Posts

Advanced each Looping: Iterating Through Complex Nested Objects

Advanced each Looping: Iterating Through Complex Nested Objects

You have a deployment pipeline that needs to hit 12 different Azure regions. You could copy and paste the same 50 lines of YAML 12 times—but now you have a 600-line file that is impossible to maintain. When the security team mandates a new compliance step, you have to update it in 12 places. This is …

Governance at Scale: Writing and Deploying Azure Policies with Terraform and Bicep

Governance at Scale: Writing and Deploying Azure Policies with Terraform and Bicep

The compliance report arrives on a Friday afternoon. You scan through it and stop on a finding: a Storage Account with public network access enabled, sitting in your production subscription, deployed three weeks ago. Someone bypassed the documented standard, the ARM deployment succeeded, and nobody …

The Enterprise Case: Security and Privacy with Local AI

The Enterprise Case: Security and Privacy with Local AI

Your team completes a three-month migration to an air-gapped environment to satisfy new compliance requirements. Two security audits. Significant budget. Two weeks after go-live, someone discovers the developers are using personal phone hotspots to access GitHub Copilot — because the local …

Building a Secure RAG System for Internal DevOps Documentation

Building a Secure RAG System for Internal DevOps Documentation

It’s 2am. You’re paged for a SEV1. Your runbooks are scattered across Confluence pages, SharePoint libraries, GitHub wikis, and a legacy shared drive that nobody admits still exists. You search three systems, find conflicting procedures with different dates, and end up calling the person …

Dynamic Matrix Strategies: Generating Runtime Tests with ${{ each }}

Dynamic Matrix Strategies: Generating Runtime Tests with ${{ each }}

You need to test your application against 4 different browsers, 3 different operating systems, and 2 different database versions. That’s 24 unique job configurations. You could manually write 24 jobs—but what happens when you add a 5th browser? You are back to editing YAML for hours. There is a …

Subscription Vending: Automating New Workload Onboarding with IaC

Subscription Vending: Automating New Workload Onboarding with IaC

The ticket comes in on a Monday. A team needs a new production subscription — they have a sprint starting Thursday. You know what this means: Management Group placement, VNet config, hub peering, RBAC assignments, a budget, and a diagnostic settings policy to wire it up to the SIEM. Each step is …

Securing the Prompt: Implementing AI Guardrails with Azure API Management

Securing the Prompt: Implementing AI Guardrails with Azure API Management

You built a CI/CD tool that sends code diffs to Azure OpenAI for automated review comments. It works great. Three months later, a security audit lands on your desk. The diffs have been routinely sending database connection strings, AWS access keys, and internal IP addresses—verbatim—to the LLM. The …

Cross-Job Communication: Mastering dependencies and Output Variables

Cross-Job Communication: Mastering dependencies and Output Variables

You’ve successfully calculated a version number in Job A. Now you need to use that number to tag an image in Job B. You try to access the variable, but it comes up empty. You try $(JobA.myVar), then $[ dependencies.JobA.outputs['task.myVar'] ]. Still nothing. Frustration sets in. Why is it so hard …

Centralized Monitoring: Log Analytics, Diagnostic Settings, and Azure Monitor Workbooks

Centralized Monitoring: Log Analytics, Diagnostic Settings, and Azure Monitor Workbooks

The incident ticket lands on a Tuesday morning. Production degraded last Friday. You open the Azure portal, pull up the subscription’s Log Analytics Workspace, and realize the diagnostics on the App Gateway were never enabled. The VNet flow logs are going to a different workspace some …