Azure Storage Options - A Guide to Choosing the right storage option
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Provided in this guide is a nonprofit-friendly breakdown of the main Azure Storage types, what they’re good for, and how to choose based on your needs and budget. The 4 Main Types of Azure Storage Azure offers four primary types of storage: Storage Type What It Stores Best For Blob Storage Unstructured data: images, videos, PDFs Media files, documents, backups File Storage Shared files accessible via SMB protocol Team file shares, legacy apps, migrations Table Storage NoSQL key-value data Lightweight data like logs or sensor data Queue Storage Messages for task automation Background tasks, app-to-app communication Let’s break them down in more detail, with nonprofit use cases. 🟣 1. Azure Blob Storage (Binary Large Object) What it is: A flexible place to store unstructured data—like documents, images, and videos. Use case for nonprofits: Uploading program videos or workshop recordings for your community Storing scanned forms, reports, or grant applications Keeping secure backups of sensitive files Cost tip: You can save money using Cool or Archive tiers for files you rarely access. 🔵 2. Azure File Storage What it is: A cloud-based shared file system that acts like a network drive. Use case for nonprofits: Replacing on-premise file servers Collaborating across teams in remote or hybrid environments Making legacy nonprofit software cloud-accessible Bonus: It integrates easily with Windows using standard SMB protocols, so your team won’t need to learn anything new. 🟢 3. Azure Table Storage What it is: A NoSQL storage option for simple key-value pairs. Use case for nonprofits: Storing lightweight data like newsletter sign-ups or app usage logs When you need a low-cost alternative to a full database Note: It’s not for complex queries—this is basic storage, great for lightweight scenarios. 🟡 4. Azure Queue Storage What it is: A messaging system that lets apps send and receive messages asynchronously. Use case for nonprofits: Automating tasks, like sending thank-you emails after an online donation Managing volunteer registration workflows You probably won’t use this directly, but if your IT team or a consultant is building an app for you, it might be part of the backend. How to Choose: A Quick Guide for Nonprofits Need Best Option Store and access documents, images, or videos Blob Storage Share files across staff or locations File Storage Store structured data (like a simple database) Table Storage Automate tasks between services Queue Storage Long-term storage or backups (low cost) Blob Storage (Archive Tier) Replacing an on-site file server File Storage 💡 Cost-Saving Tips for Nonprofits Use your Azure credits: Eligible nonprofits get $3,500 in free Azure credits annually via Microsoft for Nonprofits. Pick the right tier: Blob storage offers Hot, Cool, and Archive tiers based on how often you access data. Turn on auto-delete or lifecycle rules: Save money by setting old files to auto-delete or move to a cheaper tier. Final Thoughts Azure Storage offers powerful tools to help your nonprofit stay secure, organized, and scalable. Choosing the right option ensures your team has access to the files and data they need—without overspending. Whether you’re working with an IT volunteer, a cloud consultant, or just learning it yourself, knowing the basics of Azure Storage puts your organization in a stronger position to grow and serve your community.Deploying Your Web App with CI/CD through Azure Portal
Azure App Service makes deploying web apps straightforward and efficient. Whether you're a nonprofit or an individual developer, here's how to deploy your code using CI/CD through the Azure Portal. CI/CD is a crucial foundation for modern software development processes, combining the practices of continuous integration and continuous delivery/deployment. Step-by-Step Instructions: Log in to Azure Portal: Visit the Azure Portal: https://portal.azure.com Use your credentials to log in. Navigate to Your App Service: Locate and select your App Service resource. Go to Deployment Center: In the left-side menu, click on Deployment>Deployment Center. Choose Your Deployment Source: Select the method that suits your setup: Local Git: Push your code directly to Azure's Git repository. GitHub: Connect your GitHub repository for seamless, continuous deployment. ZIP Deployment: Upload a ZIP file containing your application’s code. Complete Deployment: Follow the on-screen steps for the selected source and deploy your app. Once you are done, select Save. Test Your Deployment: Once the deployment is successful, navigate to your Web App URL to verify the deployment. Connect to Your Web App: Go to the resource in the Azure Portal. Select "Overview" to find the URL of your Web App. Open the URL in your browser to see your deployed application. Conclusion By following these steps, you can efficiently deploy your web app using CI/CD through the Azure Portal. This setup ensures that your application is always up-to-date with the latest code changes. Additional Resources Deployment best practices - Azure App Service | Microsoft Learn Tutorial: PHP app with MySQL and Redis - Azure App Service | Microsoft LearnDeploying a Web App on Azure App Service
