Tag: Azure

In October, our Microsoft Ignite event drove incredible dialogue around how organizations can navigate a challenging market. Digital perseverance as encapsulated so well by Judson Althoff, our executive vice president, and chief commercial officer, resonates deeply with us across the Azure business and is sharpening how we think of strategic innovation in the face of headwinds.

There’s that word: Innovation. It continues to mean so many things to so many and, honestly, innovation becomes harder to distill amid constrained resources and near-term pressure. As we close 2022, reflecting on our own transformation, we remain inspired by a holistic cloud strategy; one which balances what’s coming around the corner with what lies ahead. Now more than ever, continuing to innovate in the right places is essential to maintaining a productivity edge internally, and strengthening differentiation externally. Your app estate is on the front lines of it all.

Last week, we shared insights from a range of cloud customers who plan to concentrate on migration and modernization plans for business resilience. Now I want to hone in on what kinds of modern experiences are in high demand to help organizations prioritize. Today, we’re releasing our first App Innovation Report, which identifies where digital investments can root innovation in human pain points. It all comes back to what problems need solving and looking at return on investment from another critical angle: the people who technology serves. As different as we are and as complex as our digital world has become, we psychologically seek a lot of the same things. We each value flow, integration, simplicity, efficiency, protection, freedom and fulfillment. By tapping into these common threads, businesses can deliver experiences people enjoy and keep coming back to.

Foundational security and integration concerns rise to the top

This fall we studied over 1,500 people working on the front lines of business challenges in healthcare, manufacturing and retail, and while we spoke to them as employees, we considered their perspectives as patients and shoppers too; the business-to-business-to-consumer (B2B2C) duality to our application expectations is pretty fascinating. Through interviews and surveys in five innovation hubs — the United States, Norway, Brazil, Japan and India — we applied social science to the state of the digital experience. It felt good to take a step back and ask our customers’ customers one simple question: What do you want and need from apps today? The answers surprised us — not because they were grandiose or futuristic but because they were foundational.

People feel stuck, frustrated and lost because of disjointed apps

People around the world in a vast range of roles expressed the most passion about disruption to their workflow. On the receiving side of apps of all kinds, there’s palpable frustration from having to manually patch together disparate tasks and tools. We learned people are struggling to secure data automatically, to streamline repetitive input, and to have well-informed interactions with others. While we heard desire for immersive technologies bubbling to the forefront, it wasn’t as prominent as pragmatic everyday realities and, from an Azure lens these areas signal opportunities to help advance AI automation, API management and app intelligence. Whether you’re migrating workloads, modernizing or building something new for flexibility and scale, the cloud can architecturally address so many of the trends we found.

Fear of compromising company data weighs on workers too

In the industries we researched, people share their companies’ concerns about data breaches on a personal, day-to-day level. In healthcare, they spoke about pressures surrounding HIPAA requirements when handling patient data. A sense of nervousness about security was also expressed in manufacturing, a highly targeted industry for ransomware, and retail workers worry about their accountability in handling customers’ financial information. Security is so incredibly important to us in Azure, so hearing from the usage and functionality side of this space emboldens us to partner on app development that can continue to advance confidence up and down organizations.

The cloud investments we make and the customization we code affect so many layers of a company and, in the applications space, innovation boils down to experiences people can count on and even enjoy using — it’s one of the most fulfilling aspects of the business we’re in. Well-architected workloads don’t only enable cost optimization, they provide a foundation of innovation where business leaders, technology and developer teams can adapt quickly to deliver secure, intelligent and intuitive apps people keep coming back to.

The need for more meaningful conversations stands out in retail

In light of the season, one industry-specific breakdown is especially timely. We see experience needs rank differently in retail compared to other cross-industry averages, with repetitive input surpassing automatic security, and desire for meaningful conversations breaking through in a way we don’t see elsewhere. Because shoppers today do so much research before visiting stores, retail workers want digital solutions that can help them provide information about product features, pricing, discounts and availability without breaking their connection to the customer. A sales engagement that feels jarring or closed off today could become warmer and interactive tomorrow.

Business leaders agree with worker concerns but need help prioritizing

Rounding out the research, we put our report in front of business leaders — those who choose Azure services and customers of other cloud providers. We also wanted to understand how chief technology, digital and operations officers are thinking about app design, and the themes voiced by workers were equally important to them. So, if workers have unmet needs like this and leadership is aligned, what’s next? Prioritization.

