Enforcing Microsoft Defender for Cloud Across 30+ Subscriptions With Bicep
May 3, 2026

Enforcing Microsoft Defender for Cloud Across 30+ Subscriptions With Bicep

Security posture management is one of those things that starts manually and stays manual for too long. Someone enables Defender for Cloud on a subscription in the portal, picks a few plans, saves. Six months later a new subscription appears, nobody remembers exactly which plans were enabled on the others, and the configuration drifts. An audit comes along and suddenly you’re comparing screenshots.

Digital Sovereignty in the Microsoft Azure Cloud: Why It Matters More Than Ever

Digital Sovereignty in the Microsoft Azure Cloud: Why It Matters More Than Ever

April 5, 2026

With President Trump back in the White House, the topic of digital sovereignty has returned to the center of political and business discussions in Europe. Recent events have shown how dependent we are on non-European hyperscalers like Microsoft and how quickly foreign political decisions can impact …
Installing COTS applications using Azure Gallery VM

Installing COTS applications using Azure Gallery VM

March 3, 2025

When having the need to install COTS applications (Custom Off-The-Shelf) on virtual machines in Azure, you have multiple options to manage that. One of the options is to use the Azure Gallery VM Applications. As the name implies, its part of Azure Compute Gallery, formally known as Azure Shared …
Get all available patches for VMs on Azure

Get all available patches for VMs on Azure

October 20, 2023

Managing patches across many virtual machines (VMs) in an Azure environment is critical for ensuring security and performance. In Azure, we now have a new product: Azure Update Manager. The service can help us keep our machines up-to-date. Implementing a patch schedule is an aspect of maintaining …
Checking left over identities in Azure

Checking left over identities in Azure

September 20, 2023

Recently, I was working on a task where I had to delete a subscription because it was no longer needed. On that subscription, however, there were still some identities having permissions asigned. I wanted to check if those identities were still used in other subscriptions. Turns out there is no easy …
Creating reusable modules with Bicep, Terraform or Pulumi

Creating reusable modules with Bicep, Terraform or Pulumi

March 12, 2023

Over the years, I’ve been working with several infrastructure as code tools. One of the things that I always find essential, no matter the tool, is to write readable and maintainable code. One way to do that is to create a proper structure for what you are building. All of the IaC tools I have used …
Installing multiple VM extensions on an Azure VM using Terraform

Installing multiple VM extensions on an Azure VM using Terraform

February 25, 2023

In a recent project, we used Azure Datafactory in a closed network and needed to access resources on-premises. That means that you cannot use the Autoresolve runtime of Datafactory. We thus used our own VM and installed the Self Hosted Integration Runtime software using a VM extension. So far, so …
Custom Domain on Azure App Service using Terraform and Cloudflare

Custom Domain on Azure App Service using Terraform and Cloudflare

January 9, 2023

The other day, I was building some infrastructure on Azure that contained an Azure App Service. I wanted to use a custom domain so that users can use the application over a nice domain name instead of the *.azurewebsites.net. The infrastructure is built using Terraform; luckily, there is a provider …
Run a script during deployment with DeploymentScripts in Bicep

Run a script during deployment with DeploymentScripts in Bicep

January 4, 2023

On a recent project, I was using Terraform to build some infrastructure. It contained an Azure Web App with a custom domain configured. A custom domain name on a Web App allows you to access it using a friendly URL instead of the <your_name>.azurewebsites.net. In this project, the DNS records …
Passing variables between stages in Azure DevOps pipelines

Passing variables between stages in Azure DevOps pipelines

March 3, 2022

The other day I was working on an Infrastructure as Code project that involved deploying an Azure Container registry. That ACR is typically a resource that you deploy just ones in your production environment and not one per environment. You do that because you want container images to be used as …
Terraform Azure DevOps to Azure example pipeline

Terraform Azure DevOps to Azure example pipeline

February 14, 2022

I finally had the opportunity to work with Terraform on one of my recent projects. I have been building Infrastructure as Code with ARM templates or Bicep for years. Together with two friends, I even wrote a book on that! Terraform was always on my list of tools to work with. I had played around …
Functions in ARM Templates

Functions in ARM Templates

October 16, 2021

To help build templates quicker, make them more expressive and reusable, there are many built-in functions at your disposal. And even if there isn’t a built-in function for your specific scenario, you can always write one on your own. The use of functions introduces pieces of logic into your …
Automatically renew the image used in an Azure DevOps private agent

Automatically renew the image used in an Azure DevOps private agent

July 25, 2021

In a previous post, I wrote about creating your own hosted Build and Release agents in Azure DevOps. That process could be improved by regenerating the VM image, for example, every month. By doing that, you stay up-to-date with both the latest versions of all the tools installed as well as with …
Configure Azure Security Center using Bicep

Configure Azure Security Center using Bicep

June 25, 2021

At a few of my recent clients, I’m working on moving their infrastructure to code using Bicep. Part of that is always the configuration of Azure Security Center. Things to configure are, for example, the services for which you want to enable Azure Defender or the email notifications. This blog …
ARM template: getting deeply nested resource properties

ARM template: getting deeply nested resource properties

March 15, 2021

The other day I was deploying a private endpoint connected to a KeyVault using an ARM Template. By using a Private Endpoint one can assign a private IP address from your own Virtual Network to an Azure PaaS service like KeyVault, SQL, storage accounts, and others. To resolve the private IP using the …
Manual approval in an Azure DevOps YAML-pipeline

Manual approval in an Azure DevOps YAML-pipeline

January 31, 2021

Last week I was creating a YAML-pipeline in Azure DevOps to deploy some ARM Templates. Before deploying those changes to my production environment, I wanted to have a manual approval in place. Here’s how I did that.
Entity Framework Core and Migrations

Entity Framework Core and Migrations

December 17, 2020

Entity Framework could be a logical choice when building a .NET Core API that needs to talk to a database. In this blog, I’ll show you how to get started with EF and Migrations. We will create the models, the DbContext, and the migrations needed to upgrade your database when introducing …
Database per tenant infrastructure

Database per tenant infrastructure

November 25, 2020

In the first post in this series, we’re going to talk about the infrastructure. We need some database server to host each tenant’s database and the shared database that contains information on all the tenants (like which database belongs to whom). We also need infrastructure to host the …
Multi tenant app with database-per-tenant

Multi tenant app with database-per-tenant

November 15, 2020

I recently started building an architecture for a multi-tenant app to support a database per tenant (customer) scenario for one of my customers. Splitting your data in multiple databases like that has a few benefits like easy backup and restore per customer, better security by separation of data, …
Using an Azure Virtual Machine Scale set as Azure DevOps agents

Using an Azure Virtual Machine Scale set as Azure DevOps agents

October 2, 2020

Over the past few weeks, I’ve been implementing a few new networking features in Azure for a client. We did that to make our infrastructure more secure. I’ve been playing around with VNET’s, Private Links, Services Endpoints and Access Restrictions on Azure Web App, SQL databases, …
Disable Azure Security Center recommendations using ARM Templates

Disable Azure Security Center recommendations using ARM Templates

September 8, 2020

Azure Security Center gives you a great overview of the state of your workloads security hygiene and compliance. I recently got tasked with going through the recommendations, take action, and improve our overall security and compliance status. Some of the recommendations presented to me were in the …
My first look at Azure IoT Hub

My first look at Azure IoT Hub

September 3, 2020

I recently decided it was time for me to take a shot at passing another few Microsoft exams. While studying for one of them, I noticed that I didn’t knew too much about Azure IoT Hub. I had never come across it in my daily job. So I gave myself the following goal: have something that acts as …
Generating API clients using NSwag and Azure DevOps

Generating API clients using NSwag and Azure DevOps

August 10, 2020

Whenever you create an API you probably want to be able to create some documentation around that API. Swagger has been around for a long time and allows you to explore and test your API using a nice UI in the browser. It also provides you with an OpenAPI spec in json format describing your service. …
Azure App Configuration and KeyVault

Azure App Configuration and KeyVault

July 26, 2020

Recently I started on a new project and therefor a whole new application. It’s build using .NET Core and like many apps, it needs some configuration that varies between deployments. Azure now has a service called Azure App Configuration that allows you to store and manage your configuration. …
Autoscaling .NET Core Azure Functions on Kubernetes

Autoscaling .NET Core Azure Functions on Kubernetes

June 16, 2020

Everyone who worked with containers on Kubernetes probably agrees that there is a pretty steep learning curve in the beginning. Once you overcome that, you’ll find that it’s an awesome and very capable product and that it will make your life better (when used in the right context …
Securing your Azure SQL DB using Azure Private Link

Securing your Azure SQL DB using Azure Private Link

May 27, 2020

Whenever you create a new SQL Database on the Azure Cloud, one of the first things you probably do is set the ‘Allow Azure services and resources to access this server’-switch to ‘Yes’. This allows your App Service for example to access your database. It’s not very …
Using an ARM template to deploy your SSL certificate stored in KeyVault on an Web App

Using an ARM template to deploy your SSL certificate stored in KeyVault on an Web App

October 20, 2019

Everyone knows it’s completely normal nowadays to have your website loaded over https. Troy Hunt explains why. There are quite some examples out there on how to use Let’s Encrypt certificates on your Azure web app, see this one by Henry Been for example. For most of us that’s a …
Reading secrets from KeyVault in your Azure Cloud Service

Reading secrets from KeyVault in your Azure Cloud Service

October 18, 2019

Azure Cloud Service was one of the earliest Platform as a Service offerings by Microsoft Azure. With Cloud Services you can run web applications or run background applications. Since it is a PaaS offering, you dot not need to worry about the issues that comes with IaaS, patching for example and they …
Reading secrets from KeyVault in your Azure Web App

Reading secrets from KeyVault in your Azure Web App

October 18, 2019

Azure KeyVault is a great Azure offerring that allows you to store for example secrets or certificates. You are currently looking at the first post out of a series of posts on how to grab secrets or certificates from KeyVault in your web applications. This post wil focus on creating the KeyVault, …
My k3s OpenFaaS Raspberry Pi cluster

My k3s OpenFaaS Raspberry Pi cluster

September 10, 2019

A few months ago I build a Raspberry Pi cluster running K3S. I build it because I wanted to have a nice environment the learn more about Kubernetes and OpenFaas. It always feels nice to have something you can actually touch in this all software world I normally live in. After tweeting and giving a …
Creating a simple OpenFaas template

Creating a simple OpenFaas template

May 11, 2019

Whenever you want to create a new function to run on OpenFaas your starting point would be an OpenFaas template. OpenFaas has a template engine build-in which can create new functions in a given programming language. There are the official/default templates and there are templates in the store …
Your first .NET Core Serverless function on OpenFaas

Your first .NET Core Serverless function on OpenFaas

May 8, 2019

In my previous blog I described how to set-up OpenFaas on a Kubernetes cluster with a little help from Rancher. Now it’s time to deploy our first serverless function. In this blog we’ll create and deploy a .NET Core function that reads a bit of config using both an environment variable and …
Octopus Deploy and Entity Framework migrations

Octopus Deploy and Entity Framework migrations

February 3, 2017

A step that is very common in almost every deployment pipeline is the migration of the database. In this blog I’ll show you how to do this using Octopus Deploy and Entity Framework Migrations. I’ll be using a very simple ASP.Net MVC application called SimpleMVCApp. In the same solution, I’ve created …
Continuous delivery bij SnelStart

Continuous delivery bij SnelStart

December 22, 2016

Bij SnelStart ontwikkelen we boekhoudsoftware voor het midden en klein bedrijf. SnelStart doet dat al meer dan 30 jaar door middel van een desktopapplicatie en sinds kort ook met een online variant. Ongeveer drie jaar geleden zijn we bij SnelStart begonnen met de ontwikkeling van ons service …