M365.FM - Modern work, security, and productivity with Microsoft 365

Azure Chaos Studio - Simply Explained

14 min · 14 de jul de 2026
Portada del episodio Azure Chaos Studio - Simply Explained

Descripción

Cloud applications rarely fail because of a single bug. More often, they fail because of unexpected combinations of network latency, overloaded servers, unavailable databases, or infrastructure outages. The challenge is that traditional testing assumes everything works perfectly, while production environments rarely do. In this episode of Microsoft Knowledge Nuggets on M365 FM, Mirko Peters explains Azure Chaos Studio in plain English and shows how organizations can deliberately introduce controlled failures into their Azure environments to improve resilience before real incidents occur. Whether you're a cloud architect, DevOps engineer, SRE, developer, or IT administrator, you'll discover why chaos engineering has become an essential practice for building highly available cloud applications. WHY TRADITIONAL TESTING ISN'T ENOUGH Conventional testing verifies that software behaves correctly under ideal conditions, but production systems operate in a world full of unexpected failures. Virtual machines crash, databases slow down, APIs become unavailable, and network latency increases without warning. Modern cloud applications consist of dozens of interconnected services where a single failure can quickly cascade throughout an entire platform. Azure Chaos Studio helps organizations validate not only whether applications work, but whether they continue working when critical components fail unexpectedly. UNDERSTANDING CHAOS ENGINEERING Chaos engineering is not about randomly breaking systems—it is a scientific process for validating system resilience through carefully controlled experiments. Teams begin with a hypothesis, introduce a specific failure, observe how the application responds, measure the results, and strengthen weaknesses before they become production outages. Azure Chaos Studio provides a safe and repeatable framework for conducting these experiments while limiting the blast radius and maintaining full control over every test. HOW AZURE CHAOS STUDIO WORKS Azure Chaos Studio is a fully managed Azure service that injects real failures directly into Azure resources. Organizations can simulate virtual machine shutdowns, CPU and memory pressure, network latency, application failures, process termination, DNS disruptions, Kubernetes faults, and many other real-world scenarios. Experiments can target Azure Virtual Machines, Virtual Machine Scale Sets, Azure Kubernetes Service (AKS), Azure Cosmos DB, Azure Cache for Redis, networking components, and additional Azure services. Using steps, branches, actions, and reusable experiment definitions, teams can model complex failure scenarios without building custom tooling. BUILDING RESILIENT CLOUD ARCHITECTURES One of Azure Chaos Studio's greatest strengths is validating cloud architecture under realistic operating conditions. Engineers can verify load balancers, autoscaling, failover mechanisms, monitoring, alerting, disaster recovery procedures, and application resiliency before users experience real outages. Combined with Infrastructure as Code, Azure DevOps, GitHub Actions, ARM templates, Bicep, and CI/CD pipelines, chaos experiments become a regular part of modern cloud engineering rather than occasional manual testing. SAFETY, GOVERNANCE, AND CONTROL Despite its name, Azure Chaos Studio is designed around safety and governance. Every experiment defines explicit targets, approved fault types, execution order, duration, and scope before any disruption occurs. Organizations decide exactly which Azure resources can participate, ensuring production environments remain protected while resilience testing is performed under carefully controlled conditions. This enables teams to learn from failures without creating unnecessary business risk. KEY TAKEAWAYS Azure Chaos Studio transforms failure from something organizations fear into something they actively learn from. By safely injecting controlled disruptions into Azure environments, teams can validate resiliency, improve availability, strengthen disaster recovery, and identify hidden weaknesses long before customers are affected. As cloud applications continue growing in complexity, chaos engineering is becoming a core DevOps and Site Reliability Engineering practice—and Azure Chaos Studio provides Microsoft's enterprise platform for building resilient, reliable, and production-ready cloud solutions. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de M365.FM - Modern work, security, and productivity with Microsoft 365!

Prueba gratis

Empieza 7 días de prueba

$99 / mes después de la prueba. · Cancela cuando quieras.

