Category Archives : Networking



New Azure Network Watcher integrations and Network Security Group Flow Logging updates

Azure Network Watcher provides you the ability to monitor, diagnose, and gain insights into your network in Azure.

Among its suite of capabilities, Network Watcher offers the ability to log network traffic through Network Security Group (NSG) Flow Logging. When NSG Flow Logging is enabled, you gain access to Network flow-level data that has endless applications in security, compliance, and traffic monitoring use cases. Deeper analysis of this NSG flow data is available in Network Watcher using Traffic Analytics, which is currently in preview.

Since Azure Network Watcher’s inception, we have continuously partnered with leaders in the SIEM and Log Management industry to provide a rich ecosystem of tools that seamlessly integrate and understand your network in Azure. I would like to highlight two of the most recent partners, offering customers additional choice and value through integration with Azure. On top of our growing ecosystem, we have now enabled the option to send NSG Flow Log data across subscriptions which greatly enhances log management in larger environments.

McAfee Cloud Workload Security integration

Recently, McAfee announced the general availability of the Cloud Workload Security (CWS) Platform in Azure including integration with Network Watcher. CWS automates the discovery and defense of elastic workloads



Announcing SQL Advanced Threat Protection (ATP) and SQL Vulnerability Assessment general availability

We are delighted to announce the general availability of SQL Vulnerability Assessment for Azure SQL Database! SQL Vulnerability Assessment (VA) provides you a one-stop-shop to discover, track and remediate potential database vulnerabilities. It helps give you visibility into your security state, and includes actionable steps to investigate, manage and resolve security issues, and enhance your database fortifications. VA is available for Azure SQL Database customers as well as for on-premises SQL Server customers via SSMS.

If you have data privacy requirements or need to comply with data protection regulations like the European Union General Data Protection Regulation (EU GDPR), then VA is your built-in solution to simplify these processes and monitor your database protection status. For dynamic database environments where changes are frequent and hard to track, VA is invaluable in detecting the settings that can leave your database vulnerable to attack.

New SQL Advanced Threat Protection (ATP)

VA is being released to general availability (GA) as part of a new security package for your Azure SQL Database, called SQL Advanced Threat Protection (ATP). ATP provides a single go-to location for discovering, classifying and protecting sensitive data, managing your database vulnerabilities, and detecting anomalous activities that could indicate a



Azure Networking May 2018 announcements
Azure Networking May 2018 announcements

This week is Microsoft Build 2018, our premiere event of the year for our gifted developer audience. With a strong appetite for technology and a desire to learn and immerse themselves in new ways to build and create cloud applications, thousands of software professionals and coders are coming to Seattle this week. We’d like to take this opportunity to let you know about new networking services we have launched as well as enhancements we have made.

As businesses of all sizes increasingly move their mission-critical workloads to Azure, new opportunities arise to simplify the overall network experience, from security and management over monitoring to key areas such as reliability and performance. Launching new services such as DDoS, VNet access to Azure services, zone-aware Application Gateways, a new global scale CDN offering, along with a new and super-fast Load Balancer, we continue to enhance the networking capabilities of Azure and more importantly develop new services and technologies to help customers run, manage, and achieve more when running their most demanding workloads.

Azure DDoS Protection

Last month we announced the general availability (GA) of the Azure DDoS Protection Standard service that provides enhanced DDoS mitigation capabilities for your application and resources deployed



Virtual Network Service Endpoints for Azure #CosmosDB is now generally available

This blog was co-authored by Anitha Adusumilli​, Principal Program Manager, Azure Networking and Sumeet Mittal, Program Manager, Azure Networking.

Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service for mission-critical applications. Azure Cosmos DB provides turnkey global distribution, elastic scaling of throughput and storage worldwide, single-digit millisecond latencies at the 99th percentile, five well-defined consistency models, and guaranteed high availability, all backed by industry-leading comprehensive SLAs. Azure Cosmos DB automatically indexes all your data without requiring you to deal with schema or index management. It is a multi-model service and supports document, key-value, graph, and column-family data models.

Improved security capabilities

We are excited to announce the general availability of Virtual Network Service Endpoints for Azure Cosmos DB. Azure Cosmos DB uses Virtual Network Service Endpoints to create network rules that allow traffic only from selected Virtual Network and subnets. This feature is now available in all regions of Azure public cloud.

Customers can combine existing authorization mechanisms like Firewall Access Control List (ACL) with the new network boundaries to provide an enhanced security for their data. Azure Cosmos DB is the first service to allow cross region access control support where customer can restrict access to globally distributed



Announcing Microsoft’s own Content Delivery Network

This blog post was co-authored by Manling Zhang, Senior Program Manager, Azure CDN. ​

In Azure, we understand that the breadth and scale of the cloud demands an ever-evolving commitment to continuously improve the customer experience and help our customers achieve more. Content Delivery Networks (CDNs) enable cloud-hosted applications to scale and deliver content quickly and reliably across the globe. Azure CDN is built from the ground up to deliver best in class CDN services through both our ecosystem of partners as well as our flexible cloud platform.
Today we are excited to announce the public preview of Microsoft as a provider within Azure CDN, enabling Azure customers to use and deliver content from Microsoft’s own global CDN network. This CDN option is being added alongside existing provider options from Verizon and Akamai.

