Microsoft Azure Insights: Azure Stack Hub; DevOps code security; DevOps Generator; Monitor Workbooks; Kubernetes monitoring; Key Vault notifications; Conditional access problems

Azure pros share their insights on Azure Stack Hub, DevOps code security, the DevOps Generator, Monitor Workbooks and more.

Looking into the changing Azure Stack offering

Microsoft senior cloud advocate Thomas Maurer looked at the changing Azure Stack offering in the wake of the Microsoft Ignite conference. "Starting with the buses driving attendees to the conference venue, over the Ignite keynotes, to the expo floor and breakouts, Hybrid Cloud was everywhere," he wrote. The introduction of Azure Arc and the expansion of Azure Stack to become Azure Stack Hub both fit into this hybrid theme.

Azure Stack Hub takes up the mantle of Azure Stack, but with Event Hubs, Stream Analytics, Windows Virtual Desktop and Azure Data Services with Azure Arc previews and general availability of Kubernetes. Stack Edge takes over from Databox Edge, but with upcoming Kubernetes clusters, VM and NVIDIA GPU support. Meanwhile, Stack HCI caters to small two-node clusters up to high-performance clusters.

Automating Azure DevOps code security

Tobias Zimmergren explored how to automate security with Azure DevOps and Microsoft Security Code Analysis. The tooling from Microsoft includes Credential Scanner, Roslyn Analyzers, Anti-Malware Scanner and others.

In his example, Zimmergren needed to ensure that a DevOps pipeline would fail if it were prompted to use sensitive files. After installing and configuring Code Analysis, he published the Security Analysis Logs, Security Report and Post-Analysis build tasks.

Zimmergren wrote:

By default, the build will not break even if the build tasks encounter issues. This is by design, as the tasks themselves complete successfully even if they report security issues. Usually this behavior is designed because it allows all tools to run, even if the first tool find some vulnerabilities or issues, which gives you a more comprehensible report in the end. The alternative would be to immediately fail the build, then you fix one error, build again and then discover the next one. Instead, this way you'll get a list of all currently identified issues and can mitigate them for your next build and then re-analyze.

New resources in the Azure DevOps Generator