  • Podcasts solo en Podimo
  • 20 horas de audiolibros al mes
  • Podcast gratuitos

Todos los episodios

725 episodios

episode Azure Key Vault - Simply Explained artwork

Azure Key Vault - Simply Explained

Every modern application relies on secrets—API keys, database passwords, connection strings, encryption keys, and certificates. Yet one of the biggest security mistakes developers and administrators still make is storing these credentials directly inside source code, configuration files, or deployment pipelines. In this episode of Microsoft Knowledge Nuggets on M365 FM, Mirko Peters explains Azure Key Vault in plain English, showing how Microsoft helps organizations securely store, manage, rotate, and protect sensitive information across Azure. Whether you're a developer, cloud architect, DevOps engineer, security professional, or IT administrator, this episode explains why Azure Key Vault has become a fundamental building block of every secure cloud architecture. WHAT IS AZURE KEY VAULT? Azure Key Vault is Microsoft's fully managed cloud service for securely storing secrets, encryption keys, and digital certificates. Rather than embedding sensitive credentials inside applications, organizations store them centrally inside Key Vault where Azure handles security, availability, patching, and auditing. Applications retrieve secrets only when needed, significantly reducing the risk of accidental exposure while simplifying credential management across development, testing, and production environments. SECRETS, KEYS, AND CERTIFICATES Azure Key Vault supports three primary object types: secrets, cryptographic keys, and certificates. Secrets include API keys, passwords, connection strings, and storage account keys. Cryptographic keys protect encrypted workloads such as Azure Storage, SQL databases, and virtual machines using customer-managed encryption. Certificates simplify TLS and SSL lifecycle management through centralized storage, automated renewal, and secure deployment across applications and services. Versioning allows previous secret values to remain available for rollback scenarios while simplifying password rotation and operational recovery. UNDERSTANDING ACCESS CONTROL Security depends not only on where secrets are stored but also on who can access them. The episode explains why Azure Role-Based Access Control (RBAC) has become Microsoft's recommended permission model, replacing legacy access policies. You'll learn the differences between management-plane and data-plane permissions, Key Vault Reader, Secrets User, Secrets Officer, Contributor, and Owner roles, along with the principle of least privilege that minimizes unnecessary access throughout an organization. MANAGED IDENTITY ELIMINATES PASSWORDS One of Azure's most powerful security features is Managed Identity. Instead of storing client secrets inside applications, Azure automatically creates secure identities for services such as App Service, Azure Functions, Virtual Machines, AKS, Synapse, Logic Apps, and Azure Data Factory. These identities authenticate directly with Microsoft Entra ID and securely retrieve secrets from Azure Key Vault without developers managing credentials manually. This significantly reduces attack surfaces while simplifying cloud-native authentication. AVOIDING COMMON SECURITY MISTAKES The episode also highlights one of the most common Key Vault configuration mistakes: relying on legacy access policies together with overly broad Contributor permissions. Organizations should migrate to Azure RBAC, audit existing permissions regularly, separate development, test, and production vaults, enable Soft Delete and Purge Protection, and limit access using dedicated Key Vault roles. Combined with monitoring, audit logging, and Microsoft Entra ID, these practices dramatically improve overall cloud security while reducing operational risk. KEY TAKEAWAYS Azure Key Vault is much more than a secure password manager. It is the central trust anchor for modern Azure security, enabling applications to authenticate without embedded credentials while protecting secrets, encryption keys, and certificates throughout their lifecycle. Combined with Microsoft Entra ID, Azure RBAC, Managed Identity, and Zero Trust principles, Azure Key Vault helps organizations build secure, scalable, and compliant cloud solutions that are easier to manage and significantly harder to compromise. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

14 de jul de 202618 min
episode Azure Chaos Studio - Simply Explained artwork

Azure Chaos Studio - Simply Explained

Cloud applications rarely fail because of a single bug. More often, they fail because of unexpected combinations of network latency, overloaded servers, unavailable databases, or infrastructure outages. The challenge is that traditional testing assumes everything works perfectly, while production environments rarely do. In this episode of Microsoft Knowledge Nuggets on M365 FM, Mirko Peters explains Azure Chaos Studio in plain English and shows how organizations can deliberately introduce controlled failures into their Azure environments to improve resilience before real incidents occur. Whether you're a cloud architect, DevOps engineer, SRE, developer, or IT administrator, you'll discover why chaos engineering has become an essential practice for building highly available cloud applications. WHY TRADITIONAL TESTING ISN'T ENOUGH Conventional testing verifies that software behaves correctly under ideal conditions, but production systems operate in a world full of unexpected failures. Virtual machines crash, databases slow down, APIs become unavailable, and network latency increases without warning. Modern cloud applications consist of dozens of interconnected services where a single failure can quickly cascade throughout an entire platform. Azure Chaos Studio helps organizations validate not only whether applications work, but whether they continue working when critical components fail unexpectedly. UNDERSTANDING CHAOS ENGINEERING Chaos engineering is not about randomly breaking systems—it is a scientific process for validating system resilience through carefully controlled experiments. Teams begin with a hypothesis, introduce a specific failure, observe how the application responds, measure the results, and strengthen weaknesses before they become production outages. Azure Chaos Studio provides a safe and repeatable framework for conducting these experiments while limiting the blast radius and maintaining full control over every test. HOW AZURE CHAOS STUDIO WORKS Azure Chaos Studio is a fully managed Azure service that injects real failures directly into Azure resources. Organizations can simulate virtual machine shutdowns, CPU and memory pressure, network latency, application failures, process termination, DNS disruptions, Kubernetes faults, and many other real-world scenarios. Experiments can target Azure Virtual Machines, Virtual Machine Scale Sets, Azure Kubernetes Service (AKS), Azure Cosmos DB, Azure Cache for Redis, networking components, and additional Azure services. Using steps, branches, actions, and reusable experiment definitions, teams can model complex failure scenarios without building custom tooling. BUILDING RESILIENT CLOUD ARCHITECTURES One of Azure Chaos Studio's greatest strengths is validating cloud architecture under realistic operating conditions. Engineers can verify load balancers, autoscaling, failover mechanisms, monitoring, alerting, disaster recovery procedures, and application resiliency before users experience real outages. Combined with Infrastructure as Code, Azure DevOps, GitHub Actions, ARM templates, Bicep, and CI/CD pipelines, chaos experiments become a regular part of modern cloud engineering rather than occasional manual testing. SAFETY, GOVERNANCE, AND CONTROL Despite its name, Azure Chaos Studio is designed around safety and governance. Every experiment defines explicit targets, approved fault types, execution order, duration, and scope before any disruption occurs. Organizations decide exactly which Azure resources can participate, ensuring production environments remain protected while resilience testing is performed under carefully controlled conditions. This enables teams to learn from failures without creating unnecessary business risk. KEY TAKEAWAYS Azure Chaos Studio transforms failure from something organizations fear into something they actively learn from. By safely injecting controlled disruptions into Azure environments, teams can validate resiliency, improve availability, strengthen disaster recovery, and identify hidden weaknesses long before customers are affected. As cloud applications continue growing in complexity, chaos engineering is becoming a core DevOps and Site Reliability Engineering practice—and Azure Chaos Studio provides Microsoft's enterprise platform for building resilient, reliable, and production-ready cloud solutions. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

14 de jul de 202614 min
episode Your AI Landing Zone Is A Liability artwork

Your AI Landing Zone Is A Liability

Most organizations believe deploying Azure OpenAI is as simple as provisioning another Azure resource. Create an endpoint, generate an API key, connect your application, and start building AI experiences. While this approach may work for prototypes, it quickly becomes a serious liability in enterprise environments. In this episode of the M365 FM Podcast, host Mirko Peters explains why traditional Azure Landing Zones were never designed for modern AI workloads and why every successful enterprise AI platform needs a hardened governance perimeter built from day one. This episode explores the architectural shift from manual deployments to fully governed AI platforms powered by Azure Bicep, Azure AI Foundry, Azure Policy, Managed Identities, Private Endpoints, API Management, and Infrastructure as Code. You'll discover why Enterprise AI isn't about deploying large language models—it's about controlling identity, networking, governance, observability, and reasoning across every AI workload before technical debt turns into security debt. WHY TRADITIONAL LANDING ZONES BREAK WITH AI Azure Landing Zones were designed for predictable workloads with stable infrastructure patterns. AI changes everything. Large Language Models interact with multiple data sources, external APIs, retrieval systems, vector databases, and orchestration layers that continuously evolve. Traditional governance models simply weren't built for this level of complexity. Topics include: * Azure Landing Zones * AI workloads * Configuration drift * Shadow AI * Governance gaps * Enterprise architecture * Cloud security * Infrastructure evolution * AI platforms * Operational complexity You'll learn why manually deploying Azure OpenAI resources creates inconsistent environments that become nearly impossible to audit and secure. THE HIDDEN COST OF MANUAL AI DEPLOYMENTS Many organizations deploy their first AI solution through the Azure Portal. The first deployment succeeds. The second team copies the approach. The third team makes slight modifications. Months later, nobody knows which deployment uses Managed Identities, which relies on API keys, which workloads expose public endpoints, or where sensitive business data actually flows. The episode explains why configuration drift, inconsistent security controls, and invisible token consumption create financial, operational, and compliance risks that grow exponentially over time.  BUILDING THE HARDENED AI PERIMETER Enterprise AI requires more than secure infrastructure. It requires an integrated perimeter where identity, networking, governance, reasoning, and monitoring work together as one architecture. Topics include: * Managed Identities * Private Endpoints * Azure Policy * Azure AI Foundry * API Management * Azure Bicep * RBAC * Key Vault * Zero Trust * Governance as Code Rather than treating security as an afterthought, you'll discover how Infrastructure as Code makes secure deployments the default deployment model. BICEP AS THE CONTROL PLANE FOR AI Azure Bicep is far more than a replacement for ARM Templates. It becomes the architectural language that defines identity, networking, monitoring, AI services, governance, and compliance as reusable modules. The discussion explores how reusable Bicep modules eliminate configuration drift while creating repeatable deployments that can be audited, versioned, and deployed consistently across hundreds of Azure subscriptions. Infrastructure stops being manually configured and becomes automatically governed.  AZURE AI FOUNDRY, RAG & MODERN AI ARCHITECTURE Modern AI applications depend on Retrieval Augmented Generation (RAG), Azure AI Search, vector databases, and intelligent orchestration. The episode explains how Azure AI Foundry becomes the governance boundary for enterprise AI by controlling approved models, connected knowledge sources, managed identities, and agent orchestration. You'll also discover why AI governance isn't limited to infrastructure—it extends directly into reasoning chains, retrieval pipelines, grounding strategies, and model lifecycle management.  OBSERVABILITY, FINOPS & TOKEN GOVERNANCE Enterprise AI success depends on visibility. Organizations must understand where tokens are consumed, which teams generate costs, how models are used, and whether AI systems remain compliant over time. Topics include: * Azure Monitor * Application Insights * Log Analytics * Token tracking * FinOps * Cost attribution * Chargeback * API Management * Monitoring * AI telemetry You'll learn why token-level observability becomes one of the most important governance capabilities for modern AI platforms. WHO SHOULD LISTEN? This episode is ideal for: * Azure Architects * Cloud Architects * Platform Engineers * AI Engineers * DevOps Engineers * Infrastructure Engineers * Security Architects * Enterprise Architects * IT Decision Makers * Microsoft MVPs * Anyone building enterprise AI platforms Whether you're deploying Azure OpenAI, designing Azure AI Foundry environments, implementing Retrieval Augmented Generation (RAG), modernizing Azure Landing Zones, adopting Azure Bicep, or building secure AI platforms at enterprise scale, this episode provides a practical roadmap for transforming AI infrastructure from an unmanaged liability into a secure, governed, and scalable platform. If you want to understand why successful Enterprise AI starts long before the first prompt is sent—and how identity, networking, governance, observability, Infrastructure as Code, and platform engineering combine to create trusted AI systems—this episode delivers a comprehensive blueprint for building AI platforms that are secure by design and ready for production. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

14 de jul de 20261 h 21 min
episode Data Analysis Expressions (DAX) - Simply Explained artwork

Data Analysis Expressions (DAX) - Simply Explained

If you've spent any time working with Power BI, you've almost certainly heard about DAX. Some people describe it as "Excel formulas for Power BI," while others treat it like a complex programming language that only experts can understand. The truth lies somewhere in between. In this episode of Microsoft Knowledge Nuggets on M365 FM, Mirko Peters explains Data Analysis Expressions (DAX) in plain English, breaking down the concepts that every Power BI user, business analyst, and data professional needs to understand. Whether you're building your first dashboard or looking to improve enterprise reporting, this episode provides a practical introduction to one of Microsoft's most powerful analytical technologies. WHAT IS DAX AND WHY DOES IT MATTER?  DAX, or Data Analysis Expressions, is the calculation engine behind Microsoft Power BI, Excel Power Pivot, and SQL Server Analysis Services. Unlike Excel formulas that work on individual cells, DAX operates across entire tables and data models. Instead of calculating one value at a time, DAX dynamically responds to filters, slicers, and user interactions, allowing reports to update instantly as users explore their data. This makes DAX the foundation of interactive business intelligence and modern self-service analytics.  CALCULATED COLUMNS VS. MEASURES One of the biggest challenges for beginners is understanding the difference between calculated columns and measures. This episode clearly explains why calculated columns are static values created during data refresh, while measures are dynamic calculations that respond instantly to report filters and user selections. Understanding when to use each approach is critical for building efficient Power BI models that remain fast, scalable, and easy to maintain.  UNDERSTANDING FILTER CONTEXT Filter context is the concept that separates beginner DAX users from experienced Power BI professionals. Every visual, slicer, page filter, and report interaction creates a unique filter context that determines which data is visible during a calculation. Rather than rewriting formulas for every scenario, DAX automatically recalculates results based on the active context, allowing a single measure to power hundreds of different report views. Once you understand filter context, DAX becomes significantly easier to master.  MASTERING CALCULATE, ITERATORS, AND TIME INTELLIGENCE The episode explores the most important DAX function—CALCULATE—and explains why it forms the foundation of advanced Power BI development. You'll also learn when to use iterator functions such as SUMX, how row context differs from filter context, and why proper date tables are essential for time intelligence calculations. Practical examples demonstrate running totals, year-over-year comparisons, prior-year sales, growth percentages, and dynamic business metrics that executives rely on every day.  BUILDING HIGH-PERFORMANCE POWER BI MODELS Great Power BI reports depend on more than writing formulas. Mirko explains how clean data models, well-designed relationships, variables, reusable measures, source control, and efficient DAX patterns improve both report performance and long-term maintainability. The episode also highlights common beginner mistakes, including overusing calculated columns, misunderstanding context, ignoring the data model, and writing unnecessarily complex expressions that slow down reports.  KEY TAKEAWAYS DAX is far more than a collection of formulas—it is the analytical engine that powers Microsoft Power BI. By understanding measures, calculated columns, filter context, CALCULATE, iterator functions, and time intelligence, you can transform static reports into interactive dashboards that automatically respond to every user interaction. Mastering a few core DAX concepts will help you build faster, cleaner, and more scalable Power BI solutions while unlocking the full potential of Microsoft's business intelligence platform. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

14 de jul de 202615 min
episode Graph API - Simply Explained artwork

Graph API - Simply Explained

Microsoft Graph API is one of the most important technologies in the Microsoft ecosystem, yet it's often misunderstood. Is it a database? A service? Or simply another developer tool? In this episode of Microsoft Knowledge Nuggets on M365 FM, Mirko Peters breaks down Microsoft Graph API in plain English using simple real-world analogies that make even complex concepts easy to understand. Whether you're an IT administrator, developer, Power Platform maker, or Microsoft 365 enthusiast, you'll learn why Graph has become the universal gateway to Microsoft's cloud services and why it's now essential for automation, integrations, and AI-powered solutions. FROM DISCONNECTED APIS TO ONE UNIFIED PLATFORM Before Microsoft Graph, every Microsoft service had its own API. Exchange Online, SharePoint, Azure Active Directory (now Microsoft Entra ID), OneDrive, and Microsoft Teams all required separate authentication methods, documentation, and programming models. Automating even simple business processes meant working with multiple technologies simultaneously. Microsoft Graph changed that by introducing one unified API endpoint that connects every major Microsoft 365 service through a consistent interface, dramatically simplifying development and automation. UNDERSTANDING GRAPH THROUGH SIMPLE ANALOGIES Rather than diving into technical documentation, this episode explains Microsoft Graph using relatable examples. Imagine Microsoft 365 as a modern office building where every service represents a different department. Instead of visiting each room individually, Microsoft Graph acts as the central reception desk that coordinates everything behind the scenes. This simple analogy makes it easy to understand how Graph connects users, files, calendars, mailboxes, Teams, SharePoint sites, and security information into one interconnected platform. HOW AUTHENTICATION, PERMISSIONS, AND SECURITY WORK Every Graph request starts with authentication through Microsoft Entra ID before authorization determines exactly which resources an application can access. The episode explains delegated permissions, app-only permissions, OAuth tokens, consent, scopes, and Microsoft's least-privilege security model without unnecessary technical complexity. You'll also understand why Graph is considered one of the most secure ways to access Microsoft 365 data and how administrators maintain complete control over application permissions. AUTOMATING MICROSOFT 365 WITH GRAPH API Microsoft Graph enables organizations to automate virtually every aspect of Microsoft 365. From creating users and assigning licenses to managing Teams, SharePoint documents, Outlook mailboxes, OneDrive files, calendars, Microsoft Defender alerts, and security operations, Graph provides a single interface for enterprise automation. The episode also demonstrates how developers, administrators, and IT professionals can build powerful workflows while reducing complexity compared to legacy Microsoft APIs. GRAPH API FOR POWER PLATFORM AND LOW-CODE USERS You don't have to be a professional developer to benefit from Microsoft Graph. Power Automate, Power Apps, Microsoft Copilot, and Graph Explorer make Graph accessible to citizen developers and business users through low-code experiences. Even advanced Graph endpoints can be integrated using custom HTTP actions, allowing organizations to build sophisticated automations without writing large amounts of code. This opens enterprise-grade automation capabilities to a much wider audience. WHY GRAPH API IS THE FUTURE OF MICROSOFT 365 Microsoft continues to retire older technologies while investing heavily in Graph API. Legacy APIs such as Exchange Web Services are reaching end of life, while new Microsoft 365 capabilities increasingly become available only through Graph. Understanding Graph today prepares organizations for future AI experiences, Microsoft Copilot integrations, intelligent agents, Power Platform automation, and enterprise cloud development. KEY TAKEAWAYS Microsoft Graph API is the universal gateway to Microsoft 365. One endpoint provides secure access to users, mail, files, Teams, SharePoint, calendars, devices, security data, and much more. Whether you're building applications, automating business processes, integrating Microsoft services, or preparing for the AI era, Graph API forms the foundation of the modern Microsoft cloud. Understanding how it works is one of the most valuable skills for anyone working with Microsoft technologies today. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Ayer12 min