FinOps first step: create an assessment. Easy to say but if your organization has hundreds of subscriptions, you can’t do it manually. That’s why I wrote a KQL query that calculates how many CPUs y...

Continuing the Service Endpoint Policy Improvement series with an Azure Policy: this time, I want to enforce that whenever users enable a Storage Account service endpoint on a subnet, they must als...

With a service endpoint policy, you can limit access to Storage accounts. When you enable a service endpoint on a specific subnet, only the Storage accounts allowed by the policy are reachable. By ...

The Service Endpoint vs. Private Endpoint debate is a never ending story. I believe both have their place in the Azure ecosystem, and I use both, as each has its own advantages and disadvantages. I...

I just migrated my VPN from OpenVPN to Global Secure Access (GSA), so I thought I would share my experience with you. One of the most important things for me is to reach my HomeLab and Azure resour...

In Azure, we have “Virtual Network”, which is a software-defined network. With this network, you can do many things, including creating a Service Endpoint. A Service Endpoint allows you to extend y...

Did you know that you can use a central certificate for your Azure Application Gateway? You don’t need a Key Vault in every subscription—you can use a central Key Vault in a central subscription an...

Azure PostgreSQL Flexible Server is a fully managed database service that allows you to run, manage, and scale PostgreSQL databases in the cloud. It provides built-in high availability, automated b...

Where are they use SP? Everywhere! :) Okay, maybe not everywhere, but everybody limit the users with conditional access, request MFA, check risky sign-ins, etc. But what about the service principal...

When working with Azure Policy, you may notice that some policies seem slow. However, Azure Policy itself is not slow; rather, some settings—mostly in built-in policies—force a 10-minute wait. Some...