Azure Building Blocks – The Forgotten IaC Tool

Whilst researching Infrastructure as Code alternatives to Azure Resource Manager templates I stumbled across the Azure Building Blocks (AZBB) tool. It’s not widely adopted and you’ll see why later on this in blog.

Because I’m not keen on authoring large JSON files (aka ARM templates) for IaC I’m going to put Azure Building Blocks to the test with a simple Hub & Spoke VNET deployment. Later on I’ll also demonstrate the same deployment using an AzureCLI script – my current preferred alternative to ARM Templates – so you’ll see the differences.… [Keep reading] “Azure Building Blocks – The Forgotten IaC Tool”


My experience at Microsoft Containers OpenHack featuring Kubernetes challenges

Azure consultants are constantly looking to expand our scope of expertise and aligning to this I’ve recently attended a Microsoft Containers OpenHack in Sydney. This event was a huge success for me and a rapid introduction to Kubernetes (K8s) and Azure Kubernetes Service (AKS) through a series of challenges over 3 days.

OpenHack Logo

Microsoft OpenHack is a developer-focused engagement where a wide variety of participants (Open) learn through hands-on experimentation (Hack) using challenges based on real-world customer scenarios designed to mimic the developer journey – Source: Microsoft

My experience at OpenHack

About 80 attendees were split up between the 20 tables in the room.… [Keep reading] “My experience at Microsoft Containers OpenHack featuring Kubernetes challenges”

Auditing Azure AD Registered Applications

Azure AD Registered Applications are the Azure AD version of Active Directory Service Accounts. Over time, the number of them grow and grow, each having permissions to consume information from Azure AD and or Microsoft Graph. As an Administrator of Azure AD there is maintenance associated with these Registered Applications, namely credential validity and more important application validity.

Credential expiration associated with Azure AD Registered Applications is quickly visible via the Azure Portal. We can quickly see Current, Expired and Expiring Soon credentials as shown in the screenshot below.… [Keep reading] “Auditing Azure AD Registered Applications”

Your 2020 Study Guide to Azure DevOps Solutions (AZ-400)

With Microsoft announcing sweeping changes to a few Azure exams later in March 2020 the time is ripe to blog about an exam I’ve had my eye on for a while: Azure DevOps Solutions (AZ-400). This is an advanced exam that targets professionals familiar with Azure administration and Azure development. I can see this exam providing value to engineers, consultants, and architects who are driving for increased adoption of Agile practices and Infrastructure as Code.

After doing a few of these exams over the years you’ll find a rhythm that works for you.… [Keep reading] “Your 2020 Study Guide to Azure DevOps Solutions (AZ-400)”

ChatOps for Azure Active Directory

Last year I wrote Lithnet Microsoft Identity Manager plug-ins for PoshBot. After publishing those I developed the majority of a PoshBot plugin to enable ChatOps for Azure Active Directory. Finally with a little more bandwidth at the start of 2020 I’ve been able to put the finishing touches on the module and release it. ChatOps for Azure Active Directory using PoshBot is available from the PowerShell Gallery here and the source in GitHub here.… [Keep reading] “ChatOps for Azure Active Directory”

Sending and Querying Custom Log Data to Azure Monitor Logs

Recently for a customer engagement we had the requirement to take log data from a 3rd party application and ingest it into Azure Log Analytics to make the data available in Azure Monitor. Sending Custom Log Data to Azure Monitor Logs is currently in Public Preview. This Microsoft article provides an overview of the capability.

In addition to the standard tiers of an application, you may need to monitor other resources that have telemetry that can’t be collected with the other data sources.[Keep reading] “Sending and Querying Custom Log Data to Azure Monitor Logs”

0.09 ms latency using Azure Proximity Placement Groups

Reducing network latency for critical apps running on Azure IaaS has become easier since Microsoft’s announcement of General Availability for Proximity Placement Groups (PPG) on Dec 2019.

Today I’ll give you a quick intro to Proximity Placement Groups demonstrating how to deploy a test environment into your Azure Subscription using one of my favourite tools AzureCLI. I’ll also test network latency with a PPG and without to show you the difference.

If you’re undecided about using AzureCLI or ARM templates for your Azure deployments have a look @ Pascal Naber’s post

[Keep reading] “0.09 ms latency using Azure Proximity Placement Groups”

Zero-Touch BitLocker with PowerShell

The majority of IT engineers and architects traverse various forms of security on a daily basis ranging from our complex alphanumeric corporate logon passwords to the increasingly common MFA prompts on our mobiles. You could say that we have become experts in navigating modern security measures required to stay protected. But perhaps you’re not familiar in planning and rolling out that same security, at scale, to your organisation’s Windows laptops in the form of disk encryption.[Keep reading] “Zero-Touch BitLocker with PowerShell”

x.509 Details – A PowerShell Module for decoding x.509 Certificates with time to certificate expiry

I’ve just published my X509Details PowerShell Module to the PowerShell Gallery. The x.509 Details PowerShell Module contains the Get-X509Details cmdlet that decodes a base64 encoded PEM/CER format x.509 Certificate and converts it to a PowerShell Object. But wait, there’s more. The reason I created the x.509 Details PowerShell Module is because through automation I need to know what is the ‘Expiry Date’ for a certificate. The returned PowerShell Object from my Get-X509Details cmdlet in the X509Details Module also includes the expiry date-time in PowerShell DateTime format as ‘timeToExpiry‘.… [Keep reading] “x.509 Details – A PowerShell Module for decoding x.509 Certificates with time to certificate expiry”

Azure Backup PowerShell removal of backup protection of a Azure VM

Originally posted on Lucian.Blog. Follow Lucian on Twitter: @LucianFrango.

I’ve been looking at Azure Backup and migrating some Windows VM’s from one Recovery Services Vault to another. This is mainly because I’ve taken a look at some production deployed VM’s and found they were aligned to the reference architecture Disaster Recovery and Backup policies. Long story short, 6 VM’s needed to be moved to maintain consistency.

Things get interesting in that my previous level of access at a customer has changed and I’m time poor, so I thought I’d use PowerShell to achieve this faster.… [Keep reading] “Azure Backup PowerShell removal of backup protection of a Azure VM”