Recently I've been working with the following:
Azure Managed Certificates
- Azure Managed Certificates became GA in March of this year. I've now used them across dozens of my personal and business services to bind to custom domain names and to Traffic Manger. They're really handy.
Azure Resource Locking
- Finally implemented Azure Resource Locking for all my team's resources. On my old team the developers had limited permissions when it came to creating, editing, and deleting resources. However, on my new team the developers have Contributor access so can accidentally or maliciously edit and delete resources. I implemented Resource Locks in our pipelines to prevent accidental changes to our resources. This helps me sleep at night. Our automated pipelines could always re-deploy most resources. However, there'd be downtime if Compute got deleted or broken and there'd much worse implications if our Data resources got deleted.
Azure DevOps Whitelisting ServiceTags
- I also just implemented IP Whitelisting for Azure DevOps. This used to be hard or impossible, but as of recently there are service tags for AzureDevOps.