Microsoft has gone through its own cloud transformation with Office 365, Skype, Bing, OneDrive, Windows, and Xbox with a distinctively hybrid consumer and enterprise focus that has developed and shaped our unique perspective on networking and CDN over the last 5 years. 
Running at the Edge of Microsoft’s Global Network, this new native addition provides Azure customers access to a highly seasoned CDN platform. Connectivity within



Application Security Groups now generally available in all Azure regions

We are pleased to announce the general availability of Application Security Groups (ASG) in all Azure regions. This feature provides security micro-segmentation for your virtual networks in Azure.

Network security micro segmentation

ASGs enable you to define fine-grained network security policies based on workloads, centralized on applications, instead of explicit IP addresses. Provides the capability to group VMs with monikers and secure applications by filtering traffic from trusted segments of your network.

Implementing granular security traffic controls improves isolation of workloads and protects them individually. If a breach occurs, this technique limits the potential impact of lateral exploration of your networks from hackers.

Security definition simplified

With ASGs, filtering traffic based on applications patterns is simplified, using the following steps:

Define your application groups, provide a moniker descriptive name that fits your architecture. You can use it for applications, workload types, systems, tiers, environments or any role. Define a single collection of rules using ASGs and Network Security Groups (NSG), you can apply a single NSG to your entire virtual network on all subnets. A single NSG gives you full visibility on your traffic policies, and a single place for management. Scale at your own pace. When you deploy



The new Azure Load Balancer – 10x scale increase

Azure Load Balancer is a network load balancer offering high scalability, throughput and low latency across TCP and UDP load balancing.

Today, we are excited to announce the new Standard SKU of the Azure Load Balancer. The Standard SKU adds 10x scale, more features along with deeper diagnostic capabilities than the existing Basic SKU. The new offer is designed to handle millions of flows per second and built to scale and support even higher loads. Standard and the Basic Load Balancer options share APIs and will offer our customers several options to pick and choose what best match their needs.

Below are some of the important features of the new Standard SKU:

Vastly increased Scalability

Standard Load Balancer can distribute network traffic of up to one thousand (1000) VM instances in a backend pool. This is a 10x scale improvement over the existing Basic SKU. One or more large scale virtual machine Scale Sets can be configured behind a single highly available IP address and the health and availability of each instance is managed and monitored by health probes.

Versatility within the Vnet

The new Standard Load Balancer spans an entire virtual network (VNet). Any virtual machine in the



Azure DNS Private Zones now available in public preview
Azure DNS Private Zones now available in public preview

We are pleased to announce the public preview of DNS Private Zones in all Azure Public cloud regions. This capability provides secure and reliable name resolution for your virtual networks in Azure. Private Zones was announced as a managed preview in fall of last year.


No more custom DNS server burden

Private Zones obviates the need to setup and manage custom DNS servers. You can bring DNS zones to your virtual network as you lift-and-shift applications to the Azure cloud, or if you are building Cloud-Native applications. You also have the flexibility to use custom domain names, such as your company’s domain name.

Name resolution across virtual networks and across regions

Private zones provide name resolution both within a virtual network and across virtual networks. You can have private zones not only span across virtual networks in the same region, but also across regions and subscriptions. This feature is available in all Azure Public cloud regions.

Split-horizon support

You can configure zones with a split-horizon view, allowing for a private and a public DNS zone to share the same name. This is a common scenario when you want to validate your workloads in a local test environment, before rolling



SONiC, the network innovation powerhouse behind Azure

This week is OCP Summit 2018, and I cannot think of a better time to do a status update on our Open Source fabric powering our cloud. Since joining OCP back in 2014, I have always been a huge supporter of Microsoft’s participation in the important work done by the members of the Open Compute Project (OCP) community.

The idea of tech industry leaders coming together around a common goal to innovate and improve on existing technology through the sharing of knowledge, creates a huge impact on the world and is a great way to learn and grow. Only through the constant innovation across, not just our customer facing services, but the very base-layers of what makes up our global infrastructure, are we able to control our own destiny.

SONiC is the default switch OS powering Azure and many other parts of the Microsoft Cloud. Since last year’s Summit, we have grown its footprint substantially and are now also powering services such as our AI platform, making sure researches have the very best experience when working on solving some of the world’s most pressing problems.

“Microsoft’s Software for Open Networking in the Cloud (SONiC) is the first solution to break



Visibility into network activity with Traffic Analytics – now in public preview

Today, we are announcing the public preview of Traffic Analytics, a cloud-based solution that provides visibility into user and application traffic on your cloud networks.

Traffic Analytics analyzes NSG Flow Logs across Azure regions and equips you with actionable information to optimize workload performance, secure applications and data, audit your organization’s network activity and stay compliant.

With Traffic Analytics, you now can:

Gain visibility into network activity across your cloud networks. Solution provides insights on: traffic flows across your networks between Azure and Internet, in Azure,  public cloud regions, VNETs and subnets. inter-relationships between critical business services and applications. applications and protocols on your network, without the need for sniffers or dedicated flow collector appliances. Secure your network; Identify threats on your network, such as: flows between your VMs and rogue networks. network ports open to the Internet. applications attempting Internet access. anomalous network traffic behavior (e.g. back-end servers attempting connectivity, to servers outside your network etc.) Improve performance of your applications by: capacity planning – eliminate issues of over-provisioning or under utilization by monitoring utilization trends of VPN gateways and other services. analyzing in-bound and out-bound flows. understanding application access patterns (e.g. Where are