Category: Uncategorized

Shipping Features Faster with Copilot CLI

Ship faster

As developers, we’re always looking for ways to ship faster without sacrificing quality. The constant pressure to deliver new features while maintaining clean, maintainable code can feel like an impossible balance. But what if I told you that the latest wave of AI tooling is actually living up to the hype?

Enter GitHub Copilot CLI, a game-changer that’s fundamentally changing how I approach building applications on Azure. This isn’t just autocomplete on steroids. It’s a genuine productivity multiplier that’s helping teams ship features at a pace we couldn’t have imagined just a year ago, maybe even a few months ago.

What Makes Copilot CLI Different

You’re probably familiar with GitHub Copilot in your IDE, suggesting code as you type. Copilot CLI takes a different approach. It lives in your terminal, where you spend a huge chunk of your day running commands, deploying code, and managing infrastructure.

The beauty of Copilot CLI is its understanding of context. It knows you’re working in Azure. It understands your project structure. It can suggest complete command sequences that would normally require you to dig through documentation.

Real-World Impact on Development Speed

Let me give you a concrete example. Last week, I needed to set up a new Azure Function with blob storage triggers, configure monitoring, and deploy it to a staging environment. Traditionally, this would involve:

  • Looking up the Azure CLI syntax for creating function apps
  • Remembering the right flags for runtime and region
  • Setting up storage account connections
  • Configuring Application Insights
  • Writing deployment scripts
  • Testing everything locally first

With Copilot CLI, I described what I needed in plain English. It generated the exact command sequence, including error handling and best practices I might have overlooked. What would have taken an hour or two took maybe 15 minutes.

Natural Language to Complex Commands

The real power comes from turning intent into action. Instead of memorizing complex Azure CLI syntax, you can ask questions like:

“Create a container app with autoscaling and connect it to my existing PostgreSQL database”

“Deploy this app to three regions with traffic manager for load balancing”

“Set up monitoring alerts for when my function execution time exceeds 5 seconds”

Copilot CLI translates these requests into proper Azure CLI commands, complete with the right parameters and flags. It’s like having a senior Azure architect sitting next to you.

Faster Iteration Cycles

Where this really shines is during rapid prototyping and feature development. When you’re exploring a new Azure service or trying to implement a feature quickly, the feedback loop is everything.

Instead of context-switching between your editor, browser, and documentation, you stay in the flow. Need to check your current resource groups? Ask. Want to deploy a quick test? Describe it. Need to roll back a change? Just say so.

This compressed feedback loop means you can iterate on features multiple times in the span it would have previously taken to do it once.

Beyond Simple Commands

Copilot CLI isn’t just about generating single commands. It helps with entire workflows. Setting up CI/CD pipelines, configuring networking rules, managing secrets and certificates – these multi-step processes become conversations rather than chores.

I’ve seen team members who were less familiar with Azure infrastructure become significantly more productive. The learning curve flattens because they’re learning by doing, with AI assistance that explains what each command does and why.

Integration with Your Development Workflow

What I appreciate most is how Copilot CLI fits into existing workflows without forcing you to change how you work. It enhances your terminal experience rather than replacing it. You can review suggested commands before running them, modify them as needed, and build up your own understanding over time.

For Azure-specific development, this means you can focus on solving business problems rather than fighting with infrastructure syntax. Your cognitive load drops dramatically when you’re not constantly switching between writing application code and remembering the exact flags for Azure CLI commands.

The Compound Effect

Here’s what I’ve noticed after a few days of using Copilot CLI daily: the time savings compound. Every command you don’t have to look up, every deployment script you don’t have to debug, every configuration you get right the first time – it all adds up.

Features that used to take a sprint now take days. Proof of concepts that took days now take hours. The velocity increase isn’t linear, it’s exponential.

Getting Started

If you’re building on Azure and haven’t tried Copilot CLI yet, I’d strongly encourage giving it a shot. The setup is straightforward, and the productivity gains start immediately. You don’t need to be an AI expert or change your entire workflow.

Start with simple commands and gradually build up to more complex operations. Let it suggest, review what it generates, and learn from the patterns. Before long, you’ll wonder how you ever managed without it.

The Future of Development

This feels like a glimpse into where software development is heading. We’re moving from memorizing syntax to expressing intent. From fighting tools to collaborating with them. From spending time on mechanical tasks to focusing on creative problem-solving.

For those of us building on Azure, Copilot CLI represents a significant step forward in how quickly we can move from idea to deployed feature. And in today’s competitive landscape, that speed matters more than ever.

The tools are here. The technology works. The only question is: how much faster could your team ship if you started using them today?

Ready to get started – https://github.com/features/copilot/cli

.



