DEV Community: Emmanuel A. Anene

Implement security through a pipeline using Azure DevOps. Part2

Emmanuel A. Anene — Wed, 13 Aug 2025 13:23:38 +0000

In Part 1 of this lab, we laid the foundation for building secure Azure DevOps pipelines by setting up protected repositories, managing identities, and enforcing least privilege access. Now, in Part 2, we take security to the next level focusing on safeguarding pipeline resources, securing access to Azure Repos, protecting sensitive variables, and introducing reusable templates for consistency and compliance.

By the end of this section, your pipelines won’t just deliver code they will enforce security at every stage, ensuring that deployments are both efficient and compliant with best practices.

Continuation

Step 4: Use Secure Variable Management

Secure variable management involves storing sensitive information (like passwords, tokens, or API keys) in Azure DevOps as secret variables or through Azure Key Vault. These secrets are encrypted, hidden from logs, and only accessible during pipeline runtime to protect against unauthorized access or exposure.

i. Go to ** Pipelines > Library >** and click + Variable Group to create a Variable Group.

ii. Add variables like dbPassword, apiKey and mark them as secrets.

iii. Reference the Variable Group in Your Pipeline YAML. Open your pipeline YAML file and click on Edit.

iv. Reference the variable group by adding👇🏻:
trigger:
main

variables:
group: SecureSecrets This is your variable group

trigger:
  - main

variables:
  - group: SecureSecrets  # 👈 This is your variable group

stages:
  - stage: Build
    jobs:
      - job: BuildJob
        steps:
          - script: |
              echo "This is your API key: $(apiKey)"
            displayName: Print API Key

Save and commit your YAML changes

vii. When the pipeline runs, it will automatically pull values from the linked variable group—ensuring secrets are securely injected without hardcoding them in the file.

Step 5: Secure Pipeline Access to Azure Repos Using Personal Access Token (PAT) Authentication

In this step, We will configure the pipeline to use a Personal Access Token (PAT) stored securely as a secret variable, enabling secure authentication to Azure Repos without exposing credentials in the code. This ensures that only authorized builds and scripts can interact with your repository.

i. Click your user profile picture (top right). Click on User Settings and select Personal access tokens.

ii. Click + New Token.

iii. Fill out:

Name → something descriptive, e.g., Pipeline-GitAccess
Organization → select your Azure DevOps org
Expiration → e.g., 30 or 90 days (shorter is safer)
Scopes → pick only what’s needed: For Git repo access → Code: Read & Write. For REST API calls → add Build or Release scopes as needed
Click on SAVE

Note: Copy the token right away and save it on your note, you won’t be able to see it again

iii. Store PAT in Azure DevOps Securely: Go to Pipelines → Library → + Variable group.

iv. Fill Out:

Name it → e.g., AuthTokens.
Add a variable → PAT_SECRET.
Paste your PAT in the value field.
Mark it as Keep this value secret.
Click Save.

iv. Use the PAT in Your Pipeline: Example: Using PAT to access Azure Repos inside a pipeline job. Validate the below YAML and SAVE

variables:
- group: AuthTokens

steps:
- checkout: none
- script: |
    git config --global user.email "pipeline@devops"
    git config --global user.name "Azure DevOps Pipeline"
    git clone https://$(PAT_SECRET)@dev.azure.com/<org>/<project>/_git/<repo>
  displayName: "Clone repo using PAT"

✅ Security Tips:

Keep PAT scopes minimal (e.g., Code:Read if you only need to read code).
Use short expiry and regenerate PATs periodically.
Never commit PATs to your repo always store as secret variables.
Remove unused PATs from User settings → Personal access tokens.

v. Audit Repository Permissions in Azure DevOps Go to Project Settings.

In the left-hand menu, under Repos, click Repositories. This will show a list of all repositories in the project. Click the repository you want to audit SecurePipelineRepo.

Inside the repository settings page, select Security. This will display a list of users and groups with access to the repository.
Review Permissions
For each user or group, you can see permissions like:
- Read
- Contribute
- Force Push
- Manage Permissions

Check whether permissions are Allowed, Denied, or Not set.

vi. Identify Over-Privileged Accounts
Look for accounts with unnecessary Contribute or Manage Permissions rights. Pay attention to Project Collection Administrators or Build Service accounts. They often have high-level permissions by default.

Outcome: You now have a clear picture of who can read, modify, or manage your repository, ensuring you can enforce least privilege.

Step 6: Modularize Your Pipeline Using Templates

Breaking your pipeline into reusable YAML templates allows you to centralize common tasks, reduce duplication, and maintain consistency across projects, while securing access to shared logic.

i. Create a new repo (e.g.,pipeline-templates). Go to Project Settings. under Repos, click Repositories. And click on + Create.

ii. Give the repo a name e.g. pipeline-templates. Keep Add a README checked (optional but recommended). Keep Default branch as main and click on Create.

iii. Write a Reusable build.yml Template: Open your new pipeline-templates repository. Click on the three dots(...) in the front of the repo and select Browse.

iv. On the New Repository page:

Click on the three dots(...) in the front of the Repo
On the drop-down select NEW
And click on FILE.

v. Give the File a name build.yml

vi. Paste the below example reusable build template and Commit the file to the main branch.

parameters:
  - name: buildConfiguration
    type: string
    default: 'Release'
  - name: vmImage
    type: string
    default: 'ubuntu-latest'

jobs:
  - job: Build
    displayName: 'Build Application'
    pool:
      vmImage: ${{ parameters.vmImage }}
    steps:
      - checkout: self

      - task: NodeTool@0
        inputs:
          versionSpec: '16.x'
        displayName: 'Install Node.js'

      - script: |
          npm install
          npm run build -- --configuration ${{ parameters.buildConfiguration }}
        displayName: 'Run build'

What this template does:

Accepts parameters for build configuration (Release, Debug) and VM image type.
Checks out code.
Installs Node.js (can be changed to .NET, Python, etc.).
Runs the build script.

vii. Secure Access to the Templates Repo: Select your pipeline-templates repo:
Select your pipeline-templates repository.

Open Security tab.

Remove “Contribute” permissions for groups/users who do not need to edit templates.

Grant:

Read access to teams that only need to use templates.

Contribute access only to DevOps engineers responsible for maintaining templates.

Deny Force Push and Bypass Policies for everyone except admins.

And that’s a wrap for Part 2!
We’ve gone beyond just writing YAML and pushing code, we have built a pipeline that guards your resources, keeps secrets locked away, controls who can access what, and uses reusable templates to keep things both consistent and secure.

Security is not something you add at the end, it’s something you bake in from the start. With what you have set up here, every run of your pipeline is not just a deployment, it is a statement that you value stability, compliance, and trust.

This completes our lab on Implementing Security Through a Pipeline in Azure DevOps, giving you the skills and mindset to build pipelines that are as safe as they are efficient

If you have any question, insight, or your own tips on securing pipelines? Drop them in the comments, I’d love to hear from you.
Follow me for more hands-on DevOps, Azure, and Cloud Security labs and guides.

AzureDevOps #DevOps #Azure #Security #CloudSecurity #PipelineSecurity #AzurePipelines #CICD #CloudEngineering #AzureKeyVault #YAML #InfrastructureAsCode #MicrosoftAzure

Implement security through a pipeline using Azure DevOps. Part1

Emmanuel A. Anene — Wed, 06 Aug 2025 22:12:10 +0000

Introduction
In today’s DevOps-driven software lifecycle, security must be integrated into every phase of the development process—not just at the end. This approach is often referred to as "shift-left security.” One of the most critical places to enforce security is within the CI/CD pipeline, where code is built, tested, and deployed.

Azure DevOps Pipelines offer powerful automation tools for building and deploying applications, but without proper safeguards, they can become a target for unauthorized access, secret leaks, and misconfigurations. Securing your pipelines ensures the integrity of your deployments, protects sensitive resources, and minimizes the risk of supply chain attacks.

Setup Requirements.

Azure DevOps Organization and Project
Azure Subscription
Azure CLI or Azure Portal access
Basic knowledge of YAML pipelines
Azure Key Vault and Azure Repos enabled

Step 1: Set Up a Secure Project and Repo Structure

This step involves organizing your Azure DevOps project and source code repositories in a way that promotes security, scalability, and isolation. By applying strategies like branching policies, access control, and environment separation, you reduce the risk of unauthorized changes, enforce code quality, and ensure that sensitive resources are protected throughout the development lifecycle.

i. Create Azure DevOps Organization
a. On your Microsoft Azure Portal, search for Azure DevOps Organizations

b. On the Azure DevOps Organization page, click on My Azure DevOps Organizations

c. Create a New Organization Click on your organization name.

d. Give your Organization a name (DevOpsOrgsDemo1) and set you the location where your organization will be hosted.

ii. Create a New Project. After you have created Azure DevOps Organization, on the next page you can now create your Project, steps to create a project.

a. Give your project a name (Secure Pipeline Project Demo)

b. Write the Description that suits this project

c. For the Visibility, Private (recommended for internal or secure projects)

Click on the Advanced tab

d. For the Version Control select GIT as recommended,Git is distributed, widely adopted, supports branching/merging, and integrates easily with modern DevOps tools and CI/CD pipelines.

e. For the Work item process select Basic. Basic is simple, lightweight, and ideal for small teams or new projects focused on code and deployment without complex tracking needs.
f. Then click on Create.

g. After your Project is created successfully, You should now see tabs like: Repos, Pipelines, Boards, Test, Plans and Artifacts

ii. Create a new Git repository and define branching strategy (e.g., main, dev).

a. On the created tab, click on Repos

b. At the top-right corner, click the dropdown arrow beside the current repo name, Click + New repository what the list of items shows.

c. On the Create a repository tab, give your Repo a name (secure-pipeline-repo). Leave default settings unless needed and the click on Create

iv. Create the main and dev Branches. They are two ways you can do this, through the Azure DevOps web Ui or Git CLI. but in this case we will be working with the Azure DevOps web UI

a. Go to Repos > Files, Click the dropdown that shows the current branch (main). Click + New Branch.

b. On the Create a branch tab: Enter branch name dev, Choose main as the source branch. And the click on Create.

Repeat this for any additional branches you want (e.g., feature/login, release, etc.).

v. Enable branch protection on main:
a. Go to your Azure DevOps project (Secure Pipeline Project Demo), In the left-hand menu, select Repos > Branches.

b. Find the main branch, click on the 3 dots (⋯) next to the main branch → choose Branch Policies

c. Toggle on the Require a minimum number of reviewers and Set Minimum number of reviewers to 1 (or more, depending on your team).

d. Enable Build Validation. Scroll down to Build Validation section. Click + Add build policy.

c. Select the pipeline that should be triggered when a pull request is created or updated.

Choose the pipeline from the list (secure-pipeline-repo).
Set Trigger to: Automatic (recommended)
Enable Optionally:Path filter (if you want to restrict the build to specific folders/files)
Click on Save

Step 2: Manage Identities and Permissions

This step involves assigning the right access levels to users, service accounts, and agents in Azure DevOps by applying the principle of least privilege. It ensures that only authorized entities can access or modify pipelines, environments, and resources.
i. Navigate to Project Settings > Permissions.

ii.On the Project Settings Permissions page. Create a custom security group: Click New group at the top.

iii. Fill in the form:

Group name: PipelineAdmins (or any name).
Under Members, add users or groups from Azure AD or your DevOps organization
Description: e.g., "Group for managing pipeline permissions"
Click Create.

iv. Assign Permissions to the Group:

After creating the group, select it from the list.

Review and set permissions such as:

View project-level information: Allow

Edit project-level information: Deny

Create repositories: Deny

Manage build pipelines: Allow (if needed)

Queue builds: Allow

v. Assign Pipeline Permissions: Go to Pipelines > Pipelines. Click on the three dot (...) next to a pipeline → choose Manage Security.

Find the PipelineAdmins group and click on it.

Assign pipeline-specific permissions:

Edit build pipeline: Allow

Queue builds: Allow

Delete builds: Deny or Allow (based on need)

View builds: Allow

Manage builds: Deny (optional)

Step 3: Secure Pipeline Resources and Environments

In this step, you will control who can access or deploy to environments and secure the resources your pipeline uses. By adding approval checks, limiting service connection permissions, and organizing environments with access controls, you ensure that deployments are safe and only authorized actions are performed.

i. Create an environment in Azure DevOps (e.g., staging-env) and assign reviewers.

From the left-hand menu, select Pipelines > Environments.
Click the New environment button.

Enter the Name (e.g., staging-env)
Select the Resource Type:
Choose based on your scenario (e.g., Virtual machines, Kubernetes, etc.). If none is needed, select None to just use the environment for approvals and audit.
And click on Create.

ii. Assign Security and Reviewers:

Once the environment is created, click on the "three dots (⋮)" next to the environment. Select Security.

Here, configure who has access:

Add users or groups (e.g., your DevOps team).

Assign roles such as Reader, User, or Administrator.

Important: Only trusted users should have Admin rights.

Click on Save.

iii. Add Approvals and Checks

Environment name (staging-env)>> Click Approvals and checks tab.>> Click on the plus icon(+)

Select Approvals and click on Next

Add reviewers (users or groups) who must manually approve deployments to this environment
Allow approvers to approve their own runs
Timeout (how long to wait for approval)
Click on Create.

Use the Environment in a YAML Pipeline
Ensure your pipeline references the environment with the approval check:
`jobs:

deployment: DeployToStaging displayName: 'Deploy to Staging' environment: name: 'staging-env' resourceName: 'staging-env' strategy: runOnce: deploy: steps: - script: echo Deploying to staging...`

iv. Setting up an Azure Service Connection with RBAC Permissions Scoped to a Resource Group

Create an Azure AD App Registration (Service Principal). Navigate to your Azure Portal and search Microsoft Entra ID

Click on + Add and select App registrations

Give your App registrations (DevOps-SP-RG-Scoped)
Supported account types: Single tenant.
Click on Register.

v. Generate a Client Secret

In your newly created App Registration, click on Manage and select Certificates & secrets.
Click on + New client Secret

Add a description (DevOpsPipelineSecret)
Choose expiration (6 months, 12 months, etc.)
Click on Add

Note Copy and securely store the value of the secret (you won’t see it again). You will need the App ID and Client Secret for Azure DevOps.

vi. Assign RBAC to the Resource Group

In the Azure Portal, go to Resource Groups and select the specific RG (dev-resources).

In your resource group, select Access control (IAM). and click on + Add > Add role assignment.

Under Privileged administrator roles, Search for Contributor and select it.

