Azure feature retirement #1697
Comments
|
Hi @helendduncan, There are quite a few things to go through here. I think we need to identify
I would be surprised if the TLS deprecation is a problem, for example. I think you should look carefully at these because there may be things you need to fix through manual intervention on a production deployment. What would be most useful? |
|
RE: Meeting 15/01/24 with @helendduncan and @craddm Closing this issue as each individual retirement is either not relevant or is addressed in other issues Classic metrics in Azure Storage, will be replaced with metrics in Azure Monitor (09/01/2024) |
The DSH operations team email address has received several automated reminders of Azure feature retirements over 2024.
Classic metrics in Azure Storage, will be replaced with metrics in Azure Monitor
Because Azure Monitor now provides rich, consolidated monitoring for Azure resources, classic metrics in Azure Storage will be retired on 9 January 2024 and you'll need to transition to using metrics in Monitor.
In addition to the classic metrics features you already use, metrics in Monitor provide improvements such as:
New metrics and dimensions for extended monitoring.
Deep analysis in Azure Monitor Logs.
Native integration with other monitoring solutions.
Recommended action
To continue monitoring your Storage resources, transition to metrics in Monitor by 9 January 2024.
Potential subscriptions affected:
Comments
Having looked through the Azure documentation here, I believe the relevant call to the classic metric would be
Get-AzStorageServiceMetricsProperty- which is not used in the 4.1.0 release. So I believe this transition will not affect the running of the DSH.Furthermore I have not come across usage via the portal and the supporting visualisations have been retired since August 2023 - which again lends weight to my belief that this isn't in active use for the DSH.
Update your trusted root store for Azure Storage
Many Azure Storage services use intermediate TLS certificates that are set to expire in June 2024. In preparation, we'll begin rolling out updates in March for these expiring certificates in Blob Storage, Azure Files, Table Storage, Queue Storage, static websites, and Data Lake Storage Gen2 in the public Azure cloud and US Government cloud.
If you have client applications that still use certificate pinning, they'll be affected by this change and you'll need to take action by 29 February 2024 to avoid potential connection interruptions. Certificate pinning—when client applications explicitly specify a list of acceptable certificate authorities—is no longer a best practice.
Required action
If you have client applications that have pinned to intermediate certificate authorities, take one of these actions by 29 February 2024 to prevent interruptions to your connections:
Add the issuing certificate authorities to your trusted root store. Keep using the current intermediate certificate authorities until they're updated.
Or, to avoid the effects of this update and future certificate updates, discontinue certificate pinning in your applications.
Potential subscriptions affected:
Update management in Azure Automation will be retired
On 31 August 2024, both the update management feature of Azure Automation and the Log Analytics agent it uses will be retired. You’ll need to begin assessing and patching your virtual machines using Azure Update Manager by that date.
Azure Update Manager is available at no charge for managing Azure Virtual Machines and Azure Stack HCI VMs. For Azure Arc–enabled servers, the price is $5 per server per month.
In addition to the familiar features you already use, Azure Update Manager offers key improvements including:
Zero-step onboarding with native functionality built on Azure compute and Azure Arc.
Granular, per-resource access control and role-based access control.
Greater flexibility with Azure-orchestrated auto-patching, customer-defined maintenance schedules, and hotpatching.
Required action
To avoid any disruptions in service, migrate to Azure Update Manager by 31 August 2024.
Potential subscriptions affected:
Migrate to change tracking and inventory with Azure Monitoring Agent
On 31 August 2024, change tracking and inventory with Log Analytics agent in Azure Automation will be retired. You'll need to migrate to change tracking and inventory in Azure Monitoring Agent by that date.
In addition to the familiar capabilities you already use, change tracking and inventory in Azure Monitoring Agent offers key improvements such as:
Enhanced security and reliability.
At-scale onboarding with Azure Policy.
The ability to manage change and inventory with data collection rules.
Required action
To avoid any disruptions in service, migrate to change tracking and inventory in Azure Montioring Agent by 31 August 2024.
Potential subscriptions affected:
Transition TLS to TLS 1.2 or later
If you have resources that interact with Azure services and still use TLS 1.1 or earlier, transition them to TLS 1.2 or later by 31 October 2024
To enhance security and provide best-in-class encryption for your data, we'll require interactions with Azure services to be secured using Transport Layer Security (TLS) 1.2 or later beginning 31 October 2024, when support for TLS 1.0 and 1.1 will end.
The Microsoft implementation of older TLS versions is not known to be vulnerable, however, TLS 1.2 and later offer improved security with features such as perfect forward secrecy and stronger cipher suites.
Recommended action
To avoid potential service disruptions, confirm that your resources that interact with Azure services are using TLS 1.2 or later. Then:
The text was updated successfully, but these errors were encountered: