Concepts on justinverstijnen.nl

Azure Master Class

Thu, 17 Oct 2024 00:00:00 +0000

Introduction to this Azure Master Class

Hey there! This is a collection of pages with overall information for Microsoft Azure. A while ago (2023) I followed the Azure Master Class course of John Savill, and done some extra research into some of the components of Azure. I wrote those things down to learn from it and have some documentation. Firstly, this was for personal use but after founding this website and blog I decided to rework it and publish all the information because I think it can be very helpful.

I tested Azure Virtual Desktop RemoteAppV2

Wed, 25 Mar 2026 00:00:00 +0000

Microsoft announced RemoteAppV2 under some pretty enhancements on top of the older RemoteApp engine. This newer version has some improvements like:

Better multi monitor support
Better resizing/window experience
Visuals like window shadows

I cannot really show this in pictures, but if you test V2 alongside V1, you definitely notice these small visual enhancements. However, a wanted feature called “drag-and-drop” is still not possible on V2.

Source: https://learn.microsoft.com/en-us/azure/virtual-desktop/remoteapp-enhancements

How to enable RemoteAppV2

To enable RemoteAppV2, you need to set a registry key as long as the preview is running. Make sure you are compliant with the requirements as described on this page (client + hosts):

Getting started with GitHub Pages

Thu, 19 Mar 2026 00:00:00 +0000

Requirements

A GitHub account (free)
A domain name for your website, or you can use the default domain name of GitHub
- youraccount.github.io
A template website to upload to your domain name
Some basic knowledge about websites and DNS

What is GitHub Pages?

GitHub Pages allows you to host a static website directly from a GitHub repository. This can be done without managing a server, infrastructure, or hosting provider. The only thing you do is create a repository, upload a website, and optionally connect it to a domain name of your choice. We can compare this to Azure Static Web Apps if you are familiar with that.

How to properly secure Break Glass Accounts in your Entra ID

Sun, 01 Mar 2026 00:00:00 +0000

List of recommendations

The list of recommendations which I will describe further:

Have at least 2 accounts
Have the accounts cloud only -> not synced from Active Directory
Use the .onmicrosoft.com domain and no license
Exclude from all Conditional Access policies
Do not use licenses on Administrator accounts
Passwords must be at least 64 and max 256 characters
Avoid “break glass admin” or any tip to a high privileged account
Register FIDO2 key for the account
Setup Monitoring for login alerts
Test the accounts twice per year

1: Have at least 2 accounts with Global Administrator permissions

Very important to have at least 2 accounts (with a maximum of 4) with Global Administrator permissions. Most of the time, we will limit the amount of privileges but we need to have at least 2 accounts with those permissions.

Everything you need to know about Azure Bastion

Sun, 15 Feb 2026 00:00:00 +0000

How does Azure Bastion work?

Azure Bastion is a serverless instance you deploy in your Azure virtual network. It resides there waiting for users to connect with it. It acts like a Jump-server, a secured server from where an administrative user connects to another server.

The process of it looks like this:

A user can choose to connect from the Azure Portal to Azure Bastion and from there to the destination server or use a native client, which can be:

What is MTA-STS and how to use it to protect your email flow

Thu, 08 Jan 2026 00:00:00 +0000

Requirements

Around 30 minutes of your time
Access to your domains’ DNS hosting to create DNS records
An Azure Subscription if you want to publish your policy with a Static Web App
- A Github account if you use this option
An Azure Subscription if you want to publish your policy with a Function App
Basic knowledge of DNS records
Basic knowledge of Email security

MTA-STS versus SMTP DANE

MTA-STS overlaps with the newer SMTP DANE option, and they both help securing your email flow but each in its own manner. Some differences:

Azure Virtual Desktop RDP Properties

Thu, 27 Nov 2025 00:00:00 +0000

What are RDP properties?

RDP properties are specific settings to change your RDP experience. This can be to play sound on the remote or local PC, enable or disable printer redirection, enable or disable clipboard between computers and what to do if connection is lost.

In the previous years, this was also the case for normal RDP files or connections to Remote Desktop Services, but Azure Virtual Desktop brings this to a nice and centralized system which we can change to our and our users’ preference.

Azure Compute Gallery and (AVD) VM images

Thu, 09 Oct 2025 00:00:00 +0000

Azure Compute Gallery is a great service in Azure to store, capture and maintain your VM images. This can be helpful when deploying multiple similar VMs. Use cases of this can be VM Scale Sets, webservers , containers or Azure Virtual Desktop session hosts.

In this blog post, I will tell more about Azure Compute Gallery, how to use it when imaging VMs and how it can help you storing and maintaining images for your VMs.

New: Azure Service Groups

Mon, 01 Sep 2025 00:00:00 +0000

What are these new Service Groups in Azure?

Service Groups are a parralel type of group to group resources and separate permissions to them. In this manner we can assign multiple resources of different resource groups and put them into a overshadowing Service Group to apply permissions. This eliminates the need to move resources into specific resource groups with all broken links that comes with it.

This looks like this:

Using FSLogix App Masking to hide applications on Virtual Desktops

Thu, 31 Jul 2025 00:00:00 +0000

Requirements

Around 45 minutes of your time
An environment with Active Directory and separate client machine with FSLogix pre-installed
Basic knowledge of Active Directory
Basic knowledge of Windows and FSLogix

What is FSLogix App Masking?

FSLogix App Masking is an extra feature of the FSLogix solution. FSLogix itself is a profile container solution which is widely used in virtual desktop environments where users can login on any computer and the profile is fetched of a shared location. This eliminates local profiles and a universal experience on any host.

Use Ephemeral OS Disks in Azure

Thu, 24 Jul 2025 00:00:00 +0000

Requirements

Around 25 minutes of your time
An Azure subscription (if wanting to deploy)
Basic knowledge of Azure
Basic knowledge of servers and infrastructure

What are Ephemeral OS Disks?

Ephemeral OS Disks are disks in Azure where the data is stored directly on the hypervisor itself, rather than having a managed disk which could be resided at the very other end of a datacenter. Every cable and step between the disk and the virtual machine creates latency which will result in your machine being slower.

Implement Certificate-based authentication for Entra ID scripts

Sun, 13 Jul 2025 00:00:00 +0000

Requirements

Around 20 minutes of your time
An Entra ID environment if you want to test this
A prepared Entra ID app registration
A server or workstation running Windows to do the connection to Entra ID
Some basic knowledge about Entra ID and certificates

How does these certificates work?

Certificate based authentication means that we can authenticate ourselves to Entra ID using a certificate instead of user credentials or a password in plain text. When using some automated scripts it needs permissions to perform its actions but this means storing some sort of authentication. We don’t want to store our credentials on the server as this decreases our security and a potential risk of compromise.

What is Azure Firewall?

Thu, 03 Jul 2025 00:00:00 +0000

Requirements

Around 15 minutes of your time
Basic knowledge of Azure
Basic knowledge of networking and networking protocols

What is Azure Firewall?

Azure Firewall is an cloud based firewall to secure and your cloud networking environment. It acts as point of access, a sort of castledoor, and can allow or block certain traffic from the internet to your environment and from environment to the internet. The firewall can mostly work on layers 3, 4 and 7 of the OSI model.

Azure Default VM Outbound access deprecated

Thu, 19 Jun 2025 00:00:00 +0000

What does this new requirement mean?

This requirement means that every virtual machine in Azure created after 30 September 2025 needs to have an outbound connectivity method configured. You can see this as a “bring your own connection”.

If you do not configure one of these methods, you will end up with a virtual machine that is not reachable from the internet. It can be reached from other servers (Jump servers) on the internal network or by using Azure Bastion.

Enhance email security with SPF/DKIM/DMARC

Mon, 16 Jun 2025 00:00:00 +0000

Microsoft announced that starting from May 5, 2025: SPF, DKIM and DMARC will become mandatory for inbound email delivery. Not configuring all three can result in your emails not being delivered correctly.

These 3 techniques are:

SPF: Sender Policy Framework
DKIM: Domain Keys Identified Mail
DMARC: Domain-based Message Authentication Reporting and Conformance

When using Microsoft 365 as your messaging service, I also highly recommend to configure SMTP DANE. A detailed guide of configuring this can be found here: https://justinverstijnen.nl/configure-dnssec-and-smtp-dane-with-exchange-online-microsoft-365/

Microsoft Azure certifications for Developers

Wed, 11 Jun 2025 00:00:00 +0000

The certification poster

Microsoft has an monthly updating certification poster available to have an overview for each solution category and the certifications of that category. You can find the poster here:

Certification poster

Certification types

Certifications in the Microsoft world consist of 4 categories/levels:

Fundamentals: Foundational certifications to learn the overview of the category
Intermediate: Intermediate certification to learn how a solution works and to manage it
Expert: Expert certifications to learn to how to architect a solution
Specialties: These are add-ons designed for specific solutions like Azure Virtual Desktop, SAP workloads, Cosmos DB and such. (not included below)

Microsoft wants you to always have lower certifications before going up the stairs. It wants you if you take an expert certification, you also have the knowledge of the fundamentals and intermediate certification levels. Some expert certifications even have hard pre-requisites.

Introduction to Networks

Wed, 04 Jun 2025 00:00:00 +0000

Requirements

Some basic networking knowledge
Some basic subnetting knowledge
Around 20 minutes of your time

Introduction to Networking

Networking is the process of connecting devices to share data and resources. It allows communication between users over local or global distances. Networks can range from small home setups to large corporate infrastructures. Key components include routers, switches, and protocols that manage data traffic. Effective networking ensures reliable, secure, and efficient information exchange. As technology advances, networking plays a critical role in enabling digital communication worldwide.

Creating Static Web Apps on Azure the easy way

Thu, 29 May 2025 00:00:00 +0000

Requirements

Around 45 minutes of your time
An account for Github (recommended)
An Azure subscription to host your Static Web App
Some basic knowledge of Azure
A custom domain to link the web app to your domain

Introduction to Static Web Apps and Github

Before we dive into Static Web Apps and Github, I want to give a clear explaination of both the components that will help us achieving our goal, hosting a simple web app on Azure.

Create custom Azure Workbooks for detailed monitoring

Thu, 08 May 2025 00:00:00 +0000

Introduction

Azure Workbooks are a powerful way to build customizable dashboards for monitoring applications and infrastructure. They can combine multiple data sources such as:

Metrics
Log Analytics Workspaces
Visualizations

They are flexible enough for quick performance overviews or deep investigations.

Using Default Azure Workbooks

Many Azure resources include built-in workbook templates with basic health and performance insights.

Open your Virtual Machine.
Select Workbooks.
Choose Overview or another template.

Skrepr Tech CI - PowerShell

Thu, 24 Apr 2025 00:00:00 +0000

Dit is mijn Collective Intelligence voor mei 2025 over PowerShell. Ik ga hier wat leuke dingen over laten zien, zie de inhoud voor handige links naar de kopteksten.

Aan het einde heb ik nog een leuke praktijkopdracht waarin we een PowerShell module gaan installeren en uitvoeren.

Ik heb mijn best gedaan om de uitleg zo simpel maar duidelijk te geven, ook voor onze niet-technische mensen.

Wat is PowerShell?

Powershell is een shell en script taal en sinds Windows 8/Server 2012 de onderliggende CLI van Windows. Eigenlijk alles in de grafische interface van Windows wordt door Powershell verwerkt, zoals te zien in onderstaande afbeelding:

Storage Account performance and pricing for Azure Virtual Desktop

Sun, 20 Apr 2025 00:00:00 +0000

In this blog post I will explain everything about hosting your FSLogix profiles on Azure Virtual Desktop and the storage account performance including pricing. AFter that we will do some real world performance testing and a conclusion.

Billing types for Storage Accounts

Before looking into the details, we first want to decide which billing type we want to use for our Storage Account. There are two billing types for storage accounts:

Monitor and reduce carbon emissions (CO2) in Azure

Thu, 10 Apr 2025 00:00:00 +0000

Carbon Optimization dashboard

Azure offers several Carbon Optimization options to help organizations to monitor and reduce their CO₂ emissions and operate more sustainable. You can find this in the Azure Portal by searching for “Carbon optimizations”:

At this dashboard we can find some interesting information, like the total emissions from when your organization started using Azure services, emissions in the last month and the potential reductions that your organization can make.

Module 11: Infrastructure as Code & DevOps

Thu, 27 Mar 2025 00:00:00 +0000

In this module, we cover Azure: Infrastructure as Code (IaC) and DevOps. This module focuses more on development on Azure, with less emphasis on automation and IT management. While IaC and DevOps might seem less exciting at first, they are essential for modern cloud-based application development and operations, helping streamline deployments, ensure consistency, and integrate continuous delivery pipelines.

Azure Management Tools

There are multiple environments to manage Azure and its resources:

Module 10: Monitoring and Security

Thu, 20 Mar 2025 00:00:00 +0000

In this module, i want you to understand all the possibilities of Monitoring and some Security features of Microsoft Azure. We know that Security these days is a very hot topic and monitoring is not really unimportant either. Very valuable information for you, i hope :).

Azure Monitor

Azure Monitor is a service in Azure that enables monitoring. With it, you can monitor various resources and quickly identify potential issues during an outage. Azure Monitor supports almost all resources in Azure and can, for example, retrieve event logs and metrics from the guest operating system of virtual machines.

Module 9: Databases & AI

Thu, 13 Mar 2025 00:00:00 +0000

In this we will explore various possibilities of Databases and AI in Microsoft Azure.

Types of data and structures

Data in general can be stored in different ways for various purposes.

Relational: Relational data consists of rows and columns following a predefined schema. The schema is represented as a table, which is essentially a type of spreadsheet where the rows contain entities and the columns store properties. For example, in an online webshop, orders would be represented as rows (entities), while columns would contain data such as the order ID, customer address, timestamp, payment method, etc.
- Examples: SQL Server, MySQL, PostgreSQL
Non-relational: Non-relational data is less structured, such as a document or a JSON file. However, it is self-descriptive, meaning the file itself makes it clear how the data is stored.
- Examples: NoSQL, MongoDB, Gremlin, Cosmos DB
Unstructured: Unstructured data consists of various file types where the structure is not clearly defined.
- Examples:.docx, .xlsx, .jpg, .mp4 and other standalone files

Databases in Microsoft Azure

In Microsoft Azure, there are different ways to deploy a database where each type has it’s own charasteristics and requirements:

Module 8: Application Services and Containers

Thu, 06 Mar 2025 00:00:00 +0000

This module is about application services in Microsoft Azure. It mainly focuses on containers and containerized solutions but also explores other serverless solutions. These are solutions where, as a customer or consumer of Microsoft Azure, you do not need to manage a server.

Statefull vs. Stateless

We can categorize servers/VMs into two categories: Stateful and Stateless:

Stateful: Stateful servers are uniquely configured and have a specific role, for example:

Module 7: Virtual Machines and Scale Sets

Wed, 05 Mar 2025 00:00:00 +0000

This module explicitly covers virtual machines and virtual machines in combination with VMSS (Virtual Machine Scale Sets). Also we cover most of the VM family names, their breakdown, and advanced VM features.

Virtual Machines (VMs)

Virtual Machines are one of the most commonly used services in Microsoft Azure. This is because a customizable virtual machine allows for nearly unlimited possibilities, and most software requires a real desktop environment for installation.

Module 6: Networking in Microsoft Azure

Fri, 28 Feb 2025 00:00:00 +0000

In Module 6, we will explore all the possibilities of Azure regarding networking, VPNs, load balancing methods, proxies, and gateways. This chapter also covers most the topics and solutions included in the AZ-700 exam, the Azure Networking certification.

Check out the AZ-700 Azure Networking Certification at: https://learn.microsoft.com/en-us/credentials/certifications/azure-network-engineer-associate/?practice-assessment-type=certification

Introduction to generic Networking

A network is described as a group of devices who communicate with each other. In Microsoft Azure, we have to create and design networks for our resources to communicatie with each other. We only use TCP/IP networking, which works with IP addresses, DHCP, routing etcetera.

The Basics and Benefits of IPv6

Fri, 14 Feb 2025 00:00:00 +0000

Requirements

Around 15 minutes of your time
Basic networking knowledge is great

IP addressing with IPv4 and IPv6

When we speak of a network, we speak of a set connected devices (we call them clients/nodes) where each device has its own use. Also there are some fundamental components every network has:

Router (this device connects your network to other networks like the internet)
Client

Like i said, your network contains several devices and each devices has to know how to connect to an other device. This will be done using an IP address. Using IP addresses enables you to have a very efficient network in terms of cabling. In the past there some coaxial based networks where every device was physically connected to each other.

Active Directory FSMO roles

Tue, 04 Feb 2025 00:00:00 +0000

What are the FSMO roles of Active Directory?

FSMO stands for Flexible Single Master Operations. Active Directory is normally multi-master, meaning changes can be made on any domain controller. However, some operations must be handled by one specific domain controller at a time to avoid conflicts. These special responsibilities are called the FSMO roles.

There are five FSMO roles:

Two forest-wide roles
Three domain-wide roles

Let’s look at them all and explain what their function is:

Get Device serial number on Windows 11 24H2 and up

Wed, 22 Jan 2025 00:00:00 +0000

To get your device’s serial number, use the following command in Windows PowerShell:

POWERSHELL

Get-WmiObject win32_bios | select SerialNumber

Its as simple as that!

End of the page 🎉

You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

10 ways to use tags in Microsoft Azure

Fri, 10 Jan 2025 00:00:00 +0000

What are Tags in Azure?

Tags are a pair of editable values in Microsoft Azure. These are in this pair-convention:

Name : Value

We can define ourselves what the Name and Value actually are, if we stay within these limits:

Name: maximum of 512 characters
Value: maximum of 256 characters
- Half these values for storage accounts
These characters are not supported: <, >, %, &, \, ?, /

An example of a resource in my environment using tags:

Module 5: Storage in Azure

Sat, 21 Dec 2024 00:00:00 +0000

This module focuses purely on the various storage services that Azure offers and provides. Additionally, we will explore the different options available to increase redundancy and apply greater resilience.

The importance and types of storage

Storage fundamentally exists in three different types:

Structured: Structured data is information stored according to a specific structure or model, allowing queries to be written to retrieve data.
- Examples: Databases, Database tables
Semi-structured: Semi-structured data is not stored according to a strict schema, but each file contains a clear structure, making the data understandable.
- Examples: XML files, JSON files
Unstructured: Unstructured data consists of individual files, each containing its own data.
- Examples: Text files, Video files, Images, Emails

In this chapter, we will primarily focus on Unstructured data.

Microsoft Defender External Attack Surface Management (EASM)

Sun, 01 Dec 2024 00:00:00 +0000

Microsoft Defender External Attack Surface Management (EASM) is a security solution for an organization’s external attack surfaces. It operates by monitoring security and operational integrity across the following assets:

Websites
IP addresses
Domains
SSL certificates
Other digital assets

In addition to these components, EASM can also forward all relevant information and logs to SIEM solutions such as Microsoft Sentinel.

It is also possible to manually input company-specific data, such as all domain names and IP addresses associated with its services.

Azure Key Vault

Tue, 26 Nov 2024 00:00:00 +0000

Azure Key Vault is a type of vault used to store sensitive technical information, such as:

Certificates
Secrets
Keys

What sets Azure Key Vault apart from a traditional password manager is that it allows software to integrate with the vault. Instead of hardcoding a secret, the software can retrieve it from the vault. Additionally, it is possible to rotate a secret every month, enabling the application to use a different secret each month.

The MITRE ATTACK Framework

Mon, 25 Nov 2024 00:00:00 +0000

The MITRE ATTACK (ATT&CK) Framework is a framework which describes all stages and methods cyberattacks attacks are launched on companies in the last 15 years. The main purpose of the framework is to help Red and Blue security teams to harden their systems and to provide a library of known attacks to help mitigate them.

MITRE is the organization who is in charge of this community-driven framework and is a non-profit organization. ATT&CK stands for:

The Zero Trust-model

Mon, 25 Nov 2024 00:00:00 +0000

The Zero Trust model is a security model to enhance your security posture by using 3 basic principles, and segmenting aspects of your IT environment into pillars.

The 3 primary principles are:

Verify Explicitly
Least privileged access
Assume Breach

At first, those terms seem very unclear to me. To further clarify the principles, i have added some practice examples to further understand what they mean:


Principle	Outcomes
Verify Explicity	Ensure people are really who they say they are Audit every login attempt from specific users Audit login attempts Block access from non-approved countries
Least privileged access	Assign users only the permissions they need, not more Assign only the roles when they need them using PIM Use custom roles when default roles expose too much permissions
Assume breach	At every level, think about possible breaches Segment your network Password-based authentication only is too weak

The model is the best illustrated like this:

Module 4: Resiliency and Redundancy in Azure

Thu, 21 Nov 2024 00:00:00 +0000

This module is all about resiliency and redundancy in Microsoft Azure. Resiliency literally means flexibility. It refers to how resistant a solution is to certain issues and failures. We want to build our solutions redundant, because we don’t want outage in a system so a customer can’t do their work.

Areas to implement resilliency

The different layers where you can and should apply resiliency and how you can improve the area are:

Module 3: Governance in Microsoft Azure

Thu, 07 Nov 2024 00:00:00 +0000

Introduction to Govenance in Azure

Governance in Azure refers to the enforcement of rules and the establishment of standards in solutions, naming conventions, technology, etc. This is achieved through the management and importance of Management Groups, Subscriptions, Resource Groups, Policies, RBAC, and Budgets.

In the cloud, Governance is crucial because processes and behaviors differ significantly from on-premises hardware. Additionally, certain services can be made publicly accessible, which requires an extra layer of security.

Configure DNSSEC and SMTP DANE Microsoft 365

Thu, 31 Oct 2024 00:00:00 +0000

Domain Name System Security Extensions (DNSSEC)

DNSSEC is a feature where a client can validate the DNS records received by a DNS server to ensure a record is originated from the DNS server and not manipulated by a Man in the Middle attack.

DNSSEC is developed to prevent attacks like in the topology below:

Here a attacker injects a fake DNS record and sends the user to a different IP-address, not the actual IP-address of the real website but a fake, mostly spoofed website. This way, a user sees for example https://portal.azure.com in his address bar but is actually on a malicious webserver. This makes the user far more vulnerable to credential harvesting or phising attacks.

Module 2: Identity in Azure

Thu, 24 Oct 2024 00:00:00 +0000

This Azure Master Class (AMC) chapter is all about Identity in Microsoft Azure. This means we discuss the following:

Users
Groups
Devices
Enterprise Applications
Service Principals
Authentication

What is identity?

For every service that a user accesses, it is necessary to have an identity. Access needs to be determined, and the service must know who the user is in order to open the correct environment.

Best practice is to always assign the least possible privileges. A person who performs 3 tasks does not need permissions for 200 tasks, but for the 3 tasks only. “Least privilege” is one of the 3 key principals of the Zero Trust model.

Module 1: Fundaments of Cloud and Azure

Thu, 17 Oct 2024 00:00:00 +0000

This chapter is about the term “Cloud” and the fundamentals of Microsoft Azure and Cloud Services in general.

What is “the Cloud”?

The Cloud is a widely used term to say, “That runs elsewhere on the internet.” There are many different definitions, but the National Institute of Standards and Technology (NIST) in the United States has identified five characteristics that a service/solution must meet to call itself a cloud service:

How to learn Azure - My learning resources

Tue, 10 Sep 2024 00:00:00 +0000

To give a quick overview of all the training resources I used throughout the years and give you different types and sorted the resources from beginning to end:

Text based
Video’s
Labs and Applied Skills

1. Starting out (Video and text-based)

When starting out, my advice is to first watch the following video of John Savill explaining Microsoft Azure and giving a real introduction.

https://www.youtube.com/watch?v=_x1V2ny8FWM

After this, there is a Microsoft Learn collection available which describes the beginning of Azure:

Introduction to Azure roles and permissions (RBAC/IAM)

Tue, 30 Jul 2024 00:00:00 +0000

When managing a Microsoft Azure environment, permissions and roles with RBAC is one of the basic ways to improve your security. At one hand, you want to have the permissions to do basic tasks but at the other hand you want to restrict an user to be able to do only what he needs to. This is called, the principle of “least-privilege”.

In this guide, I want to you to understand the most of the basic knowledge of managing access controls in Azure without very complex stuff.

Network security in Azure with NSG and ASG

Fri, 26 Jul 2024 00:00:00 +0000

What does an Network Security Group (NSG) do?

A network Security Group is a layer 4 network security layer in Azure to filter incoming and outgoing traffic which you can apply to:

A single VM, you assign it to the NIC (Network Interface Card)
A subnet, which contains similar virtual machines or need the same policy

In a Network Security Group, you can define which traffic may enter or leave the assigned resource, this all based on layer 4 of the OSI model. In the Azure Portal, this looks like this:

Rename name-tags to resource groups and resources

Tue, 18 Jun 2024 00:00:00 +0000

When it comes to naming your Azure Resource Groups and resources, most of them are not renameable. This due to limitations on the platform and maybe some underlying technical limitations. However, it is possible to assign a renameable tag to a resource in Azure which can be changed or used to clarify its role. This looks like this:

How to add those renameable tags in the Azure Portal?

You can add this name tag by using a tag in Microsoft Azure. In the portal, go to your resource and go to tags. Here you can add a new tag:

Introduction to the Microsoft Cloud Security Benchmark (MCSB)

Tue, 16 Apr 2024 00:00:00 +0000

In the modern era like where we are today, security is a very important aspect of every system you manage. Bad security of 1 system can mess with all your systems.

So have a good overview of how secure your complete IT environment is, Microsoft released the Microsoft Cloud Security Benchmark, which is an collection of high-impact security recommendations you can use to secure your cloud services, even when utilizing a hybrid environment. When using Microsoft Defender for Cloud, this MCSB is included in the recommendations.

Introduction to the Azure Well-Architected Framework

Tue, 02 Apr 2024 00:00:00 +0000

The Azure Well-Architected Framework is a framework to improve the quality of your Microsoft Azure Deployment. This does it by spanning 5 pillars so an architect can determine with IT decision makers how they can get the most Azure with the planned budget.

The 5 pillars of the Well-Architected Framework are:


Pillar	Target
Reliability	The ability to recover a system and/or contine to work
Security	Secure the environment in all spots
Cost Optimization	Maximize the value when minimizing the costs
Operational Excellence	The processes that keep a system running
Performance Efficiency	The ability to adapt to changes

Cloud Adoption Framework Introduction (CAF)

Thu, 04 Jan 2024 00:00:00 +0000

More and more organizations are moving to the cloud. In order to do this succesful, we can use the Cloud Adoption Framework which is described by Microsoft.

The framework is a succesful order of processes and guidelines which companys can use to increase the success of adopting the cloud. The framework is described in the diagram below:

The CAF has the following steps:

Strategy: Define the project, define what you want to achieve and define the business outcomes.
Plan: Plan your migration, determine the plans and make sure the environment readiness is at a good level.
Ready (and migrate): Prepare your new cloud environment for planned changes and migrate your workloads to the cloud.
Optimize: After migrating to the cloud, optimize your environment by using the beste solutions possible and innovate at this level.
Secure: Improve the security of your workloads and plan your perodical security checks.
Manage: Manage operations for cloud and hybrid solutions.
Govern: Govern your environment and its workloads.

Intention of use

Increase the chance of your cloud success
Gives you a best practice of how to perform the migration by proven methodology
Ensures you don’t miss a crucial step

Intended users/audience

IT Decision makers
Company Management Teams
Companies who want to profit from cloud solutions
Companies that are planning to migrate to the cloud
Technicians and project managers for planning the migration

For more information, check out this page: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/