https://larryjameshenry.com/posts/the-ultimate-guide-to-secure-ai-devops-on-azure/2026-05-01T00:00:00+00:00https://larryjameshenry.com/images/featured.webpThe Ultimate Guide to Secure AI DevOps on Azure: A Privacy-First BlueprintArchitect a zero-trust, GenAI-powered DevOps ecosystem on Azure using Private Link, Managed Identities, and GitHub Copilot Enterprise governance.https://larryjameshenry.com/posts/the-ultimate-guide-to-secure-ai-devops-on-azure/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-landing-zone-guide/2026-04-01T00:00:00+00:00https://larryjameshenry.com/images/featured.webpAzure Platform Engineering: The Complete Guide to Building an Enterprise Landing ZoneBuild a production-grade Azure Landing Zone from scratch. Covers all 8 CAF design areas, Terraform AVM, Bicep Deployment Stacks, and secret-less CI/CD.https://larryjameshenry.com/posts/azure-landing-zone-guide/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-guide/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/configuring-azure-openai-private-link/2026-05-02T00:00:00+00:00https://larryjameshenry.com/images/featured.webpConfiguring Azure OpenAI Private Link: Keeping AI Traffic Off the Public InternetStep-by-step guide to locking down Azure OpenAI with Private Endpoints, VNet integration, and Private DNS Zones so AI traffic never touches the public internet.https://larryjameshenry.com/posts/configuring-azure-openai-private-link/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-management-group-design/2026-04-02T00:00:00+00:00https://larryjameshenry.com/images/featured.webpDesign Your Azure Management Group and Subscription HierarchyDesign and deploy a production Azure management group hierarchy with Terraform and Bicep AVM. Covers intermediate groups, platform vs workload separation, and subscription placement.https://larryjameshenry.com/posts/azure-management-group-design/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-management-group-design/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/mastering-zero-data-retention-modified-abuse-monitoring/2026-05-03T00:00:00+00:00https://larryjameshenry.com/images/featured.webpMastering Zero Data Retention: The Guide to Modified Abuse Monitoring in Azure OpenAIEligibility criteria, application steps, and technical verification for Azure OpenAI Zero Data Retention via the Modified Abuse Monitoring program.https://larryjameshenry.com/posts/mastering-zero-data-retention-modified-abuse-monitoring/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-hub-spoke-networking/2026-04-03T00:00:00+00:00https://larryjameshenry.com/images/featured.webpHub-and-Spoke Networking for Azure Landing Zones: Azure Firewall, Bastion, and Private DNSBuild a production hub-and-spoke network for Azure landing zones. Covers Azure Firewall Premium, Bastion scaling, DNS Private Resolver, and VNet peering with gateway transit.https://larryjameshenry.com/posts/azure-hub-spoke-networking/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-hub-spoke-networking/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/github-copilot-enterprise-governance-content-exclusions-policy-controls/2026-05-04T00:00:00+00:00https://larryjameshenry.com/images/featured.webpGitHub Copilot Enterprise Governance: Content Exclusions & Policy ControlsConfigure GitHub Copilot Enterprise content exclusions, org-level policies, and OIDC-based identity controls to protect proprietary code from AI indexing.https://larryjameshenry.com/posts/github-copilot-enterprise-governance-content-exclusions-policy-controls/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-identity-architecture/2026-04-04T00:00:00+00:00https://larryjameshenry.com/images/featured.webpIdentity and Access Architecture for Azure Landing Zones: Entra ID, RBAC, and PIMDesign the identity layer of an Azure landing zone. Covers Entra ID vs Azure RBAC, Privileged Identity Management (PIM), and secret-less OIDC authentication for GitHub Actions.https://larryjameshenry.com/posts/azure-identity-architecture/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-identity-architecture/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/keyless-ai-entra-id-managed-identities-azure-openai/2026-05-05T00:00:00+00:00https://larryjameshenry.com/images/featured.webpKeyless AI: Using Entra ID Managed Identities for Azure OpenAIReplace Azure OpenAI API keys with Entra ID Managed Identities and DefaultAzureCredential across VMs, AKS, Functions, and CI/CD pipelines.https://larryjameshenry.com/posts/keyless-ai-entra-id-managed-identities-azure-openai/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-policy-governance/2026-04-05T00:00:00+00:00https://larryjameshenry.com/images/featured.webpGovernance at Scale: Writing and Deploying Azure Policies with Terraform and BicepWrite and deploy Azure Policy definitions, initiatives, and assignments as code. Learn to use the Deny and DeployIfNotExists effects to maintain a secure landing zone foundation.https://larryjameshenry.com/posts/azure-policy-governance/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-policy-governance/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/building-a-secure-rag-system-for-internal-devops-documentation/2026-05-06T00:00:00+00:00https://larryjameshenry.com/images/featured.webpBuilding a Secure RAG System for Internal DevOps DocumentationBuild a private DevOps knowledge base using Azure AI Search and Azure OpenAI with Private Link, Managed Identity, and document-level security trimming.https://larryjameshenry.com/posts/building-a-secure-rag-system-for-internal-devops-documentation/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-subscription-vending/2026-04-06T00:00:00+00:00https://larryjameshenry.com/images/featured.webpSubscription Vending: Automating New Workload Onboarding with IaCAutomate Azure subscription provisioning with a PR-based vending workflow. Learn to deploy spoke networking, RBAC, and budgets using Terraform and Bicep patterns.https://larryjameshenry.com/posts/azure-subscription-vending/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-subscription-vending/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/securing-the-prompt-ai-guardrails-azure-api-management/2026-05-07T00:00:00+00:00https://larryjameshenry.com/images/featured.webpSecuring the Prompt: Implementing AI Guardrails with Azure API ManagementUse Azure API Management as an AI gateway to sanitize prompts, detect PII and secrets, enforce token budgets, and audit AI traffic to your own Log Analytics workspace.https://larryjameshenry.com/posts/securing-the-prompt-ai-guardrails-azure-api-management/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-monitor-logging/2026-04-07T00:00:00+00:00https://larryjameshenry.com/images/featured.webpCentralized Monitoring: Log Analytics, Diagnostic Settings, and Azure Monitor WorkbooksDesign a centralized logging architecture for your Azure Landing Zone using Log Analytics and Data Collection Rules. Learn to automate diagnostic settings at scale.https://larryjameshenry.com/posts/azure-monitor-logging/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-monitor-logging/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/ai-driven-secrets-scanning-protecting-pipeline-hallucinated-credentials/2026-05-08T00:00:00+00:00https://larryjameshenry.com/images/featured.webpAI-Driven Secrets Scanning: Protecting the Pipeline from Hallucinated CredentialsConfigure GHAS secret scanning, push protection, and Copilot Autofix to catch both real leaked secrets and AI-hallucinated credentials before they reach production.https://larryjameshenry.com/posts/ai-driven-secrets-scanning-protecting-pipeline-hallucinated-credentials/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-security-baseline/2026-04-08T00:00:00+00:00https://larryjameshenry.com/images/featured.webpSecurity Baseline: Defender for Cloud and Microsoft Sentinel in a Landing ZoneEstablish a robust security baseline by deploying Microsoft Defender for Cloud and Microsoft Sentinel. Learn to automate threat detection and posture management at scale.https://larryjameshenry.com/posts/azure-security-baseline/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-security-baseline/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/the-ai-sre-blueprint-securely-automating-incident-response-on-azure/2026-05-09T00:00:00+00:00https://larryjameshenry.com/images/featured.webpThe