In a corporate network, internal database servers are usually heavily firewalled in separate network segments. However, when we deploy our database in Azure, we can connect to it directly over the internet. To improve the security of your database, you should use a private link (also known as Private Endpoint) to connect to your database from your application. This will route the traffic over internal Azure connections, and you can disallow any public access to the database server. …

When deploying resources in Azure using Bicep, occasionally you will have to assign rights to a user or principal to perform certain actions. For example, authorizing an app service to access a storage account. Initially you would create something like this: // Assume we have an app service with a System Assigned managed service identity var principalId = appService.identity.principalId; resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { name: 'some-existing-storage-account' } resource roleAuthorization 'Microsoft. …