App Service | New premium tier—GA
- Azure Functions | Functions support for .NET Core
- Azure Functions | Support for Microsoft Graph bindings
- Azure Service Fabric | New releases
- Azure OSS DevOps | Hashicorp Terraform in Azure Cloud Shell—GA
- Visual Studio Mobile Center Preview | Announcement of Android 8.0 (“Oreo”) support
- Visual Studio Mobile Center Preview | Announcement of iOS 11 support
- Visual Studio Mobile Center Preview | Continuous Export
- New and enhanced Azure Active Directory Cloud App Discovery | GA
- System Center Configuration Manager | Disclosure Co-Management (ConfigMgr+Intune)
- Intune Partner Integration | Disclosure—Jamf integration
- Microsoft Cloud App Security | Proxy Preview announcement
- Azure HDInsight | OMS Integration – Public Preview
- Power BI Embedded | Disclosure
- Microsoft Azure Information Protection | Secure email to anyone
- Azure Active Directory access reviews | Preview
- Azure AD Conditional Access—New conditions and controls | Preview
- Microsoft Cloud App Security | AIP auto-labeling preview announcement
- Microsoft Cloud App Security | EU datacenter support announcement
- System Center Configuration Manager | ConfigMgr Mixed Authority and Intune Data Importer
- G- and H-series price reductions | Disclosure
- Application Security Groups | Application Security Groups Preview
Azure Reserved Virtual Machine (VM) Instances | Reserved VM Instances
We are excited to announce Azure Reserved VM Instances (RIs) that will allow you to reserve virtual machines at extremely low prices on Azure.
Azure Reserved VM Instances enable customers to reserve compute capacity to prioritize workloads when and where they need it most. With a 72% cost savings over on-demand pricing, reserved instances improve budgeting and forecasting because they are purchased in 1- and 3-year terms with a single up-front payment. Purchasing Azure RIs is easy—customers select only three items: region, VM series, and term, and that’s it. But, if customers decide at any time during the term that they need to exchange or cancel reservations, that’s easy too. What’s more, Windows Server customers can save up to 82% with AHB. Azure Reserved VM Instances offer the most affordable and flexible RIs with prioritized compute capacity on the market.
Azure security and operations management | Cloudyn, Azure Security Center, Monitor
New Azure security and operations management features and updates
Azure can uniquely offer built-in security and operations management to help customers improve productivity using native intelligence and hybrid capabilities. We’re announcing several new features and updates to help you secure and manage your cloud workloads. Azure is introducing Cost Management by Cloudyn, a service that helps organizations manage and optimize cloud spend across Azure, AWS, and Google Cloud Platform. The service is now available for free to all Azure customers and partners. Learn more about Cost Management and start to use the product for free.
Azure Security Center, which helps customers protect workloads running in Azure against cyber threats, can now also be used to secure workloads running on-premises and in other private and public clouds, in public preview at Ignite. Security Center is also releasing new capabilities including dynamic application whitelisting, integration with Azure Logic Apps, and ability to drill down into an incident with interactive investigation paths and mapping. Additionally, customers can now easily explore and add on services for monitoring, backing up, and securing their resources from the creation of a resource in Azure to reduce security and compliance risk. One of these new features, Update Management, will be free for any machine. Learn more about these exciting new services and features on the Azure blog.
Availability Zones | Preview
Last week we announced the public preview of Azure Availability Zones in two regions with more being added in the coming months. We’re building upon our existing regions with Availability Zones to provide a comprehensive set of high-availability and disaster recovery capabilities to meet your most demanding business continuity needs.
Availability Zones are fault-isolated locations within an Azure region, providing redundant power, cooling, and networking. Availability Zones allow you to run mission critical applications with high availability and fault tolerance to data center failures. As our commitment to you, we will offer a financially backed 99.99% SLA for virtual machines deployed in two or more zones within a region when the service is generally available.
Azure Batch | Low Priority VMs GA
General availability of Azure Batch low-priority VMs
Azure Batch | Pricing
Low-priority VMs are now available at a large discount compared to regular on-demand VMs. If Batch applications can tolerate interruption and job execution time is flexible, then using low-priority VMs can significantly reduce the cost of running workloads, or allow much more work to be performed at a greater scale, for the same cost. Many batch processing workloads can take advantage of low-priority VMs, and Azure Batch makes it easy to allocate and manage low-priority VMs, as well as handle any pre-emptions that occur.
Azure Batch | Rendering service GA
Announcing GA of Azure Batch Rendering
Enabling customers such as artists, engineers, and designers to submit rendering jobs seamlessly via client applications such as Maya and 3ds Max, or via our SDK, Azure Batch Rendering accelerates large scale rendering jobs to deliver results to our customers faster.
Following the public preview, we’re extremely excited to move Azure Batch Rendering to GA.
As part of this offering, Azure is working with Autodesk, Chaos Group, and other partners to enable customers to run their day-to-day rendering workloads seamlessly on Azure. The Batch Rendering feature will provide tools such as client plugins offering a rich integrated experience allowing customers to submit jobs from within the applications with easy scaling, monitoring, and asset management. Additionally, the SDK, available in various languages, allows custom integration with customer’s existing environments.
For more info, please visit the Rendering on Azure webpage.
Azure Cloud Shell | PowerShell Preview
On Monday, September 25, we announced the public preview of PowerShell in Azure Cloud Shell, your Microsoft-managed admin machine on Azure, for Azure. Now you can use PowerShell when you connect with Azure using an authenticated, browser-based shell experience that’s hosted in the cloud, and accessible from virtually anywhere or any device.
As detailed in Hemant Mahawar’s blog post announcing PowerShell in Azure Cloud Shell preview, the PowerShell experience provides easy discovery and navigation of all Azure resources using Azure drive’s (Azure:) filesystem-like browsing of resources, contextual capabilities based on the current path, an extensible model for adding new commands from PowerShell Gallery, and easier management of virtual machines.
To learn more, visit Azure Cloud Shell.
Azure Data Box | Limited Preview
Announcing the limited preview of Azure Data Box
We’re excited to announce the limited preview of Azure Data Box. The Azure Data Box is a secure, ruggedized, tamper resistant appliance created by Microsoft to help customers transfer large amounts of data into Azure Storage. Customers can order the Data Box through the Azure portal. The Data Box can connect to a customer’s networks via DHCP or customer supplied IP address. Customers can copy data to the Azure Data Box using the SMB 3.0 protocol, and encrypt it using 256-bit AES encryption keys. When returned to Microsoft, customers can store their data in Azure Blob or Files storage, and the device is erased after data upload. Partners can also use the Azure Data Box to help their customers with large Azure Data transfer projects. Availability for the preview will be limited to US regions, but we encourage all interested customers to express interest in participating. To sign up for the preview, please visit Azure Data Box Preview Program. To learn more about the Azure Data Box, please read our blog post.
Azure DDOS Protection | Azure DDoS Preview
We’re announcing the preview of a new service called Azure DDoS Protection that helps protect your applications from being impacted by Distributed Denial of Service (DDoS) attacks at OSI Layers 3-7. This service monitors the public IP addresses of your resources within Azure, learns an application’s normal traffic patterns, and instantly mitigates an attack when it’s detected. When you subscribe to this service, you also receive advanced telemetry and alerts related to the attacks that were carried out against your application. During preview, you will not incur any cost for using the service. For more information, please visit the Azure DDoS Protection page.
Azure Files Sync | Preview
Announcing the preview for Azure File Sync
We’re excited to announce the public preview of Azure File Sync. Azure File Sync provides you with secure, centralized file share management in the cloud. Install the File Sync agent on your Windows Servers so you can store less frequently accessed files in the cloud, while keeping more frequently accessed data on local file shares, and deliver consistent file share performance with no configuration or code changes. Centralizing file share management with File Sync can also lower the IT support requirements for branch or remote office locations. Availability for the public preview will be limited to US regions. To sign up for the preview, please visit Azure File Sync Preview. To learn more about Azure File Sync, please visit our blog post.
Azure IoT Hub Device Provisioning Service | PP: Feature (Device Provisioning Service)
We’re announcing the public preview of the Azure IoT Hub Device Provisioning Service. The Device Provisioning Service is a new service that works with Azure IoT Hub to enable customers to configure zero-touch device provisioning to their IoT hub.
With the Device Provisioning Service, you can provision millions of devices in a secure and scalable manner, automating a process that has historically been time and resource intensive for manufacturers and companies managing volumes of connected devices. The Device Provisioning Service is the only cloud service to provide complete automated provisioning, including both registering the device to the cloud as well as configuring the device. Device Provisioning Service is available in East US, West Europe, and Southeast Asia starting 9/6, and eventually will be available globally.
Without a provisioning service, connecting devices to Azure IoT Hub requires manual work. Each device needs a unique identity to enable per-device access revocation in case the device is compromised. Doing this manually works for very few devices, but at IoT scale, you have to individually place connection credentials on each of millions of devices.
IoT Hub Device Provisioning Service, together with IoT Hub device management, helps customers manage all stages of IoT device lifecycle, at scale and in a secure way.
Azure IoT Suite—Remote Monitoring | Available to purchase
At Ignite, we are announcing an update to Azure IoT Suite Remote Monitoring solution that represents the next milestone in ease of development, deployment, and maintenance of an IoT project. We’ve created an open-sourced, microservices-based architecture that you can deploy on your Azure subscription. This architecture will be available both in Java and .NET languages, which will give you more choices on which solutions to build on top of the Azure platform.
The following resources are available to learn more and get started:
- View the new solution by visiting the remote monitoring solution demo.
- Learn more about it at our Ignite blog.
- Deep dive on scenarios and capabilities with our technical documentation.
- Get started and provision a new remote monitoring solution.
Azure Migrate | Preview
Today, we’re pleased to announce Azure Migrate—a new service that provides the guidance, insights, and mechanisms needed to assist you in migrating to Azure.
Using an appliance-based approach, Azure Migrate provides:
- Discovery and assessment for on-premises virtual machines and servers.
- Inbuilt dependency mapping for high-confidence discovery of multi-tier applications.
- Intelligent rightsizing to Azure Virtual Machines.
- Compatibility reporting with guidelines for remediating potential issues.
- Integration with Azure Database Management Service for database discovery and migration.
Azure Migrate gives you confidence that your workloads can migrate with minimal impact to the business, and run as expected in Azure. With the right tools and guidance, you can achieve maximum return on investment while assuring that critical performance and reliability needs are met.
Learn more about Azure Migrate and sign up for the limited preview. The limited preview enables discovery, cost analysis, and configuration recommendations for VMware-based environments. Support for discovering Hyper-V environments and for replication-based server migration will be added in the coming months.
To access further migration resources, tools, and offers, visit the new Azure Migration Center.
Azure Network Watcher | Connectivity Check for Express Route
Azure Network Watcher Connectivity Check for Azure ExpressRoute—Preview
Azure Network Watcher announces the preview of Connectivity Check for Express Route circuits. This advanced capability, added to the existing connectivity check feature, enable you to identify hybrid connectivity issues from your Azure virtual machine to an on premise machine connected over an Azure ExpressRoute circuit.
Connectivity Check drastically reduces the amount of time required to identify connectivity issues. The results returned provide you:
- All hops from your source virtual machine to your on-premise machine.
- Hop by hop and overall latency.
- Potential user configuration or platform issues at each hop in Azure. The connectivity check can either be initiated from Portal or through REST API, PowerShell, CLI, and SDK.
For more information please visit connectivity check overview page.
Azure Traffic Manager Real User Measurements | Preview
Azure Traffic Manager Real User Measurements Preview
Azure Traffic Manager Traffic View | Preview
Azure Traffic Manager Traffic View Preview
Azure Traffic Manager announces the preview of Traffic. With this new capability, you be able to understand where your user bases are located (up to a local DNS resolver level granularity), the volume of traffic originating from these regions, what is the representative latency experienced by these users, and deep dive into the specific traffic patterns from each of these user bases to Azure regions where you have presence. Choose to use this feature and you will be able to view the above information in a tabular format in the Azure portal, in addition to having the ability to download raw data. By adopting into this feature, you will have actionable intelligence on how to manage your capacity at existing Azure regions as well as new Azure regions to which you need to expand so that your users will get an even better experience. For more information and pricing details, please visit the Traffic View overview page and the Azure Traffic Manager pricing page. (Note—You won’t be charged for using this feature during public preview period.)
Azure VPN Gateway | P2S VPN from Apple Macs—GA
P2S VPN for Macs and AD Domain Authentication for P2S VPN generally available
Azure Networking announces the general availability of P2S VPN for Macs and AD Domain authentication for P2S VPN.
Customers can now connect to Azure Virtual Networks over P2S VPN from their Mac machines using the native IKEv2 VPN client. SSTP continues to be the P2S solution for Windows. Customers can support a mixed client environment consisting of both Windows and Macs by enabling both IKEv2 and SSTP VPN.
Customers can use the organization domain credentials for IKEv2 and SSTP VPN authentication by enabling RADIUS authentication. The Azure VPN Gateway integrates with the customer’s RADIUS and AD Domain deployment in Azure, or on-premises Datacenter. RADIUS servers integrate with other identity providers too, providing multiple useful authentication (including multi-factor) options for P2S VPN.
