Azure
Microsoft Azure updates and Terraform AzureRM provider.
- Google Cloud release notes securityawsazuregcpengineergovernment ·
Google SecOps updates supported default parsers
Google SecOps has updated its list of supported default parsers, adding new parsers and log types. These updates enhance security monitoring capabilities by integrating data from a wider range of security products. The changes will be reflected across regions within one to four days.
patch - HashiCorp Blog blogsecurityazurepreviewengineer ·
HashiCorp Vault 2.0 adds SCIM support for user provisioning
HashiCorp Vault 2.0 introduces beta SCIM support, enabling organizations to standardize user and group provisioning from external identity platforms directly into Vault. This feature simplifies identity management for administrators and improves security posture by centralizing user access control.
feature patch - Azure Updates securityazuregaengineer ·
Azure Virtual Network flow logs connector now generally available with Microsoft Sentinel
The Azure Virtual Network flow logs connector is now generally available, integrating directly with Microsoft Sentinel. This allows for seamless export and analysis of network traffic data, enhancing security operations workflows by bringing rich network insights into your SIEM.
feature patch - Azure Updates securityazuregaengineer ·
Azure Files GA: Entra-only identities for SMB access
Azure Files now offers Entra-only identities for SMB access, now generally available. This feature allows organizations to securely access file shares using cloud-native identities, eliminating the need for Active Directory or hybrid identity infrastructure.
feature patch - Azure Updates securityazuredeprecationengineer ·
Azure App Service, Functions, Logic Apps to retire TLS 1.0/1.1 on May 31, 2027
Azure is retiring support for TLS 1.0 and TLS 1.1 across App Service, Functions, and Logic Apps to enhance security. After May 31, 2027, connections using these legacy protocols will no longer be accepted. This impacts any client, application, or service relying on TLS 1.0 or 1.1 for connectivity.
deprecation - HashiCorp Blog blogsecurityazuregaengineer ·
Azure hub-and-spoke networking GA for HCP Vault Dedicated
HashiCorp Cloud Platform (HCP) Vault Dedicated now supports Azure hub-and-spoke networking, which is now generally available. This feature enhances cloud security maturity by enabling private connectivity for Vault deployments.
feature patch - Azure Updates securityawsazuregaengineer ·
Azure Files SMB now supports Managed Identity authentication (GA)
Azure Files SMB now supports Managed Identities, allowing applications to authenticate using Entra-issued tokens instead of static credentials. This enhances security by aligning with Zero Trust principles and eliminates the need to manage account keys.
feature patch - Azure Updates securityazuregaengineer ·
Azure Service Bus Premium Confidential Computing GA
Confidential computing for Azure Service Bus Premium is now generally available in Korea Central and UAE North. This feature allows Service Bus to process messages within hardware-based trusted execution environments (TEEs), enhancing data protection for sensitive workloads.
feature - Azure Updates securityazuregaengineer ·
Azure Sentinel TI GA: Improved pattern parsing and revoke reliability
Azure Sentinel TI is now Generally Available with two key improvements: a fix for unreliable revoke actions and enhanced pattern parsing. These updates improve accuracy and control for users working with pattern-based workflows.
feature patch - Azure Updates securityazuregaengineer ·
Azure Blob Storage: Prefix-scoped access for User Delegation SAS now GA
Azure Blob Storage User Delegation SAS now supports prefix-scoped access, in addition to container and individual blob scopes. This enhances security and flexibility for managing access to specific sets of blobs within a container.
feature patch - Azure Updates securitynetworkingazurepreviewengineer ·
Azure Front Door Premium adds HTTP DDoS Ruleset in preview
Azure Front Door Premium now offers a public preview of its HTTP DDoS Ruleset to combat application downtime caused by HTTP-layer DDoS attacks. This new feature aims to provide more dynamic protection against evolving botnets, which often bypass traditional static security controls.
feature - Azure Updates securityazuregaengineer ·
Azure Cosmos DB Dynamic Data Masking GA
Azure Cosmos DB's Dynamic Data Masking (DDM) is now generally available. This server-side feature uses policies to dynamically mask sensitive data for non-privileged users, enhancing data protection against unauthorized access.
feature patch - Azure Updates securityazuregapreviewengineer ·
Azure NetApp Files advanced ransomware protection now generally available
Azure NetApp Files advanced ransomware protection (ANF ARP) has moved to General Availability. This feature aids organizations in detecting, responding to, and recovering from ransomware attacks targeting cloud volumes by monitoring Azure NetApp Files.
feature patch - Azure Updates securityazuregaengineer ·
Azure Encrypts Premium SSD v2/Ultra Disks with Cross-Tenant Customer-Managed Keys (GA)
Azure's Premium SSD v2 and Ultra Disks now support cross-tenant customer-managed keys (CMK), enabling encryption with keys stored in a separate Azure Key Vault. This feature enhances security for organizations managing keys across different Microsoft Entra tenants.
feature patch - Azure Updates securityazurepreviewengineer ·
Azure Bastion adds managed identity support for graphical session recording (preview)
Azure Bastion graphical session recording now supports write access to storage accounts using managed identities, currently in public preview. This enhancement allows for more secure and streamlined access control to recorded sessions.
feature - Azure Updates securitynetworkingazuregaengineer ·
Azure Service Bus Network Security Perimeter GA
Network Security Perimeter support for Azure Service Bus is now generally available. This feature enables the creation of a logical network boundary around Service Bus namespaces to block unauthorized public access, enhancing security for sensitive workloads.
feature patch