https://azure.microsoft.com/blog/how-hsbc-built-its-payme-for-business-app-on-microsoft-azure/Bank-grade security, super-fast transactions, and analytics If you live in Asia or have ever traveled there, you’ve probably witnessed the dramatic impact that mobile technology has had on all aspects of day to day life. In Hong Kong in particular, READ MORE
Reliance on cloud services continues to grow for industries, organizations, and people around the world. So now more than ever it is important that you can trust that the cloud solutions you rely on are secure, compliant with global standards and local regulations, keep data private and protected, and are fundamentally reliable. At Microsoft, we are committed to providing a trusted set of cloud services, giving you the confidence to unlock the potential of the cloud.
Over the past 12 months, Azure has operated core compute services at 99.995 percent average uptime across our global cloud infrastructure. However, at the scale Azure operates, we recognize that uptime alone does not tell the full story. We experienced three unique and significant incidents that impacted customers during this time period, a datacenter outage in the South Central US region in September 2018, Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) challenges in November 2018, and DNS maintenance issues in May 2019.
Building and operating a global cloud infrastructure of 54 regions made up of hundreds of evolving services is a large and complex task, so we treat each incident as an important learning moment. Outages and other service incidents are a challenge
Last July, I shared our approach to helping customers migrate to Azure. Since then, we’ve seen tremendous customer response working with organizations such as Allscripts, Chevron, J.B. Hunt, and Carlsberg Beers, and we’ve gained valuable insights about customer needs along their journey. Today, we are bringing together a best practice-based, holistic experience for migrating existing applications and systems to Azure.
Azure Migration Program
Azure Migration Program includes prescriptive advice, resources, and tools customers need for a successful path to the cloud from start to finish. Using proven cloud adoption methodologies, tools, resources, and best practices, customers can ensure their move to Azure is successful. Through the program, customers will work hand in hand with Microsoft experts and specialized migration partners to receive:
Curated, step-by-step guidance from Microsoft experts and specialized migration partners based on proven Cloud Adoption Framework for Azure methodology. Technical skill building with foundational and role-specific courses to develop new Azure skills and ensue long-term organizational readiness. Free Azure migration tools including Azure Migrate to assess and migrate workloads. And free Azure Cost Management to optimize costs. Offers to reduce migration costs including Azure Hybrid Benefit, free Extended Security Updates for Windows Server 2008 and SQL Server 2008.
This post was co-authored by Anitha Adusumilli, Principal Program Manager, Azure Networking.
Today we are happy to share several key Azure Firewall capabilities as well as update on recent important releases into general availability (GA) and preview.
Multiple public IPs soon to be generally available Availability Zones now generally available SQL FQDN filtering now in preview Azure HDInsight (HDI) FQDN tag now in preview Central management using partner solutions
Azure Firewall is a cloud native firewall-as-a-service offering which enables customers to centrally govern and log all their traffic flows using a DevOps approach. The service supports both application and network level filtering rules and is integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto scaling.
Multiple public IPs soon to be generally available
You can now associate up to 100 public IP addresses with your firewall. This enables the following scenarios:
DNAT – You can translate multiple standard port instances to your backend servers. For example, if you have two public IP addresses, you can translate TCP port 3389 (RDP) for both IP addresses. SNAT – Additional ports are available for outbound SNAT connections, reducing
Tomorrow, July 9, 2019, marks the end of extended support for SQL Server 2008 and 2008 R2. These releases transformed the database industry, with all the core components of a database platform built-in at a fraction of the cost of other databases. We saw broad adoption across applications, data marts, data warehousing, and business intelligence. Thank you for the ten amazing years we’ve had together.
But now support for the SQL Server 2008 and R2 versions is ending. Whether you prefer the evergreen SQL of Azure SQL Database managed instance which never needs to be patched or upgraded, or if you need the flexibility and configurability of SQL Server hosted on a Azure Virtual Machine with three free years of Extended Security Updates, Azure provides the best choice of destinations to secure and modernize your database.
