da Agency

Announcing mandatory multi-factor authentication for Azure sign-in

Learn how multifactor authentication (MFA) can protect your data and identity and get ready for Azure’s upcoming MFA requirement. 

As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical. As part of Microsoft’s $20 billion dollar investment in security over the next five years and our commitment to enhancing security in our services in 2024, we are introducing mandatory multifactor authentication (MFA) for all Azure sign-ins.

The need for enhanced security

One of the pillars of Microsoft’s Secure Future Initiative (SFI) is dedicated to protecting identities and secrets—we want to reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, and user and application authentication and authorization. As part of this important priority, we are taking the following actions:

Protect identity infrastructure signing and platform keys with rapid and automatic rotation with hardware storage and protection (for example, hardware security module (HSM) and confidential compute).

Strengthen identity standards and drive their adoption through use of standard SDKs across 100% of applications.

Ensure 100% of user accounts are protected with securely managed, phishing-resistant multifactor authentication.

Ensure 100% of applications are protected with system-managed credentials (for example, Managed Identity and Managed Certificates).

Ensure 100% of identity tokens are protected with stateful and durable validation.

Adopt more fine-grained partitioning of identity signing keys and platform keys.

Ensure identity and public key infrastructure (PKI) systems are ready for a post-quantum cryptography world.

Ensuring Azure accounts are protected with securely managed, phishing-resistant multifactor authentication is a key action we are taking. As recent research by Microsoft shows that multifactor authentication (MFA) can block more than 99.2% of account compromise attacks, making it one of the most effective security measures available, today’s announcement brings us all one step closer toward a more secure future.

In May 2024, we talked about implementing automatic enforcement of multifactor authentication by default across more than one million Microsoft Entra ID tenants within Microsoft, including tenants for development, testing, demos, and production. We are extending this best practice of enforcing MFA to our customers by making it required to access Azure. In doing so, we will not only reduce the risk of account compromise and data breach for our customers, but also help organizations comply with several security standards and regulations, such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and National Institute of Standards and Technology (NIST).

Preparing for mandatory Azure MFA

Required MFA for all Azure users will be rolled out in phases starting in the 2nd half of calendar year 2024 to provide our customers time to plan their implementation: 

Phase 1: Starting in October, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. The enforcement will gradually roll out to all tenants worldwide. This phase will not impact other Azure clients such as Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code (IaC) tools. 

Phase 2: Beginning in early 2025, gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will commence.

Beginning today, Microsoft will send a 60-day advance notice to all Entra global admins by email and through Azure Service Health Notifications to notify the start date of enforcement and actions required. Additional notifications will be sent through the Azure portal, Entra admin center, and the M365 message center.

For customers who need additional time to prepare for mandatory Azure MFA, Microsoft will review extended timeframes for customers with complex environments or technical barriers.

How to use Microsoft Entra for flexible MFA

Organizations have multiple ways to enable their users to utilize MFA through Microsoft Entra:

Microsoft Authenticator allows users to approve sign-ins from a mobile app using push notifications, biometrics, or one-time passcodes. Augment or replace passwords with two-step verification and boost the security of your accounts from your mobile device.

FIDO2 security keys provide access by signing in without a username or password using an external USB, near-field communication (NFC), or other external security key that supports Fast Identity Online (FIDO) standards in place of a password.

Certificate-based authentication enforces phishing-resistant MFA using personal identity verification (PIV) and common access card (CAC). Authenticate using X.509 certificates on smart cards or devices directly against Microsoft Entra ID for browser and application sign-in.

Passkeys allow for phishing-resistant authentication using Microsoft Authenticator.

Finally, and this is the least secure version of MFA, you can also use a SMS or voice approval as described in this documentation.

External multifactor authentication solutions and federated identity providers will continue to be supported and will meet the MFA requirement if they are configured to send an MFA claim.

Moving forward

At Microsoft, your security is our top priority. By enforcing MFA for Azure sign-ins, we aim to provide you with the best protection against cyber threats. We appreciate your cooperation and commitment to enhancing the security of your Azure resources.

Our goal is to deliver a low-friction experience for legitimate customers while ensuring robust security measures are in place. We encourage all customers to begin planning for compliance as soon as possible to avoid any business interruptions. 

Start today! For additional details on implementation, impacted accounts, and next steps for you, please refer to this documentation.
The post Announcing mandatory multi-factor authentication for Azure sign-in appeared first on Azure Blog.
Quelle: Azure

da Agency

Microsoft Cost Management updates—July 2024

Whether you’re a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you’re spending, where it’s being spent, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Microsoft Cost Management comes in.

We’re always looking for ways to learn more about your challenges and how Microsoft Cost Management can help you better understand where you’re accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

Exports enhancements: Parquet format support, file compression, and Fabric ingestion

Pricing updates on Azure.com

Your feedback matters: Take our quick survey! 

New ways to save money with Microsoft Cloud

Documentation updates

Let’s dig into the details.

Exports enhancements: Parquet format support, file compression, and Fabric ingestion 

In our last blog, I spoke about the support for FOCUS 1.0 (FinOps Cost Usage and Specification) datasets in Exports. We continue to make enhancements to the Exports functionality bringing support for the parquet format and file compression which can potentially help you achieve 40 to 70% file size reduction. These new cost saving features are initially available for the following datasets: Cost and usage details (Actual, Amortized, FOCUS) and Price Sheet. They aim to streamline your cost management processes, improve data handling efficiency, and reduce storage and network costs, all while providing comprehensive insights into your Azure spending.

Parquet is an open-source, columnar storage file format designed for efficient data processing and analytics. It offers several benefits over traditional formats like Comma-Separated Values (CSV), some of which are included below:

Efficient storage and reduced network cost: Parquet’s columnar format allows for better compression and encoding schemes, resulting in smaller file sizes. Compressed datasets occupy less space, translating to lower storage expenses and file transfer network cost.

Improved data transfer speed: Smaller file sizes mean faster data transfer rates, enhancing the efficiency of data operations.

Faster query performance: By storing data by column, parquet enables faster data retrieval and query performance, especially for large datasets.

Optimized analytics: Parquet format is optimized for big data tools and can be easily integrated with various analytics platforms.

To further reduce the size of your datasets, you can now compress your CSV files using GNU ZIP (GZIP) and parquet files using Snappy.

Here is the screenshot showing the new configuration options:

Please refer to this article to get started.

Microsoft Fabric ingestion 

Microsoft Fabric, as we know, is a great tool for data reporting and analytics where you can reference datasets from multiple sources without copying the data. We have now added new documentation to make it easy for you to ingest your exported costs datasets into new or existing Fabric workspaces. Just follow the steps included in this article. 

Pricing updates on Azure.com

We’ve been working hard to make some changes to our Azure pricing experiences, and we’re excited to share them with you. These changes will help make it easier for you to estimate the costs of your solutions.

We’re thrilled to announce the launch of new pricing pages for Azure AI Health (now generally available) and the innovative Phi-3 service (now in preview), ensuring you have the latest information at your fingertips.

Our Azure AI suite has seen significant enhancements, with updated calculators for Azure AI Vision and Azure AI Language, ensuring you have access to the most current offers and SKUs. The Azure AI Speech service now proudly offers generally available pricing for the cutting-edge Text to Speech add-on feature “Avatar”, and Azure AI Document Intelligence has added pricing for new training and custom generative stock-keeping units (SKUs).

To maintain the accuracy and relevance of our offers, we’ve deprecated the Azure HPC Cache and SQL Server Stretch pricing pages and calculators. This step ensures that you’re only presented with the most up-to-date and valid options.

The pricing calculator has been updated with the latest offers and SKUs for Azure Container Storage, Azure AI Vision, Azure Monitor, and PostgreSQL, reflecting our commitment to providing you with the most accurate cost estimates.

We’ve introduced new prices and SKUs across various services, including pricing for the new Intel Dv6/Ev6 series (preview) and ND Mi300X v5 series for Virtual Machines, auxiliary logs offer for Azure Monitor, and audio streaming and closed caption SKUs for Azure Communication Services. The Azure Databricks service now features pricing for Automated Serverless Compute, and the Azure Container Storage service pricing page now reflects generally available pricing.

Our dedication to enhancing your pricing experience is reflected in the continuous improvements made to several pages, including Azure Synapse Analytics, Azure SQL Database, Azure Migrate, Azure Cosmos DB (autoscale-provisioned), Microsoft Purview, Microsoft Fabric, Linux Virtual Machines, Azure VMware Solution, Azure Web PubSub, Azure Content Delivery Network, and Azure SignalR Service.

We’re constantly working to improve our pricing tools and make them more accessible and user-friendly. We hope you find these changes helpful in estimating the costs for your Azure Solutions. If you have any feedback or suggestions for future improvements, please let us know!

Your Feedback Matters: Take our quick survey!

If you use Azure in your day-to-day work from deploying resources to managing costs and billing, we would love to hear from you. (All experience levels welcome!) Please take a few moments to complete this short, 5 to 10-minute survey to help us understand your roles, responsibilities, and the challenges you face in managing the cloud. Your feedback will help us improve our services to better meet your personal needs. 

New ways to save money in the Microsoft Cloud

Here are new and updated offerings which can potentially help with your cost optimization needs:

Generally Available: Azure Virtual Network Manager mesh and direct connectivity

Generally Available: Announcing kube-egress-gateway for Kubernetes

Generally Available: Run your Databricks Jobs with Serverless compute for workflows

Generally Available: Azure Elastic SAN Feature Updates

Generally Available: Azure Virtual Network Manager mesh and direct connectivity

Public Preview: Summary rules in Azure Monitor Log Analytics, for optimal consumption experiences and cost

Public Preview: Continuous Performance Diagnostics for Windows VMs to enhance VM Troubleshooting

Public Preview: Azure cross-subscription Load Balancer

Public Preview: Advanced Network Observability for your Azure Kubernetes Service clusters through Azure Monitor

New Azure Advisor recommendations for Azure Database for PostgreSQL—Flexible Server

Want a more guided experience? Start with Control Azure spending and manage bills with Microsoft Cost Management.

Documentation updates 

Here are a few costs related documentation updates you might be interested in:

Update: Centrally managed Azure Hybrid Benefit FAQ

Update: Pay for your Azure subscription by wire transfer

Update: Tutorial: Create and manage budgets

Update: Understand cost details fields

Update: Quickstart: Start using Cost analysis

Update: Tutorial: Improved exports experience—Preview

Update: Transfer Azure Enterprise enrollment accounts and subscriptions

Update:  Migrate from Consumption Usage Details API

Update: Change contact information for an Azure billing account

New: Avoid unused subscriptions

Want to keep an eye on all documentation updates? Check out the Cost Management and Billing documentation change history in the azure-docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request. You can also submit a GitHub issue. We welcome and appreciate all contributions!

What’s next?

These are just a few of the big updates from last month. Don’t forget to check out the previous Microsoft Cost Management updates. We’re always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow the Microsoft Cost Management YouTube channel to stay in the loop with new videos as they’re released and let us know what you’d like to see next.
The post Microsoft Cost Management updates—July 2024 appeared first on Azure Blog.
Quelle: Azure