AD Domain Services for ARM based vNets, Dynamic Group Membership for Azure AD, new Azure SQL standard tiers and new Azure portal changes all in the latest Need to Know podcast.
Azure AD domain services for ARM based vNets
You may remember back in July we announced the public preview of Azure AD Domain Services in the new Azure portal where you can now create new managed AD domains and perform administrative tasks like configuring secure LDAP.
Now there is the public preview of Azure AD Domain Services support for virtual networks created using Azure Resource Manager. You can now create new managed AD domains in virtual networks that were provisioned using Azure Resource Manager.
Azure AD Domain Services provides managed AD domain services like domain join, group policy, LDAP, and Kerberos/NTLM authentication, and all those services are fully compatible with Windows Server Active Directory.
Dynamic Group Membership in Azure Active Directory
One of my favorite new features in Azure Active Directory is Dynamic Group Membership, there are different types of Dynamic Groups that you can create:
- Dynamic Device
- Dynamic User
Then you select Add dynamic query where you can create a simple or advanced rule.
You can create Dynamic Groups, then assign these Groups to Applications and Licenses. If a user or device satisfies a rule on a group, they are added as a member of that group. For example, all users (Local Active Directory and Azure Active Directory) who have as City defined as Bedrock will automatically be added to this group.
This feature requires an Azure AD Premium P1 license for each user member added to at least one dynamic group.
New performance levels and storage add-ons in Azure SQL Database
Changes to the Azure SQL standard tiers…. Previously, the highest performance level for a single database in the Standard tier was limited to 100 DTUs, now this increases by 30x to 3000 DTUs with a range of new choices in between.
These new S4 – S12 performance levels provide price savings opportunities for CPU intensive workloads that do not demand the kind of high IO performance provided by the Premium tier. For IO intensive workloads, the Premium tier continues to provide lower latency per IO and more IOPS per DTU than in the Standard tier.
Storage add-ons for single databases and elastic pools
Previously, the storage size limit was a fixed amount based on the service tier and performance level. Customers can now purchase extra storage above this included amount for single databases and elastic pools in the Standard and Premium tiers. The decoupling of storage from compute reduces costs by allowing more storage without having to increase DTUs or eDTUs.
Storage provisioned above the included amount is ch rged extra and billed on an hourly basis. Storage for a single database or elastic pool can be provisioned in increments of 250 GB up to 1TB and then in increments of 256 GB beyond 1TB.
Announcing Default Encryption for Azure Blobs, Files, Table and Queue Storage
For most customers, security is not only of the most importance but also a deciding factor in choosing a public cloud provider. Customers require their data to be encrypted at rest as per their security and compliance needs. The Azure Storage team take security and privacy seriously and help protect your data. Current there is Storage Service Encryption (SSE) for Azure Blob and File storage using Microsoft Managed Keys or Customer Managed keys for Azure Blob storage.
Now we are taking security a step further, by enabling encryption by default using Microsoft Managed Keys for all data written to Azure services (Blob, File, Table and Queue storage), for all storage accounts (in both Azure Resource Manager and Classic storage accounts), for both new and existing storage accounts. Storage Service Encryption for managed disks, including import scenario will also be supported.
All data that is written into Azure storage will be automatically encrypted by the Storage service prior to persisting, and decrypted prior to retrieval. Encryption and decryption are completely transparent to the user. All data is encrypted using 256-bit AES encryption, also known as AES-256 – one of the strongest block ciphers available. With encryption enabled by default, customers do not have to make any changes to their applications.
To verify encryption is enabled for storage accounts, customers can either query the status of encrypted data for blobs and file, or check account properties.
There is neither any additional charge, nor any performance degradation in using this feature.
New Azure Portal Changes
There are some new Azure portal changes. All new up coming changes can be experienced and seen by going to http://preview.portal.azure.com which is a staging site a couple of weeks in the future.
Some keyboard shortcuts listed below, as an example, ‘G/’ sets the focus to the search at the top of the screen.
Also in the popular All Resources section, you can now select columns such as Tags to group by or sort by Tags. You can also add tags to resources or multiple resources in the same All Resources section.
They have added in the ability to multi-select items in the portal by selecting the check-boxes on the left of the resources.
Al so by using the ‘Custom Template‘ option in the portal, you can search directly within GitHub for Azure ARM templates and edit the JSON template from within the portal visually by viewing the JSON outline just like you do in Visual Studio.