If your application is running on a Kubernetes cluster in Azure (AKS, ACS or ACS Engine), then it is likely that you will need to access other Azure resources from your pods that are secured with Azure AD. These operations could include retrieving secrets from Key Vault, files from Blob storage or just interacting with other applications or API’s that use Azure AD as their identity provider. To be able to do this your application needs to be able to provide an identity to access these resources securely.

If you are working with Azure then ARM templates are a great way to define your resource and deploy them declaratively. However, if you find you need to do anything other than creating Azure resources as part of your deployment, then you are a bit stuck, as ARM templates don’t offer any way to call external resources or run scripts. An example that we will use for this rest of this article is something I needed to do recently.

A little while ago I wrote a series of posts talking about how to send your SmartThings home automation data to Azure to capture and report on, using tools like Event Hub, Cosmos DB and Power BI. This solution works great, and I am still running this today, but there was one downside. To transfer the data we collected from Event Hub to Cosmos we were using Azure Stream Analytics. This process worked fine, but it was overkill for what we were doing.

While you can create an Azure Storage account with an ARM template very quickly, it’s not been possible to create anything inside this storage account, such as blob containers, tables, queues, using the same ARM template. If you wanted to do this, you either needed to look at running scripts after your template completes, or using something like Terraform, which does allow you to create these things. However, a recent update to the ARM schema means you can now create Blob containers in your template.

Azure Active Directory is not Active Directory! If you’ve been working with Azure for a while you likely already know this, but this topic is something I see over and over again with people who are getting started with Azure. Azure Active Directory is not a cloud version of Active Directory, and in fact, it bears minimal resemblance to its on-premises namesake at all. The question I see over and over again with people new to Azure, I even answered this question just this week, is “how do I join my servers to Azure AD?

Azure has offered the ability to get static public IP addresses for many years now, however when you request an IP you will receive one from the general pool of available addresses and it is very unlikely you will receive multiple IPs in the same range. A new preview feature announced at Ignite changes this, called Public IP Address Prefixes. Instead of requesting a single static IP you can request a Prefix, which will give you a contiguous range of IP addresses.

Last weeks Ignite conference came with lots of new Azure announcements if you want to see them all make sure to check out my announcement summary. One of these announcements that seem to go somewhat under the radar was Azure Resource Graph, but I think this could be a handy tool for Azure administrators. Resource graph as a new service which allows you to explore your Azure resources using a command line tool and a new query language.

This week (24th to the 28th September) is Microsoft’s annual Ignite conference, which means lots of announcement about new Azure features. We’re going to dive into a number of these in detail over the next few weeks, but in this article, you can see a summary of the key announcements that relate to Azure. I’ll be updating this over the course of the week to add new announcements and to add links to services as the documentation gets released.

Microsoft announced some changes to their Visual Studio Team Services production today, primary of which was a name change. VSTS now becomes Azure DevOps, which is made up of Azure Repositories, Azure Pipelines, Azure Boards, Azure Test Plans and Azure Artifacts. This update also included a new UI design and URLs. The full announcement can be found here The most exciting part of this for me, however, was the announcement of unlimited, free, Azure Pipelines for building open source projects hosted on Github.

Managed Identity (MI) service has been around for a little while now and is becoming a standard for providing applications running in Azure access to other Azure resources. We’re going to be taking a look at using MI in a few areas in the future, such as Kubernetes pods, so before we do, I thought it was worth a primer on MI. Managed Service Identity has recently been renamed to Managed Identity.