Azure Firewall Now Enables Easier Product Upgrades

Microsoft this week announced easier Azure Firewall product-tier upgrades, plus a new Structured Logs capability.

Both capabilities reached the "general availability" (GA) release status, which means that Microsoft deems them ready for use in production environments.

Upgrade/Downgrade GA
Microsoft has made it easy to upgrade or downgrade between its Azure Firewall Standard and Premium product offerings "with a single click of a button" via an "Azure Firewall Easy Upgrade/Downgrade" feature. IT pros access it using the "Change SKU" button in the Azure Portal or "via REST API, PowerShell and Terraform," per Microsoft's announcement.

A downgrade to the Basic plan, which reached GA back in March, wasn't described as an option. Microsoft has three Azure Firewall SKUs, targeted toward the following customer scenarios:

  • Basic is for small-to-medium organizations needing less than 250Mbps of throughput.
  • Standard is for organizations needing a "Layer 3–Layer 7 firewall" and up to 30Gbps of throughput.
  • Premium is for organizations needing to "secure highly sensitive applications, such as payment processing," with support for up to 100Gbps of throughput.

The new upgrade or downgrade capability will change the SKU between the Standard and Premium options "without service downtime," Microsoft's announcement promised.

Structured Logs GA
Microsoft is recommending that Azure Firewall users use a new Structured Logs capability, as announced here.

Structured Logs are distinguished by using "a predefined schema to structure log data in a way that makes it easy to search, filter and analyze," Microsoft indicated:

This [Structured Logs capability] is the recommended method since it makes it easier to work with the data in log queries, provides better discoverability of schemas and their structure, improves performance across both ingestion latency and query times, and the ability to grant Azure RBAC rights on a specific table.

IT pros will find it easier to search log data and integrate it with analysis tools, which can enhance troubleshooting efforts, Microsoft suggested. It can also help when detecting security threats.

To use Structured Logs, organizations will need to "first configure a Log Analytics workspace in your Azure subscription" to store the log data, Microsoft indicated. It then gets enabled using the "Diagnostic settings blade in the Azure Portal."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.