Cloud & Cabernet

Observations about IT and wine

Advanced Azure Policy Techniques #4: Targeting policies using scopes and tags

Hello again! Today, I want to shine a light on a powerful but often overlooked Azure Policy mechanism: resource tags. While widely available, they’re rarely used to their full potential, especially when it comes to policy scoping. What do Azure resource tags have to do with policies you might ask - the short answer is that since tags can be described as both meta and child resources that are available on every Azure resource and service offering, this makes them a prime candidate for laser-focused policy scoping.

Advanced Azure Policy Techniques #3: Of Policy Endpoints and Subresources

In the third edition to the series, I would like to explain how we can actually determine when a policy can or should be used to achieve our goal.

First, let’s recall how Azure Policy works: By interacting with the Azure Resource Manager (ARM) API. This already shows us the first limitation: We will not be able to use a policy to restrict the behavior of an Azure resource or service if the level that we want to restrict is not accessible via the ARM API. This includes for example:

Advanced Azure Policy Techniques #2: Using requestContext to target specific apiVersions

In the second post of this series, I want to show you an example of using a function inside a policy definition to restrict the scope. Based on personal experience, policy functions are often somewhat neglected but have received significant development over the past few years. As you can see in the official documentation Azure policy supports a wide range of functions, including:

  • copyIndex()
  • dateTimeAdd()
  • dateTimeFromEpoch
  • dateTimeToEpoch
  • deployment()
  • environment()
  • extensionResourceId()
  • listKeys()
  • listSecrets()
  • reference()
  • resourceId()

Many of these functions are also available for ARM templates, such as copyIndex(), listKeys(), and resourceId(), and are very practical for operations targeting complex deployments with multiple, interdependent resources. However, a function that is perhaps less well-known is requestContext().

Diagram as Code

Communication is one of the key skills of any good solution architect. Not only should you be able to create sound, secure and performant software designs but you also need to be able to communicate these to stakeholders.

To visualize these complex solutions, diagrams are a handy tool and there are a lot of different software offerings out there that help with this exact use case - most popular perhaps Microsoft Visio and Enterprise Architect.

Advanced Azure Policy Techniques #1: Extend Arrays Using DINE

This is the first post of a series showing some more advanced Azure Policy techniques that might not be featured so frequently, but can be very useful if the situation requires it.

Have you noticed that if you use a DINE policy to update a property on an existing resource where the property type is an array, it will overwrite the existing array with the one that you configured in the DINE policy? That behavior makes sense if we look at what a DINE policy is supposed to do - update a resource using a deployment template.

Prompt Engineering 101

The past years heralded the advent of the age of AI and though some scepticism is certainly justified, there’s no denying that many of these tools have proven to be incredibly useful. Among the most practical applications are AI-powered chatbots, such as ChatGPT, Bing/Copilot, Gemini, and Grok. These bots excel at processing natural language queries (like “What temperature should I cook my steak at?”), leveraging generative AI models to craft responses, and delivering answers in a variety of formats—text, tables, images, and more.

Email 101

For better or worse, if you work any kind of corporate or office job, emails will take a prominent spot in your daily work schedule. They are arguably still the most important means of communicating, since they are both (nearly) instantaneous but also asynchronous and allow the transfer of structured information.

However, they are also one of the technologies that are rarely trained, since most people assume that writing a mail, be it digital or analog, is obvious. While that may be true in general, there is a significant gap between a well-crafted email and a poorly written barely understandable one. This post aims to give a sort of crash course based on personal experiences and opinions in how to write effective messages.