Deploy Azure App Services to multiple regions within the same subscription – VSTS trick


Most of the times, when deploying App Services such as a webapp to a single region, you simply use the Azure App Service Deploy task, that is currently in version 3.0 and whose a preview of the next version is to come.

However, using the very same task to deploy an App Service to multiple regions, in case you have a HA setup is a little more challenging. Looking at the below screenshot:


you can easily specify the name of the App Service. The problem is that, when working with multiple regions, the name will most probably be the same in the other region, therefore, the task cannot distinguish which service is targeted.  So, ideally, we should be able to select the resource group to make this distinction.

It turns out that one can select the resource group when ticking the Deploy to slot option:


but what if you don’t use slots??? Then, the easy fix is to put the value “production” in the Slot field.

Credits to Thomas Browet (@thomas_brw), one of my colleagues, for the tip.

Happy deployments!

Posted in Azure, DevOps, vsts | Tagged , , , | Leave a comment

VSTS task/extension upgrade explained


There is quite good documentation on Microsoft web sites on how to build custom tasks and custom extensions but things become a little more complicated when it comes to upgrading existing tasks and/or extensions. Since I ended up reverse engineering extensions built by big third parties (by downloading them), I thought it was well worth a blog post to prevent you having the same pain.

That said, you have to distinguish the tasks & extensions. For a private use, one can perfectly work only with tasks. Extensions are a way to distribute one or more tasks from the market place, either for a private share, either for public share. I will only consider the latter.

Fixing a bug

If you want to fix a bug of an existing task, you can simply upgrade the patching or minor version number and upgrade the extension number in the manifest.

"version": {
"Major": "1",
"Minor": "0",
"Patch": "1"

Updating the extension in the Management Portal (I’ll come to this later) will automatically make the build agents of accounts consuming the extension, picking up the last version of the task.

Publishing a major version of a task

If the change is bigger than merely a bug fix and if you want to have task versions side by side to avoid breaking anything or to propose multiple versions of a same task such as:


you’ll need to work a little more. In that case, you can duplicate your existing task but end up with a folder structure like this:

my task
—-v1 artifacts
—-v2 artifcats

The task identifier must remain the same, the name may be left unchanged or be changed and the major versions must be different. In the extension manifest, the contribution should refer to the root folder of the task and its identifier like this:

"contributions": [
      "id": "ca1755b2-751f-45e3-9bad-89a5c08d457d",
      "type": "ms.vss-distributed-task.task",
      "targets": [
      "properties": {
        "name": "rootfoldername"

Deleting a task or a version

I wouldn’t recommend you trying this but it seems to have no effect on accounts having already your extension installed, and this, to avoid any disruption of service I guess. However, beware that removing an extension from the marketplace seems to be one step too far as existing account’s build/release definitions will be broken if using tasks from your extension.

In case of a mere task/version deletion, new accounts will only see the remaining tasks and/or versions while existing accounts would only get a fresh copy by uninstalling and reinstalling completely the extension which is unlikely to happen. It could be handy at tenant level to have an upgrade version as well to opt-in explicitly and have a better control over what the supplier is doing. Today, the only two options are “Disable” and “Uninstall”.

Updating the extension itself

The only way to push changes to existing and new accounts is to publish a new version of the extension itself. This can be easily done by updating the extension manifest manually and by calling tfx extension create, or simply by calling tfx extension create –rev-version which will create the extension package and change the manifest in order to increment the version number. Once the package is produced, you can simply use the update menu option:


Happy VSTS.


Posted in vsts | Tagged , , , , , | Leave a comment

DevOps – Azure API Management and VSTS, better together


Visual Studio Team Services aka VSTS is a great tool when it comes to Application Lifecycle Management, Continuous Integration and Continuous Deployment. It is a must have tool in any DevOps organization working with Microsoft technologies (but not only). With that in mind, it is a surprise to no-one that most of the Azure PaaS services are natively integrated with VSTS, using either existing extensions, either ARM templates, either ARM APIs.

However, strangely enough, I couldn’t find a real integration with Azure API Management other than this extension, which is a nice effort but not reflecting the real value of Azure API Management. Some getting started ARM templates are available but that’s rather light for now. Moreover, while ARM templates are great, they are sometimes limited or not that easy to manipulate.

So, in an attempt to contribute, I released a free VSTS extension on the marketplace, called API Management Suite,  that covers a rather broad set of features of Azure API Management. The extension helps dealing with:

  • Creation/Update of Gateway APIs with and without versioning pointing to traditional backend API services
  • Creation/Update of Gateway APIs with and without versioning on top of Azure Functions
  • Creation/Update of Gateway Products
  • Built-in support of Gateway Policies for both products & APIs

Everything is open sourced on GitHub in this repo.

Happy deployments!

Posted in Azure, DevOps | Tagged , , , | Leave a comment

May Azure AD V1.0 endpoint be used for GDPR compliancy?


By now, everybody should have heard about GDPR. While not being a lawyer, I think I can summarize it this way: any identifiable personal information as well as sensitive personal information is subject to GDPR regulation.  This first and foremost implies informing the user about which usage is done with his personal data.

The major asset to comply with GDPR is the consent. By letting users consent about what is done with their personal information, you should be on the safe path. However, GPDR comes with strong requirements such as: every distinctive usage should come with its own consent and could be revoked at any time by the end user, which means that you cannot simply bundle everything in one basket and ask the user to consent to the whole thing, even if doing this, is already better than nothing. Continue reading

Posted in Azure, Azure Active Directory | Tagged , , | Leave a comment

VSTS extension to provision Azure Active Directory Apps in an automated way


I have published an extension on the VSTS Marketplace that helps automating the deployment of Azure Active Directory Applications for business applications. The task comes with several built-in templates that cover most of the topologies.  It helps dealing with:

  • Deploy webapi type of Azure Active Directory Applications
  • Deploy native client type of Azure Active Directory Applications
  • Deploy custom APIs with custom application roles
  • Deploy custom APIs with custom oauth2Permissions
  • Enable the implicit grant flow
  • Request GroupMembershipClaims
  • Request both Delegate & Application permissions to other resources
  • Generate App Identifiers and App Secrets and store them into Azure Key Vault
  • Grant read access onto provisioned Azure Key Vault secrets to MSI-enabled Azure App Services
  • Handle User & Group assignments to app roles

More on the marketplace

Happy automation!


Posted in Azure | Leave a comment

Controlling Azure Costs with proper tagging and the billing APIs


At the time of writing this blog post, it is hard to be entirely satisfied with the existing Azure cost control solutions such as Cloudyn or the Microsoft Azure Consumption Insights Power BI app, should you envision a very granular way of analyzing costs.

Indeed, both Cloudyn and the Power BI app help to analyze costs per subscription and even per resource group to some extent but none of these solution focuses on tags, although tags are the only way you can really tie all things together, as for instance tagging whatever Azure Resource with a project code that’d be the identifier of the associated project you’re running. Having a granular way of calculating costs allows you to come back to your stakeholders with what they are consuming and potentially charge them back.

Limitations of existing solutions

Currently, in Cloudyn, not all tags are brought back in the UI as it seems that only tags associated to VMs are surfaced, which is far from representing all kind of costs incurred by your activities, although VMs are indeed costly resources. With the Power BI app, tags are there but on their original form, meaning an arbitrary array of tags for each tagged resource. I say arbitrary as some tags are added by Azure itself. Therefore, it is very hard if not impossible to exploit this in reports, even when using Advanced Filtering. Continue reading

Posted in Azure | Tagged , , , , | Leave a comment

Build the ultimate chatbot


For this episode, I have created another chatbot that is aimed at helping factory workers to intervene on machines whenever they encounter operating problems. This factory comes with a specific jargon and workers are surrounded by permanent noise which can obfuscate worker statements when they give vocal orders. We’ll tackle these constraints by leveraging the Custom Speech service with the bot framework. We’ll also see how Custom Speech differs from Speech Priming that I talked about in episode 8.

If you’re not yet familiar with the bot framework and the cognitive services in general, I strongly advise you to watch my other episodes as I will only focus on Custom Speech and I will not explain things I have already explained in the previous episodes.

Happy AI!

Posted in Azure, Azure Cognitive Services | Tagged , , , | Leave a comment