Forum Widgets
Latest Discussions
Downtime of API Management during deployment
Which actions will cause a downtime of Azure API Management so APIs will not be able to consume (Premium Tier)? E.g. changing network would be obviously. But what about deployments of APIs, Products, Scaling up and down... How can I find out which actions will make the APIs unavailable? Or is there a mechanism which will keep them available in each scenario (Even if "Service is being updated")? Thanks!
Need help with Azure topics
Hello everyone! I have little knowledge on Azure - have completed AZ-900 certification. There's a project which requires knowledge on below topics: 1. Azure App Service 2. Function App 3. Logic App 4. API Management 5. Key Vault 6. App Insight 7. Redis Cache 8. Azure Service Bus 9. Event Hub 10. Event grid I tried looking for tutorials on these topics in Google but could find none apart from that in Microsoft docs - however, I am not able to understand what all sub-topics I need to cover. I need your help in identifying some resources and what sub topics should I exactly look into- I would be getting interviewed on these topics in a month. I am trying my best to learn these topics and do little hands on so that I have basic idea about these services. I am a backend developer in .Net with around 4.5 years of experience. Any help would be highly appreciated. Thanks much in advance #azure #azurePaaSAzure Logic Apps vs Power Automate
Hello Experts, Please guide me in selecting the more suitable option between Azure Logic Apps and Power Automate for developing an Enterprise application that operates on a scheduled basis. This application must interact with multiple on-premises and SaaS systems by making several REST API calls (approximately 8 - 10 calls) and storing the retrieved data (structural and unstructured). Thanks -SriAPI Management Policy - Secure way to detect requests from Application Gateway
Hello. We got API Management which is reachable from internal network, and from external network (internet) via Application Gateway. I want to add an authorization policy in an API which only applies if requests are coming from external network. Microsoft recommends NOT to use Host Header because it can be modified by the user (https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation#context). Is there a secure way to check if requests are coming from external network? Would "Context.Request.OriginalUrl.Host" work for this - or is the value a copy of the Host Header? (https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions#ContextVariables)
Does Azure provide DDoS protection for its PaaS services?
Hi, I am working on a project wherein we will deploy Storage Account, KeyVault, ServiceBus, CosmosDB, and SQL DB in our subscription. All these services will be deployed with public access enabled, and we will only add private endpoints for local VNet traffic. From a security perspective, should I explicitly add DDoS protection to the above-mentioned services, or do they come with built-in DDoS protection? Example: Would a DDoS attack be able to bring down a Storage Account Blob Service (test.blob.core.windows.net)?
How to Restrict Subscription in Azure Application Gateway Private Link Shared with Another tenant
Hello Team, We are currently facing a challenge with implementing cross-subscription private link connections in Azure, specifically subscription restriction and auto-approval features. We have a managed service running inside AKS and are utilizing an application gateway for it. Our goal is to leverage the private link feature available in the application gateway, allowing Azure customers from other tenants to securely connect to it as a private endpoint. However, we require to restrict access to only allowed subscriptions for this resource ID and enable auto-approval for private endpoint connections from those specified subscriptions. We have explored Azure Policy as a solution, but unfortunately, we have not been successful in finding a suitable policy definition that meets our needs. We attempted to utilize the policy definition available at http://prevent-cross-subscription-private-link-azurepolicy.json which aims to prevent cross-subscription private link connections. Despite our efforts, it appears that this policy did not effectively achieve the desired outcome. Currently, anyone can use the resource ID and establish a private endpoint connection, which is not aligned with our security requirements. Therefore, we kindly request your assistance in reviewing our current approach and providing guidance on how we can enforce subscription restrictions and enable auto-approval for private endpoint connections from specific subscriptions only. Any insights, recommendations, or alternative solutions you can offer would be greatly appreciated.Connect to cosmosdb read-only database
I have a cosmosdb and it has a read-only replica in another region . how to connect to it using RBAC authentication ( or using service principal) Can I limit the RU base on this service principal ? Is the RU used on this replica is shared with the primary read-write replica ? I am going to use python script from databricks to do so . thanks
