Locale selector icon
Apr202108

Deriving Resource Groups from Azure Bills - Now Available

Starting last week, we began to derive Resource Groups from Enterprise Agreements (EAs) and Modern Commerce bills (including Azure Plan). We are not deriving resource groups from classic Cloud Solution Provider (CSP) bills. You will still need to configure the Service Principal to collect most metadata (ex. name and tags) as this is not included in the bill.

Changes to Reservation Orders in Azure Partner Billing

To stay up to date with Microsoft, we have begun using the newest Retail API from Microsoft to populate our Reservation Order charges for Partner Billing. Prior to this change, non-USD Reservation Orders were either incorrect, or completely missing from customer tenants due to the missing or outdated rates. Moving forward for non-USD Reservation Orders, we will now take the USD rate provided through the Retail API and convert it to the desired local currency. This is the first step in expanding our recommendations in the Optimizer and VM Rightsizing, so stay tuned for future enhancements around those features.

Explore AWS Savings Plan Recommendations per Team - Public Beta 

In the CloudHealth Platform, you can not only get a recommendation for a Compute Savings Plan, you can explore different Compute Savings Plan commitment level scenarios and see how they might play out in your environment. Now, in addition to conducting this analysis at the billing family level (which is the recommended approach to realize the most savings), you can also conduct this analysis at an individual account level which can empower the teams within your business to make their own Savings Plan purchases.

While Billing Family level recommendations are currently still pre-generated, Single Account recommendations are generated on-demand when you need them. Typically our users are looking for the latest data for the best analysis, so by clicking “Generate Recommendations'' CloudHealth will re-generate the recommendations for the accounts you’ve selected. We’ll also save that data there for you until you want to refresh it again and denote its age in the “days” column. Users are not able to re-generate recommendations within a given day. Users will also see the accounts they have access to according to your FlexOrgs and user permissions. 

Once recommendations are generated you can see them summarized in a list as shown above. To conduct your “what-if” analysis click “View” to drill into a given scenario. Once there you can try out different commitment levels or coverage levels or go with the recommended maximum savings option, and see the corresponding KPIs in the context of this specific account. As noted in the graph, if Discount Sharing is enabled in your billing family, the measure “Unused” doesn’t necessarily denote when the Savings Plan would have gone to waste but rather when this account would not have gotten benefits from it. The analysis does however still start with on demand usage from this account, including all coverage benefits this account received in the evaluation period regardless of the source.

This feature is currently in public beta. In the coming weeks, we plan to enable customers to purchase these Savings Plans at an account level directly in CloudHealth.

Updates to Azure CIS 1.3 Policy - Now Available

We’re excited to announce the release of our next group of updates to the Azure CIS security policy. The following policies were added to the default policy:

  • 2.1 Ensure that Azure Defender is set to On for Servers

  • 2.2 Ensure that Azure Defender is set to On for App Service

  • 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers

  • 2.4 Ensure that Azure Defender is set to On for SQL servers on machines

  • 2.5 Ensure that Azure Defender is set to On for Storage (Manual)

  • 2.6 Ensure that Azure Defender is set to On for Kubernetes (Manual)

  • 2.7 Ensure that Azure Defender is set to On for Container Registries

  • 2.8 Ensure that Azure Defender is set to On for Key Vault (Manual)

  • 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected

  • 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected

  • 2.13 Ensure 'Additional email addresses' is configured with a security contact email

  • 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'

  • 2.15 Ensure that 'All users with the following roles' is set to 'Owner'

  • 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account

  • 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server

  • 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server

  • 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server

  • 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK

  • 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible

New GCP Product Categories

We have added support for categorizing costs on the cost reports for the following GCP services: VMware Engine, Teradata Vantage, Security Command Center, MongoDB Atlas, Palo Alto Networks Strata, and Palo Alto Networks Prisma. 

Upcoming Changes to GCP Configuration Process

In the coming months, we will be releasing a new configuration experience for GCP which will start with configuring a BigQuery Billing Export Data Connect. Once configured, we will derive Billing Accounts from the BigQuery export on behalf of you so you will no longer need to configure new Billing Accounts. With this release, it will no longer be possible to create or delete Billing Accounts through the UI or API. Because of that, we will be deprecating create and delete functionality when we release this feature. If building and maintaining automation with the Billing Account API, please keep this upcoming change in mind.

Upcoming Changes to GCP for Non-USD Support

We will be improving our support in the coming weeks for Non-USD currencies configured in CloudHealth for GCP. Once released, we will be updating the currency logos on the reports to match the currency set in GCP and applying currency conversion for the Multicloud Report to normalize to USD. These changes will go out incrementally, with the first changes being around the GCP-only cost reports.

TLSv1.0 and TLSv1.1 Deprecation Coming Soon - Reminder

As previously announced, CloudHealth will be deprecating the use of TLSv1.0 and TLSv1.1 for the API which is utilized by the CloudHealth Agent. Customers who don't use this service will not have any impact. The CloudHealth API will continue supporting TLSv1.2. This enhancement will now be live for the start of business (EST) April 27th. Please reach out to support@cloudhealthtech.com if you have concerns.