Introduction This is the 3rd time I’m talking about the topic of monitoring Azure Policy compliance states using Azure Monitor. Previously in 2021, I have created a custom solution using an Azure Function app to ingest policy compliance data into Log Analytics. You can find the blog post here Monitoring Azure Policy Compliance States - 2021 Edition. Over the last few years, I have spoken to the Azure governance product group numerous times on the topic of allowing people to query Azure Resource Graph (ARG) within Azure Monitor. Monitoring policy compliance state is a perfect use case for this ..read more

Introduction Being an DevOps consultant for Azure, most of the large enterprise customers I have worked with are using Azure DevOps (either the cloud version or the on-premises ADO servers). For every project that I’m part of, the Self-Hosted agents have always been a pre-requisites that we request customers to provision before the start of our engagements. The project team would provide customers the requirements for the agents, such as Operating System type and version, list of required software, list of URLs need to be whitelisted on their Firewalls, etc.. Then in the ideal world the custom ..read more

Over the last few months, I teamed up with my good friend Jorge Arteiro (@JorgeArteiro) and Ahmad Abdalla(@ahmadkabdalla) from Microsoft Australia and recorded a 2-part video series for Microsoft’s open source project Common Azure Resource Modules Library https://aka.ms/carml. CARML is a collection of fully tested and verified Azure Bicep modules that can be used to deploy Azure resources. In part 1 we have given an introduction for CARML, what does it offer. In Part 2, we have dived deeper and demonstrated how we can use CARML modules to deploy Azure resources or further develop more refined ..read more

In Azure ARM / Bicep templates, there is a function called guid() which allows you to generate a unique GUID. You can use this function as many times as you want, as long as the input strings are the same, the output GUID will always be the same. I use the guid() function a lot when working on Bicep code, however, few weeks ago I needed to generate unique GUIDs within a PowerShell script. I couldn’t find any existing code examples, so I came up with my own: Function GenerateGuid { [CmdletBinding()] param ( [parameter(Mandatory = $true)] [string[]]$inputStrings ) $enc = [syste ..read more

It’s been so long since we had the last Experts Live event in Australia. The last Experts Live event I have attended was in March 2019 in Austin, USA. My good friend Daniel Mar was in the process of organising Experts Live Asia and Experts Live Australia for 2020, but unfortunately, due to COVID-19 pandemic, both events were cancelled. I am very excited to announce that Experts Live Australia is back in 2023! The event will be held in Microsoft Sydney Office on 19th-20th 2023. This time, we are getting much needed support from Microsoft, and actually, most of the members in the organising com ..read more

Few weeks ago, a colleague made me aware of an issue with the Bicep Template I have developed which creates an Azure Data Factory (ADF). After the ADF was created, people started using it and decided to created few Global Parameters in ADF. However those parameters would somehow be deleted after a while. After some investigation, it turned out because those Global parameters are not defined in the Bicep template, when the IaC pipeline runs again after the Global Parameters were created, the Resource Provider would delete the Global Parameters. At that time, my Azure Bicep template did not eve ..read more

I needed to create Azure Purview with a Self-Hosted Integration Runtime (SHIR) as part of a Infrastructure as Code (IaC) pipeline. Having previously created Azure Data Factory (ADF) with SHIR and I was told by our data engineers the creation process is pretty much the same, I thought it would be fairly easy, just an Integration Runtime resource in my Bicep template. But it turned out although the portal experience is almost identical to ADF, unlike ADF, Purview Integration Runtimes (IR) is not a resource type in Azure Resource Manager. In the Azure REST API documentation, it is under a categor ..read more

Introduction [PSDocs] (https://github.com/microsoft/PSDocs) is a tool developed by Microsoft’s Bernie White, who is also the creator of my favourite tool PSRules. PSDocs is a PowerShell module that you can use to generate README.md files for your Azure Resource Manager (ARM) templates. I have used it in several projects, to make sure all my bicep templates and modules are documented. I have created a script that use PSDocs to generate README files for any bicep files, all you need is a metadata.json file in the same folder as your bicep file. The script will generate a README.md file for the b ..read more

When checking the Policy Compliance status on Azure Portal, if you click on an policy assignment for a Initiative, you may have noticed some of the policy initiatives have grouped individual policies based on the security control so it provided you an aggregated view on which security control is compliant or not compliant. i.e. the screenshot below is the compliance status for the Azure Security Benchmark initiative, which has grouped the individual policies based on the security requirements: When defining Azure Policy Initiative definitions, you have the ability to map individual member pol ..read more

Azure Private Link allows you to access Azure PaaS services over a private endpoint in in your virtual network. To make your Azure PaaS resources accessible via Private links, you will need to: Create one or more private endpoints for the Azure resource Create a DNS record for the private endpoint on the specific Azure Private DNS Zone for the particular Private Link service If you are operating within a Azure Enterprise Scale Landing Zone architecture, you may face the challenge of creating the DNS records for the private endpoints due to the limitation in security permissions. For example ..read more