Azure Arc support for private endpoints & spotlight on Azure security!

What’s been happening in Azure news this week? Well first up, do you know that it’s been five years since WannaCrypt wreaked havoc globally, encrypting and ransoming data for bitcoins? In May 2012, Microsoft provided tools to Azure customers to help protect against this threat.

WannaCrypt has been just one of many cyber attacks over the years, and that’s why it’s great to see several new Azure announcements that protect against other security threats, such as Azure Arc support for private endpoints. So let’s jump in and get safe and secure!

Your keys to a better career

Get started with ACG today to transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.

Trusted launch helps you to protect your virtual machines in Azure by ensuring security threats aren’t hiding in your boot loader, OS kernel, or drivers. And this helps you to protect against sophisticated attacks that can otherwise be very difficult to detect.

Trusted launch supported Linux and Windows VM images from the marketplace, but you couldn’t use this feature for custom VM images. So if you had custom VM images for things like standardized deployments, or Azure Virtual Desktop, trusted launch was unsupported.

Until now, that is! As long as you manage your custom images through Compute Galleries, you can also now enable trusted launch. What a welcome update.

I have a question for you.

Do you have any servers hosted on competitor clouds? Maybe AWS, or GCP? It’s OK, really, there’s no judgment here.

All joking aside, it is increasingly common to see organizations with multi-cloud or hybrid deployments. And it’s for this reason that Microsoft created Azure Arc. 

With Azure Arc, you can manage your Windows or Linux servers wherever they are using the Azure Portal, Azure Policy, Azure Automation, and much more.

But all of this required public internet accessibility. Until now.

With the announced support for Private Endpoint for Arc-enabled servers, you’ll be able to use Azure Arc without having to open up public network access.

To secure your Arc connectivity using this new feature, you’ll need to configure an Azure Private Link Scope, and you must be using ExpressRoute, or site-to-site VPN, to connect to Azure.

This will help you securely manage your servers, wherever they might be.

Stream Analytics is a powerful service that helps businesses gain value from data. It allows you to analyze, transform, and act upon streams of data from devices, sensors, or other sources.

But, as with most analytics tools, Stream Analytics is typically just one service within a multi-service data analytics platform. So we need to be sure that data can be securely accessed across services.

Well, with this update, Stream Analytics can now use a managed identity to securely access data that you have within Cosmos DB and Service Bus. This is in addition to the existing support for other services such as Blob storage or Power BI.

With managed identity authentication you don’t need to worry about managing a username or password. Instead, you can assign your Stream Analytics job a managed identity and let the platform take care of the rest.

Now your Stream Analytics job has an Azure AD identity that can be securely granted permissions to access data in other Azure services.

Well that’s all for this week! Want to keep up with all things cloud? Follow ACG on Twitter and Facebook. You can also subscribe to A Cloud Guru on YouTube for weekly Azure updates, and join the conversation on Discord.

Looking to learn more about cloud and Azure, or begin your cloud career in 2022? Check out our rotating line-up of free courses, which are updated every month. (There’s no credit card required!)