Private Link and Flexible Server DNS resolution using custom VNET resolvers
In enterprise scenarios, when you need to resolve on-premise DNS records or have cross-subscription DNS resolution of the private DNS zones, configuring prop...
Posts by Tag
- AKS 8
- Kubernetes 4
- Certificates 3
- ARM 3
- Powershell 2
- APIMPolicy 2
- Application Gateway 2
- ACI 2
- APIM 2
- OAuth2 2
- MicrosoftGraph 2
- WSL2 2
- Key Vault 2
- ContainenerApps 2
- Managed Identity 2
- VMs 1
- Availability Zones 1
- Authentication 1
- AppConfiguration 1
- KeyVault 1
- Azure DevOps 1
- Jekyll 1
- WAN 1
- Firewall Manager 1
- OpenID 1
- VM 1
- ASR 1
- LogicApp 1
- Cognitive 1
- Storage 1
- ManagedIdentity 1
- Docker 1
- Well-Architected Framework 1
- Private DNS Zones 1
- VMSS 1
- Resource Graph 1
- Logic App 1
- ServicePrincipals 1
- Functions 1
- FlexibleServer 1
- Defender 1
- Terraform 1
AKS
Building an AKS baseline architecture - Part 4 - AAD Pod Identity
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
Building an AKS baseline architecture - Part 3 - GitOps with Flux2
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
Falco as an Azure Kubernetes Service (AKS) runtime security tool
Falco is an open-source tool for container runtime security that can help you secure Azure Kubernetes Service (AKS) from zero-day vulnerabilities and unexpec...
Access HashiCorp Vault secrets from AKS using Managed Identities
HashiCorp Vault agent and the CSI (Container Storage Interface) provider use Kubernetes type of authentication, based on Kubernetes Service Account Token. Az...
Building an AKS baseline architecture - Part 2 - Governance
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
Building an AKS baseline architecture - Part 1 - Cluster creation
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
Quickly and efficiently scale containerized applications using Azure Kubernetes Service, Container Instances, and Application Gateway
Azure Kubernetes Service (AKS) is a managed Kubernetes cluster offering in Azure, meaning Microsoft is taking care of managing the Kubernetes masters. AKS is...
Kubernetes
Deep dive into Azure Container Apps - Operating, security, reliability and pricing
Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integra...
Deep dive into Azure Container Apps - Overview and Networking
Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integra...
Deep dive into Defender for Containers
Microsoft Defender for Containers is the new plan that merges the capabilities of the two existing Microsoft Defender for Cloud plans, Microsoft Defender for...
Run Kubernetes on Windows 10 using WSL 2
Kubernetes is originally designed to be deployed and used in Linux environments. The Windows Subsystem for Linux lets you run a Linux environment on Windows,...
Certificates
Certificate management using Let’s Encrypt certificates and Azure Key Vault
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Key Vault ACMEBot is an open-source solution for autom...
SSL certificate error when accessing Application Gateway listener using curl
If you get the following error when you try to open a webpage using Linux command-line tool curl: curl: (60) SSL certificate problem: unable to get local ...
Generate self signed certificates
In this post, I’m explaining how to generate a wildcard certificate for the custom domain with openssl, using a custom Certificate Authority. You can find th...
ARM
Azure Function keys - what are those and how to access them
Azure Function Keys are used for authorizing access to the functions. The host and the master key exist at the Function App level, while each function also h...
Logic App connector for Key Vault using Managed Identity
Connectors provide quick access from Azure Logic Apps to events, data, and actions across other apps, services and platforms. One of the frequently used conn...
Azure Resource Manager templates - a lesson learned
Last week I worked on an ARM template for a deployment that, among other resources, included Web Apps and SQL databases. One of the tasks was to allow the co...
Powershell
Basic authentication in API Management using Key Vault
Policies are a powerful capability of the Azure API Management (APIM) that allows the publisher to change the behavior of the API through configuration. APIM...
Migrate virtual machine into availability zone
Availability Zones is a high-availability offering that protects you from datacenter failures. Think of them as separate datacenter inside one Azure location...
APIMPolicy
Limit the size of POST requests in Azure API Management
If there is a need for a file upload support using API POST request, and there is a maximum file size set the backend, the best place to validate the file si...
