Sep27202527 September 202527 September 20250Commentby Gregor Suttie

Using GitHub CoPilot with Azure

Posted in Uncategorized

This is my entry for this year’s Azure Back To School. Massive shout-out to Dwayne Natwick for organising this every year!

If you’re building on Azure, integrating GitHub Copilot into your workflow can save time, reduce friction, and help with infrastructure, deployment, and debugging, not just writing business logic.

Below is an explanation of how to use it, what works well, and what to be aware of.

What “Copilot + Azure” means today

Here’s how the two worlds overlap currently:

GitHub Copilot for Azure: a VS Code extension that lets you ask about Azure, manage resources, deploy, and diagnose, all from the Copilot chat interface.

Copilot + Azure DevOps / Azure Repos: You can use Copilot with Azure Repos for suggestions, commit messages, and PR descriptions.

Agentic DevOps vision: Copilot is evolving into autonomous “agents” that can perform multi-step tasks, such as refactoring, testing, and fixing bugs. Azure pipelines, boards, and resource operations may tie into that.

Inner sourcing/knowledge reuse via MCP server: You can integrate Azure DevOps/Azure MCP server with Copilot, allowing it to suggest content from your organisation’s own modules or documentation.

Azure Boards integration: you can assign work items from Azure Boards to a Copilot coding agent, and track progress.

So it’s not just “autocomplete in VS Code + Azure SDK”, Copilot is pushing into infrastructure, operations, and agentic automation.

How to get started (practical steps)

  • Install Copilot and the Azure extension
    • In VS Code, get the GitHub Copilot for Azure extension.
    • You need a Copilot license (Pro, Business, etc.)
  • Use @azure prompts in Copilot Chat
    • Once the extension is active, you can prefix prompts with @azure to query Azure resource info, diagnose, or even do operations.

Examples:

@azure Deploy an Azure Function HTTP trigger with .NET 8
@azure What are the cost tiers for Azure SQL in West Europe?
@azure Diagnose why my webapp is showing 500 errors
  • Deploy from within the editor
    • Copilot for Azure can suggest CLI commands, resource templates, or deployment steps without you switching to the Azure Portal.
  • Use Copilot in code + infra files
    • When you edit ARM templates, Bicep, Terraform alongside app code, Copilot can help complete resource definitions, parameter scaffolding, and provide relevant snippets.
  • Explore agentic features
    • Try Copilot agents for multi-file changes, code refactors, or cloud migration tasks. (Feature availability depends on your subscription and preview access.)
  • Enable MCP / context servers
    • For tighter integration (e.g. your organization’s code modules, Azure DevOps context), you can configure MCP (Model Context Protocol) servers so Copilot has richer context

Benefits you’ll see

  • Faster iteration: fewer trips to Azure portal or docs.
  • Context-aware suggestions: Copilot knows your Azure setup or resource naming.
  • Multi-step automation: not just code, but “deploy, test, monitor” flows.
  • Consistency: reuse corporate standards or templates via inner sourcing.
  • Better dev-ops synergy: bridging code and cloud operations in one interface.

Example scenario
Let’s say you’re building a serverless API on Azure Functions + Cosmos DB.

@azure Create an Azure Function project with HTTP trigger, .NET 8

Copilot responds with scaffold commands, project template.

@azure Provision a Cosmos DB instance with RU/s 400, region North Europe

Next up try
@azure Deploy this function and connect to Cosmos DB

It issues az commands or points you to CI/CD YAML.

If you see any errors after deployment:

@azure Diagnose 500 error in function logs

It helps inspect logs, points you to misconfigurations or missing settings.

Meanwhile, inside code files, Copilot suggests resource names, configuration keys, and helper snippets.

Future direction & what to watch

  • More tasks handed over to the coding agent (not just suggestions).
  • Better integration into Azure services (monitoring, cost, policies).
  • Richer context via MCP so that Copilot is aware of your entire org’s patterns.
  • Tighter link between Azure Boards / Pipelines and Copilot agents. (You already can assign work items to Copilot.
  • Stronger guardrails: security analysis baked into generated infra code.

Summary

I use this GitHub Copilot on a daily basis and I recommend you at least take a look at it, if not use it daily too!


Aug25202525 August 202525 August 2025by Gregor Suttie

Using VS Code Beast Mode to learn

Posted in AI, Azure

Subscribe to continue reading

Subscribe to get access to the rest of this post and other subscriber-only content.


Tags:

Jun0220252 June 20252 June 20250Commentby Gregor Suttie

Microsoft Build: My Takeaways from this years conference

Posted in Uncategorized

This years Microsoft Build was full of new releases, new services, new ways of doing things, and yep, lots of AI. The following are just some of the areas that grabbed my interest whilst attending the conference, due to working at it, I havent had time to try the demos, check out some of the announcements and get hands on with the tech that has newly been released, but I will in the coming weeks.

If like me you havent managed to catchup on the announcements then you can read the book of news for Build 2025.

If you are looking to upgrade your existing .net Framework application to .net Core then checkout thiese links:-

Docs: https://learn.microsoft.com/en-us/dotnet/core/porting/upgrade-assistant-overview
Upgrade Extension: https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.upgradeassistant

If you would like co-pilot to help you upgrade your version of a .net Core application then here are some very useful links.

There is also some help available if you are just starting out and would like help deploying your application to Azure – Quickstart: Deploy your application to Azure with agent mode in GitHub Copilot for Azure

If you are interested in Hosting remote MCP Server’s in Azure App Service then this articlae has you covered – https://techcommunity.microsoft.com/blog/appsonazureblog/host-remote-mcp-servers-in-azure-app-service/4405082

Two of my favourite annoucements recently were the GitHub CoPilot Coding Agent and the new SRE Agent coming soon (you can sign up for this preview now!) and read more about the SRE agent – https://techcommunity.microsoft.com/blog/azurepaasblog/introducing-azure-sre-agent/4414569

Interested in some AI Labs then look no further than – https://ai.azure.com/labs

Maybe you like creating videos and now within Azure you can create high-quality visual content with GPT-Image-1 and Sora on Azure OpenAI—tailored for professional use cases – https://github.com/Azure-Samples/visionary-lab


Jun0220252 June 20252 June 20250Commentby Gregor Suttie

Upgrading Your .NET Applications: Exploring .NET Upgrade Assistants at Microsoft Build

Posted in Uncategorized

Microsoft Build is the flagship event for developers, showcasing the latest tools, frameworks, and innovations to empower modern software development. Among the highlights in recent years has been the focus on modernizing .NET applications, particularly through the .NET Upgrade Assistant tools. These tools streamline the transition from legacy .NET Framework to modern .NET (formerly .NET Core) and support upgrades between .NET versions. Additionally, the integration of GitHub Copilot in Visual Studio Code (VS Code) has added an AI-powered dimension to the upgrade process, making it smarter and more efficient. In this blog post, I’ll dive into the .NET Upgrade Assistant for migrating from .NET Framework to .NET Core, explore the .NET Core Upgrade Assistant, and highlight how Copilot in VS Code enhances these processes.

The Need for .NET Modernization

The .NET ecosystem has evolved significantly since the days of .NET Framework. With the introduction of .NET Core (now simply .NET), Microsoft unified its development platform to support cross-platform applications, improved performance, and modern cloud-native architectures. However, many organizations still rely on .NET Framework applications built years ago, which are tied to Windows and lack the scalability and features of modern .NET. Upgrading to .NET 8 or 9 (the latest Long-Term Support and Standard-Term Support versions as of 2025) unlocks benefits like enhanced performance, new APIs, and better cloud integration.

The challenge? Migrating legacy applications can be complex, involving changes to project structures, dependencies, and codebases. This is where the .NET Upgrade Assistant comes in, offering automated tools to simplify the process. At Microsoft Build, these tools have been showcased as critical for developers looking to modernize their applications efficiently.

.NET Upgrade Assistant: From .NET Framework to .NET Core

The .NET Upgrade Assistant is a powerful tool designed to help developers migrate .NET Framework applications to modern .NET. Available as both a Visual Studio extension and a command-line interface (CLI) tool, it automates many manual tasks, such as updating project files, converting to SDK-style projects, and addressing code incompatibilities. Let’s break down its key features and how it was highlighted at Microsoft Build.

