Today we’re letting our customers know about our upcoming Data Subject Request (DSR) processing capability in the Azure portal, which will provide tenant admins a simple, powerful tool to quickly fulfill the Data Subject Requests that are central to compliance with the European Union General Data Protection Regulation (GDPR). We will fully support these DSR capabilities before May 25, 2018, the date when enforcement of the GDPR begins and when Microsoft has committed to be GDPR compliant across our cloud services. 

The GDPR is the most significant change to EU privacy law in two decades and sets a new global standard for privacy rights, governing the handling and use of personal data. A fundamental tenet of the GDPR is the set of rights it grants individuals, or data subjects, in connection with their personal data collected by an organization (known as the data controller).

If your organization collects, hosts, or analyzes the personal data of EU residents, GDPR provisions require you to use data processors that guarantee their ability to implement the technical and organizational requirements of the GDPR. The GDPR also requires you to respond to requests from individuals, or data subjects, to receive a copy of their personal data, correct or delete it, restrict its processing, or export it in an electronic format so it can be moved to another controller.

The new Azure portal DSR capability will help you to fulfill DSRs. Using it, you can identify information associated with a data subject and will be able to execute DSRs against system-generated logs (data Microsoft generates to provide a given service).  This an exciting capability for enterprise customers, as it was previously not possible to access or delete data in system-generated logs. Microsoft is pleased to provide this additional functionality as part of its enduring commitment to privacy.

In addition, Azure enables the fulfillment of DSRs against customer data (data you and your users upload or create) through pre-existing application programming interfaces (APIs) and user interfaces (UIs) across the breadth of services provided. The combination of the Azure portal and pre-existing Azure capabilities will enable you to respond to these types of requests for personal data that reside in the Microsoft cloud:

• Access: Provide a copy of personal data to the data subject.
• Rectify: Make changes or implement other requested actions on customer data, where applicable.
• Delete: Permanently remove personal data that resides in the Microsoft cloud.
• Export: Provide an electronic copy (in machine readable format) of personal data to the data subject, and upon request, transmit these electronic files to another data controller.

The new DSR capability in the Azure portal

You will be able to  use the Azure portal to identify and locate customer and employee user profiles, as well as user work information that contain personal data in your Azure Active Directory (AAD) environment. AAD is the Microsoft cloud-based, multi-tenant directory and identity management service. Using the information about the data subject in the portal interface, you can then execute the DSR.

Office 365 also announced a public preview of the new Data Privacy tab in Office 365 Security & Compliance Center to support data subject requests (DSR). The new Office 365 DSR experience provides the tools to create a case for a data subject request, search and refine relevant data across Office 365 locations such as Exchange, SharePoint, OneDrive, Groups, and now Microsoft Teams and export this data to be reviewed further prior to being transferred to the requestor. Learn more on the Office 365 blog.

Microsoft was the first global cloud services provider to publicly commit to GDPR compliance and to offer written contractual commitments. Now more than ever, we believe privacy is a fundamental right. The GDPR is an important step forward to further clarify and enable individual privacy rights and Microsoft looks forward to sharing additional updates regarding how we can help you comply with this new regulation and, in the process, advance personal privacy protections.

The GDPR requires that both Microsoft, as cloud service provider, and you, as a cloud tenant, fulfill the requirements of the GDPR, so this is a journey to compliance we are making together. We invite you to learn about the DSR capabilities of the Azure portal today.  If you’re attending the RSA Conference in San Francisco this week, stop by our Booth #3501 and visit our GDPR station. For additional information, visit the Azure GDPR page, and the Service Trust Portal for details on Microsoft’s GDPR capabilities.

Migrating your workloads to the cloud can enable some inherent security benefits. With cloud scale machine learning and security analytics, you can mitigate threats quickly, making your environment more secure and your organization more productive.

Azure Security Center provides centralized visibility of the security state of your resources and uses the collective intelligence from machine learning and advanced analytics to not only detect threats quickly but to help you prevent them. It’s agent-based approach helps gain deeper security insights from the workloads and extends these protections to workloads running on-premises as well as other clouds, providing a unified security management for you.

Today we are excited to announce several capabilities in Azure Security Center that will provide enhanced protection to help you keep pace with the evolving cybersecurity landscape:

Visibility and governance at the organizational level

Take advantage of a new overview dashboard to gain visibility into your security state from an organizational level instead of a subscription level. To help organizations identify and address the challenges of managing an organization-wide security posture, you can now set security policies for management groups in your organization. You can also monitor it with an organization-wide compliance score as well as a breakdown score per subscription and management group.

Improve your productivity

Integrated security configuration in the Virtual Machine experience: Securing your resources in IaaS is important, which is why we’ve made it even simpler for you to do. As you create virtual machines in Azure, security configuration is now integrated into the virtual machine experience. In just a few clicks, you can enable Security Center and quickly assess the security state of your virtual machine, get actionable recommendations and mitigate risks.

An Identity & Access Management section will make it easier to discover if you have enabled access controls, such as multifactor authentication, for your applications and data. You can also discover identity and access issues and receive instructions for remediation.

Reduce your exposure to threats

Just-in-time VM access general availability: Previously in preview, the Just-in-Time VM access will be generally available today. It allows you to protect against threats such as brute force attacks by reducing access to virtual machine management ports only when it is needed.

Adaptive application controls: Using machine learning, Security Center recommends applications that should be whitelisted. Two new improvements will be available in preview today. First, you can get recommendations for new file types such as MSIs and scripts. Second, you can group virtual machines based on the similarity of applications running on them. Both of these enhancements are to improve the accuracy of the whitelisting policy that Security Center recommends for the virtual machines in a specific workload, and make it even easier for you to block unwanted applications and malware.

Interactive network security monitoring: Get visibility into the network components within your virtual networks in Azure from a new interactive topology. You can explore the connections between your virtual networks, subnets and nodes. You get actionable recommendations if vulnerabilities such as missing network security groups or web application firewalls are detected so you can take the appropriate next step.

File integrity monitoring (FIM): To help protect the integrity of your system and application software, Security Center is continuously monitoring the behavior of your registry and configuration files. If some abnormal change to the files or a malicious behavior is detected, Security Center will alert you so that you can continue to stay in control of your files.

Extending threat protection to containers: You can now get visibility into security posture of container environment and monitor for unsecure configuration on the container engine.

New secure configuration assessments for servers: A new web security configuration assessment helps you find vulnerabilities in your IIS web servers running on IaaS VMs and provides actionable recommendations to mitigate the risks.

Quickly detect and respond to threats

Integration with Windows Defender Advanced Threat Protection for servers (WDATP): Security Center now harnesses the power of WDATP to provide improved threat detection for Windows Servers. Microsoft’s vast threat intelligence enables WDATP to identify and notify you of attackers’ tools and techniques, so you can understand threats and respond. To uncover more information about a breach, you can explore the details in the interactive Investigation Path within Security Center blade. To get started, WDATP is automatically enabled for Azure and on-premises Windows Servers that have onboarded to Security Center.

Fileless Attack Detection: Security Center uses a variety of advanced memory forensic techniques to identify malware that persists only in memory and is not detected via traditional means. You can use the rich set of contextual information for alert triage, correlation, analysis and pattern extraction.

Threat analytics for admin activity: Security Center can now detect threats targeting your admin activity by analyzing the Azure Resource Management logs. If something abnormal is attempted or permissive privileges have been granted, you will be alerted and can investigate the activity.

Security Center is also extending its threat detection capabilities to PaaS resources. It can now detect threats targeting Azure App Services and provide recommendations to protect your applications.

New partner integrations

Security Center integrates with many partner solutions. We are excited to announce the integration with new partner solutions from Palo Alto and McAfee.

Palo Alto: This integration enables you to streamline provisioning for Palo Alto VM series Next Generation Firewall in the Security Center blade along with integrated threat detection and unified health monitoring of the firewall and simplify deployment.

McAfee: Security Center also supports the discovery and health status reporting of McAfee anti-malware on Windows machines, so you can now receive recommendations from another third-party antimalware service and mitigate potential issues.

Azure Security Center released several new capabilities today that will provide you with better insight, more control, and confidence to keep pace in this ever-changing cybersecurity landscape. Learn how one of our customers, Icertis, achieved better security and gained more productivity by saving 30 percent of operations time by using Azure Security Center.

