News

Azure Firewall Gets Easier Product Upgrades and Structured Logs

• By Kurt Mackie
• 06/14/2023

Microsoft this week announced a couple of Azure Firewall improvements.

Microsoft's Azure Firewall firewall-as-a-service offering now has a new ability to upgrade or downgrade between product tiers, which sometimes are called "stock-keeping units" (or SKUs). Also, Azure Firewall has a new structured logs capability that promises to make it easier to find and analyze log data.

Both capabilities were described as having reached the "general availability" (GA) release status, which means that Microsoft deems them ready for use in production environments.

Upgrade/Downgrade GA
Microsoft has made it easy to upgrade or downgrade between its Azure Firewall Standard and Premium product offerings "with a single click of a button."

IT pros can access this feature, called "Azure Firewall Easy Upgrade/Downgrade," through the "Change SKU" button in the Azure Portal. Alternatively, IT pros can access it "via REST API, PowerShell and Terraform."

Microsoft also has an Azure Firewall Basic product that reached the GA release stage back in March, but the Basic plan wasn't described as a downgrade option in the announcement. Microsoft had previously characterized its three Azure Firewall SKUs as follows:

• Basic is for small-to-medium organizations needing less than 250Mbps of throughput.
• Standard is for organizations needing a "Layer 3–Layer 7 firewall" and up to 30Gbps of throughput.
• Premium is for organizations needing to "secure highly sensitive applications, such as payment processing," with support for up to 100Gbps of throughput.

Microsoft touted its Azure Firewall Premium offering for organizations having "more complex network architectures, regulatory compliance and security requirements." It brings features such as "URL filtering, intrusion detection and prevention, TLS inspection and more comprehensive threat intelligence capabilities," the announcement explained.

The new upgrade or downgrade capability will change the SKU between the Standard and Premium options "without service downtime," Microsoft's announcement promised.

Structured Logs GA
Microsoft is recommending that Azure Firewall users use its new Structured Logs capability, now commercially released. Structured Logs are distinguished by using "a predefined schema to structure log data in a way that makes it easy to search, filter and analyze," Microsoft indicated.

Here's Microsoft's characterization of why IT pros should use Structured Logs:

This [Structured Logs capability] is the recommended method since it makes it easier to work with the data in log queries, provides better discoverability of schemas and their structure, improves performance across both ingestion latency and query times, and the ability to grant Azure RBAC rights on a specific table.

IT pros will find it easier to search log data and integrate it with analysis tools, which can enhance troubleshooting efforts, Microsoft suggested. It can also help when detecting security threats.

Structured Logs are different because they use "Resource Specific Tables instead of the existing AzureDiagnostics table," Microsoft explained.

To use Structured Logs, organizations will need to "first configure a Log Analytics workspace in your Azure subscription" to store the log data, Microsoft indicated. It then gets enabled using the "Diagnostic settings blade in the Azure Portal."