<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Rahimah Sulayman</title>
    <description>The latest articles on DEV Community by Rahimah Sulayman (@rahimah_dev).</description>
    <link>https://dev.to/rahimah_dev</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3673037%2Fd084c1b1-6c80-43de-8b42-c48bd0cad2f8.png</url>
      <title>DEV Community: Rahimah Sulayman</title>
      <link>https://dev.to/rahimah_dev</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/rahimah_dev"/>
    <language>en</language>
    <item>
      <title>Strengthening Identity Security with Conditional Access Policies in Microsoft Entra ID</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Thu, 09 Jul 2026 14:49:43 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/strengthening-identity-security-with-conditional-access-policies-in-microsoft-entra-id-5bfl</link>
      <guid>https://dev.to/rahimah_dev/strengthening-identity-security-with-conditional-access-policies-in-microsoft-entra-id-5bfl</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;As organizations embrace cloud-first environments, &lt;strong&gt;protecting user identities requires more than just strong passwords&lt;/strong&gt;. Conditional Access in Microsoft Entra ID enables administrators to make intelligent access decisions based on user identity, device compliance, location, application, and risk, ensuring that only trusted users can access organizational resources under the right conditions.&lt;/p&gt;

&lt;p&gt;In this hands-on guide, I'll walk through creating and configuring a Conditional Access policy, targeting specific users and cloud applications, enforcing access controls, and using the &lt;strong&gt;What If&lt;/strong&gt; tool to validate policy behavior before deployment. These practical exercises demonstrate how Conditional Access helps organizations implement Zero Trust principles while &lt;strong&gt;minimizing the risk&lt;/strong&gt; of misconfigured security policies.&lt;/p&gt;

&lt;h2&gt;
  
  
  Exercise - Perform basic Conditional Access policy tasks
&lt;/h2&gt;

&lt;p&gt;In this exercise you will learn to create and configure a Conditional Access policy and test its results with the &lt;strong&gt;What If&lt;/strong&gt; analysis tool.&lt;/p&gt;

&lt;p&gt;This exercise should take approximately &lt;strong&gt;10&lt;/strong&gt; minutes to complete.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 1 - Review a Conditional Access policy
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;Conditional access&lt;/strong&gt; submenu.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frtsntg5ogu9n59r94n9f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frtsntg5ogu9n59r94n9f.png" alt="conditional access" width="799" height="434"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;4.Review the information provided on the Conditional Access Overview page.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - You can see how many policies you have enabled, and how many users who have logged in recently that are not covered by a policy, along with other details(if you created any).&lt;br&gt;
5.Select the &lt;strong&gt;+ Create new policy&lt;/strong&gt; from the top menu.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fv1fzqz2j4lh84kyq4iq6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fv1fzqz2j4lh84kyq4iq6.png" alt="create policy" width="799" height="434"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;6.In the &lt;strong&gt;Name&lt;/strong&gt; box enter &lt;strong&gt;Block Bhogeswar from using Sway&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;7.In the &lt;strong&gt;Assignments&lt;/strong&gt; section select &lt;strong&gt;0 users and agents selected&lt;/strong&gt; text.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;In the &lt;strong&gt;Include&lt;/strong&gt; section mark the &lt;strong&gt;Select users and groups&lt;/strong&gt; item.&lt;/li&gt;
&lt;li&gt;Put a mark in the &lt;strong&gt;Users and groups&lt;/strong&gt; box.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fumodvtomylquwuavvcop.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fumodvtomylquwuavvcop.png" alt="policy" width="799" height="507"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;When the list of users and groups opens, select &lt;strong&gt;Bhogeswar Kalita&lt;/strong&gt; from the list.&lt;/li&gt;
&lt;li&gt;Use the &lt;strong&gt;Select&lt;/strong&gt; button to add the user.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnh1h53mgcokkzcf9in3k.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnh1h53mgcokkzcf9in3k.png" alt="select" width="800" height="365"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Select the word &lt;strong&gt;Exclude&lt;/strong&gt; to switch tabs.&lt;/li&gt;
&lt;li&gt;Put a mark in the &lt;strong&gt;Users and groups&lt;/strong&gt; box.
&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8t43261o5x650vgun1ai.png" alt="exclude" width="800" height="516"&gt;
&lt;/li&gt;
&lt;li&gt;When the list of users and groups opens, select &lt;strong&gt;the admin user you are using&lt;/strong&gt; from the list.&lt;/li&gt;
&lt;li&gt;Use the &lt;strong&gt;Select&lt;/strong&gt; button to exclude this user.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fw71zf2bup5q8jwsnpxik.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fw71zf2bup5q8jwsnpxik.png" alt="exclude" width="799" height="366"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3e04vsfgm68cq5lkzzfp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3e04vsfgm68cq5lkzzfp.png" alt="user" width="799" height="509"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab tip&lt;/strong&gt; - We have added a user for this policy and we have added an exclude for our admin, to make sure they are &lt;em&gt;not accidentally locked out&lt;/em&gt; by a policy change.&lt;/p&gt;

&lt;p&gt;8.Find the section &lt;strong&gt;Target resources&lt;/strong&gt; section.&lt;/p&gt;

&lt;p&gt;9.Select the &lt;strong&gt;No target resources selected&lt;/strong&gt; text from this section.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Make sure &lt;strong&gt;Resources (formerly cloud apps)&lt;/strong&gt; is chosen in the dropdown.&lt;/li&gt;
&lt;li&gt;Put a mark in the &lt;strong&gt;Select resources&lt;/strong&gt; item.&lt;/li&gt;
&lt;li&gt;In the section titled &lt;strong&gt;Select&lt;/strong&gt; choose the word &lt;strong&gt;None&lt;/strong&gt;.
&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgcuimu4twxjzisqy8rc3.png" alt="sway" width="800" height="725"&gt;
&lt;/li&gt;
&lt;li&gt;When the resource selection dialog opens, enter &lt;strong&gt;Sway&lt;/strong&gt; into the search bar.&lt;/li&gt;
&lt;li&gt;Put a check in the box next to &lt;strong&gt;Sway&lt;/strong&gt; then use the &lt;strong&gt;Select&lt;/strong&gt; button to approve the choice.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0gaj0flmo1i0gci2y3g5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0gaj0flmo1i0gci2y3g5.png" alt="sway" width="800" height="435"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab tip&lt;/strong&gt; - We have chosen the app Sway to be the resource this policy works on. You could choose multiple apps, or you could even choose to exclude apps.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Notice the name and target resource&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7kbkdfrnie7x8vlqxry4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7kbkdfrnie7x8vlqxry4.png" alt="done" width="799" height="521"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;10.Open and review the &lt;strong&gt;Network&lt;/strong&gt; section, but we are not going to use that for this lab.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3a3ksw0h8tarzl7m8mcs.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3a3ksw0h8tarzl7m8mcs.png" alt="network" width="800" height="591"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;11.Open and review the &lt;strong&gt;Conditions&lt;/strong&gt; section, but we are not using it for this lab.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F14x9s9vmm4vs8szcl5s5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F14x9s9vmm4vs8szcl5s5.png" alt="condition" width="800" height="734"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab tip&lt;/strong&gt; - Network and Conditions are powerful options in the Conditional Access policy, but they are not required for this simple policy to block access to an app. You would use them if you wanted to do things like restrict access for user working from a specific location, or block access if a user has shown risky behavior. There are many granular options that you can choose from, or even combine together.&lt;/p&gt;

&lt;p&gt;12.Find the section titled &lt;strong&gt;Access controls&lt;/strong&gt;.&lt;br&gt;
13.Under the word &lt;strong&gt;Grant&lt;/strong&gt; select the text &lt;strong&gt;0 controls selected&lt;/strong&gt;.&lt;br&gt;
14.When the Grant dialog opens, select the &lt;strong&gt;Block access&lt;/strong&gt; item.&lt;/p&gt;

&lt;p&gt;15.Use the &lt;strong&gt;Select&lt;/strong&gt; button to accept the change.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8rfkxuyi9383r24r64fv.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8rfkxuyi9383r24r64fv.png" alt="select" width="800" height="432"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab tip&lt;/strong&gt; - You have not set the values needed to create a simple block access policy to the Sway app for Bhogeswar. In the Access controls section, we could have allowed access with specific conditions like MFA or a domain joined device.&lt;br&gt;
16.At the bottom of the &lt;strong&gt;Conditional Access&lt;/strong&gt; interface, find the &lt;strong&gt;Enable policy&lt;/strong&gt; item.&lt;br&gt;
17.Set the value to &lt;strong&gt;On&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;18.Select the &lt;strong&gt;Create&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fzvrjyd27x8w8e40zwo6d.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fzvrjyd27x8w8e40zwo6d.png" alt="select" width="752" height="878"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab tip&lt;/strong&gt; - You have three options to pick from, and you can change value at any time, without having to change the policy.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;On = enables the policy to run&lt;/li&gt;
&lt;li&gt;Off = turn the policy off in case you need to modify it.&lt;/li&gt;
&lt;li&gt;Report-only = use this option to review the outcome of the policy before you fully turn it on.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyuvi1d95004r8sc3945c.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyuvi1d95004r8sc3945c.png" alt="on" width="800" height="416"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 2 - Perform a What If analysis for a conditional access policy
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;Conditional access&lt;/strong&gt; submenu. &lt;br&gt;
4.From the Conditional access screen select the &lt;strong&gt;What if&lt;/strong&gt; option from the top menu.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fs7to3ahsbd1dqpjpo04f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fs7to3ahsbd1dqpjpo04f.png" alt="ca" width="800" height="428"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.In the section &lt;strong&gt;User or Workload identity&lt;/strong&gt; select the text &lt;strong&gt;No user or service principal selected&lt;/strong&gt;.&lt;br&gt;
6.Make sure the box next to &lt;strong&gt;User&lt;/strong&gt; is marked.&lt;br&gt;
7.Select the text &lt;strong&gt;No user selected&lt;/strong&gt; or &lt;strong&gt;Edit user&lt;/strong&gt;.&lt;br&gt;
8.From the Users list, put a mark next to &lt;strong&gt;Bhogeswar Kalita&lt;/strong&gt;, then use the &lt;strong&gt;Select&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftgn8jenulyshrxge86hc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftgn8jenulyshrxge86hc.png" alt="user" width="800" height="436"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;9.In the &lt;strong&gt;Cloud apps, actions, or authentication context&lt;/strong&gt;, select the text &lt;strong&gt;Any cloud app&lt;/strong&gt;.&lt;br&gt;
10.When the &lt;strong&gt;Select target type&lt;/strong&gt; dialog opens, confirm that &lt;strong&gt;Cloud apps&lt;/strong&gt; is chosen in the dropdown.&lt;br&gt;
11.Click on the &lt;strong&gt;+ Select cloud app&lt;/strong&gt;.&lt;br&gt;
12.Use the search to find the &lt;strong&gt;Sway&lt;/strong&gt; app, then use the &lt;strong&gt;Select&lt;/strong&gt; botton to finalize.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnoq6xr63knr4bww7q5pe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnoq6xr63knr4bww7q5pe.png" alt="select" width="799" height="433"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;13.Scroll down to the bottom of the What If tool.&lt;/p&gt;

&lt;p&gt;14.Select the button &lt;strong&gt;What If&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - the results appear off the bottom of the screen, so you will need to scroll down again.&lt;br&gt;
15.You should see the &lt;strong&gt;Block Bhogeswar from using Sway&lt;/strong&gt; policy listed, and it is blocking access.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb3xa8076ps49a5ksztpz.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb3xa8076ps49a5ksztpz.png" alt="whatif" width="800" height="796"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;16.You have to make selections for Device platform and Client app under &lt;strong&gt;sign-in conditions&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F99bc5bahm4013ljaccis.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F99bc5bahm4013ljaccis.png" alt="whatif" width="800" height="808"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmye9oscqwz3jkyxcte19.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmye9oscqwz3jkyxcte19.png" alt="policy" width="799" height="120"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 1 - Try a different app in the What If analysis&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Scroll back to the top of the &lt;strong&gt;What If&lt;/strong&gt; tool.&lt;br&gt;
2.In the &lt;strong&gt;Cloud apps, actions, or authentication context&lt;/strong&gt;, select delete next to &lt;strong&gt;Sway&lt;/strong&gt; and remove it..&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fatp0h5mayk786gzy448g.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fatp0h5mayk786gzy448g.png" alt="app" width="800" height="719"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;3.Then select &lt;strong&gt;select cloud app&lt;/strong&gt; to pick a new app.&lt;br&gt;
4.Search for &lt;strong&gt;Office 365 Reports&lt;/strong&gt; and choose it from the list, then use the &lt;strong&gt;Select&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F2v4vpfkra8teuywnbezx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F2v4vpfkra8teuywnbezx.png" alt="office365" width="800" height="425"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Scroll down to the bottom again.&lt;br&gt;
6.Select the &lt;strong&gt;What If&lt;/strong&gt; button.&lt;br&gt;
7.You should see that the &lt;strong&gt;Block Bhoseswar from using Sway&lt;/strong&gt; policy did not apply.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjpx3lu9d57lidinjfsyx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjpx3lu9d57lidinjfsyx.png" alt="nopolicy" width="800" height="240"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;In this article, I demonstrated how to create and configure Conditional Access policies in Microsoft Entra ID, assign policies to specific users and cloud applications, define access controls, and validate policy behavior using the What If analysis tool. By testing policies before enforcement, administrators can confidently implement secure access controls, reduce the risk of unintended user lockouts, and strengthen their organization's identity security posture through a Zero Trust approach.&lt;/p&gt;

</description>
      <category>zerotrust</category>
      <category>microsoft</category>
      <category>security</category>
      <category>azure</category>
    </item>
    <item>
      <title>Securing User Identities with Multi-Factor Authentication (MFA) in Microsoft Entra ID</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Wed, 08 Jul 2026 21:54:23 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/securing-user-identities-with-multi-factor-authentication-mfa-in-microsoft-entra-id-20m0</link>
      <guid>https://dev.to/rahimah_dev/securing-user-identities-with-multi-factor-authentication-mfa-in-microsoft-entra-id-20m0</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;Passwords alone are no longer enough to protect user accounts from today's evolving cyber threats. &lt;strong&gt;Multi-Factor Authentication (MFA)&lt;/strong&gt; adds an &lt;strong&gt;essential layer of security&lt;/strong&gt; by requiring users to verify their identity using multiple authentication factors, significantly reducing the risk of unauthorized access caused by compromised credentials.&lt;/p&gt;

&lt;p&gt;In this hands-on guide, I'll walk through configuring Multi-Factor Authentication in Microsoft Entra ID, including enabling and disabling per-user MFA, reviewing MFA service settings, and configuring account lockout policies. These practical exercises demonstrate how to strengthen identity security while balancing usability and administrative control in a modern cloud environment.&lt;/p&gt;

&lt;h2&gt;
  
  
  Exercise - Perform basic Multifactor Authentication tasks
&lt;/h2&gt;

&lt;p&gt;In this exercise you will explore the MFA setup process and configure a basic MFA deployment.&lt;/p&gt;

&lt;p&gt;This exercise should take approximately &lt;strong&gt;10&lt;/strong&gt; minutes to complete.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 1 - Enable / Disable Per-user MFA settings
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, open the &lt;strong&gt;Identity&lt;/strong&gt; submenu&lt;br&gt;
4.Select &lt;strong&gt;Users&lt;/strong&gt; and then select &lt;strong&gt;All users&lt;/strong&gt;.&lt;br&gt;
5.Look at the menu on the top of the new screen and find &lt;strong&gt;Per-user MFA&lt;/strong&gt;.&lt;br&gt;
6.Select &lt;strong&gt;Per-user MFA&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frc04nfl63iwrednr2no2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frc04nfl63iwrednr2no2.png" alt="per-user mfa" width="800" height="307"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7.Put a mark in the box next to &lt;strong&gt;Bhogeswar Kalita&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;8.Select &lt;strong&gt;Enable MFA&lt;/strong&gt; from the top of the list.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsttf251pvo0dhh2kayul.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsttf251pvo0dhh2kayul.png" alt="2mfa" width="800" height="492"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;9.Read the message box that pops up.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - This is a manual URL that you can email to the user, if you want to let them know to set up MFA.&lt;/p&gt;

&lt;p&gt;10.Select &lt;strong&gt;Enable&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fx9ugmvji4gjf05hsam6q.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fx9ugmvji4gjf05hsam6q.png" alt="enable" width="799" height="444"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;11.Then select the &lt;strong&gt;Enforce&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F93jp56f8gcrnxym3fv8i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F93jp56f8gcrnxym3fv8i.png" alt="enforce" width="800" height="654"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;12.Note that after a few seconds &lt;strong&gt;enforced&lt;/strong&gt; shows up next to Bhogeswar’s name.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fn4hknxuncxm7tiucjld4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fn4hknxuncxm7tiucjld4.png" alt="verify" width="800" height="548"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 2 - Review the Service settings for MFA
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, open the &lt;strong&gt;Identity&lt;/strong&gt; submenu.&lt;br&gt;
4.Select &lt;strong&gt;Users&lt;/strong&gt; and then select &lt;strong&gt;All users&lt;/strong&gt;.&lt;br&gt;
5.Select &lt;strong&gt;Per-user MFA&lt;/strong&gt; item.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fk7cnvrsqeedn6105xz7y.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fk7cnvrsqeedn6105xz7y.png" alt="2mfa" width="800" height="307"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;6.Select &lt;strong&gt;Service settings&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fth5phfun5d8kty04nupx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fth5phfun5d8kty04nupx.png" alt="service setting" width="800" height="492"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7.Review the settings you can configure:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Setting&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;What is it for&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;App passwords&lt;/td&gt;
&lt;td&gt;There are some legacy apps that won’t work with MFA, use this setting to allow a user to keep using them.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Trusted IPs&lt;/td&gt;
&lt;td&gt;If your company has a specifc set of IP-address ranges that are always known safe, you can allow users to by-pass MFA the logging in.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Verification options&lt;/td&gt;
&lt;td&gt;Select the methods you are willing to allow users to use for their second factor of authentication.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Remember multifactor authentication on trusted device&lt;/td&gt;
&lt;td&gt;If your users are using a device that you trust, like a company managed laptop, you can allow them to retain thier MFA approved status for a specified number of days.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;8.Select the &lt;strong&gt;Discard&lt;/strong&gt; button if you made any changes. &lt;strong&gt;Save&lt;/strong&gt; if you want to deliberately make changes.&lt;br&gt;
This is one method of configuring MFA for your users.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7i0mmmdem0b5odrad129.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7i0mmmdem0b5odrad129.png" alt="mfa" width="799" height="437"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 3 - View MFA account lockout settings
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, open the &lt;strong&gt;Protection&lt;/strong&gt; submenu.&lt;br&gt;
4.Scroll to the bottom of the list and select &lt;strong&gt;Show more&lt;/strong&gt;.&lt;br&gt;
5.Select &lt;strong&gt;Multifactor authentication&lt;/strong&gt; from the menu.&lt;br&gt;
6.Select &lt;strong&gt;Account lockout&lt;/strong&gt; from the menu.&lt;br&gt;
7.Set the following lockout values:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Number of MFA denials to trigger account lockout&lt;/td&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Minutes until account lockout counter is reset&lt;/td&gt;
&lt;td&gt;180&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Minutes until account is automatically unblocked&lt;/td&gt;
&lt;td&gt;15&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;8.Select the &lt;strong&gt;Save&lt;/strong&gt; option at the top of your screen.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fcv3zychvsjaif5x8voww.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fcv3zychvsjaif5x8voww.png" alt="mfa setting" width="799" height="743"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Review some of the other configuration options you have on MFA like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Fraud alert&lt;/li&gt;
&lt;li&gt;Block / unblock users&lt;/li&gt;
&lt;li&gt;Notifications&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;In this article, I explored the core aspects of configuring Multi-Factor Authentication (MFA) in Microsoft Entra ID. I demonstrated how to enable and manage per-user MFA, review and customize MFA service settings, and configure account lockout policies to protect against repeated unauthorized sign-in attempts. By implementing these security measures, organizations can significantly improve identity protection, reduce the risk of account compromise, and build a more resilient authentication framework for their cloud environments.&lt;/p&gt;

</description>
      <category>microsoft</category>
      <category>azure</category>
      <category>identity</category>
      <category>azureadmin</category>
    </item>
    <item>
      <title>Mastering Self-Service Password Reset (SSPR) in Microsoft Entra ID</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Wed, 08 Jul 2026 18:59:21 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/mastering-self-service-password-reset-sspr-in-microsoft-entra-id-4m4g</link>
      <guid>https://dev.to/rahimah_dev/mastering-self-service-password-reset-sspr-in-microsoft-entra-id-4m4g</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;Forgotten passwords are one of the most common reasons users contact IT support, often resulting in lost productivity and increased administrative overhead. &lt;strong&gt;Self-Service Password Reset (SSPR)&lt;/strong&gt; in Microsoft Entra ID empowers users to securely reset or unlock their accounts without requiring help desk assistance, &lt;strong&gt;improving both user experience and organizational security&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;In this hands-on guide, I'll demonstrate how to configure Self-Service Password Reset in Microsoft Entra ID by enabling SSPR for specific users or groups, configuring authentication methods, managing registration settings, and customizing notification options. These configurations help organizations streamline identity management while maintaining strong security practices.&lt;/p&gt;

&lt;h2&gt;
  
  
  Exercise - Perform basic Self-Service Password Rest (SSPR) tasks
&lt;/h2&gt;

&lt;p&gt;In this exercise you will learn where the self-service password reset feature is located in Microsoft Entra and explore the process to configure it.&lt;/p&gt;

&lt;p&gt;This exercise should take approximately &lt;strong&gt;15&lt;/strong&gt; minutes to complete.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 1 - View the SSPR properties for a specific group
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, open &lt;strong&gt;Password reset&lt;/strong&gt; submenu.&lt;/p&gt;

&lt;p&gt;4.Find the &lt;strong&gt;Self service password enabled&lt;/strong&gt; bar.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;What it means&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;None&lt;/td&gt;
&lt;td&gt;No users can use the SSPR feature&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Selected&lt;/td&gt;
&lt;td&gt;Only members of the selected group(s) can use SSPR&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;All&lt;/td&gt;
&lt;td&gt;All users can use the SSPR feature&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;5.Set the value to &lt;strong&gt;Selected&lt;/strong&gt;.&lt;br&gt;
6.Select the text &lt;strong&gt;No groups selected&lt;/strong&gt;.&lt;br&gt;
7.Mark the &lt;strong&gt;Project233&lt;/strong&gt; group we created previously.&lt;br&gt;
8.Use the &lt;strong&gt;Select&lt;/strong&gt; button to complete your choice.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3d5561vrmf3sjgbqksh3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3d5561vrmf3sjgbqksh3.png" alt="sspr" width="800" height="384"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;9.&lt;strong&gt;Save&lt;/strong&gt; your configuration.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsee7xtk7ejgvr0yhcss0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsee7xtk7ejgvr0yhcss0.png" alt="save" width="799" height="518"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 1 - View SSPR authentication methods&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Select &lt;strong&gt;Authentication methods&lt;/strong&gt; from the menu within &lt;strong&gt;Password reset&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;2.Select &lt;strong&gt;1&lt;/strong&gt; as the value for &lt;strong&gt;Number of methods required to reset&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - this value represents how many different ways the user is required to sign-in to the password reset tool, before they are allowed to reset their password. Note that using a password is not an option.&lt;/p&gt;

&lt;p&gt;3.Select &lt;strong&gt;Email&lt;/strong&gt;, &lt;strong&gt;Mobile phone&lt;/strong&gt;, and &lt;strong&gt;Mobile app code&lt;/strong&gt; for &lt;strong&gt;Methods available to user&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - if you use Security Questions you have to specify the number of questions the user is required to create and answer.&lt;br&gt;
4.Use the button at the top to &lt;strong&gt;Save&lt;/strong&gt; your choices.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmb9qd8pzcus6xe7lfojr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmb9qd8pzcus6xe7lfojr.png" alt="pwd reset" width="800" height="507"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.You have added an Authentication method to your self-service password reset.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 2 - View SSPR registration&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Select &lt;strong&gt;Registration&lt;/strong&gt; from the menu within &lt;strong&gt;Password reset&lt;/strong&gt;.&lt;br&gt;
2.Make sure the &lt;strong&gt;Require users to register when signing in?&lt;/strong&gt; value is set to &lt;strong&gt;Yes.&lt;/strong&gt;&lt;br&gt;
3.Set the &lt;strong&gt;Number of days before users are asked to re-confirm…&lt;/strong&gt; to &lt;strong&gt;90&lt;/strong&gt; days.&lt;br&gt;
4.Select &lt;strong&gt;Save&lt;/strong&gt; to save your changes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9wipnsoax4avstdu554w.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9wipnsoax4avstdu554w.png" alt="reg" width="799" height="531"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 3 - View SSPR reset notifications&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Select &lt;strong&gt;Notifications&lt;/strong&gt; from the menu within &lt;strong&gt;Password reset&lt;/strong&gt;.&lt;br&gt;
2.Leave the &lt;strong&gt;Notify users on password reset?&lt;/strong&gt; at the default of &lt;strong&gt;Yes&lt;/strong&gt;.&lt;br&gt;
3.Change the &lt;strong&gt;Notify all admins when other admins reset their password?&lt;/strong&gt; value to &lt;strong&gt;Yes&lt;/strong&gt;.&lt;br&gt;
4.Use the &lt;strong&gt;Save&lt;/strong&gt; option to save your changes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjg1xi3xnymzq22f0fiif.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjg1xi3xnymzq22f0fiif.png" alt="notificatn" width="800" height="622"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;In this article, I explored the configuration of Self-Service Password Reset (SSPR) in Microsoft Entra ID, including enabling the feature for selected groups, configuring authentication methods, enforcing user registration, and managing password reset notifications. By implementing these settings, organizations can reduce help desk workload, improve operational efficiency, and provide users with a secure and convenient way to regain access to their accounts while strengthening overall identity security.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>azureadmin</category>
      <category>security</category>
      <category>identity</category>
    </item>
    <item>
      <title>Strengthening Identity Security with Microsoft Entra ID Password Protection</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Wed, 08 Jul 2026 17:24:21 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/strengthening-identity-security-with-microsoft-entra-id-password-protection-3f5g</link>
      <guid>https://dev.to/rahimah_dev/strengthening-identity-security-with-microsoft-entra-id-password-protection-3f5g</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;Passwords remain one of the most common attack vectors in today's threat landscape, making strong password policies a critical component of &lt;strong&gt;identity security&lt;/strong&gt;. Microsoft Entra ID provides &lt;strong&gt;built-in password protection capabilities&lt;/strong&gt; that help organizations defend against brute-force attacks, password spraying, and the use of weak or commonly compromised passwords.&lt;/p&gt;