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Azure App Service is a powerful platform for building, deploying, and scaling web apps. It supports multiple languages and frameworks, making it a versatile choice for developers. In this guide, we'll walk you through the process of deploying a web app on Azure App Service. Step 1: Prerequisites Before you start, ensure you have the following: An Azure account with an active subscription. If you don't have one, you can create a free account. Your web app code ready for deployment. Visual Studio or any other development environment you prefer. Step 2: Create an App Service Log in to the Azure Portal: Go to portal.azure.com and sign in with your Azure account Create a Resource: Click on "Create a resource" and select "Web App." Creating Your Web App: Subscription: Choose your subscription. Resource Group: Select an existing resource group or create a new one. App Name: Enter a unique name for your app. Publish: Choose "Code" if you're deploying code directly, or "Docker Container" if you're using a container. Runtime Stack: Select the runtime stack that matches your web app (e.g., .NET, Node.js, Python). Region: Choose the region closest to your users. Pricing Plans: When creating your Web App, Azure will also ask you to create or select an App Service Plan, which defines the pricing tier and performance level for your app. Finish the steps and click "Review + create." 4. Completing Deployment: You will see a message letting you know your deployment is complete. Step 3: Deploy Your Web App Deployment Center: Once your deployment is complete, click on "Go to Resources" and navigate to the "Deployment Center" in your App Service. Source Control: Choose your source control method (e.g., GitHub, Bitbucket, Azure Repos). 3. Build Provider: Select the build provider (e.g., GitHub Actions, Azure Pipelines). 4. Configure Settings: Follow the prompts to configure your deployment settings. This includes connecting your repository and setting up continuous integration/continuous deployment (CI/CD) pipelines. Step 4: Monitor and Scale Your App Monitor: Use Azure Monitor to keep track of your app's performance and health. Set up alerts to notify you of any issues. To learn more about Azure Monitor, please visit: Monitor Azure App Service - Azure App Service | Microsoft Learn Scale: Azure App Service allows you to scale your app based on demand. Navigate to the "Scale up" or "Scale out" options to adjust your app's resources. To learn more about scaling, please visit: Scale up features and capacities - Azure App Service | Microsoft Learn Step 5: Manage Your App App Settings: Configure application settings, connection strings, and environment variables in the "Configuration" section. To learn more about configuring your app settings, please visit: Configure an App Service App - Azure App Service | Microsoft Learn SSL Certificates: Secure your app with SSL certificates. Navigate to "TLS/SSL settings" to configure SSL bindings. To learn more about SSL Certificates, please visit: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-bindings Conclusion Deploying a web app on Azure App Service is a streamlined process that integrates well with various development tools and workflows. By following these steps, you can easily deploy, monitor, and scale your web app, ensuring a robust and reliable online presence.Introducing Kairos: A New Era of Case Management for Nonprofits
Why Kairos, Why Now? Nonprofits have long struggled with fragmented systems, manual processes, and limited access to enterprise-grade technology. Kairos changes that. Built on Microsoft Azure and designed specifically for nonprofits, Kairos offers: Streamlined Case Management: From intake to closure, every step is digitized and intuitive Data-Driven Insights: Real-time dashboards and analytics help teams make smarter decisions. Custom Workflows: Tailored to the unique needs of each organization, not the other way around. Collaboration at Scale: Seamless coordination across departments, partners, and service providers. And it’s not just theory. During the recent soft launch, over 70 Urban Leaguers from 30 affiliates joined a live demo led by the Urban League of Broward County's own Daela Holness, showcasing how Kairos is already transforming service delivery. Built