Azure Flash News Episode for 2018-11-30

Show Notes

You can find the archive for this show here.


Rick Weyenberg email: twitter: @codeboarder

Mark Garner email: twitter: @mgarner


twitter: @azureflashnews


Google Play:


The Green Team solves high-risk, systemic security issues for Microsoft Azure

Jump to Article

  • Credentials in source is a high-risk and systemic security issue.
  • MS Green Team developed the App Authentication Library which uses the developer's identity from Visual Studio/Azure CLI to authenticate to Key Vault during local development scenarios, and when the solution is deployed to Azure, automatically switches to using Managed Service Identity.
  • Storing and retrieving credentials securely from Key Vault is easier.

Improving Azure Virtual Machine resiliency with predictive ML and live migration

Jump to Article

  • Microsoft has been using live migration in response to failure scenarios since 2018, now predicting failures with Machine Learning
  • Able to live migrate workloads off “at-risk” machines before they ever show any signs of failing.
  • Initial focus was on potential disk failures.
  • VM state and network connections are preserved during live migration, so there is minimal impact to users.

Simplifying security for serverless and web apps with Azure Functions and App Service

Jump to Article

  • New security features to reduce the amount of code you need in order to work with identities and secrets.
  • Key Vault references for Application Settings (public preview)

    • Source application setting from Key Vault
    • No new code to transition legacy apps or utilize Azure Function triggers
  • User-assigned managed identities (public preview)

    • Managed identities that are created as their own Azure resource and then assigned to a given application.
    • Can also be assigned to multiple applications, and an application can have multiple user-assigned identities.
  • Managed identities for App Service on Linux/Web App for Containers (public preview)

    • Both system-assigned and user-assigned
  • ClaimsPrincipal binding data for Azure Functions

    • Easier to use identities from your function code. Cleans up code for identity-dependent functions.
    • .NET only preview, more languages coming
  • Support for Access-Control-Allow-Credentials in CORS config

    • New CORS feature enables the Access-Control-Allow-Credentials header to be set, which is necessary whenever you need to send cookies or a token as part of calling your API.

Announcing Azure Dedicated HSM availability

Jump to Article

  • Dedicated Hardware Security Module (HSM) service provides cryptographic key storage in Azure.
  • Uses SafeNet Luna Network HSM 7 devices from Gemalto.
  • Certified for FIPS 140-2 Level 3 and eIDAS Common Criteria EAL4+.
  • Dedicated HSM supports up to ten partitions per HSM.
  • Full administrative and cryptographic control over the Azure Dedicated HSMs in Azure. Microsoft does not have visibility into your cryptographic keys.
  • Suitable for migration of HSM applications to Azure or applications that require crypto other than RSA and ECC.

Premium Block Blob Storage – a new level of performance

Jump to Article

  • Uses a combination of solid-state drives in our storage clusters and enhancements to our blob storage software to provide high throughput and very fast response times
  • In a demo, the average latency for Standard was 61.4ms compared to Premium at 5.3ms

Time series analysis in Azure Data Explorer

Jump to Article

  • Azure Data Explorer has native support for creation, manipulation, and analysis of time series. Create and analyze thousands of time series in seconds and enable near real-time monitoring solutions and workflows.
  • Filtering, regression analysis, seasonality detection, and element-wise functions are native capabilities for time series analysis.


Produced by

MTC Facility

Source: Azure Flash News
Source Link: Azure Flash News Episode for 2018-11-30