Hello Folks,

In this article, we will walk through a very serious problem that I have seen in multiple Azure environments in my customers: an Azure environment where outbound firewall rules allowed access to any Azure Storage account on the internet.

On the surface, the rule looked safe enough: outbound access was limited to Azure Storage endpoints. In reality, this meant that any storage account in any tenant was reachable, as long as it lived behind a standard *.blob.core.windows.net or *.dfs.core.windows.net style FQDN. From a data exfiltration perspective, this is a big red flag. Any workload that can send HTTPS traffic to arbitrary storage accounts can quietly move data out of your tenant, and that traffic is almost indistinguishable from normal storage operations.

Hello Folks,

Welcome to the Part 2. In Part 1, we covered the fundamentals of CI/CD for Microsoft Fabric: why it matters, how workspaces and branches map to environments, the flow from dev to test to prod, and the common mistakes to avoid. Now it is time to get practical.

In this part, we will set up everything you need in Azure DevOps to build a working CI/CD pipeline for Fabric. We will go through variable groups, environments with approval gates, the pipeline YAML, the Python deployment script, and the parameter file that handles GUID replacement across environments. By the end, you will have a clear picture of how all the pieces connect.

Hello Everybody,

In these two series, I want to walk you through how CI/CD works for Microsoft Fabric deployments. This is a topic that comes up a lot, and I think the best way to understand it is to start from scratch and build up step by step. In this first part, we will cover the fundamentals: what CI/CD means in the context of Fabric, why it matters, and how the basic building blocks fit together. In Part 2, we will go hands-on with Azure DevOps, the fabric-cicd Python package, parameter files, and a full end-to-end deployment walkthrough.

If you are working with Microsoft Fabric and your team is still deploying things manually, copying items between workspaces, or making changes directly in production, this article is for you.

I had a fantastic time speaking at Global Azure 2025 in Istanbul (May 8–10). The session was recorded and I published the video on YouTube. I am sharing the recording of my talk, "Automating Azure PIM Role Assignments with Terraform". Whether you attended live or couldn’t make it, you can now watch the full session at your convenience.

I'm excited to announce that, continuing my journey since 2017, I will be speaking at the Azure Global Bootcamp 2025 on May 8- 10. This year, I’m eager to share more insights and learnings with the Azure community. Join me as we dive into the latest Azure advancements and tackle current tech challenges together.

Welcome back, Friend!

In the previous article, we covered setting up the necessary resources for the AI Agent for Azure Policy Governance Assistant. Now, we will proceed with the final steps to complete and test the AI Agent:

• Create the AI Agent using the Azure AI Foundry UI or PowerShell.
• Develop and provide an example KQL query for retrieving compliance data.
• Execute the KQL query and upload the results to the AI Agent’s Knowledge.
• Test the AI Agent to ensure it accurately responds to policy compliance queries.

Hello Friend,

Today, I’m going to build a quick-win solution called the AI Agent for Azure Policy Governance Assistant. This AI Agent is meant to help you rapidly identify non-compliant policies and improve governance across your Azure subscriptions or resource groups. Imagine that being able to ask the AI Agent questions like, "Which resources are non-compliant?" or "Which exemptions are about to expire within my subscription scope?" In this article, I’ll walk you through setting up the necessary resources using PowerShell scripts, and then show you how to integrate them with an AI Agent for actionable governance insights.

Bicep parameter files allow you to define values in an individual file that are then passed to your main Bicep Templates file. The parameter file exposes values that may change from a given subscription, environment, and/or region. Leveraging a parameter file drives consistency in your IaC deployments while providing flexibility. For example, an organization can use these files to right-size nonproduction environments to save costs while maintaining the same core infrastructure across all deployments.

In addition, these parameter files streamline the CI/CD deployment process. Since each parameter file is under source control and passed into the appropriate automated deployment steps, they ensure a consistent and repeatable deployment experience. In this article, we will explore how to create, read, and use a Bicep parameters file via PowerShell.

In Part 1, we covered the benefits, considerations, and real-world use cases for Azure VNet Service Endpoints. Now, let's take a closer look at how to track and manage service endpoint usage in your network, focusing on writing complex KQL queries to accurately identify service endpoint configurations. Once identified, you can start assessing your environment to understand the impact and optimize your network setup.

⚡ Querying Service Endpoint Usage with KQL​

KQL is one of the most effective tools in Azure for querying large datasets, especially within Azure Resource Graph. It allows you to monitor and identify where service endpoints are being used in your environment and provides visibility into traffic patterns. I have tons of examples in my blog about KQL and Azure Resource Graph. You can check them out for more details.

In this two-part article series, I’ll try to explore a common Azure scenario involving Virtual Network (VNet) Service Endpoints, specifically in the context of Azure Storage. Microsoft already provides extensive documentation on this topic, so you won’t see much detail on that in this article series—it's all available in the MS Docs. Instead, this article will focus on practical considerations, real-world use cases, and the network impacts when using service endpoints in your environment.

📚 Understanding Azure Service Endpoints​

Service Endpoints offer secure, private connectivity between virtual networks and Azure PaaS services, such as Azure Storage, by utilizing the Azure backbone network. Microsoft highlights that service endpoints help optimize both performance and security by keeping traffic within Azure’s infrastructure, thus eliminating the need for routing traffic over the public internet.