Recently, I had to troubleshoot a case of performance degradation on an Azure VM. The key symptom was high memory pressure, which in Azure means the system is under heavy strain to fulfill memory requests — often leading to lag, paging, and slow performance.
To get to the root cause, we used Azure Performance Diagnostics (PerfInsights) — a powerful and easy-to-use troubleshooting tool. Here’s how you can install and use it from the Azure Portal, without needing to log in to the VM.
Good news! As of June 2025, OpenTelemetry is now in preview for Azure Functions. If you want basic observability without writing code or installing libraries, you can now enable distributed tracing directly from the Azure Portal.
This quick guide shows the simplest way to enable OpenTelemetry in Azure Functions using built-in features — no NuGet packages or custom code needed.
An existing Azure Function App (v4)
Application Insights already enabled (most new Function Apps have this by default)
Continue reading “Enable OpenTelemetry in Azure Functions: The Easiest Way via Azure Portal”
Azure recently announced the general availability of Private Subnet, a new feature that allows you to disable the implicit outbound Internet connectivity for virtual machines in a subnet. In this blog post, we’ll cover:
What Azure Private Subnets are and why they matter
Key benefits of disabling default outbound access
Step-by-step instructions to configure a private subnet via the Azure Portal
Verifying that default outbound has been disabled
Traditionally, when you create a subnet in an Azure Virtual Network (VNet) without any explicit outbound connectivity (such as a NAT gateway, Public IP, or Load Balancer), Azure automatically provides a default outbound access IP for those VMs. While this is convenient, it introduces an implicit egress path—VMs can communicate with public endpoints without you having explicitly configured any egress resources.
A Private Subnet in Azure is simply a subnet where this default outbound access is turned off. Consequently:
Any VM deployed within that subnet cannot reach the Internet by default.
You must explicitly configure an alternative egress mechanism if VMs need outbound connectivity (e.g., NAT Gateway, Standard Load Balancer, Firewall, or a Public IP assigned directly to the NIC).
By removing the implicit outbound IP, Azure Private Subnets enforce a “zero trust” approach: no VM can communicate externally until you grant it an explicit, auditable path.
Secure by Default
Default outbound IPs are not customer-owned and can change unpredictably. By disabling implicit egress, you ensure VMs only send traffic externally when you explicitly allow it, reducing your attack surface.
Prevent Data Exfiltration
In regulated or highly sensitive environments (for example, PCI-DSS or HIPAA workloads), any unsolicited outbound route can pose compliance or security risks. Private Subnets eliminate unexpected data exfiltration channels.
Encourage Explicit Egress Configuration
When default outbound is disabled, you must provision a known, managed egress mechanism (like a NAT Gateway), which can be tightly monitored for logging, analytics, and cost control. This “explicit-over-implicit” model aligns with best practices for cloud network security.
Accidental deletion or modification of critical resources in Azure is more common than most teams would like to admit. And unlike on-prem environments, where layers of approvals or access barriers might slow someone down, Azure’s agility can sometimes be its own worst enemy — especially when production workloads are one click away from disappearing.
Enter: Azure Resource Locks — your environment’s seatbelt.
What Are Azure Resource Locks?
Azure Resource Locks are a built-in feature that allow you to restrict operations on resources, resource groups, or subscriptions. These locks act as a last line of defense — even if someone has Contributor or Owner permissions, a lock will block unwanted actions like deletion or configuration changes.
Continue reading “Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)”
When you work in the cloud, keeping things organised is very important. Azure Policy is a simple tool that helps enforce rules on your resources. In this post, I’ll explain what Azure Policy is and show you a basic example of using it to require a tag on all your resources.
Azure Policy lets you set rules for your cloud resources. For example, you might want every resource to have a tag called Cost Centre so you know which department it belongs to. If someone tries to create a resource without that tag, the policy can stop it from being created.
This tool is very useful because it helps everyone on your team follow the same guidelines and keeps your cloud resources well organised.
In this example, we’ll create a custom policy that requires every resource to have a Cost Centre tag. If the tag is missing, the resource won’t be allowed.
Create the policy rule file.
Create the policy parameters file.
Create the policy definition in Azure using the Azure CLI.
Assign the policy to a scope.
Check if your policy is working.
Continue reading “How to Use Azure Policy for Better Cloud Management”
Get Practical 