This article was originally posted in the Microsoft Azure blog.
This month we’re bringing updates to help improve the usability of creating and managing virtual machines in Azure, updates to Security Center, and an improved experience to control access to resources.
Here’s the list of December updates to the Azure portal:
- Security Center network map is now generally available
- Updated Security Policy page
- Updated experience for Access control (IAM)
Let’s look at each of these updates in detail.
This month brings a few updates that improve the usability of creating and managing virtual machines.
When creating virtual machines, you now have more flexibility for configuring virtual machine network parameters. We have revised the interface to give you more control over creating virtual networks, virtual network subnets, and address space.
Configuring virtual network parameters for new VMs
We have also added the ability to specify the disk type of any new data disks during virtual machine creation.
Specifying disk type
Finally, we redesigned the Disks overview page to look more like a standard Azure resource, with the most important information in the Essentials area at the top of the page.
We have also added charts for key disk metrics, including disk IOPS, throughput, and queue depth.
To try out the new experience:
- From the left-navigation menu, select Create a Resource.
- Select any virtual machine image that you prefer.
- On the Create a virtual machine page, select the Networking tab and then click Create New under the Virtual network name box.
Security Center’s interactive network map provides a graphical view with security overlays giving you recommendations and insights for hardening your network resources. Using the map, you can see the network topology of your Azure workloads, connections between your virtual machines and subnets, and the capability to drill down from the map into specific resources and the recommendations for those resources. For more information see the documentation, “Protect your network resources in Azure Security Center.”
To open the Network map:
- In the Security Center, under Resource Security Hygiene, select Networking.
- Under Network map select See topology.
The Security Policy page was updated to reflect the built-in Azure Security Center policies as they are created in Azure policies. You can see the parameters for each of the policies that are assessed by Azure Security Center and configure existing security policies that apply to selected scopes (subscriptions or management groups).
Let’s try this again. Controlling access to Azure resources using role-based access control (RBAC) is one of the most common tasks performed in Azure, and the experience for managing access is consistent across the Azure portal for different service types. We’ve updated the Access control (IAM) blade in the portal with a new interface based on tabs to improve performance and to help you complete important tasks such as checking a user's access more quickly. Here’s everything that’s changing in the IAM blade:
- Improved performance of the IAM blade
- A check access feature to quickly view role assignments for a single user, group, service principal, or managed identity
- Tiles that link to common tasks
- A deny assignments tab to view any relevant deny assignments. Deny assignments are read-only and can only be set by Azure.
The new Access control (IAM) blade
To see the new IAM blade:
- Select All services and select the scope or resource you want to view or manage. For example, you can select Management groups, Subscriptions, Resource groups, or any resource.
- In the resource blade, select “Access control (IAM),” from the menu.
Azure Site Recovery now supports disaster recovery for Azure virtual machines deployed in Azure Availability zones. You can replicate zone pinned VMs from one Azure region to another region. If the target region supports Availability zones, you can configure the target VMs to be zone pinned VMs. If not, you can configure the VMs to be single instances or to be part of an availability set.
Replicate your virtual machines to another Azure region.
To try out this feature:
- Select any virtual machine deployed in an availability zone.
- Select Disaster recovery in the left menu.
- Review the defaults and select Enable replication.
Did you know?
If you’re like me, you like to test new things ahead of time to see what’s coming and to be able to enjoy new features as soon as you can put your hands on them. With the Azure portal, you can also test features in preview by visiting preview.portal.azure.com. Spoiler alert: we will have something really important for you coming up in December.