Entra ID and Azure Taxonomy - Designing a clean cloud structure
Designing a clear Azure structure requires deciding which taxonomy level should enforce Azure Policy, RBAC, and isolation. This article presents the hierarchy from Entra ID Tenant down to Azure Resources, explains where to apply governance, and gives practical tips you can use to build a maintainable cloud structure.
As the diagram shows, the first takeaway is that Microsoft Entra ID is the identity management branch and Azure is the resource governance branch.
Fixing the "Cannot connect to backend server" error in Azure Application Gateway health checks
When an Application Gateway reports backend health check failures, a frequent but easy-to-miss cause is a TLS negotiation mismatch between the gateway and the backend. This article shows how to diagnose the problem, align TLS settings and probes, validate the fix, and codify the correct configuration in IaC.
A Guide to Compile-Time, Template, and Runtime Expressions in Azure Pipelines
Azure Pipelines support two types of expressions to control pipeline behavior: compile-time expressions (evaluated at pipeline creation) and runtime expressions (evaluated during pipeline execution). Template expressions, a subcategory of compile-time, help you create reusable pipeline components.
The key takeaway: Use compile-time expressions with parameters for fixed values needed at pipeline creation, and runtime expressions with variables for dynamic behavior based on execution state.
Want to dive deeper into all this terminology? Read along to learn all the details.
When working with Azure, you will encounter various types of IDs in the form of GUIDs (Globally Unique Identifiers). Understanding these IDs is crucial for managing resources, configuring access, and using the Azure CLI (az) effectively.
We’ll explore these IDs (terms in backticks match the Azure portal labels):
Tenant ID — identifies your Microsoft Entra ID directory; used for authentication and identity management.
Subscription ID — identifies a subscription; used for billing and scoping resource operations.
Resource GUID — an internal GUID assigned to a resource instance; helpful for cross-referencing resources.
Resource ID — the full ARM path showing where a resource lives; used in ARM templates and API calls.
Application (Client) ID — the client identifier (appId) for a registered application; used in OAuth flows.
Object ID — a tenant-scoped identifier for directory objects like users and service principals.
How to Solve the "authentication credential type for the storage account isn't valid" Error in Azure Logic Apps
When working with Azure Logic Apps (Standard) and you try to use a User-Assigned Managed Identity for accessing a storage account, you might encounter the following error:
Microsoft.Azure.Workflows.Data.Edge authentication credential type for the storage account isn't valid
In my case the error was because I was using the wrong ID as value of the AzureWebJobsStorage__managedIdentityResourceId app setting.