Key Features of the .NET Upgrade Assistant

  1. Project File Conversion: The .NET Upgrade Assistant converts legacy .NET Framework project files to the modern SDK-style format used by .NET Core and beyond. This is a critical step, as the SDK-style format simplifies project configuration and supports cross-platform development. The tool leverages the try-convert utility to automate this process, reducing the need for manual edits.
  2. Code Analysis and Fixes: The assistant includes a robust analysis engine that scans your codebase for incompatibilities, such as deprecated APIs or platform-specific dependencies. It generates a detailed report with status icons (e.g., green checkmarks for successful upgrades, yellow warnings for issues needing attention, or red Xs for failures) and logs actions in the Visual Studio Output window. This helps developers prioritize fixes and ensure a smooth migration.
  3. Incremental Upgrades: For complex applications, such as ASP.NET web apps, the tool supports a side-by-side incremental upgrade approach. This creates a new .NET project alongside the existing .NET Framework project, allowing developers to migrate endpoints gradually while keeping the application functional. This is particularly useful for large-scale projects where a full rewrite isn’t feasible.
  4. NuGet Package Management: The assistant updates NuGet package references to compatible versions for the target .NET version. Recent updates, as announced at Microsoft Build, also support upgrading to Centralized Package Management (CPM), which simplifies dependency management across multiple projects.
  5. Extensibility: The tool supports third-party extensions through package and API mappings, allowing vendors to define how their libraries should be upgraded. This ensures compatibility with external dependencies, a common pain point in migrations.

Using the .NET Upgrade Assistant in Visual Studio

To use the .NET Upgrade Assistant in Visual Studio:

  1. Install the Extension: Available from the Visual Studio Marketplace, the extension integrates seamlessly with Visual Studio 2022 (version 17.1 or newer). You can verify installation by checking for an “Upgrade” option when right-clicking a project in Solution Explorer.
  2. Run the Upgrade: Right-click your project, select “Upgrade,” and follow the wizard to choose options like in-place upgrades (modifying the original project) or side-by-side upgrades (creating a copy). Select the target framework (e.g., .NET 8.0 or 9.0) and let the tool handle project file updates and code fixes.
  3. Review and Test: After the upgrade, review the generated report for any issues. Thorough testing is crucial, as some manual refactoring may be required, especially for ASP.NET to ASP.NET Core migrations.

Microsoft Build sessions have emphasized the tool’s ability to reduce migration time by automating repetitive tasks, with real-world examples showing successful upgrades of complex solutions. However, as noted in Build discussions, manual intervention is often needed for edge cases, such as unsupported APIs or third-party dependencies.

.NET Core Upgrade Assistant: Moving Between .NET Versions

For developers already on .NET Core or earlier .NET versions (e.g., .NET 5 or 6), the .NET Upgrade Assistant also supports upgrades to newer versions, such as .NET 8 or 9. This process is generally simpler than migrating from .NET Framework, as the project structure and APIs are more aligned. Key aspects include:

  • Target Framework Updates: The assistant updates the <TargetFramework> property in project files (e.g., from net6.0 to net9.0). This is often the only change needed for simple projects, as highlighted in Microsoft Build demos.
  • Dependency Resolution: The tool identifies and updates NuGet packages to versions compatible with the target framework, addressing security vulnerabilities or deprecated packages.
  • Code Assessment: Enhanced in 2024, the assistant’s code assessment features scan for potential issues at the source code level, providing a dashboard with issue severity and remediation effort estimates. This was a major focus at Build, showcasing how developers can pinpoint and resolve issues quickly.

For example, a Build session demonstrated upgrading a .NET 6 Razor Pages project to .NET 9, where the assistant updated NuGet packages like Microsoft.EntityFrameworkCore from version 6.0 to 9.0 and flagged a test failure for manual review. The process was completed with minimal manual changes, thanks to the tool’s automation.

GitHub Copilot in VS Code: Enhancing Upgrades

At Microsoft Build 2025, a significant highlight was the integration of GitHub Copilot with the .NET Upgrade Assistant, particularly through the “GitHub Copilot app modernization – Upgrade for .NET” extension. While this extension doesn’t yet support direct .NET Framework to .NET migrations, it excels at modernizing .NET Core projects and enhancing the upgrade experience in VS Code.

How Copilot Helps

  1. AI-Powered Guidance: Copilot analyzes your codebase and generates an upgrade plan, suggesting changes like updating target frameworks or modernizing APIs. It uses natural language prompts, allowing you to ask, “Upgrade my solution to .NET 9,” and it responds with a step-by-step plan.
  2. Automated Code Changes: Copilot applies transformations automatically, such as updating NuGet packages or refactoring code to use newer APIs. It commits changes to Git at each step, enabling easy rollbacks if needed.
  3. Learning from Manual Fixes: When manual intervention is required, Copilot learns from your changes and applies them to similar issues later, reducing repetitive work. This was showcased at Build with a demo upgrading a .NET 6 MVC project, where Copilot adapted to developer fixes in real time.
  4. Integration with VS Code: In VS Code, Copilot’s inline suggestions and chat interface make it easy to interact with the upgrade process. For example, you can enable Agent Mode, select the “Upgrade” tool, and let Copilot guide you through the process.

