Get Practical

Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)

Accidental deletion or modification of critical resources in Azure is more common than most teams would like to admit. And unlike on-prem environments, where layers of approvals or access barriers might slow someone down, Azure’s agility can sometimes be its own worst enemy — especially when production workloads are one click away from disappearing.

Enter: Azure Resource Locks — your environment’s seatbelt.

What Are Azure Resource Locks?

Azure Resource Locks are a built-in feature that allow you to restrict operations on resources, resource groups, or subscriptions. These locks act as a last line of defense — even if someone has Contributor or Owner permissions, a lock will block unwanted actions like deletion or configuration changes.

Continue reading “Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)”

How to Use Azure Policy for Better Cloud Management

When you work in the cloud, keeping things organised is very important. Azure Policy is a simple tool that helps enforce rules on your resources. In this post, I’ll explain what Azure Policy is and show you a basic example of using it to require a tag on all your resources.

What is Azure Policy?

Azure Policy lets you set rules for your cloud resources. For example, you might want every resource to have a tag called Cost Centre so you know which department it belongs to. If someone tries to create a resource without that tag, the policy can stop it from being created.

This tool is very useful because it helps everyone on your team follow the same guidelines and keeps your cloud resources well organised.

A Simple Example: Requiring a "Cost Centre" Tag

In this example, we’ll create a custom policy that requires every resource to have a Cost Centre tag. If the tag is missing, the resource won’t be allowed.

Overview of the Steps

Create the policy rule file.
Create the policy parameters file.
Create the policy definition in Azure using the Azure CLI.
Assign the policy to a scope.
Check if your policy is working.

Continue reading “How to Use Azure Policy for Better Cloud Management”

Extracting the Last Sign-In Date in Azure (Entra ID) with Microsoft Graph PowerShell

As a Cloud Engineer, I’m always looking for ways to automate processes and streamline the management of our Azure environment. Recently, a customer approached me with a challenge: they needed to extract the last sign-in date for every user in their tenant. Although the Entra ID portal provides this information, the customer required it in a CSV format so that their security team could review the data, collaborate with user managers, and determine if certain accounts were still needed.

The Challenge

The customer needed a consolidated CSV report that contained each user’s:

Display Name
User Principal Name
Email Address
Last Sign-In Date
Manager Information (which includes the manager’s display name and email)

Although the Entra ID portal displays sign-in data, it has its limitations:

Data Extraction vs. Portal View

While the Entra ID portal provides sign-in data, having it in CSV format enables deeper analysis and easier sharing among teams. This approach consolidates all the required information into one single report. Currently, the portal doesn’t allow you to add a manager column in the view, meaning that extracting manager details would otherwise be an extremely manual process.

Continue reading “Extracting the Last Sign-In Date in Azure (Entra ID) with Microsoft Graph PowerShell”

Unlocking Nested Virtualization in Azure: A Step-by-Step Guide

Nested virtualization in Azure is a powerful feature that enables running a Hyper-V hypervisor within an Azure virtual machine (VM). This capability is invaluable for developers, machine learning engineers, and data scientists who require flexible and scalable environments for testing, development, or containerized applications. This post provides a step-by-step guide to setting up nested virtualization, ensuring you can leverage its full potential.

Prerequisites and Supported VM Sizes

Before diving into the setup, ensure you choose an Azure VM that supports nested virtualization. Compatible VM sizes include:

Dv3, Dsv3
Dv4, Dsv4
Ddv4, Ddsv4
Ev3, Esv3
Ev4, Esv4
F2s_v2 to F72s_v2
FX4 to FX48
M series

For most use cases, the Dv3 and Ev3 series are excellent choices. Make sure the VM size meets the system requirements for your intended workloads, such as Docker Desktop.

Step 1: Deploying an Azure VM

Create the VM:
- Log in to the Azure Portal.
- Select a Windows Server image and choose a compatible VM size.
Configure Networking:
- Set up the required inbound and outbound port rules.
Deploy:
- Review your configuration and deploy the VM.

Continue reading “Unlocking Nested Virtualization in Azure: A Step-by-Step Guide”

Step-by-Step Guide: Setting Up a Banned Password List in Azure

Recently, a customer raised a ticket asking us to implement a banned password list. In this guide, I’ll walk you through how we successfully tackled this request and configured it in Entra ID.

Enforcing strong password policies in Entra ID is crucial for improving organisational security. One effective method is implementing a custom banned password list to prevent users from selecting weak or predictable passwords. Here’s how to set this up step-by-step:

Prerequisites

Before starting, ensure you have the following:

Entra ID Premium P1 or P2 licence
- The banned password list feature is available only in Entra ID Premium editions.
Administrator permissions
- You need Global Administrator or Privileged Role Administrator rights in Entra ID to configure password policies.

Continue reading “Step-by-Step Guide: Setting Up a Banned Password List in Azure”