Welcome to DevJev.nl: Your Guide to Azure, Cloud Security, and DevOps Mastery

This is the 6th post in the category Azure DevOps Fundamentals of the blog post series on working with Azure DevOps .

In this post, I will break down Work Items in Azure Boards. Work Items are the foundation of tracking work in Azure DevOps, and understanding them is crucial for effectively managing projects. We will explore:

• The different types of Work Items.
• How Work Items tie into the Work Item Process.
• The hierarchy of Work Items.
• Where and how Work Items can be created.
• Ownership and refinement responsibilities for each Work Item level.
• Additional useful Work Item features.

Let’s dive in!

Introduction

Managing compliance and governance in the cloud can be challenging, especially when it comes to an often overlooked yet critical system: your Azure DevOps organization. Ensuring proper auditing with securely stored logs in a centralized location is vital. Audit streams address this need by enabling you to send audit logs to a Log Analytics Workspace for detailed analysis and monitoring.

In this blog post, we’ll explore how to automate the configuration of Azure DevOps audit streams using PowerShell. We’ll focus on using a fully working script that not only automates the setup process but also ensures drift control. This guarantees that audit logs are consistently sent to your desired Log Analytics Workspace without the need for manual intervention. Let’s dive in!

Understanding the Need for Management Group Automation

Managing Azure subscriptions at scale can become challenging. Management groups provide a powerful way to organize and govern resources, but manually configuring them introduces inefficiencies and risks. A common pitfall is hardcoding management group structures into deployment code, which reduces flexibility and can compromise governance. This post introduces Management Group Vending, a reusable Bicep solution inspired by Microsoft’s Subscription Vending . This solution enables you to deploy any management group hierarchy, considering Azure’s limitations while adhering to Cloud Adoption Framework (CAF) principles.

In my previous Decoding Microsoft Azure post, 🔍 Decoding Microsoft Azure: Understanding Platform, Landing Zones, Workloads, and Utilities ⚙️ , I introduced the house analogy to conceptually explain Microsoft Azure . Part of this analogy covered the Application Landing Zone and the Platform Landing Zone.

In this post, I’ll take a deeper dive into Landing Zones. We’ll explore what they are, how they’re defined by Microsoft, and how I believe we can improve upon the concept. By the end, you’ll have a clearer understanding of Azure Landing Zones and how they fit into a broader cloud adoption strategy.

In this post, I’ll demonstrate how to quickly and easily deploy Microsoft Sentinel to an existing Log Analytics workspace using Bicep. This step-by-step guide simplifies the process, showing that deploying Microsoft Sentinel doesn’t have to be complicated—whether you’re an experienced cloud professional or new to Azure.

What is Microsoft Sentinel?

If you’re new to Microsoft Sentinel, here’s a brief introduction. Feel free to skip this section if you’re already familiar with it.

In today’s cloud-driven landscape, security is a shared responsibility for developers and engineers alike. Azure Bastion’s Developer SKU offers a lightweight way to securely connect to virtual machines—and did I mention it’s free? 🎉 In this post, we’ll walk through setting up Azure Bastion Developer SKU using Bicep Infrastructure as Code, fostering a “security is everyone’s responsibility” mindset as we go.

What is Azure Bastion?

Let’s start with a quick recap for those who are unfamiliar with Azure Bastion.