As customers move beyond immediate crisis needs, such as enabling remote work, many are accelerating cloud adoption to increase competitive advantage and stay more digitally resilient. Enabling an agile, scalable, high-performing, and reliable infrastructure is critical to long-term success. Microsoft is committed to continuous innovation in Azure IaaS capabilities to help customers achieve these goals.
Microsoft is announcing new updates to the Azure infrastructure portfolio that help address a wide range of customer needs.
Increase agility with access to more choices and flexibility
Being responsive to rapidly changing business requirements is more important than it has ever been. Organizations need choices and flexibility in their cloud investments to stay agile. New innovations in Azure provide our customers with even more options, and these updates give customers the ultimate flexibility they need.
More options to run memory-intensive workloads. New Msv2 medium memory virtual machines (VMs), available in preview, enable customers to achieve up to a 20 percent increase in central processing units (CPU) performance and access up to 192 vCPU and 4TiB of memory. New Azure Dedicated Host stock keeping unit (SKUs), available soon in preview, let customers run a broader range of memory-intensive workloads in a single-tenant, hardware-isolated environment.
Simplified acquisition of compute capacity at deep discounts. New Azure Spot Virtual Machines (Spot VMs) features, in preview, help customers drastically improve the overall runtime of scale-out apps by letting Azure try and redeploy previously evicted Spot VMs as part of a scale set. Customers can also simulate evictions to test app behavior to ensure tolerance to interruptions.
More options to scale hybrid and edge deployments. The integration of VMware SD-WAN and the Azure Virtual WAN hub, available in preview, allows customers to easily connect branch offices and remote locations to Azure through VMware SD-WAN and take advantage of a complete Secure Access Service Edge solution. Azure Route Server—now in preview, helps customers streamline operations between any networking appliance and Azure’s virtual network by facilitating dynamic routing.
New capabilities to manage Linux environments. Last fall, Microsoft launched Azure Automanage to help customers greatly simplify Windows virtual machine management in Azure. We are now extending Azure Automanage capabilities to Linux Virtual Machines, giving customers the convenience to manage Windows and Linux VMs through one control plane. Additionally, the preview of Azure native integration with Elastic allows customers using Elastic services on Azure to access integrated billing, full technical support, and Azure portal integration.
Scale business-critical apps and improve performance
Many customers are migrating to the cloud to scale their most demanding workloads to achieve efficiency and performance gains. Azure offers one of the fastest networks with the broadest global footprint, enabling customers to build and deploy apps anywhere. They continue to innovate and make it easier for customers to increase workload scale and performance.
Simplified network resource distribution with new Azure Load Balancing capabilities. The new Azure Load Balancing selection tool, now in preview, offers customers guidance to choose the right services based on their workloads and requirements. They’re also increasing flexibility to load balance across IP addresses with Azure Load Balancer, now generally available.
More options to scale deployments with new Azure Virtual Machine Scale Sets features. Customers can simplify application deployment, management, and scalability while improving uptime with the recently introduced flexible orchestration mode. Customers can also gain greater operational agility by changing virtual machine sizes without redeploying the scale set and optimize costs by mixing Spot VMs and pay-as-you-go virtual machines within the same scale set.
Scaling disk performance with new performance tiers on premium SSDs. With the new capability in preview, customers can sustain a higher level of performance for planned events, such as a seasonal promotion, and change performance tiers without disruption to their workloads.
Strengthen business continuity with new reliability and security enhancements
Azure provides built-in high-availability and disaster recovery options to ensure maximum resilience for all workloads. We continue our infrastructure investments, including expanding our already leading number of regions and availability zones and are launching new services to keep apps and data resilient and secure on Azure.
Improving high availability with new on-demand capacity reservations. On-demand capacity reservations, now in preview, enable customers to reserve compute capacity for one or more virtual machine size in an Azure region or Availability Zone for any length of time. Customers can also combine capacity reservations with Reserved Virtual Machine Instances to greatly reduce costs.
Increasing workload portability and availability. Azure Resource Mover, now generally available, lets customers seamlessly move resources between public Azure regions. Customers can also increase workload availability with protection in the event of a zone failure with Zone Redundant Storage support for Premium and Standard SSDs, available in preview.
Built-in backup management at scale with Azure Backup Center. Azure Backup Center, now generally available, supports all Azure-based workloads supported by Azure Backup and offers new Azure policies to deploy backups at scale based on resource groups and tags.
Protection for data-in-use with Azure Confidential Computing. Customers can harden workloads and protect against malicious attacks with Trusted Launch for all Azure Virtual Machines, available in preview. They’re also safeguarding sensitive data in Azure with the preview of SQL Always Encrypted secure enclaves and enabling secure orchestration of confidential containers on Azure Kubernetes Service, now generally available.
Protection for apps and data with auto-key rotation. With the preview of the new feature, customers can automatically update all disks, snapshots, and images, and ensure their data is always secured with the latest encryption key.
Accelerate cloud migration with confidence
Microsoft and BPS will help customers accelerate cloud migration with first-class migration tooling, support, skilling, and resources. New capabilities are continuously being added to Azure Migrate.
Centralized migration across all infrastructure, apps, and data. With new features in Azure Migrate, customers can now assess SQL Server estates with the preview of discovery and assessment for SQL Server migration to Azure SQL.
Additional new features include the general availability of PowerShell support for migration of VMware virtual machines and the preview of a new app containerization tool allowing customers to migrate .NET and web apps to Azure Kubernetes Service.
“BPS” in collaboration with “Al-Iktissad Wal-Aamal organized a webinar entitled “Cloud Talks 2021”, to discuss the services and applications offered by cloud computing providers in order to empower digital business transformation while preserving security, privacy and compliance with laws and regulations. Over 120 persons representing senior executives from 12 different countries participated in the webinar, which hosted experts from leading companies and technology providers from the MENA region.
The Digital Transformation Journey
Mahmoud Moussa -Senior Cloud Solution Architect for Data & AI, Microsoft – confirmed, during his participation in the webinar, that the “Azure IoT Edge” technology provided Microsoft allows the delivery of sensors from all the company’s departments and its use in order to connect to another backend related to the Internet of Things where the data is sent after being initially processed. He explained that cloud services seek to enable digital technology through several domains, most notably: The Internet of Things and Edge technology, advanced analytics, artificial and cognitive intelligence, graphic technique, Blockchain technology, digital workplace and 3D imaging.
For his part, the Sales Manager at Citrix, Abbas Ali-Ahmad pointed out that success will go to the organizations and companies that will be able to provide a stable and safe work experience. He emphasized on the importance of knowing how to support any type of users wanting to access information; whether they were employees, contractors or business partners, and the possibility to work from any place, using any type of device or computing system.
As for Eiad Al-Aqqad -the Principal Solution Architect at “VMware Cloud Providers Program”- he discussed the vision of “VMware Cloud” in the world of cloud computing, he explained that their vision allows users and cloud service providers to activate any application on any device of any kind.
Cyber Security and Cloud Computing
In a panel discussion, moderated by Parthasarathy Pillairkulam – EVP-Chief Information Security Officer at First Abu Dhabi Bank- General Manager of Capital outsourcing, Chadi Ghazal, indicated that his company was the first to own a cloud platform in the MENA region since 2000. He explained that cloud computing is a virtual process for hardware, software, networks, storage spaces and services used by developers to implement complex operations. Adding that when using cloud computing, companies are not compelled to purchase any new devices or services, however they need to upgrade their virtual storage for a certain fee.
As for Alain Sawaya -General Manager of the Jordanian “Zain Datapark”- he explained that his company is an entity that was founded to enable “Zain Group” to provide cyber security and cloud computing services everywhere. He added that every country aspires to have its own cloud located within its territory for multiple reasons: legitimacy, data sovereignty and to secure data especially for governments. Furthermore, he announced the transfer of severl financial and banking applications to private cloud servers.
On his behalf, Mohamed Ayad, Vice President and Business Development Manager of “Libyan Spider” considered that country cloud and public cloud approaches are closer to each other today more than ever, indicating that “Microsoft” is expanding this service very quickly.
Ayad pointed out that there have been concerns about data security and privacy from the very first day of the cloud model’s birth, which has greatly affected companies’ work. He continued adding that many companies have switched to using public cloud more than before due to the flexibility with which entrusted public cloud providers work.
On the other hand, General Manager of “Gulf Infotech” in Oman, Yahya Zakir Sait, said that the largest companies providing cloud services have neglected the Middle East region in 2009 due to the low adoption of cloud solutions, pointing out that the high demand for adopting these solutions has created a quantum leap for the region in general.
“BPS” and Digital Transformation
BPS provides vendors with multiple licensing programs, services and technical supports to partners in order to develop their businesses, in addition to “SAM” consultations. The company focuses on supporting MSP focused channel, telecom companies, internet service providers, database centers, service providers, integrated systems, managed services, software companies and IT distributors who are heading towards digital and cloud transformation.
