Category: Azure

How to Use Azure Managed Service Identity

In this blog post I will cover Azure Managed Service Identity covering the basics for what you should know regarding this feature in Azure.

Managed Service Identity allows you to securely access your Azure resources and avoid storing credentials in your code like to access these resources, think of things like adding access keys to storage accounts as an example, this is bad practice and you certainly don’t want to add them to your code bas to be checked into git for example.

You can create service identities for a number of Azure resources already and more are coming, examples of the resources you can create service identities include the following: –

  • Azure Virtual Machines
  • Azure Virtual Machine Scale Sets
  • Azure App Service
  • Azure Functions
  • Azure Logic Apps
  • Azure Service Bus
  • Azure Event Hubs
  • Azure API Management
  • Azure Container Instances
  • Azure Container Registry Tasks

If you have some code that needs to access a storage account and you have added the access key to the code in order to access the storage account (please never do this its very bad practice and someone might gain access to your storage account if you do this), perhaps you’ve even moved the access key into Key Vault which is another option,  well you could even go a step further and improve security even further.
To do this you can take advantage of managed service identities and instead of using an access key you use a temporary access token, which is generated at run-time. This can then be used to assign role based access control for other resources.

The managed identity for the resource is generated within Azure AD.

Managed Identities come in 2 forms: –

  • System-assigned managed identity (enabled on an Azure service instance)
  • User-assigned managed identity (Created for a stand alone Azure resource)

You can learn more from the docs.

 



How to Use Azure Role Based Access Control

When it comes to Azure Security there are several options available, in this blog post I’ll cover Role Based Access Control (RBAC for short).

RBAC is about giving access to Azure resources at a granular level, you can give access to the Subscription all the way down to just a single resource within a subscription. This is perfect if you have the scenario where you have a lot of Azure resources and you may just want to give someone access to just a Virtual Machine or maybe just read-only access to say a storage account.

Azure has built in Roles which you can assign to users, the most common of these roles are as follows: –

  • Owner – Has full access to all resources including the right to delegate access to others.
  • Contributor – Can create and manage all types of Azure resources but can’t grant access to others.
  • Reader – Can view existing Azure resources.
  • User Access Administrator – Lets you manage user access to Azure resources.

You can also create your own custom roles which can be made of different access.

RBAC works when assigned against what’s known as a Security Principal in other words a User, Group, Service Principal or a Managed Identity.

RBAs is made of role definitions and these have action which are assigned to the role definition, an example of this would be say Billing Reader, this allows the user read access to Billing Data. The list of roles are seen below: –

 

 

The last thing we need to touch on is the Scope that the RBAC can be assigned, this can take the form of the following: –

  • Management Group Level
  • Subscription Level
  • Resource Group Level
  • Resource Level

At work we normally give people in the project Contributor access to a Resource Group or Groups and normally one, maybe two at most are Owners of the Subscription. If we wish to give some one read-only access to view resources then we make them a Reader.

If we are working on a project and want to give a new dev Contributor access to a Resource Group, then I would log in as an Owner and then find the subscription, chose the subscription and then select Access Control (IAM), and then Add a Role Assignment.

You can also setup alerts when an Owner gives some other user access to your Azure resources if required.


Tags:


Azure Resource Locks

Azure resource locks will at some point save your bacon, it will trust me.
If you want to stop people being able to delete a development resource when they think it’s no longer being used, or more importantly on production resources so that they cannot be deleted (until the lock is deleted), then Azure locks are your friend

Azure Resource Locks are often over looked, most people know about them but never implement them, its always a good idea to use them, so what are you waiting for?

They can be applied at different levels ranging from the Resource Group (think of a folder where your Azure resources reside), down the individual resources themselves.

If there are a few people in your organisation that have one of the roles where they have access privileges to delete resources then Azure resource locks might be something to look into further.

To add a Resource Lock to any resource, simply locate the resource and then click on Locks as per below

As you can see, there are 2 different types of resource locks: –

  • Read-Only – means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
  • Delete – means authorized users can still read and modify a resource, but they can’t delete the resource.

So how do locks actually work?

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.
Unlike role-based access control, you use management locks to apply a restriction across all users and roles.

You can read up more on Azure Locks from the documentation. Go add locks to your production resources just in case, better to be safe than sorry.



Scottish Summit 2020

On February 29th 2020, we are hosting a brand new, FREE event here in Scotland, UK which is called the Scottish Summit which will have several tracks running.

We are bringing over 60 sessions to you covering multiple tracks as per below:-

  • Dynamics for Customer Engagement
  • Azure
  • Big Data
  • Power Platform
  • Microsoft ERP
  • Personal Development
  • SharePoint
  • Office 365

The call for speakers page is already up and running with a number of great sessions already submitted, if you’d like to talk at this event then please submit your talk.

To find out more about the event you can view the website and see the list of speakers.

I am giving  a talk titled “Super charge your Azure learning” where I will cover how I have learned Azure and go over all the very best resources I have came across in the last 18 months of learning Azure. This talk will be for all levels, people getting started, people who know some Azure and want to learn a bit more, right up to Azure experts who might want to branch out their learning into new areas.

Topics will include:-

  • Getting started learning Azure
  • Azure Services
  • Azure Devops
  • Exams
  • And much more

If you wish to attend then grab your FREE ticket – hope to see you there!



Azure Architect Expert Study Notes

The following is a quick and dirty list I made for the Architect exams so that I could read them quickly before the exam itself. This is mostly for the AZ-302 but good to know regardless of what exam your doing.

  • Blob Storage is NOT for storing Virtual machine vhd files, blob storage is for block blobs and append blobs and not page blobs)
  • You can use Traffic Manager to sit above 2 virtual machines and register endpoints, if one of the region goes down the other stays up.

The following traffic routing methods are available in Traffic Manager:

  • Priority: Select Priority when you want to use a primary service endpoint for all traffic, and provide backups in case the primary or the backup endpoints are unavailable.
  • Weighted: Select Weighted when you want to distribute traffic across a set of endpoints, either evenly or according to weights, which you define.
  • Performance: Select Performance when you have endpoints in different geographic locations and you want end users to use the “closest” endpoint in terms of the lowest network latency.
  • Geographic: Select Geographic so that users are directed to specific endpoints (Azure, External, or Nested) based on which geographic location their DNS query originates from. This empowers Traffic Manager customers to enable scenarios where knowing a user’s geographic region and routing them based on that is important. Examples include complying with data sovereignty mandates, localization of content & user experience and measuring traffic from different regions.
  • Multivalue: Select MultiValue for Traffic Manager profiles that can only have IPv4/IPv6 addresses as endpoints. When a query is received for this profile, all healthy endpoints are returned.
  • Subnet: Select Subnet traffic-routing method to map sets of end-user IP address ranges to a specific endpoint within a Traffic Manager profile. When a request is received, the endpoint returned will be the one mapped for that request’s source IP address.

App Service plan pricing Tiers

There are a few categories of pricing tiers:

  • Shared compute: Free and Shared, the two base tiers, runs an app on the same Azure VM as other App Service apps, including apps of other customers. These tiers allocate CPU quotas to each app that runs on the shared resources, and the resources cannot scale out.
  • Dedicated compute: The Basic, Standard, Premium, and PremiumV2 tiers run apps on dedicated Azure VMs. Only apps in the same App Service plan share the same compute resources. The higher the tier, the more VM instances are available to you for scale-out.
  • Isolated: This tier runs dedicated Azure VMs on dedicated Azure Virtual Networks, which provides network isolation on top of compute isolation to your apps. It provides the maximum scale-out capabilities.
  • Consumption: This tier is only available to function apps. It scales the functions dynamically depending on workload. For more information, see Azure Functions hosting plans comparison

Logic Apps

TO enable high throughput on a Logic App you can go to workflow settings and then choose High Throughput and click ON, this allows up to 300,000 executions every 5 minutes.

App Service Plans

The basic App Service Plan doesn’t support auto-scaling


Create a Linux virtual machine with Accelerated Networking

To create a Windows VM with Accelerated Networking, see Create a Windows VM with Accelerated Networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types. The following picture shows communication between two VMs with and without accelerated networking


Azure Migrate

Migrate databases to Azure with familiar tools

Azure Database Migration Service integrates some of the functionality of our existing tools and services. It provides customers with a comprehensive, highly available solution. The service uses the Data Migration Assistant to generate assessment reports that provide recommendations to guide you through the changes required prior to performing a migration. It’s up to you to perform any remediation required. When you’re ready to begin the migration process, Azure Database Migration Service performs all of the required steps. You can fire and forget your migration projects with peace of mind, knowing that the process takes advantage of best practices as determined by Microsoft.

Note: Using Azure Database Migration Service to perform an online migration requires creating an instance based on the Premium pricing tier.


Types of storage accounts

Azure Storage offers several types of storage accounts. Each type supports different features and has its own pricing model. Consider these differences before you create a storage account to determine the type of account that is best for your applications. The types of storage accounts are:

  • General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables. Recommended for most scenarios using Azure Storage.
  • General-purpose v1 accounts: Legacy account type for blobs, files, queues, and tables. Use general-purpose v2 accounts instead when possible.
  • Block blob storage accounts: Blob-only storage accounts with premium performance characteristics. Recommended for scenarios with high transactions rates, using smaller objects, or requiring consistently low storage latency.
  • FileStorage (preview) storage accounts: Files-only storage accounts with premium performance characteristics. Recommended for enterprise or high performance scale applications.
  • Blob storage accounts: Blob-only storage accounts. Use general-purpose v2 accounts instead when possible.

Azure Functions ARR affinity

If you create azure functions as part of the Basic app service plan, you can enable ARR Affinity which basically allows support for sticky sessions.

Azure App Service Access Restrictions

Access Restrictions enable you to define a priority ordered allow/deny list that controls network access to your app. The list can include IP addresses or Azure Virtual Network subnets. When there are one or more entries, there is then an implicit “deny all” that exists at the end of the list.

Auto Swap Staging Slots (Auto Swap isn’t supported in web apps on Linux.)

VNet Peering – connecting VM’s within the same Azure Region

Global VNet Peering – connecting VM’s across Azure Regions

Choose between Azure messaging services – Event Grid, Event Hubs, and Service Bus

Comparison of services

Service Purpose Type When to use
Event Grid Reactive programming Event distribution (discrete) React to status changes
Event Hubs Big data pipeline Event streaming (series) Telemetry and distributed data streaming
Service Bus High-value enterprise messaging Message Order processing and financial transactions

Event Grid

Event Grid is an eventing backplane that enables event-driven, reactive programming. It uses a publish-subscribe model. Publishers emit events, but have no expectation about which events are handled. Subscribers decide which events they want to handle.

Event Grid is deeply integrated with Azure services and can be integrated with third-party services. It simplifies event consumption and lowers costs by eliminating the need for constant polling. Event Grid efficiently and reliably routes events from Azure and non-Azure resources. It distributes the events to registered subscriber endpoints. The event message has the information you need to react to changes in services and applications. Event Grid isn’t a data pipeline, and doesn’t deliver the actual object that was updated.

Event Grid supports dead-lettering for events that aren’t delivered to an endpoint.

It has the following characteristics:

  • dynamically scalable
  • low cost
  • serverless
  • at least once delivery

Event Hubs

Azure Event Hubs is a big data pipeline. It facilitates the capture, retention, and replay of telemetry and event stream data. The data can come from many concurrent sources. Event Hubs allows telemetry and event data to be made available to a variety of stream-processing infrastructures and analytics services. It is available either as data streams or bundled event batches. This service provides a single solution that enables rapid data retrieval for real-time processing as well as repeated replay of stored raw data. It can capture the streaming data into a file for processing and analysis.

It has the following characteristics:

  • low latency
  • capable of receiving and processing millions of events per second
  • at least once delivery

Service Bus

Service Bus is intended for traditional enterprise applications. These enterprise applications require transactions, ordering, duplicate detection, and instantaneous consistency. Service Bus enables cloud-native applications to provide reliable state transition management for business processes. When handling high-value messages that cannot be lost or duplicated, use Azure Service Bus. Service Bus also facilitates highly secure communication across hybrid cloud solutions and can connect existing on-premises systems to cloud solutions.

