I was curious about how to set up Azure DevOps to utilize Terraform for deploying Azure resources with workload identity federation instead of relying on a service principal with secrets. In this blog post, I will demonstrate how I set up this configuration. To learn more about workload identity federation read the docs: Workload identity federation - Microsoft Entra | Microsoft Learn Prerequisites Azure DevOps Org “Customer Azure Tenant” with Subscription “Backend Azure Tenant” with Subscription (can be in the same tenant - in our example we use different tenants) Azure Powershell Module Overview - Setup Steps Create a storage account that will store the Terraform state file Create a managed identity which has contributor permissions on this storage account If not already the case, install the Terraform extension for your Azure DevOps Org Create a new Azure DevOps Project Create a service connection to the “backend tenant” using workload identity federation with your previously created managed identity Create a managed identity in the customer tenant where you finally want to deploy Azure Resources using Terraform, with Contributor permission on the Subscription Create a service connection to the customer tenant using workload identity federation with your previously created managed identity Create a repository with basic Terraform files Create an Azure DevOps Pipeline Preview Prepare “Backend Tenant” to store Terraform State File As outlined in this example, I intend to store the Terraform state file in a different Azure Tenant than where the actual Azure Deployment will occur.

MindMap for the Book Steal Like an Artist: 10 Things Nobody Told You About Being Creative Preview

Note: My Microsoft Cybersecurity Architect MindMap covers already a lot of topics mentioned here: SC-100 MindMap Collection This MindMap is based on the MS Learning path: SC-300 Preview

Certificates MindMap: SSL certificates - what? why? How do certificates work? Types of certificates How HTTPS encryption works CERTIFICATION AUTHORITIES (CA) .. Preview Download the mind map as PNG SSL/TLS Certificates - Mindmap:

Note: My Microsoft Cybersecurity Architect MindMap covers already a lot of topics mentioned here: SC-100 MindMap Collection This MindMap is based on the MS Learning path: AZ-500 Preview

I did a little Microsoft Entra Private Access Test setup. My goal was to test access to some private Resources hosted on Azure Virtual Machines with Microsoft Entra Private Access instead of VPN. Overview The test setup is illustrated below: Preview I have one Virtual Machine (VM) with a Windows File Share that I wish to access from my endpoint and I also want to be able to access this VM via RDP.