Access Azure Government with VS Code Azure Extension
Here are the steps to access Azure Government resources from VS Code. If you experience issues even after setting these setting I’d recommend capturing a Fiddler trace to inspect the URLs being accessed. 1. Open VS Code and Press Ctrl-Shift-P to pull up the command pallet and search for Sign In to Azure Cloud 2.…
Azure PowerShell Functions in Azure Government
When working with services in Azure Government, often times Azure Government endpoints have to be specified as the defaults for Azure CLI, PowerShell, the Azure SDKs, ect all will default to use the commercial endpoints. This is the same for Azure Functions. To run Azure PowerShell functions to execute the AZ commandlets add the -Environment…
Creating Certificate Bundles for Application Gateway
There are certain clients that still require a full certificate chain as they may return certificate errors. Certain web servers like IIS can build the chain while others may not serve the full certificate chain in the Server Certificate exchange. Here’s a step-by-step process going through how to detect if this is an issue and…
Querying Resources in Azure Graph
I had a customer reach out requesting how to query all certificates across all subs and figure out when they are expiring. Using Azure Resource Graph I came up with the query below that searches for all app services, find the bindings, and matches those apps up with the Microsoft.web/certificate object. Azure Graph is a…
Root Certificates on Windows
I’m far from a PKI expert so I won’t be going into much detail as a lot of information around certificates can be found through a web search. I spent a considerable amount of time debugging an issue related to certificates and the trusted root store on Windows and I didn’t find much documentation discussing…
Exporting an App Service Certificate from Azure Key Vault to use elsewhere
Download the certificate from the Key Vault hosting the App Service Certificate. Double click on the exported PFX downloaded from Keyvault onto your Windows Machine. Navigate through the prompts on the screen, leaving the Password blank and marking the key as exportable Whever the cert was installed ie Personal store -> Right click on the…
Using MSI to call another Web/Function App
I see this question come up every so often around how to call another function or web app with MSI that is configured to use the built in Authentication. The steps to setting up the authentication and authorization can be found in steps 1-3 of this previous blog. The UX has since changed so I…
App Service Network Troubleshooting
My basic process behind debugging any sort of networking issue is to reduce the complexity of the issue and walk up the basic network stack. Often times we overlook a basic problem such as DNS resolution issues or the incorrect reference in code that can cause hours, days, or weeks going down a rabbit hole.…
The plight of the unrecognized IMEI
My parents arrived back from overseas with the international version of the Samsung S20. What we expected to be a simple process of going to ATT and activating the phones turned onto a 2 week long ordeal. What I’ve learned since is each phone has an IMEI number which is a unique number used to…
Azure Functions Access to Restricted Storage Accounts
With requirements for additional security, many customers have started enforcing network restrictions on their Azure storage accounts. This in turn can cause major issues with Azure Functions without the proper configuration, as Azure functions rely heavily on Azure storage for functionality. Background Azure storage There are two core concepts for Azure Functions related to Azure…