How we each define innovation is as unique as the cloud journeys we’re on but giving app experiences more shape helps us see strategic pockets in new ways and grounds cloud investments in the people who run your business, in the people you’re selling to. What kinds of inefficiencies are draining resources most immediately? Which growth territories will you target to compete? Organizations can’t tackle every app innovation project at once, but together, we can carve out data-driven spots that present the most promise.

One of the many things that drew me to Azure’s business is how many people it touches. When we look at Azure customers like the NBA, H&M or Starbucks, we see how very tangible outcomes are in the palm of our own hands as consumers and suddenly, what the cloud makes possible begins to click no matter who you’re talking to. When I watch real-time data on my Boston Celtics, when I’m able to shop for loved ones in a single click, and I can enjoy an iconic red cup without waiting in line, I am experiencing cloud-first app investments that pay off in spades. From the back end to the front end of app design, we’re reminded that business impact of everything digital is highly human.

On behalf of the Azure team, we hope the App Innovation Report inspires your work going into the new year. And no matter how or what you celebrate, I wish you and your loved ones a safe and happy season.

Source: Future of App Innovation study conducted by Ipsos between July and September 2022 among 1,500 workers in healthcare, manufacturing and retail in the U.S., Brazil, India, Japan and Norway.

Tags: App Innovation Report, Apps, Azure, developers

In this episode of “Digital Now,” two key architects of Microsoft’s intelligent data platform describe how Microsoft and its customers are undergoing a cultural shift in which data has become a complementary discipline alongside software and code.

“Digital Now” is a video series hosted by Andrew Wilson, chief digital officer at Microsoft, who invites friends and industry leaders inside and outside of Microsoft to share how they are tackling digital and business transformation, and explores themes like the future of work, security, artificial intelligence and the democratization of code and data.

Rohan Kumar, corporate vice president, Azure Data, and Karthik Ravindran, general manager, Enterprise Analytics and Data Governance, explain that data doesn’t belong to one particular team, but is an organizational asset that can be responsibly democratized to provide valuable insights.

“I think having data scientists who can generate real-time insight, having an organization that’s data-led not system-led are really powerful tenets of a modern strategy,” agrees Wilson.

Visit Digital Now on YouTube to view more episodes.

Microsoft Azure Quantum Resource Estimator enables quantum innovators to develop and refine algorithms to run on tomorrow’s scaled quantum computers. This new tool is one way Microsoft empowers innovators to have breakthrough impact with quantum at scale.

The quantum computers available today enable interesting experimentation and research but they are unable to accelerate the computations necessary to solve real-world problems. While the industry awaits hardware advances, quantum software innovators are eager to make progress and prepare for a quantum future. Creating algorithms today that will eventually run on tomorrow’s fault-tolerant scaled quantum computers is a daunting task. These innovators are faced with questions such as; What hardware resources are required? How many physical and logical qubits are needed and what type? What’s the runtime? Azure Quantum Resource Estimator was designed specifically to answer these questions. Understanding this data will help innovators create, test, and refine their algorithms and ultimately lead to practical solutions that take advantage of scaled quantum computers when they become available.

The Azure Quantum Resource Estimator started as an internal tool and has been key in shaping the design of Microsoft’s quantum machine. The insights it has provided have informed our approach to engineering a machine capable of the scale required for impact including the machine’s architecture and our decision to use topological qubits. We’re making progress on our machine and recently had a physics breakthrough that was detailed in a preprint to the arXiv. On Thursday, we will take another step forward in transparency by publicly publishing the raw data and analysis in interactive Jupyter notebooks on Azure Quantum. These notebooks provide the exact steps needed to reproduce all the data in our paper. While engineering challenges remain, the physics discovery demonstrated in this data proves out a fundamental building block for our approach to a scaled quantum computer and puts Microsoft on the path to deliver a quantum machine in Azure that will help solve some of the world’s toughest problems.

As we advance our hardware, we are also focused on empowering software innovators to advance their algorithms. The Azure Quantum Resource Estimator performs one of the most challenging problems for researchers developing quantum algorithms. It breaks down the resources required for a quantum algorithm, including the total number of physical qubits, the computational resources required including wall clock time, and the details of the formulas and values used for each estimate. This means algorithm development becomes the focus, with the goal of optimizing performance and decreasing cost. For the first time, it is possible to compare resource estimates for quantum algorithms at scale across different hardware profiles. Start from well-known, pre-defined qubit parameter settings and quantum error correction (QEC) schemes or configure unique settings across a wide range of machine characteristics such as operation error rates, operation speeds, and error correction schemes and thresholds.

