Welcome to KasdevTech ☁️

Authentication, MFA & Conditional Access This post covers authentication protocols, password protection, MFA implementation, Conditional Access policies, Identity Protection and exam-ready examples. Authentication protocols OAuth 2.0: authorization framework for token issuance. OpenID Connect: identity layer on top of OAuth2 for SSO. SAML 2.0: legacy enterprise SSO. Kerberos/NTLM: on-prem AD DS scenarios. Password policies & SSPR Enable Self-Service Password Reset (SSPR) to reduce helpdesk load. Combine with MFA for secure recovery. PowerShell (MSOnline / AzureAD): ...

Managed Identities for Azure Resources This post describes managed identities (system-assigned and user-assigned), how to create them, use them with Key Vault, and best practices. Types of managed identities System-assigned: lifecycle tied to the resource (deleted with resource). User-assigned: independent resource; can be attached to multiple resources. Create & assign identities (CLI) # Create user-assigned identity az identity create --name kasdev-identity --resource-group demo-rg --location eastus # Assign system-assigned identity to a VM az vm identity assign --resource-group demo-rg --name kasvm01 # Assign user-assigned identity to VM az vm identity assign --resource-group demo-rg --name kasvm01 --identities /subscriptions/<sub>/resourceGroups/demo-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/kasdev-identity Use case: Key Vault access Create Key Vault or use existing. Grant the managed identity get and list permissions on secrets. From the resource, request token from IMDS and use to call Key Vault. CLI: grant access ...

Managing Users, Groups & Guest Access This post shows how to manage users, groups, bulk operations, dynamic groups and B2B guest access with CLI, PowerShell and portal steps. Users: creation and lifecycle Create users via Portal, Azure CLI, PowerShell, or Azure AD Connect for hybrid sync. Consider password policies, SSPR and onboarding automation. CLI examples # Create a user az ad user create --display-name "Jane Doe" --user-principal-name janedoe@kasdevtech.com --password "P@ssword123!" --force-change-password-next-sign-in true # Get user details az ad user show --id janedoe@kasdevtech.com PowerShell (AzureAD module) Connect-AzureAD New-AzureADUser -DisplayName "Jane Doe" -UserPrincipalName "janedoe@kasdevtech.com" -AccountEnabled $true -PasswordProfile (New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -Property @{Password="P@ssword123!"; ForceChangePasswordNextLogin=$true}) Bulk import (CSV) example (PowerShell) Import-Csv users.csv | ForEach-Object { $pwd = $_.Password New-AzureADUser -DisplayName $_.DisplayName -UserPrincipalName $_.UPN -AccountEnabled $true -PasswordProfile (New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile -Property @{Password=$pwd; ForceChangePasswordNextLogin=$true}) } Groups: Security vs Microsoft 365 Security groups: for access control (RBAC, app assignment). Microsoft 365 groups: for collaboration (Teams, SharePoint). Create group (CLI) az ad group create --display-name "Dev Team" --mail-nickname "devteam" Dynamic membership Useful to auto-add users based on attributes (department, location). PowerShell example: ...

Azure VM Boot Issue – VM stuck in ‘Starting’ or ‘Failed’ You hit Start on your Azure VM… and it gets stuck in: “Starting…” “Provisioning failed” “Failed to start VM” You’re not alone — this is a common issue. In this blog, I’ll show you how to troubleshoot and fix it using step-by-step, beginner-friendly methods. Common Causes Problem Example Corrupt OS disk Kernel panic / bluescreen VM extension failed “Failed to install extension” NSG or route blocking Boot agent No serial output DNS or DHCP misconfigured Stuck boot or network unreachable OS-level login or update hang Incomplete patch Step-by-step Fix Guide Step 1: Open Boot Diagnostics Go to your VM → Boot diagnostics ...

Terraform init sometimes fails in CI/CD pipelines when authenticating to remote backend. Here’s how I fixed it using service principal and storage configuration updates.

RBAC Deep Dive — Overview & Role Fundamentals Azure Role-Based Access Control (RBAC) allows fine‑grained access management for Azure resources. In AZ‑104, RBAC is one of the most heavily tested areas. This post provides highly detailed, exam‑level and real‑world knowledge. 1. RBAC Architecture RBAC uses role assignments to control who can access what resource. A role assignment = Principal + Role + Scope Where: Component Meaning Principal User, Group, Service Principal, Managed Identity Role Set of permissions (JSON definition) Scope Management Group → Subscription → Resource Group → Resource Scope Hierarchy (Very Important for Exam) Management Group └── Subscription └── Resource Group └── Resource Permissions inherit downward, never upward. ...

RBAC Deep Dive — Role Assignments & Automation This post provides step‑by‑step RBAC assignment automation for CLI, PowerShell, ARM, Bicep and Terraform. Includes enterprise workflows used in real-large scale organizations. 1. Role Assignment Concepts A role assignment binds: Principal → Role → Scope Examples: Assign VM Contributor to DevOps group at RG scope Assign Key Vault Secrets Officer to AppService MSI at resource scope 2. Create Role Assignments (CLI) Assign Owner at Subscription az role assignment create --assignee <userObjectId> --role Owner --scope /subscriptions/<subscriptionId> Assign VM Contributor at RG az role assignment create --assignee <groupObjectId> --role "Virtual Machine Contributor" --resource-group demo-rg Assign role to Managed Identity az role assignment create --assignee-object-id <miObjectId> --role "Storage Blob Data Contributor" --scope /subscriptions/<subId>/resourceGroups/demo-rg/providers/Microsoft.Storage/storageAccounts/kasdevsa 3. PowerShell RBAC Connect-AzAccount # Assign Reader New-AzRoleAssignment -ObjectId <objectid> -RoleDefinitionName Reader -Scope "/subscriptions/<sub>" Remove assignment Remove-AzRoleAssignment -ObjectId <objectid> -RoleDefinitionName Reader 4. Bicep RBAC Automation param principalId string resource role 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(principalId, 'Reader') scope: subscription() properties: { roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') // Reader principalId: principalId } } 5. Terraform RBAC resource "azurerm_role_assignment" "vm_admin" { scope = azurerm_resource_group.demo.id role_definition_name = "Virtual Machine Contributor" principal_id = var.group_object_id } 6. RBAC Audit & Troubleshooting View role assignments for a resource az role assignment list --scope <scope> -o table Check why access is denied az role assignment list --assignee <user> -o table Portal Tools Azure Portal → Resource → Access Control → Check Access ...