Azure Web Apps and AI โ€” Whatโ€™s New from Microsoft Ignite 2025

Microsoft Ignite 2025 reaffirmed that AI is now a first-class development model across the Azure platform, not just an optional add-on. Among the many announcements at Ignite, updates to Azure App Service (Web Apps) and the broader Azure AI ecosystem directly affect how developers build intelligent, cloud-native applications โ€” including web apps augmented with AI capabilities, semantic search, and agentic workflows.

This article walks through:

  • Key App Service / Web Apps announcements
  • The AI platform enhancements that Web Apps can leverage
  • Architectural patterns for integrating AI into web workloads
  • Infrastructure automation with Terraform and secure deployment patterns

Whatโ€™s New in Azure App Service at Ignite 2025

At Ignite 2025, the Azure App Service team announced a set of updates focused on modernization, developer productivity, and AI integration readiness:

1. Managed Instance on Azure App Service (Public Preview)

A major new capability โ€” Managed Instance on Azure App Service โ€” entered public preview. It is designed to simplify migration of legacy web applications (especially classic ASP.NET and .NET apps with Windows dependencies) to a managed PaaS runtime with minimal code changes.

Key benefits:

  • Run legacy Windows web apps with Hyper-V nested virtualization.
  • Use configuration and installation scripts for dependencies rather than rewriting code.
  • Maintain automatic OS and .NET patching and updates.
  • Direct RDP access to instances for troubleshooting in complex migration scenarios.

This matters for AI because modernization often precedes adding AI-driven features โ€” a classic app first needs to run reliably on App Service before layering in services like semantic search, chat UI APIs, or automated content enrichment workflows.


2. Enhanced Runtime and Language Support

Alongside the Managed Instance preview, App Service continues to expand support for modern runtimes, frameworks, and developer experiences. While not AI-specific, these enhancements make it easier to host intelligent applications built with:

  • .NET 8/9 and ASP.NET Core
  • Node.js 20+
  • Java 25 and beyond
  • Containers on App Service (Linux) with improved tooling

These runtimes interoperate cleanly with Azure AI APIs and SDKs. For example, a Node.js web app can call Azure AI Search or an LLM API directly via SDK or REST.


Azure AI Platform Enhancements from Ignite 2025

Ignite 2025 made clear that the foundation for AI-driven web apps is not just the compute layer, but platform services that encapsulate semantic understanding, retrieval-augmented generation (RAG), and agentic workflows.

1. Microsoft Foundry โ€” Unified AI Agent Platform

At Ignite, Azure AI Foundry was rebranded and enhanced as โ€œMicrosoft Foundryโ€, a unified platform for building, deploying, and governing enterprise-grade AI agents across workloads. Foundry now supports:

  • Multi-agent orchestration
  • Open standards for models (including Anthropic Claude and OpenAI models)
  • Seamless integration with enterprise data and APIs

Foundry is not App Service, but it is the AI backbone you are likely to call from web apps for:

  • Conversational AI interfaces
  • Workflow automation (e.g., ticket triaging, contextual assistants)
  • Long-running agentic tasks tied to user sessions or backend triggers

More on Foundryโ€™s updates are in the Microsoft documentation. TECHCOMMUNITY.MICROSOFT.COM+1

2. Semantic Retrieval and AI Search

Azure AI Search (formerly Cognitive Search) continues to evolve with RAG-friendly patterns that integrate vector search, semantic ranking, and LLMs. This makes it much easier to add โ€œchat with your dataโ€ experiences into web UIs.

Azure AI Search documentation is here:
๐Ÿ”— https://learn.microsoft.com/azure/search/what-is-azure-ai-search

Typical patterns for Web Apps include:

  • Document ingestion pipelines (Azure Blob, OneLake, Cosmos DB)
  • Indexer + semantic search for natural language queries
  • LLM integration to summarize and respond conversationally

Patterns for Integrating AI into Azure Web Apps

Below are architectural patterns you might adopt when extending web apps with AI capabilities following Ignite 2025.

Pattern 1 โ€” RAG-Driven Conversational UI

  1. Web App Frontend on App Service (e.g., React, Blazor).
  2. API Layer in Azure Functions or .NET backend to handle requests.
  3. Azure AI Search + vector store for semantic retrieval.
  4. OpenAI or Foundry Models for response generation.

Flow:

  1. User asks a question in web UI.
  2. Backend calls Azure AI Search to retrieve relevant documents.
  3. Retrieved context is sent to a generative model.
  4. Model output is returned to the UI.
var client = new Azure.AI.OpenAI.OpenAIClient(new Uri(endpoint), new DefaultAzureCredential());
var response = await client.GetCompletionsAsync(
    deploymentOrModelName: "gpt-4.1-enterprise",
    new Azure.AI.OpenAI.CompletionsOptions
    {
        Prompts = { "Summarize these docs for a tech user: ..." }
    });

Pattern 2 โ€” Agentic Backend Workflows

If your web app needs to trigger longer-running workflows (e.g., order fulfillment automation, customer support routing), you can:

  1. Expose an HTTP trigger from your Web App or Azure Function.
  2. Hand off processing to a Foundry agent (via API) that orchestrates multi-step logic.
  3. Use Queues (Service Bus, Storage Queues) for reliable message passing.

This pattern decouples UI from backend processing, letting agents execute tasks with traceability and governance โ€” critical for compliance.


Infrastructure as Code โ€” Terraform & Bicep

Automation and repeatability are essential. Below is a sample Terraform snippet to provision an App Service with a Managed Identity (for secure calls to Azure AI).

Notes:

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "rg" {
  name     = "rg-webapp-ai"
  location = "WestEurope"
}

resource "azurerm_app_service_plan" "plan" {
  name                = "asp-webai"
  resource_group_name = azurerm_resource_group.rg.name
  sku {
    tier = "PremiumV4"
    size = "P1v4"
  }
}

resource "azurerm_app_service" "webapp" {
  name                = "webapp-ai"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  app_service_plan_id = azurerm_app_service_plan.plan.id

  identity {
    type = "SystemAssigned"
  }

  site_config {
    dotnet_framework_version = "v6.0"
  }

  app_settings = {
    "WEBSITE_RUN_FROM_PACKAGE" = "1"
    "AZURE_OPENAI_ENDPOINT"     = var.openai_endpoint
    "AZURE_OPENAI_MODEL"        = var.openai_model
  }
}

  1. Use managed identities to authenticate to Azure AI services instead of static keys.
  2. You can extend this snippet with Private Endpoints, Key Vault references, and app settings for AI service integration.

Terraform vs Bicep vs ARM:

  • Terraform excels with multi-cloud teams and state management.
  • Bicep/ARM provide first-class Azure tooling and tighter integration with Azure RBAC.
  • Choose based on team skills and governance requirements.

Security, Governance, and Identity

Ignite announcements highlighted enterprise-grade security for AI agents and services, including identity integration and access policies. For Web Apps calling AI APIs:

  • Use Managed Identity and Azure RBAC instead of connection strings.
  • Store secrets (if needed) in Azure Key Vault with MSI access.
  • Secure backend APIs with Azure AD tokens.

Summary

Ignite 2025 reinforced that AI is deeply woven into the future of Azure compute and application platforms:

  • Azure App Service continues to modernize with managed instances, enhanced runtimes, and improved migration tooling.
  • The Azure AI ecosystem โ€” especially Microsoft Foundry and Azure AI Search โ€” enables developers to add semantic, conversational, and agentic capabilities to web apps.
  • Architectural patterns (RAG, agent workflows) and secure automation (Terraform, managed identity) help deliver production-grade intelligent applications.

As you plan your next wave of web apps, consider AI as a core design axis, not an afterthought.


Further Reading



Microsoft Build: My Takeaways from this years conference

This years Microsoft Build was full of new releases, new services, new ways of doing things, and yep, lots of AI. The following are just some of the areas that grabbed my interest whilst attending the conference, due to working at it, I havent had time to try the demos, check out some of the announcements and get hands on with the tech that has newly been released, but I will in the coming weeks.

If like me you havent managed to catchup on the announcements then you can read the book of news for Build 2025.

If you are looking to upgrade your existing .net Framework application to .net Core then checkout thiese links:-

Docs: https://learn.microsoft.com/en-us/dotnet/core/porting/upgrade-assistant-overview
Upgrade Extension: https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.upgradeassistant

If you would like co-pilot to help you upgrade your version of a .net Core application then here are some very useful links.

There is also some help available if you are just starting out and would like help deploying your application to Azure – Quickstart: Deploy your application to Azure with agent mode in GitHub Copilot for Azure

If you are interested in Hosting remote MCP Server’s in Azure App Service then this articlae has you covered – https://techcommunity.microsoft.com/blog/appsonazureblog/host-remote-mcp-servers-in-azure-app-service/4405082

Two of my favourite annoucements recently were the GitHub CoPilot Coding Agent and the new SRE Agent coming soon (you can sign up for this preview now!) and read more about the SRE agent – https://techcommunity.microsoft.com/blog/azurepaasblog/introducing-azure-sre-agent/4414569

