It’s quite common to have organizations with many Azure Subscriptions, and it’s hard to manage each Subscription on its own… Azure Management Groups provide a level of scope above Subscriptions so that we can organize our Subscriptions. We can apply Azure Policies or RBAC authorization at the Management Group scope instead of having to do this at each Azure Subscription. This leads to create a hierarchy of Azure Management Groups to respond to the company structure and organization in Azure. There are several best practices on how to create this. I recommend you to ready this article on Microsoft Docs – Management group and subscription organization – Cloud Adoption Framework | Microsoft Docs. It explains how to structure the Management Groups hierarchy using some of the best practices of the Cloud Adoption Framework.
Old Azure Management Groups UI
This was the previous UI in the Azure Portal for Management Groups. Impossible the full tree of Management Groups / Subscriptions. We could only see in the breadcrumb the hierarchy of the current selected Management Group / Subscription.
Introducing the new Management Groups UI
But this blog post is not to talk about the Management Groups features, it’s to talk about a big struggle that Azure Governance professionals have for years. Find an easy way to see a tree view of the Management Groups. Yes, we could see that in other areas of the Azure Portal like Security Center, but I want, and I deserve to see this in the Management Group blade, upppsss, Window! They are called Windows now and not blades!
Our feedback produced amazing results. Look at this amazing new UI Experience in the Azure Portal!
I can now easily check in just one page the hierarchy of my Management Groups and understand why certain policies are affecting some Subscriptions, ….
What do you think? Better this way? Super excited to start to show this to customers and students!
Global Azure Lisbon – 25th April
The Global Azure 2020 – https://globalazure.net/ – was initially scheduled to be an in-person event across several cities in the world. Due to the limitation imposed by COVID-19, organizers had 2 options:
- Cancel the event
- Move to virtual.
I’m one of the organizers of the Lisbon event and the decision was to move to virtual, it never crossed my mind not having the event in Lisbon. Lisbon has been a proud member city since the first Global Azure event (remember it was called Global Windows Azure Global Bootcamp – GWAB).
You can find the Lisbon Virtual Global Azure at https://www.globalazure.pt. We already have more than 350 persons signup! It’s the best number EVER! We can still accommodate more people so, if don’t have a ticket, stop reading this post and get your FREE ticket right now!
I’m also a speaker on the event so if you want to learn all about how to build applications to respond to request and demand at a global scale, how can you lose this session??? My session will be delivered in English so that I can accommodate all my audience. Join me for a full 1 hour of fun session and demos, lots and lots of demos!!!
Global Azure Virtual 2020 UK & Ireland
Has some of you know I have my fair of traveling to the UK and Ireland. So it made all sense to also speak there and I’m very proud to got the possibility to do so. You can watch my session on the first day of the event – 23 April. Go to https://azureglobalbootcamp2020.azurewebsites.net/ and signup for the event! It will be awesome too!!!
When we talk about free SSL certificates the Let’s Encrypt initiative is the market reference. It is an awesome initiative but today I want to talk about something that is super easy to implement under Azure Web Apps.
In Azure Web Apps we have not the option to add a free, yes you read it, FREE!!! SSL/TLS certificate. With this feature you can create a certificate that can be used for SSL Binding for the selected sub-domain. App Service Managed Certificates are free of cost and fully managed by App Service to maintain the safety and security of your site at the highest level. This feature comes with some limitations:
- No support for wildcard certificates
- No support for naked domains
- Cannot be exported
- Does not support DNS A-records
If you have a workload that needs one of those features currently you cannot use this feature. You can Import App Service Certificates or even import your own SSL/TLS certificate.
How to create the free certificate?
1. Navigate to the overview blade of your Web App and select the TLS/SSL settings option.
2. In the TLS/SSL settings blade select the Private Key Certificates (.pfx) option.
3. In the TLS/SSL settings blade, select the + Create App Service Managed Certification option.
4. In the Create App Service Managed Certificates blade, in step 1 select the non-naked domain you want to create the SSL/TLS certificate and then press the Create button.
There you go, you just created a certificate for free for your Web App custom domain. All this for free with a super easy setup. If you like these Azure tips leave your comments or questions on the comment box!