My Blog

When an Application Gateway reports backend health check failures, a frequent but easy-to-miss cause is a TLS negotiation mismatch between the gateway and the backend. This article shows how to diagnose the problem, align TLS settings and probes, validate the fix, and codify the correct configuration in IaC.

Azure Pipelines support two types of expressions to control pipeline behavior: compile-time expressions (evaluated at pipeline creation) and runtime expressions (evaluated during pipeline execution). Template expressions, a subcategory of compile-time, help you create reusable pipeline components.

The key takeaway: Use compile-time expressions with parameters for fixed values needed at pipeline creation, and runtime expressions with variables for dynamic behavior based on execution state.

Want to dive deeper into all this terminology? Read along to learn all the details.

When working with Azure, you will encounter various types of IDs in the form of GUIDs (Globally Unique Identifiers). Understanding these IDs is crucial for managing resources, configuring access, and using the Azure CLI (az) effectively.

We’ll explore these IDs (terms in backticks match the Azure portal labels):

• Tenant ID — identifies your Microsoft Entra ID directory; used for authentication and identity management.
• Subscription ID — identifies a subscription; used for billing and scoping resource operations.
• Resource GUID — an internal GUID assigned to a resource instance; helpful for cross-referencing resources.
• Resource ID — the full ARM path showing where a resource lives; used in ARM templates and API calls.
• Application (Client) ID — the client identifier (appId) for a registered application; used in OAuth flows.
• Object ID — a tenant-scoped identifier for directory objects like users and service principals.

When working with Azure Logic Apps (Standard) and you try to use a User-Assigned Managed Identity for accessing a storage account, you might encounter the following error:

Microsoft.Azure.Workflows.Data.Edge authentication credential type for the storage account isn't valid

In my case the error was because I was using the wrong ID as value of the AzureWebJobsStorage__managedIdentityResourceId app setting.

Imagine the following scenario on Azure: You have an App Registration A which should be able to administrate another App Registration B. For that, App Registration A should be made an owner of App Registration B. However, on the Azure Portal it is only possible to add a real user as an owner and not a Service Principal (in this case, an App Registration).

In this article, we’ll use an Azure CLI command to achieve our goal. But first, let’s clarify the difference between an App Registration and its associated Enterprise Application.