Interested in some AI Labs then look no further than – https://ai.azure.com/labs

Maybe you like creating videos and now within Azure you can create high-quality visual content with GPT-Image-1 and Sora on Azure OpenAIโ€”tailored for professional use cases – https://github.com/Azure-Samples/visionary-lab



Upgrading Your .NET Applications: Exploring .NET Upgrade Assistants at Microsoft Build

Microsoft Build is the flagship event for developers, showcasing the latest tools, frameworks, and innovations to empower modern software development. Among the highlights in recent years has been the focus on modernizing .NET applications, particularly through the .NET Upgrade Assistant tools. These tools streamline the transition from legacy .NET Framework to modern .NET (formerly .NET Core) and support upgrades between .NET versions. Additionally, the integration of GitHub Copilot in Visual Studio Code (VS Code) has added an AI-powered dimension to the upgrade process, making it smarter and more efficient. In this blog post, Iโ€™ll dive into the .NET Upgrade Assistant for migrating from .NET Framework to .NET Core, explore the .NET Core Upgrade Assistant, and highlight how Copilot in VS Code enhances these processes.

The Need for .NET Modernization

The .NET ecosystem has evolved significantly since the days of .NET Framework. With the introduction of .NET Core (now simply .NET), Microsoft unified its development platform to support cross-platform applications, improved performance, and modern cloud-native architectures. However, many organizations still rely on .NET Framework applications built years ago, which are tied to Windows and lack the scalability and features of modern .NET. Upgrading to .NET 8 or 9 (the latest Long-Term Support and Standard-Term Support versions as of 2025) unlocks benefits like enhanced performance, new APIs, and better cloud integration.

The challenge? Migrating legacy applications can be complex, involving changes to project structures, dependencies, and codebases. This is where the .NET Upgrade Assistant comes in, offering automated tools to simplify the process. At Microsoft Build, these tools have been showcased as critical for developers looking to modernize their applications efficiently.

.NET Upgrade Assistant: From .NET Framework to .NET Core

The .NET Upgrade Assistant is a powerful tool designed to help developers migrate .NET Framework applications to modern .NET. Available as both a Visual Studio extension and a command-line interface (CLI) tool, it automates many manual tasks, such as updating project files, converting to SDK-style projects, and addressing code incompatibilities. Letโ€™s break down its key features and how it was highlighted at Microsoft Build.

Key Features of the .NET Upgrade Assistant

  1. Project File Conversion: The .NET Upgrade Assistant converts legacy .NET Framework project files to the modern SDK-style format used by .NET Core and beyond. This is a critical step, as the SDK-style format simplifies project configuration and supports cross-platform development. The tool leverages the try-convert utility to automate this process, reducing the need for manual edits.
  2. Code Analysis and Fixes: The assistant includes a robust analysis engine that scans your codebase for incompatibilities, such as deprecated APIs or platform-specific dependencies. It generates a detailed report with status icons (e.g., green checkmarks for successful upgrades, yellow warnings for issues needing attention, or red Xs for failures) and logs actions in the Visual Studio Output window. This helps developers prioritize fixes and ensure a smooth migration.
  3. Incremental Upgrades: For complex applications, such as ASP.NET web apps, the tool supports a side-by-side incremental upgrade approach. This creates a new .NET project alongside the existing .NET Framework project, allowing developers to migrate endpoints gradually while keeping the application functional. This is particularly useful for large-scale projects where a full rewrite isnโ€™t feasible.
  4. NuGet Package Management: The assistant updates NuGet package references to compatible versions for the target .NET version. Recent updates, as announced at Microsoft Build, also support upgrading to Centralized Package Management (CPM), which simplifies dependency management across multiple projects.
  5. Extensibility: The tool supports third-party extensions through package and API mappings, allowing vendors to define how their libraries should be upgraded. This ensures compatibility with external dependencies, a common pain point in migrations.

Using the .NET Upgrade Assistant in Visual Studio

To use the .NET Upgrade Assistant in Visual Studio:

  1. Install the Extension: Available from the Visual Studio Marketplace, the extension integrates seamlessly with Visual Studio 2022 (version 17.1 or newer). You can verify installation by checking for an โ€œUpgradeโ€ option when right-clicking a project in Solution Explorer.
  2. Run the Upgrade: Right-click your project, select โ€œUpgrade,โ€ and follow the wizard to choose options like in-place upgrades (modifying the original project) or side-by-side upgrades (creating a copy). Select the target framework (e.g., .NET 8.0 or 9.0) and let the tool handle project file updates and code fixes.
  3. Review and Test: After the upgrade, review the generated report for any issues. Thorough testing is crucial, as some manual refactoring may be required, especially for ASP.NET to ASP.NET Core migrations.

Microsoft Build sessions have emphasized the toolโ€™s ability to reduce migration time by automating repetitive tasks, with real-world examples showing successful upgrades of complex solutions. However, as noted in Build discussions, manual intervention is often needed for edge cases, such as unsupported APIs or third-party dependencies.

.NET Core Upgrade Assistant: Moving Between .NET Versions

For developers already on .NET Core or earlier .NET versions (e.g., .NET 5 or 6), the .NET Upgrade Assistant also supports upgrades to newer versions, such as .NET 8 or 9. This process is generally simpler than migrating from .NET Framework, as the project structure and APIs are more aligned. Key aspects include:

  • Target Framework Updates: The assistant updates the <TargetFramework> property in project files (e.g., from net6.0 to net9.0). This is often the only change needed for simple projects, as highlighted in Microsoft Build demos.
  • Dependency Resolution: The tool identifies and updates NuGet packages to versions compatible with the target framework, addressing security vulnerabilities or deprecated packages.
  • Code Assessment: Enhanced in 2024, the assistantโ€™s code assessment features scan for potential issues at the source code level, providing a dashboard with issue severity and remediation effort estimates. This was a major focus at Build, showcasing how developers can pinpoint and resolve issues quickly.

For example, a Build session demonstrated upgrading a .NET 6 Razor Pages project to .NET 9, where the assistant updated NuGet packages like Microsoft.EntityFrameworkCore from version 6.0 to 9.0 and flagged a test failure for manual review. The process was completed with minimal manual changes, thanks to the toolโ€™s automation.

GitHub Copilot in VS Code: Enhancing Upgrades

At Microsoft Build 2025, a significant highlight was the integration of GitHub Copilot with the .NET Upgrade Assistant, particularly through the โ€œGitHub Copilot app modernization โ€“ Upgrade for .NETโ€ extension. While this extension doesnโ€™t yet support direct .NET Framework to .NET migrations, it excels at modernizing .NET Core projects and enhancing the upgrade experience in VS Code.

How Copilot Helps

  1. AI-Powered Guidance: Copilot analyzes your codebase and generates an upgrade plan, suggesting changes like updating target frameworks or modernizing APIs. It uses natural language prompts, allowing you to ask, โ€œUpgrade my solution to .NET 9,โ€ and it responds with a step-by-step plan.
  2. Automated Code Changes: Copilot applies transformations automatically, such as updating NuGet packages or refactoring code to use newer APIs. It commits changes to Git at each step, enabling easy rollbacks if needed.
  3. Learning from Manual Fixes: When manual intervention is required, Copilot learns from your changes and applies them to similar issues later, reducing repetitive work. This was showcased at Build with a demo upgrading a .NET 6 MVC project, where Copilot adapted to developer fixes in real time.
  4. Integration with VS Code: In VS Code, Copilotโ€™s inline suggestions and chat interface make it easy to interact with the upgrade process. For example, you can enable Agent Mode, select the โ€œUpgradeโ€ tool, and let Copilot guide you through the process.

Getting Started in VS Code

To use Copilot for .NET upgrades in VS Code:

  1. Install Extensions: Ensure the GitHub Copilot and C# Dev Kit extensions are installed. A GitHub Copilot subscription is required.
  2. Enable Agent Mode: Go to the Copilot Chat window, select โ€œAgent,โ€ and choose the โ€œUpgradeโ€ tool.
  3. Start the Upgrade: Use a prompt like โ€œUpgrade my project to .NET 9.โ€ Copilot will analyze the project, apply changes, and provide a report with Git commit hashes and next steps.

Build sessions highlighted Copilotโ€™s ability to reduce upgrade time by automating repetitive tasks and providing intelligent suggestions, though some limitations were noted, such as incomplete support for .NET Framework migrations.

Best Practices and Considerations

  • Backup Your Code: Always back up your project before running upgrades, as both the .NET Upgrade Assistant and Copilot make significant changes.
  • Test Thoroughly: Automated tools handle much of the process, but manual testing is essential to catch runtime issues, especially for complex applications.
  • Check Dependencies: Ensure third-party dependencies support the target .NET version. The assistantโ€™s code assessment helps identify these issues early.
  • Leverage Community Feedback: Microsoft Build emphasized community contributions to the .NET Upgrade Assistantโ€™s GitHub repository, where developers can report issues or suggest features.

Summary

Microsoft Build has positioned the .NET Upgrade Assistant as a cornerstone for modernizing .NET applications, offering robust tools for transitioning from .NET Framework to .NET Core and upgrading between .NET versions. The integration of GitHub Copilot in VS Code adds an AI-driven layer, making upgrades smarter and more interactive. Whether youโ€™re using Visual Studio for a guided experience or VS Code with Copilotโ€™s AI assistance, these tools empower developers to modernize their applications with confidence. As .NET continues to evolve, leveraging these assistants ensures your applications stay performant, secure, and ready for the future.

For more details, check out the .NET Upgrade Assistant on the Visual Studio Marketplace or explore Copilotโ€™s capabilities at Microsoft Learn.



Automating Deployment of Azure Policies using Bicep

Introduction

This blog post is part of this years Azure Spring Clean an event which is ran to promote well managed Azure tenants. To achieve this, they have community driven articles that highlight best-practice, lessons learned, and help with some of the more difficult topics of Azure Management.

Azure Policy is a powerful governance tool that helps organizations enforce compliance across their Azure environments. By automating the deployment of Azure Policies using Bicep and the Azure Verified Modules (AVM) GitHub repository, you can ensure consistent policy enforcement while leveraging modular, reusable infrastructure as code.

This guide assumes you already have your environment set up in VS Code, including Bicep tooling and Azure CLI authentication.

Prerequisites

Before deploying Azure Policies with Bicep, ensure you have:

  • VS Code with the Bicep extension installed.
  • Azure CLI installed and authenticated (az login).
  • Bicep CLI installed (az bicep install if needed).
  • Git installed and cloned the Azure Verified Modules (AVM) repository.
  • Appropriate permissions to create and assign policies in Azure.

Deploying Policies to Management Groups and Subscriptions

Deploying policies at the management group level is a best practice for organizations that manage multiple subscriptions under a common governance framework. By applying policies at this higher level, you can ensure:

  • Consistency: Enforce compliance standards across all subscriptions within the management group without the need for redundant deployments.
  • Efficiency: Reduce operational overhead by managing policies centrally instead of applying them individually to each subscription.
  • Scalability: As new subscriptions are added to the management group, they automatically inherit the assigned policies, ensuring continuous compliance.

To apply policies at different scopes, use the following commands:

Deploying to a Management Group

$location = ‘West Europe’
$management-group-id = ‘mg-demo’

az deployment mg create \
  --management-group-id $management-group-id \
  --location $location \
  --template-file main.bicep \
  --parameters @parameters.json \
  --name MGPolicyDeployment

Deploying to a Subscription

az deployment sub create \
  --location eastus \
  --template-file main.bicep \
  --parameters @parameters.json \
  --name SUBPolicyDeployment

You can also check in the Azure Portal under Policy -> Assignments

Lets take a look at some example Azure Policies you may want to add to your management groups. In this example I would add them to a file called deployPolicyMg.bicep

targetScope = 'managementGroup'

@description('Policy Assignment Management Group - Allowed Locations')
module assignAllowedLocationPolicy 'policyAssignmentMg.bicep' = if (deployAllowedLocations) {
  name: 'AllowedLocations'
  params: {
    name: 'Allowed Locations'
    displayName: 'Allowed Locations'
    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
    location: primaryLocation
    identity: 'None'
    parameters:{
      listOfAllowedLocations: {
        value: allowedLocations
    }
  }
}
}

@description('Policy Assignment Management Group - ISO 27001-2013')
module assignIso27001Policy 'policyAssignmentMg.bicep' = if (deployIso27001Policy) {
  name: 'Iso27001'
  params: {
    name: 'ISO 27001-2013'
    displayName: 'ISO 27001-2013'
    policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2'
    location: primaryLocation
    identity: 'SystemAssigned'
    roleDefinitionIds: []
  }
}

@description('Policy Assignment Management Group - Azure Security Benchmark')
module assignAscPolicy 'policyAssignmentMg.bicep' = if (deployAzureSecurityBenchmark) {
  name: 'AzureSecurityBenchmark'
  params: {
    name: 'Azure Security Benchmark'
    displayName: 'Azure Security Benchmark'
    policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8'
    location: primaryLocation
    identity: 'None'
    roleDefinitionIds: []
  }
}

The above code example makes use of some variables which I add to a .bicepparameters file which would look like this:-

using './deployPolicyMg.bicep'

param deployAllowedLocations = true
param deployIso27001Policy = true
param deployAzureSecurityBenchmark = true


Lets take a look at some example Azure Policies you may want to add to a subscription. In this example I would add them to a file called deployPolicySub.bicep
targetScope = 'subscription'

@description('Assign Policies to Subscription - Require an Owner tag on resource groups')
module assignReguireRgOwnerTagPolicy 'policyAssignmentSub.bicep' =  if (tagAtSubscriptionLevel && ownerTagResourceGroupsPolicy) {
  name: 'reguireRgOwnerTagPolicy'
  params: {
    name: 'Require an Owner tag on resource groups'
    displayName: 'Require an Owner tag on resource groups'
    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025'
    location: primaryLocation
    identity: 'None'
    parameters:{
      tagName: {
        value: ownerTagName
    }
  }
}
}

@description('Assign Policies to Subscription - Require a DeployedBy tag on resource groups')
module assignReguireRgDeployedByTagPolicy 'policyAssignmentSub.bicep' =  if (tagAtSubscriptionLevel && deployedByTagResourceGroupsPolicy) {
  name: 'reguireRgDeployedByTagPolicy'
  params: {
    name: 'Require a DeployedBy tag on resource groups'
    displayName: 'Require a DeployedBy tag on resource groups'
    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025'
    location: primaryLocation
    identity: 'None'
    parameters:{
      tagName: {
        value: deployByTagName
    }
  }
}
}

The code above is an example of how you could add Azure Policies into a subscription.

The above code example makes use of some variables which I add to a .bicepparameters file which would look like this:-

using './deployPolicySub.bicep'

param tagAtSubscriptionLevel = true
param ownerTagResourceGroupsPolicy = true
param deployedByTagResourceGroupsPolicy = true

Conclusion

By leveraging Azure Bicep and Azure Verified Modules, you can automate and standardize Azure Policy deployment efficiently. Start using AVM today to maintain governance and compliance effortlessly!



Festive Tech Calendar 2024 YouTube Videos

This year’s Festive Tech Calendar videos are available on YouTube with the link to the playlist.

A huge THANK YOU to everyone who took part, has watched the videos and learned and especially those who also donated to this years charity – thanks from all of us at the Festive Tech Calendar team!

Day 1

Day 2

Day 3

Day 4

Day 5

Day 6

Day 7

Day 8

Day 9

Day 10

Day 11

Day 13

Day 14

Day 15

Day 16

Day 17

Day 18

Day 19

Day 20

Day 21

Day 22

Day 23

Day 25

Day 26

Day 27

Day 28

Day 29

Day 30

Day 31

This year’s Festive Tech Calendar videos are available on YouTube with the link to the playlist.



Get TenantId for any Azure Subscription

How I Used GitHub Copilot to Write a PowerShell GUI for Azure Tenant ID Lookup

When tasked with creating a PowerShell GUI to retrieve the Azure Tenant ID for any subscription, I decided to rely entirely on GitHub Copilot. Hereโ€™s how I did itโ€”without manually writing a single line of code myself. (repo -> https://github.com/gsuttie/getTenantIdFromAzureSubscriptionId)

Setting Up

  1. Open Visual Studio Code: My preferred development environment. I enabled GitHub Copilot for code suggestions.
  2. Define Goals:
    • A user-friendly GUI for inputting an Azure Subscription ID.
    • Backend logic to retrieve the Tenant ID using Azure PowerShell.
    • Automatically generate inline documentation and a comprehensive README file.

Prompting GitHub Copilot

  • I started by creating a new PowerShell file and inputting the following prompt for Copilot:Create a PowerShell script for a GUI that accepts an Azure Subscription ID, retrieves the Tenant ID using `Get-AzSubscription`, and displays it. Include inline comments and generate a README.
  • I then tweeked the prompt a few times and the end result can be found in the following GitHub repo

Documentation and README

I added another comment to the script:

Generate a README file explaining the purpose of this script, its usage, prerequisites, and examples.

Copilot produced a structured README covering:

  • Purpose: Explaining the scriptโ€™s function.
  • Usage: Step-by-step instructions on running the script.
  • Prerequisites: Details about Azure PowerShell modules and authentication requirements.
  • Example: A sample input and output demonstration.

Testing and Tweaking

I tested the script on a sample Azure environment. While functional, the GUI layout needed minor adjustments. I prompted Copilot with:

Improve the alignment and spacing of GUI elements.

This fine-tuned the interface, making it visually cleaner.

Final Output

With GitHub Copilot, I:

  • Built a functional PowerShell GUI to retrieve Azure Tenant IDs.
  • Included inline comments and documentation.
  • Generated a detailed README without writing any code manually.

Summary

GitHub Copilot significantly accelerated the development process. While it handled 95% of the work, reviewing and testing were key to ensuring functionality and usability. This approach is ideal for tasks where speed and automation are priorities.


Tags:


Bicep snippets using Azure Verified Modules

This blog is about listing the posts I have that demo using Bicep with code snippets for various different scenarios.

The list of snippets below makes use of the Azure Verified Modules GitHub repo from Microsoft.