by the Community, for the Community This isn’t a top-down tech deployment. It’s a co-creation effort led by voices from across the nonprofit ecosystem. Our team recognized a critical need: nonprofits must own their data. Through deep conversations with nonprofit leaders and frontline staff, we envisioned a system that wouldn’t just manage cases—but empower entire organizations. Kairos was designed to serve every department, every program, and every team—so they can serve their communities faster, smarter, and more collaboratively. With Kairos, nonprofits can track families and services across programs, not in silos. That’s why we call it an impact management system—not just case management. It’s about seeing the full picture, breaking down barriers, and building stronger, more connected communities. What’s Next? This blog is just the beginning. We have published a series of deep dives into the technologies powering Kairos—from Azure services and Power BI dashboards to secure document management. Whether you're a nonprofit leader, a technologist, or a curious changemaker, there’s something here for you. Explore the Series Below is a link to over 20 blogs that will talks about the tech behind Kairos and how it fits into the broader nonprofit tech landscape. If you are just getting started in understanding technology, these will explain resources required for the application especially if you're considering the deployable model. Kairos IMS Blog Resources Take a look at the Kairos website to learn more.The Role of Secure Sockets Layer (SSL) Certificates in Nonprofit Organizations
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. What Is an SSL? Think of an SSL as a security guard for your website. It encrypts the connection between your website and your visitors, ensuring that sensitive data—like donor names, credit card numbers, and contact details—remains private and secure. When you visit a website with an SSL, you'll notice a padlock icon in the browser's address bar and the URL starting with "[URL] of "http://." These small details signal to visitors that your site is secure and trustworthy. For nonprofits, this layer of security isn't just a nice-to-have; it's a must. Nonprofits handle sensitive donor information, from payment details to personal data. Without an SSL, you risk exposing this data to hackers, which can erode trust and harm your reputation. How to Purchase an SSL for Your Nonprofit Acquiring an SSL certificate is easier than you might think. Here’s a step-by-step guide to get you started: Determine Your Needs: Decide what type of SSL certificate works best for your organization. Options include single-domain SSLs (for one website), wildcard SSLs (for a website and its subdomains), and multi-domain SSLs (for multiple sites). Choose a Trusted Provider: Reputable SSL providers like DigiCert, GlobalSign, and Let’s Encrypt offer certificates tailored to various needs. Let’s Encrypt, for instance, provides free SSL certificates that are particularly appealing for budget-conscious nonprofits. Purchase or Obtain Your SSL: If you're opting for a paid SSL, simply purchase it from your chosen provider. For free options like Let’s Encrypt, follow the instructions on their website to generate your certificate. Install the SSL: Most hosting providers make this step straightforward. Platforms like GoDaddy, Bluehost, and SiteGround often include SSL installation as part of their hosting services. If you’re unsure, tech support teams are generally happy to assist. Test Your SSL: Once installed, check that your website is displaying the padlock icon and "[URL] the URL. You can use online tools like SSL Labs’ SSL Test for additional reassurance. SSL Implementation: Easier Than You Think Some nonprofit leaders worry that implementing an SSL might be too technical or costly. The truth? It’s neither. Most hosting providers simplify the process, offering one-click SSL installation or including SSLs as part of their hosting packages. Free options like Let’s Encrypt further reduce barriers, making SSLs accessible to organizations of all sizes. Effortless Security with Let’s Encrypt and Cert Manager For nonprofits seeking budget-friendly and straightforward solutions, Let’s Encrypt stands out as a beacon of accessibility and innovation. As a free, automated, and open certificate authority, Let’s Encrypt empowers organizations to secure their websites without incurring additional costs. With just a few simple steps, nonprofits can acquire SSL certificates that enhance their credibility and shield sensitive donor information. Pairing Let’s Encrypt with Cert Manager, an efficient tool designed to manage TLS certificates in Kubernetes clusters, further simplifies the process. Cert Manager automates the provisioning, renewal, and deployment of