Catégorie : Divers

Azure Resource Graph Policy Exceptions 


I’m excited to share that you can now harness the power of Azure Resource Graph to effortlessly retrieve all policy exceptions. This is made even more seamless with the introduction of the new field: microsoft.authorization/policyexemptions.

Example: Extract all the policies which expire within 90 days

PolicyResources | where type == 'microsoft.authorization/policyexemptions' | extend expiresOnC = todatetime(properties.expiresOn) | where isnotnull(expiresOnC) | where expiresOnC >= now() and expiresOnC < now(+90d) | project name, expiresOnC

Example: All the policies exceptions per assignment

PolicyResources | where type == 'microsoft.authorization/policyexemptions' | summarize count() by tostring(properties.policyAssignmentId)


Microsoft MVP Azure & Security 2023-2024 !


I am thrilled to share the news that I have been renewed as a Microsoft MVP in two categories: Microsoft Azure and Security for the year 2023-2024. It fills me with immense pride to be a part of this vibrant community and to have the opportunity to continue sharing my knowledge.

I would like to express my heartfelt gratitude to the Microsoft MVP Award team, specifically Betsy and Rochelle, for their unwavering support. I would also like to extend my thanks to all my colleagues, blog readers, and commentators who have been a constant source of inspiration and encouragement. Congratulations to all the new and renewed MVPs!


AKS | Azure Linux


A few months ago, I wrote an article about CBL Mariner (internal code name). During Microsoft Build 2023, Microsoft announced the General Availability of Azure Linux.

The Azure Linux Container Host is designed to be lightweight, including only the necessary packages to efficiently run container workloads. It has undergone rigorous validation tests and internal usage to ensure its robustness and security. Moreover, it seamlessly integrates with Azure agents, ensuring compatibility and smooth operation.

This solution offers a reliable and consistent experience across various environments, from the cloud to the edge, encompassing AKS, AKS for Azure Stack HCI, and Azure Arc. With its versatility, you have the flexibility to deploy Azure Linux node pools in both new and existing clusters, as well as migrate your current nodes to Azure Linux nodes.

The Azure Linux Container Host offers the following key benefits:

  • Secure supply chain: Microsoft builds, signs, and validates the Azure Linux Container Host packages from source, and hosts its packages and sources in Microsoft-owned and secured platforms.
  • Small and lightweight: The Azure Linux Container Host only includes the necessary set of packages needed to run container workloads – as a result, it consumes limited disk and memory resources.
  • Secure by default: The Azure Linux Container Host has an emphasis on security and follows the secure-by-default principles, including using a hardened Linux kernel with Azure cloud optimizations and flags tuned for Azure. It also provides a reduced attack surface and eliminates patching and maintenance of unnecessary packages.
  • Extensively validated: The AKS and Azure Linux teams run a suite of functional and performance regression tests with the Azure Linux Container Host before releasing to customers, which enables earlier issue detection and mitigation.​

Create an AKS cluster with Azure Linux:

az aks create --name testAzureLinuxCluster --resource-group testAzureLinuxResourceGroup --os-sku AzureLinux