Generally Available: Vaulted backup for Azure Blob Storage
We are thrilled to announce that vaulted backups for Azure Blob Storage is now generally available. This native, managed, and secure backup solution keeps an offsite copy of your data and comprehensively safeguards your business-critical data stored in Azure Blob Storage against accidental deletion, corruption, and malicious attacks. It allows quick data recovery and business continuity, minimizing the impact of data loss.
Announcement: Generally Available: Vaulted backup for Azure Blob Storage
Documentation: Overview of Azure Blobs backup – Azure Backup | Microsoft Learn
Customer Managed Planned Failover for Azure Storage
Over the past few years Azure Storage has offered customer managed (unplanned) failover as a disaster recovery solution for geo-redundant storage accounts. This has enabled our users to meet their business requirements for disaster recovery testing and compliance. Planned failover now provides the same benefits while introducing additional benefits to our storage users.
Planned Failover provides the ability to swap your geo primary and secondary regions while the storage service endpoints are still healthy. As a result, a user can now failover their storage account while keeping geo-redundancy and with no data loss or additional cost. Users will no longer need to reconfigure geo-redundant storage (GRS) after their planned failover operation which will save them both time and cost. Once the planned failover operation is completed all new writes will be made to your original secondary region, which will now be your primary region.
Announcement: Public Preview: Customer Managed Planned Failover for Azure Storage – Microsoft Community Hub
Documentation: https://learn.microsoft.com/en-us/azure/storage/common/storage-initiate-account-failover
Dedicated log analytics tables in Application Gateway
Application Gateway now offers general availability for storing logs in a dedicated log analytics table. With dedicated log analytics table, customers can choose using resource specific table instead of existing Azure Diagnostic table.
In resource specific mode, individual tables in the selected workspace are created for each category selected in the diagnostic setting. This new mode helps you with better log querying capabilities along with a reduction in ingestion latencies and query times.
Announcement: Generally Available: Dedicated log analytics tables in Application Gateway
Documentation: Diagnostic logs – Azure Application Gateway | Microsoft Learn
Introducing granular permissions for Azure Service Bus Explorer
When working with the Service Bus Explorer in the Azure portal, you may want to grant different permissions to different users, depending on their role and responsibility. For example, you may want to allow some users to send messages to a queue, but not receive them. Or you may want to restrict access to a specific queue, topic, or subscription, but not the entire namespace.
To address this challenge, we are excited to announce granular permissions for Service Bus Explorer. To use granular permissions, you need to use Microsoft Entra authentication, and assign one of the following roles, either on the namespace level or on the entity level.
- Service Bus Data Owner; Allows to execute both send and receive operations.
- Service Bus Data Sender; Allows to execute send operations.
- Service Bus Data Receiver; Allows to execute peek, receive, and purge operations.
Announcement: Introducing granular permissions for Azure Service Bus Explorer – Microsoft Community Hub
Documentation: Use Azure Service Bus Explorer to run data operations – Azure Service Bus | Microsoft Learn
Name Reservation on Azure Container Registry
Starting August 1st, Azure Container Registry (ACR) will update its behavior regarding the deletion and re-creation of registries. ACR will prevent the reuse of a subdomain name, e.g. abc123.azurecr.io, for a period after the resource is deleted. This updated behavior enhances security and prevents subdomain takeovers by automatically reserving registry names during the creation of the ACR resource, without requiring any additional action or configuration from customers.
Once a resource name is reserved, it remains reserved from the moment of creation and throughout an extended period following the deletion of the resource (referred to as a cooldown period). During this cooldown period, subscriptions not associated with the original Azure AD tenant that created the resource will be unable to use the same name for a new registry. After the cooldown period concludes, the name reservation is lifted, allowing any subscription to create a registry with the previously reserved name.
Announcement: Name Reservation on Azure Container Registry – Microsoft Community Hub
Prevent dangling DNS entries and avoid subdomain takeover: Prevent subdomain takeovers with Azure DNS alias records and Azure App Service’s custom domain verification | Microsoft Learn
