Another year, another Festive Tech Calendar!
This year, I am participating with several other Azure MVPs as we host a live AMA and chat about all things Azure!
Make sure you check out the entire event over on their site – https://festivetechcalendar.com/
You can get our event at this link – https://www.youtube.com/live/WUGjNwEA4ls?si=ILP8z7POYwNMamz2
Last month, Microsoft introduced a new method of verifying your capabilities when it comes to Microsoft technology, Applied Skills. Critically, Applied Skills is focused on verifying hands-on experience. See the blog post announcement here.
Not long after the change from MCSA/MCSE to Role Based Certifications a few years ago, a section of questions based on a lab environment was introduced. This didn’t last very long, and had several teething issues. However, I was a fan of the attempt. As a result, I am delighted to see something similar being reintroduced. Funnily enough, I also like the fact that you can gain an Applied Skill credential from home, open book. We all work in an open book where Google/Bing etc are our sidekicks in sanity checking an error, ensuring that setting/parameter is as you remember it or looking up something new. It doesn’t take away from the experience needed to work with the technology.
I also like that Microsoft Learn are presenting this as a parallel, somewhat complimentary channel to Certifications. And of course, I love that they are online verifiable so that they can form part of your CV/resume. And to be honest, as someone who works with many technical peers on my team, while I know that credentials like this do not guarantee someone is good at the job or has the exact correct experience, I am at the point where if someone is good at their job and does have the skills, it is more odd to me that they haven’t simply passed all the relevant exams – it’s easy, no?
At launch there were several Applied Skills to achieve, at Ignite last week, several more were added, and there are more to come. The below is the current poster advertising what’s possible across pillars
Let’s start with some simple advice – When I first saw this launch, I was excited and clicked through to the secure networking skill (#AzNet all the way people) using my phone, while sitting on my couch. This loaded the assessment window and launched the lab – of which I could see nothing. The screen is far too small to function, and I really wasn’t paying proper attention. However, even without doing anything and simply exiting, it counted as an attempt, and I couldn’t retry for 72 hours. Don’t repeat my mistake, use a computer!
Ok, the assessment/lab itself – I liked it. In fact, I don’t think I could fault it. It loaded quickly, instructions are clear, results are immediate. My only gripe to date is that the results aren’t detailed enough. I was a few points shy of perfect for the secure networking skill (when I sat it properly 🙂 ) and the results are all green ticks, so I have no idea which element was incorrect, or if I missed something. Once loaded, you have a full two hours to complete the assessment, which may seem like a lot, but not if you’re not prepared. I’ve sat several of these now, and what you are being asked to do ranges from simple configuration tick boxes, to complex, layered implementation. The complex tasks ask for a simple result, you need to know how to get there. Without experience, you will struggle to figure this out via Google within your time window, so do the prep work! I found this out personally when I had to figure out some Python for the Document Intelligence assessment, but thankfully I still passed.
As someone who sees great value in having these available, free, to everyone, I think this is an excellent addition to Microsoft Learn. I’ve sat and passed four so far, and intend to continue with the areas I already know and expand into those that I don’t. I also intend to continue to sit new exams and renew all of my Certifications as well. One thing with Microsoft, and specifically Azure – never stop learning!
Ever since the change to Azure Firewall Policy from classic rules, there has been a requirement and a want to have greater inspection capabilities with regard to your Azure Firewall Policies (AFPs). Depending on your environment, you might have several, or several hundred AFPs in place, securing your Azure footprint. Regardless, analytics of these policies is crucial.
With the increasing adoption of cloud workloads, and as workloads move to the cloud, network security policies like AFPs must evolve and adapt to the changing demands of the infrastructure, which can be updated multiple times a week, which can make it challenging for IT security teams to optimise rules.
Optimisation while at least retaining, if not increasing security, is key objective with AFP Analytics. As the number of network and application rules grow over time, they can become suboptimal, resulting in degraded firewall performance and security. Any update to policies can be risky and potentially impact production workloads, causing outages, unknown impact and ultimately – downtime. We’d like to avoid all of that if possible!
AFP Analytics offers the ability to analyse and inspect your traffic, right down to a single rule. Several elements are enabled without action, however, I would recommend enabling the full feature set, which is a simple task. Open the AFP you’d like to enable it for, and follow the steps linked here.
Once enabled, AFP Analytics starts to fully inspect your Policy and the traffic passing through it. My demo Azure Firewall, currently looks fantastic, as nothing is happening 🙂
There are several key features to make use of with AFP Analytics, Microsoft list them as follows:
Now I view all of these as useful. I can see the purpose and I can see myself using them regularly. However, I was most excited about – Single Rule Analysis – that was, until I went to test and demo it.
I created a straight forward Application rule, a couple of web categories allowed on HTTPS. I enabled Analytics, sat back for a bit, got a coffee (it recommends 60 minutes due to how logs are aggregated in the back end) and then tried it out. To my disappointment, I was met with the below:
Tags and categories I could initially understand, but IP Groups confused me. I thought, this is a core feature, why not allow analysis when this is in scope – then I realised; the analysis is aiming to optimise the rule. AFP views rules using these as fairly spot on already. So, I decide to create a stupid rule (in my opinion). Allowing TCP:443 from around 20 IPs to around 10 IPs. First up, my Insight Panel flagged it
Next, Single Rule Analysis and…success, it dislikes the rule! It summarises it, and flags the aspects it does not feel are optimal. I did expect the recommendation to be to delete the rule, as you can see it is flagging there is no traffic matching the rule, but perhaps the caution here is in combination with the rule and data in place for the last 30 days, or lack thereof.
I can see this feature being really powerful in a busy production environment. There are some more scenarios listed on Microsoft’s blog announcement of GA earlier in the year too, if you’d like to check them out.
A final note. While you might think that it’s only the Log Analytics element you have to pay for to make use of AFP Analytics, you would be wrong. There is a charge for the enablement, analysis, and insight components. These price in at around €225/month, billed hourly. So double check your budget before enabling on every AFP.
As always, if you have any questions, please just ping me!
Updated: May 2023 February 2024
There has been an AI specific exam around for a while know, but perhaps the interest in it has been quite limited, not anymore! The AI-102 is becoming very popular, here is what Microsoft have to say about it:
Microsoft Azure AI engineers build, manage, and deploy AI solutions that make the most of Azure Cognitive Services and Azure services. Their responsibilities include participating in all phases of AI solutions development—from requirements definition and design to development, deployment, integration, maintenance, performance tuning, and monitoring.
These professionals work with solution architects to translate their vision and with data scientists, data engineers, IoT specialists, infrastructure administrators, and other software developers to build complete end-to-end AI solutions.
Azure AI engineers have experience developing solutions that use languages such as Python or C# and should be able to use REST-based APIs and software development kits (SDKs) to build secure image processing, video processing, natural language processing (NLP), knowledge mining, and conversational AI solutions on Azure. They should be familiar with all methods of implementing AI solutions. Plus, they understand the components that make up the Azure AI portfolio and the available data storage options. Azure AI engineers also need to understand and be able to apply responsible AI principles.
If you pass the exam, you will earn an associate certification – Microsoft Certified: Azure AI Engineer Associate.
As always, a great place to start is Microsoft Learn. Microsoft now offer their version of a study guide too, this is important to keep an eye on upcoming changes to content, and with AI, I expect this to change more frequently than some other exams. As always, these are free and you can work through them at your own pace. I find this a great way to study and gain greater understanding of the services by actually using them and you will need to be very familiar with Azure networking to pass this exam.
Below I’ve put together a collection of links relevant to the sections Microsoft have highlighted as being part of the skills measured for this exam. These are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it. Hopefully these study materials will help guide you to successfully passing AI-102!
Select the appropriate Azure AI service
Plan, create and deploy an Azure AI service
Manage, monitor and secure an Azure AI service
Create decision support solutions for data monitoring and content delivery
Analyze images
Implement custom computer vision models by using Azure AI Vision
Analyze videos
Analyze text by using Azure AI Language
Process speech by using Azure AI Speech
Translate language
Implement and manage a language understanding model by using Azure AI Language
Create a question answering solution by using Azure AI Language
Implement an Azure Cognitive Search solution
Implement an Azure AI Document Intelligence solution
Use Azure OpenAI Service to generate content
Optimize generative AI
And that’s it! Good luck with your exam!
This is the fear right? Or maybe it’s not a fear, and is a desire for some people, but it’s still not clear what the impact may be. What am I talking about? AI of course; specifically for this post, Azure OpenAI. Now, my idea here is to see what I think of the quality of responses it can give me based on specific prompts to try and tie together a simple blog post. I will pick a topic, an objective for the post, and I will be 100% transparent on what is AI written and what is me – just in case it is not obvious! I will also include the settings being used for my model at the end and whether I adjusted them during.
Ok, let’s get started. My topic is going to be Virtual Network Manager in my usual style of exploration.
What is Azure Virtual Network Manager? Write an opening paragraph for a blog post.
Azure Virtual Network Manager is an essential tool for managing and organizing your cloud-based virtual networks. With virtual networks, you can securely connect and isolate your Azure resources, control traffic flow, and expand your on-premises network into the cloud. However, managing virtual networks can be a challenging task, especially when you have multiple resources and services scattered across different regions. This is where the Azure Virtual Network Manager comes in, offering a centralized and user-friendly interface to help you efficiently manage and monitor your virtual networks. In this blog post, we will take a closer look at the Azure Virtual Network Manager and explore its features and benefits.
What are the top three use cases for Azure Virtual Network Manager? Write a detailed paragraph including bullet points and examples for each.
Azure Virtual Network Manager is a versatile tool that can support various use cases, depending on your organization’s needs. Here are the top three use cases for Azure Virtual Network Manager:
What are the current limitations or known issues of Azure Virtual Network Manager? Write a paragraph in the blog post.
While Azure Virtual Network Manager is a powerful tool for managing virtual networks in the cloud, there are some limitations and known issues that organizations should be aware of. Some of the current limitations of Azure Virtual Network Manager include:
Is there a tutorial or general steps that should be recommended as part of this blog post for people who are interested in now trying Azure Virtual Network Manager? Include high level steps and a link to the appropriate site if possible
Yes, Microsoft offers a comprehensive tutorial on how to set up and manage virtual networks using Azure Virtual Network Manager. Here are the high-level steps for getting started with Azure Virtual Network Manager:
Based on your previous responses do you think there is anything else that is important to know about Virtual Network Manager? Write a closing paragraph with a call to action to get in touch if you have any questions
In conclusion, Azure Virtual Network Manager is a powerful tool that can help organizations manage and secure their virtual networks in the cloud. With Azure Virtual Network Manager, organizations can establish secure connections between their on-premises and cloud-based resources, create complex multi-tier application architectures, and manage virtual networks across different regions and subscriptions. While there are some limitations and known issues with the tool, Microsoft is continually improving it with updates and new features.
If you have any questions about how to use Azure Virtual Network Manager or want to learn more about how it can support your organization’s networking needs, don’t hesitate to get in touch. Our team of experts is always available to help you navigate the complexities of cloud networking and find the best solutions for your business.
Let’s start with the settings used, I started with these and didn’t change them at all during the process:
engine="35t", (gpt35-turbo)
temperature=0.8,
max_tokens=800,
top_p=0.95,
frequency_penalty=0,
presence_penalty=0
Overall, I think it has the basics nearly correct. However, it has very little personalisation, it obviously speak to no real experience, and is essentially a modified read of the Docs pages. So I am pretty confident that at no point in near future could it be used to write an entire post that I would be happy with publishing. However, where a post calls for something more generic, like known issues, or intros, it could definitely be used as a starting point.
I am interest to see if a GPT4 model would make a huge difference, but for this style of work, I am not sure. Also, I could of course edit the temperature or top p, but I am unsure as to whether that impact again would be noticeable enough.
In conclusion, Azure OpenAI can definitely write a blog post – I am just not sure it’s a blog post I would be happy with!
wedoAzure 