SSL certificates, reducing the burden on technical teams and ensuring continuous website security. Together, these tools form a powerful combination, making SSL implementation accessible to nonprofits regardless of their technical expertise. Want to dive deeper into the world of Let’s Encrypt and Cert Manager? Check out their official resources: Let’s Encrypt Documentation Cert Manager- Microsoft Learn Want to know how to add and manage an SSL certificate via Azure App Service? Click Here By leveraging these user-friendly tools, nonprofits can fortify their websites and focus on their mission without being bogged down by technical hurdles. Troubleshooting SSL Certificate Issues Even with the best setup, SSL certificates can occasionally encounter problems. For nonprofits relying on a secure site to build trust, addressing these issues promptly is essential. Here’s a guide to troubleshoot common SSL certificate issues and ensure your website remains protected: Expired Certificates Problem: SSL certificates have a limited validity period, typically ranging from 90 days (for free options like Let’s Encrypt) to a few years. If your certificate expires, browsers will display a warning, potentially deterring visitors. Solution: Log in to your SSL provider’s dashboard and check the expiration date of your certificate. Renew the certificate through your SSL provider or hosting provider. Many providers offer auto-renewal options to avoid future expirations. Reinstall the renewed certificate on your hosting platform and test the site to verify functionality. Mismatched Domain Names Problem: The SSL certificate must match the exact domain name being accessed. For example, if your certificate is issued for "www.example.org" but users visit "example.org" (without the "www"), browsers may flag the site as insecure. Solution: Check the domain name listed on your SSL certificate to ensure it matches your site’s URL. If mismatched, update the SSL certificate to include all domain variations (e.g., "www" and non-"www"). Multi-domain or wildcard SSL certificates can cover these variations. Set up a proper domain redirection (e.g., redirect "example.org" to "www.example.org") to ensure consistency in how your site is accessed. Browser Errors Problem: Visitors might encounter errors like “Your connection is not private” or “SSL certificate error” due to incorrect SSL installation or configuration. Solution: Use online tools like SSL Labs’ SSL Test to diagnose issues with your certificate setup. Ensure the entire certificate chain, including intermediate and root certificates, is installed correctly. Many hosting providers guide you through this process or offer automated installations. Clear your browser’s cache and history, as outdated data can sometimes cause erroneous warnings. Mixed Content Warnings Problem: A secure site might still display warnings if it loads insecure content (e.g., images or scripts served over HTTP instead of HTTPS). Solution: Scan your website for mixed content using tools like WhyNoPadlock or your browser’s developer tools. Update all URLs on your site to use HTTPS. This often involves updating your CMS settings or modifying your theme files. Implement a Content Security Policy (CSP) to ensure all content is served securely. Misconfigured Server Settings Problem: Incorrect server configurations can prevent the SSL certificate from functioning as intended. Solution: Verify your server settings through your hosting provider’s control panel or documentation. Ensure that HTTPS is enforced by enabling a redirect from HTTP to HTTPS on your server. If you’re using a content delivery network (CDN), ensure that the SSL is correctly configured both on your server and the CDN. Revoked Certificates Problem: Certificates can be revoked by the issuing authority due to security breaches or errors in issuance. Solution: Check the certificate’s status using tools like Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP). If your certificate has been revoked, contact your SSL provider to understand the reason and obtain a new certificate if necessary. By proactively addressing these common SSL certificate issues, your nonprofit can maintain a secure and trustworthy online presence, ensuring a seamless experience for your supporters. Take Action Today Securing your nonprofit’s website with an SSL is one of the simplest and most impactful steps you can take to protect your donors and build trust with your supporters. Beyond security, it shows your commitment to transparency and professionalism—values that resonate deeply with your audience. To enhance your online security even further, we encourage you to dive deeper into the world of SSL certificates. Researching additional resources and staying informed about the latest updates can help you implement best practices and avoid common pitfalls. Explore guides and expert recommendations tailored to nonprofits to ensure your website remains secure and trustworthy. Don’t wait to make this critical update. Whether you're a small grassroots organization or a global nonprofit, an SSL certificate can strengthen your digital presence and help you achieve your mission. Ready to get started? Reach out to your hosting provider or explore SSL options today. For further reading, check out these links: Guide to Choosing the Right SSL Certificate Common SSL Issues and How to Fix Them Your supporters—and their data—will thank you.User Privileges and Permissions in Azure: A Guide for Nonprofits
