Azure Insights: AKS Node Resource Group lockdown; Entra objects; Arc on Windows Server

Azure pros discuss AKS Node Resource Group lockdown mode, backup and restore for Entra objects, and setting up Azure Arc on Windows Server.

Making sense of AKS Node Resource Group lockdown mode

Microsoft MVP Richard Hooper, writing on Pixel Robots, looked into a new preview feature for AKS: Fully Managed Resource Group, also known as AKS Node Resource Group Lockdown Mode. Apps in AKS depend on resources deployed into the subscription, which are part of Node Resource Group. However, there are risks of disruption when users change these resources up to scale. He wrote:

This is where the AKS Node Resource Group Lockdown Mode shines. It’s like having a virtual guard for your Node Resource Group. By setting up a ‘deny assignment,’ AKS ensures no one can alter the resources that form the core of your AKS cluster. It’s a straightforward yet powerful way to funnel all changes through the Kubernetes API, maintaining the stability and integrity of your setup.

Hooper demonstrated the code needed to set up lockdown mode.

Backup and restore for Entra objects

Microsoft MVP Sander Berkouwer, writing on The Things That Are Better Left Unspoken, explored how to backup and restore Entra objects. Organizations that have Hybrid Identity environments comprised of Entra ID, Entra Connect, and Active Directory often find that objects aren’t properly synchronized, particularly user settings. The problem of synchronization is even greater for organizations with objects stored exclusively in the cloud, which can result in challenges syncing with on-prem objects.

Berkouwer highlighted several third-party tools to overcome these challenges developed by vendors such as Quest, Commvault, ManageEngine, AvePoint, Keepit, Semperis, and Rubrik. “Currently, six SaaS solutions and two on-premises solutions are readily available to backup and restore objects and their attributes in Microsoft Entra ID,” he wrote.

Setting up Azure Arc on Windows Server