Iโm honored to be re-selected as ๐ ๐๐ง ๐๐ผ๐บ๐บ๐๐ป๐ถ๐๐ ๐๐ฒ๐ฎ๐ฑ for the ๐๐ต๐ถ๐ฟ๐ฑ ๐๐ฒ๐ฎ๐ฟ ๐ถ๐ป ๐ฎ ๐ฟ๐ผ๐ โ and this one feels extra special: it marks my ๐ญ๐ต๐๐ต ๐๐ฒ๐ฎ๐ฟ ๐ฎ๐ ๐ฎ ๐ ๐ถ๐ฐ๐ฟ๐ผ๐๐ผ๐ณ๐ ๐๐ฒ๐ฟ๐๐ถ๐ณ๐ถ๐ฒ๐ฑ ๐ง๐ฟ๐ฎ๐ถ๐ป๐ฒ๐ฟ.
What began as a small feather in my cap has grown into a cornerstone of my career. From Windows, .NET Developer to Microsoft Azure, the journey has been all about always learning, always teaching, and blending lessons from real customer projects into practical, hands-on guidance for the community.
To everyone whoโs paced with meโmentees, peers, customers, and fellow Cloud Marathoners โ ๐๐ต๐ฎ๐ป๐ธ ๐๐ผ๐ for the miles weโve logged together.
The next chapter is calling (I might have to ask my agent(!) which one it is ๐), but the mission remains the same: ๐ฒ๐บ๐ฝ๐ผ๐๐ฒ๐ฟ ๐๐ต๐ฒ ๐ฐ๐ผ๐บ๐บ๐๐ป๐ถ๐๐ ๐๐ผ ๐ด๐ผ ๐๐ต๐ฒ ๐ฑ๐ถ๐๐๐ฎ๐ป๐ฐ๐ฒ.
Letโs keep training, sharing, and lifting each other โ ๐ผ๐ป๐ฒ ๐บ๐ถ๐น๐ฒ, ๐ผ๐ป๐ฒ ๐๐ธ๐ถ๐น๐น, ๐ผ๐ป๐ฒ ๐๐ถ๐ป ๐ฎ๐ ๐ฎ ๐๐ถ๐บ๐ฒ.
As the moderator, I had the pleasure of guiding an engaging conversation with our featured speaker, Dharmendra Ahujaโa multi-cloud Certified Solution Architect, DevSecOps, and Data Engineer with 18+ years of experience. Dharmendraโs expertise spans cloud-native architectures, CI/CD, containerization, and Infrastructure-as-Code, making him the perfect guide for this journey.
Best Practices for Scalable CI/CD Pipelines
Dharmendra shared actionable insights on designing pipelines that scale with your team and application needs. From modular pipeline stages to leveraging cloud-native tools, the focus was on building resilient, maintainable workflows.
Automated Testing & Build Automation
We explored how Jenkins and CircleCI streamline automated testing and build processes. Dharmendra emphasized the importance of integrating tests early and often, ensuring every code change is validated before deployment.
Deployment Strategies: Blue/Green & Canary
The session highlighted advanced deployment strategies:
Blue/Green Deployments: Minimize downtime and risk by switching traffic between identical environments.
Canary Releases: Gradually roll out changes to a subset of users, enabling real-time feedback and rapid rollback if needed.
DevSecOps Integration
Security isnโt an afterthoughtโitโs baked into the pipeline. Dharmendra discussed proactive DevSecOps practices, from automated vulnerability scanning to policy enforcement, ensuring every release is secure by design.
Real-Time Monitoring with Prometheus & Datadog
Visibility is key! In this session, we learned how integrating Prometheus and Datadog provides real-time monitoring, alerting, and analyticsโempowering teams to detect issues early and optimize performance.
Reducing Time-to-Market by Up to 40%
By adopting these best practices, organizations can dramatically reduce time-to-market, delivering value to customers faster without sacrificing quality or security.
Engaging Q&A
Throughout the session, I asked our presenter questions that sparked lively discussion:
How do you choose the right CI/CD tools for multi-cloud environments?
What are the biggest challenges in integrating security into pipelines?
Can you share a real-world example of a successful blue/green deployment?
Dharmendraโs responses were packed with practical advice and real-world stories, making the session both informative and inspiring.
Ready to Elevate Your DevOps Game and watch the full episode?
Whether youโre just starting your DevOps journey or looking to optimize your existing pipelines, the Cloud Marathoner community is here to support you. Letโs keep running toward cloud excellenceโtogether!
Greetings to all Cloud community and Cloud Marathoner friends!
Did you know that the Cyber Back to School 2025 is started on October first? It is community organized event that you don’t want to miss out.
Cyber Back to School event
Cyber Back to School is an annual community event featuring IT professionals from across the world. This event was started in 2024 by Microsoft MVP and MCT Community Lead, Dwayne Natwick. Microsoft community Leader, Microsoft MCT, blogger, and public speaker, Derek Smith, joined the team as co-organizer in 2025. In 2025, Cloud Marathoner and Microsoft MVP and MCT, Elkhan Yusubov began assisting with social media and promotion of the event. Community members submit sessions, either videos or blog articles, to provide viewers with actionable knowledge. The event takes place every October, from 01 October to 31 October.
This year I submitted two sessions and look forward to sharing the first one on this blog below.
What is covered in my session?
Strong governance is the foundation of a secure, scalable, and cost-effective cloud environment. In this hands-on session, weโll explore together how to use Bicep โ Azureโs new infrastructure as code language โalongside GitHub Copilot to streamline and strengthen your Azure governance strategy.
You will learn the following in this session:
โ Azure Governance: policies, role-based access control (RBAC), resource locks, and naming conventions
โ Resource Governance rules with Bicep code
โ GitHub Copilot to the rescue of reduce errors and follow best practices in IaC
โ Real-world examples
โ Automating governance at scale
โ Tips for integrating governance into your CI/CD workflows
This session is designed for early-career cloud engineers and architects looking to build confidence in managing Azure environments with automation and AI-assisted development.
Azure Governance
As a cloud engineer or working professional stepping into the world of Microsoft Azure, one of the most important concepts to grasp early is Azure Governance. Think of it as the set of rules and practices that help organizations manage their cloud resources effectively, securely, and in a cost-efficient way. Letโs break down some of the key components of Azure Governance:
๐ก๏ธAzure Policies โ Enforcing Rules
Azure Policies are like the rulebook for your cloud environment. They help ensure that resources are created and managed in a way that aligns with your organizationโs standards. For example: You can create a policy that only allows resources to be deployed in specific regions (e.g., only in West Europe or East US), or that requires all storage accounts to have encryption enabled.
Why it matters? It helps prevent misconfigurations, ensures compliance, and keeps your environment secure and cost-effective.
๐ฅ Role-Based Access Control (RBAC) โ Managing Who Can Do What
RBAC is Azureโs way of controlling who has access to what resources and what actions they can perform. For example: You can give a developer access to manage virtual machines in a resource group but not allow them to delete the resource group itself.
Why it matters? It follows the principle of least privilege, ensuring users only have the permissions they needโnothing more, nothing less.
๐ Resource Locks โ Preventing Accidental Deletion or Changes
Resource Locks are like putting a โDo Not Touchโ sign on critical resources. We have following types of locks:
ReadOnly โ Users can read the resource but canโt make changes.
CanNotDelete โ Users can modify the resource but canโt delete it.
As a use case example: You can lock a production database to prevent accidental deletion during maintenance.
Why it matters? It adds an extra layer of protection for important resources and prevents accidental changes in your important resources.
๐ท๏ธ Naming Conventions โ Keeping Things Organized
Naming conventions are standardized ways of naming your resources so theyโre easy to identify and manage. For example: A virtual machine name like vm-prod-weu-app01 could tell you the following additional information:
Itโs a VM
Used in production
Located in West Europe
Itโs an app server
Why it matters? It improves clarity, helps with automation, and makes managing large environments much easier.
๐งฉ Bringing It All Together
Imagine youโre building a cloud environment for a company. With Azure Governance you can achieve the following mission:
Define rules (Policies)
Control access (RBAC)
Protect critical resources (Locks)
Stay organized (Naming Conventions)
Together, these tools ensure your cloud environment is secure, compliant, and manageableโeven as it grows. Mastering Azure Governance early will set you up for success as you build scalable, secure, and well-managed cloud solutions.
Resource governance with Bicep Code
Resource governance with Azure Bicep empowers organizations to manage cloud resources consistently and securely through declarative infrastructure-as-code. By defining policies, role assignments, and resource configurations in Bicep templates, teams can enforce compliance, reduce configuration drift, and automate deployments across environments. This approach enhances visibility and control, ensuring that resources adhere to organizational standards from the moment they’re provisioned.