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Understanding Azure User Privileges and Permissions Managing user access and permissions ensures that the right individuals have the correct level of access to resources. Here’s a simplified breakdown: Roles: Azure uses Role-Based Access Control (RBAC) to assign specific roles to users, such as "Reader" (view-only access) or "Contributor" (edit access). Resource Groups: Permissions can be assigned to specific resource groups, allowing you to organize and control access based on projects or departments. Least Privilege Principle: Always provide users with the minimum permissions necessary to complete their tasks, enhancing security. Step-by-Step Guide: Accessing and Managing User Privileges in Azure 1. Sign in to Azure Begin by logging into your Azure Portal. Ensure you have the necessary administrative privileges to manage users. 2. Navigate to Microsoft Entra ID Microsoft Entra ID is the hub where you’ll manage users and permissions. In the left-hand menu, click "Microsoft Entra ID." 3. Add or Modify Users To add a new user: Select "Users" under "Manage." Click "New User" and fill in the user details, such as name and email. Assign an appropriate role (e.g., Reader or Contributor). To modify an existing user: Select the user from the list. Under "Assignments," adjust their roles or permissions as needed. 4. Assign Roles to Resource Groups Resource groups allow you to structure Azure resources. Assigning roles at this level simplifies permission management for specific projects: Click on "Resource Groups" in the Azure portal. Select a resource group and click "Access control (IAM)." Click "Add role assignment," choose the role, and assign it to a user or group. 5. Review and Audit Access Regularly review who has access to what. Use Azure’s built-in audit logs to track changes to user roles and permissions. Final Thoughts Nonprofits operate on trust, efficiency, and impact, and Azure empowers you to maintain these pillars with its extensive tools and security features. By effectively managing user privileges and permissions, you can ensure your team has the access they need without compromising sensitive data. Whether you're assigning roles to volunteers or ensuring your board members have secure access to donor information, Azure makes it possible—even for organizations with limited technical expertise. Start exploring Azure today and unlock the potential for even greater impact in your mission-driven work!Setting Up Azure SQL Database for Nonprofits and Small Businesses
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Azure SQL Database offers nonprofits and small businesses a scalable, cost-effective, and secure solution for managing data. Following up from our previous blog that compared Azure SQL Databases and Azure SQL Servers, this guide dives deeper into setting up Azure SQL Database while ensuring you feel confident every step of the way. Step-by-Step Instructions to Set Up Azure SQL Database Step 1: Log in to the Azure Portal Begin by logging into the Azure Portal. If you don’t already have an account, you can sign up for a free tier offering $200 in credits, making it an excellent starting point for nonprofits and small businesses. Step 2: Create a New SQL Database 1. In the Azure Portal dashboard, locate the search bar at the top. 2. Type "SQL Database" and select the corresponding service. 3. Click "Create" to start the setup process. Step 3: Configure Database Basics "Resource Group": Create a new resource group or use an existing one. Resource groups help organize related resources. "Database Name": Choose a descriptive name for your database. "Server": If you don’t have an existing Azure SQL Server, create one here. Specify the server name, admin login, and password. "Compute Tier": For small businesses and nonprofits, consider starting with the “Basic” or “General Purpose” tier for cost-efficiency. Step 4: Networking Setup Under the "Networking" tab: Choose "Public endpoint" to allow access via the internet but restrict IP ranges for security. Add your local IP to the firewall settings to connect from your device. On Windows: Open the Command Prompt, type ipconfig, and look for "IPv4 Address" under your active network connection. On Mac: Open System Preferences, go to "Network," select your active connection, and find your IP address listed under "Status." Step 5: Review and Create Once all configurations are complete, review your setup in the "Review + Create" tab. Click "Create" to deploy your Azure SQL Database. Deployment typically takes a few minutes. Best Practices for Security Enable Advanced Threat Protection: This feature helps detect and respond to potential threats in real-time. Use Azure SQL Managed Identity: Avoid embedding credentials in your applications by enabling managed identities for secure access. Encrypt Your Data: Ensure both in-transit and at-rest encryption via Transparent Data Encryption (TDE). Restrict Access: Use virtual network rules and IP restrictions to limit who can access your database. Performance Optimization Tips Choose the Right Pricing Tier: As your organization grows, you can scale up or down based on your performance needs. Leverage Auto-Tuning: Enable automatic performance tuning to optimize query execution plans. Indexing: Regularly monitor and create indexes for frequently queried fields. Monitor with Azure Metrics: Use Azure Monitor to track performance and identify bottlenecks. Common Troubleshooting Tips Connection Issues: Ensure your IP is added to the firewall rules. Slow Queries: Use "Query Performance Insights" to identify and optimize slow queries. Backup and Restore: Regularly back up your data using Azure’s automated backup feature, and test restoration processes. Scaling Concerns: Use the "Scale up" feature to adjust your compute power during peak times. Conclusion Setting up Azure SQL Database is a straightforward and empowering process. By following these steps and applying best practices, nonprofits and small businesses can leverage this powerful tool to manage data effectively, securely, and affordably. Whether you’re new to cloud technology or looking to optimize your current setup, Azure SQL Database provides the scalability and cost-efficiency required to thrive in a digital world. For further research and exploration, you can visit the following resources: Azure SQL Database Documentation - Comprehensive guidance and best practices for setup and usage. Azure SQL Database Pricing - Details on cost structures and tiers. Azure SQL Database Security Overview - Resources on enabling secure database operations. Azure SQL Database Performance Tuning - Insights into optimizing database performance. These links provide a deeper understanding and additional tools to maximize the potential of Azure SQL Database for your organization.Unlock the Power of Azure Database for MySQL servers
After deploying your web app, you would want to access and manage your database in Azure. If you are unsure how to deploy a WebApp in Azure, follow this article: Building a Web App and Database in Azure for Nonprofits | Microsoft Community Hub. This guide provides step-by-step instructions for nonprofits to connect to their Azure MySQL Database. Step-by-Step Instructions Log in to Azure Portal: Visit the Azure Portal: https://portal.azure.com/ Use your credentials to log in. Locate Your Database: Navigate to Resource Groups and select the group where your database is hosted. Click on your Azure SQL Database. Select Networking: In the settings, select Networking. In the image above, the MySQL database is situated within a Virtual Network (VNet). This configuration ensures the database is isolated from the internet, allowing communication solely between resources within the VNet. The most efficient method to access the database is via a virtual machine deployed within the same VNet. Additionally, ensure the virtual machine is deployed in the same region as the MySQL database. Step-by-Step Guide to Deploying a VM in Azure Sign in to Azure Portal: Visit the Azure portal and sign in with your Azure account: https://portal.azure.com Create a Virtual Machine: In the search bar, type "Virtual machines" and select it from the services. Click on "Create" and then "Azure virtual machine". Configure Instance Details: Enter a name for your VM (e.g., myVM). Choose the image (Ubuntu Server 24.04) Select the size of the VM based on your requirements. Set Up Administrator Account: Provide a username (e.g., azureuser) and a strong password. Configure Networking: Under "Inbound port rules", select the ports you want to allow. Please allow port ssh (22). Select Networking: Under Vnet, ensure that the virtual machine is still on the same Virtual network as the MySQL database. Review and Create: Click on "Review + create" to validate your settings. Once validation is complete, click "Create". Connect to Your VM: After deployment, go