“Resource estimation is an increasingly important task for development of quantum computing technology. We are happy we could use Microsoft’s new tool for our research on this topic. It’s easy to use. The integration process was simple, and the results give both a high-level overview helpful for people new to error correction, as well as a detailed breakdown for experts. Resource estimation should be a part of the pipeline for anyone working on fault-tolerant quantum algorithms. Microsoft’s new tool is great for this.”— Michał Stęchły, Tech Lead at Quantum Software Team, Zapata Computing.

The Resource Estimator will help drive the transition from today’s noisy intermediate scale quantum (NISQ) systems to tomorrow’s fault-tolerant quantum computers. Today’s NISQ systems might enable running small numbers of operations in an algorithm successfully, but to get to practical quantum advantage there will need to be trillions and more operations running successfully. This gap will be closed by scaling up to a fault-tolerant quantum machine with built-in Quantum Error Correction. This means each qubit and operation requested in a user’s program will be encoded into some number of physical qubits and operations at the hardware level, and the software stack will perform this conversion automatically.  Now with the Resource Estimator, you can walk through these conversions, estimate the overheads in time and space required to enable implementation of your scaled quantum algorithms on a variety of hardware designs, and use the information to improve your algorithms and applications well before scaled fault-tolerant hardware is available.  In our recent preprint on the arXiv, we show how to use the Resource Estimator to understand the cost of three important quantum algorithms that promise practical quantum advantage.

Resource Estimation paves the way for hardware-software co-design, enabling hardware designers to improve their architectures based on how large-scale algorithms might run on their specific implementation, and in turn, allowing algorithm and software developers to iterate on bringing down the cost of algorithms at scale.

“The Resource Estimator breaks down the resources needed to run a useful algorithm at scale. Putting precise numbers on the actual scale at which quantum computing provides industry-relevant solutions sheds light on the tremendous effort that has yet to be realized. This strengthens our commitment to our roadmap, which is focused on delivering an error-corrected quantum computer using a hardware-efficient approach.”—Jérémie Guillaud, Chief of Theory at Alice&Bob.

Built on the foundation of community-supported quantum intermediate representation (QIR), it is both extensible and portable and can be used with popular quantum SDKs and languages such as Q# and Qiskit. QIR was created in alliance with the Linux Foundation and other partners and is an open source standard that serves as a common interface between many languages and target quantum computation platforms.

Getting started with resource estimation

It is easy to get started and gain your first insights with the tool. The example below shows how to estimate and analyze the physical resources required to run a quantum program on a fault-tolerant quantum computer.

1. Set up your Azure Quantum workspace and get started with Resource Estimation.

Azure Quantum, Azure’s free, cloud-based service, is available to everyone. To get started, just set up an Azure account (check out free Azure accounts for students) and create an Azure Quantum workspace in the Azure Portal.

If you already have an Azure Quantum workspace setup:

2. Start with a ready-to-use sample.

To start running quantum programs with no installation required, try our free hosted notebooks experience in the Azure Portal. Our hosted Jupyter Notebooks enable a variety of languages and Quantum SDKs. You will find them in your Azure Quantum workspace (#1). Selecting Notebooks in the portal will take you to the sample gallery, where you will find the Resource Estimation tab (#2). Once there, choose one of the first two samples and then select the “Copy to my notebooks” button (#3) to add the sample to your workspace (#3).

3. Run your first Resource Estimation

After the sample has been copied to My notebooks you can select it from the Workspace menu to load it as a hosted notebook in the Azure Portal. From there, just select Run all from the top of the Jupyter Notebook to execute the program. You will be able to run an entire Resource Estimation job without writing a single line of code!

The results will immediately provide estimates of total physical qubits and runtime for the algorithm provided. For a deeper understanding of the resources consumed by the algorithm, you can trace the source of each result with detailed explanations of formulas. These deeper results can be re-used and shared in your research.

Learn more about Resource Estimation

There are many ways to learn more:

• Visit our technical documentation for more information on Resource Estimation, including detailed steps to get you started.
• Login to the Azure Portal, visit your Azure Quantum workspace, and try an advanced sample on topics such as factoring and quantum chemistry.
• Dive deeper into our research on Resource Estimation at arXiv.org.

This post was co-authored by Jyothi Venkatesh, Senior Product Manager, Azure HPC and Fanny Ou, Technical Program Manager, Azure HPC.

The next generation of purpose-built Azure HPC virtual machines

Today, we are excited to announce two new virtual machines (VMs) that deliver more performance, value-adding innovation, and cost-effectiveness to every Azure HPC customer. The all-new HX-series and HBv4-series VMs are coming soon to the East US region, and thereafter to the South Central US, West US3, and West Europe regions. These new VMs are optimized for a variety of HPC workloads such as computational fluid dynamics (CFD), finite element analysis, frontend and backend electronic design automation (EDA), rendering, molecular dynamics, computational geoscience, weather simulation, AI inference, and financial risk analysis.

Innovative technologies to help HPC customers where it matters most

HX and HBv4 VMs are packed with new and innovative technologies that maximize performance and minimize total HPC spend, including:

• 4th Gen AMD EPYC™ processors (Preview, Q4 2022).
• Upcoming AMD EPYC processors, codenamed “Genoa-X,” (with general availability in 1H 2023).
• 800 GB/s of DDR5 memory bandwidth (STREAM TRIAD).
• 400 Gb/s NVIDIA Quantum-2 CX7 InfiniBand, the first on the public cloud.
• 80 Gb/s Azure Accelerated Networking.
• PCIe Gen4 NVMe SSDs delivering 12 GB/s (read) and 7 GB/s (write) of storage bandwidth.

Below are preliminary benchmarks from the preview of HBv4 and HX series VMs using 4th Gen AMD EPYC processors across several common HPC applications and domains. For comparison, performance information is also included from Azure’s most recent H-series (HBv3-series with Milan-X processors), as well as a 4-year-old HPC-optimized server commonly found in many on-premises datacenters (represented here by Azure HC-series with Skylake processors).

Figure 1: Performance comparison of HBv4/HX-series in Preview to HBv3-series and four-year-old server technology in an HPC-optimized configuration across diverse workloads and scientific domains.

Learn more about the performance of HBv4 and HX-series VMs with 4th Gen EPYC CPUs.

HBv4-series brings performance leaps across a diverse set of HPC workloads

Azure HBv3 VMs with 3rd Gen AMD EPYC™ processors with AMD 3D V-cache™ Technology already deliver impressive levels of HPC performance, scaling MPI workloads up to 27x higher than other clouds, surpassing many of the leading supercomputers in the world, and offering the disruptive value proposition of faster time to solution with lower total cost. Unsurprisingly, the response from customers and partners has been phenomenal. With the introduction of HBv4 series VMs, Azure is raising the bar yet again—this time across an even greater diversity of memory performance-bound, compute-bound, and massively parallel workloads.

VM Size	Physical CPU Cores	RAM (GB)	Memory Bandwidth (STREAM TRIAD) (GB/s)	L3 Cache/VM (MB)	FP64 Compute (TFLOPS)	InfiniBand RDMA Network (Gbps)
Standard_HB176rs_v4	176	688	800	768 MB	6	400
Standard_HB176-144rs_v4	144	688	800	768 MB	6	400
Standard_HB176-96rs_v4	96	688	800	768 MB	6	400
Standard_HB176-48rs_v4	48	688	800	768 MB	6	400
Standard_HB176-24rs_v4	24	688	800	768 MB	6	400

Notes: 1) “r” denotes support for remote direct memory access (RDMA) and “s” denotes support for Premium SSD disks. 2) At General Availability, Azure HBv4 VMs will be upgraded to Genao-X processors featuring 3D V-cache. Updated technical specifications for HBv4 will be posted at that time.

HX-series powers next generation silicon design

In Azure, we strive to deliver the best platform for silicon design, both now and far into the future. Azure HBv3 VMs, featuring 3rd Gen AMD EPYC processors with AMD 3D V-cache Technology, are a significant step toward this objective, offering the highest performance and total cost effectiveness in the public cloud for small and medium memory EDA workloads. With the introduction of HX-series VMs, Azure is enhancing its differentiation with a VM purpose-built for even larger models becoming commonplace among chip designers targeting 3, 4, and 5 nanometer processes.