Start using Azure Security Center’s new capabilities today

The following capabilities are available generally today: integration with virtual machine experience, Web Security Configuration Assessments, and Just-in-Time VM Access.

The following features are available in public preview: Visibility into identity and access controls, File Integrity Monitoring (FIM), Adaptive Application Controls, integration with Windows Defender Advanced Threat Protection, Fileless Attack Detection, and detecting threats targeting Azure App Service and Azure Resource Management logs.

We are offering a limited public preview for some capabilities like the new Security Center dashboard, interactive network topology and security assessments for containers. Please contact us to participate in this early preview.

Learn more about Azure Security Center

Watch our new Azure Friday video to understand the fundamentals of Azure Security Center.

If you are attending RSA 2018 in San Francisco this week, we would love to connect with you at our booth 3501. You can also attend theater session on Azure Security Center on Wednesday, April 18, 2018 at 1:30 PM Pacific Time.

To learn more about how you can implement these Security Center capabilities, visit our documentation.

Today we’re at RSA, and we are delighted to sponsor and participate in this industry event centered in security. I thought I’d take the opportunity to share our perspective on cloud security with Azure.

As we all know, companies worldwide are challenged by the ongoing volume of evolving security threats and with retaining qualified security talent to respond to these threats. In fact, the average large organization gets 17,000 security alerts each week, which results in an of average 99 days to discover security breaches. That contrasts with the less than 48 hours it takes for security breaches to grow from one system compromised into significantly broader issues.

As you look for solutions to address these challenges, Azure can help strengthen your security posture, while reducing cost and complexity. Thousands of companies and governments from all over the world including TD Bank, First Tech Credit Union, Geico, 3M, Rolls-Royce, state of Hawaii, city of Musson, and Heineken have chosen Azure as their trusted cloud. Azure provides value in three key areas – a secure foundation that is provided by Microsoft, built-in security controls to help you quickly configure security across the full-stack, and unique intelligence at cloud scale to help you safeguard data and respond to threats in real-time.

1. Azure’s secure foundation

Microsoft invests over a billion dollars annually into cybersecurity, including the Azure platform, so you can allocate your IT budget and resources towards other business-critical initiatives.

You get to take advantage of 3,500 dedicated cybersecurity professionals working together across the Cyber Defense Operations Center, digital crimes unit and other teams to help protect, detect and respond to threats in real time.

For physical security, Azure has hundreds of datacenters in 50 regions, and these have extensive multi-layered protections to ensure unauthorized users cannot gain physical access to your customer data.

Cloud security includes much more than cybersecurity experts and physical controls. The computing infrastructure for Azure is built on customized hardware with security controls integrated into the hardware and firmware components including secret management and increasingly hardware-based enclave technology.

The extensive network infrastructure has built-in protections against DDoS to safeguard your resources against volumetric or protocol layer attacks. Azure DDoS Protection has the operational capacity to scale protection to the largest of workloads and experience protecting Microsoft services such as Xbox and O365.

We know security is an ever-evolving state, so to save you time, we manage the basics such as ensuring the servers that run Azure are patched. We actively work to identify vulnerabilities through continuous testing and monitoring and run exercises such as red team versus blue team cyber penetration testing.

We regularly hear from customers that one of the reasons they chose Azure is the secure foundation is provides which enables them to put more of their resources towards delivering core value.

2. Azure’s built-in security controls

Even with the secure foundation that Azure provides, security is ultimately a joint responsibility between Microsoft and our customers. When you put your workloads and data on Azure, we recommend you follow security best practices. Azure has built-in security controls to help you get protected faster across identity, network, data and tools to help you with security management and threat protection.

Manage identity and access: Azure Active Directory is the central system for managing access across all your cloud services, including Azure, Office 365, and hundreds of popular SaaS and PaaS cloud services as well as on-premises. Active Directory is the most used directory service in the world. Microsoft recommends that you secure access with Azure Multi-Factor Authentication. We also recommend that you follow the same approach we do on Azure internally and limit access to only those who need it on a task-by-task basis using Role-Based Access.

Secure your network: Building and maintaining a secure network through Azure virtual networks (VNet) would typically start with segmenting subnets and configuring access rules using Network and Application Security Groups. Extend your on-premises network to the cloud using secure site-to-site VPN or a dedicated Azure ExpressRoute connection. Protect your web applications with the built-in Web Application Firewall. Announcing at RSA this week, Azure DDoS Protection Standard gives you more control over DDoS protection for your virtual networks with turnkey protection, telemetry and alerting.

Safeguard data and manage secrets: Azure can help protect your data while it’s in transit, at rest or even while it’s being used. Azure uses industry-standard protocols to encrypt data in transit as it travels between devices and Microsoft datacenters. When the data is kept in Azure Storage, you can use built-in data encryption to protect it. Azure Key Vault enables you to safeguard and control cryptographic keys and other secrets used by cloud apps and services. Data encryption controls are built-in to services from virtual machines to SQL to CosmosDB and Azure Data Lake. You can even protect data while it’s in use with the recently announced Azure confidential computing.

Unified security management to help prevent and detect threats: Azure Security Center provides you with insight into security issues with your Azure workloads and provides clear suggestions on what to fix. Azure Security Center goes beyond the capabilities of agentless alternatives found in other clouds to detect important security issues within virtual machines and cloud resources using an agent. You can even extend Azure Security Center to manage your on-premises workloads.

You can protect your virtual machine management ports from brute-force attacks using Azure Security Center Just-in-Time VM access. This week at RSA, we are announcing many new capabilities for Azure Security Center including enhanced protection for servers with Windows Defender ATP integration, improved management dashboard experience to help assess compliance across multiple subscriptions and configuring security easily within the context of virtual machine experience.

Azure’s breadth of built-in security services across identity, networking, data, threat prevention and security management make it simple for you to improve your security posture. You can also extend your existing investments to Azure with the many partner security solutions available in the Azure Marketplace from companies like Barracuda, Palo Alto, and Check Point.

3. Azure’s unique intelligence

In a world of evolving threats, the size of the threat dataset is both large and constantly changing. Since we are all working together to combat against cyberattacks, we need to leverage collective intelligence to help us keep pace with threats. The Microsoft Intelligence Security Graph brings together signals from many Microsoft products used at massive scale, including data from 450 billion authentications per month, 4 billion emails and 1 billion devices—to provide the intelligence you need to protect from evolving threats. At RSA, we are announcing the preview of the API for the Microsoft Intelligence Security Graph to further increase the richness of information in the graph and make it more accessible.

Azure Security Center’s threat protection helps you detect and mitigate threats with security alert dashboards by combining the Microsoft Intelligence Security Graph with machine learning and visualizations to help you understand the most critical issues, and even quickly visualize a complete attack chain. We recommend every enterprise customer turns on this capability.

I recommend that you consider the security capabilities Azure provides from its secure foundation, to built-in controls and unique intelligence to strengthen your security posture. To dive deeper, watch our new Azure Essentials video and visit our web page.

Azure Security at RSA 2018

For those of you attending RSA Conference this week in San Francisco, please visit us at booth 3501 to learn more about Azure Security. We cannot wait to connect with you!

¹”7 steps to a holistic security strategy,” 2017, Microsoft.
²”M-Trends 2016,” 2016, Mandiant Consulting.
³”Anatomy of a Breach,” 2016, Microsoft.

Today, we are delighted to announce increased scale limits for Azure Backup. Users can now create as many as 500 recovery services vaults in each subscription per region as compared to the earlier limit of 25 vaults per region per subscription. Customers who have been hitting the vault limits due to a restriction of 25 vaults can now go ahead and create vaults to manage their resources better. In addition, the number of Azure virtual machines that can be registered against each vault has been increased to 1,000 from the earlier limit of 200 machines under each vault.

Key benefits

1. Better management of resources between departments in an organization: Flexibility to create a large number of vaults under a subscription and large number of containers under a vault based on the departmental requirements without worrying about hitting vault limits.
2. Better granularity in reporting and monitoring of data within vaults: Users can create separate vaults as per their requirements segregated based on organizational needs and get more granular reporting of backup usage on a per vault basis.
3. Systematic and comprehensive billing: Users can get vault level detailed billing for a subscription for better financial management within an organization.

Related links and additional content

• Learn more about Azure Backup.
• Sign up for a free Azure trial subscription.
• Want more details? Check out Azure Backup documentation.
• Need help? Reach out to Azure Backup forum for support.
• Tell us how we can improve Azure Backup by contributing new ideas and voting up existing ones.
• Follow us on Twitter @AzureBackup for the latest news and updates.

