Azure Policy for API Management Policy Inheritance

Proud to announce that multifactor enforcement for Azure Portal sign-ins was rolled out for 100% of Azure tenants in March 2025. Now, Azure is announcing the start of Phase 2 MFA enforcement at the Azure Resource Manager layer, starting October 1, 2025. Phase 2 enforcement will be gradually applied across Azure tenants through Azure Policy, following Microsoft safe deployment practices. Read more here.. https://lnkd.in/dxeumGxm #MFA #AzureSecurity

𝐖𝐡𝐞𝐧 𝐀𝐥𝐢𝐛𝐚𝐛𝐚 𝐢𝐧𝐭𝐫𝐨𝐝𝐮𝐜𝐞𝐝 𝐍𝐞𝐳𝐡𝐚, 𝐢𝐭 𝐟𝐞𝐥𝐭 𝐥𝐢𝐤𝐞 𝐭𝐡𝐞𝐲 𝐰𝐞𝐫𝐞 𝐬𝐚𝐲𝐢𝐧𝐠: 𝐭𝐡𝐞 𝐫𝐞𝐚𝐥 𝐛𝐚𝐭𝐭𝐥𝐞 𝐢𝐬𝐧’𝐭 𝐚𝐭 𝐭𝐡𝐞 𝐕𝐌 𝐥𝐚𝐲𝐞𝐫, 𝐢𝐭’𝐬 𝐚𝐭 𝐭𝐡𝐞 𝐒𝐦𝐚𝐫𝐭𝐍𝐈𝐂. We already know every VM runs on a host, and every host can run many VMs, just like a node can hold many pods in Kubernetes. If that host gets overworked, everything on it feels the heat. That’s where 𝐍𝐞𝐳𝐡𝐚 steps in: it watches SmartNIC usage closely and shifts loads from busy cards to idle ones. The result? 𝐅𝐞𝐰𝐞𝐫 𝐛𝐨𝐭𝐭𝐥𝐞𝐧𝐞𝐜𝐤𝐬, 𝐟𝐞𝐰𝐞𝐫 𝐕𝐌 𝐬𝐥𝐨𝐰𝐝𝐨𝐰𝐧𝐬, 𝐚𝐧𝐝 𝐛𝐞𝐭𝐭𝐞𝐫 𝐮𝐬𝐞 𝐨𝐟 𝐞𝐱𝐢𝐬𝐭𝐢𝐧𝐠 𝐡𝐚𝐫𝐝𝐰𝐚𝐫𝐞. Now compare this to what 𝐀𝐖𝐒 𝐚𝐧𝐝 𝐀𝐳𝐮𝐫𝐞 currently do: 𝐀𝐖𝐒 𝐍𝐢𝐭𝐫𝐨 and 𝐀𝐳𝐮𝐫𝐞 𝐀𝐜𝐜𝐞𝐥𝐞𝐫𝐚𝐭𝐞𝐝 𝐍𝐞𝐭𝐰𝐨𝐫𝐤𝐢𝐧𝐠 already offload tasks to SmartNICs. But the optimization is mostly at the 𝐕𝐌 𝐨𝐫 𝐕𝐍𝐞𝐭 𝐥𝐞𝐯𝐞𝐥, not across SmartNICs themselves. 𝐍𝐞𝐳𝐡𝐚 𝐢𝐬 𝐝𝐢𝐟𝐟𝐞𝐫𝐞𝐧𝐭. It balances SmartNIC workloads across the data center, not just one host. And here’s why this matters: For 𝐩𝐮𝐛𝐥𝐢𝐜 𝐜𝐥𝐨𝐮𝐝 𝐜𝐮𝐬𝐭𝐨𝐦𝐞𝐫𝐬, it’s an invisible win — performance just feels smoother. But for those running 𝐩𝐫𝐢𝐯𝐚𝐭𝐞 𝐜𝐥𝐨𝐮𝐝 𝐦𝐨𝐝𝐞𝐥𝐬, this is bigger news. You don’t need to throw money at new hardware every cycle. Instead, you 𝐬𝐪𝐮𝐞𝐞𝐳𝐞 𝐞𝐯𝐞𝐫𝐲 𝐝𝐫𝐨𝐩 𝐨𝐟 𝐩𝐞𝐫𝐟𝐨𝐫𝐦𝐚𝐧𝐜𝐞 𝐟𝐫𝐨𝐦 𝐰𝐡𝐚𝐭 𝐲𝐨𝐮 𝐚𝐥𝐫𝐞𝐚𝐝𝐲 𝐡𝐚𝐯𝐞. Microsoft has been quietly researching 𝐬𝐞𝐥𝐟-𝐨𝐩𝐭𝐢𝐦𝐢𝐳𝐢𝐧𝐠 𝐝𝐚𝐭𝐚𝐜𝐞𝐧𝐭𝐞𝐫𝐬 and resource-aware scheduling. So don’t be surprised if Azure comes with something Nezha-like in the near future. To me, this shows the next cloud war won’t just be about who has more regions or services. It will be about 𝐰𝐡𝐨 𝐜𝐚𝐧 𝐨𝐫𝐜𝐡𝐞𝐬𝐭𝐫𝐚𝐭𝐞 𝐫𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬 𝐚𝐭 𝐭𝐡𝐞 𝐝𝐞𝐞𝐩𝐞𝐬𝐭 𝐥𝐞𝐯𝐞𝐥 𝐰𝐢𝐭𝐡 𝐭𝐡𝐞 𝐥𝐞𝐚𝐬𝐭 𝐰𝐚𝐬𝐭𝐞. #CloudComputing #SmartNIC #AlibabaCloud #AWS #Azure #PrivateCloud #CloudInfrastructure #Virtualization #CloudInnovation #DigitalTransformation

It’s official: Autonomous Discount Management (ADM) for Microsoft Azure is now Generally Available! 🎉 Managing Azure commitments is complex. Cyclical workloads, confusing pricing structures, and inadequate showback tools often lead to missed savings and wasted effort. ProsperOps for Azure automates it all, enabling you to maximize savings and commitment flexibility with zero operational overhead. Based on valuable customer feedback from our Early Access program, this release includes key updates: ✅ Commitments Dashboard ✅ Intelligent Showback ✅ Enhanced Automation with Coverage Optimization ✅ Azure Marketplace Integration ✅ Multi-currency Support Read the full announcement ➡️ https://bit.ly/4pnYibH #ProsperOps #MicrosoftAzure #Azure #FinOps #CloudCostOptimization #AzureADM #MicrosoftPartner

📘 DAY 26/30 — Azure Policy vs Azure Blueprints: What’s the Difference? When managing multiple resources and subscriptions, governance is key. That’s where Azure Policy and Blueprints come in. 🛡️ Azure Policy ● Enforces rules and effects on Azure resources ● Example: Disallow public IPs, require tags, or restrict VM SKUs ● Policies evaluate compliance continuously ● Supports initiative definitions (grouped policies) 📘 Azure Blueprints ● Think of it as a deployment template for full environments ● Bundles policy assignments, role assignments, ARM templates, and resource groups ● Ideal for repeatable and compliant deployments ● Blueprints can be locked to prevent tampering 💡 AZ-104 Tip: Expect scenario-based questions asking when to use Policy vs Blueprints — focus on their purpose: enforcement vs environment setup. --------------------------------------------------------------------------- 📚 Today’s Learning Resources ▶️ What is Azure Policy? - https://lnkd.in/dPecQHjE ▶️ What are Azure Blueprints? - https://lnkd.in/d9qMgvRV 🧠 Tomorrow (Day 27): We move into Monitoring & Insights — exploring Azure Monitor, Log Analytics, and more. #AZ104Challenge #AzurePolicy #AzureBlueprints #CloudGovernance #LearnAzure

Top 3 reliability actions you need to take for your Azure deployments that sadly many customers are not! AND an amazing new resource to help educate and implement. https://lnkd.in/g9BKB4Ej 00:00 - Introduction 01:18 - 1, Use Availability Zones 05:32 - 2, Network gateway SKUs 07:06 - 3, Network connectivity 13:28 - Reliability Guidance Hub 17:12 - Summary 18:02 - Close #azure #microsoft

Great info here as always! In the last few years I’ve seen so many deployments of zonal resources to networks with non-zonal gateways and it’s not always something people think to check. Typically the gateway was deployed years back on a standard (non-zonal) SKU and forgotten about, because it just works it’s not looked at again. Not much point deploying zonal resources if your network connectivity dies with the affected zone.

To prevent Azure from marking an instance as unhealthy and shutting it down, expose a lightweight /health endpoint that returns HTTP 200 OK as soon as the application is ready to serve traffic. Configure Azure’s health probe to call this endpoint at short intervals; any non-200 or timeout response will trigger auto-repair or replacement of the instance.

Microsoft has refreshed the Azure Enterprise-Scale Landing Zone, bringing clarity and stronger governance for cloud adoption. Key highlights: 🔹 Dedicated Security Subscription & Log Analytics Workspaces – separates security vs. platform logs for better clarity, compliance, and cost control. 🔹 Clear split between Platform & Application Landing Zones • Platform → identity, networking, monitoring, governance foundations • Application → where workloads/apps live & scale with best practices Why this matters: This structure mirrors real-world team ownership and makes scaling & governance easier across large environments. 🔑 Tied to Azure CAF Design Areas These updates directly strengthen landing zone principles like: • Identity & Access Management – enforce secure boundaries • Network Topology & Connectivity – scalable, segmented design • Governance & Management – policies, compliance, and visibility • Automation – deploy & manage landing zones consistently with IaC 📚 Learn more: https://lnkd.in/gNdkGcsC 👉 I am attaching the PDF for downloadable version of the architecture. #Azure #LandingZone #EnterpriseScale #CAF #Governance #CloudArchitecture

🧿 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐁𝐫𝐢𝐧𝐠𝐬 𝐀𝐳𝐮𝐫𝐞 𝐁𝐚𝐜𝐤 𝐎𝐧𝐥𝐢𝐧𝐞 𝐀𝐟𝐭𝐞𝐫 𝐎𝐮𝐭𝐚𝐠𝐞 After a major outage disrupted users worldwide, Microsoft has confirmed Azure services are back online. Engineers are monitoring closely to ensure stability and prevent further downtime. #HypoMatrix #Microsoft #Azure #CloudComputing #TechUpdate 💬 𝐄𝐱𝐩𝐥𝐨𝐫𝐞 𝐔𝐬: https://lnkd.in/g2mRPC-H

Big news for anyone building on Microsoft Azure! 🚀 Microsoft has just released an updated version of the Azure Enterprise-Scale Landing Zone, and it includes several impactful enhancements for cloud architects and platform teams. Here are some of the key highlights: 🔹 Dedicated Security Subscription & Log Analytics Workspaces You can now separate platform and security logs more cleanly. This small but significant change improves clarity, cost management, and compliance. 🔹 Clear Distinction Between Platform and Application Landing Zones Platform Landing Zone: Covers foundational infrastructure (e.g., networking, identity, monitoring). Application Landing Zone: Purpose-built for applications, allowing them to scale independently while following best practices. This improved structure offers greater flexibility and better mirrors how most organizations divide responsibilities across teams. 📚 Explore the official documentation: https://lnkd.in/d5Y8GnfK #Azure #CloudArchitecture #EnterpriseScaleLandingZone #CloudAdoptionFramework