Customers are moving critical SQL Server workloads to Azure
Customers like Allscripts, Komatsu, Paychex, and Willis Towers Watson are taking advantage of these innovative destinations and migrating their SQL Server databases to Azure. Danish IT solutions provider KMD needed a home for their legacy SQL Server in the cloud. They had to migrate an 8-terabyte production database to the cloud quickly and without interruption
I’m excited to announce our second Azure Blueprint for an important compliance standard with the release of the PCI-DSS v3.2.1 blueprint. The new blueprint maps a core set of policies for Payment Card Industry (PCI) Data Security Standards (DSS) compliance to any Azure deployed architecture, allowing businesses such as retailers to quickly create new environments with compliance built in to the Azure infrastructure.
Azure Blueprints is a free service that enables customers to define a repeatable set of Azure resources that implement and adhere to standards, patterns, and requirements. Azure Blueprints allow customers to set up governed Azure environments that can scale to support production implementations for large-scale migrations.
Azure Blueprints is another reason why Azure is a strong platform for compliance, with the industry’s broadest and deepest portfolio of 91 compliance offerings. Azure is built using some of the most rigorous security and compliance standards in the world, and includes multi-layered security provided by Microsoft across physical datacenters, infrastructure, and operations. Azure is also built for the specific compliance needs of key industries, including over 50 compliance offerings specifically for the retail, health, government, finance, education, manufacturing, and media industries.
Compliance with regulations and standards such as ISO
With more computing environments moving to the cloud, the need for stronger cloud security has never been greater. But what constitutes effective cloud security, and what best practices should you be following?
While Microsoft Azure delivers unmatched built-in security, it is important that you understand the breadth of security controls and take advantage of them to protect your workloads.
We launched the Azure Security Expert Series, which will provide on-going virtual content to help security professionals protect hybrid cloud environments. Ann Johnson, CVP of Cybersecurity Solutions Group at Microsoft, kicked off the series and shared five cloud security best practices:
Strengthen Access Control Increase your security posture Secure apps and data Manage networking Mitigate threats
Make sure you are up to speed with each of these important best practices as you secure your own organization.
Customer Lockbox for Microsoft Azure
During Ann’s main talk, she announced the general availability of Customer Lockbox for Microsoft Azure. Customer Lockbox for Azure extends our commitment to customer privacy while also giving you help when you need it most. With Customer Lockbox for Microsoft Azure, customers can review and approve or reject requests from Microsoft engineers to access their data during a support
For many customers around the world, securely connecting from the outside to workloads and virtual machines on private networks can be challenging. Exposing virtual machines to the public Internet to enable connectivity through Remote Desktop Protocol (RDP) and Secure Shell (SSH), increases the perimeter, rendering your critical networks and attached virtual machines more open and harder to manage.
RDP and SSH are both a fundamental approach through which customers connect to their Azure workloads. To connect to their virtual machines, most customers either expose their virtual machines to the public Internet or deploy a bastion host, such as jump-server or jump-boxes.
So today, I’m excited to announce the preview of Azure Bastion.
Azure Bastion is a new managed PaaS service that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL). This is completed without any exposure of the public IPs on your virtual machines. Azure Bastion provisions directly in your Azure Virtual Network, providing bastion host or jump server as-a-service and integrated connectivity to all virtual machines in your virtual networking using RDP/SSH directly from and through your browser and the Azure portal experience. This can be executed with just two clicks and
Customers such as Allscripts, Chevron, J.B. Hunt, and thousands of others are migrating their important workloads to Azure where they find unmatched security. While understanding cloud security is initially a concern to many, after digging in, customers often tell us the security posture they can set up within Azure is easier to implement and far more comprehensive than what they can provide for in other environments.
Azure delivers multiple layers of security, from the secure foundation in our physical datacenters, to our operational practices, to engineering processes that follow industry standard Mitre guidelines. On top of that, customers can choose from a variety of self-service security services that work for both Azure and on-premises workloads. We employ more than 3,500 cybersecurity professionals and spend $1 billion annually on security to help protect, detect, and respond to threats – delivering security operations that work 24x7x365 for our customers.
Let’s look at some examples of how Azure delivers unmatched security for your Windows Server and SQL Server workloads.
The broadest built-in protections across hybrid environments with Azure Security Center
Customers can get the broadest built-in protection available across both cloud and on-premises through Azure Security Center. This includes security recommendations for virtual