Public Preview: Trusted launch default for new Gen2 VMs & Scale sets

Public Preview: Trusted launch default for new Gen2 VMs & Scale sets
Announcing public preview for key security enhancement in Azure: Trusted Launch as default (TLaD) for new deployments of Gen2 Virtual Machines (VMs), Virtual Machine Scale Sets (Scale set) and Azure Compute Gallery (ACG) resources. This will help enhance the foundational security of new Azure Gen2 VMs & Scale set deployments without any change to existing deployment scripts (like SDK, Bicep, ARM templates, Terraform).

Trusted Launch VMs provide foundational compute security to Azure Generation 2 VMs by enabling Secure Boot and vTPM capabilities. Trusted Launch capabilities protect OS against rootkits, boot kits and enables attestation by measuring the boot chain of VM.

Generally Available: Enable Trusted launch on existing Virtual machine Uniform scale set
Announcing general availability of support to enable Trusted launch on existing Virtual machine Uniform scale sets by upgrading the scale set resource to Gen2-Trusted launch. This will help improve the foundational security of existing Azure Virtual machine Uniform scale set resources.

Trusted Launch VMs provide foundational compute security to Azure Generation 2 VMs by enabling Secure Boot and vTPM capabilities. Trusted Launch capabilities protect OS against rootkits, boot kits and enables attestation by measuring the boot chain of VM.

Generally Available: Granular Role-Based Access Control (RBAC) for Azure File Sync
Azure File Sync now offers two dedicated, built-in RBAC roles, designed to enhance security and operational efficiency for businesses managing file synchronization across on-premises and cloud environments. These new roles, Azure File Sync Administrator and Azure File Sync Reader provide more granular access control compared to broad roles like Owner and Contributor, empowering organizations to enforce the principle of least privilege.

To meet company-specific compliance and governance requirements, organizations previously needed to create custom roles for Azure File Sync administrators to ensure appropriate permission levels when assigning roles to other users. With this update, Azure introduces a set of purpose-built roles that simplify this process by providing tailored permissions that grant users the ability to create and manage components such as a Storage Sync Service, Sync Group, Server Endpoint, Cloud Endpoint, and register servers with Azure File Sync all while adhering to the principle of least privilege. Importantly, these roles do not grant permissions to create or manage virtual machines and only provide read access to storage accounts, enhancing both security and operational efficiency without overextending access.

Generally Available: Azure Automation supports PowerShell 7.4 & Python 3.10 runbooks and Runtime environment
Azure Automation is pleased to announce a series of releases:

• General Availability of in-support PowerShell 7.4 and Python 3.10 runbooks
• Runtime Environment GA, enabling customers to seamlessly upgrade their outdated scripts to supported runtime versions.
• Support for Azure CLI commands in PowerShell 7.4 runbooks GA

Benefits:

• Stay current – Access to new language versions for improved security and performance.
• Faster Runbook upgrade – Easy portability of runbooks across different versions to keep pace with PowerShell and Python releases.
• Granular control – Complete control to configure the script execution environment, without worrying about conflicting module versions.
• Efficient Code organization – Eliminate the need to create multiple Automation accounts to segregate different versions of modules or conflicting modules.

Generally Available: Customer controlled maintenance for Azure Firewall

• Azure Firewall enables users to set a maintenance window with a minimum duration of 5 hours, recurring daily, to best accommodate their requirements and minimize unexpected downtime. Firewalls with an associated maintenance configuration will not undergo upgrades outside the designated maintenance period.

Public Preview: Azure Virtual Network Manager high-scale private endpoints in connected groups
Azure Virtual Network Manager high-scale private endpoints in connected groups is now in public preview, delivering enhanced scalability for complex Azure network environments.
As organizations grow, the need to large numbers of private endpoints becomes critical. This new capability enables up 2,000 private endpoints within a connected group—empowering you to scale workloads more efficiently in Azure.