Microsoft

Microsoft Entra Suite Now Generally Available: Identity and Security Based Upon Zero-Trust Models

Posted on August 8, 2024 - August 8, 2024 by Maq Verma

Microsoft has announced the general availability of its Entra Suite. According to the company, the suite provides a solution that integrates identity and security, facilitating a more unified approach to security operations.

The Entra Suite is built to streamline the implementation of zero-trust security models. Zero-trust is a framework where trust is never assumed, and verification is continuously enforced. By integrating identity management with security operations, Microsoft aims to make zero-trust adoption more seamless for organizations.

The company states that the suite focuses on providing secure access for the workforce, marking the second stage in the company’s vision for a universal trust fabric for the era of AI. In an earlier company blog post, Joy Chik writes:

Once your organization has established foundational defenses, the next priority is expanding the Zero Trust strategy by securing access for your hybrid workforce. Flexible work models are now mainstream, and they pose new security challenges as boundaries between corporate networks and the open Internet are blurred. At the same time, many organizations increasingly have a mix of modern cloud applications and legacy on-premises resources, leading to inconsistent user experiences and security controls.

In addition, the company writes in the announcement blog post:

By incorporating the principles of Zero Trust—verify explicitly, use least privileged access, and assume breach—the Microsoft Entra Suite and the Microsoft unified security operations platform help leaders and stakeholders for security operations, identity, IT, and network infrastructure understand their organization’s overall Zero Trust posture.

Microsoft Entra Suite offers several identity-centric solutions, including private access for securing private resources, internet access for protecting against internet threats, ID Governance for automating identity management, ID Protection for real-time identity compromise prevention, and Verified ID for real-time identity verification.

Microsoft Enterprise Suite allows organizations to unify Conditional Access policies, ensure minimal access privileges (least privileges) for all users, enhance the user experience for in-office and remote workers, and reduce the complexity and cost of managing security tools.

Conditional Access Microsoft Entra (Source: Screenshot YouTube First Look on Microsoft Entra Suite)

In a First Look on Microsoft Entra Suite YouTube video, MVP Andy Malone explains the conditional access policies amongst the other features like:

What conditional access does is that it’s part of Microsoft’s Zero Trust Technologies. So, in other words, you have to go to verify every user, every application, and every device on your network. Conditional access policies will help you do that.

The Microsoft Entra Suite is $12 per user per month, and the Microsoft Entra P1 is a licensing and technical prerequisite. The pricing page has more details.

Introducing New SKUs for Microsoft Azure Bastion: Developer and Premium Options Now Available

Posted on August 8, 2024 - August 8, 2024 by Maq Verma

Microsoft recently announced new SKUs for its Azure Bastion service: a Developer SKU that is now generally available (GA) after its public preview last year and a premium SKU being rolled out in a public preview.

Microsoft Azure Bastion is a fully managed Platform as a Service (PaaS) that offers seamless RDP and SSH connectivity to virtual machines accessed directly in the Azure portal. The Developer SKU is designed for Dev/Test users who need secure VM connections without requiring extra features, configuration, or scaling. The new premium SKU offers advanced recording, monitoring, and auditing capabilities for customers managing highly sensitive workloads.

With the Bastion Developer SKU, there’s no need to allocate dedicated resources to your customer VNET. Instead, it uses a shared pool of resources managed internally by Microsoft, ensuring secure connectivity to their VMs. Users can access their VMs directly through the connect experience on the VM blade in the portal, with support for RDP/SSH on the portal and SSH-only for CLI sessions.

Isabelle Morris, a product manager of Azure Networking, explains in a Tech Community blog post:

This service is designed to simplify and enhance the process of accessing your Azure Virtual Machines by eliminating the complexities, high costs, and security concerns often associated with alternative methods.

Overview of the Azure Bastion Developer SKU Architecture (Source: Microsoft Learn)

Aaron Tsang, product manager, Microsoft, writes about the public preview of the premium SKU:

Our first set of features will focus on ensuring private connectivity and graphical recordings of virtual machines connected through Azure Bastion.

Azure Bastion’s private-only enables inbound connections using a private IP address, which is beneficial for customers seeking to minimize public endpoints or adhere to strict organizational policies. This allows private connectivity from on-premises to Azure virtual machines when using ExpressRoute private peering.

Overview of the Azure Bastion Private Only Deployment (Source: Microsoft Learn)

The private-only deployment feature received positive feedback from the community. Joe Parr comments:

A key feature for me is the private-only mode—no more internet-routable deployments of Bastion.

The graphical session recording in Azure Bastion visually records all virtual machine sessions, storing them in a customer-designated storage account for direct viewing in the Azure Bastion resource blade. This feature provides added monitoring for virtual machine sessions, allowing customers to review recordings if any anomalies occur. According to Aquib Qureshi, a technology specialist at Microsoft, the feature was one of the most requested.

Lastly, Azure Bastion pricing is based on hourly rates determined by SKUs, instances (scale units), and data transfer fees. Hourly pricing commences upon Bastion deployment, irrespective of outbound data usage. The pricing page provides more details.

Microsoft Introduces the Public Preview of Flex Consumption Plan for Azure Functions at Build

Posted on August 8, 2024 - August 8, 2024 by Maq Verma

At the annual Build conference, Microsoft announced the flex consumption plan for Azure Functions, which brings users fast and large elastic scale, instance size selection, private networking, and higher concurrency control.

The Flex Consumption Plan is a new Azure Functions hosting plan that uses the familiar serverless consumption-based billing model (pay for what you use). It provides users with more flexibility and customization options without sacrificing existing capabilities. According to the company, users can build serverless functions with this plan, leading to higher throughput, improved reliability, better performance, and enhanced security according to their needs.

Flex Consumption (Source: Tech Community blog post)

Thiago Almeida, who works for the Azure Functions engineering team, writes:

Flex Consumption is built on the latest Functions host especially optimized for scale, a brand-new backend infrastructure called Legion, and a new version of our internal scaling service. It is now available in preview in 12 regions and supports .NET 8 Isolated, Python 3.11 and Python 3.10, Java 17 and Java 11, Node 20 LTS, and PowerShell 7.4 (Preview).

Flex Consumption offers a range of scaling capabilities, including multiple instance memory choices, per-instance concurrency control, per-function scaling, “Always Ready” instances, and the ability to scale out to up to 1000 instances per app. In addition, users can securely access Virtual Network (VNet)-protected services from their function app and secure their function app to their VNet. There is no extra cost for VNet support; users can share the same subnet between multiple Flex Consumption apps.

Besides Flex Consumption’s scaling and networking features, other features are available, including Azure Load Testing integration for Function apps. This integration allows users to set up load tests against their HTTP-based functions easily. Flex Consumption apps can also opt-in to emit platform logs, metrics, and traces using Open Telemetry semantics to Azure Application Insights or other OLTP-compliant endpoints. Finally, it’s important to note that Flex Consumption has no execution time limit enforced by the functions host. However, it’s still essential to write robust functions as there are no execution time guarantees during public preview, and the platform can still cancel function executions.

A cloud solution architect from Germany tweeted on the announcement of the new plan:

Finally… Too late, but better than never. We lost a huge project against AWS-Competitor due to the lack of these capabilities two years ago. We developed one year ago, and the customer decided to switch to AWS due to the lack of possibilities for scale to zero and VNet Integration at once.

While Miroslav Janeski, a technical director at Init Norway, concludes in a blog post:

Azure Functions Flex Consumption represents a significant leap forward in serverless computing. It addresses long-standing challenges while maintaining cost efficiency and scalability benefits. As cloud-native applications evolve, innovations like these will pave the way for even greater advancements.

Lastly, the Flex Consumption Plan operates on a consumption-based pricing model. Charges are applicable for on-demand instances during function execution and for optional “Always Ready” instances. The plan includes a monthly free grant of 250,000 requests and 100,000 GB-s of resource consumption per subscription.