The company always strives to add more services to its own affiliated program. It started its operations as a cloud distributor in 2005 and has earned years of local experience in the cloud channel business, to become today a pioneer in this field in the MENA region.
Azure UAE Regions are now stronger than ever with the availability of the new Azure Services led by Azure Security!
The new services are:
Azure Sentinel has the capability to see and stop threats before they cause harm, with a SIEM and SOAR reinvented for a modern world, providing a birds-eye view across the enterprise.
Artificial intelligence (AI) makes threat detection and response smarter and faster. The platform allows for elastic scaling and eliminates the need for costly set up and maintenance. For these reasons, customers such as ASOS are leveraging Azure Sentinel to analyze data coming from separate systems and solutions.
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to virtual machines directly through the Azure Portal. Azure Bastion is provisioned directly in a customer’s Virtual Network (VNet) and supports all VMs using SSL without any exposure through public IP addresses.
Cognitive Services: Immersive Reader and Anomaly Detector
- Immersive Reader is an Azure Cognitive Service that allows for embedding text reading and comprehension capabilities into applications. Users of any age and reading ability are supported with features like reading aloud, translating languages, and focusing attention through highlighting and other design elements. Azure is the only major cloud provider offering this type of reading technology. No machine learning expertise is required.
- Anomaly detection capabilities can be easily embedded into apps so users can quickly identify problems. Through an API, Anomaly Detector ingests time-series data of all types and selects the best-fitting detection model for particular data to ensure high accuracy. The service can be customized to detect any level of anomaly and deployed where need it is needed most inside containers – from the cloud to the intelligent edge. Azure is the only major cloud provider that offers anomaly detection as an AI service.
This application can connect with business-critical apps and services, automating workflows without writing a single line of code. Its advantages include leveraging a write-once, run anywhere ability, a consistent integration with developer tools and services, creating business processes and workflows visually and integrating with SaaS and enterprise applications.
- Container Instances & App Configuration
Container Instances and App Configuration provide simplicity, scalability and security while modernizing applications.
Security and Protection, Artificial Intelligence, Cognitive Services, Application Integration and Modernization are leading this round of the new services announcement.
Security Center is in active development and receives daily improvements that help you strengthen your environment and your hybrid cloud posture while tracking compliance with the policies and standards.
The added enhancements are explained in details below.
- Azure Defender for SQL servers on machines: Azure Security Center offers two Azure Defender plans for SQL Servers to protect your databases and their data wherever they are located.
- Azure Defender for Azure SQL database servers – defends your Azure-native SQL Servers.
- Azure Defender for SQL servers on machines– extends the same protections to your SQL servers in hybrid, multi-cloud, and on-premises environments.
Azure Defender for SQL includes vulnerability assessment capabilities.
The vulnerability assessment tool includes the following advanced features:
- Baseline configuration to intelligently refine the results of vulnerability scans to those that might represent real security issues.
After you have established your baseline security state, the vulnerability assessment tool only reports deviations from that baseline state.
Results that match the baseline are considered as passing subsequent scans.
This lets you and your analysts focus your attention where it matters.
- Detailed benchmark information to help you understand the discovered findings, and why they
relate to your resources.
- Remediation scripts to help you mitigate identified risks.
- Two new Azure Defender plans have been newly added.
Microsoft Azure has added two new cloud-native breadth threat protection capabilities for your Azure environment. These new protections greatly enhance your resiliency against attacks from threat actors, and significantly increase the number of Azure resources protected by Azure Defender.
- Azure Defender for DNS – continuously monitors all DNS queries from your Azure resources.
- Azure Defender for Resource Manager – automatically monitors all resource management operations performed in your organization.
- Revitalized Security Center experience in Azure SQL Database & SQL Managed Instance
The Security Center experience within SQL provides access to the following Security Center and Azure Defender for SQL features:
Security Center periodically analyzes the security state of all connected Azure resources to identify potential security misconfigurations.
It then provides recommendations on how to remediate those vulnerabilities and improve organizations’ security posture.
A detection service that continuously monitors Azure SQL activities for threats such as SQL injection, brute-force attacks, and privilege abuse.
This service triggers detailed and action-oriented security alerts in Security Center and provides options for continuing investigations with Azure Sentinel, Microsoft’s Azure-native SIEM solution.
A vulnerability assessment service that continuously monitors Azure SQL configurations and helps remediate vulnerabilities.
Assessment scans provide an overview of Azure SQL security states together with detailed security findings.
- Azure Defender for SQL support for Azure Synapse Analytics dedicated SQL pool:
Azure Synapse Analytics is an analytics service that combines enterprise data warehousing and big data analytics.
Azure Defender for SQL protects your dedicated SQL pools with:
- Advanced threat protection to detect threats and attacks.
- Vulnerability assessment capabilities to identify and remediate security misconfigurations.
- Recommendations page has new filters for environment, severity, and available responses:
Azure Security Center monitors all connected resources and generates security recommendations. You can use these recommendations to strengthen your hybrid cloud posture and track compliance with the policies and standards relevant to your organization, industry, and country.
As Security Center continues to expand its coverage and features, the list of security recommendations is growing every month.
With the growing list, there is a need to be able to filter to the recommendations of greatest interest. You can now filter the list of security recommendations according to a range of criteria.
In the following example, the recommendations list has been filtered to show recommendations that:
- are generally available (that is, not preview)
- are for storage accounts.
- support quick fix remediation.
The filters that were recently added provide options to refine the recommendations list according to:
- Environment– View recommendations for your AWS, GCP, or Azure resources (or any combination)
- Severity– View recommendations according to the severity classification set by Security Center.
- Response actions– View recommendations according to the availability of Security Center response options: Quick fix, Deny, and Enforce.
To help organizations protect all their assets against evolving digital security threats, Microsoft is unifying all Extended Detection and Response (XDR) technologies under the Microsoft Defender brand.
Microsoft Defender prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.
With Microsoft Defender, Microsoft is rebranding the existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.
Microsoft Defender is delivered in two tailored experiences:
Microsoft 365 Defender
- Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email, and documents.
- It uses artificial intelligence to reduce the SOC’s work items.
- Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.
The branding changes to unify the Microsoft 365 Defender technologies:
- Microsoft 365 Defender (previously Microsoft Threat Protection)
- Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
- Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
- Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
New features available within Microsoft 365 Defender:
- Extending mobile threat defense capabilities in Microsoft Defender for Endpoint to iOS, Android and macOS.
- Priority account protection in Microsoft Defender for Office 365 will help security teams focus on protection from phishing attacks for users who have access to the most critical and privileged information.
Customers can customize prioritized account workflows to offer these users an added layer of protection.
Microsoft 365 Defender
Azure Defender delivers XDR capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more.
Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center.
Microsoft has announced brand changes for these capabilities under Azure Defender as well:
- Azure Defender for Servers (previously Azure Security Center Standard Edition)
- Azure Defender for IoT (previously Azure Security Center for IoT)
- Azure Defender for SQL (previously Advanced Threat Protection for SQL)
New features now available within Azure Defender:
- To help defenders identify and mitigate unprotected resources, Microsoft is delivering a new unified experience for Azure Defender that makes it easy to see which resources are protected and which need further protection.
- Added protection for SQL servers on-premises and in multi-cloud environments as well as virtual machines in other clouds, and improved protections for containers, including Kubernetes-level policy management and continuous scanning of container images in container registries.
- Support for operational technology networks with the integration of Cyber X into Azure Defender for IoT.
Azure adds new constrained vCPUs, capable virtual machines to reduce software licensing costs without impacting performance
Azure offers various VM sizes for which you can constrain the VM vCPU count to reduce the cost of software licensing, while maintaining the same memory, storage, and I/O bandwidth.
This may be crucial for some database workloads like SQL Server or Oracle that require high memory, storage, and I/O bandwidth, but not a high core count since many database workloads are not CPU-intensive.
So, by deploying the latest Azure Virtual Machines, you can further increase the efficiency of your cloud infrastructure.
The vCPU count can be constrained to one half or one quarter of the original VM size. These new VM sizes have a suffix that specifies the number of active vCPUs to make them easier for you to identify.
The Esv4, Edsv4, and Easv4 memory optimized Azure VM series now offer new constrained vCPU VM sizes.
For example, the current VM size ‘’E8s_v4’’ comes with 8 vCPUs, 64 GB RAM, 16 disks and 12,800 IOPs. The new VM sizes ‘’E8-4s_v4’’ and ‘’E8-2s_v4’’ comes with 4 and 2 active vCPUs respectively, while maintaining the rest of the specs of the ‘’E8s_v4’’ for memory, storage, and I/O bandwidth.
The licensing fees charged for SQL Server or Oracle are constrained to the new vCPU count, and other products should be charged based on the new vCPU count. This results in a 50% to 75% increase in the ratio of the VM specs to active (billable) vCPUs. These new VM sizes allow customer workloads to use the same memory, storage, and I/O bandwidth while optimizing their software licensing cost. Currently, the compute cost, which includes OS licensing, remains the same one as the original size.