At Microsoft, our approach is to listen to customers and bring solutions and tools that can help solve their problems. It is at the heart of everything we do. It is the same listening process that got us to PostgreSQL, and a couple of years back we embarked on the journey to bring PostgreSQL as a fully managed database service on Azure. We reached a key milestone towards that journey when we recently announced the general availability of Azure Database for PostgreSQL.

Attending community and customer events is always special for me – it’s an opportunity to engage with and learn from some of the leading minds in the industry. PostgresConf US 2018 is even more special given how much support we have received from the Postgres community and I look forward to meeting community leaders, customers, and partners at the event. I’ll also be joined by a few of my colleagues, and while you can find us at the Microsoft booth, you can also attend product deep dive session by Sunil Kamath and a GDPR session by Mark Bolz.

During my keynote at the conference, I’ll share some of our learnings leading to the general availability of Azure Database for PostgreSQL. Reflecting back to when we started, PostgreSQL was very new to us, so first of all we engaged deeply with the community to understand Postgres and the surrounding ecosystem. We also engaged very closely with our customers through the preview, helping unblock issues and prioritizing what was important to them. If I distill what we learnt during the preview period, there are four key areas to highlight.

First, customers care about fundamentals, on-premises and in the cloud, and customers across database engines have similar needs. Resiliency, fault tolerance, availability, elastic performance, and scale matter a lot. So, while customers get automatic updates and patching, and other benefits in using a fully managed database service, we ensured that the fundamentals are also built into the platform. For example, when customers choose Azure Database for PostgreSQL, it comes with built-in high availability at no extra cost. This is also backed by industry leading SLA of 99.99%.

Second, in many conversations that we have had with customers and CIOs, a key, if not the most important, topic that consistently comes up is security and compliance. Here too, similar to with fundamentals, we ensure built-in security to ensure our customers are covered. For example, data at rest and data in motion is encrypted by default using TLS1.2 standards in Azure Database for PostgreSQL. Going into general availability, we also ensured global and local certifications, such as ISO, SOC, PCI, HIPAA, and GDPR.

Third, we understand that developers are making technology choices based on their app requirements and may choose different database engines based on the app stack. At the same time, they want to use all their data in a meaningful way. That’s why we are ensuring Azure Database for PostgreSQL is integrated with other Azure products, such as Containers, App Service and Power BI, to enable customers to create end to end solutions. We’ll continue to make it easier for customers to use PostgreSQL with other Microsoft products and tools.

Lastly, we learnt that customers are making a key choice not just about the database but also about the cloud platform where it’s hosted. Customers are looking for cloud vendors that can partner with them in their digital transformation journey. At Microsoft Azure, we have made investments in building a cloud platform that meets customers where they are with support for the stack of their choice, hybrid solutions and a rich set of intelligent solutions, such as Azure Databricks, Azure SQL Data Warehouse and Cognitive APIs. With more public cloud regions than any other cloud vendor and industry leading security and compliance offering, customers worldwide can choose Azure as their trusted partner.

I’m looking forward to sharing more during the keynote and in person when I get to meet some of you at the conference this week.

See you at PostgresConf US 2018!

• Microsoft Keynote: April 19, 2018 at 3:40 PM Eastern Time (Rohan Kumar)
• Session on Azure Database for PostgreSQL deep dive: April 20, 2018 at 12:50 PM Eastern Time (Sunil Kamath)
• Session on General Data Protection Regulation (GDPR): April 18, 2018 at 4:30 PM Eastern Time (Mark Bolz)

Resources

If you’d like to try out our Azure Database for PostgreSQL, you can get started or sign up for a free Azure account.

Be sure to let us know what you think through User Voice PostgreSQL!

We continue to expand the Azure Marketplace ecosystem. In March 2018, 55 new offers successfully met the onboarding criteria and went live. See details of the new offers below:

	Kentico on Windows Server 2012 R2: Kentico CMS is a free edition web content management system for building websites, online stores, intranets, and community sites. Create, manage, and integrate communities socially to encourage conversations about your brand.
	OpenText Process Suite 16.3 Marketplace Info VM: With intelligently automated, content-rich processes that you can quickly build and easily modify, Process Suite gives you the power to deliver a variety of new digital experiences with a much lower IT workload.
	Content Suite 16 (January 2018): OpenText Content Suite Platform is a comprehensive enterprise content management (ECM) system designed to manage the flow of information from capture through archiving and disposition.
	BigDL Spark Deep Learning Framework VirtualMachine: Deep Learning framework for distributed computing designed for Apache Spark architecture and highly optimized for Intel Xeon CPUs. Feature-parity with TensorFlow, Caffe, etc., without the need for GPUs.
	Gallery Server on Windows Server 2012 R2: Gallery Server is a free, open source, easy-to-use Digital Asset Management (DAM) application and web gallery for sharing and managing photos, video, audio, and other files. It is written with ASP.NET and C#.
	SugarCRM on Windows Server 2012 R2: SugarCRM Community Edition is an open-source, free customer relationship management (CRM) solution that caters to the needs of millions of businesses worldwide.
	Apache Web Server on Ubuntu 14.04 LTS: Apache is free, open-source, cross-platform web server software. Developed and maintained by Apache Software Foundation, it runs on 67% of all web servers in the world. It is fast, reliable, and secure.
	MySQL 5.7 on CentOS 7.4: MySQL is a relational database management system based on SQL – Structured Query Language. The application is used for a wide range of purposes, including data warehousing, e-commerce, logging applications, and as a web database.
	MySQL 5.7 on Ubuntu 14.04 LTS: MySQL is a relational database management system based on SQL – Structured Query Language. The application is used for a wide range of purposes, including data warehousing, e-commerce, logging applications, and as a web database.
	DNN Platform on Windows Server 2012 R2: The DNN Platform (formerly known as the DotNetNuke Community Edition) is an open, extensible, secure, and scalable content management system for ASP.NET.
	ANSYS 18.2 Fluids and Structures: Increase your engineering productivity. ANSYS on Microsoft Azure gives you the additional compute power and accessibility you need to perform your complex simulations.
	MySQL 5.7 on Ubuntu 16.04 LTS: MySQL is a relational database management system based on SQL – Structured Query Language. The application is used for a wide range of purposes, including data warehousing, e-commerce, logging applications, and as a web database.
	NCache Community 4.8 Server: NCache is a high performance object caching solution for mission critical .NET applications with real time data access needs. NCache delivers blazing speed and is fully integrated with the .NET stack.
	Redis on Ubuntu 16.04 LTS: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Redis provides high availability via Redis Sentinel and automatic partitioning with Redis Cluster.
	Thoughtspot Virtual Machine: ThoughtSpot’s next-generation analytics platform offers an easy-to-use, search-driven experience, meaning anyone can use search to analyze company data in seconds, as well as one-click automated insights.
	PostgreSQL on Ubuntu 16.04 LTS: Postgres is an object-relational database management system with an emphasis on extensibility and standards compliance. It can handle workloads ranging from small single-machine applications to large Internet-facing applications.
	Apache Web Server on CentOS 7.4: Apache is free, open-source, cross-platform web server software. Developed and maintained by Apache Software Foundation, it runs on 67% of all web servers in the world. It is fast, reliable, and secure.
	PostgreSQL on CentOS 7.4: Postgres is an object-relational database management system with an emphasis on extensibility and standards compliance. It can handle workloads ranging from small single-machine applications to large Internet-facing applications.
	Apache Web Server on Ubuntu 16.04 LTS: Apache is free, open-source, cross-platform web server software. Developed and maintained by Apache Software Foundation, it runs on 67% of all web servers in the world. It is fast, reliable, and secure.
	PostgreSQL on Ubuntu 14.04 LTS: Postgres is an object-relational database management system with an emphasis on extensibility and standards compliance. It can handle workloads ranging from small single-machine applications to large Internet-facing applications.
	Spotlight Enterprise 12.2: Get 24 x 7 monitoring and diagnostics to optimize SQL Server performance. Obtain a complete view of everything that affects SQL Server performance, and resolve issues proactively, before they impact the business.
	Fortinet FortiVoice Enterprise PBX: Gain total call control and sophisticated communication features for excellent customer service and efficient employee collaboration. FortiVoice Enterprise systems deliver powerful features and value to offices with up to 10,000 phone users.
	PlateSpin Replication Environment: PlateSpin Migrate is a powerful workload portability solution that automates the process of moving workloads over the network between physical servers, virtual hosts, and enterprise cloud platforms—all from a single point of control.
	Profisee LightSwitch for RDM: Gain control of your common data and get help with your enterprise information management strategy with Profisee LightSwitch for Reference Data Management, your quick path to better business outcomes.
	McAfee® vNSP Controller: vNSP Controller is the central enforcement point for network and security policies. It is a centralized manager that controls all Virtual Probes installed on the instances in the cloud environment, and can be configured in the Network Security Manager.
	McAfee® Virtual IPS Sensor: Get scalable and flexible content processing virtual appliances built for the accurate detection and prevention of intrusions, misuse, and malware. Virtual IPS Sensor provides real-time traffic monitoring to detect and respond to malicious activity.
	McAfee® Network Security Manager: McAfee Network Security Manager makes it easy to protect physical and hybrid cloud environments using a single management interface. It allows you to manage policies with unmatched speed, accuracy, and simplicity.
	AP Elements FLY: Migrate file shares, Exchange/Gmail mailboxes, and SharePoint to Office 365. AP Elements Fly is a fast Office 365 migration tool. It can help your customers automate their migration project with pre-defined mappings, schedules, and real-time monitor.
	Fidesys Rus: Fidesys is an innovative CAE system that performs a full cycle of engineering-strength analysis from meshing to results visualization. Get a wide range of functionality for any type of industry, as well as a convenient interface in Russian.
	Syte.ai: Syte.ai makes any product in a photo or video instantly purchasable. It takes customer inspiration and automatically transforms it into new shopping opportunities, with proven results to increase brand loyalty, searchability, and conversions for retailers and brands.
	Damn Vulnerable Web App: DVWA is a vulnerable PHP/MySQL web application for studying security concepts and testing security tools. It can help security professionals, web developers, and teachers/students in a classroom environment.
	Web Application Attack Tool: Web Application Attack Tool is a vulnerability scanner based on OWASP ZAP. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.
	Palo Alto Networks Panorama: Panorama network security management provides static rules and dynamic security updates in an ever-changing threat landscape. Reduce administrator workload and improve your overall security posture.
	Optimiz Centos 7 nginx Linux Web Server: For a faster web server build that optimizes centos 7, PHP 7, and nginx web server image. It comes with kernel reconfigure: OS CENTOS 7, MariaDB, PHP 7, and nginx.
	TimeXtender Discovery Hub Application Server: TimeXtender is a single, integrated, metadata-driven, agile, and automated software platform. Easily merge data from a variety of data sources and use agile data modeling to build a modern data warehouse and semantic model.
	TrueStack Direct Connect: TrueStack Direct Connect, a VPN Management server, is the simplest way to get your on-premises Windows domain controller to the cloud so your IT department and end users can access it from anywhere.
	Automated Metadata Tagging Solution for Office 365: Automatically add metadata based on the text or bar-code contents in a document. To dramatically enhance findability, Searchlight Tagger can automatically add metadata tags based on document content.
	Cisco vEdge Cloud Router: Cisco vEdge Cloud is a software router platform that supports a range of capabilities available on the physical vEdgerouter platforms. vEdge Cloud router is offered as a virtual machine that can be deployed in private, public, or hybrid cloud environments.
	Barracuda CloudGen WAF for Azure: Barracuda CloudGen WAF for Azure inspects inbound web traffic and blocks many attacks targeted at your applications. The integrated access control engine gives you strong authentication and user control.
	SecureSphere Web Application Firewall v13.0: Protect your business-critical applications with SecureSphere by Imperva. Get enterprise class protection, dynamic security controls, and defense against app vulnerabilities, OWASP Top-10 threats, and layer-7 DDoS attacks.
	XenData Cloud File Gateway: XenData Cloud File Gateway allows file-based applications to use Azure blob storage without modification. The gateway is optimized for video, image, and other large files, which makes it ideal for a wide range of applications.
	HAProxy Enterprise - Red Hat Enterprise Linux: HAProxy Enterprise Edition is a software load balancer and application delivery controller that combines HAProxy with enterprise-class features, services, and first-class support.
	HAProxy Enterprise - Ubuntu Server: HAProxy Enterprise Edition is a software load balancer and application delivery controller that combines HAProxy with enterprise-class features, services, and first-class support.
	Microsoft Azure Applications
	mijin BaaS on Azure: mijin blockchain creates a secure data-sharing environment with high performance, zero downtime, and unfalsifiable data, while reducing the cost of conventional infrastructure.
	WatchGuard Firebox Cloud: Extend your security perimeter to the cloud and protect email servers, web servers, customer relationship management systems (CRMs), and file storage running within a public cloud environment.
	CloudLink SecureVM: Control, monitor, and encrypt virtual machines with ease and confidence. CloudLink SecureVM by Dell EMC unlocks native Windows BitLocker and Linux OS encryption features by providing policy-based key management and orchestration.
	Black Duck Hub: Black Duck Hub helps security and development teams identify and mitigate open source related risks across their applications and containers. Black Duck provides extensive integration with third-party development tools.
	CrateDB: CrateDB is a distributed real-time SQL database engine built on a NoSQL technical stack. This unique architecture delivers the best of SQL and NoSQL and is an ideal fit for machine-generated data.
	Dell EMC Avamar and Data Domain Virtual Editions: AVE and DDVE are software-defined versions of industry leading protection software. The offer of this solution template will provide one-click deployment of Avamar and Data Domain together in Azure.
	Controller: Controller by Nubeva, Inc., deploys the Controller VM and all the associated resources required.
	Unbound Key Control: UKC lets you manage and control keys in any application deployed in Azure. This pure-software solution is easy to deploy and maintain, while giving you security and control for your crypto keys in the cloud.
	Geo AI Data Science VM with ArcGIS: The Geo AI Data Science VM is an extension to the Windows Server 2016 edition of the Microsoft Data Science Virtual Machine (DSVM) on Azure, offered through the collaboration between Esri and Microsoft.
	Terraform: Microsoft has published a HashiCorp Terraform instance on Linux, for those looking to use Terraform as their primary provisioning tool. The solution template will install Terraform on a Linux (Ubuntu 16.04 LTS) VM along with tools configured to work with Azure.
	Hyperledger Fabric on Azure: With a handful of user inputs and a single-click deployment through the Azure portal, you can provision a fully configured blockchain network topology in minutes, using Microsoft Azure compute, networking, and storage services across the globe.
	Ethereum on Azure: Deploy and configure an Ethereum blockchain network in minutes. You are only charged for the underlying infrastructure resources consumed, such as compute, storage, and networking. There are no incremental charges for the solution itself.

Just a few weeks ago we announced the first preview release of an experimental web UI framework called Blazor. Blazor enables full-stack web development using C# and WebAssembly. So far thousands of web developers have taken on the challenge to try out Blazor and done some pretty remarkable things:

• Started using Blazor to build RealWorld web apps
• Used Blazor to control a Christmas tree from a Raspberry Pi
• Built a Blazor app for looking up lyrics to vocaloid music
• Integrated Blazor with the Redux DevTools to do time-traveling debugging

The feedback and support from the community has been tremendous. Thank you for your support!

Today we are happy to announce the release of Blazor 0.2.0. Blazor 0.2.0 includes a whole bunch of improvements and new goodies to play with.

New features in this release include:

• Build your own reusable component libraries
• Improved syntax for event handling and data binding
• Build on save in Visual Studio
• Conditional attributes
• HttpClient improvements

A full list of the changes in this release can be found in the Blazor 0.2.0 release notes.

Many of these improvements were contributed by our friends in the community, for which, again, we thank you!

You can find getting started instructions, docs, and tutorials for this release on our new documentation site at http://blazor.net.

Get Blazor 0.2.0

To get setup with Blazor 0.2.0:

1. Install the .NET Core 2.1 Preview 2 SDK.
   • If you've installed the .NET Core 2.1 Preview 2 SDK previously, make sure the version is 2.1.300-preview2-008533 by running dotnet --version. If not, then you need to install it again to get the updated build.
2. Install the latest preview of Visual Studio 2017 (15.7) with the ASP.NET and web development workload.
   • You can install Visual Studio previews side-by-side with an existing Visual Studio installation without impacting your existing development environment.
3. Install the ASP.NET Core Blazor Language Services extension from the Visual Studio Marketplace.