Load Balancer Standard | HA Ports Preview
Azure Load Balancer HA Ports is now in preview
Azure Networking announces the preview of HA Ports, a premium offering of the Azure Load Balancer. It enables you to configure a single load balancing rule to process traffic from all the protocols and ports, thus enabling deployment of services or appliances in high availability mode. This rule makes it easier to load balance the virtual network traffic from multiple sources on to the required backend pool, irrespective of the port numbers. By replacing multiple load balancing rules with a single rule, you can now avoid the max rule limit, and reduce the complexity of ARM templates. Some of the important scenarios this capability unlocks are network virtual appliances high availability, and port range configuration. To get more information about this capability, visit Microsoft Azure Load Balancer documentation.
Load Balancer Standard | Preview
Load Balancer Standard in Preview
Load Balancer Standard allows you to create load balanced deployments with much greater scale, resiliency, and ease of use for all your virtual machine instances inside a virtual network. Load Balancer Standard unlocks a wide range of scenarios and abilities, including Availability Zones, any virtual machine instance in a virtual network, 1000 instance VM scale sets, instance load balancing rules for network virtual appliance high availability, and diagnostic insights including data plane health, per endpoint health, and traffic counters.
Project “Honolulu” | Preview
On September 14, we announced Project “Honolulu”, the next step in our journey for Windows Server graphical management experiences. Project “Honolulu” offers a flexible, locally-deployed, browser-based management platform and set of tools.
Project “Honolulu” is the culmination of significant customer feedback, which has directly shaped product direction and investments. With support for both hybrid and traditional disconnected server environments, Project “Honolulu” provides a quick and easy solution for common IT admin tasks with a lightweight deployment.
Project “Honolulu” is the next step in our journey to deliver on our vision for Windows Server graphical management experiences.
Our vision starts with modernizing both the platform and the tools. For us, modernizing the platform means giving you greater flexibility in how and where you deploy and access the tools. Modernizing the platform also enables partners, both internal and external, to use and easily build on top of a growing ecosystem of tools and capabilities. For platform adoption and growth, it means supporting a reasonable set of existing Windows Server versions, not just the latest, and licensed as part of Windows Server with no extra cost. Modernizing the graphical management platform reduces the friction of creating modernized admin tools.
Our vision continues with simplifying the experience where appropriate. Deployment is quick and easy, with no internet dependency. Tools are familiar, and cover the core set of administrative tasks for troubleshooting, configuration, and maintenance. Some Windows Server capabilities, which were previously manageable only via PowerShell, now also have an easy-to-use graphical experience.
Our vision also includes integrating the management experiences in compelling ways. Each tool is available not just together in one place but can be filtered to show contextual data inside of another tool. One tool can link to another with context, and these links are just URLs which can be launched from external sources. The architecture also allows for cloud integration in the future.
Finally, our vision is to deliver a secure platform, helping solutions be secure by default, and optimizes support for security solutions. A future blog post in this series will describe in more detail what we’re doing with security and assurance.
SDN – Global Virtual Network Peering | Preview
Global Virtual Network Peering public preview
Global Virtual Network Peering enables you to peer virtual networks belonging to different Azure regions. Previously through Virtual Network Peering, you could only peer virtual networks belonging to the same region. With this preview, you can set up a peering connection across different regions enabling a variety of scenarios. Some examples include disaster recovery, database failover, and data replication through private IPs. Global Virtual Network Peering enables a low latency, direct connection between VMs belonging to different Virtual Networks in different regions. The traffic is completely private—no internet is involved. The traffic is completely restricted to the Microsoft backbone. Further, there are no bandwidth limitations that come into play with Global Virtual Network Peering, except those determined by your virtual machine size. To get started with Global Virtual Network peering, visit our Global Peering webpage.
System Center | System Center preview build (semi-annual channel)
Microsoft will be delivering semi-annual releases for System Center, starting in early 2018. The public preview of System Center version 1801 will be available in November. In this release, the focus will be on System Center Operations Manager, Virtual Machine Manager, and Data Protection Manager. The key areas of investment will include support for the latest version of Windows Server, support for Linux, enhanced performance, usability and reliability, and extensibility with Azure-based security and management services. A limited preview is now available for the Windows Server Technical Adoption program members. To learn more visit our blog.
Virtual Network service endpoints for Azure Storage and Azure SQL | Preview
Virtual Network service endpoints allow you to secure Azure Storage accounts and Azure SQL DBs to your virtual network (VNet), fully removing public Internet access to these resources. Service endpoints provide direct connection from your virtual network to an Azure service, allowing you to use your VNet’s private address space to access supported Azure services. Traffic destined to Azure services through service endpoints will always remain on the Microsoft Azure backbone network. There is no additional cost to enabling service endpoints on your virtual networks.
For more details, please visit the Virtual Network webpage
Windows Server | Windows Server, version 1709 GA
Today we are launching Windows Server, version 1709 – which is the first release of Windows Server in the new Semi-Annual Channel release cadence. This channel is designed for customers who are innovating quickly in applications, particularly those built on containers and microservices, as well as customers moving to a software-defined hybrid datacenter. In the Semi-Annual Channel, a new release of Windows Server will be made available every 6 months and each release will be supported for 18 months.
Windows Server, version 1709 enables Developers and IT Pros to quickly and easily modernize existing traditional apps using containers, as well as build and deploy brand new cloud apps on Windows Server. This includes a Server Core container image optimized for existing apps and a totally new Nano Server container image that is 79% smaller – perfect for your new cloud applications. For customers running heterogeneous environments, version 1709 supports Linux containers with Hyper-V isolation so customers can run Linux and Windows workloads side-by-side.
Azure customers will be able to deploy Windows Server, version 1709 in early October. Customers with Software Assurance and loyalty programs (such MSDN) will be able to download the bits later in that month. Windows Insiders will continue to have access to preview builds in the Semi-Annual Channel. You can also join the discussion in the Microsoft Tech Community.
SDN – Ip Service Tags | Preview
Meet your security compliance needs more easily by tailoring access to just the Azure services you use.
Service Tags simplify security for Azure Virtual Machines and Virtual Networks by enabling you to easily restrict network access for their virtual machines to just the Azure services you use.
This preview will include service tags that can be used in network security groups for Storage, SQL, and Traffic Manager.
Pricing—There are no charges for use of service tags or network security groups.
ExpressRoute IPv6 support for Azure and Office365 | GA
We’re happy to announce that you can now access IPv6 endpoints hosted by Office 365 and Azure services through the Microsoft peering. Microsoft peering will be dual stacked. Customers will need to enable both IPv4 and IPv6 configuration on the peering to ensure that they have access to all relevant endpoints. You can use route filters to select the services and regions that you want to connect to.
This capability is fully supported through APIs, PowerShell, and CLI.
Azure Essentials–new Azure offer | Preview
Microsoft Azure Essentials is a new free resource for IT Professionals and Developers who are excited about the potential of cloud computing, and want to learn new skills and apply them quickly. It’s the quickest way to get started and learn new skills with Azure. Choose a topic and with three easy steps you can watch a short demo video to get some basic knowledge, get an Azure free account, and then apply what you learned in a live, guided lab.
Continue to build expertise in Azure with guided learning paths offered free in partnership with Pluralsight, and/or learn advanced skills from industry experts with Microsoft Official Curriculum, either in person or online with one of our learning partners. Prove what you learned with Microsoft Certifications to advance your career.
As Azure grows, Azure Essentials will grow right along with it and with you. Azure Essentials will be updated with new ways to learn and new content to keep your career on track.
FastTrack for Azure | Preview
Announcing FastTrack for Azure Preview expansion
We are expanding the FastTrack geo presence with coverage for the UK and WE in early October, along with US, Canada and Australia which became available earlier in August. FastTrack for Azure provides direct assistance from Microsoft engineers, working hand in hand with partners, to help customers build desired solutions quickly and confidently. Focused on customer success, FastTrack guides customers from setup, configuration, and development to production of Azure solutions. To learn more, visit aka.ms/FTAzure.
Azure Machine Learning updates | Preview
Azure Machine Learning updates in public preview
We’re excited to announce new features for Azure Machine Learning that are now in public preview. The new features will enable AI developers and data scientists to build, deploy, and manage AI models everywhere, at any scale, in the cloud, on-premises, or edge. Data scientists can begin experimenting right away with the most powerful machine learning frameworks such as TensorFlow, Cognitive Toolkit, Spark MLlib and more, on their favorite IDEs, such as Jupyter, PyCharm or Visual Studio. Building AI at any scale will be no problem with the ability to prototype models locally, then easily scale up and out in the cloud. Pay only for the cloud resources that are used. Once models are built, Azure Machine Learning can deploy them in minutes to enable real-time, high-demand insights everywhere, including edge computing. Models can be managed and retrained once in production to ensure the best performance for your intelligent applications. Azure Machine Learning’s new features will unleash data scientists’ productivity by orchestrating the entire machine learning lifecycle with built-in intelligent data preparation, increased rate of experimentation with model asset tracking, collaboration through familiar tools such as Git, and version control to ensure the best models are selected and reproducible. Take advantage of all these benefits with the enterprise grade security of Microsoft.
- Cost-effective machine learning. Get started right away with free seats. Pay only for the cloud resources you use.
- Increase your rate of model experimentation. Track model code, configurations, parameters, and training data to quickly identify the best performing models and ensure reproducibility.
- Build, deploy, and manage everywhere. Rapidly prototype on a desktop, then scale up using virtual machines, and scale out using Spark clusters. Docker containers make model training and deployment flexible and easier.
- Meets you where you are. Use the tools and technology that data scientists and AI developers love. No need to learn new tools or technology. Integrated into Visual Studio code.
- More modeling, less prepping. Intelligent data prep is built right in. It learns your data preparation steps as you perform them, and then runs them on the rest of your data. Export your work in Python or Spark for reproducibility and scale on all your data.
New features for Azure Machine Learning are now available in public preview in East US 2, West Central US, and Australia. More regions and markets will be added. Get started now with the new Azure Machine Learning features. Try it for free.
Azure SQL Database | Azure SQL DB Easy lift + shift cloud preannounce
Azure SQL Database—Easy lift and shift to the cloud
To stay competitive and get ahead in today’s marketplace, IT organizations are continuously looking at ways to optimize how they maintain and use the data that fuels their operations. Modernizing to the cloud can deliver the right mix of operational efficiencies and business enablement to drive continued growth. Later this fall, we will announce the public preview of Azure Database Migration Service, SQL Database Managed Instance, and a new Hybrid Use Benefit that you can use to easily and quickly move your SQL Server data to Azure SQL Database. Soon, you will be able to lift and shift, at scale, your on-premises SQL Servers with the fully-automated Database Migration Service to a managed instance that is highly compatible with SQL Server. This means you can continue to use the tools and features you’re familiar with, and not have to worry about re-architecting your apps. You will also be able maximize your existing license investments with discounted rates on managed instance using a new Hybrid Use Benefit. These new offers extend our commitment to making Azure SQL Database the most economical place to run SQL Server workloads. Sign up now to receive notification of availability.
AI Solutions | Disclosure
Microsoft expanded Dynamics 365 with new AI solutions that transform critical Enterprise scenarios to help business users reinvent the processes they use every day.
Microsoft Dynamics 365 AI solutions are designed to tackle high value, complex Enterprise scenarios and tailored to existing processes, systems and data. The first solution includes an intelligent virtual agent for customer care, an intelligent assistant for customer service staff and conversation management tools, all powered by Microsoft AI. Australian Government Department of Human Services, HP Inc, Macy’s, and Microsoft are already using this technology to improve overall customer satisfaction and handle more requests, in a shorter amount of time.
For more information about these new AI-based solutions, please read the AI solutions blog post.
SQL Server 2017 (Windows, Linux, and Docker) | SQL Server 2017—GA
Announcing the general availability of SQL Server 2017
On Monday, October 2, 2017, SQL Server 2017 will be generally available for purchase. Now you can bring the industry-leading performance and security of SQL Server to Linux and Docker containers for production workloads, enabling you to build intelligent applications using your preferred language and environment. Experience industry-leading performance, rest assured with innovative security features, transform business with AI built-in, and deliver insights wherever users are with mobile BI.
Now through June 30, 2018, we are running a SQL Server on Linux offer that provides access to SQL Server 2017 on Linux at significant savings through an annual subscription. Claim your offer today.
Azure SQL Database | Native Scoring Preview
Get Started with Native Scoring in Azure SQL Database
Now available in Azure SQL Database, Native Scoring allows you to score machine learning models generated by RevoScaleR or revoscalepy packages from Transact-SQL. The PREDICT function allows you to score models as part of your transactions without calling an external language runtime, thus reducing or eliminating performance costs. For more information, please see the PREDICT function topic in our documentation.
Azure SQL Database | Pools storage up to 4 TB premium tier—GA
More included storage for Premium elastic pools in Azure SQL Database is GA
More than 1 TB of storage, up to a maximum of 4 TB, is included in the price of the largest compute size premium pools. These storage increases are now generally available in certain regions with wider spread regional coverage planned. To learn more, visit the Azure Blog.
