Azure Blueprints helps you deploy and update cloud environments in a repeatable manner using composable artifacts such as Azure Resource Manager templates to provision resources, role-based access controls, and policies.
On-board services quickly, drive compliance against internal and external policies, and unlock developer agility with Azure's built-in governance services. Azure Policy will help you govern your Azure resources with simplicity, enforce policies and audit compliance, and monitor compliance continuously. Join Joseph Chan, principal group PM, who is behind all things Azure Policy.
Azure Role Based Access Control with an use case and explanation about various concepts like Global Administrators, Role Assignments, Account Administrators, Azure Roles, Custom Roles for both Azure AD and Azure Subscriptions
A description of Azure Key Vault. Why do we need Azure Key Vault where does it fit in a solution. The details of storing keys, secrets and certificate inside of key vault. Using key vault for encryption and decryption of data
This is the Lesson 4 of the "Azure Governance - Free training" serie.
This document presents Azure Policy in-depth and lists all key items you should now when designing your Azure Policy Model.
Finally, the document describes all methods/tools (GUI & CLI) you can use to create, manage and assign Policy (Definition and Initiative Definition) to your Azure environment.
Creating and using a Custom Policies is also detailed on this document.
On-board services quickly, drive compliance against internal and external policies, and unlock developer agility with Azure's built-in governance services. Azure Policy will help you govern your Azure resources with simplicity, enforce policies and audit compliance, and monitor compliance continuously. Join Joseph Chan, principal group PM, who is behind all things Azure Policy.
Azure Role Based Access Control with an use case and explanation about various concepts like Global Administrators, Role Assignments, Account Administrators, Azure Roles, Custom Roles for both Azure AD and Azure Subscriptions
A description of Azure Key Vault. Why do we need Azure Key Vault where does it fit in a solution. The details of storing keys, secrets and certificate inside of key vault. Using key vault for encryption and decryption of data
This is the Lesson 4 of the "Azure Governance - Free training" serie.
This document presents Azure Policy in-depth and lists all key items you should now when designing your Azure Policy Model.
Finally, the document describes all methods/tools (GUI & CLI) you can use to create, manage and assign Policy (Definition and Initiative Definition) to your Azure environment.
Creating and using a Custom Policies is also detailed on this document.
This is based on the following publications:
Azure Strategy and Implementation Guide by Joachim Hafner, Simon Schwingel, Tyler Ayers, and Rolf Masuch. Introduction by Britt Johnston.
With reference to Enterprise Cloud Strategy, 2nd Edition by Eduardo Kassner and Barry Briggs.
All Links to resources are at the end of the presentation.
Building an Enterprise-Grade Azure Governance ModelKarl Ots
As presented at the CloudBrew 2019 conference in 13.12.2019.
When proper governance model is followed, your Azure application development teams are operating in a secure and compliant Azure environment during design, development and operations. In this "lessons learned" type of session, Karl will will share practical tips on how to build a comprehensive Azure governance model, based on real-life experiences from working with multi-billion dollar corporations.
After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. You will also have an overview of the technical fundamentals of a comprehensive Azure Governance.
Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources.
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
Migrate an Existing Application to Microsoft AzureChris Dufour
First we will talk about what Microsoft Azure is and why you would want to use Microsoft’s cloud services.
Then we will take an existing on premise line of business (LOB) application with a SQL Server backend and walk through the process of moving the site to Microsoft Azure.
Use App Configuration to store all the settings for your application and secure their accesses in one place.
