// Identity & Authentication

Chris and Matt spend this episode tracking down why the World Events Engine keeps crashing on startup in Azure Container Apps — tracing the root cause to a missing GitHub Container Registry credentials block in the Infrastructure as Code and a GitHub Actions token permissions gap. The session also covers Dapr component naming conventions, storage queue message formatting, container app log analysis, and planning a dedicated GitHub Codespaces episode.

Chris and Matt set up federated identity credentials (OIDC) for passwordless GitHub Actions authentication to Azure, deploy container apps via CI/CD, and discuss workflow trigger strategies for container image deployments.

When using Azure Kubernetes Service (AKS), there's a chance that kubenet might be the only possible choice due to your requirements. If so, you may still want to use Application Gateway Ingress Controller (AGIC) to leverage Azure Application Gateway's Web Application Firewall (WAF) capabilities. In this session, we will make the journey together to have a working AGIC in an AKS cluster with kubenet and managed identities.

When COVID-19 forced the vOpen.Tech conference to pivot from a physical event to a fully virtual one, the organising team had fewer than two weeks to build a production-ready registration and identity system — with minimal budget. In this episode, Chris is joined by Facundo La Rocca (Faku), a .NET developer and conference organiser from Buenos Aires, who shares how Azure AD B2C became the silver bullet that made it possible: delivering a scalable, secure IAM platform with almost no custom code, at no cost, in under a fortnight.

Chris returns from vacation with Azure, DevOps, and GitHub updates covering resilience threat modeling, Azure Well-Architected Framework reliability, Privileged Identity Management with Azure Lighthouse, App Service Environment v3, and Azure Communication Services direct routing.

Chris is joined by Shannon Kuehn, a Senior Cloud Advocate at Microsoft, for an accessible deep dive into Azure VMware Solution (AVS) — the dedicated VMware platform hosted within Azure datacentres. Shannon explains how AVS lets organisations migrate on-premises VMware environments into Azure without a forklift upgrade, using live vMotion migrations via HCX with zero downtime, and unlocks Azure-native integrations including Azure Security Center, Azure Active Directory, Application Gateway, and PaaS services.

I recently started thinking about the typical setup process for a GitHub Action Workflow which will deploy into Azure. Typically, the process is to use the Azure/login GitHub Action, and then use the azure/cli or another Azure GitHub Action to deploy into GitHub. This is a nice approach. However, from my initial research - I wasn't able to see a way use the Azure/login GitHub Action to deploy into Azure using a System Assigned Managed Identity. This got me wondering, is this possible?

Weekly Vlog #19 is broadcast live, opening with Azure's Fluent Design icon rebrand and covering key security and platform updates including the AKS Secret Store CSI driver add-on, Azure Security Center improvements for hybrid and multi-cloud Kubernetes, and new Azure VPN Gateway multi-authentication capabilities. GitHub Enterprise Server 3.1 launches with GitHub Actions, Packages, and Advanced Security, while the release radar spotlights Pulumi as an emerging cross-cloud infrastructure-as-code framework. Chris also recaps Cloud Gaming Notes episode four featuring Sudoku Social's Azure PlayFab backend and a new Cloud Drop on PowerShell in Azure Functions with Carol de Winter.

Principal of least privilege is a commonly used phrase within the Technology Industry. The idea is that we'll assign permissions of what the user needs to get the job done, rather than anything broader or more privileged. This helps reduce the blast radius in the event of a compromised account. This stretches to Azure resources at the management plane, but in some cases can also stretch to the data plane of those resources. We'll be exploring these further in this blog post.

Weekly Vlog #16 covers significant IoT Edge updates — including nested device hierarchies now GA and zero-touch provisioning blueprints — plus the GA of Azure API Management support for availability zones and a new open-source API portal. GitHub highlights include a detailed guide to implementing least-privilege secrets in GitHub Actions using environments and branch protection rules, and the GitHub CLI's new support for managing Actions workflows from the terminal. Chris recaps two Global Azure talks on Hugo static sites and GitHub Actions, shares a SecurityHeaders.com deep-dive using Azure CDN rules, and previews Azure RBAC data-plane content and an upcoming Azure Spring Cloud session.