Continuous Delivery to Azure using Visual Studio Team Services

On October 6, 2017 the Microsoft State and Local Government team hosted their second SLG Azure Fridays event with a presentation by me titled Continuous Delivery to Azure using Visual Studio Team Services.  This webcast demonstrated the following:

  • Use VS 2017 to build a new .NET core web app
  • Use GIT version control with VSTS
  • Create a continuous integration build pipeline
  • Create a continuous delivery pipeline

A recording of the webcast can be seen below.  To see a list of upcoming SLG Azure Fridays events, check out our registration site at

SLG Azure Community

Interested in learning how your State and Local Government counterparts are leveraging the cloud to digitally transform the way they do business? Are you an innovator that wants to benefit from participating in a community of like-minded business and IT professionals? Government agencies provide critical services to the communities they serve, and the growing demand to do more with less available resources makes the hybrid cloud discussion more relevant than ever before. Join us every four weeks to learn from Microsoft customers that have embraced technology as an innovative and transformative way to deliver government-related services to the communities they serve.

The SLG Azure Fridays community is made up of Microsoft customers actively delivering services through the Microsoft Azure cloud, or seeking new ways to bring innovation to their organizations, and presentations will primarily be delivered by State and Local Government customers based on challenges and opportunities relevant to all customers across the country. The community provides a forum to present your innovative solutions, and to network with peers that are rising to the ever changing landscape of delivering government services at scale.

To register for the SLG Azure Community event visit the SLG Events website.

DevOps 101

On September 22, 2017 the Microsoft State and Local Government team kicked off a new webcast series called SLG Azure Fridays.   Azure App Dev Technical Specialist, Brian Spann, presented DevOps 101. This webcast covers how adopting and implementing a DevOps strategy within your organization can enable you to shorten cycle times while improving software quality by streamlining the entire development workflow, from the backlog, through build and test, all the way into production, with real-time monitoring for availability and performance as well as user analytics to help inform the business on what to focus on next.   Upcoming SLG Azure Fridays events are always listed at  Limited spaces are available so register early.

SLG Azure Fridays

On October 6, 2017 at 1:30PM EDT the Microsoft State and Local Government team will be kicking off a new free webcast series titled SLG Azure Fridays.  This new weekly series is designed to cover technical Azure topics in the following categories for our State and Local Government customers:

  • Azure Application Development
  • Azure Infrastructure
  • Business Intelligence & Artificial Intelligence
  • Community

The first webcast will be Continuous Delivery to Azure using Visual Studio Team Services. 

You can learn more about these events or register at

Important: Azure Government PowerShell change

A change was recently made to the Login-AzureRmAccount PowerShell cmdlet which may break existing scripts. 

For older versions of Azure PowerShell you would use the following to log into Azure US Government:

Login-AzureRmAccount –EnvironmentName AzureUSGovernment

With the new version of Azure PowerShell you will instead use:

Login-AzureRmAccount –Environment AzureUSGovernment

It is a simple change but you need to be aware of it in case you upgrade your Azure PowerShell and notice your scripts are no longer working.

Best practices for hosting Active Directory Domain Controllers in Azure

Recently I was having a discussion with another Cloud Solutions Architect about hosting domain controllers in Azure and how to protect them.  I thought I would post some of the best practices that we discussed:

  • Review the guide for hosting Active Directory domain controllers in Azure.
  • Use a dedicated Azure storage account for Active Directory domain controller disks. 
  • Ensure that the storage container for the domain controller’s OS and data disks is set to private access type (this is the default for new containers).
  • Use role based access control (RBAC) to limit who has access to manage the storage account and access keys.
  • Enable Azure Disk Encryption with key encryption key (KEK) for both the operating system and data disks.   This will utilize Azure Key Vault for storing the keys.   The Key Vault must reside in the same Azure region and subscription as the virtual machine.
  • Use RBAC to limit who has access to manage the Key Vault.
  • Keep domain controllers in their own virtual network subnet.
  • Implement an incoming deny all network security group rule on the domain controller subnet and then configure only the required ports for the domain controllers.
  • Set a static IP for the domain controller using PowerShell or the Azure Management Portal.  Never set a static IP address directly in the operating system.  You must always set the operating system to use DHCP.
  • Do not set public IP addresses on domain controllers.

Deploying domain controllers in Azure is an important step for providing an organization with resilient identity.  By taking precautions like you would on-premises you can have a safe and secure cloud environment.  The best practices listed above are not an exhaustive list of all configurations and settings that you should implement in order to have a secure domain controller environment in the cloud.  Please review all of the documentation and apply your own security requirements and standards to your cloud deployment.

Networking to and within the Azure Cloud

Microsoft’s Olivier Martin recently wrote a three part series called Networking to and within the Azure Cloud.  This is an excellent primer on understanding the options you have as an organization to connect different virtual networks and regions together using VPN or ExpressRoute connections.  I highly recommend checking this out even if you feel you have a solid understanding of networking in Microsoft Azure.

Part 1: Hybrid networking connectivity options
Part 2: Intra-cloud connectivity options
Part 3: Putting all these concepts together

Virtual Azure Gov Discovery Day

Put the cloud to work for you. Join us as we explore how your agency can achieve more while helping stay compliant and secure with Microsoft Azure Government. You’ll hear from industry leaders, analysts, and experts over the course of eight sessions designed to help you modernize your agency and kick off your digital transformation.

Don’t miss the Virtual Azure Gov Discovery Day on April 25th at 12:00 PM ET/9:00 PT.

Technology Blog