Additionally, Bicep simplifies governance by integrating seamlessly with Azure Policy and management groups, enabling scalable enforcement of rules across subscriptions. Its modular structure promotes reuse and collaboration, allowing teams to build standardized templates for tagging, cost management, and security controls. Ultimately, Bicep streamlines governance workflows, reduces manual overhead, and fosters a culture of accountability and best practices in cloud operations.
GitHub Copilot to the rescue
When working with Azure governance at scale, writing Bicep templates for policies, RBAC assignments, and resource locks can quickly become repetitive and time-consuming. This is where GitHub Copilot shines. By leveraging AI-powered code suggestions, Copilot can help you generate Bicep snippets for common governance tasks, such as defining policy assignments or creating role definitions, with minimal effort. Instead of starting from scratch, you can use Copilot to accelerate development and reduce human error.
Copilot doesnโt just autocomplete codeโit understands context. For example, if youโre writing a Bicep module for resource naming conventions or enforcing tags, Copilot can infer patterns from your existing code and suggest consistent, reusable structures. This capability is especially useful when implementing governance across multiple environments, where consistency is critical. By integrating Copilot into your workflow, you can focus on higher-level governance strategy while letting AI handle the boilerplate.
For example, start a new governance.bicep file and type a guiding comment (e.g., // Enforce required tag 'costCenter' with a fixed value at the RG scope). Copilot will suggest a snippet similar to the one below; accept with Tab and adjust as needed (swap scopes, parameterize values, or plug in your builtโin/custom policy definition ID). This is usually faster and less error-prone than writing from scratchโand easy to refactor into a reusable module later.
@description('Assign a policy to require a costCenter tag at the resource group scope')
param tagName string = 'costCenter'
param tagValue string = 'FIN-001'
// Replace with the built-in or custom policy definition ID that requires a tag and its value.
@description('Policy definition ID for "Require a tag and its value"')
param policyDefinitionId string = '/providers/Microsoft.Authorization/policyDefinitions/<RequireTagAndItsValue_ID>'
resource tagPolicyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
name: 'enforce-costcenter-tag'
scope: resourceGroup()
properties: {
displayName: 'Enforce cost center tag'
policyDefinitionId: policyDefinitionId
enforcementMode: 'Default'
parameters: {
tagName: { value: tagName }
tagValue: { value: tagValue }
}
}
}
Why It Matters? Governance is not optionalโitโs the backbone of a secure and compliant cloud environment. Poorly implemented governance can lead to security gaps, compliance violations, and operational inefficiencies. GitHub Copilot helps bridge the gap between governance intent and execution by reducing complexity and speeding up template development. In short, it empowers teams to implement governance as code effectively, ensuring that policies, RBAC, and resource controls are applied consistently across your Azure estate.
Automating governance
Manual governance processes often lead to inconsistencies, delays, and human errorโespecially in large-scale Azure environments. Automating governance ensures that policies, RBAC assignments, resource locks, and naming conventions are applied uniformly across all subscriptions and resource groups. By leveraging Infrastructure as Code (IaC) with Bicep, you can codify governance rules and deploy them through automated pipelines, eliminating the need for repetitive manual configurations.
Automation also enables continuous compliance. Instead of relying on periodic audits or manual checks, you can integrate governance enforcement into your CI/CD workflows. For example, every time a new resource group or workload is deployed, your pipeline can validate naming conventions, apply required tags, and assign policies automatically. This proactive approach reduces risk and ensures that governance is not an afterthought but an integral part of your deployment lifecycle.
Why It Matters? In todayโs cloud-first world, speed and compliance must coexist. Without automation, governance becomes a bottleneck, slowing down innovation and increasing the likelihood of misconfigurations. Automating governance ensures that security, compliance, and operational standards are consistently enforced at scaleโwithout sacrificing agility. It transforms governance from a reactive process into a proactive, embedded practice, giving organizations confidence that every deployment aligns with their standards from day one.
integrating governance into your CI/CD
Embedding governance into your CI/CD pipelines ensures that compliance and security are not left to chance. Instead of applying policies and RBAC assignments after deployment, you can make them part of the deployment process itself. By integrating Bicep templates into your pipeline, every resource provisioned through CI/CD automatically adheres to your governance standardsโwhether itโs naming conventions, resource locks, or mandatory tags.
This integration typically involves adding governance steps to your pipeline stages. For example, in GitHub Actions or Azure DevOps, you can include tasks that deploy governance templates before or alongside application resources. You can also implement validation checks using tools like az bicep build or arm-ttk to ensure templates meet compliance requirements before they are merged. This approach creates a โshift-leftโ model for governance, catching issues early and reducing costly remediation later.