HX VMs will feature 3x more RAM than any prior H-series VM, up to nearly 60 GB of RAM per core, and constrained cores VM sizes to help silicon design customers maximize ROI of their per-core commercial licensing investments.

VM Size	Physical CPU Cores	RAM (GB)	Memory/Core(GB)	L3 Cache/VM (MB)	Local SSD NVMe (TB)	InfiniBand RDMA Network (Gbps)
Standard_HX176rs	176	1,408	8	768	3.6 TB	400
Standard_HX176-144rs	144	1,408	10	768	3.6 TB	400
Standard_HX176-96rs	96	1,408	15	768	3.6 TB	400
Standard_HX176-48rs	48	1,408	29	768	3.6 TB	400
Standard_HX176-24rs	24	1,408	59	768	3.6 TB	400

Notes: 1) “r” denotes support for remote direct memory access (RDMA) and “s” denotes support for Premium SSD disks. 2) At General Availability, Azure HBv4 VMs will be upgraded to Genoa-X processors featuring 3D V-cache. Updated technical specifications for HBv4 will be posted at that time.

400 Gigabit InfiniBand for supercomputing customers

HBv4 and HX VMs are Azure’s first to leverage 400 Gigabit NVIDIA Quantum-2 InfiniBand. This newest generation of InfiniBand brings greater support for the offload of MPI collectives, enhanced congestion control, and enhanced adaptive routing capabilities. Using the new HBv4 or HX-series VMs and only a standard Azure Virtual Machine Scale Set (VMSS), customers can scale CPU-based MPI workloads beyond 50,000 cores per job.

Continuous improvement for Azure HPC customers

Microsoft and AMD share a vision for a new era of high-performance computing in the cloud: one defined by constant improvements to the critical research and business workloads that matter most to our customers. Azure continues to collaborate with AMD to make this vision a reality by raising the bar on the performance, scalability, and value we deliver with every release of Azure H-series VMs.

Figure 2: Azure HPC Performance 2019 through 2022.

Learn more about the performance of HBv4 and HX-series VMs with 4th Gen EPYC CPUs.

Customer and partner momentum

	“We’re pleased to see Altair® AcuSolve®’s impressive linear scale-up on the HBv3 instances, showing up to 2.5 times speedup. Performance increases 12.83 times with an 8-node (512-core) configuration on 3rd AMD EPYC™ processors, an excellent scale-up value for AcuSolve compared to the previous generation delivering superior price performance. We welcome the addition of the new Azure HBv4 and HX-series virtual machines and look forward to pairing them with Altair software to the benefit of our joint customers.” —Dr. David Curry, Senior Vice President, CFD and EDEM
	“Customers in the HPC industry continue to demand higher performance and optimizations to run their most mission-critical and data-intensive applications. 4th Gen AMD EPYC processors provide breakthrough performance for HPC in the cloud, delivering impressive time to results for customers adopting Azure HX-series and HBv4-series VMs.” —Lynn Comp, Corporate Vice President, Cloud Business, AMD
	“Ansys electronics, semiconductor, fluids, and structures customers demand more throughput out of their simulation tools to overcome challenges posed by product complexity and project timelines. Microsoft’s HBv3 virtual machines, featuring AMD’s 3rd Gen EPYC processors with 3D V-Cache, have been giving companies a great price/performance crossover point to support these multiphysics simulations on-demand and with very little IT overhead. We look forward to leveraging Azure’s next generation of HPC VMs featuring 4th Gen AMD EPYC processors, the HX and HBv4 series, to enable even greater simulation complexity and speed to help engineers reduce risk and meet time-to-market deadlines.” —John Lee, Vice President and General Manager, Electronics and Semiconductor, Ansys
	“We’ve helped thousands of customers combine the performance and scalability of the cloud, providing ease-of-use and instance access to our powerful computational software, which speeds the delivery of innovative designs. The two new high-performance computing virtual machines powered by the AMD Genoa processor on Microsoft Azure can provide our mutual customers with optimal performance as they tackle the ever-increasing demands of compute and memory capacity for gigascale, advanced-node designs.” —Mahesh Turaga, Vice President, Cloud Business Development, Cadence
	“Hexagon simulation software powers some of the most advanced engineering in the world. We’re proud to partner with Microsoft, and excited to pair our software with Azure’s new HBv4 virtual machines. During early testing in collaboration with the Azure HPC team, we have seen a generational performance speedups of 400 percent when comparing structural simulations running on HBv3 and HX-series VMs. We look forward to seeing what our joint customers will do with this remarkable combination of software and hardware to advance their research and productivity, now and tomorrow. In the first quarter of 2023, we will be benchmarking heavy industrial CFD computations, leveraging multiple HBv4 virtual machines connected through InfiniBand.” —Bruce Engelmann, CTO, Hexagon
	“Microsoft Azure has once again raised the bar for HPC infrastructure platform in the cloud this time with the launch of Azure HBv4 and HX virtual machines based on AMD’s 4th gen EPYC Genoa CPUs. We are expecting a strong customer demand for HBv4 and are excited to offer it to our customers that would like to run CFD, EDA, or other types of HPC workloads in the cloud. —Mulyanto Poort, Vice President of HPC Engineering at Rescale
	“Early testing by AMD with Siemens EDA workloads showed 15 percent to 22 percent improvements in runtimes with Microsoft Azure’s new AMD-based virtual machines compared to the previous generation. Semiconductor chip designers face a range of technical challenges that make hitting release dates extremely difficult. The combined innovation of AMD, Microsoft Azure, and Siemens provides a simplified path to schedule predictability through the increased performance possible with the latest offerings.” —Craig Johnson, Vice President, Siemens, EDA Cloud Solutions
	“Customer adoption of the cloud for chip development is accelerating, driven by complexity and time-to-market advantages. The close collaboration between Synopsys and Microsoft brings together EDA and optimized compute to enable customers to scale under the Synopsys FlexEDA pay-per-use model. Verification represents a significant EDA workload in today’s complex SoCs and with the release of AMD’s next-generation EPYC processor available on Microsoft Azure, customers can take advantage of the optimized cache utilization and NUMA-aware memory layout techniques to achieve up to 2x verification throughput over previous generations.” —Sandeep Mehndiratta, Vice President of Cloud at Synopsys

Learn more

#AzureHPCAI

We are very excited to announce the general availability of Azure Payment HSM, a BareMetal Infrastructure as a service (IaaS) that enables customers to have native access to payment HSM in the Azure cloud. With Azure Payment HSM, customers can seamlessly migrate PCI workloads to Azure and meet the most stringent security, audit compliance, low latency, and high-performance requirements needed by the Payment Card Industry (PCI).

Azure Payment HSM service empowers service providers and financial institutions to accelerate their payment system’s digital transformation strategy and adopt the public cloud.

“Payment HSM support in the public cloud is one of the most significant hurdles to overcome in moving payment systems to the public cloud.  While there are many different solutions, none can meet the stringent requirements required for a payment system. Microsoft, working with Thales, stepped up to provide a payment HSM solution that could meet the modernization ambitions of ACI Worldwide’s technology platform. It has been a pleasure working with both teams to bring this solution to reality.” —Timothy White, Chief Architect, Retail Payments and Cloud

Service overview

Azure Payment HSM solution is delivered using Thales payShield 10K Payment HSM, which offers single-tenant HSMs and full remote management capabilities. The service is designed to enable total customer control with strict role and data separation between Microsoft and the customer. HSMs are provisioned and connected directly to the customer’s virtual network, and the HSMs are under the customer’s sole administration control. Once allocated, Microsoft’s administrative access is limited to “Operator” mode and full responsibility for configuration and maintenance of the HSM and software falls upon the customer. When the HSM is no longer required and the device is returned to Microsoft, customer data is erased to ensure  privacy and security. The solution comes with Thales payShield premium package license and enhanced support Plan, with a direct relationship between the customer and Thales.

Figure 1: After HSM is provisioned, HSM device is connected directly to a customer’s virtual network with full remote HSM management capabilities through Thales payShield Manager and TMD.

The customer can quickly add more HSM capacity on demand and subscribe to the highest performance level (up to 2500 CPS) for mission-critical payment applications with low latency. The customer can upgrade, or downgrade HSM performance level based on business needs without interruption of HSM production usage. HSMs can be easily provisioned as a pair of devices and configured for high availability.