To install the Blazor templates on the command-line:

dotnet new -i Microsoft.AspNetCore.Blazor.Templates

Upgrade a Blazor project

To upgrade an existing Blazor project from 0.1.0 to 0.2.0:

• Install all of the required bits listed above
• Update your Blazor package and .NET CLI tool references to 0.2.0
• Update the package reference for Microsoft.AspNetCore.Razor.Design to 2.1.0-preview2-final.
• Update the SDK version in global.json to 2.1.300-preview2-008533
• For Blazor client app projects, update the Project element in the project file to <Project Sdk="Microsoft.NET.Sdk.Web">
• Update to the new bind and event handling syntax

Your upgraded Blazor project file should look like this:

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>netstandard2.0</TargetFramework>
    <RunCommand>dotnet</RunCommand>
    <RunArguments>blazor serve</RunArguments>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.1.0-preview2-final" PrivateAssets="all" />
    <PackageReference Include="Microsoft.AspNetCore.Blazor.Browser" Version="0.2.0" />
    <PackageReference Include="Microsoft.AspNetCore.Blazor.Build" Version="0.2.0" />
    <DotNetCliToolReference Include="Microsoft.AspNetCore.Blazor.Cli" Version="0.2.0" />
  </ItemGroup>

</Project>

Build reusable component libraries

Blazor components are reusable pieces of web UI that can maintain state and handle events. In this release we've made it easy to build reusable component libraries that you can package and share.

To create a new Blazor component library:

1. Install the Blazor templates on the command-line if you haven't already

    dotnet new -i Microsoft.AspNetCore.Blazor.Templates
   

2. Create a new Blazor library project

    dotnet new blazorlib -o BlazorLib1
   

3. Create a new Blazor app so we can try out our component.

    dotnet new blazor -o BlazorApp1
   

4. Add a reference from the Blazor app to the Blazor library.

    dotnet add BlazorApp1 reference BlazorLib1
   

5. Edit the home page of the Blazor app (/Pages/Index.cshtml) to use the component from the component library.

    @addTagHelper *, BlazorLib1
    @using BlazorLib1
    @page "/"
   
    <h1>Hello, world!</h1>
   
    Welcome to your new app.
   
    <SurveyPrompt Title="How is Blazor working for you?" />
   
    <Component1 />
   

6. Build and run the app to see the updated home page

    cd BlazorApp1
    dotnet run
   

JavaScript interop

Blazor apps can call browser APIs or JavaScript libraries through JavaScript interop. Library authors can create .NET wrappers for browser APIs or JavaScript libraries and share them as reusable class libraries.

To call a JavaScript function from Blazor the function must first be registered by calling Blazor.registerFunction. In the Blazor library we just created exampleJsInterop.js registers a function to display a prompt.

Blazor.registerFunction('BlazorLib1.ExampleJsInterop.Prompt', function (message) {
    return prompt(message, 'Type anything here');
});

To call a registered function from C# use the RegisteredFunction.Invoke method as shown in ExampleJsInterop.cs

public class ExampleJsInterop
{
    public static string Prompt(string message)
    {
        return RegisteredFunction.Invoke<string>(
            "BlazorLib1.ExampleJsInterop.Prompt",
            message);
    }
}

In the Blazor app we can now update the Counter component in /Pages/Counter.cshtml to display a prompt whenever the button is clicked.

@using BlazorLib1
@page "/counter"

<h1>Counter</h1>

<p>Current count: @currentCount</p>

<button onclick="@IncrementCount">Click me</button>

@functions {
    int currentCount = 0;

    void IncrementCount()
    {
        currentCount++;
        ExampleJsInterop.Prompt("+1!");
    }
}

Build and run the app and click the counter button to see the prompt.

We can now package our Blazor library as a NuGet package and share it with the world!

cd ../BlazorLib1
dotnet pack

Improved event handling

To handle events Blazor components can register C# delegates that should be called when UI events occur. In the previous release of Blazor components could register delegates using a specialized syntax (ex <button @onclick(Foo)> or <button onclick=@{ Foo(); }>) that only worked for specific cases and for specific types. In Blazor 0.2.0 we've replaced the old syntax with a new syntax that is much more powerful and flexible.

To register an event handler add an attribute of the form on[event] where [event] is the name of the event you wish to handle. The value of the attribute should be the delegate you wish to register preceded by an @ sign. For example:

<button onclick="@OnClick" />
@functions {
    void OnClick(UIMouseEventArgs e)
    {
        Console.WriteLine("hello, world");
    }
}

or using a lambda:

<button onclick="@(e => Console.WriteLine("hello, world"))"

If you don't need access to the UIEventArgs in the delegate you can just leave it out.

<button onclick="@OnClick" />
@functions {
    void OnClick()
    {
        Console.WriteLine("hello, world");
    }
}

With the new syntax you can register a handler for any event, including custom ones. The new syntax also enables better support for tool tips and completions for specific event types.

The new syntax also allows for normal HTML style event handling attributes. If the value of the attribute is a string without a leading @ character then the attribute is treated as normal HTML.

For some events we define event specific event argument types (ex UIMouseEventArgs as shown above). We only have a limited set of these right now, but we expect to have the majority of events covered in the future.

Improved data binding

Data binding allows you to populate the DOM using some component state and then also update the component state based on DOM events. In this release we are replacing the previous @bind(...) syntax with something more first class and that works better with tooling.

To create setup a data binding you use the bind attribute.

<input bind="@CurrentValue" />
@functions {
    public string CurrentValue { get; set; }
}

The C# expression provided to bind should be something that can be assigned (i.e. an LValue).

Using the bind attribute is essentially equivalent to the following:

<input value="@CurrentValue" onchange="@((UIValueEventArgs __e) => CurrentValue = __e.Value)/>
@functions {
    public string CurrentValue { get; set; }
}

When the component is rendered the value of the input element will come from the CurrentValue property. When the user types in the text box the onchange is fired and the CurrentValue property is set to the changed value. In reality the code generation is a little more complex because bind deals with a few cases of type conversions. But, in principle, bind will associate the current value of an expression with a value attribute, and will handle changes using the registered handler.

Data binding is frequently used with input elements of various types. For example, binding to a checkbox looks like this:

<input type="checkbox" bind="@IsSelected" />
@functions {
    public bool IsSelected { get; set; }
}

Blazor has a set of mappings between the structure of input tags and the attributes that need to be set on the generated DOM elements. Right now this set is pretty minimal, but we plan to provide a complete set of mappings in the future.

There is also limited support for type conversions (string, int, DataTime) and error handling is limited right now. This is another area that we plan to improve in the future.

Binding format strings

You can use the format-... attribute to provide a format string to specify how .NET values should be bound to attribute values.

<input bind="@StartDate" format-value="MM/dd/yyyy" />
@functions {
    public DateTime StartDate { get; set; }
}

Currently you can define a format string for any type you want … as long as it's a DateTime ;). Adding better support for formating and conversions is another area we plan to address in the future.

Binding to components

You can use bind-... to bind to component parameters that follow a specific pattern:

@* in Counter.cshtml *@
<div>...html omitted for brevity...</div>
@functions {
    public int Value { get; set; } = 1;
    public Action<int> ValueChanged { get; set; }
}

@* in another file *@
<Counter bind-Value="@CurrentValue" />
@functions {
    public int CurrentValue { get; set; }
}

The Value parameter is bindable because it has a companion ValueChanged event that matches the type of the Value parameter.

Build on save

The typical development workflow for many web developers is to edit the code, save it, and then refresh the browser. This workflow is made possible by the interpreted nature of JavaScript, HTML, and CSS. Blazor is a bit different because it is based on compiling C# and Razor code to .NET assemblies.

To enable the standard web development workflow with Blazor, Visual Studio will now watch for file changes in your Blazor project and rebuild and restart your app as things are changed. You can then refresh the browser to see the changes without having to manually rebuild.

Conditional attributes

Blazor will now handle conditionally rendering attributes based on the .NET value they are bound to. If the value you're binding to is false or null, then Blazor won't render the attribute. If the value is true, then the attribute is rendered minimized.