AI SRE Blueprint: Securely Automating Incident Response on AzureArchitect AI agents that autonomously investigate and remediate Azure incidents within least-privilege boundaries, with human-in-the-loop gates for production actions.https://larryjameshenry.com/posts/the-ai-sre-blueprint-securely-automating-incident-response-on-azure/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-landing-zone-cicd/2026-04-09T00:00:00+00:00https://larryjameshenry.com/images/featured.webpCI/CD Pipeline for Your Landing Zone: Deploying Azure Verified Modules with GitHub ActionsBuild a production-grade CI/CD pipeline for your Azure Landing Zone. Learn to implement OIDC authentication, automated testing with PSRule, and PR-driven workflows.https://larryjameshenry.com/posts/azure-landing-zone-cicd/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-cicd/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/continuous-compliance-using-ai-to-generate-and-audit-azure-policy/2026-05-10T00:00:00+00:00https://larryjameshenry.com/images/featured.webpContinuous Compliance: Using AI to Generate and Audit Azure PolicyUse Azure OpenAI to draft custom Azure Policy definitions, audit IaC for compliance drift, and explain policy violations — all integrated into a GitOps CI/CD pipeline.https://larryjameshenry.com/posts/continuous-compliance-using-ai-to-generate-and-audit-azure-policy/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-landing-zone-costs/2026-04-10T00:00:00+00:00https://larryjameshenry.com/images/featured.webpCost Governance in the Landing Zone: Tagging Enforcement, Budgets, and FinOps AutomationMaster Azure cost governance by automating tagging enforcement, budget alerts, and anomaly detection. Build a FinOps-ready landing zone using Terraform and Bicep.https://larryjameshenry.com/posts/azure-landing-zone-costs/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-costs/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-landing-zone-ops/2026-04-11T00:00:00+00:00https://larryjameshenry.com/images/featured.webpDay-2 Operations: Maintaining and Evolving Your Azure Landing ZoneLearn how to operate, maintain, and upgrade your Azure Landing Zone. Covers policy drift remediation, RBAC reviews, and migrating to Azure Verified Modules (AVM).https://larryjameshenry.com/posts/azure-landing-zone-ops/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-ops/images/featured.webpimages/featured.webphttps://larryjameshenry.com/tags/ai-azure-policy/2026-05-10T00:00:00+00:00https://larryjameshenry.com/categories/azure/2026-05-10T00:00:00+00:00https://larryjameshenry.com/tags/azure-policy/2026-05-10T00:00:00+00:00https://larryjameshenry.com/categories/2026-05-10T00:00:00+00:00https://larryjameshenry.com/tags/compliance-as-code-ai/2026-05-10T00:00:00+00:00https://larryjameshenry.com/categories/devops/2026-05-10T00:00:00+00:00https://larryjameshenry.com/tags/iac-security/2026-05-10T00:00:00+00:00https://larryjameshenry.com/2026-05-10T00:00:00+00:00https://larryjameshenry.com/posts/2026-05-10T00:00:00+00:00https://larryjameshenry.com/series/privacy-first-ai-devops-on-azure/2026-05-10T00:00:00+00:00https://larryjameshenry.com/tags/secure-landing-zone/2026-05-10T00:00:00+00:00https://larryjameshenry.com/series/2026-05-10T00:00:00+00:00https://larryjameshenry.com/tags/2026-05-10T00:00:00+00:00https://larryjameshenry.com/tags/agentic-devops-azure/2026-05-09T00:00:00+00:00https://larryjameshenry.com/tags/ai-sre/2026-05-09T00:00:00+00:00https://larryjameshenry.com/tags/automated-incident-response/2026-05-09T00:00:00+00:00https://larryjameshenry.com/tags/azure-ai-agents/2026-05-09T00:00:00+00:00https://larryjameshenry.com/tags/least-privilege-ai/2026-05-09T00:00:00+00:00https://larryjameshenry.com/tags/ai-secrets-scanning/2026-05-08T00:00:00+00:00https://larryjameshenry.com/tags/devsecops/2026-05-08T00:00:00+00:00https://larryjameshenry.com/tags/ghas-copilot-integration/2026-05-08T00:00:00+00:00https://larryjameshenry.com/categories/github/2026-05-08T00:00:00+00:00https://larryjameshenry.com/tags/github-advanced-security/2026-05-08T00:00:00+00:00https://larryjameshenry.com/tags/secure-ci/cd/2026-05-08T00:00:00+00:00https://larryjameshenry.com/tags/ai-gateway-azure/2026-05-07T00:00:00+00:00https://larryjameshenry.com/tags/apim-prompt-guardrails/2026-05-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-api-management/2026-05-07T00:00:00+00:00https://larryjameshenry.com/tags/prompt-security/2026-05-07T00:00:00+00:00https://larryjameshenry.com/tags/secure-ai-prompts/2026-05-07T00:00:00+00:00https://larryjameshenry.com/tags/ai-search-devops/2026-05-06T00:00:00+00:00https://larryjameshenry.com/tags/azure-ai-search/2026-05-06T00:00:00+00:00https://larryjameshenry.com/tags/internal-knowledge-base-ai/2026-05-06T00:00:00+00:00https://larryjameshenry.com/tags/private-rag-azure/2026-05-06T00:00:00+00:00https://larryjameshenry.com/tags/rag-security/2026-05-06T00:00:00+00:00https://larryjameshenry.com/tags/azure-openai-managed-identity/2026-05-05T00:00:00+00:00https://larryjameshenry.com/tags/azure-rbac/2026-05-05T00:00:00+00:00https://larryjameshenry.com/tags/defaultazurecredential/2026-05-05T00:00:00+00:00https://larryjameshenry.com/tags/entra-id-ai-security/2026-05-05T00:00:00+00:00https://larryjameshenry.com/tags/keyless-ai-auth/2026-05-05T00:00:00+00:00https://larryjameshenry.com/tags/ai-governance/2026-05-04T00:00:00+00:00https://larryjameshenry.com/tags/copilot-privacy-policy/2026-05-04T00:00:00+00:00https://larryjameshenry.com/tags/emu-oidc/2026-05-04T00:00:00+00:00https://larryjameshenry.com/tags/github-copilot-content-exclusions/2026-05-04T00:00:00+00:00https://larryjameshenry.com/tags/github-copilot-enterprise/2026-05-04T00:00:00+00:00https://larryjameshenry.com/tags/ai-privacy-compliance/2026-05-03T00:00:00+00:00https://larryjameshenry.com/tags/azure-openai/2026-05-03T00:00:00+00:00https://larryjameshenry.com/tags/gdpr-ai/2026-05-03T00:00:00+00:00https://larryjameshenry.com/tags/modified-abuse-monitoring/2026-05-03T00:00:00+00:00https://larryjameshenry.com/tags/zero-data-retention-azure/2026-05-03T00:00:00+00:00https://larryjameshenry.com/tags/ai-networking-security/2026-05-02T00:00:00+00:00https://larryjameshenry.com/tags/azure-networking/2026-05-02T00:00:00+00:00https://larryjameshenry.com/tags/azure-openai-private-link/2026-05-02T00:00:00+00:00https://larryjameshenry.com/tags/private-endpoints/2026-05-02T00:00:00+00:00https://larryjameshenry.com/tags/vnet-integration/2026-05-02T00:00:00+00:00https://larryjameshenry.com/tags/azure-ai-privacy/2026-05-01T00:00:00+00:00https://larryjameshenry.com/tags/enterprise-genai-blueprint/2026-05-01T00:00:00+00:00https://larryjameshenry.com/tags/private-ai-infrastructure/2026-05-01T00:00:00+00:00https://larryjameshenry.com/tags/secure-ai-devops/2026-05-01T00:00:00+00:00https://larryjameshenry.com/tags/azure-avm-migration/2026-04-11T00:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-day-2-operations/2026-04-11T00:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-maintenance-bicep-terraform/2026-04-11T00:00:00+00:00https://larryjameshenry.com/series/azure-platform-engineering-build-an-enterprise-landing-zone-from-scratch/2026-04-11T00:00:00+00:00https://larryjameshenry.com/tags/azure-policy-drift-remediation/2026-04-11T00:00:00+00:00https://larryjameshenry.com/categories/operations/2026-04-11T00:00:00+00:00https://larryjameshenry.com/tags/azure-budget-alert-automation/2026-04-10T00:00:00+00:00https://larryjameshenry.com/tags/azure-cost-management-landing-zone/2026-04-10T00:00:00+00:00https://larryjameshenry.com/tags/azure-finops-platform-engineering/2026-04-10T00:00:00+00:00https://larryjameshenry.com/tags/azure-tagging-policy-terraform-bicep/2026-04-10T00:00:00+00:00https://larryjameshenry.com/categories/finops/2026-04-10T00:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-cicd/2026-04-09T00:00:00+00:00https://larryjameshenry.com/tags/bicep-deployment-stacks-guide/2026-04-09T00:00:00+00:00https://larryjameshenry.com/tags/github-actions-azure-oidc/2026-04-09T00:00:00+00:00https://larryjameshenry.com/tags/gitops-for-azure-landing-zone/2026-04-09T00:00:00+00:00https://larryjameshenry.com/tags/terraform-github-actions-tutorial/2026-04-09T00:00:00+00:00https://larryjameshenry.com/tags/azure-security-baseline-tutorial/