Azure Policy Little Secrets

Azure Policy checks Azure resources and operations by matching their properties against defined business rules. It helps to enforce organizational standards and to assess compliance at-scale. Azure Policy is commonly used to enforce governance across Azure, ensuring consistency, regulatory compliance, security controls, cost management, and operational standards. Unfortunately, Azure Policy has its secrets; it has some limitations that are either not documented or the documentation is not so easy to find. With this blog post, I am not trying to bash on Azure Policy as I love the service and I think its architecture is very good, but due to the way some Azure APIs are written it can limit what Azure Policy can do.

Continue reading →

Do not use Azure Front Door metric OriginHealthPercentage in Log Analytics

Azure Front Door is a global, scalable service that acts as a content delivery network (CDN) and application load balancer to improve application performance and availability. The way you expose application on Azure FD is by creating origins. For each origin you have to add one or more origins. When configuring the origin you have the option to configure health probe. The health probe makes sure the origins are up. If an origin is not up it will traffic will not be sent to it. The results from the health probes is visible via OriginHealthPercentage metric. Now let’s have a closer look to metric OriginHealthPercentage as the results from it might be a little bit confusing, especially when you send the metric to Log Analytics workspace and viewed there.

Continue reading →

List Keys for Azure Managed Redis with Bicep

Recently Azure has announced retirement of Azure Cache for Redis and Azure Cache for Redis Enterprise. This of course leads folks to look at Azure Managed Redis. Note that underneath Azure Cache for Redis and Azure Managed Redis use the same resource type but with different SKUs. Overall my general impression is that not many existing customers have moved from Azure Cache for Redis to Azure Cache for Redis Enterprise. The integration with Redis to other services and applications in most cases happen via providing connection string with credentials. It is well known how to list the credentials from Azure Cache for Redis with Bicep but may be it is not so known with how to do that with Azure Managed Redis due its different Azure architecture.

Continue reading →

Enabling Defender for APIs on Azure APIM APIs with Azure Bicep

Azure APIM is essential feature in building AI applications. Being part of that it is important to protect your APIs and couple years ago Azure has provided such capability in Defender for Cloud called Defender for APIs. Previously I have demonstrated how to configure Defender for Cloud plans in Enable Defender for Cloud Auto provisioning agents via Bicep. For Defender for APIs plan it is the same resource type Microsoft.Security/pricings but the name of the resource is ‘Api’. Additionally, you will set pricingTier to Standard to enable it and subPlan to P1, P2, P3, P4 or P5. As this is the initial configuration only in this blog post we will look at what to do next.

Continue reading →

Deploying Azure APIM MCP Servers with Bicep

Azure API Management (APIM) service is one of the building blocks for AI applications. At the same time MCP (Model Context Protocol) server is one of the latest capabilities around AI. Not so long ago APIM announced support for exposing either existing MCP servers or existing APIs as MCP servers. I have played around with this functionality lately and what it turned out is that these MCPs Servers in APIM are just API resource underneath which means it can be easily deployed with Azure Bicep. In this blog post I will show you how to do it with examples.

Continue reading →

Spread the word:

Spread the word:

Spread the word:

Spread the word:

Spread the word: