Azure AD App registration

Recently I had some talks with developers which made me to realize that I didn’t fully understand how App Registrations are working. I was aware that we are registering an app and allowing the app certain permissions but in detail I didn’t understand it.

Why Azure AD App registration?

Basically for every app where you want to use the Microsoft Identity Platform, you need to register your app. So you want to login into a certain webapp with your Microsoft Account? This app needs to be registered in Azure AD. After you logged in into your application, this app maybe also need some data of your Microsoft Account and you maybe need to grant perrmissions.

Studying SC-100

In my recent self-study, I have been working through the Microsoft SC-100 learning path. One of the ways that I have been organizing and consolidating my learning is by creating mind maps of the key concepts and topics covered in the course.

You can find some of those mind maps below:

Design a Zero Trust strategy and architecture

Build an overall security strategy and architecture:

Ein MindMap als Buchzusammenfassung für das Buch Pychologie des Geldes - von Morgan Housel

Links:
Psychologie-des-Geldes-MindMap.svg
Psychologie-des-Geldes-MindMap.png

MindMap for the Book Storyworthy - by Matthew Dicks

link: https://learn.microsoft.com/en-us/azure/backup/backup-azure-sql-automation#stop-protection

I had a case where I did need to migrate a lot of databases from one SQL Server on a Azure VM to another VM. After the successful migration there were a lot of old databases on the “old SQL Server” offline and I got a lot of Azure Backup Alerts. Because I was to lazy to disable the backup for each database by hand, I created the following small script which will do that job.

Yes… its annoying there is no built in role to only allow restarting of Azure Virtual Machines… The Virtual Machine Contributor Role allows to much. With this role you are able to destory and create VMs..

So what I want to do in this case is creating a custom role which only allows to start / stop / restart Virtual Machines. And I want to do that with terraform because I’m doing the whole Azure Resource Deployment with terraform anyway.