Festive Tech Calendar 2024 – Beatson Cancer Charity

The call for speakers is open for this years Festive Tech Calendar, we are off to a slow start and we need your help with submitting session(s). Please also spread the word as the call for speakers closes at the end of the month.

The main reason for this post is to inform you about our chosen charity this year which is the Beatson Cancer Charity – we are trying to earn ยฃ2500 for this amazing charity which is based in Glasgow, Scotland near where I live.


Their Mission

Beatson Cancer Charity supports people affected by cancer, every step of the way. We make the journey easier by transforming the way cancer care is funded and delivered. We provide services, as well as funding specialists, research and education to invest in a better future for cancer patients and their families.

From the hospital wards, right to the heart of the communities that The Beatson West of Scotland Cancer Centre serves, we believe everyone should experience cancer with care, with love and with hope. We are with our patients and their families for every step of the journey.

By working within NHS environments, Beatson Cancer Charity is ideally placed to understand the needs of patients and staff. We respond by providing services and funding that enhance and strengthen NHS care and enable patients and their families to be helped swiftly and compassionately. At the same time our independence as a charity allows us to develop and extend our services further into the heart of Scottish communities to support more people with cancer before, during and after treatment.

Amongst patients and the wider community, we are best known for our award-winning Wellbeing Centre and specialist support at The Beatson West of Scotland Cancer Centre and across hospitals in five health boards. While clinical and research professionals recognise us for our ongoing commitment to more effective cancer services, funding additional specialist staff and supporting cutting-edge cancer research and education.

All our work is made possible by our supporters. It is their generosity which allows Beatson Cancer Charity to deliver an innovative and patient-focused approach to cancer care and change the lives of those affected by the disease every day.

If you have any spare cash, even a very little goes a long way then please donate to our just giving page at the link below.

https://www.justgiving.com/page/festive-tech-calendar-2024

Thank you for taking the time to read this and I will update this blog post as we get more donations.



Azure Advisor workbook hidden gems

This blog post is my entry into this years AzureBackToSchool community event organized and ran by Dwayne Natwick https://x.com/DwayneNcloud

In this blog post I wanted to cover what I consider to be some hiden gem Azure WorkBooks within Azure Advisor.

The 3 main workbooks I wanted to bring to your attention are as follows:-

  • Reliability
  • Service Retirement
  • Cost Optimization

The 3 Workbooks I will refer to can be found within the Azure Portal, search for Advisor and then click on Workbooks on the left hand menu and you can see them as below:-

Lets take them in turn

Reliability Workbook


Service Retirement Workbook

This workbook is awesome for finding any resources with your Azure Environment that are due to retire or have alredy retired.

Now not all services are listed here but the teams at Microsoft are working on adding more all of the time.

The workbooks like the following: –

In the screenshot above we can see that the list of services and their due retirement date, luckily I have zero resources within my subscription(s) which had anyting due to retire, you can see this where it says None with a green tick, but if I did then I would be able to see how many resources are due to expire or that have already expired.

I get lots of emails at work telling me that service X is about to retire and I always wondered how do we manage this and the answer is to use this workbook to locate the resources which are due for retiring.

If the service in question doesnt exist within this workbook then you have a couple of options, you can either write a KQL query with Azure Resource Graph or figure out how to do similar using PowerShell. A simple ChatGPT prompt can help with this if required.

Summary

If you want to find resources that have or are about to expire then start with this workbook and then go from there.


Cost Optimization WorkBook

If you would like recommendations and detailed information regarding how to save money and not sure how to do this using Cost Analysis then this workbook is a gem.

The workbook itself looks like this:-

In the screenshot abve I have selected the Usage Optimization tab (highlighted in red) and here I can check lots of things including:-

Compute

  • Virtual Machines in a stopped state
  • Advisor Recommendations

Storage

  • Am I using any v1 Storage accounts
  • Are there any unattached Managed Disks
  • Are there any Premium disks attached to powered off virtual machines
  • Are there any Old Managed Disks snapshots
  • Are there any Orphaned Managed Disks snapshots
  • Are there any idle backups
  • Advisor Recommendations

Networking

  • Avoid multiple Firewall instances in the same region
  • Recommendations for Application Gateways
  • Recommendations for Load Balancers
  • Unattached Public IPs
  • Recommendations for Virtual Network Gateways
  • Recommendations for NAT Gateways
  • Recommendations for Express Route
  • Recommendations for Private DNS
  • Advisor Recommendations

Databases

  • Recommendations for CosmosDB, SQL DB and SQL Elastic Pool

Sustainability

  • Carbon Optimization recommendations

Summary

I think you might find the Cost Optimization WorkBook awesome and it more than likely will save you money in some way(s).