Azure Cloud Platform and Services

Microsoft Azure is a comprehensive cloud platform providing infrastructure, platform, and software services for building modern applications. This collection covers Azure services, deployment patterns, cost optimization, and practical cloud architecture decisions for organizations adopting Azure.

Azure Services and Strategic Use

Azure encompasses hundreds of services spanning compute, storage, networking, databases, AI/ML, integration, and analytics. Effective cloud architects understand not just what services exist, but when to use them and when alternatives are more appropriate.

Compute Services range from virtual machines for lift-and-shift migrations, to App Service for web applications, to container services and serverless options. The choice depends on workload characteristics, team expertise, and operational requirements.

Data Services include relational databases, NoSQL options, data warehousing, and analytics platforms. Each makes specific trade-offs about consistency, scalability, query patterns, and operational complexity.

Integration and Messaging services connect applications, enable asynchronous workflows, and support event-driven architectures.

Cloud Adoption and Operations

Articles in this section cover Azure service selection, infrastructure as code with Bicep and Terraform, cost management strategies, security and compliance, and operational patterns for production Azure workloads. Topics include migration strategies, hybrid scenarios, and designing for Azure’s specific capabilities.

The emphasis remains practical: understanding Azure options, making informed architectural choices, and avoiding vendor lock-in decisions made without deliberation.

Platform Engineering Without Backstage: Pragmatic IDPs on Azure

Every platform engineering conference talk in the last two years has had a Backstage slide. Glossy catalogue screenshot, a scaffolder demo that creates a repo in four clicks, a knowing nod about “developer experience”. What the slide never shows is the six months the team spent building plugins, the Postgres instance somebody now babysits, the TechDocs theme nobody asked for, and the 0.4 of an engineer permanently assigned to chasing Backstage’s two-week release cadence.

There is no shame in any of this. Backstage is a serious project and serious teams run it well. The shame is treating it as the default (the thing you reach for on day one) when most teams could ship 80% of the value with a tenth of the effort and a fraction of the running cost. Backstage is a platform for building platforms. Most teams need a platform, not a platform-platform.

This post is the Internal Developer Platform (IDP) I keep building when nobody is forcing me to use Backstage. It is small, opinionated, runs on Azure plumbing you already pay for, and ships value in the first quarter instead of the third year.

Security Cosplay: Your Password-Only Admin Panel Isn't Fooling Anyone

Username and password for admin access? That’s not security, that’s security cosplay. You’re wearing the costume without any of the actual protection. One leaked credential and attackers walk right through your front door. Azure AD B2C with conditional MFA ends the costume party: risk-based authentication that only challenges when it matters. View a dashboard? Password’s fine. Delete production data? Prove you’re really you.

Certified, Filed, Forgotten: The Compliance Trainwreck

Organization gets certified. Consultants cash their checks. Documentation gets filed somewhere. Then compliance becomes a Word document ritual: screenshot the portal, sign the checklist, ship it. Three months later, an audit exposes configuration drift, hardcoded secrets, and vulnerable dependencies nobody noticed. The forensic evidence disagrees with the signatures. The fix isn’t stricter sign-offs or more checklists. It’s treating compliance as an engineering problem with automated CLI tools that run on every deployment.

"We Store Secrets in appsettings.json": A Horror Story in Five Acts

Every Azure subscription I’ve worked with has the same problem: connection strings with embedded credentials in appsettings.json, Service Principal secrets checked into Git history, storage account keys hardcoded everywhere. The credential sprawl is real. These aren’t careless developers. These are smart people applying on-premises patterns where they don’t belong. Azure Managed Identity flips the model entirely. Instead of your application proving identity by presenting a secret, Azure proves identity on your application’s behalf through cryptographic attestation. No secrets in code. No credentials in configuration. No rotation ceremonies. The Azure SDK’s DefaultAzureCredential handles authentication automatically, working identically in local development and production. Combined with RBAC, you scope permissions to exactly what each application needs. Not Contributor-level access to the entire subscription. Just the specific operations on specific resources that the application actually requires. This article walks through credential anti-patterns I encounter constantly, then shows the correct implementation using Bicep and .NET’s DefaultAzureCredential. The migration path is pragmatic: within weeks, not months, you can have zero static credentials in your codebase.

"Just Delete the User": Famous Last Words Before the GDPR Audit

Your PM thinks erasure is a quick database DELETE. Three weeks later, you’ve found user data in seventeen places: production DB, analytics warehouse, Redis cache, Elasticsearch, backup tapes, and that legacy system nobody dares touch. “Delete” actually means orchestrating coordinated erasure across distributed systems, maintaining audit trails, notifying third parties, and proving it worked. This guide shows the fatal patterns I’ve seen fail spectacularly, then walks through proper orchestration with Azure Durable Functions, soft-delete with anonymization, verification checks, and immutable audit logs.