Chaos engineering has been around for a while; Netflix runs their own famous Chaos Monkey, supposedly running 24/7, taking down their resources and pushing them to the limit continuously; it almost sounds counter-intuitive – but it's not.

Chaos engineering is defined as “the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production” (Principles of Chaos Engineering, http://principlesofchaos.org/). In other words, it’s a software testing method focusing on finding evidence of problems before they are experienced by users.

Chaos engineering is a methodology that helps developers attain consistent reliability by hardening services against failures in production. Another way to think about chaos engineering is that it's about embracing the inherent chaos in complex systems and, through experimentation, growing confidence in your solution's ability to handle it.

A common way to introduce chaos is to deliberately inject faults that cause system components to fail. The goal is to observe, monitor, respond to, and improve your system's reliability under adverse circumstances. For example, taking dependencies offline (stopping API apps, shutting down VMs, etc.), restricting access (enabling firewall rules, changing connection strings, etc.), or forcing failover (database level, Front Door, etc.), is a good way to validate that the application is able to handle faults gracefully.

Introducing controlled Chaos tools such as Chaos Monkey and now – Azure Chaos Studio allows you to put pressure and, in some cases, take down your services to teach you how your services will react under strain and identity areas of improvement as resiliency and scalability to improve your systems.

Azure Chaos Studio (currently in Preview and only supported in several regionsnow) is an enabler for 'controlled Chaos' in the Microsoft Azure ecosystem. Using that same tool that Microsoft uses to test and improve their services – you can as well!

Chaos Studio works by creating Experiments (i.e., Faults/Capabilities) that run against Targets (your resources, whether they are agent or service-based).

There are two types of methods you can use to target your resources:

• Service-direct
• Agent-based

Service-direct is tied into the Azure fabric and puts pressure on your resources from outside them (i.e., supported on most resources that don't need agent-based, PaaS resources, such as Network Security Groups). For example, a service-direct capability may be to add or remove a security rule from your network security group for faulty findings.

Agent-based relies on an agent installed; these are targeted at resources such as Virtual Machine and Virtual Machine scale sets; agent-based targets use a user-assigned managed identity to manage an agent on your virtual machines and wreak havoc by running capabilities such as stopping services and putting memory and disk pressure on your workloads.

Just a word of warning, before you proceed to allow Chaos to reign in your environment, make sure it is done out of hours or, better yet – against development or test resources, also make sure that any resources that support autoscaling are disabled – or you might suddenly find ten more instances of that resource you were running (unless of course you're testing that autoscaling is working)! 😊

In my test setup, I have the following already pre-created that I will be running my experiments against:

• Virtual Machine Scale set (running Windows with two instances)
• Single Virtual Machine (running Windows) to test shutdown against

The currently supported resource types of Azure Chaos Studio can be found 'here'.

Setup Azure Chaos Studio​

Create Managed Identity​

Because we will use Agent-based capabilities to generate our Faults, I needed to create a Managed Identity to give Chaos Studio the ability to wreak havoc on my resources!

1. In the Azure Portal, search for Managed Identities
2. Click on Create
3. Select the subscrSubscriptionng the resources that you want to test against
4. Select your Resource Group to place the managed identity in (I suggest creating a new Resource Group, as your Chaos experiments may have a different lifecycle than your resources, but it's just a preference, I will be placing mine in the Chaos Studio resource group so I can quickly delete it later).
5. Select the RegionRegionur resources
6. Type in a name (this will be the identity that you will see in logs running these experiments, so make sure its something you can identify with)
7. 
8. Click Next: Tags
9. Make sure you enter appropriate tags to make sure that the resource can be identified and tracked, and click Review + Create
10. 
11. Verify that everything looks good and click Create to create your User Assigned Managed identity.

Create Application Insights​

Now, it's time to create an Application Insights resource. Applications Insights is for the logs of the experiments to go into, so you can see the faults and their behaviours.

1. In the Azure Portal, search for Application Insights
2. Click on Create
3. Select the Subscription the resources that you want to test against
4. Select your Resource Group to place the Application Insights resource into (I suggest creating a new Resource Group, as your Chaos experiments may have a different lifecycle than your resources, but it's just a preference, I will be placing mine in the Chaos Studio resource group so I can easily delete it later).
5. Select the Region the resources are in
6. Type in a name
7. Select your Log Analytics workspace you want to link Application Insights to (if you don't have a Log Analytics workspace, you can create one 'here').
8. 
9. Click Tags
10. Make sure you enter appropriate tags to make sure that the resource can be identified and tracked, and click Review + Create
11. Verify that everything looks good and click Create to create your Application Insights.

Setup Chaos Studio Targets​

It is now time to add the resources targets to Chaos Studio

1. In the Azure Portal, search for Chaos Studio
2. On the left band side Blade, select Targets
3. 
4. As you can see, I have a Virtual Machine Scale Set and a front-end Network Security Group.
5. Select the checkbox next to Name to select all the Resources
6. Select Enable Targets
7. 
8. Select Enable service-direct targets (All resources)
9. Enabling the service-direct targets will then add the capabilities supported by Service-direct targets into Chaos Studio for you to use.
10. Once completed, I will select the scale set and click Enable Target
11. Then finally, Enable agent-based targets (VM, VMSS)
12. This is where you link the user-managed identity, and Application Insights created earlier
13. Select your Subscription
14. Select your managed identity
15. Select Enabled for Application Insights and select your Application Insights account. The instrumentation key should be selected manually.
16. 
17. If your instrumentation key isn't filled in, you can find it on the Overview pane of the Application Insights resource.
18. Click Review + Enable
19. Review the resources you want to enable Chaos Studio to target and select Enable
20. Finally, you should now be back at the Targets pane make sure you select Manage actions and make sure that all actions are ticked and click Save
21. 

Configure and run Azure Chaos Studio​

Action exclusions​

There may be actions that you don't want to be run against specific resources; an example might be you don't want anyone to kill any processes on a Virtual Machine.

1. In the Target pane of Chaos Studio, select Actions next to the resource
2. Unselect the capability you don't want to run on that resource
3. Select Save
4. 

Configure Experiments​

An experiment is a collection of capabilities to create faults, put pressure on your resources, and cause Chaos that will run against your target resources. These experiments are saved so you can run them multiple times and edit them later, although currently, you cannot reassign the same experiments to other resources.

Note: If you name an Experiment the same as another experiment, it will replace the older Experiment with your new one and retain the previous history.

1. In the Azure Portal, search for Chaos Studio.
2. On the left band side Blade, select Experiments
3. Click + Create
4. Select your Subscription
5. Select your Resource Group to save the Experiment into
6. Type in a name for your Experiment that makes sense; in this case, we will put some Memory pressure on the VM scale set.
7. Select your Region
8. Click Next: Experiment Designer
9. Using Experiment Designer, you can design your Faults; you can have multiple capabilities hit a resource with expected delays, i.e., you can have Memory pressure on a VM for 10 minutes, then CPU pressure, then shutdown.
10. We are going to select Add Action
11. Then Add Fault
12. I am going to select Physical Memory pressure
13. Leave the duration to 10 minutes
14. Because this will go against my VM scale set, I will add in the instances I want to target (if you aren't targeting a VM Scale set, you can leave this blank, you can find the instance ID by going to your VM Scale set click on Instances, click on the VM instance you want to target and you should see the Instance ID in the Overview pane)
15. 
16. Select Next: Target resources
17. Select your resources (you will notice as this is an Agent-based capability, only agent supported resources are listed)
18. Select Add
19. I am then going to Add delay for 5 Minutes
20. Then add an abrupt VM shutdown for 10 minutes (Chaos Studio will automatically restart the VM after the 10-minute duration).
21. 
22. As you can see with the Branches (items that will run in parallel) and actions, you can have multiple faults running at once in parallel by using branches or one after the other sequentially.
23. Now that we are ready with our faulty, we are going to click Review + Create
24. Click Create

Note: I had an API error; after some investigation, I found it was having problems with the '?' in my experiment name, so I removed it and continued to create the Experiment.

Assign permissions for the Experiments​

Now that the Experiment has been created, we need to give rights to the Managed User account created earlier (and/or the System managed identity that was created when the Experiment was created for service-direct experiments).

I will assign permissions to the Resource Group that the VM Scale set exists in, but you might be better off applying the rights to the individual resource for more granular control. You can see suggested roles to give resources: Supported resource types and role assignments for the Chaos Studio Microsoft page.

