IT/Dev Connections Highlights of my sessions


#ITDevConnections is approaching. Join my sessions where I plan to make some exciting deep dive demos.

I’m going to have 3 talks on the following topics

  • Deep Dive into Azure DevOps Custom Extensions (1)
  • DevSecOps: Infrastructure as Code: Azure DevOps vs Azure Automation (2)
  • DevSecOps: Identity at the Heart of Automation (3)

These three talks can be attended separately or all together since they are somehow linked and part of the same story but you can perfectly afford to attend only one of them and still (hopefully) grasp the overall concepts!

Enough talking, in talk #1, you will learn how to build Custom Azure DevOps Extensions(building/versioning/debugging) and complexity will increase over time since we’ll end up with building custom Service Endpoint Types talking to API Management or to custom APIs through Mutual Authentication, in other words, letting Azure DevOps talking to any backend of yours in different manners.

In talk #2, I have an awesome demo showing how to tackle all the aspects of an application lifecycle from Development to Security & Operations (DevSecOps) with security bits in the picture (MSI, API Management, Azure KeyVault, Azure AD, Network isolation, etc..) and Operational aspects such as Log Analytics & Azure Automation runbooks, everything fully automated and integrated into a single release pipeline. We’ll start from nothing and we’ll have a fully functional application relying on a secure architecture with the basic monitoring blocs in place. I’ll also make a few demos of Azure Automation.

In talk #3, I’ll discuss one of the most challenging topics when it comes to automation: identity. Here again, I’ll show you how to have an end-to-end Enterprise-ready automation of identity-related things (MSI, OpenID and OAuth together with Key Vault).  We’ll start simple and we’ll end up with a complex scenario implying user & group assignments.

I’m eager to see you at #ITDevConnections




Posted in Azure | Leave a comment

Azure Tools VSTS extension to bridge Dev & Ops a little more


I have just released the v1.0 of Azure Tools that is an open source initiative available on Github. The idea is to bring a set of tools to bridge VSTS with tools that are typically used by infrastructure and operational teams.

This first version comes with two tasks allowing to call Azure Automation Runbooks from VSTS in a very secure way since the webhook used to trigger the runbook is a one-time one. The other task is to write logs into Log Analytics which has become prominent and is a first class citizen in the Azure monitoring story.

Feel free to try it out and share ideas on what could be useful additions for future releases.


Happy deployments!


Posted in Azure, vsts | Tagged , , , , | Leave a comment

Azure API Management – VSTS – V2.0 release


A while ago, I have published a free VSTS extension to automate deployments towards Azure API Management.

I got a rather good feedback and some change requests as well as the involvement of some external contributors on the GitHub Repo. In a nutshell, the purpose of this extension is to bring Azure API Management into VSTS as part of your release lifecyle. Whether you use API Management to monetize APIS or for internal purposes, it is good to associate the release of your backends APIs with their corresponding facade APIs published against the API Gateway. The extension now comes with the following features: Continue reading

Posted in Azure | Leave a comment

Azure policies & Azure firewall


I recently blogged about the new Azure Firewall that gives you the possibility to control outbound traffic from resources hosted inside of a VNET. At the time of writing, although the firewall is defined at VNET level, it does not apply automatically to all resources defined in that VNET. Indeed, routing is enforced through a route table that you have to associate to some or all subnets. Continue reading

Posted in Azure, Security | Tagged , , , | Leave a comment

Azure Connectors, the DMZ 2.0?


I wanted to write this blog post because I’m often facing hard resistance from customers working with the Cloud and Hybrid Architectures regarding some security aspects.

A very well-known way to secure access to on-premises resources is by using a buffer perimeter called a DMZ, which is something everybody knows, including junior developers because it’s probably as old as the Internet. While this way of working is usually very effective, it is certainly not the most efficient since it usually takes more time to have something new added to the DMZ than to the regular data center or directly in the Cloud (PaaS, Faas). Continue reading

Posted in Azure, Azure Active Directory Proxy | Tagged , , , | Leave a comment

Understanding Azure MSI (Managed Service Identity) tokens & caching


Now that Azure MSI turned generally available for App Services and Azure Functions, there is no more excuse not to use it. As a recap, Azure MSI is a great way to develop more secure applications and to setup more secure environments. The reason for this is mostly because it saves you from having to generate credentials (Service Accounts or Apps) yourself. Continue reading

Posted in Azure | 2 Comments

Azure Firewall, a step towards a “managed” NVA?


Microsoft recently made Azure Firewall available in public preview. This Firewall as a Service offers a new way to protect and control network traffic via both network and application rules. At the time of writing, Azure Firewall is used to control outbound traffic only. Network rules are similar to what you can do with NSG but application rules allow URL based rules as shown below:

Continue reading

Posted in Azure | Tagged , | 1 Comment