I was recently at an event where I had a discussion with someone who mentioned they'd missed the news about the retirement of a feature in Azure that they were making use of in a solution. As a result, they continued to build against the feature until they were forced to make a change when … Continue reading Build your own Azure retirements email alerts service using Java, Azure Functions and Communication Services
Azure Availability Zones (AZs) are gradually rolling out around the globe, and a common question I see is what is the difference between the existing Azure Availability Set construct and the new Availability Zone construct? Can they co-exist, does one replace the other... there are lots of questions! In this post I'm going to explore … Continue reading Understanding Azure Availability Sets and Availability Zones
If you've been a meetup user or admin for the last couple of years then no doubt bots posting dodgy content on your Group's discussion boards (and the resulting notifications) have become the bane of your life. These bots join meetups and then start posting comments in either the group or individual events which are … Continue reading Using Azure services to deal with spam bots on Meetup
If you are getting started working with Azure you might come across a few key terms that it's important to have a good understanding of. In this post I'm going to cover what I think are four of the key ones. Tenant A Tenant, as it relates to Azure, refers to a single instance of … Continue reading Understanding Tenants, Subscriptions, Regions and Geographies in Azure
If you run in an environment where you need to track changes to Tags on Resource Groups in Azure then you may find this PowerShell snippet useful as code to drop into a Runbook. The snippet will enumerate all Resource Groups in a Subscription (we assume you are already logged into the Subscription you want … Continue reading Read Tags from Azure Resource Groups and track using Table Storage
I am currently transitioning some work to another team in our business. Part of this transition has been to pre-configure various Service Endpoints in Visual Studio Team Services (VSTS) to provide a way for the new team to deploy into target Azure environments without the team necessarily having direct or privileged access into those Azure … Continue reading Provide non-admin users with read-only access to Service Endpoints in VSTS
If you've been working in the cloud infrastructure space for the last few years you can't have missed the buzz around Hashicorp's Terraform product. Terraform provides a declarative model for infrastructure provisioning that spans multiple cloud providers as well as on-premises services from the likes of VMWare. I've recently had the opportunity to use Terraform … Continue reading Recommendations on using Terraform to manage Azure resources
I am going to subtitle this post "the missing manual" because I spent quite a bit of time troubleshoothing how this should all work. Microsoft provides a bunch of useful information on how to deploy from Visual Studio Team Services (VSTS) to different targets, including Azure Virtual Machines. Updated Nov 2017: it looks like Microsoft … Continue reading Deploying to Azure VMs using VSTS Release Management
If you've ever worked in any form of systems administrator role then you will be familiar with process automation, even only for simple tasks like automating backups. You will also be familiar with the pain of configuring and managing identities for these automated processes (expired password or disabled/deleted account ever caused you any pain?!) While … Continue reading Azure Automation Runbooks with Azure AD Service Principals and Custom RBAC Roles
The introduction of the Azure Resource Manager platform in Azure continues to expose new possibilities for managing your deployed resources.
One scenario that you may not be aware of is the ability to use scoped RBAC role assignments to grant limited rights to Azure AD-based users and groups.
We know Azure provides us with many built-in RBAC roles, but it may not be immediately obvious that you can control their assignment scope.
What do I mean by this?
Simply that each RBAC role (including custom ones you create) can be used at various levels within Azure starting at the Subscription level (i.e. applies to anything in the Subscription) down to a Resource (i.e. applies just to one particular resource such as a Storage Account). Role assignments are also cascading – if I assign “Owner” rights to a User or Group at the Subscription level then they have that role…
View original post 731 more words