If you are getting started working with Azure you might come across a few key terms that it's important to have a good understanding of. In this post I'm going to cover what I think are four of the key ones. Tenant A Tenant, as it relates to Azure, refers to a single instance of … Continue reading Understanding Tenants, Subscriptions, Regions and Geographies in Azure
If you run in an environment where you need to track changes to Tags on Resource Groups in Azure then you may find this PowerShell snippet useful as code to drop into a Runbook. The snippet will enumerate all Resource Groups in a Subscription (we assume you are already logged into the Subscription you want … Continue reading Read Tags from Azure Resource Groups and track using Table Storage
I am currently transitioning some work to another team in our business. Part of this transition has been to pre-configure various Service Endpoints in Visual Studio Team Services (VSTS) to provide a way for the new team to deploy into target Azure environments without the team necessarily having direct or privileged access into those Azure … Continue reading Provide non-admin users with read-only access to Service Endpoints in VSTS
If you've been working in the cloud infrastructure space for the last few years you can't have missed the buzz around Hashicorp's Terraform product. Terraform provides a declarative model for infrastructure provisioning that spans multiple cloud providers as well as on-premises services from the likes of VMWare. I've recently had the opportunity to use Terraform … Continue reading Recommendations on using Terraform to manage Azure resources
I am going to subtitle this post "the missing manual" because I spent quite a bit of time troubleshoothing how this should all work. Microsoft provides a bunch of useful information on how to deploy from Visual Studio Team Services (VSTS) to different targets, including Azure Virtual Machines. Updated Nov 2017: it looks like Microsoft … Continue reading Deploying to Azure VMs using VSTS Release Management
If you've ever worked in any form of systems administrator role then you will be familiar with process automation, even only for simple tasks like automating backups. You will also be familiar with the pain of configuring and managing identities for these automated processes (expired password or disabled/deleted account ever caused you any pain?!) While … Continue reading Azure Automation Runbooks with Azure AD Service Principals and Custom RBAC Roles
The introduction of the Azure Resource Manager platform in Azure continues to expose new possibilities for managing your deployed resources.
One scenario that you may not be aware of is the ability to use scoped RBAC role assignments to grant limited rights to Azure AD-based users and groups.
We know Azure provides us with many built-in RBAC roles, but it may not be immediately obvious that you can control their assignment scope.
What do I mean by this?
Simply that each RBAC role (including custom ones you create) can be used at various levels within Azure starting at the Subscription level (i.e. applies to anything in the Subscription) down to a Resource (i.e. applies just to one particular resource such as a Storage Account). Role assignments are also cascading – if I assign “Owner” rights to a User or Group at the Subscription level then they have that role…
View original post 355 more words