Centralize management and distribution of hierarchical configuration data for different environments and geographies
Dynamically change application settings without the need to redeploy or restart an application
At the core its a key-value store
Supports history
Great fit for Event-driven microservices architecture
Control feature availability in real-time
Cloud Native Implementation of the “External configuration store” pattern
https://www.meetup.com/Stockholm-Azure-Meetup/events/265524268/
Protect your business with a universal identity platform
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Gartner named Microsoft a leader in Magic Quadrant 2020 for Access Management
Single sign-on simplifies access to your apps from anywhere
Conditional Access and multi-factor authentication help protect and govern access
A single identity platform lets you engage with internal and external users more securely
Developer tools make it easy to integrate identity into your apps and services
Connect your workforce
Whether people are on-site or remote, give them seamless access to all their apps so they can stay productive from anywhere. Automate workflows for user lifecycle and provisioning. Save time and resources with self-service management.
Choose from thousands of SaaS apps
Simplify single sign-on. Azure AD supports thousands of pre-integrated software as a service (SaaS) applications.
Protect and govern access
Safeguard user credentials by enforcing strong authentication and conditional access policies. Efficiently manage your identities by ensuring that the right people have the right access to the right resources.
Engage with your customers and partners
Secure and manage customers and partners beyond your organizational boundaries, with one identity solution. Customize user journeys and simplify authentication with social identity and more.
Integrate identity into your apps
Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning. Reduce sign-in friction and automate the creation, removal, and maintenance of user accounts.
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
At our OC DevOps Meetup, we invited Rami Al-Ghami, a Sr. Software engineer at Workday to deliver a presentation on a Hands-On Terraform Best Concepts and Best Practices.
The software lifecycle does not end when the developer packages their code and makes it ready for deployment. The delivery of this code is an integral part of shipping a product. Infrastructure orchestration and resource configuration should follow a similar lifecycle (and process) to that of the software delivered on it. In this talk, Rami will discuss how to use Terraform to automate your infrastructure and software delivery.
This document helps you designing your Azure Naming Convention model.
It includes :
> Naming standards rules and restrictions
> Azure Naming Convention Best Practices
> All informations you should you know to successfully create your Azure naming convention model.
This is the Part 1 of the Azure Active Directory Topic. In this session I introduce the Azure AD and talk about what it is, how it differentiates with on-premises Active Directory Domain Services (AD DS). Further, in this session I provide demos on how to create Azure AD Users from the Azure Portal, associate Custom domains with the Azure AD tenant and the Azure AD PowerShell module. As a bonus, I also talk about and demo how to create additional Azure AD directory within the subscription.
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
** Microsoft Azure Certification Training: https://www.edureka.co/microsoft-azure-training**
This Edureka "Azure Active Directory” tutorial will give you a thorough and insightful overview of Microsoft Azure Active Directory and help you understand other related terms like Tenants, Domain services etc. Following are the offerings of this tutorial:
1. What is Azure Active Directory?
2. Azure AD vs Windows AD
3. Azure AD Audience
4. Azure AD Editions
5. Azure AD Tenants
6. Demo-Creating and using Active Directory
Check out our Playlists: https://goo.gl/A1CJjM
The Microsoft Well Architected Framework For Data AnalyticsStephanie Locke
With more than a decade of organizations running large data & analytics workloads in the cloud, Microsoft have extended their architecture framework to provide best practices and guidance for businesses. In this session, we’ll introduce the 'Well Architected Framework', go into detail about effective data architectures, and give you concrete next steps you can take whether you already have a cloud data architecture or are planning your first implementation.
Azure Certification course slide sharing taught by Apponix Academy where people can join who are interested.So, wanna become pro then join fast ,get certified and grab the opportunities.All the best!
This is based on the following publications:
Azure Strategy and Implementation Guide by Joachim Hafner, Simon Schwingel, Tyler Ayers, and Rolf Masuch. Introduction by Britt Johnston.
With reference to Enterprise Cloud Strategy, 2nd Edition by Eduardo Kassner and Barry Briggs.
All Links to resources are at the end of the presentation.
Building an Enterprise-Grade Azure Governance ModelKarl Ots
As presented at the CloudBrew 2019 conference in 13.12.2019.
When proper governance model is followed, your Azure application development teams are operating in a secure and compliant Azure environment during design, development and operations. In this "lessons learned" type of session, Karl will will share practical tips on how to build a comprehensive Azure governance model, based on real-life experiences from working with multi-billion dollar corporations.
After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. You will also have an overview of the technical fundamentals of a comprehensive Azure Governance.
Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources.
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
Migrate an Existing Application to Microsoft AzureChris Dufour
First we will talk about what Microsoft Azure is and why you would want to use Microsoft’s cloud services.
Then we will take an existing on premise line of business (LOB) application with a SQL Server backend and walk through the process of moving the site to Microsoft Azure.
Use App Configuration to store all the settings for your application and secure their accesses in one place.
Centralize management and distribution of hierarchical configuration data for different environments and geographies
Dynamically change application settings without the need to redeploy or restart an application
At the core its a key-value store
Supports history
Great fit for Event-driven microservices architecture
Control feature availability in real-time
Cloud Native Implementation of the “External configuration store” pattern
https://www.meetup.com/Stockholm-Azure-Meetup/events/265524268/
Protect your business with a universal identity platform
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Gartner named Microsoft a leader in Magic Quadrant 2020 for Access Management
Single sign-on simplifies access to your apps from anywhere
Conditional Access and multi-factor authentication help protect and govern access
A single identity platform lets you engage with internal and external users more securely
Developer tools make it easy to integrate identity into your apps and services
Connect your workforce
Whether people are on-site or remote, give them seamless access to all their apps so they can stay productive from anywhere. Automate workflows for user lifecycle and provisioning. Save time and resources with self-service management.
Choose from thousands of SaaS apps
Simplify single sign-on. Azure AD supports thousands of pre-integrated software as a service (SaaS) applications.
Protect and govern access
Safeguard user credentials by enforcing strong authentication and conditional access policies. Efficiently manage your identities by ensuring that the right people have the right access to the right resources.
Engage with your customers and partners
Secure and manage customers and partners beyond your organizational boundaries, with one identity solution. Customize user journeys and simplify authentication with social identity and more.
Integrate identity into your apps
Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning. Reduce sign-in friction and automate the creation, removal, and maintenance of user accounts.
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
At our OC DevOps Meetup, we invited Rami Al-Ghami, a Sr. Software engineer at Workday to deliver a presentation on a Hands-On Terraform Best Concepts and Best Practices.
The software lifecycle does not end when the developer packages their code and makes it ready for deployment. The delivery of this code is an integral part of shipping a product. Infrastructure orchestration and resource configuration should follow a similar lifecycle (and process) to that of the software delivered on it. In this talk, Rami will discuss how to use Terraform to automate your infrastructure and software delivery.
This document helps you designing your Azure Naming Convention model.
It includes :
> Naming standards rules and restrictions
> Azure Naming Convention Best Practices
> All informations you should you know to successfully create your Azure naming convention model.
This is the Part 1 of the Azure Active Directory Topic. In this session I introduce the Azure AD and talk about what it is, how it differentiates with on-premises Active Directory Domain Services (AD DS). Further, in this session I provide demos on how to create Azure AD Users from the Azure Portal, associate Custom domains with the Azure AD tenant and the Azure AD PowerShell module. As a bonus, I also talk about and demo how to create additional Azure AD directory within the subscription.
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
** Microsoft Azure Certification Training: https://www.edureka.co/microsoft-azure-training**
This Edureka "Azure Active Directory” tutorial will give you a thorough and insightful overview of Microsoft Azure Active Directory and help you understand other related terms like Tenants, Domain services etc. Following are the offerings of this tutorial:
1. What is Azure Active Directory?
2. Azure AD vs Windows AD
3. Azure AD Audience
4. Azure AD Editions
5. Azure AD Tenants
6. Demo-Creating and using Active Directory
Check out our Playlists: https://goo.gl/A1CJjM
The Microsoft Well Architected Framework For Data AnalyticsStephanie Locke
With more than a decade of organizations running large data & analytics workloads in the cloud, Microsoft have extended their architecture framework to provide best practices and guidance for businesses. In this session, we’ll introduce the 'Well Architected Framework', go into detail about effective data architectures, and give you concrete next steps you can take whether you already have a cloud data architecture or are planning your first implementation.
