You can find the archive for this show here.
Rick Weyenberg email: firstname.lastname@example.org twitter: @codeboarder
Mark Garner email: email@example.com twitter: @mgarner
Google Play: aka.ms/afn-google
The Green Team solves high-risk, systemic security issues for Microsoft Azure
- Credentials in source is a high-risk and systemic security issue.
- MS Green Team developed the App Authentication Library which uses the developer's identity from Visual Studio/Azure CLI to authenticate to Key Vault during local development scenarios, and when the solution is deployed to Azure, automatically switches to using Managed Service Identity.
- Storing and retrieving credentials securely from Key Vault is easier.
Improving Azure Virtual Machine resiliency with predictive ML and live migration
- Microsoft has been using live migration in response to failure scenarios since 2018, now predicting failures with Machine Learning
- Able to live migrate workloads off “at-risk” machines before they ever show any signs of failing.
- Initial focus was on potential disk failures.
- VM state and network connections are preserved during live migration, so there is minimal impact to users.
Simplifying security for serverless and web apps with Azure Functions and App Service
- New security features to reduce the amount of code you need in order to work with identities and secrets.
Key Vault references for Application Settings (public preview)
- Source application setting from Key Vault
- No new code to transition legacy apps or utilize Azure Function triggers
User-assigned managed identities (public preview)
- Managed identities that are created as their own Azure resource and then assigned to a given application.
- Can also be assigned to multiple applications, and an application can have multiple user-assigned identities.
Managed identities for App Service on Linux/Web App for Containers (public preview)
- Both system-assigned and user-assigned
ClaimsPrincipal binding data for Azure Functions
- Easier to use identities from your function code. Cleans up code for identity-dependent functions.
- .NET only preview, more languages coming
Support for Access-Control-Allow-Credentials in CORS config
- New CORS feature enables the Access-Control-Allow-Credentials header to be set, which is necessary whenever you need to send cookies or a token as part of calling your API.
Announcing Azure Dedicated HSM availability
- Dedicated Hardware Security Module (HSM) service provides cryptographic key storage in Azure.
- Uses SafeNet Luna Network HSM 7 devices from Gemalto.
- Certified for FIPS 140-2 Level 3 and eIDAS Common Criteria EAL4+.
- Dedicated HSM supports up to ten partitions per HSM.
- Full administrative and cryptographic control over the Azure Dedicated HSMs in Azure. Microsoft does not have visibility into your cryptographic keys.
- Suitable for migration of HSM applications to Azure or applications that require crypto other than RSA and ECC.
Premium Block Blob Storage – a new level of performance
- Uses a combination of solid-state drives in our storage clusters and enhancements to our blob storage software to provide high throughput and very fast response times
- In a demo, the average latency for Standard was 61.4ms compared to Premium at 5.3ms
Time series analysis in Azure Data Explorer
- Azure Data Explorer has native support for creation, manipulation, and analysis of time series. Create and analyze thousands of time series in seconds and enable near real-time monitoring solutions and workflows.
- Filtering, regression analysis, seasonality detection, and element-wise functions are native capabilities for time series analysis.
Source: Azure Flash News
Source Link: Azure Flash News Episode for 2018-11-30