Azure Stack experts from Microsoft Services, Heyko Oelrichs and Rathish Ravikumar, give us an update on Azure Stack and some valuable tips and tricks based on their real-world experiences deploying it for customers.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode271.mp3 

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/27e2dca4a4/

Resources: • Overview (https://azure.microsoft.com/en-gb/overview/azure-stack/)
• Azure Stack documentation (http://aka.ms/AzureStackDocs )
• Download and try Azure Stack Development Kit (http://aka.ms/asdk )
• Free online Azure Stack course INF240x (self-paced with 40+ hours content + ASDK-based labs) (http://aka.ms/AzSMooC )
• Free online (recorded) Azure Stack conference sessions (http://aka.ms/AzSIgnite2018 )
• Fee-based in-classroom instructor-led Azure Stack official training course 20537B (http://aka.ms/AzSMOC )
• Azure Stack Operator certification exam 70-537 (http://aka.ms/AzSExam )
• Azure Stack MSDN forum (http://aka.ms/AzSForum )
• Azure Stack Roadmap (https://azure.microsoft.com/en-us/updates/?product=azure-stack)
• Kubernetes on Azure Stack (https://docs.microsoft.com/en-us/azure/azure-stack/user/azure-stack-solution-template-kubernetes-deploy)

Other updates:

In Azure Security Center, adaptive application control in audit mode is now available for Azure Linux VMs. This whitelisting solution is also available for non-Azure Windows and Linux VMs and servers that are connected to Security Center.
In addition, you can now rename groups of virtual machine and server clusters in Security Center. They're still automatically named group1, group2, and so on. But you can then edit them to provide a more meaningful name to your machine cluster groups, to help you better represent those application control policy groups.

The network map in Azure Security Center now supports virtual network peering. Directly from the network map, you can view allowed traffic flows between peered virtual networks and deep dive into the connections and entities.

Azure Security Center can now learn the network traffic and connectivity patterns of your Azure workload and provide you with network security group (NSG) rule recommendations for your internet-facing virtual machines. This is called adaptive network hardening, and it's in public preview. It helps you secure connections to and from the public internet (made by workloads running in the public cloud), which are one of the most common attack surfaces.
It can be hard to know which NSG rules should be in place to make sure that Azure workloads are available only to required source ranges. These new recommendations in Security Center help you configure your network access policies and limit your exposure to attacks. Security Center uses machine learning to fully automate this process, including an automated enforcement mechanism. These recommendations also use Microsoft’s extensive threat intelligence reports to make sure that known malicious actors are blocked.
To view these recommendations, in the Security Center portal, select Networking and then Adaptive network hardening.

https://azure.microsoft.com/en-us/updates/azure-boards-and-azure-pipelines-github-integration-improvements-sprint-149-update/
In the Sprint 149 Update of Azure DevOps, we added the ability to navigate to Azure Boards directly from mentions in a GitHub comment as well as adding support for Azure Boards within GitHub Enterprise.
For Azure Pipelines we enabled a new feature on GitHub pull requests that lets you run optional checks by mentioning /azp in the comment.  You can also require a comment on the pull request from repository contributor before the pipeline will run giving you the ability to review code from unknown users before building.

Achieve more with Microsoft Game Stack
https://azure.microsoft.com/en-us/blog/achieve-more-with-microsoft-game-stack/

Expanded Jobs functionality in Azure IoT Central
https://azure.microsoft.com/en-us/blog/expanded-jobs-functionality-in-azure-iot-central/

Cale and Sujit talk about using a solutions-based approach when selecting Azure services instead of getting caught in the hype of new services.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode270.mp3

Resources: https://azure.microsoft.com/en-us/solutions/

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/8d36dfb9b7/ 

Other updates:

Currently, Smart Detection sends email notifications by default to the Subscription Owner, Subscription Contributor, and Subscription Reader roles. These roles often include users who are not actively involved in monitoring, which causes many of these users to receive notifications unnecessarily. To improve this experience, we're making a change so that email notifications go to only the Monitoring Reader and Monitoring Contributor roles by default.