Basic authentication in API Management using Key Vault
Policies are a powerful capability of the Azure API Management (APIM) that allows the publisher to change the behavior of the API through configuration. APIM...
Application Gateway
Quickly and efficiently scale containerized applications using Azure Kubernetes Service, Container Instances, and Application Gateway
Azure Kubernetes Service (AKS) is a managed Kubernetes cluster offering in Azure, meaning Microsoft is taking care of managing the Kubernetes masters. AKS is...
SSL certificate error when accessing Application Gateway listener using curl
If you get the following error when you try to open a webpage using Linux command-line tool curl: curl: (60) SSL certificate problem: unable to get local ...
ACI
Azure Container Instances in VNET with custom DNS
Azure Container Instances (ACI) is a serverless container runtime offering. You can use it to deploy Linux containers into an Azure virtual network, which wi...
Quickly and efficiently scale containerized applications using Azure Kubernetes Service, Container Instances, and Application Gateway
Azure Kubernetes Service (AKS) is a managed Kubernetes cluster offering in Azure, meaning Microsoft is taking care of managing the Kubernetes masters. AKS is...
APIM
Protect your APIs with Azure API Management - part 2 (OAuth 2.0)
OAuth 2.0 authorization at API Management gateway is an excellent solution if you want to introduce modern authorization for your legacy APIs, offload the au...
Protect your APIs with Azure API Management - part 1 (client certificates)
API Management gateway can enforce TLS client authentication, and it can inspect the certificate contained within the client request and check for properties...
OAuth2
OAuth 2.0 with Managed Identities
Using Managed Identities to access an OAuth 2.0 protected application is a best practice for an application to application communication or, as referred to i...
Back to basics - OAuth 2.0 and OpenID Connect
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows ...
MicrosoftGraph
Get login details for service principals
Microsoft added support for querying audit reports for service principals in the beta version of the Microsoft Graph APIs. This functionality can help you bu...
How to add Microsoft Graph API permissions to a Managed Identity
Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure AD. When accessing the Microsoft Graph, the man...
WSL2
Run Kubernetes on Windows 10 using WSL 2
Kubernetes is originally designed to be deployed and used in Linux environments. The Windows Subsystem for Linux lets you run a Linux environment on Windows,...
Run Linux containers on Windows 10 using WSL 2
The Windows Subsystem for Linux lets you run a Linux environment on Windows, without creating a virtual machine. WSL 2 is the latest version of the Windows S...
Key Vault
Logic App connector for Key Vault using Managed Identity
Connectors provide quick access from Azure Logic Apps to events, data, and actions across other apps, services and platforms. One of the frequently used conn...
Certificate management using Let’s Encrypt certificates and Azure Key Vault
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Key Vault ACMEBot is an open-source solution for autom...
ContainenerApps
Deep dive into Azure Container Apps - Operating, security, reliability and pricing
Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integra...
Deep dive into Azure Container Apps - Overview and Networking
Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integra...
Managed Identity
Managed Identities vs Service Principals - when to use what ?
Managed Identities eliminate the need for users to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azur...
How to get the System Assigned Managed Identity Object Id from within the VM?
To get the Object Id of the VM’s System Assigned Managed Identity, you need to call the Azure Instance Metadata Service (IMDS) endpoint and use the provided ...
VMs
Migrate virtual machine into availability zone
Availability Zones is a high-availability offering that protects you from datacenter failures. Think of them as separate datacenter inside one Azure location...
Availability Zones
Migrate virtual machine into availability zone
Availability Zones is a high-availability offering that protects you from datacenter failures. Think of them as separate datacenter inside one Azure location...
Authentication
Basic authentication in API Management using Key Vault
Policies are a powerful capability of the Azure API Management (APIM) that allows the publisher to change the behavior of the API through configuration. APIM...
AppConfiguration
How to use Key Vault references in App Configuration from .NET Framework Console application
Azure App Configuration provides a service to centrally manage application settings and feature flags. Modern programs, especially programs running in a clou...
KeyVault
How to use Key Vault references in App Configuration from .NET Framework Console application
Azure App Configuration provides a service to centrally manage application settings and feature flags. Modern programs, especially programs running in a clou...
