Stikkord: azure
-
Azure Virtual WAN: Personal Experiences and Key Considerations
Are you intrigued by Azure Virtual WAN? If so, continue reading. I’ve been working with this technology for several months and I’m eager to share my firsthand experiences from multiple implementations. However, before you delve deeper, please note that this article will not delve into the intricate details of how routing works internally within Azure…
-
Navigating the Challenges of Policy as Code in Azure: Part 2
Previously, I have written about some challenges around policy as code. You can find the previous blog here. There I discuss some problems I see with policy as code in general. Now I’m going to delve a little deeper into the problem and look even more at what Microsoft gives us and what we might…
-
How to get custom condition as IaC for the role Role Based Access Control Administrator
TL;DR The new Azure Role, “Role Based Access Control Administrator,” allows for granular control over role assignments. This blog post details the creation of a Terraform module to implement this functionality. The process involves understanding the functionality via the Azure portal, writing the code, and dealing with unsupported functions in the azurerm provider from Terraform…
-
Analyzing User Privileges in Azure based on activity
Maintaining control over users with directory roles is a challenge in itself. However, a more informed approach involves examining their usage based on activity logs. This provides a comprehensive view of how these roles are being utilized by the respective users. Executing this script offers an overview of the users and their activities over the…
-
Enabling Virtual Network Encryption
Short blog that goes through how to enable virtual network encryption.
-
Navigating the Challenges of Policy as Code in Azure
The text is about the my experience with Policy as Code in Azure, which is a way of using policies to create and enforce rules for resources. I try to discusses some of the challenges and scenarios that arise after deploying policies, such as deny policies, audit policies, and deploy if not exists policies. Pointing…
-
Get started with PowerShell 7.2 in Azure Automation Account
Microsoft just release the support for Powershell 7.2 in Azure Automation Account. For one that have been using runbook for a long time this was a great upgrade. There are a lot of work left before it is an pleasant experience. So, I have created this blog to explain a few workarounds for the problems…
-
Demystifying Azure Policies: The Role of the DenyAction Effect
TL;DR The new DenyAction effect in Azure Policy provides a robust mechanism to prevent accidental deletion of critical resources and enforce compliance. It offers a more granular control compared to resource locks, allowing specific actions to be blocked. This blog post explores the use of DenyAction effect and provides an example of its implementation. Introduction Azure Policy’s effectiveness largely…
-
Automating DNS Integration with PaaS Services in Azure
Introduction Working with DNS in a cloud environment can be challenging, especially when integrating Platform as a Service (PaaS) services, such as Azure Storage or Azure SQL Database, into the network. In this article, we will explore how Azure Policy can help automate and streamline this process. The Problem For many enterprises, using PaaS services…
-
Azure Landing Zones: Enhancing Security and Simplifying Resource Management with Access Packages
What is Access Packages? Access packages are a powerful feature of Microsoft Entra ID that can help organizations manage identity and access lifecycle at scale. Access packages must be in a container called a catalog, which defines what resources you can add to your access package. If you don’t specify a catalog, your access package…
-
Azure Firewall as DNS Proxy with the new Azure DNS Resolver
Introduction Since I’m one of those that is «born in the cloud» I have not been working very much with DNS until now. DNS has always been a black box, but now with the new Azure DNS Revolver I though is was about time to take a deep dive into this and see how this…
-
Tips and tricks when using the ALZ terraform module
I have been playing around with the terraform module from Microsoft for the Azure Landing Zone (ALZ) for some time now. It is one of the technical implementation option for the ALZ under the CAF framework. While the module offers commendable features, its utilization and reverse engineering process can be intricate at time. I have…