Welcome to DevJev.nl: Your Guide to Azure, Cloud Security, and DevOps Mastery

Introduction

Managing compliance and governance in the cloud can be challenging, especially when it comes to an often overlooked yet critical system: your Azure DevOps organization. Ensuring proper auditing with securely stored logs in a centralized location is vital. Audit streams address this need by enabling you to send audit logs to a Log Analytics Workspace for detailed analysis and monitoring.

In this blog post, we’ll explore how to automate the configuration of Azure DevOps audit streams using PowerShell. We’ll focus on using a fully working script that not only automates the setup process but also ensures drift control. This guarantees that audit logs are consistently sent to your desired Log Analytics Workspace without the need for manual intervention. Let’s dive in!

Understanding the Need for Management Group Automation

Managing Azure subscriptions at scale can become challenging. Management groups provide a powerful way to organize and govern resources, but manually configuring them introduces inefficiencies and risks. A common pitfall is hardcoding management group structures into deployment code, which reduces flexibility and can compromise governance. This post introduces Management Group Vending, a reusable Bicep solution inspired by Microsoft’s Subscription Vending . This solution enables you to deploy any management group hierarchy, considering Azure’s limitations while adhering to Cloud Adoption Framework (CAF) principles.

In my previous Decoding Microsoft Azure post, 🔍 Decoding Microsoft Azure: Understanding Platform, Landing Zones, Workloads, and Utilities ⚙️ , I introduced the house analogy to conceptually explain Microsoft Azure . Part of this analogy covered the Application Landing Zone and the Platform Landing Zone.

In this post, I’ll take a deeper dive into Landing Zones. We’ll explore what they are, how they’re defined by Microsoft, and how I believe we can improve upon the concept. By the end, you’ll have a clearer understanding of Azure Landing Zones and how they fit into a broader cloud adoption strategy.

In this post, I’ll demonstrate how to quickly and easily deploy Microsoft Sentinel to an existing Log Analytics workspace using Bicep. This step-by-step guide simplifies the process, showing that deploying Microsoft Sentinel doesn’t have to be complicated—whether you’re an experienced cloud professional or new to Azure.

What is Microsoft Sentinel?

If you’re new to Microsoft Sentinel, here’s a brief introduction. Feel free to skip this section if you’re already familiar with it.

In today’s cloud-driven landscape, security is a shared responsibility for developers and engineers alike. Azure Bastion’s Developer SKU offers a lightweight way to securely connect to virtual machines—and did I mention it’s free? 🎉 In this post, we’ll walk through setting up Azure Bastion Developer SKU using Bicep Infrastructure as Code, fostering a “security is everyone’s responsibility” mindset as we go.

What is Azure Bastion?

Let’s start with a quick recap for those who are unfamiliar with Azure Bastion.

With this post I want to share a lazy and a hacky way for finding the Azure DevOps Project Id of any project in your Azure DevOps Organization.

The lazy API query

It can feel a bit daunting to start using Azure DevOps API. But what most folks are not aware of is that data retrieval API’s can be queried using your favorite browser. To get the Project Id we can do this with the projects LIST and GET API’s.