&lt;p&gt;In this hands-on guide, I'll walk through configuring essential password protection settings in Microsoft Entra ID, including custom smart lockout policies, banned password lists, and enforcement options. These configurations help strengthen authentication security while improving the overall resilience of your organization's identity infrastructure.&lt;/p&gt;

&lt;h2&gt;
  
  
  Exercise - Perform basic Password Protection tasks
&lt;/h2&gt;

&lt;p&gt;In this exercise you will explore the capabilities Microsoft Entra ID offers in protecting your password. You will see how you can automate and enforce a strong password, and use login restrictions to prevent password attacks.&lt;/p&gt;

&lt;p&gt;This exercise should take approximately &lt;strong&gt;5&lt;/strong&gt; minutes to complete.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 1 - View lock settings, and review duration and threshold values
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;Authentication methods&lt;/strong&gt; submenu.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - You could also search on &lt;strong&gt;Password protection&lt;/strong&gt; in the search bar at the top.&lt;/p&gt;

&lt;p&gt;4.Select &lt;strong&gt;Password protection&lt;/strong&gt; from the list.&lt;br&gt;
5.Set the &lt;strong&gt;Custom smart lockout&lt;/strong&gt; with the following values.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Description&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Lockout threshold&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;How many times can you fail to login with a password before your account locks.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Lockout duration&lt;/td&gt;
&lt;td&gt;30&lt;/td&gt;
&lt;td&gt;How many seconds the account should lock when the threshold is reached.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - You can also configure a custom banned password list here.&lt;/p&gt;

&lt;p&gt;6.Set &lt;strong&gt;Enforce custom list&lt;/strong&gt; to &lt;strong&gt;Yes&lt;/strong&gt;.&lt;br&gt;
7.Enter the following values:&lt;/p&gt;

&lt;p&gt;-Contoso&lt;br&gt;
 -London&lt;br&gt;
 -Widget&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab Tip&lt;/strong&gt; - Your lab is being performed for a company called Contoso, located in London, and it makes Widgets. By enter these three words you block them from being part or a whole of a password.&lt;/p&gt;

&lt;p&gt;8.Set the value for &lt;strong&gt;Mode&lt;/strong&gt; to &lt;strong&gt;Enforced&lt;/strong&gt;.&lt;br&gt;
9.Select the &lt;strong&gt;Save&lt;/strong&gt; item at the top of the screen.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkr0iqmmy1iwkmfvtlmbh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkr0iqmmy1iwkmfvtlmbh.png" alt="pwd protection" width="799" height="415"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;In this article, I demonstrated how to configure password protection in Microsoft Entra ID by reviewing &lt;em&gt;smart lockout settings, defining lockout thresholds and durations, creating a custom banned password list, and enforcing password protection policies&lt;/em&gt;. These security measures help reduce the risk of unauthorized access by preventing weak passwords and limiting password-based attacks, making them an essential part of any modern identity security strategy.&lt;/p&gt;

</description>
      <category>security</category>
      <category>cybersecurity</category>
      <category>azureadmin</category>
      <category>cloud</category>
    </item>
    <item>
      <title>Mastering Microsoft Entra ID: Managing Users, Groups, Dynamic Membership, and Licensing</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Wed, 08 Jul 2026 15:54:40 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/mastering-microsoft-entra-id-managing-users-groups-dynamic-membership-and-licensing-536g</link>
      <guid>https://dev.to/rahimah_dev/mastering-microsoft-entra-id-managing-users-groups-dynamic-membership-and-licensing-536g</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;In today's cloud-first world, identity has become the new security perimeter. Managing users is no longer just about creating accounts, &lt;strong&gt;it's about organizing identities efficiently, automating access, and simplifying administration at scale.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;In this hands-on guide, I'll walk through essential Microsoft Entra ID group management tasks, including creating Microsoft 365 and Security groups, configuring dynamic membership rules, adding users and licenses to groups, and exploring how group-based licensing simplifies administration. Whether you're preparing for the AZ-104 exam or building real-world Azure administration skills, these are practical tasks every cloud administrator should know.&lt;/p&gt;

&lt;h2&gt;
  
  
  Exercise - Perform basic Group Management tasks
&lt;/h2&gt;

&lt;p&gt;In this exercise you will explore the beginner level tasks associated with creating and using groups. You make a new group and assign members and set some basic access levels.&lt;/p&gt;

&lt;p&gt;This exercise should take approximately &lt;strong&gt;15&lt;/strong&gt; minutes to complete.&lt;br&gt;
&lt;strong&gt;Task 1 - Create a Microsoft 365 group&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;Groups&lt;/strong&gt; and then &lt;strong&gt;All groups&lt;/strong&gt;.&lt;br&gt;
4.Select &lt;strong&gt;New group&lt;/strong&gt; option.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmxi8rmg1a8wxvbg5bsbc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmxi8rmg1a8wxvbg5bsbc.png" alt="groups" width="799" height="360"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Enter the requested information:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Group type&lt;/td&gt;
&lt;td&gt;Microsoft 365&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Group name&lt;/td&gt;
&lt;td&gt;Project233&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Group description&lt;/td&gt;
&lt;td&gt;This group consists of members of the new AI Simulation software with codename Project233&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Membership type&lt;/td&gt;
&lt;td&gt;Assigned&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;6.Under the &lt;strong&gt;Members&lt;/strong&gt; heading, select &lt;strong&gt;No member selected&lt;/strong&gt;.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnrhix3m9ogjy7v7rba5o.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnrhix3m9ogjy7v7rba5o.png" alt="group" width="800" height="370"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7.Add &lt;strong&gt;Bhogeswar Kalita&lt;/strong&gt;, by marking the box and choosing the &lt;strong&gt;Select&lt;/strong&gt; button.&lt;br&gt;
8.Select the &lt;strong&gt;Create&lt;/strong&gt; button.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fupc8a7bhbeo5jwmi60oc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fupc8a7bhbeo5jwmi60oc.png" alt="select" width="799" height="445"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fwzzoffqt8pm2ji8jsbs5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fwzzoffqt8pm2ji8jsbs5.png" alt="m365" width="800" height="338"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 2 - Create a Security group
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;Groups&lt;/strong&gt; and then &lt;strong&gt;All groups&lt;/strong&gt;.&lt;br&gt;
4.Select &lt;strong&gt;New group&lt;/strong&gt; option.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fy4ywe2g40868g697n8ae.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fy4ywe2g40868g697n8ae.png" alt="new group" width="799" height="360"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Enter the requested information:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Group type&lt;/td&gt;
&lt;td&gt;Security&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Group name&lt;/td&gt;
&lt;td&gt;Guest Users&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Group description&lt;/td&gt;
&lt;td&gt;This group has all the Guest users&lt;br&gt;currently in the tenant.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Membership type&lt;/td&gt;
&lt;td&gt;Dynamic User&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;6.Under the &lt;strong&gt;Dynamic user members&lt;/strong&gt; heading, select &lt;strong&gt;Add dynamic query&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frc9vkql5n3bkinso56mb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frc9vkql5n3bkinso56mb.png" alt="security" width="800" height="626"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7.Create a dynamic query with the following values:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Property&lt;/td&gt;
&lt;td&gt;userType&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Operator&lt;/td&gt;
&lt;td&gt;Equals&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Value&lt;/td&gt;
&lt;td&gt;Guest&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;8.Select the &lt;strong&gt;Save&lt;/strong&gt; item from the top of the page.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7txrbj6h404m1aweqa6a.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7txrbj6h404m1aweqa6a.png" alt="save" width="800" height="343"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;9.Select the &lt;strong&gt;Create&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - It will take up to 2 minutes for the group to be populate.&lt;br&gt;
10.From the &lt;strong&gt;Groups&lt;/strong&gt; select the &lt;strong&gt;Refresh&lt;/strong&gt; item.&lt;br&gt;
11.Select the &lt;strong&gt;Guest Users&lt;/strong&gt; group we just created.&lt;br&gt;
12.Select &lt;strong&gt;Members&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgtukzrvam49gtawwp18r.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgtukzrvam49gtawwp18r.png" alt="group" width="800" height="357"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 3 - Add an existing user to a new group
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;Groups&lt;/strong&gt; and then &lt;strong&gt;All groups&lt;/strong&gt;.&lt;br&gt;
4.Select the &lt;strong&gt;Project233&lt;/strong&gt; group we created in Task 1.&lt;br&gt;
5.Select the &lt;strong&gt;Members&lt;/strong&gt; option from the menu.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frbq8y5cp6q3qk8cnc5lx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frbq8y5cp6q3qk8cnc5lx.png" alt="project233" width="800" height="432"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;6.Select &lt;strong&gt;+ Add members&lt;/strong&gt; from the menu near the top.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsg5ailp5oczxo7se3sov.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsg5ailp5oczxo7se3sov.png" alt="+members" width="800" height="429"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7.Mark the box next to &lt;strong&gt;External User&lt;/strong&gt; and use the &lt;strong&gt;Select&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5qp7h0n5smjkrihx98ob.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5qp7h0n5smjkrihx98ob.png" alt="extuser" width="800" height="431"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F2zq4el1kdhmohrcxwlvu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F2zq4el1kdhmohrcxwlvu.png" alt="verify" width="799" height="427"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 1 - Alternative method to add an existing user to a new group&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Open the &lt;strong&gt;Users&lt;/strong&gt; menu, then select &lt;strong&gt;All users&lt;/strong&gt;.&lt;br&gt;
2.Find and select &lt;strong&gt;External User&lt;/strong&gt; from the list.&lt;br&gt;
3.Select the &lt;strong&gt;Groups&lt;/strong&gt; item from the menu.&lt;br&gt;
4.Select the option to &lt;strong&gt;+ Add memberships&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjy6d8d5f5h248327n1p4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjy6d8d5f5h248327n1p4.png" alt="+member" width="800" height="369"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Mark an existing group and use the &lt;strong&gt;Select&lt;/strong&gt; button to add them.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbp0fiykzwrgsx5v8d8t5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbp0fiykzwrgsx5v8d8t5.png" alt="select" width="800" height="431"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyb6guzetps5ydosv7m27.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyb6guzetps5ydosv7m27.png" alt="verify" width="800" height="352"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 4 - Add licenses and owners to a group
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;Groups&lt;/strong&gt; and then &lt;strong&gt;All groups&lt;/strong&gt;.&lt;br&gt;
4.Select the &lt;strong&gt;Project23&lt;/strong&gt; group we created in Task 1.&lt;/p&gt;

&lt;p&gt;5.Choose the &lt;strong&gt;Owners&lt;/strong&gt; option from the menu.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - Your tenant administrator will automatically be added as the owner of a group, if no owner is specified.&lt;br&gt;
6.Select the &lt;strong&gt;+ Add owners&lt;/strong&gt; menu item.&lt;br&gt;
7.Mark the box next to &lt;strong&gt;Bhogeswar&lt;/strong&gt; and use the &lt;strong&gt;Select&lt;/strong&gt; button.&lt;br&gt;
8.Notice the new owner has been added to the group.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 1 - Adding a license to a group&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Open a new tab in your browser.&lt;br&gt;
2.Connect to Microsoft 365 admin cetner at &lt;a href="https://admin.microsoft.com" rel="noopener noreferrer"&gt;https://admin.microsoft.com&lt;/a&gt;.&lt;br&gt;
3.From the menu on the left, open the &lt;strong&gt;Billing&lt;/strong&gt; section and select &lt;strong&gt;Licenses&lt;/strong&gt;.&lt;br&gt;
4.Select the &lt;strong&gt;Microsoft Power Automate Free&lt;/strong&gt; license.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhhnsu7d445v2aaty7nha.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhhnsu7d445v2aaty7nha.png" alt="automate" width="800" height="435"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Select the &lt;strong&gt;+ Assign licenses&lt;/strong&gt; item.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fz6i93dlioanbs08ccvrj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fz6i93dlioanbs08ccvrj.png" alt="assignlicenses" width="800" height="437"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7.Use the dropdown on the right side of the screen to select the &lt;strong&gt;Project 233&lt;/strong&gt; group created earlier.&lt;br&gt;
&lt;strong&gt;Note&lt;/strong&gt;: I I unassigned license to a group and created a security group called Project 233, which I assigned the license to. You cannot assign a Microsoft Power Automate Free license (or other Microsoft 365/Entra group-based licenses) to a Microsoft 365 group.&lt;br&gt;
8.Use the &lt;strong&gt;Assign licenses&lt;/strong&gt; button at the bottom of the screen.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flpwzr2vm250pg5a0l103.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flpwzr2vm250pg5a0l103.png" alt="project" width="800" height="440"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;9.Close the &lt;strong&gt;Your licenses are…&lt;/strong&gt; notification.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fqm57hx5dnamf9abuze9i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fqm57hx5dnamf9abuze9i.png" alt="notification" width="800" height="442"&gt;&lt;/a&gt;&lt;br&gt;
10.Use the &lt;strong&gt;Refresh&lt;/strong&gt; button to see the added group licenses.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fv2j5pecijviqqj8hzi0i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fv2j5pecijviqqj8hzi0i.png" alt="verify" width="800" height="438"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;In this article, I explored the fundamentals of group management in Microsoft Entra ID through a series of practical, hands-on exercises. I demonstrated how to create both Microsoft 365 and Security groups, configure dynamic user membership using rules, add users to existing groups, and assign Microsoft licenses through group-based licensing. Along the way, I also highlighted the differences between Microsoft 365 groups and Security groups, including why only Security groups support group-based licensing. These are essential identity and access management skills for Azure administrators and anyone preparing for real-world cloud administration or the AZ-104 certification.&lt;/p&gt;

</description>
      <category>azureadmin</category>
      <category>identity</category>
      <category>security</category>
      <category>cloud</category>
    </item>
    <item>
      <title>Identity as the Perimeter: Scaling User Provisioning, RBAC, and Bulk Automation in Microsoft Entra ID</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Wed, 08 Jul 2026 11:41:39 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/identity-as-the-perimeter-scaling-user-provisioning-rbac-and-bulk-automation-in-microsoft-entra-50bd</link>
      <guid>https://dev.to/rahimah_dev/identity-as-the-perimeter-scaling-user-provisioning-rbac-and-bulk-automation-in-microsoft-entra-50bd</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;In modern cloud architecture, &lt;strong&gt;identity&lt;/strong&gt; is the new security perimeter. As an infrastructure expands, managing access manually isn't just inefficient, &lt;strong&gt;it’s a massive security risk&lt;/strong&gt;. Engineers must be able to scale user provisioning while maintaining strict governance and the principle of least privilege.&lt;/p&gt;

&lt;p&gt;In this article, I break down a hands-on walkthrough of cloud identity engineering using Microsoft Entra ID. We will look past basic configurations to explore the real-world operational workflows every team needs: handling secure B2B guest invitations, mapping enterprise licensing, implementing granular administrative roles, and utilizing bulk automation pipelines to provision users at scale.&lt;/p&gt;

&lt;p&gt;Here is the blueprint for building efficient, production-ready identity infrastructure in the cloud.&lt;/p&gt;

&lt;h2&gt;
  
  
  Exercise - Perform basic User Management tasks
&lt;/h2&gt;

&lt;p&gt;In this exercise you will explore the beginner tasks of an Identity and Access administrator by creating and managing a user in Microsoft Entra ID. There are five common activities you will perform in your lab from creating a new user to assigning them roles and licenses.&lt;/p&gt;

&lt;p&gt;This exercise should take approximately &lt;strong&gt;10&lt;/strong&gt; minutes to complete.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 1 - Create a new user
&lt;/h2&gt;

&lt;p&gt;1.Open the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.Log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, select &lt;strong&gt;User&lt;/strong&gt; and then &lt;strong&gt;All users&lt;/strong&gt;.&lt;br&gt;
4.Select &lt;strong&gt;+ New user&lt;/strong&gt; and then pick the &lt;strong&gt;Create new user&lt;/strong&gt; option.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpxtu67mb2klm4jbjqb9o.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpxtu67mb2klm4jbjqb9o.png" alt="user" width="800" height="382"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Enter the requested information:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;User principal name&lt;/td&gt;
&lt;td&gt;BhogeswarK&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Display name&lt;/td&gt;
&lt;td&gt;Bhogeswar Kalita&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;6.Leave the &lt;strong&gt;Mail nickname&lt;/strong&gt; as is.&lt;br&gt;
7.Make a copy of the &lt;strong&gt;Password&lt;/strong&gt; (auto-generated) and store it in &lt;strong&gt;Notepad&lt;/strong&gt;. You will need it later.&lt;br&gt;
8.Leave Accounted enabled checked.&lt;br&gt;
9.Select the Properties tab.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh8oeh8qnnror6pkld20m.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh8oeh8qnnror6pkld20m.png" alt="user" width="800" height="441"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;10.Set the values for first and last name:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;First name&lt;/td&gt;
&lt;td&gt;Bhogeswar&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Last name&lt;/td&gt;
&lt;td&gt;Kalita&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;11.Note that you can set the &lt;strong&gt;User type&lt;/strong&gt; to &lt;strong&gt;Member&lt;/strong&gt;. If you pick Guest, it will restrict the users capabilities.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fio6j182z4yrfzpgdf35o.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fio6j182z4yrfzpgdf35o.png" alt="member" width="800" height="444"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;12.Scroll down to the bottom of the page.&lt;br&gt;
13.Set the &lt;strong&gt;Usage location&lt;/strong&gt; to &lt;strong&gt;United States&lt;/strong&gt; or to whatever region you are in.&lt;br&gt;
14.Select the &lt;strong&gt;Review + create&lt;/strong&gt; button.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmw8ufb8wicunz4q3xmbn.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fmw8ufb8wicunz4q3xmbn.png" alt="r n c" width="800" height="447"&gt;&lt;/a&gt;&lt;br&gt;
15.Select &lt;strong&gt;Create&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8k4bqjbpfhd50vxmtygr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8k4bqjbpfhd50vxmtygr.png" alt="verify" width="800" height="378"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 1 - Log in to confirm user&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Open an InPrivate browsing window.&lt;br&gt;
2.Connect to the Microsoft Entra admin center at the link &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
3.Enter the username and password you just created.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Username&lt;/td&gt;
&lt;td&gt;BhogeswarK@&lt;code&gt;your tenant name&lt;/code&gt;.onmicrosoft.com&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Password&lt;/td&gt;
&lt;td&gt;&lt;code&gt;Auto generated password you saved&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdismjo0gw9u3dlw1kq2c.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdismjo0gw9u3dlw1kq2c.png" alt="tenant's det" width="768" height="772"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;4.If prompted follow the on-screen instructions to complete MFA setup.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbgtv4n2xh28w7sfnn782.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbgtv4n2xh28w7sfnn782.png" alt="2MFA" width="713" height="761"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Feel free to explore the Microsoft Entra admin center for a minute.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0ndmyyc1t6jckywpy3lx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0ndmyyc1t6jckywpy3lx.png" alt="SIGNED IN" width="799" height="381"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;6.Close the InPrivate browsing window.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 2 - Add a license to the user
&lt;/h2&gt;

&lt;p&gt;1.Open a new tab in your browser.&lt;br&gt;
2.Connect to the Microsoft 365 admin center at https//:admin.microsoft.com.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fqd2ap6uojojivzo3rtpd.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fqd2ap6uojojivzo3rtpd.png" alt="M365" width="800" height="411"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;3.If prompted, log in using the credentials for your tenant.&lt;br&gt;
4.Find the menu on the left side of the screen.&lt;br&gt;
5.Open the &lt;strong&gt;Billing&lt;/strong&gt; item in the menu.&lt;br&gt;
6.Select &lt;strong&gt;Licenses&lt;/strong&gt; from the list.&lt;br&gt;
7.When the list of licenses appears, select &lt;strong&gt;Microsoft Power Automate Free&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F609pit14g3tisk45cscd.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F609pit14g3tisk45cscd.png" alt="license" width="800" height="396"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;8.Select the &lt;strong&gt;+ Assign licenses&lt;/strong&gt; item.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7pto3exjqb3y8l6dx6y1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7pto3exjqb3y8l6dx6y1.png" alt="assign" width="800" height="373"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;9.Choose &lt;strong&gt;Brogeswar&lt;/strong&gt; from the list (user created in previous task).&lt;br&gt;
10.Select the &lt;strong&gt;Assign licenses&lt;/strong&gt; button at the bottom of the page.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fy13em29xqkf4y3preerq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fy13em29xqkf4y3preerq.png" alt="assignlicense" width="800" height="398"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;11.Notice the message that you have successfully assigned a license.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3p9bskbc95o6se9npp3p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3p9bskbc95o6se9npp3p.png" alt="assigned" width="800" height="397"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;12.Close the tab with &lt;strong&gt;Microsoft 365 admin center&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 3 - Invite an external user to your tenant
&lt;/h2&gt;

&lt;p&gt;1.If not already open - Open a browser and connect to the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.If prompted, log in using the credentials for your tenant.&lt;br&gt;
3.From the menu on the left, open the &lt;strong&gt;Identity&lt;/strong&gt; menu.&lt;br&gt;
4.Select &lt;strong&gt;Users&lt;/strong&gt; then select &lt;strong&gt;All users&lt;/strong&gt;.&lt;br&gt;
5.At the top of the page select &lt;strong&gt;+ New User&lt;/strong&gt;.&lt;br&gt;
6.Choose the option to &lt;strong&gt;Invite external user&lt;/strong&gt; from the dropdown.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fapgm7obbfjltqa4az5ld.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fapgm7obbfjltqa4az5ld.png" alt="users" width="800" height="375"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7.Enter the information for your new external user:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Field&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Email&lt;/td&gt;
&lt;td&gt;&lt;a href="mailto:ExtUser@testemail.com"&gt;ExtUser@testemail.com&lt;/a&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Display name&lt;/td&gt;
&lt;td&gt;External User&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Message&lt;/td&gt;
&lt;td&gt;Thank you for joining the company for this short work project. We look forward to building this project together.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;8.Select the &lt;strong&gt;Review + Invite&lt;/strong&gt; button.&lt;br&gt;
9.Select &lt;strong&gt;Invite&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8khb5gqsnioudhq41cqw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8khb5gqsnioudhq41cqw.png" alt="Invite" width="800" height="445"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F4ynjy5uzgwr0eu6qdgfi.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F4ynjy5uzgwr0eu6qdgfi.png" alt="verify" width="800" height="412"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 4 - Assign a role to a user
&lt;/h2&gt;

&lt;p&gt;1.If not already open - Open a browser and connect to the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;..&lt;br&gt;
2.If prompted, log in using the credentials for your tenant.&lt;br&gt;
3.In the left menu find the &lt;strong&gt;Identity&lt;/strong&gt; section. Open it if not already opened.&lt;br&gt;
4.Select &lt;strong&gt;Users&lt;/strong&gt; then select &lt;strong&gt;All users&lt;/strong&gt;.&lt;br&gt;
5.Choose the user &lt;strong&gt;Bhogeswar Kalita&lt;/strong&gt; create in the earlier task.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fa0zmwafm99otgza6wg8d.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fa0zmwafm99otgza6wg8d.png" alt="kalita" width="799" height="389"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;6.From the newly opened menu select &lt;strong&gt;Assigned roles&lt;/strong&gt;.&lt;br&gt;
7.At the top of the screen select &lt;strong&gt;+ Add assignments&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frwv4jc9wer8nbh7u6fvm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frwv4jc9wer8nbh7u6fvm.png" alt="assign role" width="799" height="368"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;8.From the &lt;strong&gt;Select role&lt;/strong&gt; dropdown menu chose the role &lt;strong&gt;Attribute Definition Reader&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frnatyb6xdnj7p65dasb2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frnatyb6xdnj7p65dasb2.png" alt="next" width="800" height="610"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;9.Select the &lt;strong&gt;Next&lt;/strong&gt; button when it becomes available.&lt;br&gt;
10.Choose the option &lt;strong&gt;Eligible&lt;/strong&gt; for &lt;strong&gt;Assignment type&lt;/strong&gt;.&lt;br&gt;
Select &lt;strong&gt;Assign&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fwcrmpplnnxcwvfdoy4h3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fwcrmpplnnxcwvfdoy4h3.png" alt="assign" width="800" height="632"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Subtask 1 - Alternate method to assign a role to a user&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.Look at the Identity menu section on the left side of the screen.&lt;br&gt;
2.Select the &lt;strong&gt;Show more&lt;/strong&gt; option to see the full &lt;strong&gt;Identity&lt;/strong&gt; menu.&lt;br&gt;
3.From the list of items in the &lt;strong&gt;Identity&lt;/strong&gt; menu, expand the &lt;strong&gt;Roles &amp;amp; admins&lt;/strong&gt; section.&lt;br&gt;
4.Select &lt;strong&gt;Roles &amp;amp; admins&lt;/strong&gt;.&lt;br&gt;
5.Select &lt;strong&gt;Attribute Log Reader&lt;/strong&gt; from the list of roles.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fi10oltfkhdq26zx3omat.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fi10oltfkhdq26zx3omat.png" alt="attribute" width="800" height="360"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;6.From the top of the screen select &lt;strong&gt;+ Add assignment&lt;/strong&gt;.&lt;br&gt;
7.From the &lt;strong&gt;Select member(s)&lt;/strong&gt; select the No member selected text.&lt;br&gt;
8.From the list of user choose &lt;strong&gt;Bhogeswar Kalita&lt;/strong&gt;.&lt;br&gt;
9.Choose the &lt;strong&gt;Select&lt;/strong&gt; button at the bottom.&lt;br&gt;
10.Select the &lt;strong&gt;Next&lt;/strong&gt; button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyfijs7xg8kf4c9h0qpxw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyfijs7xg8kf4c9h0qpxw.png" alt="next" width="800" height="626"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;11.On the Add assignments page choose &lt;strong&gt;Active&lt;/strong&gt; for the &lt;strong&gt;Assignment type&lt;/strong&gt;.&lt;br&gt;
12.Note that you have to enter a justification for this role / user assignment.&lt;br&gt;
13.Enter the justification &lt;strong&gt;User will be working as an Attribute log reader as their primary job&lt;/strong&gt;. into the box.&lt;br&gt;
14.Select &lt;strong&gt;Assign&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fg0q78jmeq4t2h0pjhvwx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fg0q78jmeq4t2h0pjhvwx.png" alt="assign" width="800" height="556"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fzgwy2abohgehtluwwgju.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fzgwy2abohgehtluwwgju.png" alt="verify" width="800" height="335"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fls0d9ay773kcx9hzoggi.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fls0d9ay773kcx9hzoggi.png" alt="verify" width="800" height="399"&gt;&lt;/a&gt;&lt;br&gt;
Notice the Remove|Update option.&lt;/p&gt;

&lt;h2&gt;
  
  
  Task 5 - Bulk import users
&lt;/h2&gt;

&lt;p&gt;1.If not already open - Open a browser and connect to the Microsoft Entra admin center at &lt;a href="https://entra.microsoft.com" rel="noopener noreferrer"&gt;https://entra.microsoft.com&lt;/a&gt;.&lt;br&gt;
2.If prompted, log in using the credentials for your tenant.&lt;br&gt;
3.From the &lt;strong&gt;Identity&lt;/strong&gt; menu, select &lt;strong&gt;Users&lt;/strong&gt; and then select &lt;strong&gt;All users&lt;/strong&gt;.&lt;br&gt;
4.From the top of the page, select the &lt;strong&gt;Bulk operations&lt;/strong&gt; drop-down arrow and then select &lt;strong&gt;Bulk create&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - Selecting Bulk create will open a new tile. This tile provides a Download link to a template file that you will edit to populate with your user information and upload to add the bulk creation of users.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1qthvhv3uvxh6iy55wlc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1qthvhv3uvxh6iy55wlc.png" alt="bulk" width="800" height="384"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Select &lt;strong&gt;Download&lt;/strong&gt; to see a sample bulk user CSV file.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - The .csv template provides you with the fields included with the user profile. This includes the required username, display name, and initial password. You can also complete optional fields, such as Department and Usage location, at this time. You do not need to fill out all the fields.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab Tip&lt;/strong&gt; - A sample CSV has been provided in the Allfiles/Lab1 folder – APL0501-BulkUser.csv.&lt;br&gt;
6.Open Notepad.&lt;br&gt;
7.Open the SC300BulkUser.csv file.&lt;br&gt;
8.Search and replace the existing value &lt;strong&gt;«&amp;gt;&amp;gt;&lt;/strong&gt; with &lt;strong&gt;Your actual domain name&lt;/strong&gt;.&lt;br&gt;
9.Save the file.&lt;br&gt;
10.On the Bulk create users dialog, select the file folder icon on step 3.&lt;br&gt;
11.Path to the Allfiles/Lab1 folder and select &lt;strong&gt;APL0501-BulkUser.csv&lt;/strong&gt; file.&lt;br&gt;
12.Select &lt;strong&gt;Open&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fs3zby0leryusbz14e62q.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fs3zby0leryusbz14e62q.png" alt="open" width="800" height="400"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;13.Wait for the notification that the file uploaded successfully. Select the Submit button to add the users.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt; - After the users have been created, you will be prompted that the creation has succeeded.&lt;/p&gt;

&lt;p&gt;14.&lt;strong&gt;Close&lt;/strong&gt; the &lt;strong&gt;Bulk create users&lt;/strong&gt; dialog.&lt;br&gt;
15.Check the list of users to see your bulk created users.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh49gqa4ghk4gcs2ahugd.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh49gqa4ghk4gcs2ahugd.png" alt="bulk" width="800" height="370"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;In summary, Identity is the foundation of secure cloud architecture. Managing access manually isn't just inefficient - it’s an operational risk.&lt;/p&gt;

&lt;p&gt;This article breaks down a hands-on walkthrough of cloud identity engineering using Microsoft Entra ID. From enforcing the principle of least privilege with granular administrative roles and secure B2B guest access to scaling user provisioning through bulk automation pipelines, here is the blueprint for building secure, production-ready identity infrastructure.&lt;/p&gt;

</description>
      <category>sysadmin</category>
      <category>identity</category>
      <category>automation</category>
      <category>security</category>
    </item>
    <item>
      <title>From Fork to Pull Request: A Practical GitHub Collaboration Workflow</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Sat, 04 Jul 2026 14:11:19 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/from-fork-to-pull-request-a-practical-github-collaboration-workflow-f9l</link>
      <guid>https://dev.to/rahimah_dev/from-fork-to-pull-request-a-practical-github-collaboration-workflow-f9l</guid>
      <description>&lt;p&gt;Modern software development is built on &lt;strong&gt;collaboration&lt;/strong&gt;, and &lt;code&gt;GitHub&lt;/code&gt; is at the center of that workflow.&lt;br&gt;
Every contribution to an &lt;code&gt;open-source project&lt;/code&gt; starts with a single &lt;code&gt;Pull Request&lt;/code&gt;. &lt;em&gt;This article walks through a practical GitHub collaboration workflow, from forking a repository to submitting production-style Pull Requests for review using the same process followed by development teams.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;This project reinforced practical version control skills that are essential in Cloud and DevOps environments, including working with feature branches, synchronizing forks, writing meaningful commits, and contributing through Pull Requests.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 1: Fork the Repository
&lt;/h2&gt;

&lt;p&gt;The workflow began by creating a personal &lt;strong&gt;fork of the original repository&lt;/strong&gt;. This provided an independent copy where changes could be made safely without affecting the upstream project.&lt;/p&gt;

&lt;p&gt;The fork serves as the working repository for development before changes are proposed back to the original project.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fphhw46dyh9yh5edox377.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fphhw46dyh9yh5edox377.png" alt="upstream" width="800" height="261"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjmqurb1nzfgdl92gfrmp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjmqurb1nzfgdl92gfrmp.png" alt="mine" width="799" height="296"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 2: Clone the Repository
&lt;/h2&gt;

&lt;p&gt;After forking the project, I &lt;strong&gt;cloned&lt;/strong&gt; my fork to my local development environment using Git. This enabled me to work on the project locally while maintaining a connection to my GitHub repository.&lt;/p&gt;

&lt;p&gt;The &lt;strong&gt;local repository&lt;/strong&gt; became the workspace for implementing changes, reviewing modifications, and managing version history before publishing updates.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F349z6rchu8gg1ahvl0pr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F349z6rchu8gg1ahvl0pr.png" alt="clone" width="799" height="234"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 3: Configure the Upstream Repository
&lt;/h2&gt;

&lt;p&gt;To keep my fork &lt;strong&gt;synchronized&lt;/strong&gt; with the original project, I configured the upstream repository as an additional remote.&lt;/p&gt;

&lt;p&gt;This made it possible to fetch the latest changes from the original project before starting new work, ensuring my local repository stayed aligned with the latest &lt;code&gt;codebase&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyaoqcjt77ersgpse5p73.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyaoqcjt77ersgpse5p73.png" alt="upstream/main" width="800" height="542"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 4: Create a Feature Branch
&lt;/h2&gt;

&lt;p&gt;A dedicated &lt;strong&gt;feature branch&lt;/strong&gt; was created to isolate the changes from the main branch, following a standard collaborative Git workflow.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsugx5ayigf153sa9k574.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsugx5ayigf153sa9k574.png" alt="feature" width="800" height="180"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 5: Contribute to the Project
&lt;/h2&gt;

&lt;p&gt;I updated the project documentation by adding my contributor profile and committed the changes using a &lt;strong&gt;descriptive commit message&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftkl0jzel8rneod1uw4kr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftkl0jzel8rneod1uw4kr.png" alt="contributors.md" width="800" height="175"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 6: Push the Feature Branch
&lt;/h2&gt;

&lt;p&gt;The completed work was pushed to my GitHub fork, making it ready for review through a &lt;strong&gt;Pull Request&lt;/strong&gt;.&lt;br&gt;
The arrow points to the Pull Request link.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fj7kmyup3wk6cs98udkez.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fj7kmyup3wk6cs98udkez.png" alt="pr" width="800" height="306"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The link opened a Pull Request through which the feature branch was submitted for review, thereby allowing the repository owner to &lt;strong&gt;review and merge&lt;/strong&gt; the contribution.&lt;br&gt;
The Pull Request was approved and merged.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsz2j3p7soh6yuz41oeqp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsz2j3p7soh6yuz41oeqp.png" alt="pr approve" width="800" height="575"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 7: Submit a Documentation Improvement
&lt;/h2&gt;

&lt;p&gt;After the initial contribution, I created a second feature branch to improve the project's &lt;strong&gt;README&lt;/strong&gt; by clarifying the browser prerequisites and submitted another Pull Request.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F81dvuuvg2s6o5x8opjkl.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F81dvuuvg2s6o5x8opjkl.png" alt="pr for readme" width="800" height="603"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;This repository reflects hands-on experience with collaborative software development using Git and GitHub. It showcases practical skills in branching strategies, repository synchronization, documentation contributions, and Pull Request-based collaboration—core practices used across modern engineering and DevOps teams.&lt;/p&gt;

&lt;p&gt;I look forward to applying these skills in professional environments while continuing to expand my expertise in Cloud and DevOps technologies.&lt;/p&gt;

</description>
      <category>github</category>
      <category>opensource</category>
      <category>devops</category>
      <category>productivity</category>
    </item>
    <item>
      <title>Lab Guide: Configuring Microsoft Defender for Cloud for Server Protection</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Tue, 23 Jun 2026 12:28:05 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/lab-guide-configuring-microsoft-defender-for-cloud-for-server-protection-4o16</link>
      <guid>https://dev.to/rahimah_dev/lab-guide-configuring-microsoft-defender-for-cloud-for-server-protection-4o16</guid>
      <description>&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt;: To complete this lab, you will need an &lt;code&gt;Azure subscription&lt;/code&gt;. in which you have administrative access.&lt;/p&gt;

&lt;p&gt;The main goal of this exercise is to provide hands-on experience in configuring and enabling Microsoft Defender for Servers Plan 2 within an Azure subscription. This will allow you to &lt;strong&gt;monitor and protect your cloud resources against security threats&lt;/strong&gt;.&lt;/p&gt;

&lt;h1&gt;
  
  
  Skilling tasks
&lt;/h1&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Configuring Microsoft Defender for Cloud Enhanced Security Features for Servers.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Review the ehanced security features for Microsoft Defender for Servers Plan 2.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Estimated Lab Duration: 5 minutes&lt;/strong&gt;&lt;/p&gt;

&lt;h1&gt;
  
  
  Exercise instructions
&lt;/h1&gt;

&lt;p&gt;&lt;strong&gt;Configuring Microsoft Defender for Cloud Enhanced Security Features for Servers&lt;/strong&gt;&lt;br&gt;
&lt;strong&gt;Step 1:&lt;/strong&gt; Start a browser session and sign-in to the &lt;code&gt;Azure portal menu&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 2:&lt;/strong&gt; In the Azure portal, in the Search resources, services, and docs text box at the top of the Azure portal page, type &lt;strong&gt;Microsoft Defender for Cloud&lt;/strong&gt; and press the &lt;strong&gt;Enter&lt;/strong&gt; key.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fieagvhguaj5kz89oxdtj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fieagvhguaj5kz89oxdtj.png" alt="ms defender" width="799" height="383"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 3:&lt;/strong&gt; On the &lt;strong&gt;Microsoft Defender for Cloud,Management blade&lt;/strong&gt;, go to the &lt;strong&gt;Environment settings&lt;/strong&gt;. Expand the environment settings folders until the &lt;strong&gt;subscription&lt;/strong&gt; section is displayed, then click the &lt;strong&gt;subscription&lt;/strong&gt; to view details.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjkxhmkuuspujgbcw74wb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjkxhmkuuspujgbcw74wb.png" alt="settings" width="799" height="394"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 4:&lt;/strong&gt; In the &lt;strong&gt;Settings&lt;/strong&gt; blade, under &lt;strong&gt;Defender plans&lt;/strong&gt;, expand &lt;strong&gt;Cloud Workload Protection (CWP).&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fudlt634aaykbt6gvgyvb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fudlt634aaykbt6gvgyvb.png" alt="CWP" width="800" height="381"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 5:&lt;/strong&gt; From the &lt;strong&gt;Cloud Workload Protection (CWP) Plan&lt;/strong&gt; list, select &lt;strong&gt;Servers&lt;/strong&gt;. On the right side of the page, change the &lt;strong&gt;Status&lt;/strong&gt; from &lt;strong&gt;Off&lt;/strong&gt; to &lt;strong&gt;On&lt;/strong&gt;, then click &lt;strong&gt;Save&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F6id9em8ct4wnbid29bm8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F6id9em8ct4wnbid29bm8.png" alt="save" width="800" height="381"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 6:&lt;/strong&gt; To review the details of &lt;strong&gt;Microsoft Defender for Servers Plan 2&lt;/strong&gt;, select &lt;strong&gt;Change plan &amp;gt;&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1iwm980pxrf2arhl9mbc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1iwm980pxrf2arhl9mbc.png" alt="change plan" width="800" height="380"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Note: Enabling the Cloud Workload Protection (CWP) Servers plan from &lt;strong&gt;Off&lt;/strong&gt; to &lt;strong&gt;On&lt;/strong&gt; enables Microsoft Defender for Servers Plan 2.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Results:&lt;/strong&gt; You have enabled Microsoft Defender for Servers Plan 2 on your subscription.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 7:&lt;/strong&gt; You can toggle back to &lt;strong&gt;Off&lt;/strong&gt;, if you do not want to use the plan now.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fofsdsg6vxkco4tbjzgi8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fofsdsg6vxkco4tbjzgi8.png" alt="back" width="800" height="381"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>azure</category>
      <category>cloudsecurity</category>
      <category>microsoft</category>
      <category>cloudcomputing</category>
    </item>
    <item>
      <title>Git Engineering Workflow 1</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Fri, 19 Jun 2026 18:03:19 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/git-engineering-workflow-1-2l0k</link>
      <guid>https://dev.to/rahimah_dev/git-engineering-workflow-1-2l0k</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;This article walks through a complete Git-based development workflow: from creating a repository to branching, committing changes, opening a pull request, and merging into main. It demonstrates how modern teams collaborate using version control, feature isolation, code review, and CI/CD principles to deliver software in a structured and reliable way.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Lab Requirements&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Before starting this Git Engineering Workflow Lab, ensure the following tools and accounts are available:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Software&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Git installed on your local machine&lt;/li&gt;
&lt;li&gt;Visual Studio Code (or another code editor)&lt;/li&gt;
&lt;li&gt;GitHub CLI (&lt;code&gt;gh&lt;/code&gt;) installed and authenticated&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Accounts&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A GitHub account&lt;/li&gt;
&lt;li&gt;Access to create repositories on GitHub&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Basic Knowledge&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Familiarity with the command line or terminal&lt;/li&gt;
&lt;li&gt;Basic understanding of files and folders&lt;/li&gt;
&lt;li&gt;Fundamental Git concepts such as repositories, commits, and branches (helpful but not mandatory)&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Lab Objectives
&lt;/h3&gt;

&lt;p&gt;By completing this lab, you will learn how to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create and clone Git repositories&lt;/li&gt;
&lt;li&gt;Work with feature branches&lt;/li&gt;
&lt;li&gt;Stage and commit changes&lt;/li&gt;
&lt;li&gt;Push code to GitHub&lt;/li&gt;
&lt;li&gt;Create and review Pull Requests&lt;/li&gt;
&lt;li&gt;Merge code into the main branch&lt;/li&gt;
&lt;li&gt;Understand the role of CI/CD in modern software development&lt;/li&gt;
&lt;li&gt;Implement a basic GitHub Actions workflow for Continuous Integration&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Expected Outcome
&lt;/h3&gt;

&lt;p&gt;At the end of the lab, you will have a fully functional GitHub repository that demonstrates a professional Git workflow, including branching, code review, merging, and a working CI pipeline using GitHub Actions.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 1: Creating the Repository&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Before any code can be &lt;em&gt;cloned, committed, or pushed&lt;/em&gt;, a repository must first be created. A Git repository serves as the central location where project files and their version history are stored.&lt;/p&gt;

&lt;p&gt;To begin this exercise, I created a new repository on GitHub by:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Logging into my GitHub account&lt;/li&gt;
&lt;li&gt;Clicking &lt;strong&gt;New Repository&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Naming the repository &lt;strong&gt;git-engineering-flow-lab&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Selecting &lt;strong&gt;Public&lt;/strong&gt; visibility&lt;/li&gt;
&lt;li&gt;Initializing the repository with a &lt;strong&gt;README.md&lt;/strong&gt; file&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkpjihdoljj807gc4boxy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkpjihdoljj807gc4boxy.png" alt="new" width="800" height="402"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbiu8j8ybbhtidbnj5bfy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbiu8j8ybbhtidbnj5bfy.png" alt="create" width="800" height="418"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Once the repository was created, GitHub generated a &lt;em&gt;remote&lt;/em&gt; location where all future changes to the project would be stored.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1gmyu7sekw0wc0gcmx92.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1gmyu7sekw0wc0gcmx92.png" alt="done" width="800" height="492"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 2: Cloning the Repository&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After creating the repository on GitHub, the next step was to &lt;strong&gt;clone&lt;/strong&gt; it to my local machine.&lt;br&gt;
At this stage, the repository existed only on GitHub. To start working on it locally, I needed to create a copy on my computer using Git's cloning feature.&lt;br&gt;
Cloning a repository does much more than simply downloading files. When a repository is cloned, Git downloads:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The project files&lt;/li&gt;
&lt;li&gt;The complete commit history&lt;/li&gt;
&lt;li&gt;Branch information&lt;/li&gt;
&lt;li&gt;Repository configuration&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This creates a fully functional local copy of the project while maintaining a connection to the remote repository hosted on GitHub.&lt;/p&gt;

&lt;p&gt;To clone the repository, I copied its &lt;strong&gt;HTTPS URL&lt;/strong&gt; from GitHub and ran:&lt;br&gt;
&lt;strong&gt;git clone &lt;a href="https://github.com/rahimahisah17/git-engineering-flow-lab.git" rel="noopener noreferrer"&gt;https://github.com/rahimahisah17/git-engineering-flow-lab.git&lt;/a&gt;&lt;/strong&gt;&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fvyoif8ti58czsuqrkk9f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fvyoif8ti58czsuqrkk9f.png" alt="https url" width="799" height="454"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Git then created a new folder named &lt;code&gt;git-engineering-flow-lab&lt;/code&gt; and downloaded the repository contents into it.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Faykxdru3yeo5qm4zolda.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Faykxdru3yeo5qm4zolda.png" alt="clone" width="797" height="124"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;At this point, I had two copies of the repository:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A remote repository hosted on GitHub&lt;/li&gt;
&lt;li&gt;A local repository stored on my computer&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This local repository would serve as my workspace for making changes before pushing them back to GitHub.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Faw3hmu7iqzy71wopsg1q.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Faw3hmu7iqzy71wopsg1q.png" alt="git" width="756" height="121"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 3: Creating a Feature Branch&lt;/strong&gt;&lt;br&gt;
After cloning the repository, the next step in the Git workflow is to create a &lt;strong&gt;feature branch&lt;/strong&gt;. This is where development work happens in &lt;em&gt;isolation&lt;/em&gt; from the main codebase.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Working directly on the &lt;code&gt;main&lt;/code&gt; branch is discouraged because it can introduce unstable or unfinished changes into production code. Instead, feature branches allow developers to safely build new functionality without affecting the stable version of the project.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To begin working on a new feature, I created and switched to a new branch using the following command:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;git checkout -b feature/add-login-button&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyr511khx2wro8q1jp6jf.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyr511khx2wro8q1jp6jf.png" alt="feature branch" width="794" height="64"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This command performs two actions at once:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Creates a new branch called &lt;code&gt;feature/add-login-button&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Switches to that branch immediately&lt;/li&gt;
&lt;li&gt;So all new work happens in isolation&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;You can confirm the branch was created and active by running:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;git branch&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpuxilmxa36or074h19il.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpuxilmxa36or074h19il.png" alt="checkout" width="800" height="107"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Feature branches are a core part of modern Git workflows because they:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Keep the &lt;code&gt;main&lt;/code&gt; branch stable and deployable&lt;/li&gt;
&lt;li&gt;Allow multiple developers to work independently&lt;/li&gt;
&lt;li&gt;Enable experimentation without risk to production code&lt;/li&gt;
&lt;li&gt;Make code review easier through Pull Requests&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Step 4: Write Code and Commit Changes&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After creating a feature branch and adding a new file to the project, the next step in the Git workflow is to &lt;em&gt;write code (make changes) and commit them&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;In this step, I created a simple file called &lt;code&gt;login.txt&lt;/code&gt; to represent the login feature being developed.&lt;/p&gt;

&lt;p&gt;Inside the project directory, I added content to a new file:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;echo Login button feature added &amp;gt; login.txt&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This command creates a file named &lt;code&gt;login.txt&lt;/code&gt; and writes a simple message into it. In a real project, this step would involve writing actual application code instead of a text file.&lt;/p&gt;

&lt;p&gt;To check the state of the repository, I ran:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;git status&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Then I staged the file using:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;git add login.txt&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Staging tells Git which changes should be included in the next commit. At this point, the file moved from “untracked” to “ready to be committed.”&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F6qviohs6lxqz7abjsbqj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F6qviohs6lxqz7abjsbqj.png" alt="staging" width="800" height="322"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Then I created a commit:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;git commit -m "feat: add login"&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fu4dikoulaxacrdav5xix.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fu4dikoulaxacrdav5xix.png" alt="commit" width="800" height="121"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This command creates a commit, which is a &lt;em&gt;permanent snapshot of the project at that point in time.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;A commit is one of the most important concepts in Git. It acts like a &lt;strong&gt;save point&lt;/strong&gt;, allowing developers to track progress, revert changes if needed, and maintain a clear history of the project.&lt;/p&gt;

&lt;p&gt;By committing small and meaningful changes, the project history remains clean, readable, and easy to manage.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 5: Push Branch to Remote Repository&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After committing my changes locally, the next step was to upload my work to GitHub. This is done by &lt;em&gt;pushing&lt;/em&gt; the feature branch to the remote repository.&lt;/p&gt;

&lt;p&gt;At this stage, my changes existed only on my local machine. To share them and prepare for collaboration, I needed to synchronize my local branch with GitHub.&lt;/p&gt;

&lt;p&gt;I ran the following command:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;git push -u origin feature/add-login-button&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flce5q3nc8ebdm8vpxn01.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flce5q3nc8ebdm8vpxn01.png" alt="push" width="800" height="261"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This command performs these important actions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Pushes the branch to GitHub&lt;/li&gt;
&lt;li&gt;Uploads the local &lt;code&gt;feature/add-login-button&lt;/code&gt; branch to the remote repository&lt;/li&gt;
&lt;li&gt;Sets upstream tracking (&lt;code&gt;-u&lt;/code&gt;)&lt;/li&gt;
&lt;li&gt;Links the local branch to the remote branch&lt;/li&gt;
&lt;li&gt;This allows future pushes to be done using only:
&lt;strong&gt;git push&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Pushing a branch is a key part of modern Git workflows because it:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Shares your work with the remote repository (GitHub)&lt;/li&gt;
&lt;li&gt;Makes your changes visible to teammates&lt;/li&gt;
&lt;li&gt;Prepares the branch for pull request creation&lt;/li&gt;
&lt;li&gt;Keeps local and remote repositories in sync&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;em&gt;Without pushing, your work remains only on your local machine and cannot be reviewed or merged&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdnbsls8xqb25r6mgarvw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdnbsls8xqb25r6mgarvw.png" alt="push" width="800" height="495"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 6: Open Pull Request (PR)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After pushing my feature branch to GitHub, the next step was to open a Pull Request (PR). A &lt;code&gt;Pull Request&lt;/code&gt; is a way of proposing changes so they can be reviewed before being merged into the main branch.&lt;/p&gt;

&lt;p&gt;This is a key part of &lt;strong&gt;collaborative development&lt;/strong&gt;, where code is not directly pushed into production but instead reviewed first.&lt;/p&gt;

&lt;p&gt;To create the Pull Request, I used the GitHub CLI:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;gh pr create --fill&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fawnzmzwe9pmmgzn0byew.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fawnzmzwe9pmmgzn0byew.png" alt="pr" width="800" height="125"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This command automatically:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Creates a Pull Request on GitHub&lt;/li&gt;
&lt;li&gt;Compares the feature branch (&lt;code&gt;feature/add-login-button&lt;/code&gt;) with &lt;code&gt;main&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Uses the latest commit message as the PR title&lt;/li&gt;
&lt;li&gt;Auto-fills the PR description based on commit history&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;After running the command, GitHub generated a URL to view the Pull Request in the browser.&lt;/p&gt;

&lt;p&gt;Instead of directly pushing changes to &lt;code&gt;main&lt;/code&gt;, developers work on feature branches and submit Pull Requests for review.&lt;/p&gt;

&lt;p&gt;A Pull Request represents a &lt;strong&gt;proposal to merge changes&lt;/strong&gt;. It is not yet part of the main codebase. This ensures that every change is reviewed, discussed, and approved before integration.&lt;/p&gt;

&lt;p&gt;Even in solo projects, PRs help simulate real-world engineering workflows.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 7: Code Review&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After opening the Pull Request, the next stage in the Git workflow is &lt;code&gt;code review&lt;/code&gt;. This is where changes are inspected before being merged into the main branch.&lt;/p&gt;

&lt;p&gt;Even though this project was done individually, this step simulates how teams review code in real-world development environments.&lt;/p&gt;

&lt;p&gt;To inspect the Pull Request directly from the terminal, I ran:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;gh pr view --comments&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkyt02dw36wfteo05cecy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkyt02dw36wfteo05cecy.png" alt="pr" width="800" height="170"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The terminal displayed the Pull Request summary:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;PR Title: &lt;code&gt;feat: add login file&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Status: Open&lt;/li&gt;
&lt;li&gt;Branch: &lt;code&gt;feature/add-login-button → main&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Comments: None&lt;/li&gt;
&lt;li&gt;Checks: No checks&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;No description:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;This means no additional PR description was manually added&lt;/li&gt;
&lt;li&gt;GitHub only used the commit message as the PR title&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;No checks:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;This indicates there is no CI/CD pipeline configured for this repository&lt;/li&gt;
&lt;li&gt;In real-world projects, this area would show automated test results or build status
&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsp3wzx1pyz978sdc20qr.png" alt="pr on git" width="800" height="336"&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Code review is a critical step in professional software development because it:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Helps catch bugs before merging&lt;/li&gt;
&lt;li&gt;Improves code quality&lt;/li&gt;
&lt;li&gt;Encourages collaboration and feedback&lt;/li&gt;
&lt;li&gt;Ensures consistency in the codebase&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Even when working alone, reviewing your own PR helps reinforce good development habits.&lt;/p&gt;

&lt;p&gt;A Pull Request is not just a merge request BUT a &lt;strong&gt;discussion point for changes&lt;/strong&gt;. This is where code is validated before becoming part of the main branch.&lt;/p&gt;

&lt;p&gt;This step completes the review stage of the Git workflow, preparing the changes for final integration into the main branch.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 8: Merge Pull Request into Main&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After completing code review, the final step in the Git workflow is to merge the Pull Request into the &lt;code&gt;main&lt;/code&gt; branch. This is where the feature officially becomes part of the project’s primary codebase.&lt;/p&gt;

&lt;p&gt;At this point, the feature branch has been developed, reviewed, and approved for integration.&lt;/p&gt;

&lt;p&gt;To complete the merge using the GitHub CLI, I ran:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;gh pr merge --squash&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpsbn20iwswtqkw485prj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpsbn20iwswtqkw485prj.png" alt="merged" width="800" height="81"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This command performs several actions automatically:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Merges the Pull Request into the &lt;code&gt;main&lt;/code&gt; branch&lt;/li&gt;
&lt;li&gt;Squashes all commits into one meaningful commit&lt;/li&gt;
&lt;li&gt;Closes the Pull Request&lt;/li&gt;
&lt;li&gt;Updates the repository history on GitHub&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsatka1ztaymhmqhsfid4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fsatka1ztaymhmqhsfid4.png" alt="pr closed" width="800" height="381"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;In modern Git workflows, feature branches are temporary. Once their work is completed and merged, they are deleted or left inactive. The &lt;code&gt;main&lt;/code&gt; branch remains the single source of truth for production-ready code.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;This step completes the full Git workflow cycle:&lt;br&gt;
&lt;strong&gt;write code → commit → push → review → merge → deliver to main&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 9: CI/CD Deployment (Automated Delivery)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After merging the Pull Request into the &lt;code&gt;main&lt;/code&gt; branch, the final stage in a modern Git workflow is &lt;strong&gt;CI/CD (Continuous Integration and Continuous Deployment)&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;At this point, the responsibility of delivering the code shifts from the developer to an automated system.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What triggers CI/CD?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;In most real-world projects, a CI/CD pipeline is automatically triggered when:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Code is pushed to a repository (&lt;code&gt;git push&lt;/code&gt;)&lt;/li&gt;
&lt;li&gt;A Pull Request is merged into &lt;code&gt;main&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In this workflow, the merge into &lt;code&gt;main&lt;/code&gt; represents a production-ready change that activates the pipeline.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What happens in the pipeline?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Once triggered, the CI/CD system typically performs several automated tasks.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Continuous Integration (CI):&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Runs automated tests&lt;/li&gt;
&lt;li&gt;Validates code quality&lt;/li&gt;
&lt;li&gt;Ensures new changes do not break existing functionality&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Continuous Deployment (CD):&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Builds the application&lt;/li&gt;
&lt;li&gt;Packages the code&lt;/li&gt;
&lt;li&gt;Deploys it to a staging or production environment&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;CI/CD removes &lt;strong&gt;manual deployment&lt;/strong&gt; steps from the development process.&lt;/p&gt;

&lt;p&gt;Instead of developers copying files to servers manually, everything is handled by automation.&lt;/p&gt;

&lt;p&gt;Once code is merged into &lt;code&gt;main&lt;/code&gt;, it can automatically be tested, built, and deployed without human intervention.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why CI/CD is important&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This approach improves software delivery by:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Reducing human error in deployments&lt;/li&gt;
&lt;li&gt;Speeding up release cycles&lt;/li&gt;
&lt;li&gt;Ensuring consistent builds&lt;/li&gt;
&lt;li&gt;Allowing rapid feedback from production systems&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;em&gt;CI/CD represents the final stage of the Git workflow. It ensures that every approved change can safely and automatically reach production.&lt;br&gt;
This completes the full development cycle:&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;code → commit → push → review → merge → deploy&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To reinforce the CI/CD concept, I created a GitHub Actions workflow and successfully triggered it by pushing changes to the main branch. The workflow executed automatically and completed successfully, demonstrating how modern development teams automate validation and delivery processes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8y2b6udblp3iohmm8tiv.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8y2b6udblp3iohmm8tiv.png" alt="ci" width="799" height="333"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdup1py1merzyyz7hu7ky.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdup1py1merzyyz7hu7ky.png" alt="everything" width="800" height="508"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;This article demonstrates a complete Git workflow used in modern software development. It covers creating a repository, cloning it locally, working on a feature branch, making and committing changes, pushing to GitHub, opening a pull request, performing code review, merging changes into the main branch, and understanding CI/CD deployment. The process highlights how developers collaborate, maintain code quality, and automate delivery using Git and GitHub.&lt;br&gt;
&lt;em&gt;NOTE: A GitHub Actions workflow was implemented to demonstrate Continuous Integration (CI). While a deployment target was not configured, the workflow successfully validated the automation process that forms the foundation of a complete CI/CD pipeline.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>devops</category>
      <category>softwaredevelopment</category>
      <category>versioncontrol</category>
      <category>git</category>
    </item>
    <item>
      <title>Create DNS zones and configure DNS settings</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Tue, 26 May 2026 13:12:28 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/create-dns-zones-and-configure-dns-settings-18a7</link>
      <guid>https://dev.to/rahimah_dev/create-dns-zones-and-configure-dns-settings-18a7</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;Reliable name resolution is a critical part of modern cloud infrastructure, especially in secure, private network environments. In this hands-on guide, we’ll configure Azure Private DNS to enable seamless internal communication using custom domain names instead of IP addresses. The exercise covers creating a private DNS zone, linking it to a virtual network, and configuring DNS records for backend resources: demonstrating practical Azure networking and cloud administration skills used in real-world enterprise environments.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Scenario&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Your organization requires workloads to use domain names instead of IP addresses for internal communications. The organization doesn’t want to add a custom DNS solution. You identify these requirements.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A private DNS zone is required for contoso.com.&lt;/li&gt;
&lt;li&gt;The DNS will use a virtual network link to app-vnet.&lt;/li&gt;
&lt;li&gt;A new DNS record is required for the backend subnet.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Skilling tasks
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Create and configure a private DNS zone.&lt;/li&gt;
&lt;li&gt;Create and configure DNS records.&lt;/li&gt;
&lt;li&gt;Configure DNS settings on a virtual network.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Exercise instructions
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt;: This exercise requires the Lab 01 virtual networks and subnets to be installed. A template is provided if you need to deploy those resources.&lt;br&gt;
Create a private DNS zone&lt;/p&gt;

&lt;p&gt;&lt;code&gt;Azure Private DNS&lt;/code&gt; provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names.&lt;/p&gt;

&lt;p&gt;1.On the Azure portal, search for and select &lt;code&gt;Private dns zones&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;2.Select &lt;strong&gt;+ Create&lt;/strong&gt; and configure the DNS zone.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Subscription&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Select your subscription&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Resource group&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;RG1&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;code&gt;private.contoso.com&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Region&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;East US&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;3.Select &lt;strong&gt;Review + create&lt;/strong&gt; and then select &lt;strong&gt;Create&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;4.Wait for the DNS zone to deploy, and then select &lt;strong&gt;Go to resource&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Create a virtual network link to your private DNS zone
&lt;/h2&gt;

&lt;p&gt;To resolve DNS records in a private DNS zone, resources must be linked to the private zone. A virtual network link associates the virtual network to the private zone.&lt;/p&gt;

&lt;p&gt;1.In the portal, continue working on the &lt;strong&gt;private.contoso.com&lt;/strong&gt; DNS zone.&lt;/p&gt;

&lt;p&gt;2.In the &lt;strong&gt;DNS Management&lt;/strong&gt; blade, select + &lt;strong&gt;Virtual network links&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;3.Select &lt;strong&gt;+ Add&lt;/strong&gt; and configure the virtual network link.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Link name&lt;/td&gt;
&lt;td&gt;&lt;code&gt;app-vnet-link&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Virtual network&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;app-vnet&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Enable auto registration&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Enabled&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;4.Select &lt;strong&gt;Create&lt;/strong&gt; and wait for the deployment to finish. If necessary, &lt;strong&gt;Refresh&lt;/strong&gt; the page.&lt;/p&gt;

&lt;h2&gt;
  
  
  Create a DNS record set
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;DNS records&lt;/code&gt; provide information about the DNS zone.&lt;/p&gt;

&lt;p&gt;1.In the portal, continue working on the private.contoso.com DNS zone.&lt;/p&gt;

&lt;p&gt;2.In the &lt;strong&gt;DNS Management&lt;/strong&gt; blade, select + &lt;strong&gt;Recordsets&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;3.Notice that two A records have automatically been created for each of the virtual machines.&lt;/p&gt;

&lt;p&gt;4.Select &lt;strong&gt;+ Add&lt;/strong&gt; and configure a record set. When finished select &lt;strong&gt;Add&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;code&gt;backend&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Type&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;A&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;TTL&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;1&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;IP address&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;10.1.1.5&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; This record set implies there is a virtual machine in app-vnet with a private IP address of 10.1.1.5.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Key takeaways&lt;/strong&gt;&lt;br&gt;
Here are the main takeaways:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Azure DNS is a cloud service that allows you to host and manage domain name system (DNS) domains, also known as DNS zones.&lt;/li&gt;
&lt;li&gt;Azure DNS public zones host domain name zone data for records that you intend to be resolved by any host on the internet.&lt;/li&gt;
&lt;li&gt;Azure Private DNS zones allow you to configure a private DNS zone namespace for private Azure resources.&lt;/li&gt;
&lt;li&gt;A DNS zone is a collection of DNS records. DNS records provide information about the domain.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;In this exercise, we configured Azure Private DNS to enable secure and reliable internal name resolution within a virtual network. We created a private DNS zone for private.contoso.com, linked it to the app-vnet virtual network, and configured DNS record sets for backend resources. This setup demonstrates how &lt;em&gt;Azure Private DNS simplifies internal communication by allowing workloads to use custom domain names instead of IP addresses, while maintaining centralized and secure DNS management in Azure&lt;/em&gt;.&lt;/p&gt;

</description>
      <category>azureprivatedns</category>
      <category>dns</category>
      <category>networking</category>
      <category>cloudcomputing</category>
    </item>
    <item>
      <title>Configure network routing</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Tue, 26 May 2026 12:00:41 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/configure-network-routing-10ij</link>
      <guid>https://dev.to/rahimah_dev/configure-network-routing-10ij</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;In modern cloud environments, controlling how network traffic flows is just as important as securing the workloads themselves. In this guide, we’ll configure custom network routing in Azure by creating route tables, associating them with subnets, and directing outbound traffic through an Azure Firewall for centralized inspection and filtering. This hands-on exercise demonstrates practical cloud networking and security skills that are essential for designing secure, enterprise-grade Azure infrastructures.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Scenario&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To ensure the firewall policies are enforced, outbound application traffic must be routed through the firewall. You identify these requirements.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A route table is required. This route table will be associated with the frontend and backend subnets.&lt;/li&gt;
&lt;li&gt;A route is required to filter all outbound IP traffic from the subnets to the firewall. The firewall’s private IP address will be used.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Skilling tasks
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Create and configure a route table.&lt;/li&gt;
&lt;li&gt;Link a route table to a subnet.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Exercise instructions
&lt;/h2&gt;

&lt;h2&gt;
  
  
  Create a route table
&lt;/h2&gt;

&lt;p&gt;Azure automatically creates a &lt;code&gt;route table&lt;/code&gt; for each subnet within an Azure virtual network. The route table includes the default &lt;code&gt;system routes&lt;/code&gt;. You can create route tables and routes to override Azure’s default system routes.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Record the private IP address of app-vnet-firewall&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.In the search box at the top of the portal, enter &lt;strong&gt;Firewall&lt;/strong&gt;. Select &lt;strong&gt;Firewall&lt;/strong&gt; in the search results.&lt;/p&gt;

&lt;p&gt;2.Select &lt;strong&gt;app-vnet-firewall&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;3.Select &lt;strong&gt;Overview&lt;/strong&gt; and record the &lt;strong&gt;Private IP address&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg58a7ajrb18lbzmpaohf.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg58a7ajrb18lbzmpaohf.png" alt="fw" width="799" height="383"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Add the route table&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;1.In the search box, enter &lt;strong&gt;Route tables&lt;/strong&gt;. When Route table appears in the search results, select it.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmaq6rarmlf7qazhtfp4g.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmaq6rarmlf7qazhtfp4g.png" alt="rt" width="799" height="441"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;2.In the Route table page, select &lt;strong&gt;+ Create&lt;/strong&gt; and create the route table.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5fkoayiibtgvd4ys6uv3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5fkoayiibtgvd4ys6uv3.png" alt="create" width="799" height="438"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Subscription&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Select your subscription&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Resource group&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;RG1&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Region&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;East US&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;code&gt;app-vnet-firewall-rt&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;3.Select &lt;strong&gt;Review + create&lt;/strong&gt; and then select &lt;strong&gt;Create&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzx9bb3ivg8fg3qkjhahu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzx9bb3ivg8fg3qkjhahu.png" alt="review" width="799" height="442"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;4.Wait for the route table to deploy, then select &lt;strong&gt;Go to resource&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Associate the route table to the subnets
&lt;/h2&gt;

&lt;p&gt;1.In the portal, continue working with the route table, select &lt;strong&gt;app-vnet-firewall-rt&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;2.In the &lt;strong&gt;Settings&lt;/strong&gt; blade, select &lt;strong&gt;Subnets&lt;/strong&gt; and then &lt;strong&gt;+ Associate&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz9uzkvr5xlfii7qgusgd.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz9uzkvr5xlfii7qgusgd.png" alt="associate" width="800" height="490"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;3.Configure an association to the frontend subnet, then select &lt;strong&gt;OK&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Virtual network&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;app-vnet&lt;/strong&gt; (RG1)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Subnet&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;frontend&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8f72ciusv9enyvvqqs2u.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8f72ciusv9enyvvqqs2u.png" alt="ok" width="790" height="881"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;4.Configure an association to the backend subnet, then select &lt;strong&gt;OK&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Virtual network&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;app-vnet&lt;/strong&gt; (RG1)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Subnet&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;backend&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs2o8to5nse0bxczzk2xe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs2o8to5nse0bxczzk2xe.png" alt="backend" width="799" height="439"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmf98onia6i92sr9ua2ig.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmf98onia6i92sr9ua2ig.png" alt="bothends" width="800" height="436"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Create a route in the route table
&lt;/h2&gt;

&lt;p&gt;1.In the portal, continue working with the route table, select &lt;strong&gt;app-vnet-firewall-rt&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;2.In the &lt;strong&gt;Settings&lt;/strong&gt; blade, select &lt;strong&gt;Routes&lt;/strong&gt; and then &lt;strong&gt;+ Add&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2h6b6zlvlkevigfvxauc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2h6b6zlvlkevigfvxauc.png" alt="addroutes" width="800" height="460"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;3.Configure the route, then select &lt;strong&gt;Add&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Route name&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;outbound-firewall&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Destination type&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;IP addresses&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Destination IP addresses/CIDR range&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;0.0.0.0/0&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Next hop type&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Virtual appliance&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Next hop address&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;private IP address of the firewall&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1tgoh2f3l32qicfedq16.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1tgoh2f3l32qicfedq16.png" alt="add" width="737" height="879"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5tc2t2a30skwnd9atdvs.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5tc2t2a30skwnd9atdvs.png" alt="verify" width="800" height="444"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Key takeaways&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Here are the main takeaways:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Network traffic in Azure is automatically routed across Azure subnets, virtual networks, and on-premises networks. System routes control this routing.&lt;/li&gt;
&lt;li&gt;User-defined routes override the default system routes so traffic can be routed through a network virtual appliances (NVAs).&lt;/li&gt;
&lt;li&gt;Network virtual appliances (NVAs) control the flow of network traffic. Examples of NVAs are firewalls, load balancers, and routers.&lt;/li&gt;
&lt;li&gt;Route tables contain routing information and are associated with a subnet.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;In this exercise, we configured Azure network routing to ensure outbound traffic is securely inspected through an Azure Firewall. We created a custom route table, associated it with the frontend and backend subnets, and added a user-defined route that forwards all outbound traffic to the firewall’s private IP address. This setup demonstrates how Azure route tables and network virtual appliances work together to provide centralized traffic control, improved security, and enterprise-grade network management.&lt;/p&gt;

</description>
      <category>networking</category>
      <category>azurefirewall</category>
      <category>devops</category>
      <category>cloudsecurity</category>
    </item>
    <item>
      <title>Create and configure Azure Firewall</title>
      <dc:creator>Rahimah Sulayman</dc:creator>
      <pubDate>Mon, 25 May 2026 21:21:10 +0000</pubDate>
      <link>https://dev.to/rahimah_dev/create-and-configure-azure-firewall-3lja</link>
      <guid>https://dev.to/rahimah_dev/create-and-configure-azure-firewall-3lja</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;As cloud applications scale, simple subnet-level filtering isn't enough to defend against &lt;strong&gt;sophisticated attack&lt;/strong&gt; vectors. This project demonstrates how to implement a centralized network security strategy in Microsoft Azure by deploying &lt;code&gt;Azure Firewall&lt;/code&gt; to protect corporate workloads (app-vnet). Moving beyond basic port restrictions, this guide covers how to design and enforce Firewall Policies,including Layer 7 Application Rules to securely &lt;strong&gt;lock down egress traffic&lt;/strong&gt; to Azure DevOps pipelines (dev.azure.com) and Network Rules to &lt;strong&gt;safeguard core infrastructure traffic&lt;/strong&gt; like DNS resolution.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Scenario&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Your organization requires centralized network security for the application virtual network. As the application usage increases, more granular application-level filtering and advanced threat protection will be needed. Also, it is expected the application will need continuous updates from Azure DevOps pipelines. You identify these requirements.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Azure Firewall is required for additional security in the app-vnet.&lt;/li&gt;
&lt;li&gt;A &lt;strong&gt;firewall policy&lt;/strong&gt; should be configured to help manage access to the application.&lt;/li&gt;
&lt;li&gt;A firewall policy &lt;strong&gt;application rule&lt;/strong&gt; is required. This rule will allow the application access to Azure DevOps so the application code can be updated.&lt;/li&gt;
&lt;li&gt;A firewall policy &lt;strong&gt;network rule&lt;/strong&gt; is required. This rule will allow DNS resolution.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Skilling tasks
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Create an Azure Firewall.&lt;/li&gt;
&lt;li&gt;Create and configure a firewall policy&lt;/li&gt;
&lt;li&gt;Create an application rule collection.&lt;/li&gt;
&lt;li&gt;Create a network rule collection.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Create Azure Firewall subnet in our existing virtual network
&lt;/h2&gt;

&lt;p&gt;1.In the search box at the top of the portal, enter &lt;strong&gt;Virtual networks&lt;/strong&gt;. Select &lt;strong&gt;Virtual networks&lt;/strong&gt; in the search results.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7gmc7ptzxi1kh5v1r4g1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7gmc7ptzxi1kh5v1r4g1.png" alt="vnet" width="800" height="383"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;2.Select &lt;strong&gt;app-vnet&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;3.Select &lt;strong&gt;Subnets&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;4.Select &lt;strong&gt;+ Subnet&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fumy85kh4u1aze5r0dw0b.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fumy85kh4u1aze5r0dw0b.png" alt="+subnet" width="800" height="384"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5.Enter the following information and select &lt;strong&gt;Add&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;AzureFirewallSubnet&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Address range&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;10.1.63.0/26&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Leave all other settings as default.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm1ug14cr34opqglqlu00.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm1ug14cr34opqglqlu00.png" alt="AzureFW" width="800" height="443"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Create an Azure Firewall
&lt;/h2&gt;

&lt;p&gt;1.In the search box at the top of the portal, enter &lt;strong&gt;Firewall&lt;/strong&gt;. Select &lt;strong&gt;Firewall&lt;/strong&gt; in the search results.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh3bnkbswfpngisoutlkq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh3bnkbswfpngisoutlkq.png" alt="FW" width="800" height="449"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;2.Select &lt;strong&gt;+ Create&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1l1cxfrj1js6ck56mc6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1l1cxfrj1js6ck56mc6.png" alt="create" width="800" height="448"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;3.Create a firewall by using the values in the following table. For any property that is not specified, use the default value.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Azure Firewall can take a few minutes to deploy.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Resource group&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;RG1&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;app-vnet-firewall&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Firewall SKU&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Standard&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Firewall management&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Use a Firewall Policy to manage this firewall&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Firewall policy&lt;/td&gt;
&lt;td&gt;select &lt;strong&gt;Add new&lt;/strong&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Policy name&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;fw-policy&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Region&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;East US&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Policy Tier&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Standard&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Choose a virtual network&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Use existing&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Virtual network&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;app-vnet&lt;/strong&gt; (RG1)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Public IP address&lt;/td&gt;
&lt;td&gt;Add new: &lt;strong&gt;fwpip&lt;/strong&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Enable Firewall Management NIC&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;uncheck the box&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4jisvkyunmcdi8cchw5e.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4jisvkyunmcdi8cchw5e.png" alt="fill" width="799" height="574"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;4.Select &lt;strong&gt;Review + create&lt;/strong&gt; and then select &lt;strong&gt;Create&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5m630ze131n1le2vhwpf.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5m630ze131n1le2vhwpf.png" alt="reviewncreate" width="800" height="553"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Update the Firewall Policy
&lt;/h2&gt;

&lt;p&gt;1.In the portal, search for and select &lt;code&gt;Firewall Policies&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fahdb7cbi3g609kh6odf4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fahdb7cbi3g609kh6odf4.png" alt="FW policies" width="800" height="410"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;2.Select &lt;strong&gt;fw-policy&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Add an application rule
&lt;/h2&gt;

&lt;p&gt;1.In the &lt;strong&gt;Rules&lt;/strong&gt; blade, select &lt;strong&gt;Application rules&lt;/strong&gt; and then &lt;strong&gt;Add a rule collection&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhaw6hb2jmjirmjic3h0l.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhaw6hb2jmjirmjic3h0l.png" alt="rules" width="800" height="392"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;2.Configure the application rule collection and then select &lt;strong&gt;Add&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;code&gt;app-vnet-fw-rule-collection&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Rule collection type&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Application&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Priority&lt;/td&gt;
&lt;td&gt;&lt;code&gt;200&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Rule collection action&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Allow&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Rule collection group&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;DefaultApplicationRuleCollectionGroup&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;code&gt;AllowAzurePipelines&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Source type&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;IP address&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Source&lt;/td&gt;
&lt;td&gt;&lt;code&gt;10.1.0.0/23&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Protocol&lt;/td&gt;
&lt;td&gt;&lt;code&gt;https&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Destination type&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;FQDN&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Destination&lt;/td&gt;
&lt;td&gt;&lt;code&gt;dev.azure.com, azure.microsoft.com&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F919lem02fx3l4grab381.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F919lem02fx3l4grab381.png" alt="fill" width="800" height="526"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; The &lt;strong&gt;AllowAzurePipelines&lt;/strong&gt; rule allows the web application to access Azure Pipelines. The rule allows the web application to access the Azure DevOps service and the Azure website.&lt;/p&gt;

&lt;h2&gt;
  
  
  Add a network rule
&lt;/h2&gt;

&lt;p&gt;1.In the &lt;strong&gt;Rules&lt;/strong&gt; blade, select &lt;strong&gt;Network rules&lt;/strong&gt; and then &lt;strong&gt;Add a rule collection&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbxlaha1ont40apnq81vk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbxlaha1ont40apnq81vk.png" alt="addarule" width="800" height="688"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;2.Configure the network rule and then select &lt;strong&gt;Add&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Property&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Value&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Name&lt;/td&gt;
&lt;td&gt;&lt;code&gt;app-vnet-fw-nrc-dns&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Rule collection type&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Network&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Priority&lt;/td&gt;
&lt;td&gt;&lt;code&gt;200&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Rule collection action&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Allow&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Rule collection group&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;DefaultNetworkRuleCollectionGroup&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Rule&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;AllowDns&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Source&lt;/td&gt;
&lt;td&gt;&lt;code&gt;10.1.0.0/23&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Protocol&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;UDP&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Destination ports&lt;/td&gt;
&lt;td&gt;&lt;code&gt;53&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Destination addresses&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;1.1.1.1, 1.0.0.1&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6omg0psxc8o4b7zwsxor.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6omg0psxc8o4b7zwsxor.png" alt="rules" width="800" height="384"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Verify the firewall and firewall policy status
&lt;/h2&gt;

&lt;p&gt;1.In the portal search for and select &lt;strong&gt;Firewall&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;2.View the &lt;strong&gt;app-vnet-firewall&lt;/strong&gt; and ensure the &lt;strong&gt;Provisioning state&lt;/strong&gt; is &lt;strong&gt;Succeeded&lt;/strong&gt;. This may take a few minutes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyi1ptknw2cj9m524w425.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyi1ptknw2cj9m524w425.png" alt="succeeded" width="800" height="443"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;3.In the portal serach for and select &lt;strong&gt;Firewall policies&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;4.View the &lt;strong&gt;fw-policy&lt;/strong&gt; and ensure the &lt;strong&gt;Provisioning state&lt;/strong&gt; is &lt;strong&gt;Succeeded&lt;/strong&gt;. This may take a few minutes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcgiu08sroerwkkcfps0v.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcgiu08sroerwkkcfps0v.png" alt="succeeded" width="800" height="443"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;This project demonstrates the implementation of a centralized network security perimeter within Microsoft Azure using &lt;strong&gt;Azure Firewall&lt;/strong&gt; and &lt;strong&gt;Firewall Policies&lt;/strong&gt;. By shifting from decentralized security rules to a unified firewall model, this architecture enforces granular Layer 4 (network) and Layer 7 (application) filtering to protect cloud workloads from malicious egress traffic while enabling secure &lt;strong&gt;CI/CD automation&lt;/strong&gt;.&lt;/p&gt;

</description>
      <category>azurefirewall</category>
      <category>cloudsecurity</category>
      <category>infrastructure</category>
      <category>networking</category>
    </item>
  </channel>
</rss>