Create a transit VNet using VNet peering
https://azure.microsoft.com/en-us/blog/create-a-transit-vnet-using-vnet-peering/

Stay informed about service issues with Azure Service Health
https://azure.microsoft.com/en-us/blog/stay-informed-about-service-issues-with-azure-service-health/

AzCopy support in Azure Storage Explorer now available in public preview
https://azure.microsoft.com/en-us/blog/azcopy-support-in-azure-storage-explorer-now-available-in-public-preview/

To commemorate International Women's Day 2019, Cynthia and Kendall talk to Chole Condon, a Senior Cloud Developer Advocate at Microsoft, about her Azure learning journey and her experience as a woman in cloud computing.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode269.mp3

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/a7656b7fd4/

Paresh Mundade, a Senior PM in the Azure ExpressRoute team, gives the guys an update on the service and a glimpse into the roadmap of planned features.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode268.mp3

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/976fea3a84/

Links:
NPM: https://docs.microsoft.com/en-us/azure/expressroute/how-to-npm
Global Reach: https://aka.ms/GlobalReach
ExpressRoute Direct: https://aka.ms/ERDirect

Other updates:

Stream Analytics now empowers every developer to easily add anomaly detection capabilities to their Stream Analytics jobs without requiring them to develop and train their own machine learning models. Ready-to-use machine learning models are provided right within the SQL language. This reduces the cost and complexity associated with building and training machine learning models to a simple single function call.

Latest enhancements now available for Cognitive Services' Computer Vision
https://azure.microsoft.com/en-us/blog/latest-enhancements-now-available-for-cognitive-services-computer-vision/

Announcing Azure Integration Service Environment for Logic Apps
https://azure.microsoft.com/en-us/blog/announcing-azure-integration-service-environment-for-logic-apps/

Azure Stack laaS – part two
https://azure.microsoft.com/en-us/blog/azure-stack-laas-part-two/

Improving the TypeScript support in Azure Functions
https://azure.microsoft.com/en-us/blog/improving-the-typescript-support-in-azure-functions/

IPFS All Hands
https://www.youtube.com/watch?v=hDYPfzm9wGE&list=PLuhRWgmPaHtSGRSHdU9dbsukHKlihZZAe&index=2&t=0s

HoloLens 2
https://blogs.microsoft.com/blog/2019/02/24/microsoft-at-mwc-barcelona-introducing-microsoft-hololens-2/

Microsoft Cloud Solution Architects Gino Filicetti and Peter Laudati talk to the guys about an innovative approach to getting your team to learn Azure. They have developed a set of challenge-based hacks which allow for better retention of knowledge.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode267.mp3

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/7794ec50e2/

Hack content: https://aka.ms/wth

Other updates:

More reliable event-driven applications in Azure with an updated Event Grid

https://azure.microsoft.com/en-us/blog/more-reliable-event-driven-applications-in-azure-with-an-updated-event-grid/

We have been incredibly excited to be a part of the rise of event-driven programming as a core building block for cloud application architecture. By making the following features generally available, we want to enable you to build more sophisticated, performant, and stable event-driven applications in Azure.
The following features now GA: Dead lettering, Retry policies, Storage Queues as a destination, Hybrid Connections as a destination, Manual Validation Handshake

Azure.Source - Volume 70
https://azure.microsoft.com/en-us/blog/azure-source-volume-70/

Update 19.02 for Azure Sphere public preview now available
https://azure.microsoft.com/en-us/blog/update-19-02-for-azure-sphere-public-preview-now-available/

Under the hood: Performance, scale, security for cloud analytics with ADLS Gen2
https://azure.microsoft.com/en-us/blog/under-the-hood-performance-scale-security-for-cloud-analytics-with-adls-gen2/

BlockTalk - IPFS
https://channel9.msdn.com/Shows/Blocktalk/?ocid=AID765057&wt.mc_id=CFID0423

The dynamic Sean McKenna, Lead PM for AKS, gives us all the details about the service and why and when you should use it for your cloud compute needs. Russell and Kendall get together with him @ Microsoft Ready for a great show.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode266.mp3

 Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/44d9b32072/

Other updates:

https://docs.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance

Disaster recovery and storage account failover (preview) in Azure Storage

From <https://docs.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance>

Azure Cost Management for pay-as-you-go customers is now available in preview. Azure Cost Management brings the functionality of Cloudyn right into the Azure Portal so you can get visibility into your Azure spend through easy to use dashboards, create budgets, and optimize your spend so you get more value out of Azure.

Migrate from on-premises or cloud implementations of MongoDB to Azure Cosmos DB with minimal downtime by using the Azure Database Migration Service. Perform resilient migrations of MongoDB data at scale and with high reliability using Azure Database Migration Service. Provision an instance of Azure Database Migration Service from the Azure portal or via Azure CLI and create a migration project to perform the migration. 

SQL Server Migration Assistant support for Azure SQL Database Managed Instance is now generally available
Take advantage of generally available functionality in SQL Server Migration Assistant version 8.0 to migrate from Oracle, MySQL, DB2, and SAP ASE (Sybase) to the Azure SQL Database Managed Instance platform. The latest version of SQL Server Migration Assistant enables users to perform an assessment, convert the schema, and move data to the fully managed database service in the cloud

Update 19.02 for Azure Sphere public preview now available

New features around support for more broader enablement of device capabilities; more connectivity options, more space for applications, and some samples in the github repo on how to use bluetooth, IoT, private networking, etc.

Actuating mobility in the enterprise with new Azure Maps services and SDKs

Some services moving to GA from Public preview - Improved map canvas, and some enhanced spatial operations services for helping with analytics solutions.  New Android and Web SDK launched for developers.  Due to partnership with TomTom updates to maps will become quicker as well, as they move their map-making compute workloads to Azure as well.

Individually great, collectively unmatched: Announcing updates to 3 great Azure Data Services

Cynthia and Evan talk to Jamie Cool, Director of Program Management at Microsoft, who gives us all the details and potential use-cases for the Azure DevOps Server in your organization.

,

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode265.mp3

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/c9d39b86a3/

https://azure.com/devops

Other updates:

Availability Zones (AZ) is a high availability offering from Azure that protects applications and data from datacenter failures. By using AZ with Azure Kubernetes Service (AKS), customers will get higher reliability and resiliency for their applications running on Kubernetes. 

Node auto-repair monitors nodes in a cluster and initiates a repair process if a node fails to meet health criteria. This ensures that the nodes in a cluster are always in a healthy, running state

It is often useful to have different VM sizes and configurations within a single cluster to support a wide variety of workloads, including those that require specialized hardware like GPUs. With the support of multiple node pools, you can deploy applications to different types of VMs within a single cluster, from a single control plane, improving resource management and utilization.  You can also create, upgrade, and delete node pools individually without affecting the whole cluster.

Stay up to date with the latest and greatest of Kubernetes and get patching and security updates automatically.  Cluster auto-upgrade simplifies the task of keeping your Kubernetes service up to date by eliminating the need to do this manually, and ensures a higher level of security by automatically deploying important security fixes on a timely basis.

User-defined network policy enables secure network segmentation within Kubernetes.  It allows cluster operators to control which pods can communicate with each other and with resources outside the cluster. You can implement your network policy in AKS clusters either through Azure policy plugin or through the popular open source project, Calico.

With audit logging in AKS, customers can keep a chronological record of calls that have been made to the Kubernetes API server, a.k.a. control plane. Using these logs with tools like Log Analytics, customers can investigate suspicious API requests, collect statistics, and create monitoring alerts for unwanted API calls.   

Authorized IP ranges allows organization to restrict access to their Kubernetes control plane running in AKS to specific IP addresses or IP ranges. By restricting access to only trusted network locations, you can further protect your AKS cluster.  

Azure Monitor for containers support for AKS-engine is now available in public preview. Customers can now monitor both Azure Kubernetes Service (AKS) and AKS-engine by using Azure Monitor for containers.

NuGet, npm, and other Artifacts tasks support proxies - Sprint 147 Update
https://azure.microsoft.com/en-us/updates/nuget-npm-and-other-artifacts-tasks-support-proxies-sprint-147-update/

The team talks to Kip Kniskern, managing editor of OnMSFT.com about his impressions of Azure after he finished migrating OnMSFT.com to Azure.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode264.mp3

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/624dbce40b/

https://www.onmsft.com/
https://www.onmsft.com/news/onmsft-on-azure-first-impressions-on-our-move-to-microsofts-cloud

Other updates:

Migrate Amazon RDS for SQL Server to Azure SQL Database with minimal downtime by using generally available functionality in the Azure Database Migration Service. To learn more about how to use the Azure  Database Migration Service to perform online migrations from Amazon RDS for SQL Server to Azure SQL Database with minimal downtime, read the tutorial Migrate SQL Server to Azure SQL Database online using  Database Migration Service.

Availability Zones support is now generally available for Azure Service Bus premium and Azure Event Hubs standard in every Azure region that has zone redundant datacenters. Note that this feature won’t work with existing namespaces—you will need to provision new namespaces to use this feature.

Azure HDInsight Tools for VSCode
The Azure HDInsight Tools for VSCode are now generally available. They provide you with best-in-class authoring experiences for Apache Hive batch jobs, interactive Hive queries, and PySpark jobs. HDInsight Tools for VSCode feature a cross-platform, lightweight, keyboard-focused code editor which removes constraints and dependencies on a platform. It can be run smoothly on Windows, Linux and Mac.
Learn more in our documentation and blog.
 
Spark diagnosis and debugging toolkit
 A number of enhancements have been added to the rich development and debugging capabilities of HDInsight for Spark developers, including:
· Job graph with playback and heatmap identifying read/write bottlenecks.
· Executor usage analysis showing executors’ utilization and job execution efficiency.
· Data skew detection and analysis.
· Job specific data management including data preview, download, and copy.

Azure Guest OS Family 6, based on Windows Server 2019, is now generally available. Windows Server 2019 is the operating system that bridges on-premises environments with Azure, adding layers of security while helping you modernize your applications and infrastructure.

DNS Flag Day is February 1, 2019. On this day, DNS providers will stop supporting certain workarounds that enable name resolution for domains hosted on DNS servers that don't fully conform to EDNS standards. For more information, visit dnsflagday.net. You can test domains for compliance by using tools on that page. 
At this time, DNS services across Microsoft are testing as "All ok" or "Minor problems detected" on dnsflagday.net. Domains that test as "Minor problems detected" will not be affected on DNS Flag Day. Azure DNS and Azure Traffic Manager fixes are currently being rolled out to resolve these minor issues. Fixes for microsoft.com, xbox.com, and other domains are in progress. Some of these fixes will not be fully deployed until after DNS Flag Day. This is not expected to cause any impact to our customers or services.

Hyperledger Fabric updates now available
https://azure.microsoft.com/en-us/blog/hyperledger-fabric-updates-now-available/

Microsoft Azure Cloud Features Waves’ Smart Assets and Smart Accounts
https://blog.wavesplatform.com/microsoft-azure-cloud-features-waves-smart-assets-and-smart-accounts-1a71b3c23c2b

Azure Security Center can detect emerging vulnerabilities in Linux
https://azure.microsoft.com/en-us/blog/azure-security-center-can-detect-emerging-vulnerabilities-in-linux/

Azure Marketplace new offers – Volume 30
https://azure.microsoft.com/en-us/blog/azure-marketplace-new-offers-volume-30/

Liz Rice, Technical Evangelist at Aqua Security and master of all things Security in Kubernetes, talks to us about her philosophy on security and gives us the some great tips-n-tricks on how to secure your container workloads in Azure, on-prem or any cloud. 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode263.mp3

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/6283960fb7/

@lizrice
@aquasecteam
Aqua web site: https://aquasec.com
Aqua in the Azure marketplace: https://azuremarketplace.microsoft.com/en/marketplace/apps/aqua-security.aqua-security?tab=Overview

kube-hunter - open source pen testing tool for Kubernetes https://github.com/aquasecurity/kube-hunter
microscanner - free vulnerability scanning for container images. It's the same package vulnerability scanner as in the commercial product, but you can use it for free, running security scanning as part of your container image build process. https://github.com/aquasecurity/microscanner
Co-author with Michael Hausenblas of O'Reilly Kubernetes Security book https://kubernetes-security.info/

Other updates:

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-network-performance

Azure SQL DB metrics infrastructure improvements
Azure SQL Database is upgrading the infrastructure for monitoring and alerts. This upgrade will improve stability and lay the foundation for enabling next-generation alerts. The upgrade will take place from January 22, 2019 to January 28, 2019.  
 
How will this affect me?  
 
During this upgrade, there will be no change to metric data and charts available in the Azure portal. However, customers who are using the Azure Monitor REST API will no longer be able to query for metric data written before December 21, 2018.  
 
What do I need to do?  
 
If you need metric data before December 21, 2018, please make a copy of the data before January 21, 2019. Moving forward, metric history will be built up to 93 days and maintained as such.  
 
For guidance on saving metric data to a data store, see the Azure Monitor REST API walkthrough and Microsoft Azure Monitor REST API reference. 
 
For any questions or concerns, please contact support. 

Public preview: Read replicas in Azure Database for PostgreSQL
Posted on Monday, January 21, 2019
You can now replicate data from a single Azure Database for PostgreSQL server (master) to up to five read-only servers (read replicas) within the same Azure region. This feature uses PostgreSQL's native asynchronous replication.

Connecting Node-RED to Azure IoT Central
https://azure.microsoft.com/en-us/blog/connecting-node-red-to-azure-iot-central/

Azure Backup now supports PowerShell and ACLs for Azure Files
https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-powershell-and-acls-for-azure-files/

We are fortunate to have John Kozell, a Principal Consultant at Microsoft and an expert in all things Cosmos DB, specially when it comes to the Enterprise world. He gives us some unique perspectives on what Enterprises should do in order to make effective use of Cosmos DB to and also meet their compliance and operational goals.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode262.mp3

Transcript: https://www.videoindexer.ai/accounts/aca83d23-620b-46d6-beec-e920bff88847/videos/467ae71b3c/

• 5-Minute Quickstarts: https://docs.microsoft.com/en-us/azure/cosmos-db/
• Global distribution: https://docs.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally
• Backup & Restore/Compliance: https://docs.microsoft.com/en-us/azure/cosmos-db/online-backup-and-restore
• Monitoring: https://docs.microsoft.com/en-us/azure/cosmos-db/use-metrics
• Performance Tips: https://docs.microsoft.com/en-us/azure/cosmos-db/performance-tips

Other updates:

Microsoft announces partnership with Citrix to support Windows Virtual Desktop

Questions on data residency and compliance in Microsoft Azure? We got answers!
https://azure.microsoft.com/en-us/blog/questions-on-data-residency-and-compliance-in-azure-we-got-answers/

https://docs.microsoft.com/en-us/azure/devops/release-notes/2019/sprint-146-update?branch=releasenotes%2Fsprints145-146#features
Azure Boards:
 · Simplify the organization of your work using the Basic process
Azure Pipelines:
 · GitHub Enterprise support in the pipeline wizard
 · Automatic GitHub service connections in pipelines
 · Display status for each pipeline job in GitHub Checks
 · Default authorization for YAML resources in GitHub
 · Service containers for YAML pipelines
 · Work items linked to GitHub commits in Release Summary
 · New Azure App service tasks optimized for YAML
 · Azure Active Directory (Azure AD) authentication support in Azure SQL task
 · Grafana annotations service hook
 · Query Azure Monitor alerts tasks
 · Inline input of spec file in Deploy to Kubernetes task
 · Docker CLI Installer task
 · Java long-term support (LTS) on Microsoft hosted agents
 · YAML support for Bitbucket Cloud pipelines
 · Avoid triggering multiple CI builds for pull requests
 · Change build numbers, upload and download artifacts in forked repository builds
 · New option in Publish Test Results task to fail build on failed tests
 · Updates to the Azure portal for creating an Azure DevOps project
 · Use the Azure portal to set up and deploy to an Azure Cosmos DB database
 · Set up builds and release pipelines for Functions in the Azure portal
Azure Artifacts:
 · Package usage stats
Wiki:
 · Monospaced font for wiki Markdown editor
 · Bold wiki page titles
 · Insert Markdown table
 · Embed Azure Boards query results in wiki
Administration:
Restore deleted projects

Azure Migrate is now available in Asia and Europe
https://azure.microsoft.com/en-us/updates/azure-migrate-is-now-available-in-asia-and-europe/