Service Bus is a brokered messaging system. It stores messages in a “broker” (for example, a queue) until the consuming party is ready to receive the messages.

It has the following characteristics:

  • reliable asynchronous message delivery (enterprise messaging as a service) that requires polling
  • advanced messaging features like FIFO, batching/sessions, transactions, dead-lettering, temporal control, routing and filtering, and duplicate detection
  • at least once delivery
  • optional in-order delivery

Notification Hubs

Has an SLA of 99.99% on the Basic and Standard tiers

RPO – Recovery Point Objective – The amount of data loss if a recovery needs to be done

RTO – Recovery Time Objective – The amount of time it takes to complete a recovery or restore

Azure Backup

Recover Points

  • Application Consistent – Here the backup takes into consideration any pending i/o operations and memory content operations. This allows the application to start in a consistent state after recovery.
  • File System Consistent – This provides a consistent backup of disk files. Here the application needs to maintain its own mechanism to manage its consistency.
  • Crash Consistent – Happens when the VM Shuts down at the time of the backup. Data exists on the disk at the time of the backup, but not guarantee on the disk consistency.

Azure Backup is good for retention periods of days, weeks, months and eve years.

Virtual Machines SLA’s

One VM = 99.9% availability

Two or more VM’s in an Availability Zone = 99.99% availability

Two or more VM’s in an Availability Set = 99.95% availability

Availability Zones

Within 1 Region you may have 2 availability zones

So this can mean 2 Availability Zones each having 2 data centres.

Deploy 2 copies of your vm, 1 to a datacentre in zone1, the other vm to the other availability zone

Availability Sets

  • Fault domains (3 by default), ie separate server racks which have separate power etc. Your vm is deployed to say all 3 fault domains and then if a fault domain goes down your still good on the other 2.
  • Update Domains (5 by default), when your vm might need updating, this concept means that some copies can be updated so that others stay up

If you add 6 vm’s to an availability set then the 6th vm would go into update domain 0 as the numbering starts at 0.

Azure Load Balancer (works at layer 4)

  • Is used to distribute traffic to virtual machines
  • Increases fault tolerance and availability for your application
  • Works at the network layer
  • Uses a public Ip address in front of the Azure Load Balancer
  • The back end pool is literally your Virtual Machines
  • The load balancer uses a health probe which needs the protocol, port, interval and threshold set

Important Notes:-

  • The load balancer cannot be used to route traffic between resources in different regions, only the same region.
  • If you want to achieve a higher availability of 99.99% then you should use a Standard Load Balancer instead of a Basic Load Balancer, and have at least 2 healthy virtual machines in the backend pool of the load balancer.
  • The vm’s should be assigned a standard static public IP address

Application Gateway (works at layer 7)

  • Web Traffic Load Balancer
  • Works at the application layer
  • URL Routing – example would be /video goes to backendpool1, /images goes to backendpool2
  • SSL termination

WAF (web application firewall)

  • Centralized protection for your web applications from common exploits and vulnerabilities
  • If you want to deploy an application gateway you need an empty subnet available for your virtual network.
  • SLA 99.5% – 2 or more medium or large instances