to the resource and select "Connect" > SSH. Connect with ssh using Azure CLI: Select configure + connect Download and install mysql-client tool to connect to the server. For this example the database is a MySQL database sudo apt-get update sudo apt-get install mysql-client Connect to the MySQL database Go back to the MySQL resource Click on reset password if you have forgotten the password. Once the password is changed, select connect and select connect from browser or locally. Copy the code that was displayed. You can see the example from the picture above. Paste the connection code into the virtual machine to establish a connection to the MySQL database. Upon successful connection, a welcome message will be displayed. You can then proceed to use MySQL commands to create and manage your tables. Conclusion By following these steps, nonprofits can securely access and manage their Azure SQL Database. In the next part, we’ll explore how to deploy your web application codes. Additional Resources Connect With Private Access in the Azure Portal - Azure Database for MySQL - Flexible Server | Microsoft Learn Networking Overview - Azure Database for MySQL - Flexible Server | Microsoft LearnBuilding a Web App and Database in Azure for Nonprofits
Welcome to our blog on how nonprofits can leverage Microsoft Azure to create and deploy a web app with a database. This blog will provide a step-by-step guide to help you get started, even if you have little to no experience with cloud computing. Setting Up Your Azure Environment In this first blog, we'll walk you through setting up your Azure environment. This includes creating an Azure account, setting up a resource group, and preparing your development environment. Sign in to your Azure Portal: Visit the Azure portal and sign in with your nonprofit account by going to this link: https://portal.azure.com/ Navigate to "App Services In the search bar, search for app services and select app service. Create an App Service Plan: Select "Create." Select Web App + Database Fill in all the required information for Project Details Create a new Resource group and select the Region closest to you. Select the Name and Runtime Stack. The Runtime stack in an Azure App Service web app refers to the set of technologies and frameworks that your web application runs on. Configure the database Select the engine, server name and database name. The Engine is the type of database for the web app. For this example, MySQL was picked. Select to add Azure Cache for Redis or not. Azure Cache for Redis is a fully managed, distributed, in-memory data store that enhances application performance and scalability by providing fast data access with sub-millisecond latency. For more information visit Azure Cache for Redis | Microsoft Azure. For this example, we will not add Azure cache for Redis. Select your hosting plan. Review + create Click on Review + create Click on Create after the validation process. Conclusion By following the steps outlined in this blog, you will successfully set up your Azure environment. This guide empowers nonprofits to leverage Microsoft Azure's robust capabilities, ensuring your web app is ready to support your mission effectively. Stay tuned for future blogs, where we will delve deeper into advanced configurations and best practices to maximize your Azure experience.Privileged Identity Management + Just-in-Time Access: Grant Access Only When It’s Needed
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Why always-on admin access is so last season That’s where Privileged Identity Management (PIM) and Just-in-Time (JIT) access come in. These powerful tools help nonprofits like yours give the right people access at the right time—no more, no less. It’s smart, secure, and surprisingly simple. Let’s break down what these tools do, and how they can help protect your organization without getting in the way of the amazing work you do every day. So, what is PIM and JIT—like, really? Think of Privileged Identity Management (PIM) as your organization’s VIP list—the folks who have elevated access to do high-level stuff like reset passwords, access financial data, or make major system changes. Now, here’s the twist: with Just-in-Time (JIT) access, no one stays on the VIP list forever. Instead, they request access when they need it—and lose it when they don’t. It’s like giving someone the keys to the office only when they need to go in, rather than letting them walk in 24/7. Why should nonprofits care? Because you're dealing with sensitive data—donor info, volunteer lists, grant applications—and you’re probably working with a lean team wearing many hats. That means it’s easy for someone to get elevated access “just in case” and never lose it. That’s risky business. Enter PIM + JIT = Peace of Mind. Real-life use case #1: The “Finance Volunteer” Scenario Let’s say you have a seasonal volunteer who helps with your annual fundraising campaign. They need access to your donor database and financial reports for two months. Normally, you'd assign them a high-level role and forget about it. With PIM, you give them eligible access, not active access. They request what they need, when they need it—and only for a set amount of time. Once they’re done, the access vanishes automatically. No more “Oops, I forgot they still had access six months later.” Real-life use case #2: The “IT Consultant” You Hired Once You brought in an external IT consultant to help set up your new Microsoft 365 environment. They needed global admin rights (eek!) for just a few days. Instead of giving them full access that lingers forever, you assign them a role through PIM with JIT access. They activate their access, do their job, and then—poof—it’s gone. You can even require multi-factor authentication and approval workflows before access is granted. You’re still in control. Bonus Perks You’ll Love Audit logs – Know who accessed what and when. Notifications – Get alerted when someone activates elevated access. Time limits – Set access to expire automatically. Approvals – Make sure someone signs off before access is granted. Final Thoughts Security doesn’t have to be boring or burdensome. Tools like PIM and JIT are built right into Microsoft 365 (hello, E5 license!) and help you strike the perfect balance between productivity and protection. Here’s the best part for nonprofits: Microsoft gives eligible nonprofit organizations 10 free Microsoft 365 Business Premium licenses—which already include powerful security features like Defender for Business and Intune. To unlock PIM and JIT, you’ll need Microsoft Entra ID Plan 2, which is included in Microsoft 365 Enterprise E5 licenses. But no worries—you can add this advanced level of protection as an affordable add-on to your Business Premium licenses. So yes, your nonprofit can absolutely step up to enterprise-grade security—without paying enterprise-grade prices. Your nonprofit is doing amazing work—let’s make sure your data and systems are just as amazing (and secure). How to Enable PIM and JIT Access in Microsoft Entra Ready to level up your security with PIM and JIT? Follow these steps to get started: Step 1: Sign In Go to the Microsoft Entra admin center at entra.microsoft.com and sign in with a Global Administrator or Privileged Role Administrator account. Step 2: Navigate to PIM In the left-hand menu, select Identity Governance. Click on Privileged Identity Management. Step 3: Manage Microsoft Entra Roles Under the Manage section, click Microsoft Entra roles. Step 4: Assign Roles with JIT (Eligible) Access To Assign roles select, Assign Eligibility. Choose the role you want to manage (e.g., Global Administrator, User Administrator, etc.) or select + Add assignments and select a role there. Apply the scope: this defines where the role applies. Directory Scope: Grants access across the entire Microsoft Entra directory (tenant). Use this for org-wide roles like Global Administrator or User Administrator. Application Scope: Limits access to a specific registered application (like a third-party app or a custom-built app). Assign roles here when managing permissions for app-specific access. Service Principal Scope: Applies the role to a specific service principal, which represents the identity used by an app or automation to access resources. Use this when assigning roles to automation accounts, scripts, or non-user entities. Assign to a username or group. When assigning roles in PIM, you can choose between two types: Eligible: The user does not have the role by default, but they can activate it when needed. This is ideal for Just-in-Time (JIT) access and is the most secure option. Active: The user has the role assigned permanently and doesn't need to request or activate it. Use this only when ongoing access is absolutely necessary. Choose whether the assignment is permanent or for a specific time frame. Click Assign to save. Step 5: Users Activate Roles When Needed (JIT Access) When a user needs to perform an admin task: They go to the Privileged Identity Management section. Find their eligible role and click Activate. Complete any required justification, MFA, or approval steps. Step 6: Approvers Review Activation Requests (Optional) If you’ve set up approvals: Approvers will receive a notification and can review/approve requests directly from the PIM portal. Step 7: Stay Compliant and Secure Regularly review role activations and audit activity logs. Adjust role assignments as needed to maintain least-privilege access. Additional Resources: Assign Microsoft Entra roles in PIM Assign eligibility for a group in PIM Built-in roles in Microsoft Entra