For example:

<input type="checkbox" checked="@IsCompleted" />
@functions {
    public bool IsCompleted { get; set; }
}

@* if IsCompleted is true, render as: *@
<input type="checkbox" checked />

@* if IsCompleted is false, render as: *@
<input type="checkbox" />

HttpClient improvements

Thanks to a number of contributions from the community, there are a number of improvements in using HttpClient in Blazor apps:

• Support deserialization of structs from JSON
• Support specifying arbitrary fetch API arguments using the HttpRequestMessage property bag.
• Including cookies by default for same-origin requests

Summary

We hope you enjoy this updated preview of Blazor. Your feedback is especially important to us during this experimental phase for Blazor. If you run into issues or have questions while trying out Blazor please file issues on GitHub. You can also chat with us and the Blazor community on Gitter if you get stuck or to share how Blazor is working for you. After you've tried out Blazor for a while please also let us know what you think by taking our in-product survey. Just click the survey link shown on the app home page when running one of the Blazor project templates:

Have fun!

In the past, Azure customers on Enterprise Agreement (EA) have subscriptions that are centrally controlled by the company’s cloud operations or IT team. When a team or employee in the company wants to start using Azure, they need to get access to the EA enrollment so that it gets billed to the company EA. To do that, the employee or team makes a request to the central cloud operations team, go through approval, and have an Azure subscription provisioned as prescribed by the company’s cloud governance policies. During this process, an EA subscription must be manually created using the Azure Account Center. As these company’s Azure adoption increases, the manual step in creating subscriptions becomes a bottleneck in scalability in their cloud management.

To unblock these customers, we've created an API and a suite of SDK for Azure EA subscription creation.

Get started with Azure EA subscription creation API

To get started, see documentation at Programmatically create Azure enterprise subscriptions (preview) and our sample code. In this release, you can

• Create an Azure EA subscription (regular or dev/test) as an Account Owner.
• Use Azure RBAC to give another user or service principal to create subscriptions on behalf of an Account Owner.
• Specify the display name of the subscription at time of creation.
• Optionally add other users in your tenant as RBAC Owners of the subscription.

Make sure to review the limits of the API in the linked documentation to see it's right for you.

Looking forward

Along with Management Groups and Azure Policy, we're working to improve Azure management for medium to large enterprises. In the future, we also want to provide functionality like subscription rename, cancel, and reactivate via API. Give us feedback in the comments below or via UserVoice!

Additional resources

• Organize subscriptions with Azure Management Groups

• Azure enterprise scaffold - prescriptive subscription governance

Today, we are excited to announce the general availability of Transparent Data Encryption (TDE) with Bring Your Own Key (BYOK) support for Azure SQL Database and Azure SQL Data Warehouse. This is one of the most frequently requested features by enterprise customers looking to protect sensitive data and meet regulatory or compliance obligations that require implementation of specific key management controls. TDE with BYOK support is offered in addition to TDE with service managed keys, which is enabled by default on all new Azure SQL Databases.

TDE with BYOK support uses Azure Key Vault, which provides highly available and scalable secure storage for RSA cryptographic keys backed by FIPS 140-2 Level 2 validated Hardware Security Modules (HSMs). Key Vault streamlines the key management process and enables customers to maintain full control of encryption keys and allows them to manage and audit key access.

Customers can generate and import their RSA key to Azure Key Vault and use it with Azure SQL Database and Azure SQL Data Warehouse TDE with BYOK support. Azure SQL Database handles the encryption and decryption of data stored in databases, log files, and backups in a fully transparent fashion by using a symmetric Database Encryption Key (DEK), which is in turn protected using the customer managed key called TDE Protector stored in Azure Key Vault.

Customers can rotate the TDE Protector in Azure Key Vault to meet their particular security requirements and meet industry specific compliance obligations. When the TDE Protector is rotated, Azure SQL Database detects the new key version within minutes and re-encrypts the DEK used to encrypt data stored in databases. This does not result in re-encryption of the actual data and there is no other action required from the user.

Customers can also revoke access to encrypted databases by revoking access to the databases’ TDE Protector stored in Azure Key Vault. There are several ways to revoke access to keys stored in Azure Key Vault. Please refer to the Azure Key Vault PowerShell and Azure Key Vault CLI documentation for more details. Revoking access in Azure Key Vault will effectively block access to all databases when the TDE Protector is inaccessible by Azure SQL Database.

Azure SQL Database requires "Do Not Purge" and "Soft Delete" to be enabled in Azure Key Vault to protect the TDE Protector against accidental deletion and ransomware scenarios.

Customers can enable TDE with BYOK support on the logical SQL Server level for all available database service tiers, including premium, and can toggle from using TDE with service managed to using customer managed keys. There is no additional charge for enabling this feature.

You can get started today by visiting the Azure portal, REST API documentation, and how-to guide using PowerShell or CLI documentation. To learn more about the feature including best practices and to review our configuration checklist see our Transparent Data Encryption with Bring Your Own Key support documentation.

If you’re developing a modern web app, chances are your app will reference client-side JavaScript and CSS files like jQuery, bootstrap, or Angular libraries. Maybe you copy these from a previous project. Or perhaps you download them from the Internet (ie. from a CDN). If you’ve been using more modern practices, you might be acquiring such static content via Bower or npm. Each of these methods have their problems. With Bower announcing they won’t be offering support into the future, we thought it time to produce a lightweight, effective solution for web developers to easily manage common client-side library files.

Introducing: Library Manager – Available in Visual Studio 2017 v15.7 Preview 3.0 in the Web Development and .NET Core workloads.

Library Manager (“LibMan” for short) is Microsoft’s new static client-side library management system, specifically designed with web projects in mind. It provides a mechanism, similar to Bower or npm, that helps users find and fetch library files from an external source such as CDNJS or a local library catalog. Library configuration can be stored with the project and files can be downloaded during build, or with Visual Studio tooling.

How to use Library Manager

From a Web Project, you can include Library Manager by choosing selecting “Manage Client-Side Libraries…” from the Project menu or from the project context menu in Solution Explorer.

Project Menu		Project context menu in Solution Explorer

If it doesn’t already exist, the Library Manager configuration file (libman.json) will be created with some default content and added to the root of your project. It opens in the JSON editor.
To specify the library files required for your project, simply add them to the libman.json file. Contextual IntelliSense is available to help you fill out the fields.

Saving the file will trigger the Library Manager restore operation, which will download the specified files and libraries and add them to the current project in the prescribed destination folder. You can see the results of the restore operation in the Output window.

Library Manager Configuration

Provider
There are two provider options that have been built for version 1.0 of Library Manager: cndjs and filesystem.

• The cdnjs provider will attempt to fetch specified library files from the CDNJS public distribution network.
• The filesystem provider will attempt to fetch library files from a local or network drive and will copy them to the destination folder.

The library files will come from the “defaultProvider” specified at the top level unless otherwise overridden by a “provider” property in the individual library definition.

Library
The “library” is the unique name of the library as defined by the relevant provider.

• For the cdnjs provider, library names have the format: [LibraryName]@[Version] (Eg. “jquery@3.3.1”)
• For the filesystem provider, the library is the path to the folder containing the library files.
  (eg. “//NetworkShare/MyLib”, “C:/LocalLibs/MyLib”)

Note: When using the Visual Studio editor, be sure to specify the provider element first if you want contextual IntelliSense to list the available libraries.

Files
By default, all files from the specified library will be included in your project. If you only want to include specific files from a library, you can specify the file names in a comma separated list in the “files” property.
     eg. “files”: [“jquery.min.js”, “jquery.min.map”]
Contextual IntelliSense provides a list of available files to make it easier to discover and select the files you’re after.

Destination
The “destination” of a library is the folder within your project where the library files will be restored.

There are two ways to specify the destination for a library’s files. If a “defaultDestination” property is defined at the top level, then the library files will be copied there (within the directory structure that they exist at the provider location). If a “destination” is defined at the library level, it will override the defaultDestination. Both destination and defaultDestination are relative to the location of the libman.json file.

Clean and Restore operations

Restore on build
You can enable Library Manager to restore all library files during build. To do so, right-click the libman.json file and choose “Enable Restore on Build”. This will add the LibraryManager NuGet package (Microsoft.Web.LibraryManager.Build) to the project, which will trigger a restore as part of project build.

Restore on demand
Library Manager will restore client-side libraries whenever the libman.json file is saved. You can also force the restore operation by choosing “Restore Client-Side Libraries” from the context menu of the libman.json file in Solution Explorer.

Clean library files
You can use the “Clean” item on the libman.json context menu to delete all library files defined in the libman.json (if they exist in the destinations specified).
Note: If restoring files through Visual Studio, Library Manager will automatically delete any files defined during the previous restore operation that are no longer being referenced in the libman.json file.

Feedback/Contributions

Microsoft’s Library Manager is open-source and available on GitHub at: https://github.com/aspnet/LibraryManager
We welcome contributions and suggestions. For details, see the Contribution Guide. If you have any feedback or bug reports, please feel free to open new issues on the Issues repo.

Today, we are releasing the .NET Core April 2018 Update. This update includes .NET Core 1.0.11, 1.1.8 and 2.0.7. There are no new security fixes in this update.

See April 2018 .NET Updates for other updates.

Fixes and Commits

CoreFX

• [522373a] : Adding support for ncurses 6.1 TERM format on System.Console.

CoreCLR

• [45c57cc] : Fix detection of YMM regs presence
• [802ca8c] : Remove flock *usage from InternalCreateFile in PAL
• [d40ce91] : Fix SIGSEGV in EventPipe on Shutdown
• [06a1cd1] : Fix uaf in DestroyThread function

Getting the Update

The .NET Core April 2018 Update is available from the .NET Core download page.

You can always download the latest version of .NET Core at .NET Downloads.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

• microsoft/dotnet
• microsoft/dotnet-samples
• microsoft/aspnetcore
• microsoft/aspnetcore-build

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Previous .NET Core Updates

The last few .NET Core updates follow:

• March 2018 Update
• January 2018 Update
• November 2017 Update

This blog post was co-authored by JR Mayberry, Principal PM Manager, Azure Networking.

Today we are excited to announce the general availability of the Azure DDoS Protection Standard service in all public cloud regions. This service is integrated with Azure Virtual Networks (VNet) and provides protection and defense for Azure resources against the impacts of DDoS attacks.

Distributed Denial of Service (DDoS) attacks are intended to disrupt a service by exhausting its resources (e.g., bandwidth, memory). DDoS attacks are one of the top availability and security concerns voiced by customers moving their applications to the cloud. With extortion and hacktivism being the common motivations behind DDoS attacks, they have been consistently increasing in type, scale, and frequency of occurrence as they are relatively easy and cheap to launch.

These concerns are justified as the number of documented DDoS amplification attacks increased by more than 357 percent in the fourth quarter of 2017, compared to 2016 according to data from Nexusguard. Further, more than 56 percent of all attacks exploit multiple vector combinations. In February 2018, Github was attacked via a reflection exploit in Memcached generating 1.35 terabits of attack traffic, the largest DDoS attack ever recorded.

As the types and sophistication of network attacks increases, Azure is committed to providing our customers with solutions that continue to protect the security and availability of applications on Azure. Security and availability in the cloud is a shared responsibility. Azure provides platform level capabilities and design best practices for customers to adopt and apply into application designs that meet their business objectives.

Azure DDoS Protection Service offerings

Azure has two DDoS service offerings that provide protection from network attacks (Layer 3 and 4) - DDoS Protection Basic and DDoS Protection Standard.

Azure DDoS Protection Basic service

Basic protection is integrated into the Azure platform by default and at no additional cost. The full scale and capacity of Azure’s globally deployed network provides defense against common network layer attacks through always-on traffic monitoring and real-time mitigation. No user configuration or application changes are required to enable DDoS Protection Basic. Basic protection also defends against the most common, frequently occurring Layer 7 DNS Query Floods and volumetric attacks that target your Azure DNS zones. This service also has a proven track record in protecting Microsoft’s enterprise and consumer services from large scale attacks.

Azure DDoS Protection Standard Service

Azure DDoS Protection Standard provides enhanced DDoS mitigation capabilities for your application and resources deployed in your virtual networks. Protection is simple to enable on any new or existing virtual network and requires no application or resource changes. DDoS Protection Standard utilizes dedicated monitoring and machine learning to configure DDoS protection policies tuned to your virtual network traffic profiles. Attack telemetry is available through Azure Monitor, enabling alerting when your application is under attack. Integrated Layer 7 application protection can be provided by Application Gateway WAF.

Azure DDoS Protection Standard service features

Native platform integration and turn-key protection

DDoS Protection Standard is natively integrated into the Azure platform and includes configuration through the Azure portal and PowerShell when you create a DDoS Protection Plan and enable DDoS Standard on a virtual network. Simplified provisioning immediately protects all resources in a virtual network with no additional application changes required.

Always-on monitoring and adaptive tuning

When DDoS Protection Standard is enabled, your application traffic patterns are continuously monitored for indicators of attacks. DDoS Protection understands your resources and resource configuration and customizes the DDoS Protection policy to your virtual network. Machine learning algorithms set and adjust protection policies as traffic patterns change over time.

L7 protection with Application Gateway

Azure DDoS Protection service in combination with Application Gateway Web Application Firewall provides DDoS Protection for common web vulnerabilities and attacks.

• Request rate-limiting
• HTTP protocol violations
• HTTP protocol anomalies
• SQL injection
• Cross site scripting

DDoS Protection Standard enabled on a Web application firewall VNet

More details on supported scenarios can be found in the Azure DDoS Protection Standard - Best Practices & Reference Design documentation.

DDoS Protection telemetry, monitoring, and alerting

Rich telemetry is exposed via Azure Monitor including detailed metrics during the duration of a DDoS attack. Alerting can be configured for any of the Azure Monitor metrics exposed by DDoS Protection. Logging can be further integrated with Splunk (Azure Event Hubs), OMS Log Analytics, and Azure Storage for advanced analysis via the Azure Monitor Diagnostics interface.

More details can be found in the Manage Azure DDoS Protection Standard using the Azure portal documentation.

SLA guarantee and cost protection

DDoS Protection Standard service is covered by 99.99% SLA, and cost protection will provide resource credits for scale out during a documented attack. For more details, refer to the Azure SLA page.

Protection planning

Planning and preparing for a DDoS attack is crucial in understanding the availability and response of an application during an actual attack. Organizations should also establish a well vetted DDoS incident management response plan.

To assist in this planning we have published an end to end DDoS Protection - Best Practices & Reference Architecture guide and encourage all customers to apply those practices while designing applications for resiliency against DDoS attacks in Azure.

We have also partnered with BreakingPoint Cloud to offer tooling for Azure customers to generate traffic load against DDoS Protection enabled public endpoints to simulate attacks. BreakPoint Cloud simulation will allow you to:

• Validate how Microsoft Azure DDoS Protection protects your Azure resources from DDoS attacks
• Optimize your incident response process while under DDoS attack
• Document DDoS compliance
• Train your network security teams

Getting started

To learn more about the service, review the Azure DDoS Protection service documentation.

We would love to hear your feedback, questions, and comments through our regular channels including forums, StackOverFlow, or UserVoice.

Windows Template Studio has released our 2.0 release and can’t wait for everyone to create some amazing applications with it. Template Studio is an open source project whose sole goal is to get you building applications quicker with best practices with a solid initial code base.

We’re extremely proud of our community driven project and the massive contributions / partnerships we’ve had with you over the past year since we launched.

How to get the update:

There are two paths to update to the newest build.

• Already installed: Visual Studio should auto update the extension. To force an update, Go to Tools->Extensions and Updates. Then go to Update expander on the left, and you should see Windows Template Studio in there, and click “Update.”
• Not installed:Head to https://aka.ms/wtsinstall, click “download,” and double click the VSIX installer.

What has happened under the hood?

We’ve done a lot of work improving the user interface and being sure we’re fully accessible for all developers. By partnering with the Visual Studio team, we feel the new interface is faster and more approachable. We’ve improved our template updating experience, our actual templates and much more. Our wizard also now detects dark, light and high contrast modes of Visual Studio.

In addition, once the next update to Windows 10 is released, we’ll adopt the platform NavigationView control over the UWP Community Toolkit’s great Hamburger menu control, which already does do a smart flip between their classic and the platform control. We’re currently working on documentation to aid in that transition between the existing control and the new platform control as well.

Documentation, everyone’s favorite friend

We are pushing hard on improving our docs and will continue to do so. Over time, most of our docs will migrate to docs.microsoft.com that cover our templates and using the actual wizard. The docs that will stay on WTS’s GitHub will be docs on modifying the engine or creating a template for the wizard to consume.

Future progress, getting updates and community interaction

Moving forward, we’ll continue to push hard and add in new features and templates.

