Azure Talk

Deploy Ubuntu VM to Azure with root User and SSH with Bicep

As shown in the previous post, it is easy to deploy a VM with bicep and Microsoft.Compute/virtualMachines. If it is an Azure Linux image, then the root user cannot be used for security reasons and access for SSH via username/password… Weiterlesen →

Deploy SQL Server VM with Adventure Works DB in Azure with Bicep

To deploy a VM with Bicep, the resource Microsoft.Compute/virtualMachines can be used. If the image from SQL Server is used, a Microsoft SQL Server is installed accordingly. However, a sample database or firewall rule is often required. These steps can… Weiterlesen →

Extract Missing Terraform Imports from Logfile

If existing environments are recreated in Terraform, the resources already exist. Therefore, the resources must be transferred to the Statefile for management by Terraform. The output for a Terraform apply is: already exists – to be managed via Terraform this… Weiterlesen →

Path-Bases Routing with Azure Application Gateway to App Services with Virtual Path

The Azure Application Gateway supports various routing options. With path-based routing, one or the other backend can be called depending on the URL. Things get a little more complicated when the apps on the app services are distributed in virtual… Weiterlesen →

Review European Cloud Summit 2024

The European Cloud Summit took place in Wiesbaden from May 14th to 16th. 3,000 participants and over 200 speakers met in the RheinMain CongressCenter. The sessions at the Cloud Summit were structured into 5 different tracks: Business and Strategy, Open… Weiterlesen →

Azure Pay-As-You-Go Prices Repository

Idea A repository will be created in which the price history of Azure can be tracked. Since the API for pay-as-you-go prices does not provide historical data, a repository with past prices should be created as CSV files. These files… Weiterlesen →

Automatic Software Inventory & Change Tracking with Azure-Monitoring-Agent (AMA)

If the software and inventory functionality is only used for the supported regions, the new approach can be used via the AMA and the documentation can be followed, which unfortunately contains some errors. From August, the new way via AMA… Weiterlesen →

Automatic Software Inventory & Change Tracking with Microsoft-Monitoring-Agent (MMA) and OmsAgentForLinux

In order to use the software inventory and change tracking, regardless of the region, the deprecated Microsoft Monitoring Agent must currently be used. The solution uses an Azure Automation account that is connected to the MMA/OMS Extension and reports the… Weiterlesen →

Download and Install Missing Referenced Policies from Azure Landing Zone Repository

As described in the Post Deploy PolicySets from Azure Landing Zone Repository, PolicySets (Initiatives) can be installed directly from the Azure Landing Zone Repositiory. However, if these references other policies, they must already be installed beforehand. The following script is… Weiterlesen →

Deploy PolicySets from Azure Landing Zone Repository

As described in the previous post, policies can be downloaded from the Enterprise Scale Architecture Repository and deployed into your own tenant. In addition to the mentioned policies, the repo also provides interesting Policy Initiatives (Policy Sets) that can also… Weiterlesen →

Deploy Policies from Azure Landing Zone Repository

With the Enterprise Scale Architecture, Microsoft offers various landing zone designs that can be used directly as Terraform or Bicep. Interesting is that the repository also contains policies that are not available in the Azure portal. Microsoft recommends these policies… Weiterlesen →

Access Data from Azure Storage Table via REST and with Storage Account Key

There are various ways to access a table of a storage account. If the storage account key is used, the request for the REST call must be generated in a complicated manner. The script getaztablerows.sh on Github shows the calculation:… Weiterlesen →

Azure Confidential Computing with PaaS

Introduction The previous article described the Confidential Computing features related to VMs. The same approach, i.e. securing data during processing, also applies to PaaS. These features will be discussed in this post. Features Featured not in the Picture

Azure Confidential Computing with VMs

Introduction Microsoft refers to the CCC in its definition: The Confidential Computing Consortium defines confidential computing as: The protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). And describes the encryption of data-in-use in… Weiterlesen →

Finding Cheapest VMs in Azure for VM List with Excel

The Problem For OnPrem VMs, with specific vCPU and RAM, the right VM sizes often have to be found in Azure. It is important that the prices are as low as possible. For example, with Windows, a machine with 8… Weiterlesen →