Azure Traffic Manager

  • DNS based traffic load balancer
  • Can Distribute traffic across regions
  • You can use different traffic routing methods
    • Priority – choose which region you prefer
    • Geographic – direct end users to specific endpoints based on geographic location
    • Multivalue – all healthy endpoints are returned to the user
  • If your using Azure Site Recovery then you have to create an Azure Site Recovery Vault to store the data
  • Premium Storage tier only allows storage of blobs, nothing else
  • Default NSG Rules – deny all inbound from internet, allow all outbound to the internet, to stop subnets having access out add a new NSG rule and add a service tag of internet, destination port ranges * and then Action Deny with a low priority value of say 100 so that it over rules the default NSG outbound security rules
  • If you want to get access to the Windows Graphic Device interface use Azure Batch
  • When creating an Azure gateway the Ip Address has to be a public static ip address (sku standard)
  • Using Powershell to get an azure keyvault secret
    (Get-AZKeyVaultSecret -vaultname ‘myvaultname’ -name ‘mysecretname’ ).SecretValueText
  • Azure AD Conditional access requires Premium Tier on Azure AD
  • When you set up ASR in another region and point it to some VMs, it installs the Azure Site Recovery extension called Mobility Service in the source VMs
  • Azure Site Recovery is for replicating Virtual or Physical Machines from various sources. It does NOT support Azure App Services. But it does support Hyper-V and VMWare Virtual Machines, and Windows or Linux Physical Machines.
  • ASR requires port 443 and 9443 in order to do it’s replication from the source servers
  • To replicate Hyper-V virtual machines between two on-premises data centers, you need SCVMM to be on both systems already
  • ASR can replicate sites between regions as long as they are in the same geography. It would not support US East machines being replicated to Japan East because it crosses a geographic boundary.
  • VMs across multiple Availability Zones provides the highest Microsoft SLA at 99.99%. Using availability sets provides 99.95% SLA. Standalone VMs behind a load balancer does not provide an SLA. Using Azure Site Recovery provides Business Continuity, and not a high-availability.
  • How does SQL Database implement high availability at the Premium Tier?

The Premium tier of SQL Database runs the database in a 4-node Always On Availability Group Cluster. This has one primary database node with 3 secondary processes keeping copies of the data.

  • Using SQL Database Always On Encryption with Deterministic Encryption. This allows the database to perform database operations on the table such as joins and equality tests, while keeping the data encrypted in the table and from regular application reads. SQL Database Always On Encryption with Randomized Encryption does not allow table operations
  • With Storage Queues, calling UpdateMessage can be used to extend the lease and prevent the message from being given to another process. RenewLock is for Service Bus Queue and not Storage Queues. Rearchitecting the application may not be a simple solution, although it may be wise.
  • You can scale a web app using metrics provided by Application Insights, which needs to be implemented before you can enable such scaling
  • Transparent Data Encryption allows the data stored on the disk to be encrypted and it supports geo-replication and geo-restore. Always Encrypted will not suffice as this is focused on transport encryption (data in transit is encrypted)
  • Azure Confidential Compute (ACC) is only supported on the DC-Series VMs, Azure Confidential Compute allows code and data in the processor to be secured when running. Azure Confidential Compute is not supported on any other VM series except DC-series.
  • SendGrid is an email solution which provides email functionality via distribution groups as well as metric gathering
  • Azure AD Privileged Identity Management is a tool that will allow you to see who has elevated permissions within your environment. You can examine the history of that access, and whether they use those permissions. And you can ask users to justify the need for those elevated permissions in a security review.
  • Azure Site Recovery (ASR) does not support the recovery of most PaaS solutions such as Azure Storage and Azure App Services. ASR is for infrastructure workloads such as Windows and Linux VM’s, SAP, VMWare, Sharepoint, IIS, and SQL Server
  • Function Keys and Azure API Management can both protect a Function app’s public endpoint. Function keys are unique codes that can be required to be used when calling an endpoint. This only protects the endpoint when the function key is a true secret. Azure API Management can be put in front of the function and require other forms of authentication such as Azure AD or OAuth. Functions do not support Shared Access Signatures (SAS).
  • Shared Access Signatures (SAS) and Azure API Management can both protect a Service Bus’ public endpoint. Shared Access Signatures (SAS) are unique codes that can be required to be used when calling an endpoint. This is why they are called “shared”. This only protects the endpoint when the SAS is a true secret. Azure API Management can be put in front of the function and require other forms of authentication such as Azure AD or OAuth. Service Bus does not support Function Keys or Multi-Factor Authentication.
  • Always Encrypt allows you to choose which columns to encrypt, and SQL Database will do the work for you. When using a command line, the data will come out encrypted. But a trusted application can see the data, and use it in JOINs, SELECTs, and WHERE clauses. Application side encryption will not allow JOINs, etc. A Trusted Execution Environment (TEE) is not used for SQL Database service. All data is stored at rest encrypted using TDE by default.


Azure Certification Exams Passed

Proud to say that I now have the following exams passed: –

  • Azure solutions Architect Expert
  • Azure Devops Engineer Expert
  • Azure Developer Associate



Azure Best Practices

The following is a list of the best practices I have found in 18 months of learning and using Azure (not including the community blogs of course), I know best practice isn’t a great term but here are the links anyway, enjoy!

p.s. I’ll keep updating this so check back in a month or 2 🙂



Ambition and Drive to Learn Azure – 2019 Edition

If there is one thing I am good at, its finding the right resources to learn something, I have a knack of finding the right content and locating the right people to ask for help or to learn from.

 

Ok so people seem interested in how I went about it so let’s get to that now, here is how I tackled my Azure learning, hopefully you can get some solid advice from this post for you, no matter if your a dev, SQL dba, infrastructure type person, most of this post is valid.

  • Read through the exams and start off with one of the easier ones (none of them are easy when your starting out)
  • I chose the AZ-100 and I think that’s not a bad place to start (now the AZ-103), that or the AZ-900 exam of your new to Azure.
  • Read the website link for the exam carefully especially the skills measured (these can be updated from time to time)
  • Search google for people blogging about their study notes
  • Use links like mine for finding useful study resources
  • I used Udemy and Scott Duffy’s courses and Pluralsight (too may authors to thank here, see below)
  • I signed up to his Facebook Azure Exams User Group (Only thing I used Facebook for)
  • After a couple of weeks I booked the exam 2 weeks in advance (that forces you to study and focus)
  • I used Azure a lot as nothing beats hands on experience – this is very important!
  • Practice is the only way I really learn something and remember it

Focus

I cut down the amount of tv I watched, just stopped it altogether, I’ve barely watched a thing this past year on Netflix.

If I want to learn Azure it required being laser focused and dedicated to the subject. I would say on average I was spending 10+ hours a week at night after work just studying and using the tools within Azure, now this isn’t possible for everyone so maybe I can list some of the best resources I found and my tips for learning Azure, lets come back to that later on.


Motivation

So what was the motivation for doing this amount of learning and almost giving up watching tv – mad right?, I know your thinking that.

I want to learn, and the more I learn the more I want to feed the habit of learning.


How I got started

I start by first of all taking my time, I didn’t dive right in, I looked around, read some blog posts, but always ended up back at the docs.microsoft.com – which by the way is awesome.

I check out the beginner courses on Pluralsight, searched for Azure and off I went – the more I read the more I thought this is very cool  stuff, I just got immersed into it and my learning became quite addictive, its when you first deploy something to Azure your like wow that was super easy, what can I do next, and so I just kept at it.

After a month, maybe two I decided to think I may as well check out the certifications,  if I’m learning Azure I may as well see what’s involved in the certifications, so I checked out the Azure certifications, looked for advice on where to get started and it was looking like one of the exams was easier of the 3 available, so I got reading.

After some time I took a practice test and got 12% I think maybe slightly higher, I had very little idea what the questions were talking about, I still hadn’t even heard of some of the content in the questions – that drove me to keep going and learn even more rather than getting despondent, I did the Pluralsight IQ test thing they do and it was slowly going up over time – any progress is good progress right? – I mean I’m learning, I’m investing in myself and what harm can that ever do?

At this point I have the following badges.


Twitter

Twitter is without doubt my favourite place to learn believe it or not,  I follow all the MVP’s I come across, I follow as many people I can who tweet about Azure, the Azure team members at Microsoft, anyone who mentions Azure I check out their tweets and if there’s learning potential I follow them – I highly recommend doing this if your serious about learning Azure, and if your serious about learning anything technical locate the people you need to be following, engage with them ask questions etc and learn.

I have made some great friends on twitter special mention to Julie Lerman @julielerman ,Richard Hooper @Pixel_Robots, Sam Smith @samsmithnz , Aaron Ralls @cajunAA ,Thomas Thornton @tamstar1234–  the people I chat to the most on twitter.

From twitter alone I have been asked to write two books and do training for a cloud training company, was invited to meet Scott Guthrie @scottgu and way more


Blog

The reason I started blogging was to write down things I came across that I would forget, blogging meant I could come back to it later and find the answers, now I’ve moved on to help other people with what I have learned and share the knowledge, it also ensures I have read into the subject enough so that I at least know what I am talking about.

If you aren’t a blogger then you should look into getting started, it’s very easy to do and can open up new opportunities for you gong forward.

I took part in the C# blog Advent Calendar end of last year which was fun to do.


Tips for Learning Azure

I will list my tips I would suggest for learning azure the way I did below: –


Community

Helping with the Glasgow Azure User Group, running the Azure Global Bootcamp in Glasgow was great fun.

I add the hashtag #azurefamily to my posts, like a calling card for help, we chip in and help other people who have questions they need help with when it comes to Azure.

I also reached out to several of the Microsoft Azure folks asking questions, looking for advice etc, the responses have always been very helpful.


Goals

Setting goals I think is an important step, I wrote one goal up above my pc monitors which I haven’t achieved and its there to remind me to stay focused on that very goal.

My goals for 2019 I keep to myself, got 2 left to achieve.


Thank You

I wanted to thank a few people who have helped me with Azure over the past 18 months, its been challenging but very rewarding. It’s not possible to list them all but the one thing I always do is thank the person who has helped me, its nice to be nice and the best part in all of this has been able to help other people just starting out their journey to learn some Azure.

Special mention to the following for their amazing learning resources:-

Scott Duffy – @scottjduffy
Barry Luijbregts – @AzureBarry
Mike Pfeiffer – @mike_pfeiffer

Here’s to an exciting time ahead with an Azure filled rest of 2019.

p.s. Ping me on twitter If I can help you on your journey, I love to be able to help people and more than happy to help.

 



Azure Exam Resources

A colleague at work found some amazing resources for Azure exams, I thought it best to share the resources, hope you find them as useful as I have for the exams, please share the link, the courses are all free from EDX. Even if they become invalid the learning content here is fantastic!

MS-100: Microsoft 365 Identity and Services


MS-101: Microsoft 365 Mobility and Security


AZ-100: Microsoft Azure Infrastructure and Deployment


AZ-101: Microsoft Azure Integration and Security


AZ-200: Microsoft Azure Developer Core Solutions


AZ-201: Microsoft Azure Developer Advanced Solutions


AZ-300: Microsoft Azure Architect Technologies


AZ-301: Microsoft Azure Architect Design


AZ-401: Microsoft Azure DevOps Solutions (this is the AZ-400 exam content)


AZ-900: Microsoft Azure Fundamentals


MS-900 Microsoft 365 Fundamentals

Bonus section includes links to the above and more: – https://partner.microsoft.com/en-US/training/assets#/?type=Exam

All the exam learning paths can be found here: –

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWtQJJ

Please leave feedback questions etc in the comments section below.



Replacing Azure Automation using Azure CLI and Azure Devops

A customer at work has several Azure Virtual Machines and they wanted to have them stopped between the hours of say 10pm until 6am, nothing too difficult there. I setup an Azure Automation account with a Start/Stop VM Solution, long story short it doesn’t really work, like at all, its messy etc, it’s just a mess.

Note – the solution presented below means zero resource provisioning!

I decided to look at a different way of doing it and asked around and a colleague Nathanat work suggested Azure Functions and also mentioned he had been looking at the Azure CLI of late.

The below is the solution that he came up with, I like this and decided to go ahead and pinch his idea, don’t worry he works in my team and I will give credit where credit is very much due 🙂 – now before I go any further, yes I could use PowerShell, Azure Functions, etc. etc. but I like this implementation mainly because I learned a couple of new things, and if I’m learning then all good.

He wrote 2 bash scripts which invoke the Azure CLI, you pass in the name of the Resource Group(s) and it’ll loops through and starts / stops all the VM’s in your Resource Group(s).

Start VM Bash Script:-


Stop VM Bash Script:-


Start VM Yaml Build Script: –


Stop VM Yaml Build Script: –

Then to ensure the bash scripts run every day you set the schedule for the build and your good to go, like so:-

Feedback welcome, I like this idea for the following reasons: –

  • Learned some YAML
  • Learned about trigger (think scheduled builds) on YAML builds
  • And looked more at the Azure CLI which is of huge interest

Please also follow Nathan on twitter.