Intro I received feedback asking if I could do more DevOps and Bicep articles, so this is the first in a series about this topic. Like most blog series, I will start from scratch and gradually come near a production environment. It can be hard to say this is fully production-ready due to different policies and operations in each customer environment. I will show what it can be, and then it will be up to you if it will fit in your environment or with your customers.

Intro I will create the session hosts in this part of my blog series about Azure Virtual Desktop (AVD) and Bicep. The session hosts are the workers in an AVD environment, and therefore, also one of the places we spent most of our time on optimizations and management. For this article, I will focus on the standard image from the Microsoft marketplace, but I expect to do more articles on how to manage an AVD image.

Intro In the first two blog posts (here) and (here), I wrote the most basic Bicep code for deploying a host pool, application groups, and a workspace. In this post, I want to go through some of the resources I usually designate as shared resources, meaning the workspace and the storage account. I already had the workspace in the last two articles, but this time, I am moving those resources into a shared resource group since multiple host pools often use the workspace.

Intro In the first blog post (here), I wrote the most basic Bicep code for deploying a host pool, application groups, and a workspace. The result will be the same resources in this part, but the code will be a bit more advanced, allowing us to customize the deployment. I will keep the code simple, and the goal is to make the part we change for each deployment as simple as possible, while the Bicep modules contain the more advanced code.

Intro Azure Virtual Desktop (AVD) is a managed service that runs virtual desktops and applications in Azure. Some components are deployed and configured to fit your company’s needs, even with a managed solution. In this blog post, I will walk you through the necessary steps before any end-user can log in to the virtualized desktop. I will use Bicep code and PowerShell in this blog post, but there are more options if you prefer other languages.

Credits and sources Microsoft Learnhttps://learn.microsoft.com/en-us/azure/devops/cross-service/github-integration?view=azure-devops https://learn.microsoft.com/en-us/azure/devops/boards/github/?view=azure-devops https://docs.github.com/en/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects Intro In this blog post, I will show how to use Azure DevOps pipelines with source code placed in GitHub. I will also show you how to integrate GitHub with Azure DevOps boards so that you can manage your project in Azure DevOps and close work items by using commits to your GitHub repository. This can be useful in migration scenarios and scenarios where you want the repository features from GitHub together with Azure DevOps features like project management and pipelines.

Credits and sources Microsoft Learnhttps://learn.microsoft.com/en-us/azure/virtual-machines/windows/build-image-with-packer Hashicorp Hashicorp docs Intro This article is about automating image builds in Azure. I am using Packer in this scenario and will use a Windows image for the examples. Linux builds use the same process. The goal is to make a customized image in Azure and place it in the Azure Compute Gallery for use with either AVD or Scale Sets. I will walk through the process of using Packer on my machine and then move the process into GitHub Action for an automated build.

Credits and sources Microsoft Learnhttps://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-key-vault-introduction Intro In this part of the blog series, I want to show you what Microsoft Defender for Key Vault (MDKV) brings. MDKV helps to protect the Azure Key Vaults against suspicious activities, and it does so without any agent installation. MDKV is one of the most straightforward features to manage. Still, it does protect some of the most sensitive resources you will have in Azure, like, for instance, certificates and secrets used to access your resources and data.

Credits and sources Microsoft Learnhttps://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction Intro In this part of the blog series, I want to show you what Microsoft Defender for DNS (MDDNS) brings. MDDNS helps to protect the Azure DNS services against suspicious activities, and it does so without any agent installation. Microsoft Defender for DNS features The features that MDDNS offers are protection against: Data exfiltration Malware DNS attacks Communication with domains used for malicious activities (phishing and crypto mining) Microsoft Defender for DNS alerts Microsoft Learn Docs provides a complete list of alerts that MDDNS provides; see the link below.

Credits and sources Microsoft Learnhttps://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls Intro In this part of the blog series, I want to show you how to remediate or dismiss the recommendation that Microsoft provides. Most of the recommendations are something you will want to implement, but some recommendations might not fit your environment. There are multiple ways of dismissing the recommendation. Here I will show you two, one is to waive the recommendation, and the other is to disable the policy that provides the recommendation.