Azure DevOps
Using Azure DevOps to build and release a Jekyll site
“Jekyll is a static site generator. You give it text written in your favorite markup language and it uses layouts to create a static website. You can twea...
Jekyll
Using Azure DevOps to build and release a Jekyll site
“Jekyll is a static site generator. You give it text written in your favorite markup language and it uses layouts to create a static website. You can twea...
WAN
Managed and secured hub-spoke architecture using Azure WAN and Firewall Manager
Azure Virtual WAN is a managed hub-spoke architecture, that supports public (VPN) and private (Express Route) connectivity. The hub enables transitive connec...
Firewall Manager
Managed and secured hub-spoke architecture using Azure WAN and Firewall Manager
Azure Virtual WAN is a managed hub-spoke architecture, that supports public (VPN) and private (Express Route) connectivity. The hub enables transitive connec...
OpenID
Back to basics - OAuth 2.0 and OpenID Connect
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows ...
VM
Zone to Zone Disaster Recovery in Azure
Availability Zone is a high-availability offering that protects you from datacenter failures. Zone to Zone Disaster Recovery enables VM replication between t...
ASR
Zone to Zone Disaster Recovery in Azure
Availability Zone is a high-availability offering that protects you from datacenter failures. Zone to Zone Disaster Recovery enables VM replication between t...
LogicApp
Integrate Storage with Computer Vision and Cognitive Search using Logic Apps
Azure Logic Apps is an event-based serverless offering that enables connecting and integrating disparate systems without writing a single line of code. Follo...
Cognitive
Integrate Storage with Computer Vision and Cognitive Search using Logic Apps
Azure Logic Apps is an event-based serverless offering that enables connecting and integrating disparate systems without writing a single line of code. Follo...
Storage
Integrate Storage with Computer Vision and Cognitive Search using Logic Apps
Azure Logic Apps is an event-based serverless offering that enables connecting and integrating disparate systems without writing a single line of code. Follo...
ManagedIdentity
How to add Microsoft Graph API permissions to a Managed Identity
Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure AD. When accessing the Microsoft Graph, the man...
Docker
Run Linux containers on Windows 10 using WSL 2
The Windows Subsystem for Linux lets you run a Linux environment on Windows, without creating a virtual machine. WSL 2 is the latest version of the Windows S...
Well-Architected Framework
Azure Well-Architected Framework
Following industry standards and terms, the Azure Well-Architected Framework provides a set of Azure architecture best practices that support your cloud solu...
Private DNS Zones
Idempotent script to provision Private DNS Zone in Azure
Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network. By using private DNS zones, you can use cu...
VMSS
Virtual Machine Scale Sets (VMSS) best practices
Virtual Machine Scale Sets (VMSS) enable you to create and manage a group of load-balanced virtual machines easily. VMSS is an IaaS service usually used in t...
Resource Graph
Identifying VMs with Public IP address
Identifying all the VMs that are reachable from the Internet is something you must do to govern your environment successfully. It is not a simple task to per...
Logic App
Logic App connector for Key Vault using Managed Identity
Connectors provide quick access from Azure Logic Apps to events, data, and actions across other apps, services and platforms. One of the frequently used conn...
ServicePrincipals
Get login details for service principals
Microsoft added support for querying audit reports for service principals in the beta version of the Microsoft Graph APIs. This functionality can help you bu...
Functions
Azure Function keys - what are those and how to access them
Azure Function Keys are used for authorizing access to the functions. The host and the master key exist at the Function App level, while each function also h...
FlexibleServer
Private Link and Flexible Server DNS resolution using custom VNET resolvers
In enterprise scenarios, when you need to resolve on-premise DNS records or have cross-subscription DNS resolution of the private DNS zones, configuring prop...
Defender
Deep dive into Defender for Containers
Microsoft Defender for Containers is the new plan that merges the capabilities of the two existing Microsoft Defender for Cloud plans, Microsoft Defender for...
Terraform
How to get the System Assigned Managed Identity Object Id from within the VM?
To get the Object Id of the VM’s System Assigned Managed Identity, you need to call the Azure Instance Metadata Service (IMDS) endpoint and use the provided ...