create policy assignment azure cli

Creating Policy via the CLI

Specify the allowed VM SKU sizes using the Azure CLI.

Introduction

Most organizations want to give users freedom to create resources within Azure, but want to avoid users creating certain types of resources as some can be very expensive. In this lab we’ll specify which virtual machines a user is allowed to create and we’ll use Azure CLI to do so.

Registering the Policy provider

As we’re working in Azure CLI, we first we need to check that the policy resource provider is registered:

If not then register:

Viewing policy definitions and assignments

Let’s have a look at the current assignments through cli. We should be able to see the work we did in the previous lab.

View current assignments

No results? The default scope on the above command is on the subscription you’re logged into, so you cannot see the assignments with scopes of management groups or resource groups without specifying it. To see all assignments you must disable the scope match

Let’s see if there are any built in definitions to restrict which VM SKUs can be used:

To view all definitions:

Or to search for an existing definition containing “virtual machine”:

Notice the name column is a GUID (and remains the same across all tenants), and we can use the GUID in the next query to view the json of this policy definition.

Assign an inbuilt policy

Now we know the policy name, what it does, what it needs so we can assign it.

Test the policy

Now let’s test

Using a Standard_B1s should fail

Using a Standard_D2s_v3 should succeed

Finishing up

That concludes this lab, where we’ve learnt about applying an inbuilt policy using the Azure CLI. The resources you’ve created will be used in the next lab so don’t delete them yet.

Next we’ll group policies together using an initiative and use automatic remediation.

Help us improve

Azure Citadel is a community site built on GitHub, please contribute and send a pull request

For Cloud Developers and IT Pros

Walkthrough using azure policy to audit and enforce compliance.

In this walkthrough, you will learn the implications of using a Policy in Azure. For this walkthrough, you will use Azure CLI to create a storage account that will not be compliant, but allowing its contents to be accessed using HTTP. Then you will add a Policy that requires HTTPS, and see how you can audit existing, non-compliant resource. You will audit the resource using the portal and using PowerShell script. Then you will create another non-compliant resource and see how Azure blocks the resource during creation.

Prerequisites

• It is helpful that you understand resource groups and about storage accounts. Although the sample provides code, you will want to know how to upload a small file into Azure blob storage. You can use the portal or AzCopy .
• The sample shows how to use specific role, but you should understand about role based access control roles.
• You will need owner or contributor access in your subscription.

Definitions

First let’s start with some definitions:

Business rule is a standard that the business wants to audit or wants to insure is compliance. Often, but not always, business rules follow compliance standards, such as ISO 27001 or NIST.

Resource Provider is service that supplies Azure resources. For example, a common resource provider is Microsoft.Storage, which supplies the storage resource. The name of a resource type is in the format:  {resource-provider}/{resource-type} .

Resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources. when the resource is created, it has an id. The id has a field that has a format like /subscriptions//resourceGroups//providers/Microsoft.Compute/disks/ .

Resources have properties that you set when you create the resource. For example, when you create a storage account, you set its location.

Azure Policy examines properties on resources that are represented in Resource Manager and properties of some Resource Providers. For example the location of a resource is a property that a policy can audit.

Policy definition is the JSON implementation of a business rule.

Several business rules can be grouped together into a Policy initiative .

The policy definition or initiative is assigned to any scope that can be a management groups, subscriptions, resource groups, or individual resources.

A policy assignment applies the policy to all resources within the scope. For example, if the policy

For more information, see:

• What is Azure Resource Manager?
• Azure resource providers and types
• What is Azure Policy?

Identify the business requirements

Let’s begin by defining the compliance requirements.

The requirements should clearly identify both the “to be” and the “not to be” resource states.

For example in this case:

First, let’s figure out the resource property that we want to build our policy on.

Explore resource properties that might want to check

Each resource in Azure is built on a set of APIs that are defined at the top level as Azure resource providers . A resource provider is [uhm] a service that provides resources, such as storage.

For the list of the providers, see Resource providers for Azure services . To get a list of providers and the status of whether they are installed in your subscription, use the following command:

Let’s start by reviewing the Microsoft.Storage resource provider. Resource Manager template reference for the storage account resource gives you a (nearly all) the property. In this case, the supportsHttpsTrafficOnly will be the one we use.

In the StorageAccountPropertiesCreateParameters object is the supportsHttpsTrafficOnly .

Another way to explore resources

Once you have created a resource, you can inspect their properties. Use the Azure Resource Explorer to inspect the context of your subscription. You can browse by providers, subscriptions, resource groups, and resources.

Find the property alias

We need to map the property we found to it’s alias . When you create a policy, it uses aliases to restrict what values or conditions are allowed. Each alias maps to paths in different API versions for a given resource type. During policy evaluation, the policy engine gets the property path for that API version.

Use the following cli to get the alias used by the Azure Policy.

As shown in the following illustration, the results show that supportsHttpsTrafficOnly is supported.

This means we can write a policy based on supportsHttpsTrafficOnly .

Another way to query the aliases is to use Azure Graph. The following code installs Azure Graph into the CLI and queries the aliases. The results are provided in a heirarchy that may be easier to view.

Before we go install a custom policy, let’s create a sample resource that will not be compliant.

Create a non-compliant storage account

Let’s begin by creating a storage account resource that allows applications to access the storage, create a container, and upload a file. Log into Azure using az login , then use the following code to create a resource group, storage account, and storage container; grant yourself contributor access to the storage account, create a file and upload it.

Note: For the demo to work, you will explicitly need to assign the  Storage Blob Data Contributor role to yourself. Even though you are the account owner, you need explicit permissions to perform data operations against the storage account.

The storage account is intentionally created with --https-only false .

Next, before we create our custom policy, let’s test to see if there is a voilation of Azure policy from our existing policies.

Test against current policies

Does the new storage resource already violate one of our policies? Log into the Azure Portal, search in the search bar for Policy . And there is an intiative that was installed by Azure Security Center that flags the storage resource as not being compliant, as shown in the following illustration.

Click through the links initiative and you can see resource that we just created and the rule that was violated, as shown in the following illustration.

Our business requirement is to now allow the creation of storage accounts, not to just audit. In the next step, create a custom policy to stop anyone from creating a storage account that is non-compliant.

Create custom policy to deny the non-compliant storage creation

It is possible to go into the portal and just change the policy. You could go into the initiative, edit the assignment of the policy, and change the parameter from Audit to Deny . But in our world where you want to track the changes and to automate your new initiatives, you will want to create a custom policy that denies creation of the non-compliant resource.

The following JSON (from the Microsoft documentation Tutorial: Create a custom policy definition ) shows the policy.

Several itesm to note from the code:

• The displayName and description elements show the intent of the policy.
• The effectType element on lines 7 to 18 defaults to Deny , but allows you to set the effect to Disabled , which allows you to turn off the rule.
• The storage account type is Microsoft.Storage/storageAccounts and
• The storage account supportsHttpsTrafficOnly property is not true

Next, let’s split up our policy so we can create the policy definition.

Create the policy definition

The policy definition consists of rules and parameters for those rules. Both are declared in JSON. The following script uses Bash to create two files, one for the rules and one to define the parameters.

Use az policy definition create to create the policy definition. See Create a policy definition with Azure CLI . The following code creates a policy definition and saves the policy definition to a subscription. It does not assign the policy to the subscription.

Once you have defined the policy, you can find it in the portal. Open the portal, search Policy, click Definitions to all the the policies. Search on https. The following illustration shows the definition of the matchint policies.

Click Deny storage accounts not using only HTTPS to see your policy definition.

You may want to consider the following best practices:

You could have saved the policy to a management group, which is then available as a the policy definition to all of the subscriptions associated with the management group. The rule and param URLs can point to your rules in GitHub or Azure DevOps.

Now that we have a definition available in our subsription, you need to apply it.

Apply the policy to a scope

Now that your policy has been defined and available in your subscription, you need to assign the policy. This step sets the policy to a particular scope .

Valid scopes are management group, subscription, resource group, and resource as shown in this table:

You can assign the policy in the portal. See

To automate it, use an Azure CLI script command az policy assignment create to assign the policy definition to the scope. The following sample assigns the policy to the subscription scope.

As it assigns the policy, it also provides the parameters for this particular assignment.

Now that you have the policy assigned, what happened to the non-compliant resource?

Check compliance

Once you have assigned the policy to your subscription, you will want to check compliance. The resource created in an earlier step still fails based on the Security Center rule. But it also fails based on the new custom rules you added in the previous step.

To view, open Policy blade in the Azure portal. Click Compliance .

It takes a few minutes to scan your resources.

Assigning a policy with a “deny” effect may take up to 30 mins (average case) and 1 hour (worst case) to start denying the creation of non-compliant resources.

You can query for non-compliant resources in PowerShell. The following cmdlet returns the details for all non-compliant storage accounts.

Creation of a non-compliant resource now fails

To test that the policy denies creation of an non-compliant resource, run the script in the previous section to create a non-compliant storage account. The following code tries to create a new storage account in the same resource group.

Once completed, you will see an error message.

When you go into the portal, click Compliance in the Policy page to see results. Click Require https for storage in subscription to see the summary of non-compliance. Notice that the existing resource is audited as not compliant. And the denial for the creating of the non-compliant storage account is shown.

View compliance in Log Analytics

Because you installed a Log Analytics workspace as described in the post Setting up Log Analytics workspace for production in enterprise , you can view AzureActivity from the Activity Log Analytics solution tied to your subscription.

Apply policy using a ARM template

The documentation Quickstart: Create a policy assignment to identify non-compliant resources by using a Resource Manager template shows how you can deploy a policy to a resource group.

You will need the policyDefinitionID . Use the following command to get the properties of the policy you want to apply.

Use the properties when you deploy the ARM template.

This was a deep-dive walkthrough into how to define and implement your own policies, which build-in governance best practices for your users. You learned the workflow of a custom policy and how to deploy the policy into either a subscription or management group. And you learned how to check your compliance with all your initiatives.

• Define your own specific bsuiness requirements for your own compliance initiatives. Review the Azure Policy security baseline for Azure Security Benchmark .
• Define tags so you can idenity who ownership of resources. Define business rules, policy definition, and assign policies so you will know who to contact and when to review resources as policies change.
• Review the built-in policy definitions and initiatives to help you in quickly building your own compliance initiatives. Note how the policies have versions
• Follow and update policies that are on GitHub
• Understand Azure Policy effects
• Learn about Blueprints that can group together your policies, resource groups, and role assignments for automation
• Design Policy as Code workflows
• Define alerts to watch for non-compliance in Azure Monitor logs.
• Quickstart: Create, download, and list blobs with Azure CLI
• Authorize with Azure AD credentials
• Quickstart: Create a policy assignment to identify non-compliant resources with Azure CLI

Share this:

Leave a reply cancel reply, discover more from azuredays.

Subscribe now to keep reading and get access to the full archive.

Type your email…

Continue reading

Assigning policies using the CLI

Specify allowed VM SKU sizes using Azure CLI

5 minute read

Cloud Solution Architect. Security, networking, storage, compute

• Custom Social Profile Link

Introduction

Most organizations want to give users freedom to create resources within Azure, but want to avoid users creating certain types of resources as some can be very expensive. In this lab we’ll specify which virtual machines a user is allowed to create and we’ll use Azure CLI to do so.

Registering the Policy provider

As we’re working in Azure CLI, we first we need to check that the policy resource provider is registered:

If not then register:

Viewing policy definitions and assignments

Let’s have a look at the current assignments through cli. We should be able to see the work we did in the previous lab.

View current assignments

No results? The default scope on the above command is on the subscription you’re logged into, so you cannot see the assignments with scopes of management groups or resource groups without specifying it. To see all assignments you must disable the scope match

Let’s see if there are any built in definitions to restrict which VM SKUs can be used:

To view all definitions:

Or to search for an existing definition containing “virtual machine”:

Notice the name column is a GUID (and remains the same across all tenants), and we can use the GUID in the next query to view the json of this policy definition.

Assign an inbuilt policy

Now we know the policy name, what it does, what it needs so we can assign it.

Test the policy

Now let’s test

Using a Standard_B1s should fail

Using a Standard_D2s_v3 should succeed

Finishing up

That concludes this lab, where we’ve learnt about applying an inbuilt policy using the Azure CLI. The resources you’ve created will be used in the next lab so don’t delete them yet.

Next we’ll group policies together using an initiative and use automatic remediation.

◄ Basics ▲ Index Custom Policies ►

Leave a comment

Managing Policies with the Azure CLI

Policies are an important aspect of managing your Azure cloud and governing your resources intelligently. In this guide, we'll show how you can use the Azure CLI to make quick updates to policies.

Cloud technologies like Azure can appear deceptively simple, but not setting up a governance system in the initial stages can result in operational roadblocks further down the line.

While roles and groups enable flexible permissions for users , policies in Azure enable you to apply rules for resources in your organization to govern compliance, cost limits, consistency, and security.

In this article, we’ll briefly explain the basics of policies, and then show how you can assign them to a scope of resources using the Azure CLI . 

Understanding Policies in Azure

Azure policies are sets of rules that dictate what is allowed in either a specific resource group or across the account. For example, policies can be instituted to prevent over-provisioning and unexpected resource costs.

In practice, these policy definitions are described using JSON format and are then assigned to a certain scope of resources. If you have more than one related policy, that’s referred to as a policy initiative.

If a resource is updated or created in a way that violates a policy you have configured, then depending on your preference, deny the change, log the issue, or make additional remediations.

You can either use built-in policy options or fully customize them. For more details on creating policy definitions, you can read up on that here .

Here’s what a policy definition looks like in practice:

Assigning a Policy to a Scope 

Once you have a policy definition that you are looking to implement, you do that with the az policy assignment create command:

As you can see, you have lots of parameters you can use to customize your policy assignment, including enforcement options . These are the different types of scopes you can use when you’re assigning a policy:

• Management group: a container that manages policies across multiple subscriptions
• Subscription: uniquely-billed Azure account/plan
• Resource group: a container that holds related resources
• Resource: any entity managed by Azure (virtual machines, virtual networks, storage accounts, etc.)

Here’s an example using a management group as a scope.

Now that your policy is implemented, it will check compliance whenever a new resource in the scope is created or updated, policies in the scope are added or updated, as well as once every 24 hours.

Updating an Existing Policy Assignment

If you need to make updates to a policy, you can run the az policy assignment update command:

This update example changes the description of an existing policy:

Instead of updating a description, you might want to update these parameters:

• --enforcement-mode -e: change the enforcement mode for the policy
• --not-scopes: create exceptions within the scope where this policy doesn’t apply
• --params -p: change the JSON formatted string or a path to a file where the policy definition exists

Now that we’ve covered creating and updating policies, let’s look at deleting policies that are no longer relevant.

Deleting a Policy Assignment

To delete a policy assignment, you can use the az policy assignment delete command:

You can delete the entire policy by just using the name parameter.

Alternatively, you can delete the policy in the context of a certain scope by including a scope or resource-group parameters additionally.

Simplify Policy Updates with Blink

Instead of having to look up the specific command for each of these actions, tools like Blink enable you to keep your policies up to date easily with a low-code/ no-code UI.

Get started with Blink today and see how easy automation can be.

Automate your security operations everywhere.

Blink is secure, decentralized, and cloud-native. 
Get modern cloud and security operations today.

Instantly share code, notes, and snippets.

kasunkv / create-policy.ps1

• Download ZIP
• Star ( 0 ) 0 You must be signed in to star a gist
• Fork ( 0 ) 0 You must be signed in to fork a gist
• Embed Embed this gist in your website.
• Share Copy sharable link for this gist.
• Clone via HTTPS Clone using the web URL.
• Learn more about clone URLs
• Save kasunkv/981c2a6ceaf8b6dcd2a48b2a6cc0d7e7 to your computer and use it in GitHub Desktop.

How to deploy Azure Policy with Bicep

It has been a while since I wrote about Azure Policy last time, plus recently there was a lot of hype around Bicep , so I decided to give it a try and shed some light on creating and deploying custom Azure policies with that new language.

Prerequisites

I assume that you are already familiar with what Azure Policy is and how it works. If you are new to that really helpful and often underrated technology, I suggest checking out my Azure Policy Starter Guide .

Also, I recommend that you read through official Bicep documentation to get some notion about this new domain-specific language, which Microsoft promotes as an abstraction over ARM templates and Azure Resource Manager.