Azure SQL Database | Virtual Network service endpoints Preview
Enable Virtual Network service endpoints for more granular security
The public preview of Virtual Network service endpoints in Azure SQL Database is now available. Azure SQL Database allows you to set firewall rules for specific public IPs and lets you allow all Azure Services’ IPs to connect to your servers. If you’re looking for finer grained connectivity limitations, you would have to provision a static public IP, which can be hard to manage and costly when done at scale. Virtual Network service endpoints allows you to limit connectivity to your Azure SQL Database Servers from given Subnets within a virtual network.
Azure SQL Database | Vulnerability Assessment Preview
Azure SQL Database—Track and remediate potential database vulnerabilities
Vulnerability Assessment is a scanning service built into the Azure SQL Database service itself. The service employs a knowledge base of rules that identify security vulnerabilities and deviations from best practices, such as misconfigurations, excessive permissions, and exposed sensitive data. Results of the assessment include actionable steps to resolve each issue, and customized remediation scripts where applicable. The assessment report can be customized for each environment and tailored to specific requirements.
Cognitive Services Updates | GA announcements of Text Analytics, Bing Search v7 and Bing Custom Search
Today we are excited to announce the next big wave of innovation for Microsoft Cognitive Services, a collection of APIs and services that allow developers to use the broadest set of AI services in the industry, such as vision and speech recognition, emotion and sentiment detection, and language understanding and add them to their applications with no need to be an expert in data science.
Today’s updates include:
- Text Analytics API General Availability – a cloud-based service that provides advanced natural language processing over raw text. It includes API functions such as sentiment analysis, key phrase extraction and language detection.
- Bing Custom Search API upcoming General Availability in October, lets you create a highly-customized targeted web search experience, to deliver more relevant results from your targeted web space through a commercial grade service. Featuring a straightforward User Interface, Bing Custom Search enables you to create your own web search engine without a line of code. Specify the slices of the web that you want to draw from – or let cutting-edge AI technology help you to identify them. It can empower businesses of any size, hobbyists and entrepreneurs to design and deploy web search applications for any possible scenario.
- Bing Search V7 upcoming General Availability in October – Allowing you to bring the immense knowledge of the planet to your applications. Results come back fast with improved performance for queries on the Bing Web Search API. New sorting and filtering options make it easier to find relevant results in news trending topics and image searches. Better error messages make it easy to troubleshoot and diagnose problem queries, and updated, modernized documentation make it easy bring the power of the Bing Search APIs to your applications.
- We plan to make Language Understanding Intelligent Service and Microsoft Bot Framework, which contains everything you need to build and connect intelligent bots, generally available later this year.
- We’re also adding new capabilities to our services:
- QnAMaker preview API is now enabling to build, train and publish a simple question and answer bot from product manuals.
- We’re expanding Face API, Computer Vision API and Content Moderator in 7 additional regions: South Central US, West US2, East US, Brazil, North Europe, Australia East and East Asia.
For more information about these updates, please refer to the Cognitive Services Blog Post.
Machine Learning Services | ML Server Software Assurance benefit for Hadoop—GA
Machine Learning Server for Hadoop Becomes a Software Assurance benefit
In addition to rebranding Microsoft R Server to Microsoft Machine Learning Server, we simplified the purchase and acquisition process for our customers. Effective October 1st, Microsoft Machine Learning for Hadoop/Spark becomes a Software Assurance benefit for SQL Server Enterprise Edition customers. The new Software Assurance benefit provides the rights to run Microsoft Machine Learning Server for Hadoop on up to 10 servers for every 2 cores of SQL Server Enterprise Edition under active Software Assurance as of October 1st.
The stand-alone version of Microsoft R Server (without the database engine components) will be renamed Microsoft Machine Learning Server. (This server can only be purchased with SQL Server., It’s intended for machine learning as well as data scientists wanting to benefit from the scale and performance capabilities of Microsoft Machine Learning Server, without database components and other services.
Machine Learning Server for Linux is now licensed through SQL Server Enterprise Edition
Beginning October 1st, running Machine Learning Server for Linux will be licensed through SQL Server 2017 Enterprise Edition. R Server for Windows has been licensed through SQL Server Enterprise Edition, and this will bring consistency to running Machine Learning Server for Linux workloads on the SQL platform.
Machine Learning Services | Rename R Server to Machine Learning Server—GA
We’ve renamed SQL R Services to Microsoft Machine Learning Services under the SQL Server brand, and have also renamed Microsoft R Server as Microsoft Machine Learning Server. The additional language support aligns the advanced analytics workload to machine learning capabilities and focus on AI.
With Python support in addition to R and Microsoft ML libraries, we’re enhancing machine learning capabilities, offering the ability to develop new intelligent applications that combine the best of the open source and enterprise capabilities of SQL Server 2017.
We see Python growing as the most commonly utilized language for data science and machine learning applications. We started with R when we acquired Revolution Analytics two years ago, and built in an extensibility layer to enable us to add additional languages as our customers and users started adopting them for their data science needs.
Power BI Desktop | GA
New and most frequently requested Power BI Desktop features are now available to business analysts.
Drill through to another report page—Drill through filters allow you to create a page in your report that provides details on a single ‘entity’ in your model, such as a customer, manufacturer, product, or location, and then use any data point referring to that ‘entity’ column through the report to navigate to that drill through page with the matching filter context.
Explain the increase/decrease insights (preview)—This feature lets you right click on a bar or a data point in a line chart and to ask us to explain why the data point increased or decreased compared to the data point before it. We will run our insights machine learning algorithms over the data and populate a fly out with charts showing what categories most influenced this increase or decrease.
Visio visual (preview)—The Visio visual gives you the ability to represent Power BI data just how you want it. It allows you to design a Visio diagram showing your business process workflows or a real-world layout like your floor plan and quickly connect to it in Power BI. The underlying Power BI data is automatically and intelligently linked to the diagram based on its shape properties, eliminating the need to do this manually. This is an incredibly powerful visual that lets you turn your Visio diagrams into an interactive Power BI visualization that can help you make informed decisions faster. You can learn more about this visual on our dedicated blog and download it from the Office store.
ESRI Plus— We previously announced the general availability of ArcGIS Maps for Power BI. The integration of Power BI with ArcGIS has allowed us to redefine how business users experience their data using maps and advanced GIS techniques previously available only in specialized tooling. With the new Plus subscription for ArcGIS Maps for Power BI that will be announced at Ignite, Esri and Microsoft will enable users to further advance that experience. The Plus subscription allows users to access more maps, global demographics, verified ready-to-use data, and plot even more locations on their maps for compelling visualizations that give perspective and impact decisions. Esri will make this new subscription available later in Q4. Learn more. Download the latest Power BI Desktop to experience the new features immediately. For more information on these new features and others, visit the Power BI blog.
Azure Cosmos DB | Database Auditing—GA
Azure Cosmos DB—Database account auditing
Now generally available, Azure diagnostics logs for Azure Cosmos DB enables you to see logs for all requests made to your respective database account at the individual request level. The diagnostics logs help track how and when your databases are accessed. This feature also provides a convenient method for configuring the destination of the logs for the customer. You can choose the destination to either Storage Account, Event Hub, or Operation Management Suite Log Analytics.
Azure Cosmos DB | Integration with Azure Functions Preview
Native integration between Azure Cosmos DB and Azure Functions
With the native integration between Azure Cosmos DB and Azure Functions, you can simply add a trigger function directly from your Azure Cosmos DB account. The benefit of trigger functions is that it only executes when an event happens which triggers a function call. Using Azure Functions and Azure Cosmos DB, you can create and deploy event-driven, planet-scale serverless apps with extremely low-latency access against very rich data for a huge number of customers around the globe.
Azure Cosmos DB | New Metrics and Heatmaps—GA
Azure Cosmos DB—New metrics and heatmaps
We’re happy to announce the availability of new metrics and heatmaps. You can now easily detect and troubleshoot “hot partition” issues, navigating from the throttling signal to partition heatmaps, and individual records for the problematic partition key in two clicks. You get full visibility into users’ per-region usage performance against throughput, availability, latency, and consistency SLAs. Learn more about this announcement by visiting the metrics documentation webpage.
Azure Data Factory | Azure Data Factory updates Preview
Azure Data Factory is a fully-managed data integration service in the cloud that automates the movement and transformation of data. Improve business outcomes by composing and monitoring factories that convert raw data points into actionable business insights for making better decisions. Orchestrate data-driven workflows to move data between both on-premises and cloud data stores, as well as process data using compute services such as Apache Spark with Azure HDInsight, SQL Server, SQL Database, SQL Server Integration Services (SSIS), and Azure Data Lake Analytics.
Now in public preview, new Azure Data Factory features will enable you to build hybrid data integration that will let you create, schedule, and orchestrate your ETL/ELT workflows, at scale, wherever your data lives, in the cloud or any self-hosted network. Meet security and compliance needs while taking advantage of extensive capabilities and paying only for what you use. Accelerate your data integration with multiple data source connectors natively available in-service. Now in public preview, SSIS customers can easily lift their SSIS packages into the cloud using Data Factory’s new managed SSIS hosting capabilities.
Take advantage of all these benefits with the enterprise-grade security of Microsoft:
- Orchestrate your data integration workflows wherever your data lives, in cloud, or self-hosted environment.
- Accelerate your data integration with multiple native data connectors and fully managed data-movement-as-a-service.
- Modernize your data warehouse with Azure big data, and advanced analytics services like Azure HDInsight and Azure Data Lake Analytics.
- Easily move your SSIS workloads to the cloud.
New features for Data Factory are now available in public preview in East US region. For more information about pricing, please visit the pricing webpage. To learn more, please visit the Data Factory webpage.
Azure SQL Database | Adaptive query processing—GA
Adaptive Query Processing support for Azure SQL Database now generally available
SQL Server 2017 and Azure SQL Database introduce a new generation of query processing improvements that will adapt optimization strategies to your application workload’s runtime conditions. For this first version of the adaptive query processing feature family, we have three new improvements—batch mode adaptive joins, batch mode memory grant feedback, and interleaved execution for multi-statement table valued functions.
Azure SQL Database | Graph support—GA
Graph support for Azure SQL Database is now generally available
The rapid growth and complexity of data can leave users struggling to optimize schema and query design to address complex relationships between the data. Graph databases introduce simple constructs of nodes and relationships into linked structures for sophisticated modeling. Azure SQL Database now offers fully integrated graph extensions, so users can define graph schema with graph objects. T-SQL language extensions help users find patterns and use multi-hop navigation. To learn more about graph support, visit the TechNet Blog.
Azure SQL Database | Intelligent Insights Preview
Intelligent insights for Azure SQL Database—Performance degradation diagnostics log
Azure SQL Database built-in intelligence continuously monitors database usage, detects disruptive events that can cause poor performance, and generates an Intelligent insights diagnostic log. The insights provided consist of a root cause description of performance degradation and improvement recommendations where possible. The feature can be coupled with Azure Log Analytics or a third-party solution for custom alerting and reporting capabilities.
Power BI service | GA
Additional new and most frequently requested Power BI features are now available to users and business analysts.
Power BI apps GA—Power BI apps, the new way to flexibly distribute content across the organization, are now generally available.
Additional Power BI Premium capabilities include large models, virtual cores, and scale up capacity. Additional enterprise capabilities include AAD B2B, data lineage, additional admin controls, and user level usage metrics. Sign-in to experience the new features immediately. For more information on these new features and others, visit the Power BI blog.
SQL Data Warehouse | New performance tier for analytics workloads
To satisfy customer needs for more intensive and demanding compute power for their mission critical analytic applications, SQL Data Warehouse will offer you two service options with the preview release of a new “optimized for compute” performance tier that significantly improves performance and scale of analytics in the cloud. This new compute optimized performance tier also scales further than ever before—up to 30,000 compute Data Warehouse units. The preview will be available in this fall.
Azure App Service | New premium tier—GA
The new premium tier from Azure App Service is now generally available. It features Dv2-series VMs with faster processors, SSD storage, and double memory-to-core ratio compared to the previous compute iteration. This is an ideal App Service option for apps that require high performance and scalability. Learn more from this blog.
Azure Functions | Functions support for .NET Core
Azure Functions now supports .NET core, allowing functions code to target .NET Core. This allows developers to use your cross-platform .NET Core code investments in a serverless environment. Additionally, it allows developers to develop and debug their functions locally on all development platforms (Windows, Mac and Linux). For more information, please visit this blog post.
Azure Functions | Support for Microsoft Graph bindings
Azure Functions provides a feature called bindings that allows developers to declaratively connect to data from within their code without dealing with the complexities of the respective data sources. We’re now enhancing that support to allow developers to build their own bindings, which means if you have a custom data source, you can now easily create bindings for that data source for Azure Functions. This allows not only you but even your customers to build serverless functions that seamlessly interact with your custom data source.
Additionally, we’re also announcing new bindings for Microsoft Graph and Office, so it’s now much easier to access and modify Graph and Office information in your serverless code without having to deal with intricacies of Graph and Office API.
To learn more, please visit this blog post.
Azure Service Fabric | New releases
We’re excited to announce the release of Service Fabric updates along with the general availability of orchestration of Linux containers on Service Fabric in all regions. With this announcement, we bring the same rich level of features we’ve supported on Windows Server containers to Linux, including resource governance, DNS service, and integration with OMS for container logs, as well as support for volume drivers. This release also includes preview support of the Docker Compose API so you can run reuse compose.yaml files. At this time, Ubuntu 16.04 is the supported OS for Service Fabric on Linux clusters.
In addition, we’re releasing a preview of the programming models for Java and .NET Standard 2.0, including stateless and stateful Reliable Services. Stateful Reliable Services brings the data close to compute by automatically co-locating data on the same node the service is running, thereby reducing latency. Furthermore, a preview of the easy to use Reliable Actors programming model on C# and Java is also being released.
Azure OSS DevOps | Hashicorp Terraform in Azure Cloud Shell—GA
Increased Support for Terraform and Azure
Terraform is an open source tool from HashiCorp that codifies APIs into declarative configuration files based on Hashi Config Language (HCL) that can be shared amongst team members, treated as code, edited, reviewed, and versioned. The AzureRM provider has had many new Azure resources added and Terraform is now included directly in the Azure Cloud Shell. We have also published new Terraform Modules for Azure, making it even easier to get started with Terraform on Azure. For more information, please visit the Azure Blog.
Visual Studio Mobile Center Preview | Announcement of Android 8.0 (“Oreo”) support
For developers who want to build for Android 8.x (“Oreo”) with confidence, we’re pleased to announce that Visual Studio Mobile Center’s Test service now supports the Oreo platform. We have multiple real Oreo device platforms available today in our datacenters, and we’ll continue to add new devices in coming weeks and months. To ensure that developers can test against a representative sampling of devices that accurately reflects real-world usage, we continue to provide hundreds of other Android device and OS platforms, including operating systems as early as Android 2.2 (“FroYo”).
Visual Studio Mobile Center Preview | Announcement of iOS 11 support
For developers who want to build for Apple’s newly-announced iOS 11 with confidence, we’re happy to announce that Visual Studio Mobile Center’s Test service now supports the platform. We have multiple real (non-simulated) iOS 11 device platforms available today in our datacenters, and we will continue to add new devices in coming weeks and months. To ensure that developers can test against a representative sampling of devices that accurately reflects real-world usage, we continue to provide hundreds of other iOS device and OS platforms, including operating systems as early as iOS 8.
Visual Studio Mobile Center Preview | Continuous Export
For Visual Studio Mobile Center users who want to take advantage of other Azure services to manage and manipulate their data, we’re pleased to announce Continuous Export, a feature that provides integration to two key Azure services—Application Insights and Blob Storage.
By adding the Mobile Center SDK and enabling Continuous Export to Application Insights, you can create a steady stream of data into advanced analytics features such as funnels and user flows, retention, workbooks, custom query capabilities, and the host of other advanced usage analytics tools Application Insights provides.
Azure Blob storage is a service for storing large amounts of unstructured object data, such as text or binary data, that can be accessed from anywhere in the world via HTTP or HTTPS. By enabling Continuous Export to Blob Storage, you can store your data privately or publicly, scale automatically, retain your data as long as necessary, and access it as needed.
New and enhanced Azure Active Directory Cloud App Discovery | GA
More than 80% of employees admit using non-approved SaaS apps for work purposes. Even though you may not be in the cloud, your employees are. Visibility is the first key step for data protection. If you can’t see it, you can’t prevent it.
We’re excited to announce that Azure Active Directory Cloud App Discovery, a feature of Azure Active Directory Premium P1, is enhanced to provide deeper visibility into cloud app usage in your organizations. The upgraded experience is powered by Microsoft Cloud App Security, and is available at no additional cost.
System Center Configuration Manager | Disclosure Co-Management (ConfigMgr+Intune)
Digital transformation enables our customers to modernize their IT infrastructure, policies and processes to lower costs, simplify device and app management, and provide a better experience for both users and IT pros. We designed Microsoft 365 for this reason, and we’re excited to announce new improvements to make it easier for customers to realize the full benefits of Microsoft 365 by enhancing the ability to deploy and manage Windows 10 and Office 365 ProPlus from the cloud.
We’re enabling a bridge to modern management for existing System Center Configuration Manager (ConfigMgr) customers with co-management that allows managing Windows 10 devices by both ConfigMgr agent and Intune MDM at the same time. For example, customers will be able to transition the management of VPN profiles, OS updates, and conditional access check from ConfigMgr to Intune while continuing to use ConfigMgr for other workloads, such as deep device security enforcement. Over time, customers will be able to move more workloads to Intune. This unique ability enables customers to start their journey to cloud-based management in small manageable steps with lower risk while maintaining the control they expect.
Intune Partner Integration | Disclosure—Jamf integration
Jamf and Microsoft Enterprise Mobility + Security (EMS) announced a partnership to provide an automated compliance management solution for Mac devices accessing applications set up with Azure AD authentication. EMS provides an identity-driven unified endpoint management solution that offers a holistic approach to solve mobility and security challenges as you go through the digital transformation. Jamf is the management standard for the Apple ecosystem. Together, Jamf delivers information about the management state and health of Mac devices to Microsoft Intune’s device compliance engine, which integrates with Azure AD Conditional Access to allow organizations to identify unmanaged and non-compliant Mac devices, and remediate them.
Microsoft Cloud App Security | Proxy Preview announcement
Control and limit access to cloud apps with Microsoft Cloud App Security
More than 80% of all breaches leverage stolen and/or weak passwords. For this reason, it’s critical to build a strong conditional access strategy to protect your organization right at the front door. With Azure Active Directory Conditional Access, access context, continuous cybersecurity threat intelligence, and the risk signals are put to work to help you control access in real-time. As we lift the curtain at Ignite, we’re excited to announce that we’re expanding conditional access capabilities to incorporate Microsoft Cloud App Security.
Uniquely integrated with Azure AD Conditional Access, Microsoft Cloud App Security will help you perform real-time monitoring and control over your cloud applications (preview in October 2017). The activities performed within the user sessions in cloud apps can be limited and controlled based on the conditions such as user identity, location, device, and detected sign-in risk level. Conditional Access policies can be used to employ session restrictions through the Cloud App Security proxy. For example, you can allow access to cloud apps from an unfamiliar location or unmanaged device while blocking the download of the sensitive documents. Learn more.
Azure HDInsight | OMS Integration – Public Preview
Azure HDInsight: Interactive Data Warehouse GA and Azure Log Analytics integration in public preview
HDInsight has two additional features available. HDI Interactive Query, formerly Interactive Hive, allows in-memory caching that makes queries more interactive and performant. Additionally, Azure Log Analytics integration is now available for public preview, allowing you to proactively monitor and analyze logs and metrics data, empowering you to optimize availability and performance across your resources. Learn more about these features by visiting our documentation webpage.
