Did you know you can call REST APIs from your Bicep deployment templates using just a function call?
var getResponse = httpClient.listHttpRequest(httpClient.apiVersion, {
method: 'GET'
uri: 'https://mallow.fi/'
})
var postResponse = httpClient.listHttpRequest(httpClient.apiVersion, {
method: 'POST'
You can create a Mermaid Gantt Chart in order to visualize the sequence and duration of Azure deployment operations. The output is similar to the following:
gantt
dateFormat %YYYY-%m-%dT%H:%M:%S.%L%Z
axisFormat %H:%M:%S.%L
title Deployment 'mydeployment'
> : milestone, 2024-12-09T14:00:14.1519943Z, 0ms
x : milestone, 2024-12-09T14:00:23.5689337Z, 0ms
section mydeployment
The Bicep uniqueString as well as the ARM uniqueString function:
Creates a deterministic hash string based on the values provided as parameters
The actual function implementation is not documented, but is (almost certainly) a variant of the Murmur hash algorithm that maps the provided string parameters to a 64 bit hash and returns a 13 character Base32-like encoding of this hash.
The function:
-
Deploys within an Azure Container Instance container group with Azure Service Bus Emulator and Azure SQL Edge.
Configures the emulator using Config.json.
You must accept the Service Bus Emulator EULA and Azure SQL Edge EULA.
Service Bus TCP 5672 is open to the internet without authentication. Parameter exposeMssqlPort defines if the MSSQL default port is open to the internet authenticated with mssqlSaPassword which is by default S3rv1c3Bu$Emul@t0r.
# ok, returns XmlDocument
Invoke-RestMethod 'https://gist.githubusercontent.com/maskati/69324c8232cc93914b65b8b300a60dc5/raw/a082827c9cb6faacd9f89a5c803d91daef3d1b3e/nobom.xml'
# ok, conversion to XmlDocument fails and returns string with initial BOM character (0xFEFF) UTF8 encoded as 0xEF 0xBB 0xBF
Invoke-RestMethod 'https://gist.githubusercontent.com/maskati/69324c8232cc93914b65b8b300a60dc5/raw/a082827c9cb6faacd9f89a5c803d91daef3d1b3e/bom.xml'
# fails because XmlDocument.LoadXml cannot handle initial BOM character
I wanted a way to report on current Entra ID principals in my tenant as well as the permissions granted to such principals across apps, the tenant directory and Azure subscriptions. Microsoft provides the separately licensed Entra Permissions Management which provides comprehensive principal and permissions discovery and reporting. I wanted something simpler.
The PowerShell script entra-id-principals-permissions-report.ps1 enumerates all principals and various permissions available in your current [Azure CLI login context](https://learn.microsoft.com/en-us/cli/azure/a
Up until now you have been able to define a federatedIdentityCredential with the issuer, audiences and subject properties. For example to allow a GitHub Actions workflow running in the context of environment prod in the repository octo-org/octo-repo:
{
"issuer": "https://token.actions.githubusercontent.com"
"audiences": [
"api://AzureADTokenExchange"
]
This example shows setting up a Tailscale exit node running as a container on Azure Container Instances to provide global Internet egress. You can also use a similar setup to configure a Tailscale subnet router which would allow access to Azure private Virtual Networks, private endpoints, private DNS zone resolution as well as Azure service endpoints.
You can use exit nodes on several platforms including Android, iOS, Linux, macOS, tvOS and Windows.
Warning
Using an exit node will tunnel all your traffic through the selected Azure region. This might trigger certain security controls such as Entra ID protection impossible travel.
[!NOTE]
Azure Key Vault keys secure the private key material in a way that is not exportable. Key Vault backups are encrypted and restricted to the same Azure subscription and Azure geography.
You can copy a key from one subscription to another by:
Some limitations: