Category: Azure

Top 20 Azure Influencer’s

I was thrilled to learn that I’ve been included on Nigel Frank International’s list of the 20 best Microsoft Azure influencer’s on Twitter.

The line-up was revealed earlier this week, and highlighted a broad cross-section of people from around the world who’ve made a name in the Azure sphere in one way or another.

Included are a host of Microsoft MVPs and personnel, from the firm’s CTO Mark Russinovich and Regional Director Carsten Rachfahl to prolific bloggers, speakers and independent voices in the Azure community, such as Jennelle Crothers and Joanne Klein.

I’m delighted to be included alongside such esteemed professionals, and huge congratulations to everyone who made the list.

 

 

 

 

 

 

To read the full article, follow this link: https://www.nigelfrank.com/blog/top-20-microsoft-azure-influencers-on-twitter/

 

 



Azure Security Exam – AZ-500 Study plan

This is my study plan for October for the Azure AZ-500 exam

I’ll be using the EDX course pretty much on its own, did this for the AZ-400 Azure Devops exam and we will see how that goes.

Week 1 – Manage identity and access (20-25%) – Studied for it first week in October.
Week 2 – Implement platform protection (35-40%) – Studied for it second week in October.
Week 3 – Manage security operations (15-20%)
Week 4 – Secure data and applications (30-35%)

Sit the exam

Week 1 – At the end of week 1 I have went through the entire section on https://openedx.microsoft.com/courses/course-v1:Microsoft+AZ-500.0+2019_T2/course/ for the Manage and Identity Access section.



Azure Security articles in September

I decided to make September a month of Azure Security learning for myself, the following is a list of existing articles and also new security articles which I have written: –

  • Azure Policies – Learn what they are and why they are super useful and super easy to setup.
  • Azure Managed Service Identity – Managed Service Identity allows you to securely access your Azure resources and avoid storing credentials in your code.
  • Azure Role-Based Access Control – Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources.
  • Azure KeyVault – The Azure KeyVault Service is where you store certificate keys, passwords and more instead of having them stored within your application.
  • Azure Devops Open Source Scan your code – Scan your code for open source vulnerabilities and learn whats out of date within your project and also what vulnerabilities those versions may contain.
  • Azure Devops – Secure DevOps Kit for Azure (AzSK) – The “Secure DevOps Kit for Azure” is a collection of scripts, tools, extensions, automation’s, etc. that caters to the end to end Azure subscription and resource security needs for dev ops teams using extensive automation and smoothly integrating security into native dev ops workflows helping accomplish secure dev ops.
  • Intro to Azure Security –  “Introduction to Azure Security”, is written to provide a comprehensive look at the security available with Microsoft Azure.
  • Azure security documentation – everything you wanted to know about security within Azure.
  • Azure Api Management using Okta to secure using OAuth 2.0 – use Okta to secure your Api’s within Azure API Management

Enjoy!



Azure Api Management using Okta to secure using OAuth 2.0

This blog post will cover how to move an existing or new api into Azure API Management and then secure it using Okta.

 

Okta – “The Okta Identity Cloud provides secure identity management with Single Sign-On, Multi-factor Authentication, Lifecycle Management (Provisioning), and more”.

I had access to a development tenant within Okta which looks something like this:-

 

 

 

 

 

 


I created a new application and called it ‘Azure API Management’ and chose Web as the platform and OpenID Connect as the sign on Method like so: –

So now we have filled this out we can go back and edit it and see the screen which shows us important details including Client ID, Secret and Login redirect URI’s, all of which are important details in order to get this working.


Azure API Management

Within Azure, create a new instance of Azure API Management and once this has been created go down on the left hand menu and under Security select OAuth 2.0 and then select Add, I gave it the name Okta.

The client registration url is important here, you can find yours within your new Application within Okta, under the SignOn tab, look for the section that says OpenID Connect ID Token.

The other details which are very important are as follows (in red)

and further down that screen where you see the ClientID and Client Secret: –


That’s it for Azure, so let’s switch back to Okta.

Now we need to check the Sign On tab and take a note of some important settings

 

 

 



 

At this stage we haven’t added any API’s to Azure API management, so let’s do that by following this excellent example: – https://docs.microsoft.com/en-us/azure/api-management/import-and-publish

Once you have imported an api you can test it a number of ways including using tools like postman, but you can also use the API Management developer portal which you can launch from your Azure API Management Instance back in Azure seen in the link below: –


Now that we have the Developer Portal open, select API’s from the header and then click on the API you imported in a previous step.