Under the Members tab, select User, group, or service principal and click + Select Members

On side pane, In the search box at the top of that pane, type the name of the App Registration (DevOps-SP-RG-Scoped). Wait for it to load and select it. Click on Select

Click on Review + Assign tab and again click Review + Assign to assign your App Registration to Assign RBAC to the Resource Group.

vii. Create the Azure Service Connection in Azure DevOps

Navigate to Project Settings > Service connections. In the service connection page click on New service Connection

Select Azure Resource Manager and click on Next

Choose Identity type (manual) and Fill in the following:

Subscription ID and name (from Azure)
Tenant ID (from Azure AD)
Service principal ID = App ID (Step 1)
Service principal key = Client Secret (Step 2)
Scope level = Resource Group
Resource Group name = dev-resources

After filling the above details, check the box: Grant access permission to all pipelines (or leave unchecked for stricter control)

Click Verify and Save.

vii. Configure Secure Pipeline Folders and Lock Access to YAML Files.

Organize Pipelines Using Folders. Go to your Azure DevOps project, navigate to Pipelines > Pipelines. Click on the New folder button (icon next to the pipeline list)

Create folders to categorize pipelines:

DevPipelines
ProdPipelines
SharedTemplates

Move Pipelines into Folders: In the Pipelines list, click the three dots (•••) beside a pipeline.Click Move/Rename. Select the appropriate folder (e.g., move production pipelines to ProdPipelines).

Step 4: Use Secure Variable Management

i. Go to ** Pipelines > Library >** and click + Variable Group to create a Variable Group.

ii. Add variables like dbPassword, apiKey and mark them as secrets.

Conclusion – Part 1

In this first part of the series, we have laid the groundwork for building a secure Azure DevOps pipeline by focusing on:

Structuring projects and repositories for better isolation and governance
Implementing role-based identity and access management across projects, pipelines, and agents
Securing pipeline resources and environments to enforce deployment controls and approval workflows

These foundational steps are critical to reducing risks and aligning your DevOps processes with security best practices from the start.

Stay tuned for Part 2, where I will dive deeper into securing variable management, repository access, and modularizing pipelines with reusable templates!

AzureDevOps #DevSecOps #CloudSecurity #PipelineSecurity #MicrosoftLearn

Protect Your Azure Storage with Enterprise-Grade Access Control Using Azure Active Directory (Azure AD).

Emmanuel A. Anene — Sat, 02 Aug 2025 21:43:23 +0000

Introduction.
When you are working in the cloud, storing files is just half the job the real power (and responsibility) comes with deciding who gets to access your data and how.

A lot of people start with storage account keys or SAS tokens to share files in Azure, but those methods can be tricky to manage securely, especially as your team or workload grows. What if you could tie storage access directly to your Azure AD user account, just like you do with other Microsoft services? Well, you can and that’s exactly what this mini lab is about.

First, you will have to Sign in to your Active Microsoft Azure Account on: https://portal.azure.com/

Step 1: Assign Yourself a Role.

To get started, follow these steps Assign Yourself a Role

A. On your Azure Portal home page, on the search bar, search for Storage Accounts and click on it.

B. Select the storage account (storageacct1demo1) you created previously while setting up your environment for this exercise. You can click the storage account name it’s a clickable link to open it. (Tip: Make sure it’s associated with the resource group RG1.)

C. In the Storage account,

Go to Access control (IAM).
Click + Add > Add role assignment.

D. On the Basics tab,

Under Job Function Roles 2.Search for Storage Blob Data Contributor and click on the result.
And then click on Next.

E. Under Members tab,

Select User, group, or service principal
Click on + Select Members
And then find and select your Azure AD user.
Click on Select

F. Click on the Review + Assign tab, and select Review + Assign

Step 2: Verify Access Using Azure CLI
Now that you’ve assigned your Azure AD user the Storage Blob Data Contributor role, it’s time to check that it actually works and the easiest way is with the Azure CLI.

First thing, you need to Install Azure CLI if is not installed in your computer yet (https://learn.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)

A. Open your terminal or Azure Cloud Shell, run the commend
az login and and select you Azure account.

B. Select your subscription and tent.

C. Run the command az storage blob list --account-name <your-storage-account-name> --container-name <your-container-name> --auth-mode login

👉 This lists blobs in the container using your Azure AD identity, not an account key.

If you get a list back success! 🎉

Step 3: Test Revoking Access
Finally, test what happens when you remove your Azure AD role. By taking away your permission, you will see how access is instantly blocked proving that RBAC makes it easy to grant and revoke storage access securely.

A. Back in the Azure portal, in your Storage Account (storageacct2demo1) go to Access control (IAM) again.

B. Click on Role assignments tab.

Search for Storage Blob Data Contributor
You should see your own account listed under Members

C. Select your account, then click Remove or delete assignment at the top. Confirm the removal when prompted.

D. Wait a minute, then try listing blobs again with the same CLI command: az storage blob list --account-name <your-storage-account-name> --container-name <your-container-name> --auth-mode login

E. You can see that we got an authorization error proving that Azure AD RBAC now blocks you.

Conclusion

This shows just how powerful Azure AD can be for securing your storage accounts. Instead of relying only on account keys and SAS tokens, you can use identity-based access control to decide exactly who gets in and shut off access just as easily.

With Azure AD, you get stronger security, easier management, and better compliance all while following best practices for modern cloud environments.

Keep exploring! Try combining RBAC with conditional access, MFA, or even user delegation SAS for an extra layer of security. The more you practice, the more confident you’ll get at building secure, well-managed storage solutions in Azure.

If this was helpful, feel free to like, comment, or share your thoughts and follow along for more step-by-step Azure guides!

Implementing Storage Access Controls.

Emmanuel A. Anene — Tue, 29 Jul 2025 17:50:51 +0000

An Azure Storage Account: Is a core service in Microsoft Azure that offers secure, cloud-based storage for different types of data.

Azure Storage Access: This refers to the methods used to access data stored in an Azure Storage account. How you access Azure Storage depends on the type of data you’re working with such as blobs, files, or queues and the level of security and flexibility you require for that access.

In this tutorial, you’ll learn how to complete a few essential tasks for managing an Azure Storage account and its key components.

Let’s say your Azure admin wants you to get hands-on with storage accounts, containers, and file shares. As their organization plans to share more files, they need someone who’s confident using these services. Your goal is to set up a storage container and a file share, then upload files to both.

First, you will have to Sign in to your Active Microsoft Azure Account on: https://portal.azure.com/

Step 1: Create a Storage Container

To get started, follow these steps to create your first storage container:

A. Navigate to your Azure Portal home page, on the search bar, search for Storage Accounts and click on it.

B. Select the storage account (storageacct1demo1) you created earlier while setting up your environment for this exercise. You can click the storage account name it’s a clickable link to open it. (Tip: Make sure it’s associated with the resource group RG1.)

C. In the storage account blade,

Go to the Data storage section
And select Containers.
Click on + Add Container
On the drop down, give your Container a name (new-container-demo)
Click on Create.

Step 2: Upload a Blob to the Storage Container
Now that you’ve created a storage container, you can upload a blob to it. Find an image file on your computer or download one from the internet and save it locally so it’s ready to upload.

To upload a file to the storage container:
A. Click on the Container (new-container-demo) you just created.

B. On the Created Container page,

Click on Upload
On Upload blob page, click Browse Files to add image file on your computer.
When the file is ready for upload, click on Upload.

BLOB SUCCESSFULLY UPLOADED

Step 3: Change the Access Tier
Once the file is uploaded, you will see its current access tier displayed. Since this file is just for testing, it doesn’t need to stay in the Hot access tier. In the next steps, you’ll update the file’s access tier to a more appropriate setting.

A. Click on the file you just uploaded.

B. On Uploaded File page, click on Change Tier.

C. On the Change Tier page,

Change the Access Tier to Cold.
Click on Save to save your change tire.

Step 4: Create a File Share
Now that you’ve uploaded a blob and changed its access tier from Hot to Cool, it’s time to move on to file shares. File shares make it easy to store and manage files that can be accessed by multiple users or services.

In this step, you’ll create a new file share within your storage account, which you can then use to upload and organize files.

A. Navigate to your Azure Portal home page, on the search bar, search for Storage Accounts and click on it.

C. In the Storage account page,

Go to the Data storage section.
Select File shares.

D. Click on + File Share

E. On the Basics tab, give your File Share a name (file-share-demo) and then click on Next

F. On the uncheck Enable Backup because this just for a demo and learning exercise, you usually don’t need backup protection because you’re not storing important production data.

G. Click on the Review + Create and Click on Create after Validation passed.

H. After you File Share successfully, click on Upload.

I. On File Share page, click Browse Files to add image or file from your computer.
When the file is ready for upload, click on Upload.

UPLOADED SUCCESSFULLY INTO YOUR FILE SHARE.

Step 5:** Control Access with a Shared Access Signature (SAS) Token.**
The next step is to look at how to control access to the files you have uploaded. Azure provides several methods for managing file access, such as Role-Based Access Control (RBAC). In this scenario, the Azure administrator wants you to use a Shared Access Signature (SAS) token or storage keys to grant limited access.

Create a Shared Access Signature (SAS) Token

A. Navigate to the search bar on your Azure Portal home page, and search for Storage Accounts and click on it

C. On Storage Account page,

Click on Storage Browser.
Expend the Blob Containers.
Select the storage account you created earlier (new-container-demo).

D. Select the More options (...) menu at the end of the line for the uploaded image.

E. Select Generate SAS.

F. On the Generate SAS. blade,

For Signing method, chose Account key: Simple and quick for demos; no extra setup needed.
Signing key, select Key 1: Default option; easy to rotate later if needed.
Stored access policy, select None: Fine for testing; settings are defined directly in the SAS.
For Permissions, select Read only: Safer; users can only view or download, not change or delete.
Enter your preferred custom start and expiry time or leave the defaults.
For the Allowed IP addresses, if it's for Testing (demo) Leave it blank. But if it's for Production, Restrict to trusted IPs.
Allowed protocols, select HTTPS only: It Encrypts traffic; keeps your data secure in transit.
Click Generate SAS token and URL to finish!

G. Copy the Blob SAS URL, then paste it into a new browser tab or window. The image you uploaded should display. Leave this tab open for later use.

Step 6: Rotate Access Keys to Revoke SAS Access.
Once you’ve created a SAS token, anyone with that link can access the file for as long as the token is valid. But managing access is not just about granting permissions it’s also about being able to revoke them when needed.

To revoke a SAS token, you must invalidate it. The simplest way to do this is to rotate the access key used to sign the SAS.

A. Navigate to your Azure Portal home page, on the search bar, search for Storage Accounts and click on it.

C. On the Storage Account page,

Expend the Security + Networking submenu,
Select Access Keys.
For the Key1, select Rotate Key
Read the warning message about regenerating the access key, and click Yes to acknowledge and proceed.

ROTATE ACCESS KEYS SUCCESSFULLY:

D. After you see the success message confirming the access key has been rotated, return to the browser tab or window where you tested the SAS token and refresh the page. You should now see an authentication failed error.

Wrapping Up

And that is it! In this walkthrough, I created a storage container and a file share, uploaded some data, set up a SAS token to control access, and even learned how to revoke that access by rotating your keys.

This hands-on practice shows how managing storage in Azure is about more than just storing files, it’s about keeping your data secure and knowing exactly who can get to it (and when).

If you found this helpful, feel free to follow, like, and drop a comment. I do love to hear your thoughts and what you’d like to see next!

Happy learning!

Guidelines on Providing Storage for a New Company App Part 2

Emmanuel A. Anene — Fri, 25 Jul 2025 21:55:37 +0000

CONFIGURE THE STORAGE ACCOUNT TO USE A CUSTOMER-MANAGED KEY STORED IN THE KEY VAULT.

Before continuing, make sure to assign the Key Vault Crypto Service Encryption User role to the managed identity.

A: In the Azure portal, search for Resource groups and select it from the results.

B. Select your Resource Group that you have been operating on (RG1)

C. On the Resource Group page(RG1)

Go to the Access Control (IAM) blade.
Click on + Add
Select Add role assignment

D. Now on the Role page,

Click on the Job functions roles page,
Search for the Key Vault Crypto Service Encryption User role
Select the search result.(Key Vault Crypto Service Encryption User role)
Then click Next

E. On the Member page,

Click on Managed Identity.
Click on + Select Members.
On the Drop-down on right-hand-side select User-assigned managed identity.
Click on your Managed Identity
Click on Select.

F. Click on Review + assign tab and then click on Review + assign

ROLE ASSIGNED.

Configure the storage account to use the customer-managed key in your Key Vault.

A. Go to your Storage Account (storageacct2demo1).

B. On the Storage Account page (storageacct2demo1)

Click on Security + Networking on the drop-down,
Select the Encryption blade
On the Encryption page select Customer-managed keys
And then click on Select a key vault and key

C. On Select a Key page,

Check click on Key Vault
Select your Key Vault(keyvault1demo1)
Select you Key(New-App-Key-Demo)
Click on Select

D. Make sure that Identity Type is User-assigned

E. On User-assigned identity

Click on Select an identity
On the drop-down, select your User-assigned managed identity(demo)
Click on Add,
And then Save.

ROLE ADDED ASSIGNMENT.

SETTING A TIME-BASED RETENTION POLICY AND DEFINING AN ENCRYPTION SCOPE.

1.The developers need a storage container where files cannot be modified not even by an administrator.

A. Go to your storage account(storageacct2demo1).

B. On the Storage Account page,

Click on Data Storage, on the drop-down,
Click on the Container blade
Click on + Add Container to create a container
Give you Container a name (new-container-demo),
And then click on Create

D. Upload a file to your Container

Click on Upload.
Click on Browse for Files to select a file from your computer.
And then click on Upload

D. Click on Settings,

On the drop-down, select Access Policy
On Immutable blob storage section, click on + Add Policy

E. On Immutable Storage policy.

Click on the Policy type and select Time-based Retention on the drop-down.
Set Retention Period for 5 days
And make sure you click on SAVE after setting this.

The developers need to create an encryption scope that enables infrastructure encryption.

A. Go back to your Storage Account (storageacct2demo1).

B. On the Storage Account page.

Click on Security + Networking,
And select Encryption.

C. On the Encryption page.

Click on the Encryption Scopes tab
Click on + Add

D. On the Create Encryption Scope page,

Give you Encryption Scope a name (EncryptionScopeDemo)
Set Encryption type as Microsoft-managed keys.
The Infrastructure Encryption is Enabled by default.
Click on Create to create the Encryption Scope

ENCRYPTION SCOPE NAME CREATED SUCCESSFULLY

E. Go back your Storage Account and Create a new Container

Click on Data Storage, on the drop-down,
Click on the Container blade
Click on + Add Container to create a container

F. On the New Container page, you’ll see fields for the container Name and Public access level. In the Advanced section, you can choose the encryption scope you created and apply it to all blobs within the container.

UP AND RUNNING

Final Thoughts

And that is a wrap on this storage setup project! If you have followed along, you now have a clear path to building secure, reliable storage for your app from using customer-managed keys and Key Vault to setting retention policies and encryption scopes that help keep your data safe.

I hope this guide makes it a little easier to tackle these tasks without feeling overwhelmed. Cloud storage can be tricky, but breaking it down step by step makes a huge difference.

Thanks so much for reading I really appreciate you taking the time to follow along. If you found this helpful, feel free to share it or drop a comment I’d love to hear how you’re putting this into practice or what you’d like to learn next.

See you in the next one! 👋

Guidelines on Providing Storage for a New Company App Part 1.

Emmanuel A. Anene — Thu, 24 Jul 2025 18:26:35 +0000

What Is Azure Storage Account: An Azure Storage Account is a core service in Microsoft Azure that offers secure, cloud-based storage for different types of data.

A company building a new application needs its developers to guarantee that storage access is restricted to using access keys and managed identities. They also plan to enforce role-based access control (RBAC) for better security management. Additionally, to support testing requirements, the developers need protected, immutable storage.

Architecture diagram

First Thing: You have to login your active Azure Microsoft Account on portal.azure.com

In this article, I’ll cover the essential tasks for providing storage for a new company app.

Key tasks include:

Creating a storage account and setting up a manage identity
Securing access to the storage account using an Azure Key Vault and encryption keys
Configuring the storage account to use a customer-managed key stored in the Key Vault
Setting a time-based retention policy and defining an encryption scope

CREATE A STORAGE ACCOUNT AND SETTING UP A MANAGE IDENTITY.

Step 1. Provision of a storage account for the web application:

A. In the Azure portal, search for Storage accounts and click on the Enter key Button on your keyboard to select the Storage accounts option.

B. Click on +Create

C. Set up the Basics

For Resource group select Create new. And give your resource group a name and select OK to save the changes
Provide a unique Storage account name. Ensure it meets the naming requirements.
Region: Chose the Region you will operating on
Primary service: Chose Primary service as Azure Blob Storage or Azure Data Lake Storage Gen 2
Redundancy: Select Geo-Redundant Storage

D. Encryption:

Click on Encryption tab
Check the box for Enable Infrastructure Encryption.

E. Review + Create

Click on Review + Create
Click on Create (Wait for your deployment to be completed)

DEPLOYMENT COMPLETED

Step 2: Set up a managed identity for the web app:

A. In the Azure portal, search for Managed Identities and select it from the results.

B. Click on +Create

C. Set up the Basics

Select your Resource Group.
Select the Region you working on.
Give your Managed Identity name.

D. Click on Review + Create tab, and then click on Create
(Wait for your deployment to be completed)

DEPLOYMENT COMPLETED

Step 3. Assign the appropriate permissions to the managed identity. The identity should only have permission to read and list containers and blobs.

A. Search for Storage Accounts navigate to the Storage Account you created earlier(storageacct1demo1)

B. Select Access Control (IAM) blade

C. Click on + Add and select Add Role Assignment

D. On the Role Tab:

Click On Role
Select Job Function Roles.
Search for Storage Blob Data Reader.
And select the Storage Blob Data Reader.
Click Next

E. On the Members tab:

Select Manage Identity
Click on + Select Members
In the drop-down Select User-assigned managed identity
Select the Managed Identity you created earlier
And then click on Select

F. Click on the Review + assign tab and then select Review + assign

SECURING ACCESS TO THE STORAGE ACCOUNT USING AN AZURE KEY VAULT AND ENCRYPTION KEYS.

To create the Key Vault and the encryption key required for this part of the lab, make sure your user account has Key Vault Administrator permissions:

A. In the Azure portal, search for Resource groups and select it from the results(Hit the ENTER button on the keyboard to get the right one).

B. Select The Resource Group you have your Storage Account and Manage Identity in it (RG1).

C. Access Control (IAM)

Click on the Access Control (IAM) blade.
Click on + Add
On the drop down select Add Role Assignment.

D. On the Role tab:

On the Job Function Roles page,
Search for "Key Vault Administrator role"
Select it from the search result.
And then click on Next

E.Click on the Members tab

Select User, group, or service principal.
Click on + Select Members
On the drop-down on the right side of the portal, search and select your account
And then click on Select

F. Click on the Review + assign tab and select Review + assign on left downside.

Create a Key Vault to store the access keys:

A. In the Azure portal, search for Key vaults and select it from the results.

B. Click on + Create

C. On the Basics.

Select the Resource you have use been this project.
Give this Key Vault a unique name (keyvault1demo1)
Select the Region you have been working in on the project.
Pricing Tier: Select Standard (Because this is a DEMO),
Then click on Next

D. On the Access Configuration page check click on Azure role-based access control (recommended)

E. Click on the Review + Create tab and the click on Create

F. Click on Go to Resource after your deployment is complete.

G. Ensure that both the Soft-delete and Purge protection are enabled.

Create a customer-managed key in the Key Vault:

A. In your Key Vault:

Go to the Objects section
Select the Keys blade.
Click on Generate/Import

B. Give the Key a name(New-App-Key-Demo) and click on Create

Key have been created:

Note:
This wraps up Part 1 of our guide on how to set up secure, scalable storage for your new company app. In the next part, we’ll dive deeper into configuring access controls, setting up encryption scopes, and testing the storage setup end-to-end.

Stay tuned for Part 2 coming next!

Azure App Service: Quickly Deploy Your Web App with Ease Part 1

Emmanuel A. Anene — Sat, 21 Jun 2025 19:34:25 +0000

🔷 Azure App Service Explained in Depth

Azure App Service is Microsoft Azure’s fully managed Platform-as-a-Service (PaaS) offering designed to host web applications, RESTful APIs, and mobile app backends. It provides a highly scalable, secure, and globally available environment for running your web-based applications without the need to manage underlying infrastructure like virtual machines, operating systems, or web servers.

✅ Key Features and Benefits

Fully Managed Infrastructure

No server management: Microsoft handles patching, OS upgrades, and infrastructure scaling.
Built-in load balancing: Requests are automatically balanced across instances for better performance and high availability.
Auto-scaling: Automatically adds or removes instances based on traffic/load.

Multi-Language Support

Supports multiple programming languages and frameworks:
- .NET & .NET Core
- Java
- Node.js
- Python
- PHP
- Ruby (via custom containers)
You can even deploy containerized apps using Docker or bring your own custom Linux container.

DevOps Integration & CI/CD

Seamless integration with:
- GitHub
- Azure DevOps
- Bitbucket
- GitLab, and more
Automate deployments using CI/CD pipelines.
Use deployment slots to test in staging before pushing to production with zero-downtime swaps.

Security and Compliance

Supports SSL/TLS, custom domains, and authentication providers like Azure AD, Facebook, Google, and Twitter.
Built-in network isolation, integration with Azure Virtual Network, and App Service Environments (ASE) for enterprise-grade security.
Complies with major certifications like ISO, SOC, PCI DSS, and HIPAA.

Monitoring and Diagnostics

Integrated with Azure Monitor and Application Insights for full observability:
- Real-time metrics
- Custom logging
- Error tracking and diagnostics

Flexible Deployment Options

Deploy using:
- Git push
- FTP
- Visual Studio / VS Code
- Azure CLI / PowerShell
- ARM/Bicep templates or Terraform

🌐 Common Use Cases

Hosting modern web applications (e.g., e-commerce sites, CMS, portals)
Running secure and scalable REST APIs
Hosting backend services for mobile apps
Supporting multi-tenant SaaS applications with scaling and isolation

💡 Why Choose Azure App Service?

Accelerated development lifecycle: Focus more on writing code, less on infrastructure.
Global reach: Deploy apps in multiple regions around the world with a few clicks.
Enterprise-ready: Built-in compliance and identity integration make it suitable for production use in regulated industries.
Cost-effective: Choose from various pricing tiers, from Free/Tier to Premium and Isolated SKUs.

Step-by-Step Guide on how to Deploy a Web App.

Step 1: Login to an Azure Portal.

Open your web browser and go to Azure Portal
Sign in using your Microsoft Azure Account.

Step 2: Create Azure App Service.
Navigate to your search bar and search for term App Service and click on it.

Click on + Create and Select Webapp

Select your Resource Group or create a new one.
Give your Webapp a unique name
Select your Publish (Code)
Select your Runtime Stack (ASP.NET V4.8)
Select the region you will operating on.

Change the Pricing Plan to Shared D1 for the testing purpose

Leave the other setting as default. Click on + Create wait for validation and then click on Create

Wait for the deployment to complete and then click on Go To Resource

Click on the Default Domain to confirm that the Webapp is Running.

Your Webapp is up and running

Optimizing IT Operations: Dedicated Storage for Testing and Training

Emmanuel A. Anene — Thu, 19 Jun 2025 00:08:00 +0000

Understanding Azure Storage: Your Cloud Data Solution

What is Azure Storage?
Azure Storage, a core offering from Microsoft Azure, is a powerful and versatile cloud storage solution. It provides a comprehensive suite of services for storing and managing all types of data in the cloud, whether it's structured, unstructured, or semi-structured. Built for exceptional availability, durability, and scalability, Azure Storage ensures your data is always accessible and protected.

Key Components of Azure Storage:

Blob Storage: This is perfect for holding massive amounts of unstructured data like images, videos, and backups. It offers different access tiers, helping you manage costs effectively based on how frequently you need to access your data.
File Storage: Need managed file shares in the cloud that you can access just like a network drive? File Storage delivers exactly that using the familiar SMB protocol, making it ideal for applications that rely on shared file access.
Queue Storage: For applications that need to communicate asynchronously, Queue Storage acts as a messaging service. It reliably stores and retrieves messages between different application components, ensuring smooth operations.
Table Storage: This NoSQL key-value database is built for lightning-fast retrieval and expansion of semi-structured data. It's a great choice for high-performance storage needs where speed and scalability are crucial.
Disk Storage: Essential for your virtual machines (VMs), Disk Storage provides both managed and unmanaged disks for Azure VMs, giving you flexibility in how you manage your virtualized environments.

Beyond the Essentials:

Azure Data Lake Storage is a specialized service designed specifically for big data analytics. It offers a hierarchical namespace and optimizations that are perfect for handling and processing massive analytical workloads.

Security and Integration:

Azure Storage seamlessly integrates with a wide array of other Azure services, empowering you to build highly scalable and resilient applications. It's also packed with features like encryption, robust redundancy options, and granular access control to ensure your data remains secure and compliant with industry standards.

Step-by-Step Guide on how to set up a storage for for Testing and Training

Step 1: Login to an Azure Portal.

Open your web browser and go to Azure Portal
Sign in using your Microsoft Azure Account.

Step 2. Create a resource group or you can use an exiting one if you have that already.
Click on search bar and search for term Resource Group and click on it.

Click on +Create

Select your active Azure Subscription
Give your Resource group a name e.g. RG1
Select the Region you are operating on.

Click on Review + Create

Click on Create

Your Resource Group have been Created and Deployed Successfully.

Step 3. Create and Deploy a Storage Account for Testing and Training.

In your Azure Portal, click on search bar and search for the term Storage Account and then click on it.

Click on + Create.

Select the Resource Group you create earlier(RG1)
Give your Storage Account a name e.g. storageacctdemo2
Select the correct Region as it is on the Resource Group [Europe, (North Europe)]

Select Standard as Performance

Redundancy: Select Locally-Redundant Storage (LRS)

Click on **Review + Create *

Click on Create

Your Storage Account is up and running

Step 2. Ensure the storage account only allows requests from secure connections.
Under the Settings section, navigate to the Configuration blade.

Confirm that "Secure transfer required" Enabled.

Confirm that the Minimal TLS version is et to Version 1.2

Step 4. Disable requests to the storage account until it is needed again. Learn more about disabling shared keys.

Under the Settings section, navigate to the Configuration blade.
Make sure you allow Storage Account Key Access is Disabled.
Be sure that the changes is saved.

Conclusion:
Configuring Azure Storage for the IT department’s testing and training needs provides a secure, scalable, and cost-effective foundation tailored to real-world cloud learning. This guide has walked through essential steps—from creating a resource group to deploying a storage account and implementing robust security settings.

By selecting Locally Redundant Storage (LRS), we achieved a balance between affordability and durability, ideal for non-production workloads. Security was reinforced by enabling secure transfer, enforcing TLS 1.2, and disabling shared key access—ensuring modern compliance and tighter control over access and activity.

Beyond meeting immediate IT requirements, this setup also serves as a practical learning environment empowering professionals to build hands-on expertise in Azure, DevOps, and cloud infrastructure. It reflects best practices in resource organization, security hardening, and cost optimization—core skills in today’s cloud-driven IT landscape.

Ultimately, this walkthrough demonstrates how to strategically deploy Azure Storage to support both operational readiness and long-term cloud proficiency.

I hope this tutorial has helped lay a strong foundation for your cloud journey. Stay tuned for more in-depth guides and the latest insights into Azure services. Until next time—happy building! ✌

Mastering Azure Load Balancers: Your Step-by-Step Journey to Efficient Traffic Management

Emmanuel A. Anene — Sat, 10 May 2025 08:54:20 +0000

Introduction
Welcome to this comprehensive guide on understanding and implementing load balancers within the Azure ecosystem. This tutorial will walk you through the fundamentals and practical steps of setting up your first load balancer in Microsoft Azure.

What is a Load Balancer?

Imagine a highly skilled air traffic controller for your data. A load balancer acts as this crucial orchestrator, intelligently distributing incoming network requests across a cluster of servers. Its primary role is to prevent any single server from becoming overwhelmed, ensuring smooth, uninterrupted service delivery. It's like having a smart dispatcher for your application's traffic, routing each request to the most available and capable server.

Why are Load Balancers Indispensable?
Load balancers are vital for modern applications due to several key advantages:

Optimized Performance: By evenly distributing workloads, they eliminate bottlenecks and ensure faster response times, leading to a superior user experience.
Guaranteed High Availability: Should a server fail or go offline, the load balancer automatically reroutes traffic to the remaining healthy servers, ensuring your applications stay online and accessible.
Enhanced Security Posture: They serve as an initial line of defense, capable of mitigating certain cyber threats, such as Distributed Denial-of-Service (DDoS) attacks, by effectively spreading malicious traffic.

Exploring Azure's Load Balancing Solutions
Azure offers a versatile suite of load balancing services, each tailored for specific use cases:

Azure Load Balancer (Layer 4 – Transport Layer): Ideal for distributing traffic within a single Azure Virtual Network, operating at the TCP/UDP level.
Azure Application Gateway (Layer 7 – Application Layer): This service goes beyond basic load balancing, offering advanced features like SSL offloading, web application firewall (WAF) capabilities, and content-based routing (e.g., directing traffic based on URL paths).
Azure Traffic Manager: A DNS-based traffic distribution service that routes user requests to different geographical endpoints, perfect for global deployments and disaster recovery strategies.
Azure Front Door: Specifically designed for global web applications, Azure Front Door routes traffic based on optimal performance, robust security features, and low-latency paths, providing a unified global entry point.

Step-by-Step Guide of Creating a Load Balancer In Azure

Step 1: Login to an Azure Portal.

Open your web browser and go to Azure Portal
Sign in using your Microsoft Azure Account.

Step 2: Create a New Load Balancer
In the search bar at the top, type "Load Balancer" and select "Load Balancers"

Click "+ Create" to start setting up your load balancer.

"Take note of the type on the left panel marked"

Step3: Configure the Basic Settings
Subscription: Select your Azure active Subscription.
Resource Group: Choose an Existing Resource Group or Create a New One
Region: Pick the Azure Region where you want to deploy the load balancer.
Name: Give your load balancer a name(e.g. load-Balancer-1)
SKU: Choose Standard, Gateway, or Basic(Standard is recommended for production use since it distributes traffic to backend resources).
Type: Select either Public(for internet-facing applications) or Internal (for internal network applications). For the purpose of this tutorial, we choose public.
Tier: Select either Regional or Global
Click Next: Frontend IP Configuration.

Step 4: Configure the Frontend IP
Click +Add a Frontend IP configuration

Give your Frontend IP a name

Create a new Public IP if you are using a public load balancer or select Private IP for internal use.

Name: Give the public address a name
Availability Zone: Choose Zone Redundant or No Zone
Click save
Click Next: Backend Pools

Step 5: Configure the Backend Pool

Click +Add a backend pool

Give your Backend Pool a name(e.g. Backend-Pool-1)
On the Virtual Network: Select Virtual Machines as the backend
Add the Virtual Machines that will receive the traffic

Click Save

Click Next: Inbound rules

Step 7: Configure Load Balancing Rules

Click *+Add a load balancing rules *

Give the rule a name(e.g. LB-rule-1)
Set the frontend IP configuration.
Choose the backend pool created earlier
Protocol: Select the (TCP, or UDP).
Port: Set as 80 for web traffic)

Health Probe: Click create new

Give it a name (e.g, Health-Probe)
Select the protocol (TCP, HTTP, or HTTPS)
Set a port (e.g, 80 for HTTP Traffic).
Configure probe intervals (recommended: 5 secs)
Then click Save

Click on Review + Create.

Click Create to Deploy your load Balancer

Deployment is Complete🎉

Step 8: Test the Load Balancer.

Confirm the load balancer is functioning by accessing its public IP address through a web browser or the curl utility.

If configured right, traffic will be distributed among backend Virtual Machines.

Conclusion

As we've explored, the Azure Load Balancer stands as a pivotal tool, instrumental in significantly enhancing your application's speed, ensuring its high availability, and bolstering its overall security. Having meticulously followed the step-by-step instructions within this guide, you are now fully capable of successfully deploying and configuring a load balancer to expertly manage traffic flow across your Azure environment.

I hope this tutorial has provided a solid foundation for your cloud endeavors. For more in-depth guides and the latest insights into Azure services, be sure to follow along and look out for the next installment! Happy building! ✌

Creating Your Own Private Cloud Space: An Easy Guide to Azure Virtual Networks (via the Azure Portal)

Emmanuel A. Anene — Thu, 08 May 2025 12:00:47 +0000

Getting Started with Your Azure Playground

So, you're taking your first steps in the world of Microsoft Azure? Awesome! One of the very first things you'll encounter is the idea of a Virtual Network, or VNet.

Think of a VNet as your very own secure and isolated network right there in the cloud. It's the dedicated space where all your Azure goodies – things like virtual machines, databases, and web applications – can chat and work together safely. In this friendly guide, I'll show you how to build and set up your own VNet using the Azure Portal. No need to be a command-line whiz here – we'll do it all with clicks!

Ready to jump in?

💡 Why Bother with Virtual Networks?

When you start launching resources in Azure, you don't want them just hanging out in the open, do you? A VNet acts like a secure boundary, giving you:

Your own private corner: It keeps your different services separate and organized.
Control over your digital address book: You get to decide the ranges of IP addresses, divide your network into smaller sections (subnets), and manage how traffic flows.
A bridge to your existing setup: You can even connect your on-premises network to your Azure VNet.
Your own cloud security guards: You can set up firewall rules (using Network Security Groups) to control who can access what.
Basically, if you're building anything beyond a simple test, a VNet is going to be your new best friend.

🛠 What You'll Need in Your Toolkit

Before we get started, make sure you have these two things handy:

A Microsoft Azure account.
Access to the Azure Portal (your web-based control center for Azure)

🚧 Step 1: create a Virtual Network
We will start by creating a VNet first.

Search for "Virtual Network" by using the search bar at the top of the portal, type Virtual Network and select the service from the listed ones.

Click "+ create" to Start a New VNet

i. Fill in the information
ii. Choose a the correct and active Subscription
iii. Create a new Resource Group (you can give it a name "VNet-Demo-RG") and press OK or you can use the existing resource group.

INSTANCE DETAILS
Name: Give your Virtual Network a name(VNet1)
Region: Choose the region closest to you

IP Address Space settings:
Click on IP Addresses

The default IP Address should be something like 10.0.0.0/16, which we can work with for now

Add your first subnet, you can call it Subnet-1 with the IP address range 10.0.0.0/16
Click on the pencil sign on default

Change the name to Subnet-1. Explore the other default settings including the starting address, size and subnet IP address range and then click on save.

Add your second subnet, you call it "Subnet-2" with IP address range 10.0.0.0/24
Click on the +Add a Subnet

Change the name to Subnet-2. Explore the default settings and click on Add

The Subnet have been added:

Continue exploring the remaining tabs.

You can skip the Security and DNS tabs for now unless you're already comfortable with those advanced settings. Once you've looked through the other tabs click "Review + Create" and then "Create" to finish.

Click n the tab "Create"

Deployment is complete

🛠 Step 2: Configure the VNet to use firewall

Now that your network exists, let's perform some customization to enhance its security. We'll start by configuring the Virtual Network (VNet) to use a firewall.

+Add More Subnets

Before we configure the firewall, let's add more subnets to our Virtual Network. To do this:

Create a new Virtual Network: Navigate to the search box located at the top of the Azure portal. Type "virtual network" into the search bar.
Select Virtual Network: From the dropdown menu that appears, click on "Virtual network."

Click on +Create

To get started Use your active subscription, select a Resource Group. Next choose a name for the Resource Group or you can use an existing Resource Group, and then select a Region, preferably the same as the previous region used for consistency.

Click on IP Addresses

Click on default

On the Subnet Purpose, click on the dropdown and click on Azure Firewall. Then click save

Click on Reviwe + Create

Click on Create tab

Set Up VNet Peering
To establish a secure connection between your Virtual Network, especially when operating across multiple VNets for purposes like isolation or reginal segregation, you'll utilize peering.

To get started with Peering you will go back to your Resource Group that was created earlier(VNet-Demo-RG) Click on it.

Click on VNet1 to navigate to Peerings

Go the left side search bar and search Peerings

Click on the +Add tab

On the remote Virtual Network, peering link name should be 'VNet1-to-VNet-2'
On the Virtual Network choose VNet-2
Check the resource manager and also check the Allow VNet-2 to access VNet1

On the local Virtual Network, Peering link name should be 'VNet-2-to-VNet1'
Check the Resource Manager and also check the Allow 'VNet1 to AccESS VNet-2'

To be sure that the Peering of the Remote VNet and Local VNet was successful, the Peering state of the two VNet will shown Connected

Next Steps with your VNet

Now that your virtual network is all set up, Here are a few things on the radar:

Spin up a Virtual Machine within one of the subnets.
Play around with NSG rules to fine-tune the network traffic flow.
Give connecting two VNets a shot using peering.
Look into setting up a VPN Gateway to bridge the VNet with the local network.

🔄 A Little More on VNet Peering

During the setup, I touched on something called Virtual Network Peering, and I wanted to clarify what that really entails.

Imagine each of my Virtual Networks (VNets) in Azure as its own secure area. By default, these areas can't communicate with each other, even if they all belong to me. VNet Peering is like creating a private, secure pathway between two of your own areas. This allows resources, like the virtual machines or applications I deploy, in one VNet to easily and privately communicate with those in another.

This is incredibly useful when:

If you want to organize your resources into distinct VNets, perhaps for better security or to scale different parts of your infrastructure independently.
You have VNets in different geographical locations but need them to function as a cohesive system.
Your setting up a centralized hub network with other VNets connecting to it.

And the great thing is, the communication between these peered VNets stays within the Azure network; it doesn't traverse the public internet.

So, when you add a peering connection in Azure, I'm essentially telling two of your networks, "You're now connected, communicate securely with each other."

💬 Wrapping Up

Getting practical with Azure networking doesn't have to feel overwhelming. The Azure Portal provides a pretty intuitive way to configure and customize a Virtual Network.

If this has been helpful, or if you'd be interested in a follow-up guide on deploying VMs or setting up hybrid networks, let me know! Happy building!

📌 Stay tuned for more beginner-friendly Azure and cloud development insights!

Creating and Deploying Your First Azure Virtual Machine

Emmanuel A. Anene — Sat, 29 Mar 2025 00:27:49 +0000

What is Virtual Machines?
When you of what a Virtual Machine is, you think of it as a software-created computer that lives inside your real, physical computer. It has its own pretend set of hardware – its own little fake processor, memory, storage, and network connection – all powered and managed by your actual computer's resources.

So, even though you only have one physical machine sitting on your desk, a virtual machine lets you run a completely separate operating system (like Windows, macOS, or Linux) and its applications within a window on your current operating system.

Think of it like this:

Your physical computer is the actual house.
A virtual machine is like creating a separate, fully functional apartment

inside that house.1 The apartment has its own furniture, its own kitchen, its own living room – everything it needs to operate independently. People living in different apartments in the same house can do their own thing without interfering with each other.

Why is this useful?

Well, it lets you do things like:

Try out a different operating system without messing with your main computer.
Run software that's only compatible with a specific operating system.
Test new applications in a safe, isolated environment so if something goes wrong, it doesn't affect your main system.
Consolidate multiple physical servers onto a single, more powerful machine, saving space and energy.

So, in simple terms, a virtual machine is like having a computer within a computer, created by software, allowing you to run different environments and do different things all on the same physical hardware.

It's like a clever way of making one computer act like many!

*How to create Virtual Machines
*

Step 1: Log in to Azure Portal
(i) Navigate to portal.azure.com
(ii) Enter you username & password to access the dashboard

Step 2: Search for "Virtual Machines"
(i) In the search bar, type "Virtual Machines"

Step 3: Select for Virtual Machine from the Search Results

Step 4: ** Click on "Create"**

(i)

   (ii) Click "Azure Virtual Machine"

Step 5: Enter Project Details
(i) Select the appropriate Subscription

     (ii) Click "Create Resource Group"——> Enter a name for it

Step 6: Configure Virtual Machine Details.

  (i) VM Name (eg., MyAzureVM)
  (ii) Region
  (iii) Availability Options
  (iv) Zone Options
  (v) Availability Zone
  (vi)  Security Type

(vii) Operating System: Select Ubuntu Server 20.04 or Windows Server Datacenter-x64 G2
 (viii)VM Size: Keep the default option

Step 7: Set Up Administrator Account:
(i) Set User Name (Azureuser)
(ii) Password (Something you can always remember)
(iii) Confirm password

Step 8: Configure Inbound Port Rules
Select SSH(for Linux) or RDP (for Windows)

Step 9: Accept Licensing Terms
Click the checkbox to accept the licensing agreements.

Step 10: Disable Boot Diagnostics
Click Next——> Navigate to Monitoring Tab ——> Disable Boot Diagnostics.

Step 11: Review & Deploy the Virtual Machine
(i) Review + Create

(ii) Ensure Validation passes.

(iii) Click "Create" to deploy (Deployment takes 3-5 minutes)

 (iv) Click on "Go to Resource" to check your VM status and connect to the VM.

Step 12: Check VM Status
If the status is running, you VM is ready!🎉

Step 13: Connect to the Virtual Machine
Click "Connect" in the Azure VM blade.

Step 14: Download & Open RDP File (Windows VM Only)
(i) Click "Native RDP"——> Download RDP file

(ii) Open the RDP file on your computer

Step 15: Enter Admin Credentials
(i) Enter the Username and password created earlier.

   (ii) ✅ Complete Connection

Chose pricy settings for your device and connect

Wait for Configuration

Step 16: Success! Start Using Your VM
🎉You are now connected! You can start using your Azure Virtual Machine

✅Final Thoughts:
Great job! You've taken the key steps to get your Azure Virtual Machine ready: you've built it, launched it into the Azure environment, and established a connection. Now that you're connected, you can begin installing the software you need, configuring your services exactly how you want them, and take your time to discover everything the Azure ecosystem has to offer.

Key Concepts in a Blog Post

Emmanuel A. Anene — Sun, 26 Jan 2025 06:25:41 +0000

1. What is Virtualization?
Virtualization alludes to the simulation of an essential thing utilized in computing. Virtualization is anything but an IT solution for enabling multiple services and solutions to operate in one physical location. Virtualization lets a single real server acts like, or host several virtual servers, which operate the same as a real server. You get better utilization of resources, savings of costs and flexibility as you can run different operating systems and applications on the same hardware.

2. Scalability
Scalability is like a balloon which you can add air. You can add air without changing its structure, as you need that more and more air is needed. Scalability refers to the potential for a system to manage an increasing amount of work, i.e., growing data volumes and user loads. You can either add more machines or resources to meet the demand as per your wish.

3. Agility
Agility means the ability to move quickly and easily. Consider a dancer who has the ability to quickly change their feet to keep in sync with the music. Agility in business and technology means being able to respond quickly to changes in the market or changing customer needs. Faster sped upped product delivery makes an organization more competitive.

4. High Availability
High availability is like having a backup generator for your home. It guarantees that important services and systems keep going, even if something's not right. In technician language, high availability means that a system ought to up as much as possible and downtime reduced as much as possible. It is essential for companies that depend on continuous access to their software and information.

5. Fault Tolerant
It would be like juggling without a safety net if we were not fault tolerant. You will not be in trouble even one ball drop. Fault tolerant means when something can still operate properly even with failures. Redundancy and backup systems make sure that if one fails, things don’t stop due to one failure or fault.

6. Global Reach
Expanding your business beyond borders, global reach is all about just that. A local shop is able to sell its products worldwide through an online platform. Global reach with businesses refers to serving and now operating in different nations and regions using technology that connects us. For reference, think of a shop that could only sell to locals. Now, they could sell to anyone worldwide via the internet.

7. What is the difference between Elasticity and Scalability
Scalability can be compared to a flexible building that expands or contracts as per the number of occupants. Elasticity is more about how you can change things quickly and right away. It is like a rubber band which can stretch and shrink often as per the needs. In the world of cloud computing, we have two different terms with two different meanings. They are scalability and elasticity. Elasticity refers to the capacity of resource usage increase or decrease automatically depending on current demand. On the other hand, scalability refers to the ability to grow when needed.

In short, these concepts represent the basis through which modern tech and business functions. These systems make efficient and responsive so that we are geared to tackle any trouble ahead.