Azure Policy | Deny Action

Hi,

In this new article, I will share with you a new Azure Policy action: « Deny Action ». DenyAction is used to block requests on intended action to resources. The only supported action today is DELETE. This effect will help prevent any accidental deletion of critical resources.

This new Azure Policy action could help you to remove the Lock Type « Delete » in place at the Resource Group level.

Please find below an example:

{
   "if": {
      "allOf": [
         {
            "field": "type",
            "equals": "Microsoft.DocumentDb/accounts"
         },
         {
            "field": "tags.environment",
            "equals": "prod"
         }
      ]
   },
   "then": {
      "effect": "DenyAction",
      "details": {
         "actionNames": [ "delete" ],
         "cascadeBehaviors": { "resourceGroup": "deny" }
      }
   }
}

Maxime.

AKS | Mariner Container Optimized OS on AKS

Hi!

Mariner is an open-source Linux distribution created by Microsoft and is now available for preview as a container host on Azure Kubernetes Service (AKS). Optimized for AKS, the Mariner container host provides reliability and consistency from cloud to edge across the AKS, AKS-HCI, and Arc products. You can deploy Mariner node pools in a new cluster, add Mariner node pools to your existing Ubuntu clusters, or migrate your Ubuntu nodes to Mariner nodes.

Key Capabilities Of CBL-Mariner:

CBL-Mariner provides many of the traditional benefits of using Linux. In addition to that, CBL-Mariner provides hardened security and efficient lifecycle management.

  • CBL-Mariner core

Minimal core system that supports a variety of profiles (Azure VM or on bare-metal x64 or ARM64) and allows the customer to build on top of it as needed.

Lightweight footprint: 450MB uncompressed.

  • Support & Updates

SLA for vulnerabilities.

Patches automatically available for the customer to update when most convenient for them.

dnf infrastructure used for upgrading packages.

  • Security hardened

The kernel and other aspects of the OS are built with an emphasis on security and follow the secure-by-default principle, compliant with Microsoft security standards and industry certifications.

  • Federated Builds

Enables teams to innovate on top by allowing the generation and maintenance of packages on top of the CBL-Mariner builds.

With over 6000 packages already built, teams can customize their image easily.

  • Robust Testing

Through a robust testing matrix of package, image and kernel tests, we allow for earlier issue detections and mitigations prior to the image being published.

  • Virtualization

CBL-Mariner supports a container host image that includes the Kubernetes infrastructure.

  • Efficient lifecycle management

CBL-Mariner supports both RPM package and image-based update mechanisms for releases – with an “evergreen” release alongside specific security-patched stable snaps. New releases are made available annually and each release is supported for 18 months.

If you want to replace your existing AKS Ubuntu Node Pool by Mariner, please follow this link: https://microsoft.github.io/CBL-Mariner/docs/#using-cbl-mariner-with-aks

Maxime.

Microsoft Ignite 2022, Seattle WA

Hi!

I had the pleasure to be speaker at Microsoft Ignite 2022 in Seattle, WA! That was my first in-person conference since the Covid-19. This year the experience of Microsoft Ignite was different from what I have already seen during the previous editions. Lot of sessions were available in real-time online and in-person, I think that was a great idea for the people who can’t travel to Seattle.

During these two days of sessions, I had the pleasure to meet a great number of Microsoft MVP, Microsoft employees and attendees.

To give you an idea of the event, please find below a series of photos:

Maxime.