Azure Certification course slide sharing taught by Apponix Academy where people can join who are interested.So, wanna become pro then join fast ,get certified and grab the opportunities.All the best!
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxinfosec train
Microsoft Azure is the second-largest cloud computing platform in the world, and it is rapidly growing. A lot of organizations are migrating to the cloud and Azure is their first preference.
https://www.infosectrain.com/courses/microsoft-azure-architect-technologies-online-training-certification-course/
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInfosectrain3
Microsoft Azure is the second-largest cloud computing platform in the world, and it is rapidly growing. A lot of organizations are migrating to the cloud and Azure is their first preference. Therefore the demand for candidates understanding the Azure architecture is increasing.
The session will be end-to-end overview of Microsoft Planner functionality and features. Even if attendees didn't have any opportunity to work with Planner prior to this session, it is not an issue. After this session, attendees will know how to create Plans, work with Tasks and Buckets, and to manage collaborative projects for their teams with ease.
Big Data Adavnced Analytics on Microsoft AzureMark Tabladillo
This presentation provides a survey of the advanced analytics strengths of Microsoft Azure from an enterprise perspective (with these organizations being the bulk of big data users) based on the Team Data Science Process. The talk also covers the range of analytics and advanced analytics solutions available for developers using data science and artificial intelligence from Microsoft Azure.
Lynda.com Learning Path - Advance Your Skills as an Azure IT AdministratorRobert Gabos
Lynda.com Learning Path - Advance Your Skills as an Azure IT Administrator - https://www.lynda.com/learning-paths/IT/advance-your-skills-as-an-azure-it-administrator
_Preparation Tips Microsoft Azure-400.pdfarjunnegi34
Preparing for the Microsoft Azure-400 exam? Here are some simple tips! Start by understanding Azure fundamentals thoroughly. Practice hands-on with Azure services and tools regularly. Utilize Microsoft's official study materials, including documentation, online courses, and practice tests. Join study groups or forums for discussions and clarifications. Focus on mastering key topics like Azure architecture, security, and governance. Finally, stay consistent with your studies and revise regularly to boost confidence before the exam. Good luck!
TechnoGeeks IT Institute, situated in Pune, emerges as a center of excellence, empowering individuals to master the art and science of Azure data engineering. As organizations increasingly rely on Azure for their data needs, the institute's comprehensive training programs position graduates as proficient Azure Data Engineers ready to make significant contributions to the evolving world of data-driven innovation.
Learn how Azure DevOps has empowered Horizons LIMS to streamline their collaboration and CI / CD process to accelerate their enterprise digital transformation. You will also hear about the latest Azure DevOps features and how to integrate DevOps with GetHub, Jenkins, and leverage transformation workloads like Kubernetes and Microsoft Common Data Service to deliver products and services faster.
Innovate with Sonata Azure Services Cloud-first approach is critical for digital journey. Businesses are confronting issues when they migrate to the cloud, and there is ambiguity over vision, scalability, security, and governance. Sonata, through its innovative models, new growth engines, digital processes, and products helps clients to Envision, Engineer and Evolve their digital journey.
You'll understand how hackers can attack resources hosted in the Azure and protect Azure infrastructure by identifying vulnerabilities, along with extending your pentesting tools and capabilities.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Azure Blueprints?
Just as a blueprint allows an engineer or an architect to sketch a project’s design parameters, Azure
Blueprints enables cloud architects and central information technology groups to define a
repeatable set of Azure resources that implements and adheres to an organization’s standards,
patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly
build and stand up new environments with trust they’re building within organizational compliance
with a set of built-in components—such as networking—to speed up development and delivery.
References:
https://docs. microsoft.com/en-us/azure/governance/blueprints/overview
At a high-level Azure Blueprints help you meet organizational cloud standards, patterns, and requirements through governed subscriptions enabled and enforced by the grouping of artifacts like ARM templates, Azure policies, RBAC role assignments, and resource groups within a Blueprint.
Blueprints can be used to lay a cloud foundation, as cloud patterns, and group cloud governance frameworks. Blueprints are a one-click solution for deploying a cloud foundation, pattern, or governance framework to an Azure subscription. Think of an Azure Blueprint as re-usable design parameters for cloud that can be shared and used across an enterprise.
Azure architects typically map out and plan the many aspects of a cloud foundation for an organization such as access management, networking, storage, policy, security/compliance, naming conventions, tagging, monitoring, backup, locations, and more. Now Azure architects can step this designing a step further build these designs as Azure Blueprints and then apply them to subscriptions. The Blueprints give architects a way to orchestrate the deployment of grouped components to speed up the development and provisioning of new Azure environments ensuring they are meeting organizational compliance.
A Blueprint consists of a Definition. The Definition is the design of “what should be deployed” it consists of the name of the Blueprint, the description and the Definition location. The Definition Location is the place in the Management Group hierarchy where this Blueprint Definition will be stored and determines the level assignment is allowed at. Currently you must have Contributor access to a Management Group to be able to save a Blueprint Definition to it. A Blueprint can be assigned at or below the Management Group it has set in its Definition Location.
The Definition is where Blueprint Artifacts are added. As of right now the following is a list of the Artifact types:
▪ Policy Assignments - Lets you add an Azure Policy. This can be a built-in or custom policy.
▪ Role Assignments - Lets you add a user, app, or group and set the role. Only built-in roles are currently supported.
▪ Azure Resource Manager templates - Lets you add an ARM Template. This does not let you import a parameters file. It does let you pre-set the parameters or set the parameters during assignment of the Blueprint.
▪ Resource Groups - Lets you add a Resource Group to be created as a part of this Blueprint. In my opinion the ARM Template artifact is the most impactful of the Blueprint artifact types because you can define such a variety of resources here. It opens the Blueprint to the power of ARM in general. Hopefully in the future we will see more scripting capability or the ability to load PowerShell scripts, runbooks, and or Functions.
In cloud environments consistency is key. Naturally Azure Blueprints can also leverage resource locking in Azure. Blueprints have a Locking Mode. This Locking Mode can be applied to None or All Resources and is determined during the assignment of the Blueprint. The decision on cannot be changed later. If a locking state needs to be removed, then you must first remove the Blueprint assignment. Some Blueprint artifacts create resources during assignment. These resources can have the following state:
Not Locked – Can be changed. Can be deleted.
Read Only – Can’t be changed and can’t be deleted.
Cannot Edit / Delete - Create, update, and delete within the resource group.
Artifacts that become Resource groups get the state of Cannot Edit / Delete automatically but you can create, update, and delete resources within them.
The use of blueprints requires some upfront planning and considerations. The following are the areas to consider in planning for your blueprints.
Location: Where you save the blueprint is key to your assignment capabilities. It is recommended that you save the blueprint as high as necessary in your management group hierarchy. This is covered in Chapter 4 of this book. It is important to note that you can only change the location by deleting and re-creating the blueprint.
Naming convention: The naming of a blueprint is up to you. You cannot have spaces in the name. Use an agreed upon naming convention for your organization and be consistent. A good naming convention facilitates your ease of management and reporting.
Version names: The version names that are typically used are like version standards for software; for example, use 1.0, 2.0, and so forth, to denote major versions, and use 1.1, 2.1 to denote changes that are minor to the major versions. Though the notes section is optional, plan to use this to document changes made to a previous version of the blueprint.
Artifacts: Plan to test the artifacts you use in a blueprint prior to adding to the definition; for example, ensure that you have validated the policy or initiatives work as expected prior to using in a blueprint definition and assignment.
In this section and throughout the rest of the chapter, we delve into creating and managing the life cycle of blueprints in greenfield and brownfield environments.
There are three top stages of a blueprint.
• Create: You create a new blueprint, starting with a definition that has no artifacts, or you start with one of the samples provided.
• Apply: The process of applying to a scope is effectively the assignment of a blueprint. At the time of writing, you can only assign a blueprint to a subscription.
• Track: This is the life-cycle management of assigned blueprints. View and update assigned blueprints.
Now I am going to give an example of building and using an Azure Blueprint in a cloud foundation mock scenario. In my mock scenario I have 3 Azure subscriptions. Each subscription should have a Core services Resource Group consisting of a core VNet with 3 subnets, an NSG for each subnet, and the web subnet should be ready for DMZ traffic. For the core VNet and any additional VNet added to the Core Services Resource Group I need network watcher deployed to it.
Each subscription also should have a core storage account and a blob storage that is ready for general storage needs. I want a tag applied to any Blueprint assignment labeling it with the assignment name, so it is easy to track. The last requirement I have is that I need the CloudOps team to automatically be owner of all core services resources. To accomplish all of this I created the following Blueprint:
Now let’s walk through the parts of creating and assigning the Blueprint. The first step is to create the Blueprint Definition.
In the basics step I give it a meaningful name and meaningful description. I set the Definition Location to the root of my Management groups. Doing this will allow me to assign this Blueprint to all 3 subscriptions in turn creating the core services RG in each subscription.
Next the Artifacts need to be added. Note that when adding an Artifact at the Subscription level you have these options as types:
The Resource Group Artifact type is only available at the subscription level and the ARM template Artifact type is only available at the Resource Group level. I added the Resource Group that the core networking and core storage will be deployed into.
The next artifact I added was an ARM template that will create the core VNet and 3 core subnets in it including:
Frontend – FESubnet
Application – AppSubnet
Database – DBSubnet
This ARM template also creates three Network Security Groups (1 for each subnet) and DMZ rules for the App subnet to expose endpoints to the Internet.
For the storage account and blob storage I added a second ARM template that deploys the needed storage. Note that after an Artifact is added you can edit it.
To ensure my CloudOps team is full owner of the core services resources I added role assignment to my Blueprint.
I am not showing this here, but I also added an Azure Policy artifact that sets a default tag for the assignment name during assignment. After you create the Blueprint it will be in a Draft status. You must Publish the Blueprint before you can assign it. Note that you also can view, edit, or delete the Blueprint. After a Blueprint is published the option to Assign it will show up on the menu.
When you publish you give it a Version and can add Change notes.
Next let’s Assign the Blueprint. Go to the Definition and click on Assign Blueprint.
Select the subscriptions, name the assignment, set the location, select the version, and decide if the assignment should be locked. Complete any needed Artifact parameters and click on Assign.
You will see the Blueprint being assigned after you click on the Assign button.
Now if you go to Resource Groups you will see the BP-92518RG group we specified during the assignment created in each subscription.
If you click on each resource group in each subscription you will see the same exact resources.
Our Azure policy deploying Network Watcher worked. We can verify by looking at the network topology diagram.
The role assignment worked assigning the CloudOps team the owner role.
That’s a wrap. You now have you’re the core resources for each of your subscriptions and have met all the requirements.
If for some reason your assignment failed, you can view error details as to why by going to Assigned Blueprints and clicking on the ones that have a Provisioning State of Failed.
Once you have nailed down the issue you can re-deploy the assignment by clicking on Update Assignment and run the assignment again.
That wraps up the entire blog post. As you can see the Azure Blueprints will play an important role in an organization’s governance and management strategy. This service is in preview for now but get in now and start working with it and add this to your cloud plans as Microsoft has a ton of features and functionality coming to it soon.