Bicep basics for Azure Policy

Like JSON-based ARM templates, Bicep is a declarative language that allows you to define desired Azure resource configuration and let Azure Resource Manager do its job of provisioning it. Initially, you had to compile a Bicep file into a regular ARM template to deploy your configuration. However, it is not the case anymore as both Azure CLI and Azure PowerShell now support deploying Bicep definitions . Note that input parameters for Bicep definitions are still come in the same format as for old-school ARM templates .

Apart from that, as we work with the same Azure service, you should expect that all Azure Policy specifics are applicable regardless of the language you use to define your configurations. So, all the tips and tricks you learned about creating, deploying and evaluating Azure Policy are still relevant.

Speaking of Bicep, you can define a single policy as well as a policy initiative, aka policy set, along with their assignment to a specific scope using the Bicep resource primitive . For example, to create a custom Azure Policy, you can define the following resource in your Bicep file:

As you might notice from that sample, in order for some policy-specific syntax to be valid, you should use backslash as an escape character for single quotation marks. Also, you shouldn’t use an additional forward square bracket in the expressions as it will be automatically added to the JSON during the Bicep build.

In the same manner, you can define your custom policy initiative:

As policy initiatives don’t define any rules, they use the ‘ policyDefinitions’ keyword to reference existing policy definitions.

Policy and policy initiative assignments are also pretty straightforward and defined as yet another resource:

For complete definitions, look into bicep samples in my Azure Policy repository on GitHub . Besides, the Bicep product team and the community regularly update and create new sample Bicep definitions for various Azure services, including Azure Policy, so I suggest checking them for additional cases.

Advanced technics

Now, when the basics are clear, let’s look into more advanced topics.

First of all, remember that you can deploy your custom Azure policy definitions at the subscription and management group levels only . At the same time, Azure Policy assignments can be created at the management group, subscription, and resource group levels. Also, keep in mind that the deployment scope of a policy, in turn, effectively limits its assignment scope .

The Bicep VS Code extension will warn you about the resources that cannot be deployed to the target scope, and the Bicep compiler will produce the compilation error.

In terms of Bicep definitions, you can scope your deployments by using the ‘ targetScope ’ keyword. Depending on that scope, a bicep file will be compiled into an ARM template using the corresponding deployment schema.

Using different deployment scopes will also impact the way you reference other resources in your configuration. If it is a new resource defined in the same Bicep file, then using standard syntax like ‘ resourceSymbolicName.Id ’ should be enough. However, when you need to reference an existing resource , e.g., a policy definition in policy initiative, first you should correctly define that resource in your Bicep file, and second, you should use the correct reference function:

• for Azure Policy definitions deployed at the subscription level use the ‘ subscriptionResourceId ’ function;
• for Azure Policy definitions deployed at the management group level use the ‘ extensionResourceId ’ function as custom policy definitions are implemented as resource extensions .

If you want to assign your policy at the tenant level, you should use the Tenant Root Group for that.

For example, to reference your existing policy definition deployed at the subscription level in a policy initiative, you can define it as the following:

Same referencing but at the management group level can be accomplished with the following syntax:

I don’t cover the Azure Policy exemptions feature here as it’s currently in preview and might change in the future.

Current drawbacks

Unfortunately, authoring Azure Policies with Bicep is still far from ideal. So, here are a few things that are not specifically related to Azure Policy, but rather Bicep language-generic features or their absence that annoyed me.

As I already mentioned, referencing policies from policy initiatives is a bit complicated and non-intuitive as you must be explicit about your reference scopes and always keep that nuance in mind. On a larger scale, when you have dozens of definitions that are defined in separate files and need to be deployed and assigned at different scopes, the new authoring experience is quite painful.

The next thing, which adds up to the negative authoring and debugging experience, is the lack of IntelliSense support for Azure Policy internal logic defined in Bicep files . What is more, the syntax highlighting for Bicep-defined Azure Policy rules in VS Code is also very limited. Apart from that, I was also unpleasantly surprised that, in contrast to the ARM template authoring experience, Bicep will not warn you about unused parameters or variables you have in your files.

Lastly, the way you currently define human-readable names and descriptions for policy parameters using the Bicep parameter decorators looks a bit awkward for me:

Why not provide the same simplified syntax for the ‘name’ metadata tag for the ‘description’ ?

Fortunately, the Bicep product team makes good progress in implementing new Bicep features and providing the community with simpler and better options for defining Azure infrastructure as code, and I’m impatiently looking forward to new Bicep releases .

If you were writing lots of ARM templates and haven’t tried Bicep yet, I certainly recommend you check it out and post your impressions in the comments below!

Written by:

Andrew Matveychuk

Member discussion:.

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Quickstart: Create a policy assignment to identify non-compliant resources using Azure portal

• 3 contributors

The first step in understanding compliance in Azure is to identify the status of your resources. In this quickstart, you create a policy assignment to identify non-compliant resources using Azure portal. The policy is assigned to a resource group and audits virtual machines that don't use managed disks. After you create the policy assignment, you identify non-compliant virtual machines.

Prerequisites

• If you don't have an Azure account, create a free account before you begin.
• A resource group with at least one virtual machine that doesn't use managed disks.

Create a policy assignment

In this quickstart, you create a policy assignment with a built-in policy definition, Audit VMs that do not use managed disks .

Sign in to the Azure portal .

Search for policy and select it from the list.

Select Assignments on the Policy pane.

Select Assign Policy from the Policy Assignments pane.

On the Assign Policy pane Basics tab configure the following options:

Select Next to view each tab for Advanced , Parameters , and Remediation . No changes are needed for this example.

Select Next and on the Non-compliance messages tab create a Non-compliance message like Virtual machines should use managed disks .

This custom message is displayed when a resource is denied or for non-compliant resources during regular evaluation.

Select Next and on the Review + create tab, review the policy assignment details.

Select Create to create the policy assignment.

Identify non-compliant resources

On the Policy pane, select Compliance and locate the Audit VMs that do not use managed disks policy assignment. The compliance state for a new policy assignment takes a few minutes to become active and provide results about the policy's state.

The policy assignment shows resources that aren't compliant with a Compliance state of Non-compliant . To get more details, select the policy assignment name to view the Resource Compliance .

When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant.

The DeployIfNotExist and AuditIfNotExist effects require the IF statement to be TRUE and the existence condition to be FALSE to be non-compliant. When TRUE , the IF condition triggers evaluation of the existence condition for the related resources.

Clean up resources

You can delete a policy assignment from Compliance or from Assignments .

To remove the policy assignment created in this article, follow these steps:

On the Policy pane, select Compliance and locate the Audit VMs that do not use managed disks policy assignment.

Select the policy assignment's ellipsis and select Delete assignment .

In this quickstart, you assigned a policy definition to identify non-compliant resources in your Azure environment.

To learn more about how to assign policies that validate resource compliance, continue to the tutorial.

Tutorial: Create and manage policies to enforce compliance

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback .

Submit and view feedback for

Additional resources

Get-AzPolicyAssignment

In this Azure PowerShell article, we will discuss the syntax and usage of the Get-AzPolicyAssignment PowerShell cmdlet and along with that, we will also discuss the use of the Get-AzPolicyAssignment PowerShell command with an example.

Table of Contents

Get-AzPolicyAssignment – Video Tutorial

Get-AzPolicyAssignment is a very good Azure PowerShell command to retrieve the policy assignments.

Below is the syntax of the Get-AzPolicyAssignment PowerShell command.

Now, let’s discuss a few examples of how to use the Get-AzPolicyAssignment PowerShell command with a few examples.

Below PowerShell command can help you to retrieve the lists of policy assignments.

After running the above command, I got the below output.

You can see the same output here as below

Check out a video tutorial on this command.

In this Azure article, we discussed, the syntax and usage of the Get-AzPolicyAssignment PowerShell cmdlet and along with certain examples of how to use this command.

I am Rajkishore, and I have over 14 years of experience in Microsoft Azure and AWS, with good experience in Azure Functions, Storage, Virtual Machine, Logic Apps, PowerShell Commands, CLI Commands, Machine Learning, AI, Azure Cognitive Services, DevOps, etc. Not only that, I do have good real-time experience in designing and developing cloud-native data integrations on Azure or AWS, etc. I hope you will learn from these practical Azure tutorials. Read more .