<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Richard</title>
    <description>The latest articles on DEV Community by Richard (@richyy).</description>
    <link>https://dev.to/richyy</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3930987%2F158bec4f-0fcc-48ea-8522-29a5a6d2563e.png</url>
      <title>DEV Community: Richard</title>
      <link>https://dev.to/richyy</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/richyy"/>
    <language>en</language>
    <item>
      <title>What Three Fictional Startups Taught Me About Structured, Semi-Structured, and Unstructured Data on Azure</title>
      <dc:creator>Richard</dc:creator>
      <pubDate>Thu, 02 Jul 2026 04:25:25 +0000</pubDate>
      <link>https://dev.to/richyy/what-three-fictional-startups-taught-me-about-structured-semi-structured-and-unstructured-data-on-1h37</link>
      <guid>https://dev.to/richyy/what-three-fictional-startups-taught-me-about-structured-semi-structured-and-unstructured-data-on-1h37</guid>
      <description>&lt;p&gt;I'm currently transitioning into cloud engineering and DevOps, and one thing I've learned quickly is that understanding a concept in theory is very different from being able to reason through it in real-life scenarios — the kind you'd actually get on the job.&lt;/p&gt;

&lt;p&gt;I don't have real production systems to practice on yet, so I employed the use of AI to come up with creative briefs for fictional startups that I can listen through and get constructive feedback on right away. Instead of memorizing definitions, I run myself through a case-based exercise: for each fictional company, I have to classify their data into structured, semi-structured, and unstructured, and pick the right Azure service for it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Three Data Types&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Structured data&lt;/strong&gt; has a fixed schema — you'll typically have the same fields every time, arranged in rows and columns. For example: customer records with name, age, and account number.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Semi-structured data&lt;/strong&gt; has some organization, but doesn't necessarily fit into a rigid table. A good example is a JSON object, where fields can vary between records.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Unstructured data&lt;/strong&gt; has no inherent structure at all — think a photo, a video file, or a PDF.&lt;/p&gt;

&lt;p&gt;That part felt easy enough, and I figured I could just walk through some real-life scenarios and apply it cleanly. But I quickly learned that the type of data and the right database for that data are actually two separate decisions — and it wasn't quite as intuitive as I initially thought.&lt;/p&gt;

&lt;h2&gt;
  
  
  Case One: Telemedicine
&lt;/h2&gt;

&lt;p&gt;The first creative brief was a telemedicine platform storing patient records, consultation videos, symptom photos, doctor's notes, app logs, and insurance PDFs.&lt;/p&gt;

&lt;p&gt;Most of it sorted out without much issue. Patient records were easy to classify as structured data — the same fields every time (patient ID, name, age, diagnosis) falling into clean rows and columns. On Azure, that's a job for &lt;strong&gt;Azure SQL Database&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Consultation videos, symptom photos, and insurance PDFs are all formats that aren't rigid or structured. I also learned something here: even with a PDF file, Azure can't read through whatever rows and columns might exist inside it. A PDF is more of a flattened file, so it lumps together under the unstructured umbrella and gets handled by &lt;strong&gt;Azure Blob Storage&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;The one that stretched my thinking was the system logs tracking user logins, errors, and API calls. Initially I felt: okay, there's some pattern here, it's not quite as rigid as a database. That instinct was correct — it was the textbook definition of semi-structured data, best handled by &lt;strong&gt;Azure Table Storage or Azure Cosmos DB&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Case Two: Food Delivery
&lt;/h2&gt;

&lt;p&gt;The second brief was a food delivery startup — think of the Glovo or Jumia Food type of app. This is where I hit my first real curveball.&lt;/p&gt;

&lt;p&gt;On one end, you have restaurants registered on the platform with structured information — location, offerings, and so on. On the other end, you have customers logging in, placing orders, specifying delivery locations, generating user IDs. Once again, structured data.&lt;/p&gt;

&lt;p&gt;But then there was the GPS tracking data for delivery drivers, captured every 30 seconds — latitude, longitude, timestamp, speed, driver ID — used to tell you the driver is five or ten minutes away.&lt;/p&gt;

&lt;p&gt;Initially, this seemed structured, because it is — the same five fields every time. But I realized the sheer volume of data generated every 30 seconds would overwhelm any Azure SQL database. So this was a situation where the data &lt;em&gt;shape&lt;/em&gt;, which is structured, doesn't necessarily dictate the &lt;em&gt;architecture&lt;/em&gt; needed to handle it.&lt;/p&gt;

&lt;p&gt;Azure Cosmos DB became the choice — not because the data became less structured, but because Cosmos DB is built for that kind of high-velocity ingestion.&lt;/p&gt;

&lt;p&gt;This gave me a new rule: data type is about the shape of the data, but database choice is about shape &lt;em&gt;plus&lt;/em&gt; volume, velocity, and query pattern. Structured data doesn't automatically mean "put it in SQL." Sometimes it needs a NoSQL-style engine purely for performance reasons.&lt;/p&gt;

&lt;h2&gt;
  
  
  Case Three: Digital Banking
&lt;/h2&gt;

&lt;p&gt;The third brief sharpened these lessons further, and it produced a couple of catches I initially missed.&lt;/p&gt;

&lt;p&gt;Onboarding data — KYC details, account information, name, and so on — was straightforwardly structured. KYC compliance documents, like uploaded driver's licenses and utility bills, were straightforwardly unstructured, headed for Blob Storage.&lt;/p&gt;

&lt;p&gt;Transactions and fraud detection logs followed the same pattern as the GPS data: structured, but at a volume best suited for Azure Cosmos DB rather than traditional SQL.&lt;/p&gt;

&lt;p&gt;The real twist came with the monthly account statements. Because I could picture my own bank statements — everything arranged in neat rows and columns — I figured this was structured data, destined for Azure SQL. That was wrong, or at least only half right. The underlying data is indeed structured. But once it's rendered into a PDF, it becomes a flattened file. Azure doesn't see rows and columns anymore — it just sees a file. That belongs in &lt;strong&gt;Azure Blob Storage&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;There was one more lesson from this case that's worth going back for: customer support chat transcripts. When a customer reaches out to support, they type free text and can attach screenshots. My first thought was: free text and screenshots, unstructured, Blob Storage. But I soon realized every message also carries metadata — a timestamp, a sender ID, an agent ID — which is structured, and lets you reference a specific query later by its unique identifier.&lt;/p&gt;

&lt;p&gt;So even though it initially looks like unstructured data, the fact that it carries structured metadata makes it more accurately semi-structured, best handled with Cosmos DB. And in real systems, it's quite possible that the metadata alone lives in Cosmos DB or Table Storage, while the raw content — the free text and screenshots — lives separately in Blob Storage.&lt;/p&gt;

&lt;h2&gt;
  
  
  Three Takeaways
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Ask whether you're looking at a raw input or a rendered output.&lt;/strong&gt; A rendered output, like a PDF, can carry fully structured data underneath but still count as a flattened, unstructured file once it's generated.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;High volume and velocity can push structured data into NoSQL territory&lt;/strong&gt; — not because the data changes shape, but because the architecture needs to handle the load differently.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Real-world data can be layered.&lt;/strong&gt; As with the support chat example, structured metadata and unstructured content can — and often should — live across multiple Azure services rather than being forced into one.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;For one who has done cloud engineering for many years, this might not seem like such a big deal. But for somebody a few months into a full career transition, working through real-life scenarios and real-life decisions in a low-stakes, case-based way is actually something I'm starting to enjoy. It's helping me build capacity, confidence, and systems-level thinking.&lt;/p&gt;

&lt;p&gt;So more case studies to follow, hopefully more mistakes along the way as well, as I keep building toward being an effective cloud engineer.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>beginners</category>
      <category>learning</category>
      <category>cloudengineering</category>
    </item>
    <item>
      <title>A Lesson in Role Based Access Control (RBAC)</title>
      <dc:creator>Richard</dc:creator>
      <pubDate>Thu, 28 May 2026 14:14:15 +0000</pubDate>
      <link>https://dev.to/richyy/a-lesson-in-role-based-access-control-rbac-5f58</link>
      <guid>https://dev.to/richyy/a-lesson-in-role-based-access-control-rbac-5f58</guid>
      <description>&lt;p&gt;From my previous post on Azure Architecture and Identity Access Management, you would recall the intern who accidentally deleted the entire production database just before the weekend rush. Well, meet John Brown.&lt;br&gt;
A few weeks after accidentally deleting production resources, intern John Brown found himself back in the office conference room — this time, not for disciplinary action, but for remediation.&lt;/p&gt;

&lt;p&gt;The plan was simple,&lt;br&gt;
Give John Brown his own user account as a new intake employee following "the incident "&lt;/p&gt;

&lt;p&gt;How was this done?&lt;/p&gt;

&lt;p&gt;TASK 1: CREATING A NEW USER&lt;br&gt;
Type "Microsoft Entra ID" in the searchbox&lt;br&gt;
Click on "Microsoft Entra ID"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3wvdzvu6mahj8vdpyz7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3wvdzvu6mahj8vdpyz7.png" alt=" " width="799" height="370"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;In the Default Directory | Overview window, Click on "Add" then "User" then "Create New User"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F794e6uh9rp6kvt7ikf6x.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F794e6uh9rp6kvt7ikf6x.png" alt=" " width="800" height="367"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Next, we fill out John's details as follows:&lt;br&gt;
User Principal name: John&lt;br&gt;
Display name: John Brown&lt;br&gt;
Password: JBrown26 (or can autogenerate)&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7hhqca0saab194wuipbt.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7hhqca0saab194wuipbt.png" alt=" " width="799" height="356"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click on "Review+Create"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcrgueyqjxm1v4rxqump9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcrgueyqjxm1v4rxqump9.png" alt=" " width="800" height="361"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click on "Create"&lt;/p&gt;

&lt;p&gt;A prompt will appear that reads "Successfully created User, John Brown"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhw2b61gv5is8equlcja9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhw2b61gv5is8equlcja9.png" alt=" " width="799" height="363"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;John Brown is now a recognized User with a unique Azure identity.&lt;/p&gt;

&lt;p&gt;TASK 2: SIGNING INTO THE NEWLY CREATED USER ACCOUNT&lt;br&gt;
As before, type "Microsoft Entra ID" in the search box to open the "Default Directory | Overview" window&lt;br&gt;
Click on "Users" then "All Users"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsrlf8tyxbrw82lhuny4f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsrlf8tyxbrw82lhuny4f.png" alt=" " width="800" height="364"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4ykvio1y4h0o9fm70wfc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4ykvio1y4h0o9fm70wfc.png" alt=" " width="800" height="365"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The arrow shows John Brown as a new profile&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcvl1ncz42h4nsoia3zvt.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcvl1ncz42h4nsoia3zvt.png" alt=" " width="800" height="365"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Excited, John Brown attempts to log into his account&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d4ohh99pdf4v37can4f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d4ohh99pdf4v37can4f.png" alt=" " width="799" height="363"&gt;&lt;/a&gt;&lt;br&gt;
Username: &lt;a href="mailto:John@richardochuksgmail.onmicrosoft.com"&gt;John@richardochuksgmail.onmicrosoft.com&lt;/a&gt;&lt;br&gt;
Current Password: JBrown26&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2adeo5b4iai8g2jm47ox.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2adeo5b4iai8g2jm47ox.png" alt=" " width="800" height="366"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Next, follow the prompts&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5roemvg3uozc88usorp0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5roemvg3uozc88usorp0.png" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8wvl9s6ofofcwsnag55.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8wvl9s6ofofcwsnag55.png" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9pznptazgpxdimypp5bp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9pznptazgpxdimypp5bp.png" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcae907be83g845kv9w4x.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcae907be83g845kv9w4x.png" alt=" " width="800" height="368"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Now, our intern John Brown is logged into his Microsoft Azure account&lt;br&gt;
He immediately attempts to fiddle with the new platform by creating a Resource group&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd977hnaszz0kor2mqkv6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd977hnaszz0kor2mqkv6.png" alt=" " width="800" height="360"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm8wrm0ntvl2aiqhznk4c.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm8wrm0ntvl2aiqhznk4c.png" alt=" " width="800" height="364"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Oops! Error message&lt;/p&gt;

&lt;p&gt;At this point, John existed in the organization’s identity directory, but had no administrative authority yet. This demonstrated an important distinction: Authentication isn't Authorization.&lt;/p&gt;

&lt;p&gt;Feeling a little redundant, John approached Richard, the company's Cloud Engineer with his concerns. "Don't worry", Richard said, as he proceeded to grant John administrative access. "Such a well mannered guy, he thought...perhaps a Global Administrator role?....that'll make him the envy of his friends"&lt;/p&gt;

&lt;p&gt;PS: From a security perspective, this is one of the most privileged roles available in Microsoft Entra ID.&lt;/p&gt;

&lt;p&gt;How was it done?&lt;/p&gt;

&lt;p&gt;TASK 3: GRANTING THE NEW USER GLOBAL ADMINISTRATOR ACCESS&lt;/p&gt;

&lt;p&gt;Richard with Username : richardochuksgmail.onmicrosoft.com logs back into Microsoft Azure&lt;br&gt;
He types "Microsoft Entra ID" in the search box on Azure, clicks on "All Users", selects "John Brown" and clicks on "Assigned roles"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvsxhmtf7dxmcxoxuikjk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvsxhmtf7dxmcxoxuikjk.png" alt=" " width="799" height="347"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F437xcikfrre3a7mo8uv2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F437xcikfrre3a7mo8uv2.png" alt=" " width="800" height="363"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Next, "Add Assignments" then selects "Global Administrator"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgq3hiqddsk9514pleh38.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgq3hiqddsk9514pleh38.png" alt=" " width="800" height="365"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqbprs1et3terhdb531m5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqbprs1et3terhdb531m5.png" alt=" " width="800" height="362"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;And voila! John Brown is now courtesy of Richard, a Global Administrator.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzvbxgpfpsdq2abv31mwc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzvbxgpfpsdq2abv31mwc.png" alt=" " width="799" height="369"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;He informs John, who then attempts to test his newly assigned role.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffuk72r0ix0jp0dcevxt5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffuk72r0ix0jp0dcevxt5.png" alt=" " width="799" height="365"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Unfortunately, that’s where things started going wrong.&lt;/p&gt;

&lt;p&gt;TASK 4: THE NEW USER (JOHN BROWN) CREATES ANOTHER USER&lt;/p&gt;

&lt;p&gt;Rather than directing new employee Peter Parker to the cloud engineering team, John decided to “save everyone time.” Using his elevated privileges, he created another user account for his friend directly inside Entra ID. &lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc9gfs350k5ck5n6xqy9n.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc9gfs350k5ck5n6xqy9n.png" alt=" " width="800" height="389"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Figyspcufpc24n3irujts.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Figyspcufpc24n3irujts.png" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;At first glance, it looked harmless but the cloud engineer immediately recognized the risk: if one intern could create identities freely, nothing stopped him from onboarding every colleague, assigning unauthorized permissions, or accidentally exposing company resources again. The issue was no longer identity creation. It was authorization control.&lt;/p&gt;

&lt;p&gt;TASK 5: REVOKING THE GLOBAL ADMINISTRATOR ACCESS FROM THE FIRST USER'S ACCOUNT (John Brown)&lt;/p&gt;

&lt;p&gt;Richard logs into his Account again, clicks on "Users" then "All Users"&lt;/p&gt;

&lt;p&gt;Selects John Brown's profile then "Assigned roles"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsr6gmprizsqqmeujgqi7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsr6gmprizsqqmeujgqi7.png" alt=" " width="799" height="363"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp78t13qyqp7hc4g38thy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp78t13qyqp7hc4g38thy.png" alt=" " width="800" height="363"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Checks the "Global Administrator" option then clicks "Remove assignments"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw4gdsyz1nw9q2ya6njy3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw4gdsyz1nw9q2ya6njy3.png" alt=" " width="800" height="364"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ymmfrkjmqrfxpmvwboa.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ymmfrkjmqrfxpmvwboa.png" alt=" " width="800" height="364"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Using RBAC Principles, the cloud engineer removed John’s privileged role assignment and replaced it with a lower-privileged role aligned with his actual responsibilities. This followed the Principle of Least Privilege where users only receive the minimum access required to perform their tasks. Instead of permanent administrative access, onboarding responsibilities were returned to authorized IT personnel. In summary, balance was once again restored in the land of Richard Inc.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>cloudcomputing</category>
      <category>azurerbac</category>
      <category>cloud</category>
    </item>
    <item>
      <title>Let's talk a bit about Azure Architecture and Identity Access Management</title>
      <dc:creator>Richard</dc:creator>
      <pubDate>Sun, 24 May 2026 12:32:32 +0000</pubDate>
      <link>https://dev.to/richyy/lets-talk-a-bit-about-azure-architecture-and-identity-access-management-445l</link>
      <guid>https://dev.to/richyy/lets-talk-a-bit-about-azure-architecture-and-identity-access-management-445l</guid>
      <description>&lt;p&gt;If you read my previous post, you might remember Richard Inc., our beloved (though make-believe) Nigerian food delivery startup that recently made it to the cloud. Well, status update: business is booming! Orders are now coming in from all over the country, the app is running smoothly, customers are happy, and Richard (the founder in this story) has hired 200 staff. This includes a few developers writing code, a few managers approving budgets, interns doing God-knows-what, and maybe automated robots handling food deliveries outside daylight hours. Now every single one of these people (except maybe the robots) need access to the company's cloud resources on Azure.&lt;/p&gt;

&lt;p&gt;To provide access as quickly as possible, he provided a master login — one username, one password. Once logged in, he figured all members could then navigate the platform. Big mistake! Just 3 days after this, an overexcited intern, thinking he was in the test environment, accidentally deletes the entire production database on a Friday at 4:55 p.m., just before the weekend rush! Richard nearly had a stroke! It is to prevent strokes for founders like Richard that Azure has an entire system built around who you are, what you are allowed to touch, and how far that permission reaches — kind of like a well-run company organizational chart.&lt;/p&gt;

&lt;p&gt;At the top are Management Groups, kinda like Richard Inc.'s business divisions — one division handling deliveries, another for acquiring groceries, another perhaps handling the logistics of expansion. Policies and permissions set at this level can be inherited by everything underneath.&lt;/p&gt;

&lt;p&gt;Below Management Groups are Subscriptions, almost like departments within the business divisions. Subscriptions in Microsoft Azure are essentially containers within which most cloud resources are created and managed. Also, because they tie resource usage to a billing account, when assigned to departments within the divisions of Richard Inc., each department gets its own invoice, providing cost visibility (a neat business trick very useful in planning).&lt;/p&gt;

&lt;p&gt;Next are Resource Groups, kinda like project folders within which the actual cloud tools live: logical containers that organize related cloud resources together — Virtual Machines (cloud computers running Richard Inc.'s software), Databases (storing every order, every customer, every delivery record), Storage Accounts (holding receipts, images, invoices), and Load Balancers (which distribute incoming traffic across multiple backend servers or computing resources so that no single server bears a disproportionate share of the workload — like traffic wardens making sure that when ten thousand people order "jollof rice" at the same time, no single server has a breakdown).&lt;/p&gt;

&lt;p&gt;Now, how do we solve the intern problem? Simple! Microsoft Entra ID (formerly called Azure Active Directory/Azure AD). Microsoft Entra ID is essentially like a smart staff register and assigns identities in four ways — User Identities, Groups, Service Principals, and Managed Identities. Identities assigned to real people such as Richard the founder, his developers, managers, and yes, the intern, are User Identities. If there are maybe 50 developers requiring permission, creating individual user identities can be exhausting. One way around this is putting everyone involved in a Group and assigning permissions to the group that every identity within the group instantly inherits. Once permissions are assigned to the group, every member of that group inherits those permissions automatically. Service Principals and Managed Identities are slightly more technical (we'll talk about these another time).&lt;/p&gt;

&lt;p&gt;All identities and access rules for Richard Inc exist inside a dedicated private identity space in Microsoft cloud called Azure Entra Tenant associated with one or more unique addresses/domains &lt;/p&gt;

&lt;p&gt;Now, what happens when a User attempts to log in? First, Authentication — basically the bouncer at the door who checks if you are actually who you say you are. To prove your identity, you provide a username, password, and even multi-factor authentication (where you also have to confirm via your phone or a secondary device).&lt;/p&gt;

&lt;p&gt;Next is Authorisation, where Azure decides, "Okay, we know it's you — but what rooms are you allowed to enter?" The single most important safeguard that would have prevented the intern from deleting production files.&lt;/p&gt;

&lt;p&gt;Still, this is a lot! How does Azure handle authorizations for, say, 10,000 employees? Yikes! The poor Cloud Engineer, huh? Lol, not quite.&lt;/p&gt;

&lt;p&gt;Using something called Role-Based Access Control, or RBAC, authorizations can be done at scale — not by writing a custom set of rules per individual, but by assigning roles to individuals, each role coming with a predefined set of powers.&lt;/p&gt;

&lt;p&gt;For this Role-Based Access Control model, there are four roles worth knowing: Owner, Contributor, Reader, and User Access Administrator. The Owner can do everything — create, delete, modify, and hand out permissions to others. This is Richard himself (the founder), or maybe his Chief Technology Officer. Contributors can build and manage resources but cannot grant permissions to anyone else, e.g., senior developers. The Reader can see everything and touch absolutely nothing. Perfect for an investor who wants visibility or a compliance auditor reviewing the system. And then there's the User Access Administrator, who can only manage permissions — can't create a single resource, just handles who has access to what. Great for an operations manager who onboards and offboards staff regularly.&lt;/p&gt;

&lt;p&gt;In all of these roles, however, one golden rule applies — Least Privilege, which essentially means: "Give every person and every system the minimum access needed to do the specific job, nothing more."&lt;/p&gt;

&lt;p&gt;Another important idea in Azure RBAC is Scope. Beyond the assigned Role, how widely does it apply? The wider the scope, the more powerful the role. A Contributor at Management Group level can touch everything in every department. A Contributor at Resource Group level can only touch one project folder. Same role, very different levels of power.&lt;/p&gt;

&lt;p&gt;Oh, by the way, the intern was reassigned to Reader access only. He's doing great!&lt;/p&gt;

</description>
      <category>learning</category>
      <category>azure</category>
      <category>cloud</category>
    </item>
    <item>
      <title>Today I finally understood what cloud computing actually means</title>
      <dc:creator>Richard</dc:creator>
      <pubDate>Mon, 18 May 2026 15:27:54 +0000</pubDate>
      <link>https://dev.to/richyy/today-i-finally-understood-what-cloud-computing-actually-means-4m03</link>
      <guid>https://dev.to/richyy/today-i-finally-understood-what-cloud-computing-actually-means-4m03</guid>
      <description>&lt;p&gt;The "Swapped" animated movie was such an interesting watch on Netflix. Lovely graphics, great humor, with a reminder of the powerful bonds of friendship and family. It had it all! All this was thanks to a series of powerful computers housed in data centers delivering computing services over thousands of miles. The power of the cloud moved Netflix from a DVD rental service by mail to a leading global platform offering a vast selection of movies, TV shows, documentaries, and even games through its streaming service.&lt;/p&gt;

&lt;p&gt;As far back as 2005, a Nigerian company trying to launch a website would spend millions buying expensive servers, renting server rooms, providing constant power, installing cooling systems, hiring a full IT team to babysit processes 24/7, and paying for security — all before writing a single line of code. Now, the same company can rent all these resources over the internet through a subscription, without the burden of infrastructure, space, or personnel, and have full freedom to specify computing needs (service models) and who has access to these platforms (deployment models)!&lt;/p&gt;

&lt;p&gt;Imagine the same Nigerian company — say Richard Inc. (lol) — against all odds, gets running and does very well in the market, providing, say, food delivery services online. A good business day also brings with it huge strains on limited internal servers and suddenly, crash! The server goes dark. For a new business, this could be catastrophic, and new customers, after just a few minutes of service timeout, may swivel into the waiting arms of the competition. With cloud computing, a good business day can stay a blessing, with servers scaled up to match rising demand and customers none the wiser.&lt;/p&gt;

&lt;p&gt;What if something happens to these computers? We know systems fail and natural disasters happen. Is Richard Inc. or Netflix just one catastrophe (flood, fire outbreak, etc.) away from going dark? While for traditional data centers this might be the end of operations, cloud services transcend these hurdles with the principle of redundancy. Data redundancy means copies of essential company data can be stored in multiple places locally within a data center, in multiple sites in a region called availability zones, and even across regions in different geographical locations! This redundancy also cuts across power supply grids, with primary grid power giving way to instant battery backup, generator power, multiple grid connections, and even renewable energy backups in sequence to ensure no power outage — not even for a millisecond.&lt;/p&gt;

&lt;p&gt;The powerful system of the cloud suddenly opens up doors for small businesses to competitively thrive globally where this would otherwise not be possible. To soar in the global space, one must reach for the cloud! (Haha, see what I did there?)&lt;/p&gt;

</description>
      <category>cloud</category>
      <category>cloudcomputing</category>
      <category>beginners</category>
      <category>azure</category>
    </item>
  </channel>
</rss>
