Next post about features in Azure and Microsoft 365: Explore Copilot, your AI companion for simplifying, smartening, and enhancing task efficiency. Here’s a quick overview of our Copilots:

🔹 Feature: Copilot Saga

🔹 Function: Copilot is Microsoft’s family of AI assistants designed to provide contextual assistance, automate tasks, and enhance productivity across applications, platforms, and industries.

✅ Copilot for Microsoft 365

Empowers productivity in Word, Excel, PowerPoint, Sharepoint and more. It helps draft, summarize, and analyze content, turning ideas into polished documents effortlessly.

✅ Copilot for Power Platform

Assists in building apps, automating workflows, and analyzing data with natural language prompts, making app development accessible to everyone.

✅ Copilot in Dynamics 365

Enhances CRM and ERP tasks by providing AI-driven insights, predictive recommendations, and automated data entry to streamline business operations.

✅ GitHub Copilot

The ultimate coding assistant that suggests code snippets, completes lines, and helps debug efficiently, all powered by advanced AI models.

✅ Security Copilot

Supports cybersecurity teams by detecting threats, analyzing incident data, and providing actionable recommendations with AI precision.

✅ Copilot in Azure

Optimizes cloud management with AI-driven suggestions, resource optimization, and predictive analytics for better performance and cost efficiency.

✅ Consumer Copilot

Consumer Copilot is a free AI-powered digital assistant available in Edge.

✅ Copilot Studio

Copilot Studio is an advanced development environment designed to enhance productivity through AI-driven code suggestions and seamless integrations. It empowers developers to build, test, and deploy applications efficiently with intelligent assistance.

#mvpbuzz #azurenews

Azure and Office 365: Unlocking Seamless Integration (Next Post in Series)

🔹 Feature: Azure ARC

🔹 What It Does: Bringr your on-premise and other cloud Azure capabilities

🔹Core Azure Arc:

✅Kubernetes – Azure Arc → Lets you connect and manage Kubernetes clusters across on-prem, edge, and other clouds. https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/overview

✅Servers – Azure Arc → Brings non-Azure servers into Azure management (Windows/Linux). https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview

✅SQL Server – Azure Arc → Extends Azure SQL security, monitoring, and policy compliance to on-premises SQL Servers. https://learn.microsoft.com/en-us/sql/sql-server/azure-arc/overview

✅Azure Arc Data Controller → Foundation for Arc-enabled data services, enabling hybrid data control and telemetry. https://learn.microsoft.com/en-us/azure/azure-arc/data/overview

✅Azure SQL Managed Instance – Azure Arc → Fully managed SQL MI deployed outside Azure but still operated/monitored as if native. https://learn.microsoft.com/en-us/azure/azure-arc/data/managed-instance-overview

✅Azure Arc Private Link Scope → Provides private, secure connectivity for Azure Arc resources to Azure services. https://learn.microsoft.com/en-us/azure/azure-arc/servers/private-link-security

🔹Additional Azure Arc capabilities:

✅Azure App Service, Functions, and Logic Apps → Run Azure PaaS services outside Azure. https://learn.microsoft.com/en-us/azure/app-service/overview-arc-integration

✅Azure Machine Learning → Extend ML workloads to Kubernetes clusters across hybrid environments. https://learn.microsoft.com/en-us/azure/machine-learning/how-to-attach-kubernetes-anywhere

✅Policy & Security integrations (Defender for Cloud, Azure Policy, Sentinel) → Apply uniform governance.

✅Azure Monitor / Azure Lighthouse with Arc → Centralized monitoring and management for Arc resources.

#mvpbuzz #azurenews

🚀 Native GIT Version Control in Windows Explorer

🔹 Feature: Native GIT Version Control in Windows Explorer

🔹 What It Does: This integration brings GIT version control details directly into File Explorer. You’ll see essential information such as:

✅ Branch name 🗂️

✅ Last commit author ✍️

✅ Last commit message 📝

✅ Previous version of the file 📄

It’s not a replacement for traditional GIT tools but offers quick, convenient access right within your file system for streamlined workflows. ⚡

More info: https://learn.microsoft.com/en-us/windows/advanced-settings/fe-version-control

#mvpbuzz #azurenews

🚀 Unlock the potential of open-source projects incubated by Mark Russinovich’s Azure CTO team — tools designed not only for cloud platforms but to empower developers everywhere.

🔹 Feature: Event-driven autoscaling, microservices runtime, change-driven processing, secure container patching, and multi-cloud application modeling.

🔹 What It Does: Enables faster, more reliable, and secure development and operations by combining scalability (KEDA), microservice building blocks (Dapr), data-driven automation (Drasi), vulnerability patching (Copa), and cloud-neutral application management (Radius).

✅ KEDA: Kubernetes Event-Driven Autoscaler — extends the native Kubernetes Horizontal Pod Autoscaler (HPA) to support event-based scaling (including scale-to-zero) by observing external event sources (queues, streams, databases, etc.). KEDA+2KEDA+2

🔗 https://keda.sh/

✅ Dapr: A portable, event-driven runtime for building microservices — provides building blocks such as service-to-service invocation, state management, pub/sub, actor model, and observability in a platform-agnostic manner.

🔗 https://dapr.io/

✅ Drasi: A data change processing platform — designed to continuously monitor data sources (logs, change feeds) via Sources, evaluate them with Continuous Queries, and issue Reactions automatically, enabling near real-time, declarative change-driven systems. Drasi is now part of the CNCF Sandbox. Microsoft Azure+3CNCF+3Microsoft Open Source+3

🔗 https://drasi.io/

✅ Copa (Project Copacetic): A container image patching tool — enables direct patching of OS-level vulnerabilities in container images based on vulnerability scanner reports (e.g. from Trivy), without full rebuilds, reducing turnaround time for security updates. It is a CNCF Sandbox project. GitHub+3Microsoft Open Source+3GitHub+3

🔗 https://project-copacetic.github.io/copacetic/

✅ Radius: Cloud-neutral application platform / resource manager — allows developers to model applications (services, dependencies) while platform teams define Recipes to map those models to infrastructure. Radius provides a unified application graph, multi-cloud deployment, and separation of concern between app definitions and platform implementation. Microsoft Tech Community+4Microsoft Azure+4docs.radapp.io+4

🔗 https://radapp.io/

Mark Russinovich’s projects are incredibly useful, designed to speed up the development process, particularly in cloud environments.

#mvpbuzz #azurenews

🚀 New Feature Alert! – The next installment in the series about Azure and Windows 365.

🔹 Feature: Guest accounts for Azure Virtual Desktop and Windows 365 Cloud PC

🔹 What It Does: External identity support allows you to invite users to your Entra ID tenant and provide them Azure Virtual Desktop resources.

✅ This means easier collaboration with external partners while maintaining secure access control. Simplify identity management and enhance productivity across organizational boundaries! 

More info:

https://learn.microsoft.com/en-us/azure/virtual-desktop/authentication#external-identity-preview

https://learn.microsoft.com/en-us/windows-365/enterprise/identity-authentication#external-identity-preview

#mvpbuzz #azurenews

Explore the underutilized features of Azure and Microsoft

🔹 Feature: Winget – No more sysprep – Beyond a Simple Package Manager for Windows  

🔹 What It Does: Winget isn’t just another package manager like yum or apt-get. It’s designed to simplify software management on Windows, but it offers even more than that.

Key Features:

✅ Software Installation: Easily install, upgrade, and manage applications.

✅ Capture Windows Settings: Winget can capture all your Windows settings and save them to a file.

✅ Seamless Restoration: Quickly restore settings on a new machine, making migrations hassle-free.

This functionality ensures that your personalized Windows environment can travel with you to any new device effortlessly.

Try yourself:

📁 winget configure export —all -o my_machine.winget

📁 winget configure. \my_machine.winget

#mvpbuzz #azurenews

Exploring underutilized features of Azure and Office 365!

🔹 Feature: Threads in Microsoft Teams  

🔹 What It Does: Create topics and reply to specific messages, similar to Slack.

Why It’s Game-Changing:  

✅ Enhances organization and clarity in conversations.  

✅ Facilitates focused discussions on specific topics.  

✅ Improves team collaboration by reducing noise.

💡 Pro Tip: Perfect for teams managing multiple projects or needing to keep discussions on track.

More info:

https://adoption.microsoft.com/en-us/microsoft-teams/new-chat-and-channels-experience/threads-in-channels/

https://techcommunity.microsoft.com/blog/microsoftteamsblog/from-threads-to-workflows-microsoft-teams-features-that-boost-everyone’s-product/4430879

#mvpbuzz #azurenews 

Second post in Azure/Office365 underutilized features.

🔹 Feature:  Automate Repetitive Tasks with Workflows App in Microsoft Teams.

🔹 What It Does: Automate tasks in Microsoft’s Teams like:

• ✅ Send the same message daily without manual effort,
• ✅ Schedule meetings directly from received messages
• ✅ Add Planner tasks seamlessly from messages

And much more.