Getting Started in VS Code

To use Copilot for .NET upgrades in VS Code:

  1. Install Extensions: Ensure the GitHub Copilot and C# Dev Kit extensions are installed. A GitHub Copilot subscription is required.
  2. Enable Agent Mode: Go to the Copilot Chat window, select “Agent,” and choose the “Upgrade” tool.
  3. Start the Upgrade: Use a prompt like “Upgrade my project to .NET 9.” Copilot will analyze the project, apply changes, and provide a report with Git commit hashes and next steps.

Build sessions highlighted Copilot’s ability to reduce upgrade time by automating repetitive tasks and providing intelligent suggestions, though some limitations were noted, such as incomplete support for .NET Framework migrations.

Best Practices and Considerations

  • Backup Your Code: Always back up your project before running upgrades, as both the .NET Upgrade Assistant and Copilot make significant changes.
  • Test Thoroughly: Automated tools handle much of the process, but manual testing is essential to catch runtime issues, especially for complex applications.
  • Check Dependencies: Ensure third-party dependencies support the target .NET version. The assistant’s code assessment helps identify these issues early.
  • Leverage Community Feedback: Microsoft Build emphasized community contributions to the .NET Upgrade Assistant’s GitHub repository, where developers can report issues or suggest features.

Summary

Microsoft Build has positioned the .NET Upgrade Assistant as a cornerstone for modernizing .NET applications, offering robust tools for transitioning from .NET Framework to .NET Core and upgrading between .NET versions. The integration of GitHub Copilot in VS Code adds an AI-driven layer, making upgrades smarter and more interactive. Whether you’re using Visual Studio for a guided experience or VS Code with Copilot’s AI assistance, these tools empower developers to modernize their applications with confidence. As .NET continues to evolve, leveraging these assistants ensures your applications stay performant, secure, and ready for the future.

For more details, check out the .NET Upgrade Assistant on the Visual Studio Marketplace or explore Copilot’s capabilities at Microsoft Learn.


Feb28202528 February 202528 February 20250Commentby Gregor Suttie

Automating Deployment of Azure Policies using Bicep

Posted in Uncategorized

Introduction

This blog post is part of this years Azure Spring Clean an event which is ran to promote well managed Azure tenants. To achieve this, they have community driven articles that highlight best-practice, lessons learned, and help with some of the more difficult topics of Azure Management.

Azure Policy is a powerful governance tool that helps organizations enforce compliance across their Azure environments. By automating the deployment of Azure Policies using Bicep and the Azure Verified Modules (AVM) GitHub repository, you can ensure consistent policy enforcement while leveraging modular, reusable infrastructure as code.

This guide assumes you already have your environment set up in VS Code, including Bicep tooling and Azure CLI authentication.

Prerequisites

Before deploying Azure Policies with Bicep, ensure you have:

  • VS Code with the Bicep extension installed.
  • Azure CLI installed and authenticated (az login).
  • Bicep CLI installed (az bicep install if needed).
  • Git installed and cloned the Azure Verified Modules (AVM) repository.
  • Appropriate permissions to create and assign policies in Azure.

Deploying Policies to Management Groups and Subscriptions

Deploying policies at the management group level is a best practice for organizations that manage multiple subscriptions under a common governance framework. By applying policies at this higher level, you can ensure:

  • Consistency: Enforce compliance standards across all subscriptions within the management group without the need for redundant deployments.
  • Efficiency: Reduce operational overhead by managing policies centrally instead of applying them individually to each subscription.
  • Scalability: As new subscriptions are added to the management group, they automatically inherit the assigned policies, ensuring continuous compliance.

To apply policies at different scopes, use the following commands:

Deploying to a Management Group

$location = ‘West Europe’
$management-group-id = ‘mg-demo’

az deployment mg create \
  --management-group-id $management-group-id \
  --location $location \
  --template-file main.bicep \
  --parameters @parameters.json \
  --name MGPolicyDeployment

Deploying to a Subscription

az deployment sub create \
  --location eastus \
  --template-file main.bicep \
  --parameters @parameters.json \
  --name SUBPolicyDeployment

You can also check in the Azure Portal under Policy -> Assignments

Lets take a look at some example Azure Policies you may want to add to your management groups. In this example I would add them to a file called deployPolicyMg.bicep

targetScope = 'managementGroup'

@description('Policy Assignment Management Group - Allowed Locations')
module assignAllowedLocationPolicy 'policyAssignmentMg.bicep' = if (deployAllowedLocations) {
  name: 'AllowedLocations'
  params: {
    name: 'Allowed Locations'
    displayName: 'Allowed Locations'
    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
    location: primaryLocation
    identity: 'None'
    parameters:{
      listOfAllowedLocations: {
        value: allowedLocations
    }
  }
}
}

@description('Policy Assignment Management Group - ISO 27001-2013')
module assignIso27001Policy 'policyAssignmentMg.bicep' = if (deployIso27001Policy) {
  name: 'Iso27001'
  params: {
    name: 'ISO 27001-2013'
    displayName: 'ISO 27001-2013'
    policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2'
    location: primaryLocation
    identity: 'SystemAssigned'
    roleDefinitionIds: []
  }
}

@description('Policy Assignment Management Group - Azure Security Benchmark')
module assignAscPolicy 'policyAssignmentMg.bicep' = if (deployAzureSecurityBenchmark) {
  name: 'AzureSecurityBenchmark'
  params: {
    name: 'Azure Security Benchmark'
    displayName: 'Azure Security Benchmark'
    policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8'
    location: primaryLocation
    identity: 'None'
    roleDefinitionIds: []
  }
}

The above code example makes use of some variables which I add to a .bicepparameters file which would look like this:-

using './deployPolicyMg.bicep'

param deployAllowedLocations = true
param deployIso27001Policy = true
param deployAzureSecurityBenchmark = true


Lets take a look at some example Azure Policies you may want to add to a subscription. In this example I would add them to  a file called deployPolicySub.bicep
targetScope = 'subscription'

@description('Assign Policies to Subscription - Require an Owner tag on resource groups')
module assignReguireRgOwnerTagPolicy 'policyAssignmentSub.bicep' =  if (tagAtSubscriptionLevel && ownerTagResourceGroupsPolicy) {
  name: 'reguireRgOwnerTagPolicy'
  params: {
    name: 'Require an Owner tag on resource groups'
    displayName: 'Require an Owner tag on resource groups'
    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025'
    location: primaryLocation
    identity: 'None'
    parameters:{
      tagName: {
        value: ownerTagName
    }
  }
}
}

@description('Assign Policies to Subscription - Require a DeployedBy tag on resource groups')
module assignReguireRgDeployedByTagPolicy 'policyAssignmentSub.bicep' =  if (tagAtSubscriptionLevel && deployedByTagResourceGroupsPolicy) {
  name: 'reguireRgDeployedByTagPolicy'
  params: {
    name: 'Require a DeployedBy tag on resource groups'
    displayName: 'Require a DeployedBy tag on resource groups'
    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025'
    location: primaryLocation
    identity: 'None'
    parameters:{
      tagName: {
        value: deployByTagName
    }
  }
}
}

The code above is an example of how you could add Azure Policies into a subscription.

The above code example makes use of some variables which I add to a .bicepparameters file which would look like this:-

using './deployPolicySub.bicep'

param tagAtSubscriptionLevel = true
param ownerTagResourceGroupsPolicy = true
param deployedByTagResourceGroupsPolicy = true

Conclusion

By leveraging Azure Bicep and Azure Verified Modules, you can automate and standardize Azure Policy deployment efficiently. Start using AVM today to maintain governance and compliance effortlessly!


Jan0120251 January 20251 January 20251Commentby Gregor Suttie

Festive Tech Calendar 2024 YouTube Videos

Posted in Uncategorized

This year’s Festive Tech Calendar videos are available on YouTube with the link to the playlist.

A huge THANK YOU to everyone who took part, has watched the videos and learned and especially those who also donated to this years charity – thanks from all of us at the Festive Tech Calendar team!

Day 1

Day 2

Day 3

Day 4

Day 5

Day 6

Day 7

Day 8

Day 9

Day 10

Day 11

Day 13

Day 14

Day 15

Day 16

Day 17

Day 18

Day 19

Day 20

Day 21

Day 22

Day 23

Day 25

Day 26

Day 27

Day 28

Day 29

Day 30

Day 31

This year’s Festive Tech Calendar videos are available on YouTube with the link to the playlist.


Dec30202430 December 202430 December 20241Commentby Gregor Suttie

Get TenantId for any Azure Subscription

Posted in Uncategorized

How I Used GitHub Copilot to Write a PowerShell GUI for Azure Tenant ID Lookup

When tasked with creating a PowerShell GUI to retrieve the Azure Tenant ID for any subscription, I decided to rely entirely on GitHub Copilot. Here’s how I did it—without manually writing a single line of code myself. (repo -> https://github.com/gsuttie/getTenantIdFromAzureSubscriptionId)

Setting Up

  1. Open Visual Studio Code: My preferred development environment. I enabled GitHub Copilot for code suggestions.
  2. Define Goals:
    • A user-friendly GUI for inputting an Azure Subscription ID.
    • Backend logic to retrieve the Tenant ID using Azure PowerShell.
    • Automatically generate inline documentation and a comprehensive README file.

Prompting GitHub Copilot

  • I started by creating a new PowerShell file and inputting the following prompt for Copilot:Create a PowerShell script for a GUI that accepts an Azure Subscription ID, retrieves the Tenant ID using `Get-AzSubscription`, and displays it. Include inline comments and generate a README.
  • I then tweeked the prompt a few times and the end result can be found in the following GitHub repo

Documentation and README

I added another comment to the script:

Generate a README file explaining the purpose of this script, its usage, prerequisites, and examples.

Copilot produced a structured README covering:

  • Purpose: Explaining the script’s function.
  • Usage: Step-by-step instructions on running the script.
  • Prerequisites: Details about Azure PowerShell modules and authentication requirements.
  • Example: A sample input and output demonstration.

Testing and Tweaking

I tested the script on a sample Azure environment. While functional, the GUI layout needed minor adjustments. I prompted Copilot with:

Improve the alignment and spacing of GUI elements.

This fine-tuned the interface, making it visually cleaner.

Final Output

With GitHub Copilot, I:

  • Built a functional PowerShell GUI to retrieve Azure Tenant IDs.
  • Included inline comments and documentation.
  • Generated a detailed README without writing any code manually.

Summary

GitHub Copilot significantly accelerated the development process. While it handled 95% of the work, reviewing and testing were key to ensuring functionality and usability. This approach is ideal for tasks where speed and automation are priorities.


Tags:

Nov29202429 November 202429 November 20240Commentby Gregor Suttie

Bicep snippets using Azure Verified Modules

Posted in Uncategorized

This blog is about listing the posts I have that demo using Bicep with code snippets for various different scenarios.

The list of snippets below makes use of the Azure Verified Modules GitHub repo from Microsoft.


Nov29202429 November 202429 November 20241Commentby Gregor Suttie

Azure Quick Review (azqr): A Practical Overview

Posted in Azure, Bicep

If you’re managing resources in Azure, you’ve likely faced challenges around optimizing and securing your cloud environment. Azure Quick Review (azqr), an open-source tool from Microsoft, is a straightforward solution that can help you quickly assess your Azure environment and highlight potential issues. Here’s why azqr is so useful for your day-to-day cloud operations.

What is Azure Quick Review (azqr)?

Azure Quick Review is a command-line tool designed to simplify the assessment of your Azure subscriptions and resources. It’s available on GitHub (https://github.com/Azure/azqr) and provides an automated way to perform a high-level analysis of your Azure infrastructure. The main goal is to offer you insights into security, compliance, performance, and cost-related aspects of your Azure resources, all in a digestible format.

Why Use Azure Quick Review?

Managing Azure resources manually can become cumbersome, especially when your cloud footprint is growing. Azure Quick Review offers several practical benefits:

  1. Automated Assessments

azqr automates the assessment process for your Azure environment. Instead of manually checking each resource’s configuration, you can use azqr to perform comprehensive evaluations in minutes.

It covers key Azure resources like virtual machines, SQL databases, storage accounts, and more.

  1. Consistent, Standardized Reviews

One of the main issues with manual audits is inconsistency. Azure Quick Review brings a standardized approach to your resource analysis. It ensures that each assessment follows the same set of guidelines and best practices, which is particularly helpful when working in teams.