1. In the Azure Portal, click on the Resource Group containing the resources you want to run the Experiment against
2. Select Access control (IAM)
3. Click + Add
4. Click Add Role Assignment
5. Click Reader
6. Click Next
7. Select Assign access to Managed identity
8. Click on + Select Members
9. Select the User assigned management identity
10. Click Review and assign.
11. Because the shutdown is a service-direct, go back and give the experiment system managed identity Virtual Machine Contributor rights, so it has access to shutdown the VM.

Run Experiments​

Now that the Experiment has been created, it should appear as a resource in the resource group you selected earlier; if you open it, you can see the Experiment's History, Start, and Edit buttons.

1. Click Start
2. 
3. Click Ok to start the Experiment (and place it into the queue)
4. Click on Details to see the experiment progress (and any errors), and if it fails one part, it may move to the next step depending on the fault.
5. 
6. Azure Chaos studio should now run rampant and do best – cause Chaos!

This service is still currently in Preview. If you have any issues, take a look at the: Troubleshoot issues with Azure Chaos Studio.

Monitor and Auditing of Azure Chaos Studio​

Now that Azure Chaos Studio is in use by your organization, you may want to know what auditing is available, along with reporting to Application Insights.

Azure Activity Log​

When an Azure Chaos Studio experiment has touched a resource, there will be an audit trail in the Azure activity log of that resource; here, you can see that 'WhatMemory', which is the Name of my Chaos Experiment, has successfully powered off and on my VM.

Azure Alerts​

It is easy to set up alerts when a Chaos experiment kicks off; to create an Azure, do the following.

1. In the Azure Portal, click on Azure Monitor
2. Click on Alerts
3. Click + Create
4. Select Alert Rule
5. Click Create resource
6. Filter your resource type to Chaos Experiments
7. Filter your alert to Subscription and click Done
8. Click Add Condition
9. Select: Starts a Chaos Experiment
10. Make sure that: *Event initiated by is set to (All services and users)
11. Click Done
12. Click Add Action Group
13. If you have one, assign an action group (these are who and how the alerts will get to you). If you don't have one, click: + Create an action group.
14. Specify a resource group to hold your action groups (usually a monitor or management resource group)
15. Type the Action Group name
16. Type the Action group Display name
17. Click Next: Notifications
18. Select Notification Type
19. Select email
20. Select Email
21. Type in your email address to be notified
22. Click ok
23. Type in the Name of the mail to be a reference in the future (i.e. Help Desk)
24. Click Review + Create
25. Click Create to create your Action group
26. Type in your rule name (i.e. Alert – Chaos Experiment – Started)
27. Type in a description
28. Specify the resource group to place the alert in (again, usually a monitor or management resource group)
29. Check Enable alert rule on creation
30. Click Create alert rule

Note: Activity Log alerts are hidden types; they are not shown in the resource group by default, but if you check the: Show hidden types box, they will appear.

Are you running internal web-based applications that you want to give access to users working remotely securely without the need for a VPN or firewall? Do you want to enforce or use Azure Conditional Access policies to protect and manage access?

Let me introduce the Microsoft Microsoft Entra ID Application Proxy...

Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector, which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application. Application Proxy also supports single sign-on.

Application Proxy is recommended for giving remote users access to internal resources. Application Proxy replaces the need for a VPN or reverse proxy.

Overview​

The Microsoft Entra ID Application Proxyhas been around for a few years, but appears to be a hidden gem; the Application Proxy allows users_(by using Microsoft Entra ID and an Application Proxy Connector(s))_ to connect to internally hosted web applications, by the connector relaying the traffic.

Application Proxy supports the following types of applications:

• Web applications
• Web APIs that you want to expose to rich applications on different devices
• Applications hosted behind a Remote Desktop Gateway
• Rich client apps that are integrated with the Microsoft Authentication Library (MSAL)

Azure Application Proxy can often be overlooked to solve your business requirements without the need to implement costly third-party firewalls (it also doesn't have to be an on-premises workload, for example, if the web application is running on a VM in Azure, it will also work).

The Azure Application proxy connector is a lightweight agent installed on a Windows Server machine that is logically close to the backend service that you want to deliver through the proxy.

The Connector gives access to and relays the information to the Application proxy service in Microsoft Azure via HTTP/HTTPS as long as it has access to the following:

URL	Port	How it's used
*.msappproxy.net *.servicebus.windows.net	443/HTTPS	Communication between the connector and the Application Proxy cloud service
crl3.digicert.com crl4.digicert.com ocsp.digicert.com crl.microsoft.com oneocsp.microsoft.com ocsp.msocsp.com	80/HTTP	The connector uses these URLs to verify certificates.
login.windows.net secure.aadcdn.microsoftonline-p.com *.microsoftonline.com *.microsoftonline-p.com *.msauth.net *.msauthimages.net *.msecnd.net *.msftauth.net *.msftauthimages.net *.phonefactor.net enterpriseregistration.windows.net management.azure.com policykeyservice.dc.ad.msft.net ctldl.windowsupdate.com www.microsoft.com/pkiops	443/HTTPS	The connector uses these URLs during the registration process.
ctldl.windowsupdate.com	80/HTTP	The connector uses this URL during the registration process.

Setup Azure Application Proxy​

I will set up an Azure Application Proxy to grant access to my Synology NAS (Network Attached Storage) device web page in this guide.

Although I am using my local NAS web administration page, it can be any webpage (Unifi Controller, hosted on Apache, IIS etc.) accessible from the connector.

• I have a Windows Server 2022 Domain Controller.
• Synology NAS (not domain joined, but accessible on the network via a DNS record from the domain)
• Microsoft 365 Developer subscription with appropriate licenses

Pre-requisites for Azure Application Proxy setup​

The following resources and rights will be needed to set up Azure Application Proxy:

• An Microsoft Entra ID tenant
• A minimum of Application Administrator rights is required to set up the Application and user and group assignments.
• A server running Windows Server 2012 R2 or above to install the Application Proxy connector on (and the permissions to install)
• If you are using a third-party domain (you will need a public SSL certificate) and, of course, the ability to edit external DNS records, the domain will need to be added to Microsoft Entra ID as a custom domain in order to be used.
• Microsoft Entra ID Premium P1 license or M365 Business Premium/E3 license for each user using Microsoft Entra ID Application Proxy.

(Note: Normal Azure AD service limits and restrictions apply).

I will be configuring the Azure Application Proxy on a domain controller running Windows Server 2022.

Disable IE Enhanced Security Configuration​

The Azure Application Proxy connector requires you to log in to Microsoft Azure, and I will be installing this on a Windows Server 2022 domain controller; if this Enhanced Security Configuration is enabled (as it should be), you will have problems authenticating to Microsoft Azure, so the easiest thing is to turn it off temporarily.

1. Open Server Manager
2. Click on Local Server
3. Click on: IE Enhanced Security Configuration
4. Select Off for: Administrators
5. Close Microsoft Edge (if you have it opened)
6. 

Install Azure Application Proxy Connector​

1. Login to Azure Portal (on the server that you want to install the Connector on)
2. Navigate to: Microsoft Entra ID
3. Select Application Proxy
4. 
5. Click on: Download connector service.
6. Accept the system requirements and click Accept Terms & Download
7. A file named: 'AADApplicationProxyConnectorInstaller.exe' should have been downloaded. Run it.
8. Select: I agree to the license terms and conditions and select Install
9. 
10. Wait for the Microsoft Microsoft Entra ID Application to display and log in with an Microsoft Entra ID account with Application Administrator rights.
11. The Microsoft Microsoft Entra ID Application Connector will now be registered in your Microsoft Entra ID tenancy.
12. 
13. Click Close
14. Now re-enable IE enhanced security configuration.

You should now see two new services appear in services as Automatic (Delayed Start):

• WAPCsvc - Microsoft AAD Application Proxy Connector
• WAPCUpdaterSvc - Microsoft AAD Application Proxy Connector Updater

And the following processes running:

• ApplicationProxyConnectorService
• ApplicationProxyConnectorUpdateService

If you are running Server Core, Microsoft Microsoft Entra ID Application Proxy can be installed via PowerShell.

The Azure Application Proxy Connector agent gets updated automatically when a new major version is released by Microsoft.

Configure Connector Group​

Now that you have created the Connector, the Application Proxy has put our Connector in a group that has defaulted to Asia; because you can have more than one Application Proxy Connector for redundancy and different applications, we will create a new Connector Group that is set to use the Australia region if Asia works for you – feel free to skip this step.

1. Login to Azure Portal (on any PC/server)
2. Navigate to: Microsoft Entra ID
3. Select Application Proxy
4. You should now see: Default and your Region
5. If you expand the Default Group, will you see your Connector:
6. 
7. Click on + New Connector Group
8. Give it a name (i.e., On-premises)
9. Select the Connector you had earlier and select the region closest to you (currently, the following regions can be chosen: Asia, Australia, Europe, North America)
10. 
11. Click + Create
12. Clicking create will create your new On-premises connector group and add the Connector to the group.

Configure your Azure Application Proxy Application​

Now that you have your Connector setup, its time to set up your application

1. Login to Azure Portal (on any PC/server)
2. Navigate to: Microsoft Entra ID
3. Select Application Proxy
4. Click on: + Configure an app
5. Fill in the details that match your application:

• Name: This is the application that users will see (i.e. I am going with Pizza, which is the name of my NAS)
• Internal URL: This is the internal URL used to access your application inside the network (in my example, it is: http://pizza.corp.contoso.com/)
• External Url: This is the external URL that will be created so that users can access the application form; I will go with Pizza. Note this URL down.
• Pre-Authentication: You don't have to authenticate with Azure AD, you can use passthrough, but it is not something I would recommend without delving into requirements, testing – I am going to select: Microsoft Entra ID.
• Connector Group: Select the connector group you created earlier or that your Connector is signed to.
• Leave all Additional Settings as default – they can be changed later if you need to.
  1. 
  2. Verify that everything is filled out correctly and, click + Add
  3. Azure Application Proxy has now created a new Enterprise Application for you; based on the name mentioned earlier, if you navigate to the external URL mentioned earlier, you should get a prompt similar to below:
  4. 
  5. It is now time to assign the permissions for users to access the Application via Microsoft Entra ID!

Assign rights to your Azure Application Proxy Application​

1. Login to Azure Portal (on any PC/server)
2. Navigate to: Microsoft Entra ID
3. Select Enterprise Applications
4. Find the application that was created earlier by the Azure Application Proxy service.
5. 
6. Click on the Application
7. Click on: Users and Groups
8. Click Add Assignment
9. Add a user or group (preferred) you want to have access to this application.
10. Click Assigned
11. 
12. Click on Application Proxy
13. Here you can see and edit the information you created earlier when you created the application, copy the External URL
14. Open Microsoft Edge (or another browser of your choice)
15. Paste in the External URL
16. Log in with the Microsoft Entra ID account that was assigned to the Enterprise application.
17. You should now have access to your on-premises web application from anywhere in the world, and because you are using Microsoft Entra ID, your conditional access policies and restrictions will be in effect:
18. 

Note: Because the Synology web interface was running on port: 5000, I had to go back and add the port to the internal URL, as the Application Proxy was attempting to route to the incorrect port. Note: You may also notice that Microsoft has supplied an *.msappproxy.net certificate, even if your backend service doesn't have one..

Setup Password-based Single-Sign on​

Azure Application Proxy supports various single sign-on methods, including Kerberos SPN integration.

However, my Synology NAS uses standalone accounts, so I will set Password-based single sign-on, allowing the MyApps extension to store my credentials (if you want single-sign-on using the password-based sign in, then every user will need to have this extension configured).

1. Download and install the MyApps Secure Sign-in extension
2. Log in using your Microsoft account to the MyApps extension
3. 
4. Login to Azure Portal (on any PC/server)
5. Navigate to: Microsoft Entra ID
6. Select Enterprise Applications
7. Find the application that was created earlier by the Azure Application Proxy service.
8. Click on Single sign-on
9. Select Password-based
10. 
11. Type in the URL of the authentication webpage and click Save
12. 
13. The Azure AD Application Proxy didn't find my sign-in login and password fields, so I have to manually configure them, select: Configure Pizza Password Single Sign-on Settings.
14. Select: Manually detect sign-in fields
15. Select Capture sign-in fields
16. 
17. Your MS Edge Extension should show Capture Field:
18. 
19. Enter in your username
20. Press Enter
21. Enter in your password
22. Select the MS Apps extension and select Save
23. Navigate back to the Azure Portal
24. Select 'I was able to sign in.'
25. If successful, Azure AD should now have mapped the fields:
26. 
27. Click Save
28. Next time you log in to the application, the My Apps Secure Sign-in Extension will have cached the credentials. It should automatically log you into the application, meaning you should only log in once with your Azure AD credentials.

Access your Azure Application Proxy published application​

1. You can now go to My Apps (microsoft.com), and you will see your application.
2. 
3. Your application will also appear in the Microsoft 365 Waffle (it may take up to an hour to appear):
4. 

I recommend you go into the Enterprise Application and upload a better image/logo so your users can quickly tell it apart.

Git (Git is software for tracking changes in any set of files, usually used for coordinating work among programmers collaboratively developing source code during software development, allowing versioning, source control and enablement of continuous Integration and deployment)has been around for years(development and the first release began in 2005 by Linus Torvolds).

Although primary driven and consumed by software developers – it is now a staple of everyday life for an IT professional of many disciplines (i.e. Operations, Delivery), even if a git repository is used to store your PowerShell scripts (hint – it should!).

You don't have to know every single git command line syntax to use Git.

Tools such as Visual Studio Code allows you to utilize git source control efficiently, and of course, you can use Git directly from the command line; however, sometimes you want an easy way to leverage Git through a point and click interface, there a lot of tools out there to give you easy access to Git, but today I will concentrate on Github Desktop.

If you are looking at something a bit more powerful (especially if you are wanting to do submodules), then I suggest Atlassian Sourcetree.

Introducing Github Desktop... "Focus on what matters instead of fighting with Git. Whether you're new to Git or a seasoned user, GitHub Desktop simplifies your development workflow."

Github Desktop gives you a clean, light and easy to use tool to work with git repositories that is constantly kept up to date and improved upon!

Although Github Desktop is published by Github – this doesn't mean you cannot use a git repository hosted by another provider, such as Azure DevOps.

This article assumes that you have a Git repository initialized already; you can create free repositories from Azure DevOps or Github. Microsoft owns Azure DevOps and Github; personally, I have moved from Azure DevOps to Github for my git repositories but utilize AzureDevOps pipelines.

Install Github Desktop​

Installation of Github Desktop is pretty simple, but assuming you have rights to install the software:

1. In your web browser, navigate to Github Desktop homepage and click on: Download
2. 
3. Once it's downloaded, you should have a file such as GitHubDesktopSetup-x64.exe (it should only take a few seconds, the file is about 109 MB at the time this article was written), then run it to install.
4. 

Congratulations, you have now installed Github Desktop!

Add your Azure DevOps repository​

If you have an Azure DevOps git repository, then follow the steps below – if you have chosen to go: Github, then feel free to skip this section for the next.

1. Sign in to Azure DevOps
2. Navigate to the project you want to add to Github Desktop
3. Click on Repos, Files
4. 
5. In the address bar, you will see your URL, and it should look like this: https://dev.azure.com/%username%/_git/%projectname%
6. Copy the URL and open Github Desktop
7. Click on File and Clone a repository
8. Click on URL
9. 
10. Paste in the repository URL you copied earlier.
11. Select the Local path of where you want the Git repository to be saved locally on your device
12. Now we need to generate git credentials to clone your repository, navigate back to Azure DevOps.
13. 
14. Click on Generate Git Credentials
15. Azure DevOps will now generate the username and password that will be used by Github Desktop to authenticate with your git repository.
16. Navigate back to Github Desktop
17. Click Clone
18. Enter in the username and password that you received from the git credentials, generated by Azure DevOps and click Clone.
19. Github Desktop should now clone your repository locally.

Congratulations, you have set up an Azure DevOps git repository using Github Desktop.

Add your Github repository.​

If you have an Azure DevOps git repository, follow the steps above – otherwise, follow these steps to add your Github repository into Github Desktop.

1. Open Github Desktop
2. Click File
3. Click Clone repository….
4. 
5. On the Github.com tab, enter your Github credentials
6. Select the Local path of where you want the Git repository to be saved locally on your device
7. Click Clone

Congratulations, you have now set up a Github git repository using Github Desktop.

Using Github Desktop​

Now that you have a git repository cloned locally, it's time to use it.

Initial Commit​

Once you have a file created and saved into the folder of your git repository, i.e. a PowerShell script, you will want to commit it to the git repository.

1. Open Github Desktop
2. Click on: Current repository to make sure your repository is selected.
3. 
4. In my example, I have created a new file called: HelloWorld.ps1 in my PowerShell repository.
5. What you can see in the screenshot below is the various components that make up the Github Desktop; you can see the changed file (i.e. the new file), the contents of the file and what will be added, the commit title and the all-important commit description.
6. 
7. You can change the title to something more appropriate if you want, but with your commit description, this is what you will use for versioning and seeing what changes you made in the future from a quick glance – make sure it's an appropriate description and click Commit to master.
8. Committing it to master does not push it to its 'Origin'. I.e. the actual remote git repository (stored in Github or Azure DevOps) will commit to the local git repository. This allows you to work on code locally without requiring every change to be uploaded to a local repository. In order to commit to the Origin and remote repository, click on: Push Origin.
9. 
10. Once it has been committed, you should be able to see the file on the origin git repository, and you can Push multiple local git changes at once.
11. If you click on: History should now see your commit with your file and description (as you can see, I was using an old PowerShell repository that I had merged into other repositories since then but thought it was worth using it for this article).
12. 

Congratulations, you now committed your first file into Git! It wasn't that difficult!

Restore file from the previous version​

One of the benefits of using Git is version control and restoring a file if something stops working, or someone had an 'Oops!' moment! With Github Desktop, restoring a previous version is straightforward.

1. Open Github Desktop
2. Click on: Current repository to make sure your repository is selected
3. Click on History (you may need to click Fetch Origin if files have been updated remotely)
4. As you can see, someone (i.e. Luke Murray) has made a change to my' HelloWorld. ps1'' file, to be: "I like Unicorn" and changed the background and foreground colour to be both Yellow'.
5. I can right-click that file and select Revert changes in the commit using Github Desktop.
6. 
7. You will now have a new entry in the History that will revert the commit, and you can quickly push it back to Origin again.

Congratulations, you have successfully reverted a commit to a previous version using Github Desktop.

Working with branches​

A significant function of Git is the ability to create and use branches. Branches allow you to work on features without touching the main or master branch (where you can have your production or thoroughly tested resources, for example).

1. Open Github Desktop
2. Click on: Current repository to make sure your repository is selected
3. To create a branch, click on the Current branch and select New branch and give it a name, i.e. Dev
4. Make a change to the file like you typically would and save
5. Github Desktop has automatically added your changes, and you can commit them to the dev branch without touching master.
6. 
7. If you navigate to the master branch, you can see that the file has remained untouched. All the control and versioning is done by Git!
8. When you are ready to merge the dev branch into master, click the current branch.
9. Select: Choose a branch to merge into master
10. Select your branch, i.e. Dev
11. 
12. Click on create a merge commit.
13. You should see a message in Github notifying that the merge was successful, and you can push your changes to the origin repository.
14. Github Desktop should redirect you to the master branch, and you can now see your changes:
15. 
16. You can go back to using Dev to develop additional features, testing etc. and repeat the same process.

Using a master branch allows others to get production-ready scripts or code, or avoid automation around continuous deployment to production resources, while you may be still working on functionality that you don't quite want to be released yet.

Hopefully, this article gives you an excellent base to start your git journey!

There is a lot more functionality built into Github Desktop, especially around branching, but for day to day use, the above should give you all you need!

It is also worth reading this article on the .gitignore file, to make sure your git repositories don't end up bloated by unwanted files and you are only committing the files you need to be.

Azure Bicep is a Domain Specific Language (DSL) for deploying Azure resources declaratively. Azure Bicep is a transparent abstraction over ARM and ARM templates, which means anything that can be done in an ARM Template can be done in Bicep.

Azure Bicep has recently (December 2021) been updated to: v0.4.1124, along with various other hotfixes and enhancements; this version supports 'Insert Resource' functionality.

Insert Resource simplifies ARM to Bicep conversion without exporting entire ARM templates, then compiles them to Bicep when you are only after export for a single resource.

