It has been a couple of month ago, Microsoft announced that it is possible to set tags on subscriptions. This makes totally sense and was a long awaited feature. Good practice is to use Azure Policy to set tags on resources, but there are cases where it is not possible to use Azure Policy. Well, technically it would be possible but it would end up in a policy mess, because you would need a dedicated policy object and assignment for each individual subscription and tagging. A couple of examples are: Setting an individual application id/name if you structure your subscriptions like “one subscr ..read more

Recently I have been working quite a bit with Azure Functions and C#. Therefore it is time to post some interesting code – at least in my opinion. One problem I wanted to solve was to list all subscriptions within your tenant having tag information and if possible the solution should be easy to extend. Well there are probably tons of ways how you could do it, but are those also performing well? Let’s talk about doing it using C# and leaving PowerShell, Azure CLI & Co. on the side. I think there are more or less three ways how you could achieve this: REST call against ARM API Using Azure ..read more

There are a host of trends impacting the cloud market at the moment, and understanding them will give you a better idea not only about industry growth and spending going forwards, but also about how it is necessary to remove the barriers that are still preventing some organizations from adopting. [Image Source: Pixabay] Performance optimization is key to migration It is not just the raw cost of cloud platforms that is central to convincing skeptics that they should shift apps and services away from in-house infrastructures, but also the promise of improved performance that such a move can bri ..read more

If you move your workloads to production or even preproduction it is highly recommended to protect them not only against data loss but also from accidential deletion. One feature in Azure which can help are Resource Locks. Depending how you configure the lock, you cannot delete the resource, but still read and modify (CanNotDelete lock) or just lock the resource so, that everybody just can read the resource (ReadOnly lock). In my opinion to follow good governance, it is a feature everyone should use. Speaking about Azure governance – one thing that comes to mind is the Azure Policy service to ..read more

Azure Policy is an awesome service for several things in Azure like… Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest. For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this p ..read more

One common problem we all share when it comes to working with Azure is cost and “garbage”. Those two relate in proportion to each other, meaning the more “garbage” you own in Azure, the more you have to pay. Simple? Yes indeed. What do I mean in terms of “garbage”? Ok, I will ask you another question, do you have a good lifecycle in place for your resources? No? Exactly, this is the problem. The cloud, especially Azure, is an awesome platform to spin up resources, to build services and let them run forever. As easy it is in Azure to create resources, as hard it is to delete them. Although the ..read more

In my last post I showed you how to configure Kubernetes to configure Azure Monitor scraping to collect Prometheus metrics from a GO application. This time I would like to show you how to present this data properly in a nice dashboard. Luckily Microsoft has just released an awesome looking Grafana template… …which we will use to configure the necessary Azure Log Analytics plugin, import the dashboard and finally configure Azure AD integration automatically. Sounds good? Before we can start we need an AKS cluster, configure NGINX and cert-manager to publish Grafana outside the cluster. This s ..read more

Kubernetes is a proven and booming technology on Azure and so it is no surprise, that we need to monitor the Kubernetes infrastructure layer as well as the applications running on top of Kubernetes. A while ago Microsoft released Azure Monitor for containers, which gives you a good health and performance status of your Azure Kubernetes Service (AKS). Like node status… …and most important performance counters and much more… If you haven’t seen this solution I highly recommend to play with it. When deploying an AKS cluster you need to make sure that you enable the monitoring switch. That’s it ..read more

Have you ever tried to figure out the creation date of a resource group in Azure? As easy it may sound as difficult it is. I needed a timestamp, because I wanted to do some automation. So first I expected to see a timestamp in Azure Resource Graph. Well, this did not work and a feature request is open. The second source to get the creation date of a resource group (or any other resource) would be the Azure Activity Log. The problem there is, that gazillion of events are logged and it is troublesome to filter to the right creation event. Another approach could be, to send all Activity Logs to ..read more

Recently I had a requirement to automatically configure Activity Logs from multiple subscriptions to send their logs to a Log Analytics workspace. I am talking about this setting here… There are many ways how to achieve this goal. If you are into PowerShell you could use this cmdlet New-AzureRMOperationalInsightsAzureActivityLogDataSource  (I like the name ), this would work perfectly. Another way could be to use the REST API to create or update the Log Analytics data sources. In my case I had the needed for an ARM template which I could pass a collection of subscription ids to it and then i ..read more