  1. Focus on Security and Compliance

Azure Quick Review evaluates the security posture of your resources by flagging configuration issues. It checks for vulnerabilities, like public endpoints where they shouldn’t be, or missing network security groups (NSGs).

You can use azqr to ensure your deployments comply with organizational policies or regulatory requirements. Its output can be a handy guide to tightening security gaps in your Azure setup.

  1. Cost Optimization Insights

As your Azure usage grows, so does the likelihood of mismanagement and unnecessary costs. azqr highlights resources that could be over-provisioned or underutilized, offering you potential cost-saving opportunities.

The report can help identify expensive configurations and unused resources that can be scaled back or shut down.

  1. Quick, Readable Reports

Azure Quick Review outputs the analysis in a clear and accessible format. The results include color-coded indications of areas needing attention and a summary that prioritizes key actions.

Reports generated by azqr are ideal for sharing with stakeholders or for keeping as a quick reference.

  1. Easy to Set Up and Use

Installation is simple. You can install azqr via Python’s pip, and from there, it’s easy to integrate into your existing workflows. If you already use command-line tools for Azure, azqr feels like a natural extension of that.

How to Get Started with azqr

Getting started is straightforward:

  • Installation: First, clone the GitHub repository or install it via pip (pip install azqr).
  • Running the Tool: You can use azqr commands to scan specific subscriptions or resource groups. The CLI provides flexibility to focus on exactly what you need.
  • Reviewing Results: Once complete, you get a summary report highlighting potential security gaps, compliance issues, and opportunities to optimize your resources.

For more details, check out the GitHub page: Azure Quick Review on GitHub

When Should You Use azqr?

Azure Quick Review is particularly useful in several scenarios:

  • Periodic Audits: Use azqr to conduct regular reviews of your Azure environment to ensure compliance and security standards are up to date.
  • Pre-Deployment Checks: Before making new services live, azqr can be used to review configurations and spot potential issues.
  • Cost Management Exercises: Regularly run azqr to help with cost audits, identifying waste or unnecessary spending.

Report

Here is what the report looks like, you get a list of Recommendations, ImpactedResources, ResourceTypes, Inventory, Advisor, Defender, Costs and Pivot Table tabs.

Summary

Azure Quick Review (azqr) is an invaluable tool for Azure users who want to stay on top of resource management without spending hours on manual reviews. It’s straightforward to use, delivers consistent insights, and helps you optimize both costs and security across your cloud environment. By incorporating azqr into your routine, you can gain a clearer understanding of your Azure resources and keep your deployments running efficiently and securely.


Oct28202428 October 202428 October 20241Commentby Gregor Suttie

Deploying a Log Analytics Workspace Using Azure Verified Modules

Posted in Bicep

Deploying a Log Analytics Workspace using Azure Verified Modules (AVM) with Bicep is a streamlined process that leverages the standardized practices of the Azure infrastructure-as-code framework. Here’s a concise guide on how to set up your workspace using the AVM project on GitHub:

The following is example Bicep code, I will let you create the resource group yourself and figure out the tags.

// Log Analytics Parameters
param logAnalyticsSkuName string = ‘PerGB2018’
var logAnalyticsName = ‘law-demo’

@description(‘Log Analytics Daily Quota in GB. Default: 1GB’)
param logAnalyticsDailyQuotaGb int = 1

@description(‘Number of days data will be retained for.’)
param logAnalyticsDataRetention int = 365

//MARK: azureLogAnalytics
@description(‘Deploy Azure Log Analytics’)
module logAnalytics ‘br/public:avm/res/operational-insights/workspace:0.7.0’ = {
scope: resourceGroup(rgLogAnalyticsDemo)
name: ‘logAnalyticsDemo’
params: {
name: logAnalyticsName
skuName: logAnalyticsSkuName
location: location
dailyQuotaGb: logAnalyticsDailyQuotaGb
dataRetention: logAnalyticsDataRetention
tags: tags
}
}

The use of Azure Verified Modules ensures that your infrastructure as code practices align with Microsoft’s standards, simplifying maintenance and scalability concerns. This approach not only streamlines the deployment process but also enhances the security and reliability of your Azure resources.

For more detailed instructions and to view the exact Bicep configurations, visit the GitHub repository pages for Azure Verified Modules and Bicep Registry Modules. These resources will provide you with up-to-date code examples and further details on customizing your deployment.