Tag: Azure Bicep

Azure Resources CMK Encryption with Azure Bicep

Azure Customer Managed Key (CMK) Encryption is quite used feature across Azure resources in order to make sure you are compliant against various certifications and increase your security posture. I have been configuring this feature via IaC since there was only ARM Templates and Bicep was not available. If you have the same experience with me you will notice that the input required for this feature varies from one resource to another. If have to summarize what is required as information that would be:

  • Key Vault
  • A key from Key Vault
  • A version for a key. Some might not require a version.
  • Identity that will be used to access the key from the Key Vault. Most resources will offer the ability to choose between system assigned or user assigned identity although there are sill some resources that will use the identity of the account that is configuring the feature.

With that said in this blog I would like to show you how I used to configured the feature when using ARM templates and how I think it is the better approach when using Bicep code.

Continue reading “Azure Resources CMK Encryption with Azure Bicep”

The Resource Type behind Azure Update Manager Dynamic Scope

When helping folks at Microsoft Q&A I saw a question regarding creating Dynamic scope with Bicep or Terraform. That led to creating this blog post where we will see what is the resource type behind Azure Update Manager Dynamic scope and how it can be created with Bicep. Of course the same thing applies to Terraform and AzAPI provider.

Continue reading “The Resource Type behind Azure Update Manager Dynamic Scope”

Enable Defender for Cloud Auto provisioning agents via Bicep

Often I see questions around how I can the auto provisioning agents capabilities (now renamed to Settings & monitoring) in Defender for Cloud via API.

Defender for Cloud Settings and Monitoring
Continue reading “Enable Defender for Cloud Auto provisioning agents via Bicep”

Azure Monitor Log Alert V2

Log Alerts have been available in Log Analytics for quite some time. Initially they were available via legacy Log Alert API that was specific for Log Analytics. In order to make Log Alert more native to Azure a new Log Alert API was available. With a few minor features like (custom webhook payload) that API was direct translate from the legacy one offering the same features. Now Azure Monitor team is introducing a new Log Alert that is named Log Alert V2. That new alert is using the same API but with new version. So if you use the API version 2018-04-16 to create Log Alert you are creating v1 and if you use version 2021-08-01 you are creating v2. Log Alert v2 will be generally available probably very soon as I have received e-mail notification containing the following information:

  • any API version like 2021-02-01-preview will be deprecated and replaced by version 2021-08-01
  • billing for Log Alert v2 will start from 30th of November.

This for me signals that before 30th of November or several weeks after the service will be generally available. I am not aware of specific information just the official e-mail notification leads me to these conclusions. The Log Alert v2 has been in preview for a couple of months which I have been testing and providing feedback.

Continue reading “Azure Monitor Log Alert V2”

Examples from my Azure Bootcamp 2021 session

At Azure Bootcamp Bulgaria 2021 I have presented "Azure Deployments – Past, Present and Future". In the demos I had two examples:

  • Advanced ARM template templates for deploying Azure SQL Database
  • The above example converted to the new Bicep language

You can find both examples uploaded here. The Bicep example is also published in the Bicep repository examples.