My bearer token is sts.windows.net, but I need it to be login.microsoftonline.com

I’m busy locking down my web applications in Azure and using my learnings on the day job. One way to do this is by making sure all requests are authenticated, and roles are granted accordingly. Using the correct issuer While checking out the token, I found the issuer (iss) contains the following value https://sts.windows.net/[tenantid]/. { "aud": "f4c42c68-c881-4320-815c-1ca4f32cb6c5", "iss": "https://sts.windows.net/[tenantid]/", "iat": 1605812881, // all other properties of your token } The issuer is valid, but not the one I was expecting. Read more →

Create a Managed Identity for SQL Azure servers to add AAD users and groups to databases

You might know it’s possible to add Azure Active Directory users and groups to Azure SQL Databases by running a command like this one: CREATE USER [My-DB-Administrators] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = dbo; GO alter role db_owner ADD member [My-DB-Administrators] GO If you ever wanted to automate this via a script in a deployment pipeline or some Azure worker process, you probably noticed this didn’t work as expected. Well, this has changed! Read more →

Create a service principal to manage your Azure subscriptions with Management Groups

Some time ago, someone assigned me a task to retrieve data from several data sources residing in multiple Azure subscriptions, using a Logic App. Creating these shouldn’t be very difficult when using API Connections and using the data repositories’ connection strings. However, I don’t like specifying these connection strings anywhere in my ARM template nor Key Vault. What I DO want to use is the listKeys function in my deployment template. Read more →

Adding new documents to Cosmos DB with null as a PartitionKey value

I recently had to create a Logic App, which is responsible for copying data from one Cosmos DB database to another. To do this, you can use the standard building blocks available in a Logic App workflow. While doing so, I did stumble across one issue. When you supply a Partition Key for a specific collection, and some entries have null as a value for this Partition Key, you’ll get into a bit of trouble. Read more →

Powershell Command was found but the module could not be loaded

In one of my most recent live coding sessions, I had an issue with my PowerShell configuration. When running any of the Azure PowerShell cmdlets I got the message The ‘[command]’ command was found in the module ‘Az.[someModule]’, but the module could not be loaded. For more information, run the ‘Import-Module Az.someModule’ Running the Import-Module command didn’t help much, because the module was already loaded. I even tried Import-Module Az and verified everything was installed correctly with the Get-InstalledModule -Name Az* command. Read more →