Why It Matters? Governance embedded in CI/CD transforms compliance from a manual, reactive process into an automated, proactive safeguard. It ensures that every deployment aligns with organizational standards without slowing down delivery. By integrating governance into pipelines, you reduce risk, improve consistency, and enable teams to innovate confidently, knowing that security and compliance are enforced by design, not by afterthought.
Demo and references
To help you get hands-on with governance-as-code, here’s a curated set of Microsoft Learn references covering key areas:
Role Assignments via Bicep This guide shows how to create an RBAC role assignment (e.g., Virtual Machine Contributor) by defining the necessary principal and scope in Bicep.
Resource Locks with Bicep The Microsoft Learn page documents how to apply locks such as CanNotDelete or ReadOnly using the Bicep type Microsoft.Authorization/locks@2020โ05โ01.
Naming Conventions and Patterns Microsoft advises using Bicep functions like uniqueString() and guid() under the “Name generation pattern” to ensure consistent, deterministic naming.
Azure governance is the foundation for building secure, compliant, and well-managed cloud environments. By leveraging Bicep for Infrastructure as Code and integrating GitHub Copilot into your workflow, you can simplify governance implementation, reduce manual effort, and ensure consistency across deployments. When combined with automation and CI/CD integration, governance becomes proactive rather than reactiveโenabling organizations to innovate confidently while maintaining control and compliance at scale.
Ready to Take Action? Start implementing governance as code today! Explore Bicep to codify your Azure policies, RBAC, and resource controls, and let GitHub Copilot accelerate your development with intelligent code suggestions. Integrate these practices into your CI/CD pipelines to make governance seamless and automated.
The sooner you embed governance into your workflows, the faster youโll achieve secure, compliant, and scalable cloud environments. Try it now and transform governance from a challenge into a competitive advantage!
Last week, we had a very interesting session focused on cybersecurity.
Our guest speaker Brian Contos, shared his expertise on the following critical cybersecurity topics:
โ Real-life stories from the trenches, drawn from years of cloud-based incident response. โ Exploration of various hacks to illustrate how breaches occur, what happens following a breach, and why organizations struggle to detect and respond. โ Mitigation strategies to proactively prepare for a breach, discover malicious activity, and respond effectively.
Malicious actors are counting on your passivity, your blind spots, and your inability to detect and respond to attacks in the cloud. Break their hearts!
Are you ready to learn more about hacking ๐ โ the cloud and how to prevent it โ๏ธ ๐ค Tune in to hear and learn from real-world stories.
Real-World Examples
Crypto mining on hacked security cameras in a casino.
$15 million wire fraud via compromised Office 365 and fake domains.
MongoDB ransomware where attackers lied about stealing data.
Robot hack demo showing how easy it is to control industrial devices with no authentication.
When and Where
๐ Date: May 7th, 2025 ๐ Time: 5 PM UTC ๐ Recorded session URL
Don’t miss out on this amazing hacking session. Let’s make the cloud a safer place together!
Last week, we had a great discussion with our guest speaker – Microsoft MVP, Hรฅkan Silfvernagel. Our topic was Azure Ai services using the Semantic Kernel with simple, yet insightful demos.
Don’t miss an opportunity to learn about ๐ #AzureAI services using Semantic Kernel today at the Cloud Lunch and Learn session ๐คฉ
What WILL YOU learn?
By checking this session, you will learn how to build your own CoPilot experience using the Semantic Kernel released as an open-source project. Our speaker has demonstrated how you can use skills, memories, connectors, and plugins in order to enhance the experience for your users.
Hello, hello my dear friends and community members!
This March month is going to be very busy, as I got notified that one of my solo sessions, and one joint session with Kasun – a Microsoft MVP and Docker captain – has been accepted, two weeks ago. And most importantly, I will be folding my sleeves to start preparations for the following sessions:
The Future of AKS Monitoring: Trends and tools you can’t ignore
Tips and tricks to automate resource governance with Azure Bicep
What to expect from a session – Future of AKS Monitoring?
In this session, we dive deep into the evolving landscape of Azure Kubernetes Service (AKS) monitoring โ exploring the latest trends, essential tools, and best practices to future-proof your observability strategy.
What you’ll learn in this session:
โ Current state of AKS monitoring: Azure Monitor, Log Analytics, Prometheus, and more. โ Must-have tools: Grafana, Azure Managed Prometheus, โ Best practices for designing scalable, high-availability monitoring solutions โ Live demo: Setting up Prometheus + Grafana on AKS and integration
What to expect from a Governance with Bicep session?
