Month: September 2020

Azure Backup Center

Azure recently made the “Backup Center” a public preview, where you can now quickly validate if your IaaS workloads (VMs) are being backed up via Azure Backup. This provides a single pane of glass to quickly get an overview of your subscription (or subscriptions) and provides you a single and simplified management experience. As of today, Backup Center supports Azure Backup VM backup and Azure Database for PostgreSQL. This list will continue to grow as Backup Center continues to mature and as its adoption rate increases.

The solution should already be available within your Azure tenant as it is available for all Azure regions.

Some of the key benefits of Azure Backup Center:

  • Simplified and a Single pane of glass to manage your Azure Backups
  • Native Integration with Azure Policy
  • Native Integration with Azure Monitor
  • Built in Reporting

To get started, search for Backup Center within the Azure Portal and navigate to the built-in dashboard. You should see something like this, assuming you have already some IaaS (VMs) deployed within your environment.

Next up, building reports with Log Analytics!

Azure MSI & Policy Governance

Last few weeks I have been really pushing customers to use Azure Managed Service Identity (MSI) as much as possible, assuming the MSI capability exists with the Azure service. Note, not all Azure services support MSI’s today, however for the most part all services do support the traditional Service Principal (SP).

If are are unclear what the difference is between an SP and MSI is, I would welcome you to visit the following link HERE.

With that said, how do we ensure as services are deployed and are leveraging MSIs and not SPs? Azure Policy! Simple right? Yes, it really is. Below is a list of policies that exist today, however this list will continue to grow as more Azure services incorporate MSIs. And of course, if you’re willing, you can always create your own custom policy to ensure the Azure service is using an MSI. Note, the policies availability and the Azure services that support MSIs, is not 1:1. There are more services that support MSIs, than the out of the box policies that support MSIs today. If you are not willing to wait for Microsoft to push out new policies, then you should go ahead and create your own.

Once you have selected the policy, enabled/enforced it, you can now track to see if (for example, Azure Function), if a new Function is deployed and it is not using an MSI, it will be flagged, or you can go further and reject the deployment if it is not using an MSI.

Below is a link that provides which Azure services support MSI’s as of today. Note, this list will only continue to grow. https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities