Managing Kubernetes Secrets using Azure Key Vault, External Secrets Operator and Terraform
When deploying applications on Kubernetes, securely managing secrets is essential.In this post, I will show how to integrate the External Secrets Operator (ESO) with an AKS cluster and Azure Key Vault, with a strong emphasis on automation using Terraform. Why Choose External Secrets Operator (ESO) over the Azure Key Vault CSI Driver? ✅Ideal for hybrid…
AIOps: Host Your Own DeepSeek-R1 Instance with Azure AI Foundry – A Glimpse Behind the Scenes
When you create your first project in Azure AI Foundry (https://ai.azure.com), you get a resource group deployed within your Azure subscription containing the following resources: Froom within Azure AI Foundry, you can easily search for and deploy the DeepSeek-R1 model, or any other model of your choice. Upon successful deployment, a new hidden resource of…
MLOps: deploy Azure ML Models to Azure Kubernetes Service (AKS)
In this article I’ll walk through an end-to-end process of deploying a model from Azure Machine Learning (Azure ML) to Azure Kubernetes Service (AKS), using Docker and Azure Container Registry (ACR). Prerequisites Workflow Overview Step 1: Export the Model from Azure ML Train and Register Your Model Download the Registered Model Step 2: Create a…
Azure Container Apps: unique container image tags with GitHub Actions and Terraform using the latest tag trick
In the world of DevOps and containerization, choosing the right strategies for deploying and managing container images is crucial. One common best practice is to use unique tags for container images, typically tied to a specific commit SHA, rather than a stable tag like “latest.” This approach ensures traceability and helps in avoiding unintended changes…
Terraform: Acquiring state lock. This may take a few moments…
We use Terraform and Azure DevOps pipelines to deploy our Azure infrastructure. Every now and then, apparently out of nowhere – could be due to several pipelines running in parallel or an unexpected job stop – the terraform plan remains stuck in the phase of “Acquiring state lock. This may take a few moments…” :…
Azure DevOps pipeline for Angular config.json – build once and deploy to multiple environments
Angular comes with a mechanism for creating environment specific builds using environment.ts files. This works well, but the downside is that you’ll need to build the code for each environment. Five environments mean five builds. And if the hosting environment changes, the code needs to be rebuilt. There is another smart option that uses a…
Developing Solutions for Microsoft Azure: AZ-204 replaces AZ-203. These are the differences.
Exam AZ-204 replaced AZ-203 for the Associate certification Developing Solutions for Microsoft Azure. While there is a lot of overlap, there are changes in the skills measured. This article outlines the differences in the skills measured and is based on the official Microsoft release. For learning materials and other Azure exams see my article Learn…
Microsoft exams – 3 tips to deduct the right answer that you will not find in any book
Microsoft exams are difficult. There are sometimes questions which people with many years of experience cannot answer. Over the years I took many exams and have developed some tactics that helped me to deduct the right answers. 1. Learn about latest products / capabilities / features Microsoft loves their products. They promote them wherever they…
Azure DevOps: pass a Personal Access Token (PAT) in Azure CI/CD pipelines
In Azure DevOps you can use personal access tokens (PAT) as an alternate form of user authentication. PATs are helpful for tools integrated with Azure DevOps where you cannot use Azure Active Directory authentication. To create a personal access token sign in to Azure DevOps and from the User Settings select Personal access tokens. Select…
Azure DevOps: how to manage CI/CD variable groups using PowerShell
Variable groups in Azure DevOps allow you to manage variables in a single place and share them across multiple CI/CD pipelines. Variable groups are defined and managed in the Library page under Pipelines (see the picture above). Creating a variable group Variable groups can be created from the Portal or the Azure DevOps CLI, according…
PowerApps: 25 min to create a Crisis Communication app for your company
In line with the latest events, Microsoft released a Crisis Communication Solution available on GitHub here . The solution is based on Power Apps, Flow, SharePoint Online and Teams. Step-by-step instructions: https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/sample-crisis-communication-app
Azure DevOps: ARM template for KeyVault Connection for Logic Apps
In Logic Apps you can create a connector to an Azure KeyVault and connect in two ways: connect with service principal connect with sign in Connect with Service Principal To connect with a service principal, you need to specify a connection name, vault name, tenantId, clientId and clientSecret from a registered app in Azure Active…
Learn Azure and get the certifications in 5 steps
Willing to learn Azure? Thinking about taking an Azure certification? You can reach your goal in these 5 steps: Start with exploring the list with certifications and learning activities. Go through the Microsoft trainings and read the exam reference book (where available). Go through the Udemy / Pluralsight online courses. Practice all learning in Azure*…
Trouble signing in & AADSTS50011 The reply URL specified in the request does not match the reply URLs configured for the application
I have seen the error message reply URL specified in the request does not match the reply URLs configured for the application so many times and the solution is in most of the cases straight forwards. Issue When you authenticate in an application that is integrated with Azure Active Directory, you get the error message:…
Azure DevOps: ARM template for SendGrid API Connection for Logic Apps
I had to automate some Logic Apps deployments containing a SendGrid API connection. Since I couldn’t find a ready to use ARM template for the SendGrid API connection, I did reverse engineering to generate the JSON. Here is the ARM template for the SendGrid Connector: API Connections are used to connect Logic Apps or Azure…
Azure Private Link – a new feature for Enhanced Security
Azure is getting even more secure through the release of the Azure Private Link. Azure Private Link provides private connectivity from a virtual network to Azure services, customer-owned or Microsoft partners services. This means you can for example consume services like storages, databases, etc. within a VNet, without exposing the data to the Internet. All…
Azure DevOps: Cosmos DB MongoError document does not contain shard key
When creating documents in Azure Cosmos databases for MongoDB API you might get the error message MongoError: document does not contain shard key. The issue occurs for partitioned collections that have been created via the Azure CLI, because of the way the partitionKey path is being stored in the collection settings. Reproduction steps 1. From…
Azure DevOps: list all collections from all Azure Cosmos DB accounts
While creating an Azure Pipeline to backup all Azure Cosmos databases in a subscription, I had to list all collections from all databases. For that I wrote a script. Feel free to adapt it in order to meet your needs! Enjoy!
Azure DevOps: white list Azure Pipeline IP in Cosmos database firewall. How to add the Azure DevOps Hosted Agent IP address to a Cosmos database firewall.
I am currently doing the Azure backup strategy for one of our customers. While Azure takes regular backups of the Cosmos databases, in case of an application failure that would corrupt the data, they would not help. Because Azure would back up the already corrupted data. The solution is to store our own backups. We…
Microsoft Azure Portal App for Windows, iPhone and Android
Microsoft has released a preview version of the Azure Portal app for Windows. I used it for some time now and it works quite well. You get rid of the browser, while the functionalities remain the same as in the Azure portal. Download for Windows: https://portal.azure.com/App/Download When on the go, I recommend the Microsoft Azure…
Azure Serverless Architectures: host a static website in Azure Storage
Azure Storage v2 accounts allow you to serve static content (HTML, CSS, JavaScript, and image files) directly from a storage container named $web. Taking advantage of hosting in Azure Storage allows you to use serverless architectures including Azure Functions and other PaaS services. When you enable static website hosting on your storage account, you select the name of…
How to create a Dynamics 365 trial tenant
It takes you 8 minutes to create an Dynamics 365 tenant for testing purposes. Here is how you can do it. First create an Office 365 trial tenant as described in my blog post https://ranari.com/2019/03/12/how-to-create-an-office-365-trial-tenant/ Browse to the Office 365 Admin Center at https://admin.microsoft.com Go to the Billing > Subscriptions page. Search for your preferred Dynamics 365 suite, in our case…
How to create an Office 365 trial tenant
It takes you 5 minutes to create an Office 365 tenant for testing purposes. Here is how you can do it. Browse to https://products.office.com/en-us/business/compare-more-office-365-for-business-plans Scroll to the bottom of the page and click on more details. Click “Try for free” in the Enterprise E3 or E5 column. Fill in your contact data and click Next:…
Create Azure Cosmos Databases programmatically using ARM templates and PowerShell
I have recently deployed tens of Azure resources programmatically. While most of the Azure resources and settings you can define in the ARM templates in JSON format, there are scenarios where you need to benefit from the power of PowerShell and the Azure CLI. In this article I will demonstrate how to deploy an Azure…
Office 365: SharePoint classic lists and libraries shifted automatically to modern as a result of tenant opt-out starting April 2019
Starting April 1, 2019, it will no longer be possible to restrict an entire organization (tenant) to classic mode for lists and libraries. Lists and libraries may still use classic mode using the granular opt-out switches that we provide at the site collection, site, list, and library levels. Additionally, lists that use certain features and…
Office 365 MCSA certification is being retired end of March 2019
Following exams which are the prerequisite for the MCSA Office 365 certification are being retired end of March 2019: 70-346: Managing Office 365 Identities and Requirements 70-347: Enabling Office 365 Services Microsoft 365 Enterprise Administrator is the new certification whose content is even broader covering all the elements of Microsoft 365 and how they work…
O365 News: Security & Compliance Center is getting replaced
Office 365 Security & Compliance Center is getting replaced by 2 new sites: Microsoft 365 security center https://security.microsoft.com Microsoft 365 compliance center https://compliance.microsoft.com The administrator experience will change, but this won’t impact your current security and compliance configurations. The rollout happens February through March 2019.
Office 365 security: 3DES cipher comes to it’s end on February 28, 2019
As part of Microsoft’s plan to move all online services to TLS 1.2, they are retiring 3DES beginning February 28, 2019. As a result, connections using the ciper 3DES will not work. You can get an overview of your TLS 1.0/1.1 and 3DES usage in Office 365’s Secure Score at http://securescore.microsoft.com Remember that TLS 1.0 and…
Office 365 will remove support for TLS 1.0 and TLS 1.1 starting October 31, 2018
As of October 31, 2018, Microsoft Office 365 will remove support for TLS 1.0 and 1.1. This means that if you have issues connecting to Office 365 services because of weaker protocols, no support tickets would be generated. By October 31, 2018, all client-server and browser-server combinations should use TLS version 1.2 (or a later…
Office 365 – design your local network to improve performance
Optimizing Office 365 network performance comes down to removing unnecessary impediments. User data and processing in Office 365 is distributed between many Microsoft datacenters. There is no single network endpoint to which client machines can connect. Services are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they are…
Office 365: 10 hands on tips for a successful migration
These are my top 10 tips and learnings made by leading Office 365 migration projects: 1. Plan your User Identities Identities are everything in Office 365. Spend more time on planning the identities than on any other service. While for SharePoint/Exchange/Skype/etc. you will be able to do some changes during the migration, if you need to…
Configure folder redirection to OneDrive. Sync your Desktop, Documents and Favorites folders to the cloud.
In a recent customer project, we have redirected the user’s personal Desktop, Documents and Favorites folders to the cloud using OneDrive. Users can get to their files from anywhere and the files are safe in OneDrive if anything happens to the devices. Configure folder redirection in 3 steps The configuration requires 3 steps: Prevent users…
Getting Facebook adds from a site you just visited? Facebook Pixel
I keep seeing adds on Facebook from an online shopping site that I just visited. Does this sound familiar? It happens to me all the time. The feature that makes this possible is called Facebook Pixel. By placing Facebook Pixel Code on the header of your website, when someone visits your site and takes an…
Office 365 admin roles
I see confusion when it comes to Office 365 administrator roles. Let’s make things clear! There are following types of admin roles for Office 365: Administrator type Functions global can do and has access to everything billing makes purchases, manages subscriptions, manages support tickets, and monitors service health password can only reset user passwords…
Share a new WordPress blog post to Facebook newsfeed automatically with Microsoft Flow
Whenever you publish a new blog post on WordPress, the good news can be automatically shared on your Facebook timeline. With Microsoft Flow, part of the Office 365 suite. Here is how: 1. Your Microsoft Flow needs to authenticate to WordPress and Facebook. Create connections for each account. a. Login on the Office 365 portal.…
Track Facebook posts with Microsoft SharePoint and Microsoft Flow
Recently, a new cloud service for automating workflows between different apps and services was released – Microsoft Flow. You can get notifications, synchronize files, collect data and more, and have plenty of services that you can to choose from. Many times we were asked for an easy-to-use tool to track the company’s Facebook timeline. If Office…
Follow My Blog
Get new content delivered directly to your inbox.
Radu Narita 