Hello, this is David Tucker and welcome to Azure This Week. The cloud never seems to slow down. So I've got several items I'll be covering this week, including a potential vulnerability you need to watch out for on npm, the general availability of the Azure Bastion Native Client, the general availability of Azure ML, user-defined functions with Stream Analytics, and a new region coming to South Central India in the future. We got a lot to get to. So let's jump right to the news.

First up, if you are a JavaScript or TypeScript developer building solutions for Azure, you will want to pay attention. There has been an attempt to target Azure developers that are leveraging the npm package repository. Now, while none of the official packages published by Microsoft are affected, rogue developers have published packages that look similar to the official ones in hopes that developers will not notice the difference. As pointed out by researchers from JFrog, developers can become susceptible to this by forgetting to put the npm scope for the official packages when installing them. This means that instead of installing ‘@azure/core-tracing’, you simply try to install core-tracing.

Now, these fake packages are designed to leak information about the systems that have installed them, potentially for a future attack. Now, what should you do about it? Just make sure all Azure packages you have installed are using the '@Azure' scope. The problematic packages have been removed, but if you made this mistake, you still could be leveraging the rogue packages after they were downloaded locally. Now check out the link in the notes to get all the details about out this potential security issue with npm. Are you keen to start your cloud journey? Well we've just launched a new limited time offer for our Personal Plus annual plan, giving you a savings of 33%.

That's a ton. Now this Personal Plus plan gives you access to great course features like hands-on labs, and practice exams, making it easier to kickstart your cloud career. If you're interested, scan the QR code on the screen or click the link in the description. Next up, if you want to ease the process of connecting to your Windows and Linux virtual machines, and also eliminate the risk of having ports open to the world, you will be glad to hear that the Azure Bastion Native Client is now generally available. With this you can use the Azure CLI to connect to those virtual machines, using a native client on your machine, even if you aren't on Windows.

You also gain the ability to leverage your Active Directory credentials for the virtual machines joined to your AD domain. Now, while this has been available in different forms via preview, this release makes it generally available. Check out the link in the notes to get started with this new capability. Next, one of the ways that we leverage data in today's digital landscape is to utilize machine learning models to predict, or infer, things from our data without having to leverage a human to analyze every piece of data. Now this is especially critical when you're dealing with large amounts of streaming data.

Microsoft is helping to solve this by enabling you to easily integrate machine learning models that you have created with Azure ML. Now, as long as you have a deployed endpoint in Azure ML with a swagger definition, you can now easily integrate that model into your streaming pipelinesc with Azure Stream Analytics. This feature is now generally available. Finally, a new Azure region is coming to South Central India in Hyderabad. Now this one will launch with availability zones as well.

This makes the third India region for Azure joining Pune and Chennai. Well, that's all the data I could cram into a single episode of Azure This Week, but if you're interested in data, we've just published the new Microsoft Certified: Azure Data Engineer Associate, or DP-203, course. So feel free to check it out at the link below. If you have any comments or questions at all, let us know in the comments. See you next week and keep being awesome Cloud Gurus.

Oh and while you’re here, if you want to keep up to date with that news, hit that subscribe button below.