Power BI Embedded | Disclosure
Microsoft Power BI announces capacity-based SKUs for Power BI Embedded
In the same way that partners and developers build apps on Azure infrastructure, they can also use Power BI capabilities to quickly add stunning visuals, reports, and dashboards into their intelligent apps through a newly announced Power BI Embedded capacity-based offering that will be available in early October. With Power BI Embedded, partners and developers can choose between using Power BI visuals and creating their own. They can expose insights to their customers by connecting to countless data sources and can easily manage the needs of their apps and services based on the requirements of their business and customers. Partners and developers can transact, build, and deploy in Azure while leveraging a comprehensive set of APIs and fully documented SKD to help accelerate taking their app to market. Learn more.
Microsoft Azure Information Protection | Secure email to anyone
General availability of new and improved Office 365 Message Encryption capabilities
We’re announcing the general availability of enhancements to Office 365 Message Encryption built on top of Azure Information Protection. These improvements make it easier to share protected emails with anybody—inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail, Outlook.com and Live.com. Read more about it in the Office 365 blog.
To address your compliance needs, we’re also enabling support for bring your own key (BYOK) for Exchange Online. Read more about it in our technical documentation—Planning and implementing your Azure Information Protection tenant key.
Azure Active Directory access reviews | Preview
Azure Active Directory access reviews now in preview
Azure Active Directory adds new features that help enterprises control ‘who has access to what’ across their hybrid deployments and cloud services. These new features, currently in preview, enable customers to:
- Ask group owners or group members to attest to their need for continued group membership, by starting an access review of that group.
- Ask users with access to an enterprise application, or others in the organization, to recertify their need for continued application access. Access reviews include a user-friendly experience for recertification that addresses attestation fatigue by showing access highlights, including whether the user being reviewed has signed into the application recently.
Access reviews will be a part of Azure AD Premium P2 offering. Read more here.
Azure AD Conditional Access—New conditions and controls | Preview
More Azure Active Directory conditional access enhancements in preview
Azure Active Directory conditional access is enhanced with a set of additional conditions and controls, today announced in public preview:
- New controls, based on integration with Cloud App Security, that perform real-time monitoring and help IT gain control over cloud application usage—both authorized and unauthorized. The actions that users take in SaaS applications can now be limited and controlled based on conditional access policy. For example, you can allow users to access SaaS apps from an unfamiliar location or unmanaged device, but prevent them from downloading sensitive documents.
- To further enhance security at the file level, we’re introducing conditional access for sensitive files. With the integration of Azure Information Protection and Azure Active Directory, conditional access can be set up to allow or block access to documents protected with Azure Information Protection. You can also enforce additional security requirements such as multi-factor authentication or device enrollment.
- New control/action—Administrators will be able to set policies, based on platform, user, app, location and risk conditions that will enforce the use of additional 2nd factor authentication providers. The third-party authentication vendors that will be included in this preview are Duo, RSA and Trusona.
- Application based conditional access (MAM polices)—Restrict SaaS access to mobile apps enforcing MAM policy that are running on MDM compliant devices.
- Conditional access policies for Windows 10 VPN client.
- New condition based on country or region IP addresses.
Read more in our documentation article.
Microsoft Cloud App Security | AIP auto-labeling preview announcement
Classify sensitive files in the cloud apps and apply labels automatically
Microsoft’s Information Protection solutions help you detect, classify, protect, and monitor your data—regardless of where it’s stored or shared. A key part of this vision is to provide a more consistent and integrated classification, labeling and protection approach across our information protection technologies, enabling persistent protection of your data.
For information protection in cloud apps, Microsoft Cloud App Security provides customizable, granular control policies and powerful remediation actions. You can use out-of-the-box policies, or build your own and enforce them right away on your cloud apps—whether from Microsoft or third parties, such as Box, Dropbox, Salesforce, and others. Microsoft Cloud App Security also can leverage the classification labels set by Azure Information Protection natively and enforce governance actions such as file quarantine, native encryption, remove sharing based on classification, and sharing level of the file.
We’re deepening our information protection capabilities for cloud apps. Leveraging Microsoft’s Information Protection capabilities, Microsoft Cloud App Security will now scan and classify files in the cloud apps and automatically apply Azure Information Protection labels for protection, including encryption (public preview in October 2017).
Microsoft Cloud App Security | EU datacenter support announcement
We’re happy to announce that, in October 2017, Microsoft Cloud App Security will also be available in Azure West Europe region to better serve our customers in Europe and support their compliance requirements.
System Center Configuration Manager | ConfigMgr Mixed Authority and Intune Data Importer
We’ve heard repeatedly from our customers who are using System Center Configuration Manager connected with Microsoft Intune (hybrid MDM) that they’d like to move to a cloud-only experience with Intune on Azure. This experience brings many new benefits, such as large scale, unified admin console, RBAC, and more. To help customers easily transition, we’re introducing a new process of moving from hybrid MDM to Intune standalone.
Previously, the move from hybrid MDM to Intune standalone required a one-time authority switch that would move an entire tenant at once, and force the admin to reconfigure all settings in Intune, including re-enrolling all devices. Our new approach will allow customers to move from hybrid MDM to Intune standalone in a more controlled manner without impacting end users. The new process consists of three parts—Microsoft Intune Data Importer, mixed authority, and an improved MDM authority switch.
G- and H-series price reductions | Disclosure
Price reductions on H Series and G Series VMs
We’re announcing price reductions of up to 21% for H- and G-series VM’s effective October 1. H-series price reductions will be available in the US East, Europe West, Japan East, and US North Central regions. G-series price reductions will be available in Australia East, Canada East, Canada Central, UK South, US Gov Virginia, and Germany Central regions.
H-series VM’s are well suited for high performance computing workloads such as financial risk modeling, seismic and reservoir simulation, molecular modeling, and genomic research. G-series VM’s are best suited for large database workloads, specifically SAP HANA, SQL Server, Hadoop, DataZen, and Hortonworks.
Application Security Groups | Application Security Groups Preview
Announcing the public preview of Application Security Groups.
Many customers have granular security needs to tightly control the network access between their workloads into multiple logical tiers or different application roles.
Application Security Groups (ASG) simplify security definition for Azure Virtual Machines by enabling customers to easily manage their network security policies based on user defined groups.
Customers can group their VMs based on their own abstractions, for example applications, roles, tiers, or any abstraction without using explicit IP addresses. The same VM can be part of multiple ASGs at the same time, enabling customers from multiple different policies applied to the same VM.
They can also define their security policy using Network Security Group (NSG) rules. NSGs can be applied to a virtual network subnet, or to individual virtual machines, giving customers the flexibility to easily secure their workloads.
Customers can also scale with ASGs and NSGs, and just assign new VMs to the right application security group securing VMs during creation process.
Pricing—There are no charges for the use of Application Security Groups.
Read more about Application Security Groups.