To use Insert Resource, you will need to have:

• Bicep version greater than v0.4.1124
• Azure CLI
• Visual Studio Code with the Bicep extension

You can easily install both or upgrade following the Microsoft documentation on the: Install Bicep tools page. You can also review the Bicep changes and latest release notes on Github here: Azure Bicep releases

Import Resources into Bicep using Azure CLI and Bicep​

1. Open a new file in Visual Studio Code
2. Set the Language mode to Bicep
3. 
4. Now we need to login to Azure; in Visual Studio code, click View and Terminal.
5. In the terminal, type in: az login
6. Login to Azure using the credentials that have read access to the Resource you want to export.
7. Once you are logged in, type in: az resource list
8. In the JSON output in the terminal, copy the resource ID (inside the double quotes from the id value)
9. Now we need to open the Command Palette, press: CTRL+Shift+P on your keyboard (or click on View, Command Palette)
10. Start typing in Bicep; if you have the latest version, you should see: Bicep: Insert Resource., select this
11. 
12. Enter in the resource ID you copied earlier.
13. 
14. Azure Bicep should have connected and exported your Resource straight into Bicep! As below, it had imported a Log Analytics workspace in my subscription straight into Bicep.
15. 

To find the resource ID using the Azure Portal.​

You can use the Azure CLI to find the Resource ID, but you can also use the Azure Portal by navigating to it below:

1. Log in to the Azure Portal
2. Navigate to the Resource you want to export to Bicep
3. On the Overview pane, click on JSON view

I had problems connecting to export an App Service and App Service plan, so for some resources with multiple dependencies, you may be better off exporting the ARM template from the resources/resource groups and decompiling that way, but the Insert Resource functionality is a very quick way to bring your resources into Bicep!

Being a 'Technical Lead' or 'Tech Lead' means different things to some people and organizations; based on definitions found online, a Technical Lead is:

"A technical lead is a professional who oversees a team of technical personnel at a software or technology company. They often lead software development or software engineering teams and troubleshoot technical issues that involve software development, engineering tasks and product releases."

Although I agree with this, I would flesh out a bit more around architectural governance (or technical assurance, which is what the problem this role or function is for) across it - it also doesn't need to be software development heavy; it can sit in the operational and delivery spaces as well (waterfall or agile) and is more than a specific role, but a frame of mind.

At a very high level, this is what a day in the life of a technical lead means to me:

Day in the Life of a Tech Lead​

• Work alongside: Technical Product Owners, Chapter Members, Architecture, Business stakeholders and Service Partners to develop/roadmap/architect and improve technology.
• Manage delivery and operational risks and dependencies, and remove impediments to the achievement of the team objectives
• Test and develop roadmaps for preview Cloud capabilities for immediate or future value
• Act as a Subject Matter Expert (or Consultant) to assist in Design Decisions, Monitoring, Cost and Capacity Requirements
• Develop Governance processes for onboarding services into BAU, enabling Technology Infrastructure and Operations staff to use technology in a consistent and secure manner
• Work alongside Security and Developers to enable cross-team visibility and collaboration
• Champion improvements in People/Processes and ways of working
• Work alongside Chapter Members and Chapter Lead to develop Training/Skill programs for Technical areas
• Develop and promote an 'everything as code', 'everything is automated' mindset
• Problem/Incident Management (i.e. Continous improvement)

A Technical lead mindset may look like below​

• Automate what's trivial, boring, mundane, and belittling
• Build what you can't buy. Buy what you can't live without
• Make your work visible. Shift your value to performance.
• Work is never completed. Establish feedback loops.
• Target high impact problems.
• Get out of the way of the work, think outside of the box, don't limit others.
• Try, Learn, Adapt, Try again
• Agile is about speed to adapt, not velocity
• Log what's useful, monitor what matters, alert on what's actionable
• Empower others while making sure that everything is auditable, standardised.
• We live in a VUCA (Volatile, Uncertain, Complexity, Ambiguity) world, you will never see perfect.

The views above are my own, but shout out to Teal Unicorn for independent consulting on Ways of Working, Continuous improvement; I attended a few of their workshops on Ways of Working, Ways of Managing and Ways of Consulting, and it helped me take a step back and look at what this kind of mindset may look like, or should be and current blockers.

Overall, I have noticed that Information Technology roles are now blending disciplines that once required specific job roles (ie Business Analyst, Service Delivery Manager, Developer, Architect), although pure technical roles still exist with Cloud technologies, different skillsets are required to get the most value out of technology stacks, as technology becomes more consumable. You may also be interesting in reading my thoughts on: The Cloud Frame of Mind

Hopefully this has helped or at least encouraged looking at problems differently, or areas of improvements for any readers out there!