Tips & Tricks

🔑 Authentication & Security

Azure AD Authentication

# Switch between multiple accounts
az account list --output table
az account set --subscription "Subscription-Name"

# Create service principal with certificate
az ad sp create-for-rbac --name "SP-Name" \
    --role "Contributor" \
    --scopes "/subscriptions/{SubID}" \
    --create-cert

Security Automation

# Find resources without required tags
az resource list --query "[?tags==null]"

# List resources with public access
az network public-ip list --query "[].{Name:name,IP:ipAddress,Status:provisioningState}"

🚀 Infrastructure Optimization

Cost Management

# List unused disks
az disk list --query "[?diskState=='Unattached']"

# Find unassociated public IPs
az network public-ip list --query "[?ipConfiguration==null]"

Resource Management

Use Azure Policy for governance
Implement proper tagging strategy
Regular cleanup of unused resources

💾 Data Management

Storage Account Best Practices

# Enable blob soft delete
az storage account blob-service-properties update \
    --account-name mystorageaccount \
    --enable-delete-retention \
    --delete-retention-days 7

# Configure lifecycle management
az storage account management-policy create \
    --account-name mystorageaccount \
    --policy @policy.json

🔍 Monitoring & Alerting

Azure Monitor Insights

# Create custom metric alerts
az monitor metrics alert create \
    --name "High-CPU-Alert" \
    --resource-group myResourceGroup \
    --condition "avg Percentage CPU > 90" \
    --window-size 5m \
    --evaluation-frequency 1m

Application Insights

Use custom dimensions for better filtering
Implement proper sampling
Set up availability tests

🛠 Infrastructure as Code

ARM/Bicep Tips

# Test Bicep deployments
az deployment group what-if \
    --resource-group myResourceGroup \
    --template-file main.bicep

# Convert ARM to Bicep
az bicep decompile --file template.json

Terraform Integration

# Use Azure provider with managed identity
provider "azurerm" {
  features {}
  use_msi = true
}

🚦 Network Management

Virtual Network Analysis

# Enable NSG flow logs
az network watcher flow-log create \
    --resource-group myResourceGroup \
    --name myFlowLog \
    --location westeurope \
    --nsg myNSG \
    --storage-account myStorageAccount

# Analyze effective routes
az network nic show-effective-route-table \
    --resource-group myResourceGroup \
    --name myNIC

🤖 Automation & DevOps

Azure DevOps Automation

# Use dynamic variables in pipelines
variables:
  - name: BuildConfiguration
    ${{ if eq(variables['Build.SourceBranchName'], 'main') }}:
      value: 'Release'
    ${{ if ne(variables['Build.SourceBranchName'], 'main') }}:
      value: 'Debug'

Logic Apps Workflow

# Deploy Logic App workflow
az logicapp deployment create \
    --resource-group myResourceGroup \
    --name myLogicApp \
    --template-file workflow.json

🔒 Security Best Practices

Key Vault Management

Use managed identities
Implement proper access policies
Enable soft-delete and purge protection

Network Security

# Enable DDoS protection
az network ddos-protection create \
    --resource-group myResourceGroup \
    --name myDDoSProtection \
    --location westeurope

# Configure private endpoints
az network private-endpoint create \
    --name myPrivateEndpoint \
    --resource-group myResourceGroup \
    --vnet-name myVNet \
    --subnet mySubnet \
    --private-connection-resource-id $storageAccountId \
    --group-id blob \
    --connection-name myConnection

💰 Cost Optimization Techniques

Resource Scheduling

# Auto-shutdown VMs
az vm auto-shutdown -g myResourceGroup -n myVM \
    --time 2200 --email "admin@example.com"

Cost Analysis

# Get cost by resource group
az consumption usage list \
    --start-date 2025-01-01 \
    --end-date 2025-05-14 \
    --query "[?contains(instanceId, 'resourceGroups')].{Cost:pretaxCost}"

🔄 Disaster Recovery

Azure Site Recovery

# Enable replication
az site-recovery protection enable \
    --resource-group myResourceGroup \
    --vault-name myVault \
    --vm myVM \
    --target-zone "2"

Backup Strategies

Use Azure Backup for VMs
Implement cross-region backup copies
Regular restore testing

📊 Performance Optimization

VM Performance

# Enable disk caching
az vm update -g myResourceGroup -n myVM \
    --set storageProfile.osDisk.cacheSettings.readWrite=true

# Monitor VM metrics
az monitor metrics list \
    --resource myVM \
    --metric "Percentage CPU" \
    --interval 5m

Hidden Gems

Use Managed Identities wherever possible
Implement Azure Policy as Code
Use Azure Front Door for global applications
Leverage Event Grid for event-driven architectures
Use Azure Advisor API for optimization recommendations

DevOps Best Practices

Infrastructure as Code
- Version control all templates
- Use nested templates for reusability
- Implement proper state management
Monitoring & Alerting
- Set up comprehensive dashboards
- Use Action Groups for notifications
- Implement proper log analytics
Security
- Regular security assessments
- Use Microsoft Defender for Cloud
- Implement Just-In-Time VM access
Cost Management
- Regular cost analysis
- Implement auto-scaling
- Use cost allocation tags
Automation
- Use Azure Automation for routine tasks
- Implement proper RBAC
- Set up CI/CD pipelines

PreviousAzure CLI NextAWS

Last updated 6 months ago