Click the Try it Button

So to check things are talking to Okta to try to get a token, we need to change the drop down under the Authorization section and change it from No auth to Authorization code. This will attempt to go off to Okta and you should see a Login prompt to Okta.

 

 

Once you enter details and click Sign in if all is setup correctly you’ll know see something like this:-

Now we have a bit saying when the access token will expire and also at the bottom it shows lots of **** for where the access token is added but hidden.

Other things of note

I had to create/edit an assigment (user) within Okta because I was setup with a username – so under assignments within your Application make sure users have a username setup.

Note
The important part here is that you can access api’s in API management and by default they’ll always just work, the trick is to make them request an Okta token. In bound policies are the magic th

Lastly we need to add whats called an in-bound policy to check the token is valid – otherwise the calls will always succeed with or without using Okta.

To add an in-bound policy go to your Azure API instance within Azure, then the developer portal and select your api and then select All operations (or the api call you wish to secure) and then select Inbound processing like so:-

Here we have several options for the inbound policy and in this example I chose validate JWT and filled it out as below: –

You can read more here on API management policies.

And that is how you go about integrating Okta with Azure API Management.

Feel free to get in touch if you have any questions.



Introducing the 2019 Azure Advent Calendar

In December, myself and Richard Hooper (aka @pixel_robots) will be hosting the 2019 Azure Advent Calendar.

The idea is that every day in December a member of the Azure community will have the chance to showcase their Azure knowledge by recording a video of 20-30 minutes in length and having it listed on the website, on the day that they have reserved a slot.

Here are the Azure Advent Calendar rules:

Share your post on Twitter with hashtags #azurefamily and #azureadventcalendar

Please spread the word and if it fills up we can open up more slots.

Thank you from Richard and Gregor.



Azure Exam Study Guide

The following, is how I go about preparing for an Azure exam which I want to study for. Hopefully this will give you an idea into how I prepare for any Azure exam.

Lets use the AZ-500 Azure Security exam as an example since this is what I will be studying for going forward.

Step 1
Locate the actual Microsoft exam page which contains all the info on the actual exam: –

https://www.microsoft.com/en-us/learning/exam-az-500.aspx

I start by reading through this carefully, checking this page regularly whilst studying for it so that nothing has changed, as this can happen so remember to check back often.

Step 2
I then make a OneNote page of all the Skills being Measured like so:-

  • Manage identity and access (20-25%)
  • Implement platform protection (35-40%)
  • Manage security operations (15-20%)
  • Secure data and applications (30-35%)

This exam looks to be well spread out across all 4 areas. SO now I will take each skill being measured and then copy this into my OneNote page.

Step 3
Now I will go and find links on docs.microsoft.com for each of the skills being measured.

Tip
:- Some people may already have done this so google for AZ-500 exam study guides and use them if you prefer doing that. my twitter friends https://twitter.com/Pixel_Robots and https://twitter.com/tamstar1234 both have excellent study guides on a number of exams.

Step 4
I search for online training on Edx, Udemy, Pluralsight etc and read the reviews, of late I have solely used Edx, as those courses are specifically written with the exam skills being measured in mind (straight to the good stuff). If I want a more rounded course I’ll also check out Udemy and Pluralsight etc.

Step 5
I take notes as I go and pop the main themes and big picture content into my OneNote page for brushing up just before my exam.

Step 6
I have a calendar above my monitor at home and I plan out the end goal for each section with a rough idea of when I hope to have the section completed by.

Step 7
Finish off the course and then I look for practice exams, I’ve used Whizlabs for the AZ-400 which was great, I’ve used Udemy for the Az-100, 200 and 300 exams. Anything I get wrong or just don’t understand I’ll review and try to find other resources, maybe Microsoft Learn or other resources.

Step 8
Once I am getting 80% or above in the practice tests I book the exam soon after it and take it.

I have done this on the last 4 or 5 exams I’ve sat and it works for me, it might work for you it might not.

Notes
I spend 2 hours a night studying for the exam 5 or 6 nights a week, it took a lot of dedication and hard work, not everyone has that time, I made time, I stopped doing some stuff as I wanted to learn, I get it, its not for all.
I am happy to help, give advice to anyone looking for it with the exams, good luck with sitting your exam and hopefully someone find this useful.

 

 

 



Learning Azure, becoming an MVP, failure and more

18 months ago I decided to learn Azure, it was about time I learned some cloud skills (Azure for me). The following is a quick run through of my journey to where I am now, I’m really just getting started but in reflection happy with where I am heading, always to remember to invest in yourself.

I work full-time at Sword IT in Glasgow, Scotland and have had some hands on time with Azure through work, couple of projects have helped me learn. I’ve managed to help our company get more in the way of Gold certifications this year which has been pretty cool, that means we get more benefits as a company, something I am proud of.

When trying to start learning Azure, its easy to get lost in the enormity of the platform, being a dev, I decided to take a look around and formulate a plan for learning Azure. It soon became clear that the best for way me to learn something new is to work towards a goal, so my first goal was to sit and hopefully pass an Azure exam. Goals are important for me as it means I have a plan and can work towards achieving something.

Recently I have had a number of people reach out to me asking how I went about it, what tips can I give them and how did I go about learning Azure and passing exams etc.

Which exam would I start with, and which exam should you start with? –  well that depends on your experience and background, its not the same for everyone but here are my thoughts and how I went about it.

I have a blog title Azure Exam Study Guide which describes my method for studying for Azure exams.

I looked for resources to start learning Azure and read a fair bit to get me started, not too long after that I saw a blog post announcing the AZ-100 beta exam, which was only going to cost me £27 ,the problem was if I recall correctly, I had 2 weeks before the beta closed to sit the exam, it may have been a month but it wasn’t long. I created a OneNote page with all of the links and notes I took whilst I went about my study, for this exam I set a learning goal of 2 hours per night studying. I found some very handy Udemy courses from Scott Duffy and went through the entire course end to end and booked the exam. I sat my very first Azure exam (actually my first Microsoft exam since the days of the MCSD exams) so it had been a while.

I failed the exam with a score of 671 out of 1000 (passing score was 700), for me this just whet my appetite and if you know me learning is my thing. Six days later I sat the AZ-101 beta exam and again failed with 655 out of 100 (passing score was 700). Taken 2 exams and failed them both, bummer you might say, nope, I had learned a serious amount from where I had came from and was loving learning all about Azure. Read more about

At this point the burning desire to learn was there, nothing was gonna stop me from passing my first Azure exam, I kept studying even though I knew these 2 exams weren’t really my cup of tea, I didn’t have much hands on experience of the content and I struggled with Azure Networking at the time.

Fast forward 2 months and the Azure Architect Beta exams (AZ-300 and AZ-301) were announced and I thought lets give them a go, I had been studying relentlessly for 2 hours a night every single night, when I say I didn’t even watch television I really didn’t watch any at all, I wanted to pass the Architect exams. I sat both, failed the AZ-300 and passed the AZ-301, I actually thought that I would pass AZ-300 and fail AZ-301, but who cares I had passed an Azure Architect exam (which does cover a lot) my studying was paying off, I had spent a lot of time doing hands on labs, finding the best resources, it was sinking in now, where previously in the other 2 exams I was still unsure to an extent.

Let me say one thing, the feeling of passing your exam is worth all of the hard work, I was super delighted and just wanted to keep going.

Crazy as this sounds I sat the 2 Developer beta exams 3 and 4 days later, I have a dev background, I had been using Azure on a project at work building a distributed system with these tools, I sat both exams and passed them both, I was now a certified Azure Developer, badge and all.

Not long after that I sat the Azure Devops exam AZ-400, Devops was something I had done in a lot of previous jobs and I had a lot of experience with numerous tools. I sat the Azure Devops beta exam and failed with 685 out of 1000 (passing score was 700), man that hurt! – I didn’t put the effort in, I spent time studying but after sitting the exam realised what I had been studying wasn’t the right material, I got lazy basically, didn’t do my homework correctly by carefully looking at the Microsoft exam page and going over each link carefully on places like docs.microsoft.com, lesson learned. I passed the exam after taking some time off from studying, I was officially burned out from 2 hours a night for 3-4 months.

In the end I had sat 9 exams in just under 4 months, crazy yeah, not a great idea in retrospective but when you fail an exam the burning desire to pass and learn more, took over for me.

MVP
All whilst this was happening I had been nominated for the MVP award (I wrote about that here) and I’ll move onto cover what I was doing for that, I’ve covered all of this before in previous blog posts, which I will leave you to find but here’s a list of a few of the main things I was also up to whilst studying.

My advice for people looking to become an MVP is think of ways you can help the community, not just blogging, go further, do more, you’ll learn a lot, you’ll grow as a person by being uncomfortable, push yourself and you’ll be rewarded in many way’s.

I’ve been lucky enough to been asked on podcasts, asked to do training videos, write books, I’ve met Scott Guthrie and a lot more just from being active in the community. Follow more people on twitter, honestly grow your network.

Next up, I don’t share my goals, I have a few still to attain this year and next year is when I’ll start looking at doing more talks.

I have a lot of people to thank for where I have gotten to but I have thanked them all personally or online as I haven’t met them yet, going to Ignite and the MVP Summit I hope to meet many more and also thank them personally.

Hard work pays off.

  • You can find all of posts on Azure here
  • You can find all about the Azure exams here

Please feel free to reach out to me on LinkedIn or Twitter, happy to mentor anyone if I can with anything I can.



Azure Cost Management – 8 tools to help optimise spending and maximise potential in the cloud

Hi folks, earlier this month I wrote an article about Azure Cost Management for Nigel Frank International who are a global leader in Microsoft Recruitment, if you want to learn all about Azure Cost Management you can read my article on 8 tools to help optimise spending and maximise potential in the cloud

I hope you find this article useful and as always leave feedback below.



How to Use The Azure KeyVault Service

The Azure Key Vault Service is where you store certificate keys, passwords and more instead of having them stored within your application.

Reducing the chance that application secrets can be leaked is always a good thing, don’t store things like access key’s and usernames and passwords in your application config files etc. – Azure Key Vault is where you will want to store these types of secrets.

Here is a quick list of things you can use Azure Key Vault for:-

  • Certificate Management
  • Secret Management
  • Key Management

A good example of ways to improve existing code is say you have a connection string to SQL Server and you have hard-coded this connection string to use the username and password of an account to gain access to the data held within your SQL Database (back in the day this was fairly common), even encrypting the connection string isn’t as secure as it could be. Changing the code to store the connection string inside Azure Key Vault is one idea (there are a few available), this way you can lock down who can see the connection string, so that people wont be able to get access to the database unless they have the rights to read the connection string from Azure Key Vault (this is just a very simple example).

Other useful things you can use Azure Key Vault for is to create and therefor control encryption keys, instead of doing this manually you can leverage Azure Key Vault functionality to do this on your behalf,  and you can also provision and manage SSL Certificates which is extremely useful.

With Azure Key Vault you can control access to the Vault using policies. This means you decide who can do things like read, write, edit secrets and keys stored within the KeyVault.

Azure Key Vault can be integrated with a number of services including: –

  • Sql Server
  • Azure Functions
  • Azure Web Apps and many more

To read more about Azure Key Vault here is a link to the official documentation.



How to Use The Azure Traffic Manager

Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

What this mean is that you can distribute the traffic your web application receives across different regions throughout the world and this is a great Azure feature – other features like the Azure Load Balancer and Application Gateway cant distribute traffic across regions.

Azure Traffic Manager has a number of routing methods and its important to know the options available and what you can use them for: –

  • Priority: Use Priority when you want to use a primary service endpoint for all traffic, and provide backups in case the primary or the backup endpoints are unavailable.
  • Weighted: Use Weighted when you want to distribute traffic across a set of endpoints, either evenly or according to weights, which you define.
  • Performance: Use Performance when you have endpoints in different geographic locations and you want end users to use the “closest” endpoint in terms of the lowest network latency.
  • Geographic: Use Geographic so that users are directed to specific endpoints (Azure, External, or Nested) based on which geographic location their DNS query originates from. This empowers Traffic Manager customers to enable scenarios where knowing a user’s geographic region and routing them based on that is important.
  • Multivalue: Use MultiValue for Traffic Manager profiles that can only have IPv4/IPv6 addresses as endpoints. When a query is received for this profile, all healthy endpoints are returned.
  • Subnet: Use Subnet traffic-routing method to map sets of end-user IP address ranges to a specific endpoint within a Traffic Manager profile. When a request is received, the endpoint returned will be the one mapped for that request’s source IP address.

A good example of why Traffic Manager is super awesome, lets say you have your web app running in the North Europe region,  all users get directed to this region, what would happen if this region were to go down, not good! – with Traffic Manager you could have a second region (lets say UK South for this example) which has a copy of the web application and If the first region (North Europe) were to go down then Traffic manager would move all of your traffic to the second region meaning your website stays up and running, your users stay happy and bingo, now you have a highly available web application, this is known as performing a failover, also note your now paying for both regions but you have the added reliability and high availability your users may demand.

On a project at work we had a requirement which was basically make the website responsive to users around the globe, one way to aid in this is to use Traffic Manager and implement the Performance routing method, we had a copy of the web application deployed to 3 or 4 regions and when users would hit the website they would be directed to their nearest region which helps with faster response times.

You can read the official documentation on Azure Traffic Manager for lots more information.