Things are warming up in the northern hemisphere and heating up here at Microsoft with all the additional service updates becoming available. News the AzUpdate team will be covering this week includes Azure Migrate private endpoint support is now available in public preview, The need to upgrade to TLS 1.2 or above for secure MARS agent backups by September 1, 2020, updates in policy compliance for resource type policies and a powerful Microsoft Learn module of the week.
Azure Migrate private endpoint support available in public preview
In order to continue using Azure Backup without any interruptions, please ensure all resources using the Microsoft Azure Recovery Services (MARS) agent are enabled to use TLS 1.2 or above. Please refer to thesteps documented in our public documentationto take appropriate action to make sure your server configuration does not force use of legacy protocols.
General availability: Update in Policy Compliance for Resource Type Policies
Starting on June 16, 2021, policies where resource type is the only evaluation criterion (e.g. Allowed Resource Types, Disallowed Resource Types) will not have 'compliant' resources stored in compliance records. This means that if there are zero non-compliant resources, the policy will show 100% compliance. If there is one or more non-compliant resources, the policy will show 0% compliance, with the total resources equaling the non-compliant resources. This change is to address feedback that resource type policies skew overall compliance percentage data (which are calculated as compliant + exempt resources out of the total resources across all policies, deduped for unique resource IDs) due to a high number of total resources.
The resource type policy has a high total resource count, because it’s the only policy where all resources in the scope of the assignment count towards ‘total resources’. Other policies only consider applicable resource types to count towards total resources (i.e. VM extension policy would only count VMs in total resources).
Going forward, the resource type policies will only count the non-compliant resources (when ‘if’ statement evaluates to true) towards the total resources. So, if there are zero-non-compliant resources, the policy will show 100% compliance. Alternatively, if there are one or more non-compliant resources, the policy will show 0% compliance (since non-compliant resources = total resources). Aggregated with other policies, this logic would provide more accurate assessment of your overall environment.
If this is a concern, and if you’d like other resource types to be reflected as compliant resources, please include the statement ‘allOf:[ field: type in [list of resource types to be counted towards total]],’, as in the built-in policy definition ‘Storage accounts should be migrated to new Azure Resource Manager resources’.
Hello World - Special guests, content challenges, upcoming events, and daily update
MS Learn Module of the Week
Introduction to Power Automate
Microsoft Power Automate is all about process automation. Power Automate allows anyone with knowledge of the business process to create repeatable flows that when triggered leap into action and perform the process for them.
What is Power Automate and the business value it creates
How two business are using Power Automate to provide better customer experiences