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/cloud-security-posture-management-asb/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/microsoft-defender-for-cloud-guide/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/microsoft-sentinel-landing-zone/2026-04-08T00:00:00+00:00https://larryjameshenry.com/categories/security/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/sentinel-data-connectors-bicep/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-diagnostic-settings-policy/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-monitor-logging-tutorial/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-monitor-workbooks-guide/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/data-collection-rules-kql/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/log-analytics-workspace-v2/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/automated-subscription-provisioning/2026-04-06T00:00:00+00:00https://larryjameshenry.com/tags/azure-subscription-vending/2026-04-06T00:00:00+00:00https://larryjameshenry.com/tags/bicep-lz-vending/2026-04-06T00:00:00+00:00https://larryjameshenry.com/tags/landing-zone-automation/2026-04-06T00:00:00+00:00https://larryjameshenry.com/tags/terraform-subscription-vending/2026-04-06T00:00:00+00:00https://larryjameshenry.com/tags/azure-governance-best-practices/2026-04-05T00:00:00+00:00https://larryjameshenry.com/tags/azure-policy-as-code/2026-04-05T00:00:00+00:00https://larryjameshenry.com/tags/bicep-policy-assignment/2026-04-05T00:00:00+00:00https://larryjameshenry.com/tags/dine-policy-remediation/2026-04-05T00:00:00+00:00https://larryjameshenry.com/categories/governance/2026-04-05T00:00:00+00:00https://larryjameshenry.com/tags/terraform-azure-policy-tutorial/2026-04-05T00:00:00+00:00https://larryjameshenry.com/tags/azure-identity-architecture/2026-04-04T00:00:00+00:00https://larryjameshenry.com/tags/azure-pim-best-practices/2026-04-04T00:00:00+00:00https://larryjameshenry.com/tags/entra-id-rbac-tutorial/2026-04-04T00:00:00+00:00https://larryjameshenry.com/tags/oidc-github-actions-azure/2026-04-04T00:00:00+00:00https://larryjameshenry.com/tags/zero-trust-azure-identity/2026-04-04T00:00:00+00:00https://larryjameshenry.com/tags/azure-bastion-scaling/2026-04-03T00:00:00+00:00https://larryjameshenry.com/tags/azure-dns-private-resolver/2026-04-03T00:00:00+00:00https://larryjameshenry.com/tags/azure-firewall-premium-tutorial/2026-04-03T00:00:00+00:00https://larryjameshenry.com/tags/azure-hub-and-spoke-networking/2026-04-03T00:00:00+00:00https://larryjameshenry.com/categories/networking/2026-04-03T00:00:00+00:00https://larryjameshenry.com/tags/vnet-peering-gateway-transit/2026-04-03T00:00:00+00:00https://larryjameshenry.com/tags/azure-governance-as-code/2026-04-02T00:00:00+00:00https://larryjameshenry.com/tags/azure-management-group-design/2026-04-02T00:00:00+00:00https://larryjameshenry.com/tags/azure-subscription-hierarchy/2026-04-02T00:00:00+00:00https://larryjameshenry.com/tags/azure-verified-modules-ptn-alz/2026-04-02T00:00:00+00:00https://larryjameshenry.com/tags/landing-zone-architecture/2026-04-02T00:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-tutorial/2026-04-01T00:00:00+00:00https://larryjameshenry.com/tags/azure-platform-engineering-guide/2026-04-01T00:00:00+00:00https://larryjameshenry.com/tags/azure-verified-modules-avm/2026-04-01T00:00:00+00:00https://larryjameshenry.com/tags/caf-enterprise-scale/2026-04-01T00:00:00+00:00https://larryjameshenry.com/tags/landing-zone-as-code/2026-04-01T00:00:00+00:00https://larryjameshenry.com/gallery/2022-06-25T18:35:46+05:30https://larryjameshenry.com/about/https://larryjameshenry.com/images/larryjameshenry.webpAbout Larry James HenrySenior DevOps Engineer and Azure Solutions Architect specializing in Platform Engineering and PowerShell automation.https://larryjameshenry.com/tags/azure-devops/https://larryjameshenry.com/series/azure-devops-yaml-expression-masterclass/https://larryjameshenry.com/tags/ci/cd/https://larryjameshenry.com/tags/compile-time/https://larryjameshenry.com/tags/devops/https://larryjameshenry.com/tags/pipeline-expressions/https://larryjameshenry.com/tags/runtime/https://larryjameshenry.com/tags/yaml/