The AZ-500 is a great certification if you work with security and compliance. In this article I'm outlining my experiences in taking this exam online from my home office, as well as free official Microsoft documentation around the areas you'll be tested on.
I spend much time with Microsoft Azure. Architecture and Design, Solution Architecture, Development, Security, Operations, and more. The extensions below can serve both Developers, Administrators, and anyone in between. In this post, we're looking at some of my favorite Visual Studio Code extensions for working with Azure in various ways. Perhaps you can find some new favorites yourself. Share your favorites in the comments below! Azure AccountThis extension lets you sign in to your subscription and manage aspects of it within Visual Studio Code. This extension is beneficial and productive when working with development subscriptions. I don't use it for…
In recent years, I have built and operated distributed cloud systems. With these systems comes various challenges. A key thing I've learned is to keep a close eye on metrics and insights, to learn how our applications are behaving at scale. This post will be about how to make use of Azure Application Insights to learn about performance and execution issues in Azure Functions, and ultimately in Azure App Services. We will take a look at these things: Use cases. Some favorites from my professional experiences.Favorite KQL (Kusto Query Language) queries. Querying the telemetry and logs for insightful data.…
Performing code analysis and security scans on your code is imperative to software craftsmanship. Over the years, I have had plenty of options for performing security scans, both with third-party vendors and open-source tools. I want to highlight some of my favorite GitHub Actions to run code analysis with a Security-focus in this post. Before diving into some of my favorites on GitHub, here are some recent posts related to code analysis and security that I published. Perhaps they can be insightful, too: Use the Microsoft Application Inspector to analyze your source codeWebsite security scanning with GitHub Actions and OWASP…
Use the Microsoft Application Inspector to learn more about your code. Discover what types of algorithms, APIs, sensitive data and more that you make use of in the code base.
There are numerous ways to secure and audit your Azure Key Vault setup and usage. In 2019, I wrote Who accessed my Azure Key Vault?, which is still relevant. In this article, I want to talk about how to set up automatic notifications when something change related to your secrets. Events in Key VaultsBefore we drill into the steps to get this done, I want to talk about events in general, and things we might want to think about before we dive in. What events can we subscribe to? The Azure Key Vault uses EventGrid for events. The currently supported…
Security is a topic that should be on top of everyone's mind. Particularly security in software is vital, given the enormous growth in threats targeting online resources. I previously wrote about other developer-oriented security aspects that you might find interesting: Embrace a Security Development Lifecycle (SDL) for AzureAutomate Azure DevOps code security analysis with MSCAToday I want to highlight another approach: vulnerability checks on systems running in the cloud or on your servers. That is, not during development, but in the system where they are operating. In this post, I'm discussing how we can do this using GitHub Actions and…
Relying on Application Insights to provide great data has always been a core component of anything I create. Recently, I upgraded my projects to .NET Core 3.1, and in few cases I also upgraded to .NET 5 (Preview). A lot of my code is executed in containers, or other background processes that may not have a native Application Insight integration. With the upgrade to .NET Core 3.1, we noticed after a while that no logs were persisted to the cloud anymore. I could see telemetry being created when debugging, and from that perspective all the unit tests were…