Azure Private Link Service (PLS) has long been the go-to option for exposing your services privately to consumers across Azure — ensuring that traffic never crosses the public internet.
Until recently, this required a Standard Load Balancer to sit in front of your service. That setup worked well, but it added complexity and limited flexibility, especially in hybrid or custom routing scenarios.
Now, with Private Link Service Direct Connect, Microsoft has simplified the model. You can route traffic directly to any privately routable IP address, removing the dependency on load balancers altogether.
This new feature opens the door to several use cases — from simplifying secure hybrid connections to enabling private access to third-party SaaS and appliances.
Tag: Microsoft
Azure Storage: GA Support for Entra ID and RBAC in Supplemental APIs
On 26 August 2025, Microsoft announced the general availability (GA) of Entra ID authentication and role-based access control (RBAC) for several supplemental Azure Storage APIs. This update improves security and gives administrators more precise control over sensitive operations such as managing container, queue, and table access permissions.
What has changed
The following APIs now support Entra ID and RBAC:
- GetAccountInfo
- GetContainerACL / SetContainerACL
- GetQueueACL / SetQueueACL
- GetTableACL / SetTableACL
These APIs now support OAuth 2.0 authentication via Entra ID.
A key change is the way error responses are returned:
- Before: using OAuth without the right permissions resulted in 404 (not found).
- Now:
- 403 (forbidden) is returned when OAuth is used but the caller does not have the required permission (for example, Microsoft.Storage/storageAccounts/blobServices/getInfo/action for GetAccountInfo).
- 401 (unauthorised) is returned for anonymous requests.
- 404 (not found) is still possible if the resource itself does not exist.
If your application logic depends on the old 404 behaviour, you should update it to handle both 404 and 403 responses. Microsoft also recommends not relying on error codes to detect unsupported APIs but instead following the Entra ID authorization guidance.
Why this matters
- Improved security – no more reliance on shared keys.
- Granular access – assign only the necessary permissions.
- Consistent responses – OAuth error codes now match industry standards.
- Application impact – developers may need to update their code to support the new response model.
Continue reading “Azure Storage: GA Support for Entra ID and RBAC in Supplemental APIs”
Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)
Accidental deletion or modification of critical resources in Azure is more common than most teams would like to admit. And unlike on-prem environments, where layers of approvals or access barriers might slow someone down, Azure’s agility can sometimes be its own worst enemy — especially when production workloads are one click away from disappearing.
Enter: Azure Resource Locks — your environment’s seatbelt.
What Are Azure Resource Locks?
Azure Resource Locks are a built-in feature that allow you to restrict operations on resources, resource groups, or subscriptions. These locks act as a last line of defense — even if someone has Contributor or Owner permissions, a lock will block unwanted actions like deletion or configuration changes.
Continue reading “Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)”
How to Use Azure Policy for Better Cloud Management
When you work in the cloud, keeping things organised is very important. Azure Policy is a simple tool that helps enforce rules on your resources. In this post, I’ll explain what Azure Policy is and show you a basic example of using it to require a tag on all your resources.
What is Azure Policy?
Azure Policy lets you set rules for your cloud resources. For example, you might want every resource to have a tag called Cost Centre so you know which department it belongs to. If someone tries to create a resource without that tag, the policy can stop it from being created.
This tool is very useful because it helps everyone on your team follow the same guidelines and keeps your cloud resources well organised.
A Simple Example: Requiring a "Cost Centre" Tag
In this example, we’ll create a custom policy that requires every resource to have a Cost Centre tag. If the tag is missing, the resource won’t be allowed.
Overview of the Steps
-
Create the policy rule file.
-
Create the policy parameters file.
-
Create the policy definition in Azure using the Azure CLI.
-
Assign the policy to a scope.
-
Check if your policy is working.
Continue reading “How to Use Azure Policy for Better Cloud Management”
Unlocking Nested Virtualization in Azure: A Step-by-Step Guide
Nested virtualization in Azure is a powerful feature that enables running a Hyper-V hypervisor within an Azure virtual machine (VM). This capability is invaluable for developers, machine learning engineers, and data scientists who require flexible and scalable environments for testing, development, or containerized applications. This post provides a step-by-step guide to setting up nested virtualization, ensuring you can leverage its full potential.
Prerequisites and Supported VM Sizes
Before diving into the setup, ensure you choose an Azure VM that supports nested virtualization. Compatible VM sizes include:
- Dv3, Dsv3
- Dv4, Dsv4
- Ddv4, Ddsv4
- Ev3, Esv3
- Ev4, Esv4
- F2s_v2 to F72s_v2
- FX4 to FX48
- M series
For most use cases, the Dv3 and Ev3 series are excellent choices. Make sure the VM size meets the system requirements for your intended workloads, such as Docker Desktop.
Step 1: Deploying an Azure VM
- Create the VM:
- Log in to the Azure Portal.
- Select a Windows Server image and choose a compatible VM size.
- Configure Networking:
- Set up the required inbound and outbound port rules.
- Deploy:
- Review your configuration and deploy the VM.
Continue reading “Unlocking Nested Virtualization in Azure: A Step-by-Step Guide”
Get Practical 