Agenda
- NCas_T4_v3-Series VMs [ Generally Available ]
- Public IP SKU upgrade [ Generally Available ]
- Built-in Azure Policy support for NSG Flow Logs [ Generally Available ]
- Azure Security Center—News and updates for December 2020
1. Thanyapon Sananakin (Toon)
MVP : Microsoft Azure
Kumton Suttiraksiri (Bird)
MVP : Office Servers &
Services
Season 3
EP 45
January 16, 2020
Product updates for
Microsoft Azure
2. AGENDA
• NCas_T4_v3-Series VMs [ Generally Available ]
• Public IP SKU upgrade [ Generally Available ]
• Built-in Azure Policy support for NSG Flow Logs [ Generally Available ]
• Azure Security Center—News and updates for December 2020
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
3. NCas_T4_v3-Series VMs
• Status: Generally Available
Regions: West US2, West Europe, and Korea Central regions.
Features: 4 NVIDIA T4 GPUs with 16 GB of memory each, up to 64 non-
multithreaded AMD EPYC 7V12 (Rome) processor cores, and 448 GiB of
system memory.
Usage: These virtual machines are ideal to run ML and AI workloads
utilizing Cuda, TensorFlow, Pytorch, Caffe, and other frameworks or the
graphics workloads using NVIDIA GRID technology.
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
NCas_T4_v3-Series VMs are now generally available | Azure updates | Microsoft Azure
4. NCas_T4_v3-Series VMs
• Price for Windows VM
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
Pricing - Windows Virtual Machines | Microsoft Azure
5. Public IP SKU upgrade
• Status: Generally Available
Azure public IP addresses now support the ability to be upgraded from
Basic to Standard SKU. Additionally, any Basic Public Load Balancer can
now be upgraded to a Standard Public Load Balancer, while retaining the
same public IP address. This is supported via PowerShell, CLI, templates,
and API and available across all Azure regions.
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
Public IP SKU upgrade generally available | Azure updates | Microsoft Azure
6. Public IP SKU upgrade
• How to upgrade basic public IP to standard SKU (PowerShell)
$rg = 'myResourceGroup'
$name = 'myBasicPublicIP'
$newsku = 'Standard'
$pubIP = Get-AzPublicIpAddress -name $name -ResourceGroupName $rg
## This section is only needed if the Basic IP is not already set to Static ##
$pubIP.PublicIpAllocationMethod = 'Static'
Set-AzPublicIpAddress -PublicIpAddress $pubIP
## This section is for conversion to Standard ##
$pubIP.Sku.Name = $newsku
Set-AzPublicIpAddress -PublicIpAddress $pubIP
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
Upgrade public IP addresses - Azure Virtual Network | Microsoft Docs
7. Public IP SKU upgrade
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
• Public IP Basic & Standard SKU
Public IP addresses in Azure | Microsoft Docs
Basic SKU Standard SKU
Allocation method Dynamic / Static Always Static
Security Open, Allow all default Secured Blocked all default
Associate with • Network interfaces
• VPN Gateways
• Application Gateways
• Public load balancers
• network interfaces
• standard public load
balancers
• Application Gateways
Availability Zone
scenarios
Not support Support
8. Public IP SKU upgrade
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
• Limitations
• In order to upgrade a Basic Public IP, it cannot be associated with
any Azure resource.
• Public IPs upgraded from Basic to Standard SKU will continue to have
no availability zones and therefore cannot be associated with an
Azure resource that is either zone-redundant or zonal.
• You cannot downgrade from Standard to Basic.
Public IP addresses in Azure | Microsoft Docs
9. Built-in Azure Policy support
for NSG Flow Logs
• Status: Generally Available , In February 2021
In February 2020, we introduced Azure Resource Manager (ARM) policy
support for network security group (NSG) Flow Logs. To further simplify
the deployment experience for NSG Flow Logs customers, we now have
built-in policy support for NSG Flow Logs.
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
Built-in Azure Policy support for NSG Flow Logs is now available | Azure updates | Microsoft Azure
10. Built-in Azure Policy support
for NSG Flow Logs
• 2 Built-in policies for deploying NSG Flow Logs
oFlow log should be configured for every network security group
audit policy that flags non-compliant NSGs, that is NSGs without
Flow logging enabled
oDeploy a flow log resource with target network security group
policy with a deployment action, it enables Flow logs on all
NSGs without Flow logs
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
QuickStart - Deploy and manage NSG Flow Logs using Azure Policy - Azure Network Watcher |
Microsoft Docs
11. Built-in Azure Policy support
for NSG Flow Logs
• About NSG Flow logs
oA feature of Azure Network Watcher that allows you to log
information about IP traffic flowing through an NSG
oFlow data is sent to Azure Storage accounts from where you can
access it as well as export it to any visualization tool, SIEM, or IDS of
your choice.
• Common use cases
oNetwork Monitoring
oUsage monitoring and optimization
oCompliance
oNetwork forensics & Security analysis
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
Introduction to flow logging for NSGs - Azure Network Watcher | Microsoft Docs
12. Azure Security Center—News
and updates for December 2020
In December 2020, the following updates and enhancements were made to
Azure Security Center:
• Global Administrators can now grant themselves tenant-level permissions
• Two new Azure Defender plans: Azure Defender for DNS and Azure Defender
for Resource Manager (in preview)
• New security alerts page in the Azure portal (preview)
• Asset inventory tools and filters updated
• Recommendation about web apps requesting SSL certificates no longer part of
secure score
• Recommendations page has new filters for environment, severity, and
available responses
• Continuous export gets new data types and improved deployifnotexist policies
EP 45 – January 16, 2021 : Product updates for Microsoft Azure
Azure Security Center—News and updates for December 2020 | Azure updates | Microsoft Azure