Managed Identities vs Service Principals - when to use what ?
Managed Identities eliminate the need for users to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azur...
Managed Identities eliminate the need for users to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azur...
To get the Object Id of the VM’s System Assigned Managed Identity, you need to call the Azure Instance Metadata Service (IMDS) endpoint and use the provided ...
Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integra...
Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integra...
Microsoft Defender for Containers is the new plan that merges the capabilities of the two existing Microsoft Defender for Cloud plans, Microsoft Defender for...
Using Managed Identities to access an OAuth 2.0 protected application is a best practice for an application to application communication or, as referred to i...
In enterprise scenarios, when you need to resolve on-premise DNS records or have cross-subscription DNS resolution of the private DNS zones, configuring prop...
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
Azure Function Keys are used for authorizing access to the functions. The host and the master key exist at the Function App level, while each function also h...
Falco is an open-source tool for container runtime security that can help you secure Azure Kubernetes Service (AKS) from zero-day vulnerabilities and unexpec...
HashiCorp Vault agent and the CSI (Container Storage Interface) provider use Kubernetes type of authentication, based on Kubernetes Service Account Token. Az...
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
In this series of posts, you will find all the steps needed to build a baseline or reference architecture for Azure Kubernetes Service (AKS) by incorporating...
Microsoft added support for querying audit reports for service principals in the beta version of the Microsoft Graph APIs. This functionality can help you bu...
Azure Container Instances (ACI) is a serverless container runtime offering. You can use it to deploy Linux containers into an Azure virtual network, which wi...
Connectors provide quick access from Azure Logic Apps to events, data, and actions across other apps, services and platforms. One of the frequently used conn...
Identifying all the VMs that are reachable from the Internet is something you must do to govern your environment successfully. It is not a simple task to per...
Virtual Machine Scale Sets (VMSS) enable you to create and manage a group of load-balanced virtual machines easily. VMSS is an IaaS service usually used in t...
Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network. By using private DNS zones, you can use cu...
Following industry standards and terms, the Azure Well-Architected Framework provides a set of Azure architecture best practices that support your cloud solu...
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Key Vault ACMEBot is an open-source solution for autom...
Kubernetes is originally designed to be deployed and used in Linux environments. The Windows Subsystem for Linux lets you run a Linux environment on Windows,...
The Windows Subsystem for Linux lets you run a Linux environment on Windows, without creating a virtual machine. WSL 2 is the latest version of the Windows S...
Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure AD. When accessing the Microsoft Graph, the man...
Azure Logic Apps is an event-based serverless offering that enables connecting and integrating disparate systems without writing a single line of code. Follo...
Availability Zone is a high-availability offering that protects you from datacenter failures. Zone to Zone Disaster Recovery enables VM replication between t...
OAuth 2.0 authorization at API Management gateway is an excellent solution if you want to introduce modern authorization for your legacy APIs, offload the au...
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows ...
API Management gateway can enforce TLS client authentication, and it can inspect the certificate contained within the client request and check for properties...
Last week I worked on an ARM template for a deployment that, among other resources, included Web Apps and SQL databases. One of the tasks was to allow the co...
Azure Virtual WAN is a managed hub-spoke architecture, that supports public (VPN) and private (Express Route) connectivity. The hub enables transitive connec...
Azure Kubernetes Service (AKS) is a managed Kubernetes cluster offering in Azure, meaning Microsoft is taking care of managing the Kubernetes masters. AKS is...
If you get the following error when you try to open a webpage using Linux command-line tool curl: curl: (60) SSL certificate problem: unable to get local ...
“Jekyll is a static site generator. You give it text written in your favorite markup language and it uses layouts to create a static website. You can twea...
Azure App Configuration provides a service to centrally manage application settings and feature flags. Modern programs, especially programs running in a clou...
If there is a need for a file upload support using API POST request, and there is a maximum file size set the backend, the best place to validate the file si...
Policies are a powerful capability of the Azure API Management (APIM) that allows the publisher to change the behavior of the API through configuration. APIM...
In this post, I’m explaining how to generate a wildcard certificate for the custom domain with openssl, using a custom Certificate Authority. You can find th...
Availability Zones is a high-availability offering that protects you from datacenter failures. Think of them as separate datacenter inside one Azure location...