Greetings to all #CloudMarathoner community members!
Last week, we had an exhilarating session with a Microsoft Certified Trainer (MCT), André M.D. Melancia – who shared his invaluable insights on Hacking Azure AI.
meet our Speaker
Our dynamic speaker, André, is a seasoned Developer, DBA, and security consultant with a wealth of hands-on experience. He is dedicated to helping organizations thrive. This demo-driven session was a must-attend for developers, data engineers, data scientists, and security consultants eager to learn about the security aspects of using Generative AI in their daily work.
Highlights from the Session
André captivated us with his demonstrations of exploits and security recommendations for various tools, including ChatGPT. He provided practical advice on avoiding mistakes that could expose your projects or organizations to cyber threats.
Demos on Azure AI Foundry
Our speaker incorporated interesting demos on Azure AI Foundry services, including an explanation of different AI models, Chat playground with examples on how to create filters and block specific types of content.
AI Application Workflow Demos
Another interesting demo is on a typical AI services application that are used in application where an application is using Azure AI services to return responses. This demo screenshot below emphasis a need for protection and/or filtering before returning results back to the requester application – which an end-user or cybercriminal may exploit with your AI system data.
Watch the Recorded Session
If you missed the live session or want to revisit the insights shared, check out the full recording on our Cloud Lunch and Learn YouTube channel. Don’t miss this opportunity to enhance your knowledge and skills in Azure AI security!
Hello, hello my dear friends and community members!
This March month is going to be very busy, as I got notified that one of my solo sessions, and one joint session with Kasun – a Microsoft MVP and Docker captain – has been accepted, two weeks ago. And most importantly, I will be folding my sleeves to start preparations for the following sessions:
The Future of AKS Monitoring: Trends and tools you can’t ignore
Tips and tricks to automate resource governance with Azure Bicep
What to expect from a session – Future of AKS Monitoring?
In this session, we dive deep into the evolving landscape of Azure Kubernetes Service (AKS) monitoring — exploring the latest trends, essential tools, and best practices to future-proof your observability strategy.
What you’ll learn in this session:
✅ Current state of AKS monitoring: Azure Monitor, Log Analytics, Prometheus, and more. ✅ Must-have tools: Grafana, Azure Managed Prometheus, ✅ Best practices for designing scalable, high-availability monitoring solutions ✅ Live demo: Setting up Prometheus + Grafana on AKS and integration
What to expect from a Governance with Bicep session?
In this new session, you will learn how to simplify resource governance, ensure compliance, and easily maintain control over your Azure environment.
I have following key topics included in the session: ✅ Basics of Azure Policy and its core components ✅ Creating and managing policy definitions and assignments ✅ Leveraging built-in policies and custom policy creation ✅ Integrating Azure Bicep for efficient resource deployment and governance ✅ Real-world examples and use cases
Call to Action
Don’t miss these sessions during the March month, and as always, you are welcome to provide feedback or ask questions.
Recently, I have been asked more about Azure VNet and some best practices in building a resilient, secure, and scalable network infrastructure in Microsoft Azure platform.
This is a very huge and important topic and will not be addressed with just one post. However, I will try to address this important topic high level recommendations and guidelines that Microsoft recommends, and I followed in my design sessions with the customers.
Where to get started?
Let’s consider the following comprehensive guide that will help you get started. This is – in no way or shape a completed guidelines and does require improvements over time, based on your custom application, compliance and workload requirements.
1️⃣ Design Your Network Architecture ✅ Virtual Networks (VNets): Create VNets to logically isolate your resources. Use subnets to segment the network for better management and security. ✅ Hub-and-Spoke Topology: Implement a hub-and-spoke model to centralize shared services in the hub VNet and connect multiple spoke VNets for isolation and scalability
2️⃣ Implement Network Security ✅ Network Security Groups (NSGs): Use NSGs to control inbound and outbound traffic to your resources. Define rules based on IP addresses, ports, and protocols. ✅ Azure Firewall: Deploy Azure Firewall for centralized network security. It provides threat intelligence-based filtering and logging ✅ Azure DDoS Protection: Enable DDoS protection to safeguard against distributed denial-of-service attacks.
3️⃣ Optimize Performance and Efficiency ✅ Azure Load Balancer: Use load balancers to distribute traffic across multiple resources, ensuring high availability and reliability. ✅ Azure Application Gateway: Implement Application Gateway for web traffic load balancing, SSL termination, and web application firewall capabilities. ✅ ExpressRoute: Establish private connections between your on-premises networks and Azure for faster and more reliable connectivity
4️⃣ Ensure Scalability ✅ Virtual Network Peering: Use VNet peering to connect VNets within the same region or across regions, allowing seamless resource access without performance bottlenecks. ✅ Azure Virtual WAN: Optimize and automate branch-to-branch connectivity with Azure Virtual WAN.
5️⃣ Monitor and Manage ✅ Azure Monitor: Use Azure Monitor to track the performance and health of your network resources. Set up alerts for critical events. ✅ Network Watcher: Utilize Network Watcher for network diagnostics and visualization. It helps in troubleshooting and monitoring network performance.
Best Practices?
Followings are the high-level “best practices” that will apply to most use cases:
✔️ Least Privilege Principle: Apply the principle of least privilege to all network resources. ✔️ Regular Audits: Conduct regular security audits and vulnerability assessments. ✔️ Automation: Use infrastructure as code (such as Bicep or ARM) to automate deployments and ensure consistency.
Reference architecture
Following is a reference architecture from Microsoft learn documentation that aims to address the Mission-critical baseline architecture on Azure – and is focused on maximizing reliability and operational effectiveness.
So, how you could apply Zero Trust (ZT) principles to a virtual network in Azure 🚀 infrastructure ⁉️ 🤔
Securing your infrastructure with ZT principles
🔒 Securing Your Infrastructure with Zero Trust Principles 🔒 In today’s landscape of sophisticated cyber-attacks and data breaches, ensuring the security of your infrastructure is paramount. Implementing a robust security framework is essential to protect your organization’s assets.
One highly recommended approach is adopting Zero Trust principles. This framework operates under the mantra of “never trust, always verify,” meaning no user or device is automatically trusted, and all requests are verified before access is granted.
What are the benefits of ZT?
The benefits of Zero Trust are very critical in modern security landscape where your customer workloads are running or planned to be migrated to. Thus, let’s identify them with the following three main characteristics: ✅ Enhanced Security: Multiple layers of verification and authentication protect your infrastructure from potential threats. ✅ Complete Visibility: Monitor and track all access requests and transactions in real time to identify potential threats. ✅ Regulatory Compliance: Ensure adherence to industry regulations like GDPR, HIPAA, and PCI-DSS.
What are the challenges in ZT?
There are always challenges with the new change or framework, especially in established organizations. Thus, expect resistance to the changes and work with the stakeholders of the organization and program to overcome these high-level challenges below:
✅ Starting Point: It can be overwhelming to secure everything at once. ✅ Access Management: Adopting a least-privilege access approach requires careful management of identity and access policies. ✅ Up-to-date Security: Ensuring all components, from OS to cloud services, are secure and current.
Are there best practices for implementation?
Yes, of course we will share those points with you. Based on a number of feedbacks from reputable organizations. here is the summarized version of expected challenges in your way. 1️⃣ Create a Clear Roadmap: Define goals and timelines for implementing Zero Trust principles. 2️⃣ Build a Comprehensive Strategy: Regularly assess infrastructure, continuously monitor for threats, and establish rapid incident response processes. 3️⃣ Phased Approach: Break down the implementation process into manageable steps, prioritizing critical areas first. 4️⃣ Leverage Azure Tools: Utilize Azure Active Directory, Azure Sentinel, and Azure Policy to automate security tasks and gain real-time visibility. 5️⃣ Invest in Training: Ensure your team has the necessary skills and knowledge to implement Zero Trust effectively.
Practical application of ZT in Azure VNet
There is a good reference to architectural diagram on Microsoft Learn documentation. You could use the Use the following diagram as a starting point to secure access to the VNet and applications in your Azure environment.
This reference architecture includes two main parts: 🥇 Securing traffic within the Azure environment to the application. 🥈 Using multifactor authentication and conditional access policies for user access to the application.
[Credit 🖐] Apply Zero Trust principles to a spoke virtual network in Azure at Microsoft Learn docs 👉 https://lnkd.in/ei-rWUhc
Call to action
Please, let me know your feedback and challenges with ZT principals, and specifically the security controls you are applying or planning to apply into your networking environment.
Did you know that the Microsoft Learn AI 🚀 Skills Challenge starts on September 24th. You will have a couple of weeks till November 1st to complete this challenge. You will learn the advanced AI technology with the following six curated topics designed to elevate your skills.
Once you register and complete the challenge, you’ll receive a 📛 digital badge via email to add to your Microsoft Learn profile 😍
What are the Challenges?
You have the following 6 challenges to choose from #Microsoft AI Skills Challenges event:
1️⃣ Introduction to Azure AI and Document Intelligence Unlock the potential of your data! With hands-on experience in the foundations of Azure AI, you’ll be at the forefront of innovation by crafting intelligent document processing solutions that set you apart.
2️⃣ Build Intelligent Apps with Microsoft Azure Explore cloud-native intelligent app development using AI and cloud-scale data. Engage in hands-on learning experiences and collaborative activities to get started with Azure Kubernetes Service, Azure Cosmos DB, and Azure OpenAI.
3️⃣ Build and extend copilots with Microsoft Copilot Studio Get started creating conversational AI solutions with Microsoft Copilot Studio and create Copilot Studio actions that extend the knowledge and capabilities of Microsoft Copilot for Microsoft 365.
4️⃣ Microsoft Fabric Accelerate your career as a data analytics professional! Connect, ingest, store, analyze, and report on data with Microsoft Fabric while preparing for Exam DP-600 and your future as a Microsoft Certified Fabric Analytics Engineer.
5️⃣ Accelerate Developer Productivity with GitHub and Azure for Developers Build all the skills you need to start coding in the cloud with GitHub Copilot! GitHub Copilot can help you understand code from others, create documentation, debug problems, and upskill in new technologies.
6️⃣ Secure your data in the age of AI Gain hands-on experience in utilizing Microsoft technologies—including Microsoft Purview, Microsoft Sentinel, and Microsoft Copilot for Security—to effectively manage, protect, and govern sensitive information in AI-driven environments.
Call to Action
Now, you are well informed to take your AI Skills into next level with this challenge. What are you waiting for? Make your registration and get started now 👉 https://lnkd.in/eGt97_cd
Please, subscribe to a #CloudMarathoner LinkedIn #hashtag today👏👀 Stay tuned for more Cloud, Automation & and Security-related posts.
This week, we have a wonderful opportunity to learn from a number of different sessions by attending the Global Azure 2024 event. Yay!
Generally speaking, this event is a huge success as Microsoft community members all over the world are celebrating this occasion by submitting their session for acceptance. This year, I submitted my session with the Microsoft community in the USA, called GIMME CLOUD TALKS.
In this lightning talk, I shared bits and tips on how you could get started in your Cloud Architect journey. Namely, we focused on designing Microsoft Azure Infrastructure Solutions exam objectives which is an important part of the AZ-305 exam.
By the end of the session, you should be well-informed on how to start your cloud learning journey and build toward your desired goal of becoming a Cloud Architect. As a complimentary bonus, I shared community created learning resources that will boost your knowledge, and help you get prepared for an important exam in 2024.
Please, check the recorded session below and let me know your feedback. Thank you!
As a #cloudmarathoner, I am excited 😍 to share with you 👨👩👧👦 an awesome news that I have been selected as MCT Regional Lead for the year 2024 from the USA 🎉
I would like to thank everyone, including my MCT (Microsoft Certified Trainer) colleagues who nominated me for this important role to help our community of MCTs.
MCT Regional Leads are a group of experienced MCTs committed to providing community connection and support to MCTs at the regional level. The Regional Leads promote MCT career opportunities, mentor new trainers, and continue to advocate for programs and resources meeting MCT needs.
I am truly thrilled to meet, collaborate, and contribute with fellow MCT Regional Leads and the MCT community from all around the world 🌍 🌐
📞 Need help from MCT Regional Lead then let’s connect 😉
Check out my LinkedIn post on this matter an feel free to ask questions in comments section.
I was thrilled that my both sessions have been accepted for the Festive Tech Calendar 2023 events. The first session has been already announced and posted with a #cloudmarathoner community member and contributor, Kasun which is referenced below.
Dec 28th session: “Unboxing the Festive Design Patterns with Santa”
Today’s post is dedicated to the second session where we will embark on a cloud journey with Santa. Santa will be helping us to understand something about clouds, but not the fluffy white ones in the sky – we’re talking about those special computer clouds!
Here is the festive description of the session:
So, imagine all the important things that people do with their computers, like making games, apps, and websites. These things need a special place to live so they can work properly. That special place is like a magical cloud where you can keep all those important things safe and make them work really well.
Now, the clever grown-ups who help with these computer things are learning more about how to use this cloud in the best way. They want to make sure everything in the cloud works just right. To do this, they plan carefully and design everything perfectly, like how we plan Santa’s route on Christmas Eve to deliver presents.
In a special meeting, they will talk about something called “design patterns.” These are like tricks and plans to help make sure everything in the computer cloud is super safe, works really well, and can grow if more people use it. It’s a bit like Santa’s workshop, where we have special patterns for making toys.
So, you see, just like Santa prepares for Christmas, these clever people are getting ready to make the computer cloud a better and safer place for everyone. It’s like their own magical holiday season for computers! 🎅🌟🖥️
Festive Tech Calendar 2023 session
So, if you are intrigued with it then please check my recorded session to learn about the Festive Cloud design patterns > https://youtu.be/Yj-lXf1l1ng?t=17
Wish you all Happy Holidays and Happy New Year !!!
I hope everyone has a joyful festive season with family and has more than one reason to celebrate. In the spirit of the season, We (#cloudmarathoner community) rolled our sleeves and produced two sessions for the Fesive Tech Calendar 2023 event.
The first session – “The 12 Bicep 💪 Tips of Christmas: Best Practices for Azure Deployment” is done in collaboration with Kasun Rajapakse – a Microsoft Azure MVP and a #cloudmarathoner community contributor.
In this session, we invite you to take a trip to Azure with ‘The 12 Bicep Tips of Christmas: Best Practices for Azure Deployment.’ We encourage you to open the present of knowledge as we show you the ropes and help you use Azure Bicep to its best potential. By joining us you will spread good cheer for a prosperous and trouble-free Azure experience this holiday season in honor of efficient cloud management.
Recently, I have been asked for a reference on how to implement a microservices architecture from code to production, using an open-source stack with Azure.
In this workshop, you will build a complete application including a website with authentication and 3 microservices, deploy it to Azure using a CI/CD pipeline, monitor and tune the scaling of our services, and use log tracing to debug issues.
And yes, all that is done without needing to use Kubernetes while using the #AzureBicep 💪 for #infrastructureascode (IaC) and deployment!
This workshop approach is one of many ways to get started with Node.js Microservices in Azure. But, I am interested to hear from you.
What is your preferred way to implement microservices in Azure ⁉ 🤔 Please, share your feedback 💬 in the comments or in the following LinkedIn post.
In Summary
I hope you will enjoy this reference architecture and the @GitHub code repo. More importantly, you got a chance to learn something new. Hopefully, you’ll be able to take this knowledge back to your projects and improve your solutions.