In this new session, you will learn how to simplify resource governance, ensure compliance, and easily maintain control over your Azure environment.
I have following key topics included in the session: โ Basics of Azure Policy and its core components โ Creating and managing policy definitions and assignments โ Leveraging built-in policies and custom policy creation โ Integrating Azure Bicep for efficient resource deployment and governance โ Real-world examples and use cases
Call to Action
Don’t miss these sessions during the March month, and as always, you are welcome to provide feedback or ask questions.
Hello dear #CloudMarathoner family and community members!
I’m thrilled to share that Sessionize.com has recognized me as one of the top 3% most active speakers for 2024 ๐
This is my second time receiving this honor in the past few years, thanks to 42 international speaking events over the years.
Thank you for support
Huge Thank You to everyone for your incredible support, including our awesome #CloudMarathoner community and Sessionize.com for this recognition๐
I also want to extend my gratitude to T-Rex Solutions, LLC for their unwavering support in my Microsoft MVP and speaker journey. Your encouragement has been invaluable!
My Sessionize.com presentations
If you never checked it before, then please feel free to check my speaker profile ๐ https://lnkd.in/eUcQ2tWS
You should be able to see my bio, past and upcoming events, and the topics I love discussing in my online and in-person sessions.
Let’s keep pushing the boundaries of cloud engineering and learning together ๐
I am trilled and honored to share this great news with all of you. As of the beginning of January, I have been notified and recognized as Microsoft Certified Trainer (#MCT) Community Lead for the #USA region for 2025!
What is MCT Community Lead?
This role represents an incredible opportunity to continue empowering our vibrant training and learning community, fostering collaboration, and supporting MCTs in their mission to deliver impactful training experiences.
As your MCT Community Lead (previously known as, MCT Regional Lead), my focus will remain on sharing knowledge, nurturing connections, and elevating the presence of #Microsoft technologies across regions while helping new #MCT colleagues to excel!
Honored to serve you as MCT Community Lead in 2025
I am excited to continue working alongside my high-caliber trainer friends, driving meaningful initiatives, and building on the strong foundation of innovation and mentorship that makes our #community thrive in helping customers with #Microsoft technologies.
If you are into managed Kubernetes services and Infrastructure as a Code implementation on Microsoft Azure, then keep reading.
Session Announcement
Next week. join our tech-savvy workshop with Kasun Rajapakse, an Azure MVP and Docker Captain. In this festive session for the Festive Tech Calendar event, we will unwrap the wonders of Azure Kubernetes Service (also known as AKS) provisioning using the Bicep language and showcase the latest AKS features.
What will be covered?
In this jolly session, we’ll delve into the secrets of deploying AKS clusters with Bicep, turning your cloud infrastructure into a winter wonderland of efficiency and scalability. Whether you’re an experienced elf or a newbie on Santa’s list, this session is perfect for everyone eager to harness the power of Azure Kubernetes Service.
What you need to do before session?
Get ready to sleigh your cloud game with our festive demonstrations of AKS features. Deck the halls with knowledge and cheer as we bring the magic of AKS and Bicep to life!
Call to Action
Please come prepared to our session with your great questions on gears and skills that elves need to learn about. Your help to get them prepared will be appreciated very deeply.
Join elves for a holly jolly tech adventure session with the details below:
Thank you to everyone ๐จโ๐ฉโ๐งโ๐ฆย who joined the #CloudMarathoner community and always support us in this great learning journey to empower learners โ ๐โโ๏ธ๐โโ๏ธ!
We are continuing sharing awesome Cloud knowledge, skills and experiences in 2024 with a great contribution from all of you ๐ช
Latest stats on members
Our #CloudMarathoner#community has grown into more than 2000+ members! Huge Thanks for #sharing posts and making this happen ๐ย ๐๐
๐ฏ The fact is that in the last month alone, we added 81+ new members to our growing #cloudcommunity. Our reach to the new learners is just accelerating every week and month due to your shadings.
Check out a curated list of blogs, videos, tutorials, code, tools, scripts, and anything useful to help you learnย Microsoft #AzureBicep ๐ช language ๐ https://lnkd.in/e58nEfbd SharingIsCaring โค๏ธ๏ธ
Subscribe to a #CloudMarathoner hashtag on LinkedIn platform ๐๐ Stay tuned for more Cloud, Automation & Security-related posts.