Azure remains committed to helping customers achieve compliance with the Payment Card Industry’s leading compliance certifications. Azure Payment HSM is certified across stringent security and compliance requirements established by the PCI Security Standards Council (PCI SSC) including PCI DSS, PCI 3DS, and PCI PIN. Thales payShield 10K HSMs are certified to FIPS 140-2 Level 3 and PCI HSM v3. Azure Payment HSM customers can significantly reduce their compliance time, efforts, and cost by leveraging the shared responsibility matrix from Azure’s PCI Attestation of Compliance (AOC).

Typical use cases

Financial institutions and service providers in the payment ecosystem including issuers, service providers, acquirers, processors, and payment networks will benefit from Azure Payment HSM. Azure Payment HSM enables a wide range of use cases, such as payment processing, which allows card and mobile payment authorization and 3D-Secure authentication; payment credential issuing for cards, wearables, and connected devices; securing keys and authentication data and sensitive data protection for point-to-point encryption, security tokenization, and EMV payment tokenization.

Get started

Azure Payment HSM is available at launch in the following regions: East US, West US, South Central US, Central US, North Europe, and West Europe

As Azure Payment HSM is a specialized service, customers should ask their Microsoft account manager and CSA to send the request via email.

Learn more about Azure Payment HSM

To download PCI certification reports and shared responsibility matrices:

This blog was co-authored by Gopikrishna Kannan, Principal Program Manager, Azure Networking.

Network security policies are constantly evolving to keep pace with the demands of workloads. With the acceleration of workloads to the cloud, network security policies—Azure Firewall policies in particular—are frequently changing and often updated multiple times in a week (in many cases several times in a day). Over time, the Azure Firewall network and application rules grow and can become suboptimal, impacting the firewall performance and security. For example, high volume and frequently hit rules can be unintentionally prioritized lower. In some cases, applications are hosted in a network that has been migrated to a different network. However, the firewall rules referencing older networks have not been deleted.

Optimizing Firewall rules is a challenging task for any IT team. Especially for large, geographically dispersed organizations, optimizing Azure Firewall policy can be manual, complex, and involve multiple teams across the world. Updates are risky and can potentially impact a critical production workload causing serious downtime. Well, not anymore!

Policy Analytics has been developed to help IT teams manage Azure Firewall rules over time. It provides critical insights and recommendations for optimizing Azure Firewall rules with a goal of strengthening your security posture. We are now excited to share that Policy Analytics for Azure Firewall is now in preview.

Optimize Azure Firewall rules with Policy Analytics

Policy Analytics helps IT teams address these challenges by providing visibility into traffic flowing through the Azure Firewall. Key capabilities available in the Azure Portal include:

• Firewall flow logs: Displays all traffic flowing through the Azure Firewall alongside hit rate and network and application rule match. This view helps identify top flows across all rules. You can filter flows matching specific sources, destinations, ports, and protocols.
• Rule analytics: Displays traffic flows mapped to destination network address translation (DNAT), network, and application rules. This provides enhanced visibility of all the flows matching a rule over time. You can analyze rules across both parent and child policies.
• Policy insight panel: Aggregates policy insights and highlights policy recommendations to optimize your Azure Firewall policies.
• Single-rule analysis: The single-rule analysis experience analyzes traffic flows matching the selected rule and recommends optimizations based on those observed traffic flows.

Deep dive into single-rule analysis

Let’s investigate single-rule analysis. Here we select a rule of interest to analyze the matching flows and optimize thereof.

Users can analyze Firewall rules with a few easy clicks.

Figure 1: Start by selecting Single-rule analysis.

With Policy Analytics, you can perform rule analysis by picking the rule of interest. You can pick a rule to optimize. For instance, you may want to analyze rules with a wide range of open ports or a large number of sources and destinations.

Figure 2: Select a rule and Run analysis.

Policy Analytics surfaces the recommendations based on the actual traffic flows. You can review and apply the recommendations, including deleting rules which don’t match any traffic or prioritizing them lower. Alternatively, you can lock down the rules to specific ports matching traffic.

Figure 3: Review the results and Apply selected changes.

Pricing

While in preview, enabling Policy Analytics on a Firewall Policy associated with a single firewall is billed per policy as described on the Azure Firewall Manager pricing page. Enabling Policy Analytics on a Firewall Policy associated with more than one firewall is offered at no additional cost.

Next steps

Policy Analytics for Azure Firewall simplifies firewall policy management by providing insights and a centralized view to help IT teams have better and consistent control of Azure Firewall. To learn more about Policy Analytics, see the following resources: