Azure Resources, SDK Links, Tutorials, Helpful Tidbits, and Permissions Management
SDKs and Tools
Azure offers two types of SDKs. Unified SDKs are built on a “common core” and are recommended for all new projects. Standard SDKs are avilable for older projects or languages unsupported by Unified SDKs.
- Standard .NET SDKs (also included with Visual Studio 2019)
- Standard Java SDKs
- Standard Python SDKs
- Standard PHP SDKs
- Standard Go SDKs
- Azure SDKs Page
- Visual Studio 2019 has excellent integrations with Azure services, especially when using C#/.NET.
- Azure Extensions for VSCode
- Azure CLI is a set of Azure tools for use in the command line.
- Azure Cloud Shell
- Azure Storage Explorer
- Azure Data Studio
- Azure Tools Page
- Microsoft Documentation Home
- Getting Started with Azure
- Microsoft Learn - Azure
- Azure Documentation
- Azure 15-Minute Tutorials
- Getting Started with Visual Studio
- Developing Azure Functions with Visual Studio
- Deploying Azure Applications with VSCode
- The Developer’s Guide to Azure
Take Advantage of Resource Groups
Most resources on Azure require supporting resources to be provisioned alongside the main offering. For example, provisioning a VM will also require a Storage Account, Virtual Networking, etc. All of a project’s resources will be provisioned under the resource group that you specify at the time of creation. A resource group is a collection of related resources for a project. You can set permissions and other settings for the entire resource group instead of each resource individually.
Remember to delete the entire resource group when deleting resources in order to avoid getting charged for vestigial resources.
Take Note of Supported Protocols
The protocols that Azure supports for communicating with its services differs from that of AWS or GCP. Depending on the application you wish to build, the supported protocols may affect your architecture. Refer to the documentation for information specific to each service.
Security and Permissions Management
Role-Based Access Control (RBAC)
Access to Azure resources is managed through RBAC. RBAC allows you to define how to grant access. It can be done based on resource type, subscriptions, resource groups, or the specific resources themselves. Before continuing, see the Azure documentation page on RBAC. RBAC uses the concept of a role assignment to assign permissions. Role assignments have three parts.
Security Principals are objects that represent the entity that must be granted permissions. There are four types of security principals: users, groups, service principals, and managed identities. See the documentation page for more info on what each type of security principal is for.
Role Definitions are the actual set of permissions that will be granted to the security principal. Often simply called a role, the collection of role definitions covers everything from full administrative access to granular control over a specific service. Adding or removing definitions from the role controls what permission the principal has.
Scope lets permissions be further constrained based on the resources in question. This allows for scenarios such as allowing a user to be a full admin over one resource group but no access to another. Thanks to this, granting a user the “Owner” permissions does not necessarily mean they will have owner access to the entire account.
Once again, refer to the RBAC documentation for more detailed information on role assignements.
Azure Active Directory (Azure AD)
Active Directory is a different from RBAC. While RBAC is focused on access management for cloud account users, Active Directory helps manage credentials and access for cloud applications and networks. Active Directory provides features like user management, user directories, reporting, password management and Single-Sign-On (SSO) services. It also supports using solutions like OAuth to easily secure applications built with Azure. There are many more features and both free and numerous paid tiers for Active Directory. See the Active Directory documentation for information on how to use it.
Azure also provides many more tools and services for securing your applications. See the Azure Security page to get started.