Blue Monday: Legacy Azure Storage Accounts Get A Reprieve

Last week’s Azure news of interest to developers centered around service updates, Azure Security Center and some augmentation to existing services.

Legacy Storage version lifetime extended

Microsoft had announced that it would retire Azure Storage versions 2009-07-17 and earlier on Aug. 1. But apparently, enough early adopters raised enough of a fuss that Microsoft now says it’s postponing that retirement indefinitely.

That doesn’t mean Microsoft doesn’t want you to update. Oh, no. Quite the contrary: Those legacy versions are going to go away. Just not next week.

We still encourage all customers using deprecated service versions to upgrade to the latest service version in order to gain the benefits of new features and performance improvements. Twelve months notice will be provided once a new service version removal date is selected. (emphasis added)

Node.js library for Storage available

Also in Azure Storage news, Microsoft has released a Node.js Storage library that is available on npm.

Documentation has been added at github and there are also code samples.

Azure Security Center is generally available

Azure Security Center is a free service that basically does an excellent job of pointing out your networking / endpoint, encryption and backup failures. It’s also now generally available.

The first time I turned Azure Security Center on, my portal looked like a Christmas tree of red warnings, blue “mehs” and green “OKs”. Several of these were definitely problems that needed mending, such as network misconfigurations and endpoints not being protected by firewalls.

That said, Azure Security Center is very pessimistic, flagging a lot of things that in many cases aren’t really problems.

For example, I have some Azure SQL Databases that hold impersonal data (such as real estate listings, cancellations, election results, etc.).

Microsoft says I should be using Transparent Data Encryption on those databases; I say that all the records in those DBs wind up as JSON on websites with 200,000+ visits per day, so there’s zero need to encrypt.

Unfortunately, there’s no way to tell Azure Security Center to stop recommending TDE. At least, none that sticks between sessions.

Nonetheless, when it comes to web security, better to be paranoid than to find out you have enemies. To that end, security center does a fine job of making suggestions based not only on configuration, but also on metrics.

It’s being improved all the time and it’s free. And as is my case, just because Azure Security Center flags something doesn’t mean you can’t continue to do whatever it is that’s been flagged.

Check your Azure Active Directory certs by Aug. 15

On Aug. 15, Azure Active Directory will roll over its security certificates. Therefore, if you’re authenticating against an Azure Active Directory, or have built an app that uses Active Directory for authentication via the Graph API, you might have to make some changes to your application’s authentication scheme.

Microsoft advises that if you’ve used any of its current black-box authentication code — such as that which comes prepackaged in certain Visual Studio solutions — then you probably don’t need to do anything. It’s only if you’ve self-coded an Azure AD authentication scheme, and hard-wired the security certificate into that scheme, that you need to worry.

Nonetheless, if you are using Azure AD to authenticate, run through Microsoft’s instructions before Aug. 15 to avoid unpleasantness.

Odds and ends

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Check out the Commenting Guidelines before commenting, please!
  • Want to share code? Please put it into a GitHub Gist, CodePen or pastebin and link to that in your comment.
  • Just have a line or two of markup? Wrap them in an appropriate SyntaxHighlighter Evolved shortcode for your programming language, please!