Ideal for contact centers and help desks, it streamlines operations and enhances efficiency. Say goodbye to manual workflows and boost your productivity!

More info: 

https://support.microsoft.com/en-gb/office/browse-and-add-workflows-in-microsoft-teams-4998095c-8b72-4b0e-984c-f2ad39e6ba9a

https://techcommunity.microsoft.com/blog/nonprofittechies/example-workflows-you-can-create-in-microsoft-teams/4403042

Welcome to my first post in the series where we explore powerful yet underutilized features of Azure and Office 365!

🔹 Feature:  Azure Container Storage enabled by Azure Arc

🔹 What It Does: It allows you to create replicated storage accounts on-premises, seamlessly integrating with Azure’s cloud capabilities.

More info: https://learn.microsoft.com/en-us/azure/azure-arc/container-storage/overview

#mvpbuzz #azurenews

Why It’s Game-Changing:

✅ Ensures high availability and data redundancy even without constant cloud connectivity.

✅ Offers consistent storage management across hybrid environments.

✅ Perfect for organizations with strict data residency or compliance requirements.

💡 Pro Tip: Ideal for businesses operating in sectors like healthcare, finance, or government where data locality is crucial.

# Function to generate a new key in the CSP
#Display All: certutil -csp “Microsoft Enhanced RSA and AES Cryptographic Provider” -key
#Display One: certutil -csp “Microsoft Enhanced RSA and AES Cryptographic Provider” -key “_DRMS:Mode2:MS-GUID:{f15ac94b-a1d7-471f-a338-a37f8f56c20e}”
#
function New-RSAKeyInCSP {
param(
[int]$KeySize = 2048,
[string]$ContainerName = “MyNewKey_$(Get-Date -Format ‘yyyyMMddHHmmss’)”,
[bool]$MachineKey = $true,
[string]$CSPName = “Microsoft Enhanced RSA and AES Cryptographic Provider”
)

try {
# Create CSP parameters
$cspParams = New-Object System.Security.Cryptography.CspParameters
$cspParams.ProviderName = $CSPName
$cspParams.ProviderType = 24 # PROV_RSA_AES
$cspParams.KeyContainerName = $ContainerName

if ($MachineKey) {
$cspParams.Flags = [System.Security.Cryptography.CspProviderFlags]::UseMachineKeyStore
}

# Generate the key pair
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider($KeySize, $cspParams)

Write-Host “Key generated successfully!” -ForegroundColor Green
Write-Host “Container Name: $ContainerName” -ForegroundColor Yellow
Write-Host “Key Size: $KeySize bits” -ForegroundColor Yellow
Write-Host “Machine Key: $MachineKey” -ForegroundColor Yellow
Write-Host “Provider: $CSPName” -ForegroundColor Yellow

# Clean up
$rsa.Clear()
$rsa.Dispose()

return $ContainerName

} catch {
Write-Error “Failed to generate key: $($_.Exception.Message)”
return $null
}
}

# Generate the key
$keyContainer = New-RSAKeyInCSP -KeySize 2048 -ContainerName “_DRMS:Mode2:MS-GUID:{xxxxxxxxxx}” -MachineKey $true

More info:

Securing your operating system is no longer optional—it’s a necessity in today’s threat landscape. The operating system (OS) acts as the backbone of your IT environment, connecting hardware and software, and controlling access to critical resources. A single misconfiguration or outdated setting can expose your entire organization to malware, ransomware, and unauthorized access.

Benchmarks – the theory

CIS Benchmarks: These are comprehensive, community-driven best practices for securely configuring a wide range of IT systems, including Windows Server. Each recommendation is accompanied by a rationale and step-by-step implementation guidance.

Microsoft Security Benchmark: Microsoft’s own framework provides detailed controls and baselines.

In real live we usually starting with not theory, but practice and the fastest way is starting from reporting.

Reporting and Compliance

Microsoft Guest Configuration Extension: This Azure tool allows you to audit and enforce configuration policies on your virtual machines, ensuring they remain compliant with your chosen security baseline.

Microsoft Defender: With Defender Vulnerability Management, you can continuously assess your endpoints against CIS and STIG benchmarks, receive real-time compliance reports, and quickly identify drift or misconfigurations.

But in that case we see only reporting, but lets start implementation the best practices.

Implementation

CIS Paid Version: Effective, but limited to GPO-based environments and often requires a license

HardeningKitty: Flexible and scriptable, but requires manual customization and ongoing maintenance to keep up with evolving best practices.

Windows Server 2025 Security Baseline: While designed for Windows Server 2025, the baseline is also applicable to Windows Server 2022 and 2019, and potentially even 2016 (with minimal tuning).