TOR Snowflake Proxy as Container Instance

What is snowflake? “Snowflake is a system that allows people from all over the world to access censored websites and applications. Similar to how VPNs assist users in getting around Internet censorship, Snowflake helps you avoid being noticed by Internet… Weiterlesen →

Azure Governance as space station

Cloud governance plays a very important role in the adaptation of the cloud. Cloud governance defines the guidelines for the cloud, i.e. the restrictions that should apply in the cloud, but also the freedom that every user can have. The… Weiterlesen →

Azure Governance als wachsende Raumstation

Bei der Adaption der Cloud spielt die Cloud Governance eine ganz wesentliche Rolle. Die Cloud Governance definiert die Richtlinien für die Cloud, also die Einschränkungen, die in der Cloud gelten sollen, aber auch die Freiheiten, die jeder User haben kann…. Weiterlesen →

Deploy to Azure Function behind Application Gateway (with Private Endpoints)

The previous post described how to deploy to an Azure Function if access is protected by an Application Gateway. Access to the function and to the management endpoint as well were protected. The Function was protected by the Function App… Weiterlesen →

Deploy to Azure Function behind Application Gateway (without Private Endpoints)

Azure Functions are a serverless way to run code. They support different programming languages and can scale quickly. As a developer, it is particularly easy to deploy functions directly from Visual Studio or Visual Studio Code. Functions are often protected… Weiterlesen →

Problems with Protecting Azure Container Registry

Most resources in Azure can be well protected by disabling public access. If public access is completely deactivated, access can take place via private endpoints. In most cases it is sufficient to restrict access to selected network to use service… Weiterlesen →

Mapping of physical Availability Zones to logical Availability Zone

The concept of Availability Zones is well explained in the Microsoft documentation. These are different physical locations within a region that have separate power, cooling, and network infrastructure. When building a resource, it can often be decided in which Availability… Weiterlesen →

Generate/Retrieve BusinessFlowId for PIM Access Review

Azure resources (e.g. subscriptions) can be better protected with PIM. As a result, access roles are not granted permanently, but must be requested for a specified period of time. After this period, the permission is automatically revoked. If the PIM… Weiterlesen →

Access Serial Console with different Network Configurations

The serial console for VMs is a very useful tool for adapting the VM or making checks via the portal. For this, however, the boot diagnostics must be activated (i.e. a storage account for the logs must exist) and the… Weiterlesen →

Access App Services without Host-Header Rewrite

If an AppService is called directly via its IP, either the certificate is invalid or the page cannot be found. If the call is made via HTTPS, the automatic generated certificate only stores the DNS name and not the IP,… Weiterlesen →

Storage Account as Backend Service for Application Gateways

Storage accounts are also often used as backend pools for Application Gateway. This allows the storage to be protected with private endpoints or service endpoints and accessed via a central entry point with an alternative URL. However, the Application Gateway… Weiterlesen →

Getting Costs of Azure Reserved Instances via REST

Various resources can be reserved in Azure, whereby use is guaranteed for 1 or 3 years. This can reduce the price of these resources by up to 72%. In the portal you can see these reduced costs for the reservations:… Weiterlesen →

Activate “Vulnerability assessment for machines” via REST

The Defender for Cloud offers are used to receive notifications and alerts about Azure Services. To do this, it can be activated per subscription and per Azure Service (e.g. with Set-AzSecurityPricing or in the portal). However, what is not supported… Weiterlesen →

Define Consumption Budget with PowerShell and REST

To set up a budget with warning in Azure, the Az.Billing PowerShell Module offers the cmdlets New-AzConsumptionBudget. Unfortunately, the PowerShell commands don’t seem to be implemented correctly in version 2.0.0 at the Az Module 8.3.0 or newer (currently 9.0.1): The… Weiterlesen →

App Services with Private Endpoint and Outbound Routing

As described in the previous article, private endpoints can be used to securely access Azure services. With App Services there is an additional possibility to control the outgoing traffic. Specifically, when configuring the app service in the network area, 2… Weiterlesen →

« Ältere Beiträge

© 2024 Azure Talk — Diese Website läuft mit WordPress

Theme erstellt von Anders NorénNach oben ↑