Managed Identities and Service Principals

The main advantage of using a managed identity is that you don’t need to specify any credentials in your code. You don’t have to look for ways to store your credentials securely. Unfortunately there’s one problem. Managed identities can only be used with the HTTP connector. Use the HTTP connector with a managed identity to access Azure Key Vault. Use a service principal to access Azure Event Grid.

Parameterizing Azure Artifacts

The traditional approach to parameterize logic apps and/or API Management services is to use parameter files. As an alternative to parameter files, you can use variable groups in your DevOps release definition. Variable groups can be maintained by operators who have access to your DevOps team project.

SendGrid SPF

SendGrid must be explicitly allowed to send mails from a specific domain. We can use the Sender Policy Framework (SPF). SPF is an open standard aimed at preventing sender address forgery. It compares the email sender’s actual IP address to a list of IP addresses authorized to send mail from that domain.

Release pipeline subscription

When you add a Resource Deployment step in a release pipeline, you will have to select an Azure Resource Manager service connection (or service principal) instead of the subscription itself. Add the Azure Resource Manager service connection via the DevOps Team project settings. Don’t forget to add your account to DevOps Release Administrators and Project Administrators.

Azure File Storage

Suppose you want to move on-premise file storage to Azure File Storage. If you need to stick to file storage (not blob storage), consider using HubStor, Storage Migration Service and Azure File Sync. Keep the file storage footprint small and move to cheaper blob storage tiers.