Real-World Results: Why the 2025 Security Baseline Wins

In recent tests, the effectiveness of different hardening approaches was measured by the number of unresolved recommendations after implementation:

• Windows Server 2025 Security Baseline (Preview): Only 5 recommendations left (more info: https://techcommunity.microsoft.com/discussions/windowsserverinsiders/announcing-windows-server-2025-security-baseline-preview/4257686)

• Pure HardeningKitty: 11 recommendations left (more info: https://github.com/scipag/HardeningKitty)

• HardeningKitty + Custom Script: 7 recommendations left

The results are clear: the Windows Server 2025 Security Baseline not only reduces your attack surface more effectively but also streamlines the hardening process, making it the superior choice for modern Windows Server environments.

Would you like to repeat the tests?

HardeningKitty + Custom Script – just execute: 

1. https://github.com/MariuszFerdyn/AzureSecurityCenterOSRemediations/blob/main/CIS/Windows/2022/100-CIS-Azure.ps1
2. https://github.com/MariuszFerdyn/AzureSecurityCenterOSRemediations/blob/main/CIS/Windows/2022/101-STIG-Firewall.ps1
3. https://github.com/MariuszFerdyn/AzureSecurityCenterOSRemediations/blob/main/CIS/Windows/2022/102-MSFTT_SecurityBaseline.ps1
4. https://github.com/MariuszFerdyn/AzureSecurityCenterOSRemediations/blob/main/CIS/Windows/2022/103-VulnerabilitiesInSecurityConfigurationOnYourWindowsMachinesShouldBeRemediated(PoweredByGuestConfiguration).ps1

Windows Server 2025 Security Baseline:

Install-PackageProvider NuGet, PowerShellGet -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module -Name Microsoft.OSConfig -Scope AllUsers -Repository PSGallery -Force
Set-OSConfigDesiredConfiguration -Scenario SecurityBaseline\WS2025\WorkgroupMember -Default
Set-OSConfigDesiredConfiguration -Scenario SecuredCore -Default
Set-OSConfigDesiredConfiguration -Scenario Defender\Antivirus -Default

You can also watch Video on this topic:

Get data

1. Connect to Serial Console in Azure.
2. type cmd.
3. press escape – TAB – you should reach page when you can enter the username and password.
4. try to authenticate and now you have access to the operating system, so you can do the analyses.
5. if it is not possible, return to Serial Console (escape TAB).
6. Type crashdump and press enter. This generate memory dump that can be analised.
7. Restart machine and somehow download c:\windows\memory.dmp

Install Window Debuger . The best is to use Windows 11 for this.

Launch WinDBG and open the downloaded memory.dmp. You do not need to add symbols server – just in the latest version it will be picked automatically.

Execute the follwoing:

1. !analyze -v – in this scenario it tells you nothing just you intentianally invoke the system crash. If System restart automatically it could help in analises (espacially for blue screens).
2. !process 0 0 – show all processes.
3. !process 0 7 – look for any with unusual CPU time or state.
4. !locks – Shows kernel locks and potential deadlocks.
5. !irql – Check interrupt request levels.
6. !ready – Shows threads ready to run (may indicate scheduling issues).
7. !vm – Virtual memory usage.
8. !poolused – Kernel pool usage – look for pool exhaustion.
9. !verifier – Driver verifier status.
10. !devnode 0 1 – Device tree – look for failed devices.
11. lm t n – List loaded modules/drivers with timestamps.
12. !drvobj – Examine specific driver objects if you see suspicious ones.
13. !thread – Examine the current thread context.
14. !qlocks – Queue locks.
15. !wdfkd.wdflogdump – Windows Driver Framework logs (if applicable.
16. !poolused 2 – This shows pool usage sorted by size (largest first) – helps identify the biggest memory consumers.
17. !deadlock – Looks for deadlock detection information.

You can put the results for any AI tool for the analyses.

My last analyses ends with message:

******* 266688 kernel stack PTE allocations have failed ******
******* 365226304 kernel stack growth attempts have failed ******

During migration to Azure sometime we need to have the same addreses (subnet) in Azure and On-Premise, the natural answer it is impossible… but it is not true! You can use Extend your on-premises subnets into Azure using extended network for Azure.

Problem is that the extension to Azure Admin Center is not available now, but you can download it from here or msft.sme.subnet-stretch.2.15.0. Than you must unzip it, put it to the disk and add it as a feed and install extension.

Microsoft Build 2025 opening keynote just finished – here are the links presented by Satya Nadella:

# Install Required Modules

Install-Module PnP.PowerShell -RequiredVersion 1.12.0 -Force
Install-Module PnP.PowerShell

# Register AppID
Register-PnPEntraIDAppForInteractiveLogin -ApplicationName “PnP PowerShell” -SharePointDelegatePermissions “AllSites.FullControl” -Tenant xxx.onmicrosoft.com

# Connect to the SharePoint Online

$adminSiteUrl = “https://xxx-admin.sharepoint.com/”
$siteUrl = “https://xxx.sharepoint.com/sites/Test01”

Connect-PnPOnline $adminSiteUrl -Interactive -ClientId xxx

# Test connection (display all SharePoint Online Sites)
Get-PnPTenantSite

# Get the json template from example site that we want to create template.

Get-PnPSiteScriptFromWeb -Url $siteUrl -IncludeAll > template.json

# Create template

$siteScriptFile = $PSScriptRoot + “.\template.json”
$webTemplate = “64” #64 = Team Site, 68 = Communication Site, 1 = Groupless Team Site
$siteScriptTitle = “Team01 Team Site Script”
$siteDesignTitle = “Team01 Team Site Template”
$siteDesignDescription = “Custom team site template with multi-colored theme, external sharing disabled and some cool stuff via Power Automate.”

$designPackageId = “6142d2a0-63a5-4ba0-aede-d9fefca2c767” # The default site template to use as a base when creating a communication site, more info later.

$siteScript = (Get-Content $siteScriptFile -Raw | Add-PnPSiteScript -Title $siteScriptTitle) | Select -First 1 Id

Add-PnPSiteDesign -Title $siteDesignTitle -SiteScript $siteScript.Id -WebTemplate $webTemplate -Description $siteDesignDescription -DesignPackageId $designPackageId

# Now you can apply template using GUI

# Display information about scripts and designs

Get-PnPSiteDesign
Get-PnPSiteScript

# Delete the template

Remove-PnPSiteDesign -Identity xxx
Remove-PnPSiteScript -Identity xxx

# Export Home.aspx design

Connect-PnPOnline $SiteUrl -Interactive -ClientId xxx
Export-PnPPage -Identity Home.aspx -Configuration -Out home.xml

# Apply Home.aspx design

$destUrl=”https://xxx.sharepoint.com/sites/Team04″
Connect-PnPOnline $destUrl -Interactive -ClientId xxx
Invoke-PnPSiteTemplate -Path .\home.xml

The above can be invoked as Azure Function.

A lot of Tips & Tricks can be found here.

Azure Arc enables you to manage and govern your servers, Kubernetes clusters, and applications across on-premises, multi-cloud, and edge environments. However, sometimes you might encounter unsupported machines. This guide will help you bypass these limitations and install Azure Arc on unsupported operating systems. 

1: Identify the Closest Supported Operating System 
First, identify the closest supported operating system for your machine. For example, if your machine runs an unsupported version of Linux, find the closest supported version, such as Ubuntu 24.04 for ARM. 

2: Execute Commands on the Supported Machine 
On the closest supported machine, execute the following commands to gather information about the operating system: 

cat /etc/os-release 

uname -m 

uname -s 

In my case, the commands return the following: 

• uname -m: aarch64 or x86_64 
• uname -s: Linux 
• The output from `cat /etc/os-release` might look like this: 

PRETTY_NAME=”Ubuntu 24.04.1 LTS”
NAME=”Ubuntu”
VERSION_ID=”24.04″
VERSION=”24.04.1 LTS (Noble Numbat)”
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL=”https://www.ubuntu.com/”
SUPPORT_URL=”https://help.ubuntu.com/”
BUG_REPORT_URL=”https://bugs.launchpad.net/ubuntu/”
PRIVACY_POLICY_URL=”https://www.ubuntu.com/legal/terms-and-policies/privacy-policy”
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

3: Modify the Unsupported Operating System 

On your unsupported operating system, execute the following command to back up the original os-release file: 

cp /etc/os-release /etc/os-release.original 

Then, copy the content from the supported machine’s os-release file to the unsupported machine’s os-release file. 

4: Verify uname Commands 

Ensure that the `uname -m` and `uname -s` commands return the same values as on the supported machine. If they do not, you might need to create a shell script that overrides the original `uname` output. This topic will be covered in a different article. 

5: Execute the Script to Onboard the Machine 

Now, run the script to onboard your machine to Azure Arc. 

6: Revert the Changes 

After completing the onboarding process, revert the changes to the os-release file: 

rm /etc/os-release 

mv /etc/os-release.original /etc/os-release 

This ensures that your machine returns to its original state. 

By following these steps, you can successfully install Azure Arc on unsupported machines. Remember to always verify the outputs of the `uname` commands and revert any changes made to system files once the process is complete. 

Microsoft Windows 2003 Resource Kit can be download from web.archive.org here (version that was in 2020 year).

If you are looking for software that allows you to run any exe as service – check this (srvany-ng).

It was a some time ago, when native SSH server has been announced by Microsoft not third party. I mention it here:

Now it is time to update, you can install ssh server on Windows, even ARM edition from here:

https://github.com/PowerShell/Win32-OpenSSH/releases

Do not remember about open 22 port:

netsh advfirewall firewall add rule name=”Open SSH Port 22″ dir=in action=allow protocol=TCP localport=22 remoteip=any

If you would like to use build-in SSH, just execute:

Add-WindowsCapability -Online -Name OpenSSH.Client

Add-WindowsCapability -Online -Name OpenSSH.Server

To display all Windows Services connected with Azure ARC you can execute:

Get-WmiObject win32_service | Where-Object {$_.PathName -like “*AzureConnectedMachineAgent*”} | Select-Object Name, DisplayName, State, PathName | Format-Table -AutoSize

Introduction 

Deploying application functions to existing resources in Azure can seem daunting, but with the right guidance, you can achieve this efficiently. This guide will walk you through each step, ensuring you can deploy your functions seamlessly. 

To begin with, you need to initialize your Azure Developer CLI (azd). This is crucial for setting up your environment and ensuring that all necessary configurations are in place. 

1. Open your terminal or command prompt where your azd project files are located.
2. Run the following command to initialize azd – azd init
3. Verify and Modify Environment Values

If your application has already been deployed to other resources, it is essential to verify and potentially modify the environment values to ensure compatibility with the existing resources. 

1. Run the command – azd env get-values 
2. Review the values returned by the command and ensure they align with your current environment configuration. 
3. If necessary, modify these values in the .env file to match the required settings. 

Update Tags for Resources

Before deploying your application, it is important to update the tags for the resources where the code will be deployed. These tags help identify and manage the application within your Azure environment. Typically, the tags to update are azd-env-name and azd-service-name.

To update the tags, navigate to your resource group in the Azure portal and modify the necessary tag values to correspond with your deployment settings. 

It is critical to ensure that the azd-env-name tag is updated for your Resource Group in the Azure portal. This tag is essential for correctly identifying the environment in which your application will be deployed.

 Authenticate to Azure

Before deploying the application, it is essential to authenticate to Azure. This ensures that you have the necessary permissions to proceed with the deployment process. 

Run one of the following commands to log in:

azd auth login

or, if you prefer to use a device

azd auth login –use-device-code

Finally, execute the following command to deploy the application without provisioning new resources:

azd deploy <service> 

Replace  with the name of your Azure Function service as defined in your azure.yaml file. This command will deploy only the application code to the specified service that refers by tag azd-service-name. 

Conclusion 

By following these steps, you should be able to deploy your application functions to the existing resources in Azure efficiently. Make sure to verify your environment values thoroughly and adjust them as needed to ensure a smooth deployment process. 

Two steps to install at the end of article.

Lens is a great tool for managing and debugging Kubernetes Cluster and all aspects of deployments – https://k8slens.dev/. In the beginning, it was free, but life is life and nowadays it is paid especially for companies. But as it was free at the beginning and the source code was here, so similar to other projects like https://opentofu.org/ free Terraform, here is an alternative based on the latest version of the famous Lens.

The source is here: https://github.com/freelensapp/

You can also compile yourself steps, but for a faster way just download compiled one: https://github.com/freelensapp/freelens-nightly-builds/releases

After that, you can run it:

C:\Users\mf\AppData\Local\Programs\freelens\Freelens.exe

The main lack is that out of the box, there is no Node-Pod-Menu extension. Bu simply there is another project https://github.com/freelensapp/freelens-node-pod-menu for that. By the way, Piotr Roszczynski Polish is one of the contributors.

Usually, you can compile it yourself, but faster is just launch Freelens.exe press Control-Shift-E, and install the extension by entering @freelensapp/freelens-node-pod-menu and pressing Install.

Now you can enjoy the pod menu:

So two steps to using the Successor of Lens – FreeLens:

1. Download https://github.com/freelensapp/freelens-nightly-builds/releases.
2. Add extension (Control-SHift-E) and put: @freelensapp/freelens-node-pod-menu and press Install.

Conduct your own lab, download: Contoso Travel Policies

Repository: https://github.com/MariuszFerdyn/hands-on-lab-azure-functions-flex-openai

Step by step:

# Clone the repository
git clone https://github.com/MariuszFerdyn/hands-on-lab-azure-functions-flex-openai

# Login to Azure :
az login

# Display your account details
az account show

# Select your Azure subscription
az account set –subscription <subscription-id>

# Go to the project directory
cd <cloned-project-path>

# Authenticate using azd
azd auth login

# Create resources using the IaC defined in the infra directory
azd provision

# .azure/ignite.env

# Deploy Functions to Azure
azd env set AZURE_LOCATION eastus2 -e ignite2024mf –no-prompt
azd env refresh -e ignite2024mf

azd deploy

# Post wav file to ST via function

# Update AudioTranscriptionOrchestration01.cs

azd deploy processor

# Update AudioTranscriptionOrchestration02.cs

azd deploy processor

# Post wav file to ST via function

Tools:

• https://dotnet.microsoft.com/en-us/download/dotnet/
• https://code.visualstudio.com/
• https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli#install-or-update
• winget install microsoft.azd
• https://git-scm.com/downloads
• https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4#installing-the-msi-package
• REST Client – Visual Studio Marketplace

Introduction Copilot for SharePoint – especially Copilot for Documents in SharePoint Library.

Successor of Zero Trust Model descibed https://rzetelnekursy.pl/zero-trust-model-audit-for-free has a new version https://aka.ms/ztworkshop.

It includes:

1. Assesment
2. Workshops
3. Implementation RoadMap

All VM in Backup:

# Import necessary modules
# Import-Module Az
# Connect-AzAccount

# Get all Recovery Services Vaults
$recoveryVaults = Get-AzRecoveryServicesVault

# Initialize an array to hold backup items
$backupItems = @()

# Enumerate all Recovery Services Vaults
foreach ($vault in $recoveryVaults) {
# Set the context to the current vault
Set-AzRecoveryServicesVaultContext -Vault $vault

# Get all backup containers in the current vault
$containers = Get-AzRecoveryServicesBackupContainer -ContainerType AzureVM

# Enumerate all backup containers
foreach ($container in $containers) {
# Get all backup items in the current container for the specified workload type
$items = Get-AzRecoveryServicesBackupItem -Container $container -WorkloadType AzureVM

# Add the backup items to the array, renaming the existing ContainerName property
$backupItems += $items | Select-Object @{Name=”VaultName”;Expression={$vault.Name}}, @{Name=”ResourceGroupName”;Expression={$vault.ResourceGroupName}}, @{Name=”BackupContainerName”;Expression={$container.Name}}, *
}
}

# Display the backup items in Out-GridView
$backupItems | Out-GridView
$backupItems | Export-CSV VMSpecSources.csv

All SQL Databases in Backup (included deleted sources databases):

# Import necessary modules
# Import-Module Az
# Connect-AzAccount
# Login to Azure account

# Get all Recovery Services Vaults
$recoveryVaults = Get-AzRecoveryServicesVault

# Initialize an array to hold backup items
$backupItems = @()

# Enumerate all Recovery Services Vaults
foreach ($vault in $recoveryVaults) {
# Set the context to the current vault
#Set-AzRecoveryServicesVaultContext -Vault $vault

# Get all backup containers in the current vault for MSSQL
$containers = Get-AzRecoveryServicesBackupContainer -ContainerType AzureVMAppContainer -VaultId $vault.ID
#echo “——— containers ——–”
#echo $containers
#echo “—————————–”
# Enumerate all backup containers
foreach ($container in $containers) {
# Get all backup items in the current container for MSSQL
Set-AzRecoveryServicesVaultContext -Vault $vault
#Get-AzRecoveryServicesBackupProtectableItem -ItemType “SQLDataBase”
$items = Get-AzRecoveryServicesBackupItem -Container $container -WorkloadType MSSQL -VaultId $vault.ID
Write-Host “——— items ——–”
Write-Host “vault :” -NoNewline; Write-Host $vault.Name
Write-Host “Container:” -NoNewline; Write-Host $container.Name
Write-Host “Items: :” -NoNewline; Write-Host $items.FriendlyName
Write-Host “—————————–”

# Add the backup items to the array, renaming the existing ContainerName property
$backupItems += $items | Select-Object `
@{Name=”VaultName”; Expression={$vault.Name}}, `
@{Name=”ResourceGroupName”; Expression={$vault.ResourceGroupName}}, `
@{Name=”BackupContainerName”; Expression={$container.Name}},FriendlyName,ServerName,ParentName,ParentType,LastBackupErrorDetail,ProtectedItemDataSourceId,ProtectedItemHealthStatus,ProtectionStatus,PolicyId,ProtectionState,LastBackupStatus,LastBackupTime,ProtectionPolicyName,ExtendedInfo,DateOfPurge,DeleteState,Name,Id,LatestRecoveryPoint,SourceResourceId,WorkloadType,ContainerName,ContainerType,BackupManagementType

}
}

# Display the backup items in Out-GridView
$backupItems | Out-GridView

# Export the backup items to a CSV file
$backupItems | Export-CSV -Path “MSSQLBackupItemsAll.csv” -NoTypeInformation

All SQL Databases in Backup (databases that still exist):

# Import necessary modules
# Import-Module Az
# Connect-AzAccount
# Login to Azure account

# Get all Recovery Services Vaults
$recoveryVaults = Get-AzRecoveryServicesVault

# Initialize an array to hold backup items
$backupItems = @()

# Enumerate all Recovery Services Vaults
foreach ($vault in $recoveryVaults) {
# Set the context to the current vault
#Set-AzRecoveryServicesVaultContext -Vault $vault

# Get all backup containers in the current vault for MSSQL
$containers = Get-AzRecoveryServicesBackupContainer -ContainerType AzureVMAppContainer -VaultId $vault.ID
#echo “——— containers ——–”
#echo $containers
#echo “—————————–”
# Enumerate all backup containers
foreach ($container in $containers) {
# Get all backup items in the current container for MSSQL
$items = Get-AzRecoveryServicesBackupProtectableItem -Container $container -WorkloadType MSSQL -ItemType “SQLDataBase” -VaultId $vault.ID
echo “——— items ——–”
echo “vault :”+$vault.Name
echo “Container:”+$container.Name
echo “Items: :”+$items.FriendlyName
echo “—————————–”

# Add the backup items to the array, renaming the existing ContainerName property
$backupItems += $items | Select-Object @{Name=”VaultName”;Expression={$vault.Name}}, @{Name=”ResourceGroupName”;Expression={$vault.ResourceGroupName}}, @{Name=”BackupContainerName”;Expression={$container.Name}}, `
FriendlyName, ProtectionState, ProtectableItemType, ParentName, ParentUniqueName, ServerName, `
IsAutoProtectable, IsAutoProtected, AutoProtectionPolicy, Subinquireditemcount, Subprotectableitemcount, `
Prebackupvalidation, NodesList, Name, Id, WorkloadType, ContainerName, ContainerType, BackupManagementType
}
}

# Display the backup items in Out-GridView
$backupItems | Out-GridView

# Export the backup items to a CSV file
$backupItems | Export-CSV -Path “MSSQLBackupItemsExisting.csv” -NoTypeInformation

If we query for AppID from Log Analytics,  like:

MicrosoftGraphActivityLogs

| summarize NumberOfRequests=count() by AppId

| order by NumberOfRequests desc

we usually need to combine it with the Application name.

So we need to export all Enterprise Applications and App Registrations to csv from:

• https://portal.azure.com/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null
• https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps

Do not forget about Managed Identities, you can do it by this query:

resources

| where type =~ ‘Microsoft.ManagedIdentity/userAssignedIdentities’

| project name, principalId = properties.principalId, clientId = properties.clientId

Make from all of them file AppIDList.csv like:

We need to upload this file to a storage account so that it is publicly accessible.

And finally, we can make a query that combines AppID with the corresponding name, so we can execute:

let ApplicationInformation = externaldata (ApplicationName: string, AppId: string, Reference: string ) [h”https://xxxx.blob.core.windows.net/xxx-allapplicationslist/xxx.csv”] with (ignoreFirstRecord=true, format=”csv”);

MicrosoftGraphActivityLogs

| summarize NumberOfRequests=count() by AppId

| lookup kind=leftouter ApplicationInformation on $left.AppId == $right.AppId

| order by NumberOfRequests desc

| project AppId, ApplicationName, NumberOfRequests

So finally we got AppID and the Application Name.

Sample Event Driven application – that uses Storage Account as a input than trigger Azure Function, uses Computer Vision and store information in CosmosDB. All with help of Event Grid.

Full source code: https://github.com/MariuszFerdyn/Build-and-deploy-serverless-apps-with-Azure-Functions-and-Azure-AI

Complete solution for using Azure Form Recognizer / Document Intelligence Studio.

Source code used in this Lab:

https://github.com/MariuszFerdyn/AzureAI-Document-Intelligence-Studio—Form-Recognizer