Some of our largest additions, bugs and best feature ideas came from you, the community. The WTS team are extremely honored to have been a part of this and everyone that has filed a bug to submit a PR, you should too. We encourage everyone to log bugs, submit feature requests, and contribute back at https://aka.ms/wts on GitHub.

The post Windows Template Studio 2.0 is now available! appeared first on Windows Developer Blog.

We are pleased to announce that Spring Data Azure Cosmos DB is now available to provide essential Spring Data support for Azure Cosmos DB using SQL API. Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service with exceptional scalability and performance.

With Spring Data Azure Cosmos DB, Java developers now can get started quickly to build NoSQL data access for their apps on Azure. It offers a Spring-based programming model for data access, while keeping the special traits of the underlying data store with Azure Cosmos DB. Features of Spring Data Azure Cosmos DB include a POJO centric model for interacting with an Azure Cosmos DB Collection, and an extensible repository style data access layer.

Getting started

Download the Spring Data Azure Cosmos DB Sample Project to get started. The sample illustrates the process to use annotation to interact with Collection, customize a query operation with specific fields, and expose a discoverable REST API for clients.

Create a new database instance

To get started, first create a new database instance by using the Azure portal. You can find Azure Cosmos DB in Databases and choose SQL (Document DB) for the API. When your database has been created, you can find the URI and keys on the overview page. The values will be used to configure your Spring Boot application.

Configure your project

You can create a simple Spring Boot application using Spring Initializr, and locate the pom.xml file in the directory of your app. In the pom.xml file add spring-data-cosmosdb to list of dependencies. spring-data-cosmosdb is published in Maven Central Repository. Please refer to this tutorial for detailed steps of configuration for database connection.  

<dependency>
    <groupId>com.microsoft.azure</groupId>
    <artifactId>spring-data-cosmosdb</artifactId>
    <version>2.0.3</version>
</dependency>

Features of Spring Data Azure Cosmos DB

Using Spring Data Azure Cosmos DB, you can get started quickly to build NoSQL data access for their apps on Azure.

Use Annotation to interact with Collection

@Id annotation: Annotate a field in domain class with @Id, this field will be mapped to document id in Azure Cosmos DB.

@Document annotation: By default, collection name will use the name of the domain class. To customize it, add annotation @Document(collection="yourCollectionName").

@Document(collection = "mycollection")
public class User {
    @Id
    private String id;
    private String email;
    private String name;
    private Address address;
    private List<Role> roleList;
   ...
}

Customize query operation

Customized query is useful for building constraining queries over entities of the repository. You can extend the basic DocumentDbRepository for different business logics.

public interface UserRepository extends DocumentDbRepository<User, String> {

    List<User> findByName(String firstName);
    List<User> findByEmailAndAddress(String email, Address address);
    ...
}

Exposes a discoverable REST API

@RepositoryRestResource Annotation: expose a discoverable REST API for your domain model.

@Repository
@RepositoryRestResource(collectionResourceRel = "user", path = "user")
public interface UserRepository extends DocumentDbRepository<User, String> {

    List<User> findByName(String firstName);
    ...

}

Next steps

For more information about using Spring on Azure, visit the following pages:

• GitHub: Spring Data Azure Cosmos DB
• GitHub: Spring Boot Starters for Azure Services
• Tutorial: Spring on Azure developer center
• Tutorial: Java on Azure developer center

Feedback

Please share your feedback and ask questions to help us improve. You can contact us on Gitter.

My high school physics teacher taught us about metal fatigue by having everyone bend paper clips back and forth until they broke. In the real world, engineers use computer simulations to test their designs. From the trivial paperclip to the life-saving crash analysis, computer-aided engineering (CAE) improves products around us every day. But accessing the massive power needed for these simulations can be tough for small organizations.

That’s where our partners at Altair have stepped in. Altair is democratizing access to CAE by building their Software-as-a-Service (SaaS) offerings on Microsoft Azure. In a case study we recently published, Altair describes how their HyperWorks Unlimited Virtual Appliance gives customers the combination of software and scale they need to quickly run their CAE workloads.

But that’s not the end of the story. Altair recently brought their Inspire software to a SaaS model as well. Inspire Unlimited provides a visual cloud collaboration platform for engineering. Inspire Unlimited attains the required scalability by onboarding multiple users on a virtual machine. Using Azure’s NV-series virtual machines, which feature NVIDIA Tesla M60 GPUs, Altair’s customers can get powerful virtual workstations without having to purchase expensive hardware. This allows users to collaborate with only a web browser, sharing engineering designs of parts and assemblies with colleagues and suppliers.

Microsoft’s commitment to providing a wide variety of HPC-ready capabilities made it easy for them to move workloads with different requirements to Azure. And the trust that customers have gained from using Office 365 and other Microsoft products means they know their data is well-protected in Azure. To learn more about how Azure helped Altair bring CAE to the masses, read the full case study.

In an update to his analysis of taxi and ride-share trips, Todd Schnieder reports that the number of daily Uber rides exceeds the number of taxi rides in New York City, as of November 2017.

The data is provided by the New York Taxi and Limousine Commission, and the analysis and graphics were created using the open-source R language. (The code and data for the analysis are available on Github.) You can find a wealth of detailed analysis of rides in New York, including some gorgeous maps of pick-up and drop-off locations, at the link below.

Todd W. Schneider: Analyzing 1.1 Billion NYC Taxi and Uber Trips, with a Vengeance

Every year, we ask for just a few minutes of your time so that we can better understand how the developer community uses the Windows platform and tooling. The survey is a collaboration between Windows engineering, Visual Studio engineering, Microsoft Store engineering, and Windows Developer marketing team. Your answers here will directly impact feature prioritization and developer support. Click here to take the survey now.

Is this survey for me?

The survey is for all developers building code that runs on Windows. We’d love you to take the survey and share your feedback as a developer (.NET, UWP, web, game, mixed reality, Windows IoT, whatever).

What questions am I likely to be asked?

We’re trying to understand the current state of the Windows Developer ecosystem. Things like what people are using, how they’re feeling about what they have, and what they wish they had. So some questions you might see are:

How long will it take?

We’ve tried to keep the survey as short as possible while still being interesting. So, if you zip through it, you’ll probably be done in about 10-12 minutes. Of course, if you want to give us some more detailed, deep feedback, it may take a tad longer. We will say – we’d love you to take that extra time because there are a lot of people who want to hear what’s happening with you and your development life.

What’s in it for me?

Without trying to be glib, the knowledge that your honest feedback will help us build a platform that you enjoy working on. There are no amazing prizes up for grabs. If we do our job right with the information you provide, we’ll deliver an ecosystem where you can be most successful.

As always, thank you so much (in advance) for your time and your feedback; it’s a precious gift that we are very thankful for.

Of course, your survey feedback will not be shared outside of Microsoft. Microsoft respects your privacy. To learn more, please read our online Privacy Statement.

Ready to go?

The survey is open until May 5^th, 2018.

Take the survey today!

The post Participate in the 2018 Windows Developer Community Pulse appeared first on Windows Developer Blog.

Bower is a popular package management system for managing static content used by client-side web applications. Visual Studio provides rich support for Bower, including templates and package management tools.

In October 2017, there were announcements on Twitter hinting that the Bower platform was being deprecated. While Bower hasn’t gone away, the official website is encouraging people to use different frameworks, even going so far as to provide detailed instructions on “How to migrate away from Bower” and “How to drop Bower support”.

In their own words:

Though it doesn’t say it explicitly, it implies that Bower is deprecated. Existing projects that depend on package management via Bower will continue to work for the time being; but it’s recommended that new projects should not take a dependency on Bower.

Introducing Library Manager

While there are other useful package managers, as Bower points out (e.g. npm), most are designed to handle a variety of tasks, which adds unnecessary complexity when you only need them for a single task (acquiring client-side libraries). So, here at Visual Studio, we decided to create a new tool that would be as simple as possible for specifically addressing the need to acquire client-side content for web applications. Hence, the introduction of “Library Manager”.

Library Manager (“LibMan” for short) is Visual Studio’s new client-side static content management system. Designed as a replacement for Bower and npm, LibMan helps users find and fetch library files from an external source (like CDNJS) or from any file system library catalog.

You can specify the library files required for your project by adding entries to the LibMan configuration file – libman.json. See the image below; it shows an example libman.json file in which some jQuery files are added to the wwwroot/lib directory.

To learn more about LibMan, see the article “Library Manager: Client-side content management for web apps“.