Forem: Oladosu Ibrahim

Getting Data from Multiple Sources in Power BI

Oladosu Ibrahim — Sun, 21 Dec 2025 15:27:32 +0000

Introduction

One of the most important skills every Data Analyst must master is the ability to connect Power BI to multiple data sources, understand the data structure, and assess data quality before building reports.

In this article, I’ll walk you through how to get data from multiple sources in Power BI Desktop, preview the data using Power Query, and use data profiling features to quickly identify data quality issues.

This guide is practical and mirrors real-world Power BI projects.

What You Will Learn

By the end of this guide, you will be able to:

Open Power BI Desktop
Connect to SQL Server databases
Import data from CSV files
Preview and understand data using Power Query Editor
Use Column Quality, Column Distribution, and Column Profile features
Identify common data quality issues before modeling

Getting Started with Power BI Desktop

To begin, download the starter files used in this lab from Microsoft’s official repository:

🔗 Download link:
https://github.com/MicrosoftLearning/PL-300-Microsoft-Power-BI-Data-Analyst/raw/Main/Allfiles/Labs/01-get-data-in-power-bi/01-get-data.zip

After downloading:

Extract the folder to C:\Users\Student\Downloads\01-get-data
Open the 01-Starter-Sales Analysis.pbix file in Power BI Desktop

This starter file has been preconfigured to disable automatic relationship detection, allowing us to focus strictly on data loading and profiling.

Getting Data from Microsoft Excel

In real business environments, most enterprise data lives in databases. Let’s connect Power BI to SQL Server.

Steps:

In Power BI Desktop, go to Home → Get Data → More
Select Microsoft Excel and Connect.
In the Server field, enter:
localhost
(Leave the Database field blank)
Use Windows authentication if prompted
Ignore the encryption warning and continue

Once connected, expand the AdventureWorksDW2020 database.

Select the following tables:

DimEmployee
DimEmployeeSalesTerritory
DimProduct
DimReseller
DimSalesTerritory
FactResellerSales

Click Transform Data to open Power Query Editor.

You have now connected Power BI to six tables from SQL Server.

Previewing and Understanding Data in Power Query

Power Query allows you to inspect your data before loading it into the data model.

Exploring the Queries Pane

On the left side, you’ll see one query per table. Each query represents a connection to a data source.

Reviewing the DimEmployee Table

The DimEmployee table stores employee details.

Key observations:

The table contains 296 rows and 33 columns
Some columns contain Table or Value links, which represent relationships
These columns can later be used to merge or relate tables

Using Data Profiling Features in Power Query

Data profiling helps you quickly assess data quality and structure.

Column Quality

Enable:

View → Column Quality

This shows:

Valid values
Empty (null) values
Errors

Example insight:

The Position column contains 94% empty values, which is a potential data quality issue.

Column Distribution

Enable:

View → Column Distribution

This helps you understand:

Distinct values
Unique values

Example:

EmployeeKey has 296 distinct and unique values This makes it a good primary key for relationships.

Column Profile

Enable:

View → Column Profile

In the DimReseller table:

The BusinessType column shows a data issue
“Warehouse” appears twice as:
- Warehouse
- Ware House (misspelled)

This kind of inconsistency must be cleaned before analysis.

Reviewing the Fact Table

The FactResellerSales table stores transaction-level sales data.

Key insight:

The TotalProductCost column has 8% missing values
Missing cost data can affect profit calculations and business decisions

Identifying this early prevents inaccurate reporting later.

Getting Data from CSV Files

Not all data comes from databases. Analysts often work with flat files like CSVs.

Importing a CSV File

In Power Query Editor:

Home → New Source → Text/CSV
1. Select ResellerSalesTargets.csv
2. Review the preview and click OK

This file contains:

One row per salesperson per year
Monthly sales targets
No empty values (hyphens are used instead)

Importing Another CSV File

Repeat the same steps to import ColorFormats.csv.

This file contains:

Product colors
HEX codes for background and font formatting

At this point, you should have two new CSV-based queries added to your model.

Why This Step Matters in Real Projects

Before building visuals and dashboards, every Data Analyst must:

Understand the structure of the data
Identify missing values and inconsistencies
Confirm unique keys for relationships
Know which columns need cleaning or transformation

Skipping this step often leads to:

Wrong insights
Broken relationships
Misleading dashboards

Final Thoughts

Getting data from multiple sources in Power BI is more than just clicking Get Data.
It’s about understanding your data before modeling and visualization.

Power Query gives you powerful tools to:

Inspect data quality
Detect issues early
Build reliable and trustworthy reports

Mastering this step puts you on the right path to becoming a confident Power BI Data Analyst.

Building and Updating Docker Containers: A Practical Hands-On Guide for Beginners

Oladosu Ibrahim — Thu, 11 Dec 2025 18:56:09 +0000

Introduction

In today’s fast-paced development environment, consistency and portability are critical. Applications must run reliably across different machines, environments, or even in the cloud. Docker provides a solution by packaging your application along with its dependencies into a container, ensuring it behaves the same everywhere.

In this hands-on guide, you’ll learn how to containerize a simple Node.js “Todo List” application. You don’t need prior experience with Node.js — the focus is on understanding how Docker builds, packages, and runs applications.

By the end of this tutorial, you’ll be able to:

Build a Docker image using a Dockerfile
Run your application inside a container
Expose your app to your local host
Understand how images, containers, and layers interact

Prerequisites

Ensure you have the following tools installed:

Docker Desktop (latest version)
Git (for cloning the sample app)
VS Code or another code editor

These tools allow you to build and run containers smoothly.

Step 1: Prepare the Application

Open a new folder in VS Code and name it container.
Open a terminal in that folder.
Clone the sample Node.js application:

git clone https://github.com/docker/getting-started-app.git

You’ll see the following folder structure:

getting-started-app/
│── .dockerignore
│── package.json
│── README.md
│── spec/
│── src/
└── yarn.lock

This is the source code you will containerize.

Step 2: Create the Dockerfile

In the getting-started-app folder, create a file named Dockerfile and add:

# syntax=docker/dockerfile:1

FROM node:lts-alpine
WORKDIR /app
COPY . .
RUN yarn install --production
CMD ["node", "src/index.js"]
EXPOSE 3000

Explanation:

FROM selects a lightweight Node.js image
WORKDIR sets the working directory inside the container
COPY transfers your source code into the container
RUN installs your dependencies
CMD defines the command to start the app
EXPOSE documents the port your app listens on

This file tells Docker how to build your image.

Step 3: Build the Docker Image

Navigate to your project folder by doing ls and cd into the folder/directory:

cd /path/to/getting-started-app

Build the image:

docker build -t getting-started .

What happens here:

Docker downloads the Node.js base image (if not already on your machine)
Copies your app files
Installs dependencies
Packages everything into a Docker image named getting-started

Step 4: Run Your Container

Start the container:

docker run -d -p 127.0.0.1:3000:3000 getting-started

Flags explained:

-d: runs the container in the background
-p HOST:CONTAINER: maps container port 3000 to your local port 3000

Visit http://localhost:3000 in your browser. Your Todo List app should be running. Add tasks, mark them complete, and see how everything works inside the container.

Step 5: Verify Running Containers

To check which containers are running:

docker ps

You’ll see the container ID, image name, port mappings, and status — confirming that your app is active.

Step 6: Update the Application

Suppose you want to change the “empty text” message to:

You have no todo items yet! Add one above!

Edit src/static/js/app.js and update line 56:

- <p className="text-center">No items yet! Add one above!</p>
+ <p className="text-center">You have no todo items yet! Add one above!</p>

Rebuild the Docker image:

docker build -t getting-started .

Start a new container using the updated code, You probably saw an error.

docker run -d -p 127.0.0.1:3000:3000 getting-started

Stop the old container:

docker ps
docker stop <container-id> 
docker rm <container-id>

docker ps: To get the ID of the container, then insert the Container ID into the docker stop and docker rm to update

Start the updated container:

docker run -dp 127.0.0.1:3000:3000 getting-started

Refresh http://localhost:3000 to see your updated text.

Implementing Intersite Connectivity in Azure: Seamless Communication Across Virtual Networks

Oladosu Ibrahim — Thu, 23 Oct 2025 11:04:32 +0000

Introduction

In cloud environments, organizations often segment their IT infrastructure into multiple virtual networks (VNets) for better security, performance, and management. For instance, a company may separate core IT services such as DNS and security from departmental workloads like manufacturing or R&D.

However, in many cases, applications and services across these networks still need to communicate securely for example, when a manufacturing app needs to access a shared DNS or authentication service hosted in the core network.

This is where Azure Intersite Connectivity comes in. By implementing Virtual Network Peering, you can connect multiple VNets in Azure, allowing traffic to flow privately through Microsoft’s backbone network without requiring VPNs or gateways.

In this hands-on lab, you’ll explore how to establish communication between two Azure virtual networks and verify connectivity using Network Watcher and PowerShell. You’ll also create a custom route to control traffic flow for specific subnets.

By the end, you’ll understand how to interconnect Azure VNets to build secure, scalable multi-tier cloud architectures.

Skilling Objectives

You will learn how to:

Create and configure multiple virtual networks and virtual machines.
Use Network Watcher to troubleshoot connections between VNets.
Configure VNet peering to enable secure communication.
Create a custom route to manage and control traffic between subnets.

Lab Scenario

Your organization operates separate virtual networks for core IT services and manufacturing systems. For security reasons, these environments are isolated — but certain business processes require secure communication between them.

In this exercise, you’ll configure peering between these VNets, allowing both areas to communicate over Azure’s backbone while maintaining network segmentation.

Task 1: Create a Core Services Virtual Machine and Virtual Network

Begin by deploying your first virtual machine and network.

Sign in to the Azure portal.
Search for Virtual Machines and select Create → Virtual machine.
On the Basics tab, provide the following:
- Resource group: az104-rg5 (create one if needed)
- Virtual machine name: CoreServicesVM
- Region: East US
- Image: Windows Server 2019 Datacenter – x64 Gen2
- Size: Standard_D2s_v3
- Username: localadmin
- Password: create a complex one
- Public inbound ports: None
On the Networking tab, choose Create new for Virtual Network and set:
- Name: CoreServicesVnet
- Address range: 10.0.0.0/16
- Subnet name: Core
- Subnet range: 10.0.0.0/24
Disable boot diagnostics under the Monitoring tab.
Review and create the VM.

This creates both the virtual network and the VM that will represent your core services environment.

Task 2: Create a Manufacturing Virtual Machine and Virtual Network

Next, create another virtual machine in a separate virtual network.

From the Virtual Machines page, select Create → Virtual machine again.
Provide the following configuration:
- Resource group: az104-rg5
- Virtual machine name: ManufacturingVM
- Region: East US
- Image: Windows Server 2019 Datacenter – x64 Gen2
- Size: Standard_D2s_v3
- Username: localadmin
- Password: same secure password
- Public inbound ports: None
Under Networking, create a new virtual network:
- Name: ManufacturingVnet
- Address range: 172.16.0.0/16
- Subnet name: Manufacturing
- Subnet range: 172.16.0.0/24
Disable boot diagnostics and create the VM.

You now have two isolated environments — Core Services and Manufacturing — ready for intersite connectivity.

Task 3: Test the Connection Between Virtual Machines Using Network Watcher

Before establishing peering, let’s verify that the VMs cannot currently communicate.

In the portal, search for Network Watcher.
Under Network diagnostic tools, select Connection troubleshoot.
Set the following parameters:
- Source type: Virtual machine
- Source VM: CoreServicesVM
- Destination type: Virtual machine
- Destination VM: ManufacturingVM
- Protocol: TCP
- Destination port: 3389
Run the diagnostic test.

The result will show Unreachable, confirming that traffic cannot flow between VNets without peering.

Task 4: Configure Virtual Network Peering Between VNets

Now, enable connectivity by creating a peering relationship.

Navigate to the CoreServicesVnet resource.
Under Settings, select Peerings and choose + Add.
Configure as follows:
- Peering link name: CoreServicesVnet-to-ManufacturingVnet
- Virtual network: ManufacturingVnet
- Allow access both ways (check both boxes for access and forwarded traffic).
Click Add to save the configuration.

Your VNets are now linked via Azure’s private backbone — enabling secure intersite communication.

Task 5: Create a Custom Route

To control traffic flow between subnets, you’ll create a user-defined route (UDR).

Open the CoreServicesVnet resource.
Under Subnets, select + Subnet and create a new one named perimeter with address range 10.0.1.0/24.
In the portal, search for Route tables and create a new route table named rt-CoreServices.
Once created, open the route table and add a new route:
- Route name: PerimetertoCore
- Destination type: IP Addresses
- Destination: 10.0.0.0/16
- Next hop type: Virtual appliance
- Next hop address: 10.0.1.7 (representing a future Network Virtual Appliance)
Associate this route table with the Core subnet of your CoreServicesVnet.

With this, traffic from the perimeter subnet will be routed through the NVA before reaching internal services — providing an additional layer of control and security.

Cleanup

To avoid unnecessary costs, delete the resources after completing the lab:

Delete the resource group az104-rg5 from the Azure portal.

Conclusion

You’ve successfully implemented intersite connectivity between two virtual networks in Azure. This setup is foundational for enterprise-grade architectures — enabling cross-department communication, hybrid setups, and multi-region workloads.

In the next lab, you’ll build upon this by exploring more advanced traffic control mechanisms and network security configurations to further strengthen your Azure infrastructure.

Implementing Azure Web Apps: From Setup to Scaling Your Cloud Applications

Oladosu Ibrahim — Tue, 21 Oct 2025 16:45:30 +0000

Introduction

As businesses modernize their IT infrastructure, hosting web applications in the cloud has become a key strategy for improving scalability, reliability, and cost efficiency. Many organizations still rely on on-premises servers to host their company websites, but these setups often come with high maintenance costs, limited scalability, and hardware refresh challenges.

To eliminate the burden of physical infrastructure, companies are increasingly adopting Azure App Service a fully managed Platform as a Service (PaaS) solution for hosting web applications built on popular runtime stacks like .NET, Java, Python, Node.js, and PHP.

In this hands-on lab, you’ll learn how to:

Create and configure an Azure Web App.
Set up a deployment slot for staging and production environments.
Configure continuous deployment using GitHub.
Swap deployment slots for seamless updates.
Implement autoscaling to ensure performance under variable loads.

By the end of this guide, you’ll understand how Azure Web Apps help teams deploy faster, scale smarter, and maintain high availability all without managing servers.

Skilling Objectives

You will learn how to:

Deploy a PHP-based Azure Web App using App Service.
Configure staging and production deployment slots for testing and release management.
Automate deployments using a GitHub repository.
Perform slot swaps to promote tested code into production.
Configure autoscaling to automatically adjust resources based on demand.

Task 1: Create and Configure an Azure Web App

Why start here?

The Azure Web App is the foundational component of Azure App Service. It provides a managed environment to host your website code, manage scaling, and integrate DevOps pipelines — all without provisioning virtual machines.

Steps

Sign in to the Azure portal.
Search for App Services and select + Create → Web App.
On the Basics tab, provide:
- Subscription: Your Azure subscription
- Resource group: Create or select an existing group
- Web app name: A unique name (e.g., WebAppDemo123)
- Publish: Code
- Runtime stack: PHP 8.2
- Operating system: Linux
- Region: East US
- Pricing plan: Premium V3 (P1V3)
Select Review + Create → Create.
Once deployment completes, click Go to Resource to view your newly created Web App.

You now have a fully managed Azure Web App running PHP on Linux ready for configuration and deployment.

Task 2: Create and Configure a Deployment Slot

Why it matters

Deployment slots allow you to host multiple versions of your app within the same App Service plan. They are invaluable for staging, testing, and blue-green deployments without downtime.

Steps

From your Web App’s blade, open the Default domain link to confirm the app is running.
Return to the portal and navigate to Deployment slots under your Web App.
Click + Add Slot, name it staging, and choose Do not clone settings.
Select Add. Once created, you’ll see both Production and Staging slots listed.
Open the staging slot to view its unique URL.

You now have a staging environment to test your app safely before releasing it to production.

Task 3: Configure Web App Deployment Settings

Why it matters

Continuous deployment ensures that your app service always reflects the latest tested code. By connecting your Web App to a GitHub repository, updates can be deployed automatically to your staging environment.

Steps

In the staging slot, select Deployment Center → Settings.
For Source, select External Git.
You notice an Error SCM basic authentication is disabled, click Enabled it.
Check the box for SCM basic Auth Publishing Credentials to enable
In the repository field, enter:

   https://github.com/Azure-Samples/php-docs-hello-world

Set the Branch to master and click Save.
Go to Overview and open the Default domain link.
Verify the deployed app displays “Hello World!” confirming that deployment succeeded.

This setup enables automated updates from your GitHub repository to your staging environment.

Task 4: Swap Deployment Slots

Why it matters

Swapping deployment slots allows you to promote code that has been tested in staging directly into production with minimal risk and zero downtime. It’s an essential practice in modern DevOps workflows.

Steps

Navigate back to Deployment slots in your Web App.
Click Swap, review settings, and then select Start Swap.
Once the swap completes, go back to your Web App Overview and open the production domain.
Verify that the production app now displays the “Hello World!” page.

Your previously tested staging code is now live in production — ensuring safe and seamless deployment.

Task 5: Configure and Test Autoscaling

Why it matters

Autoscaling ensures that your web app performs optimally under fluctuating traffic. Azure automatically adjusts the number of running instances based on real-time metrics like CPU usage or response time.

Steps

In your App Service plan, go to Scale out (App Service plan).
Select Automatic scaling mode.
In the Maximum burst field, set 2 and click Save.
Notice an Error occurred after Scaling out
To simulate load, navigate to Diagnose and solve problems → Load Test your App.
Create a new load test, assign a Unique name for the test (webtest), Review and Create.
From the Overview | Create by adding HTTP requests, select Create.
On the Test plan tab, click Add request. In the URL field, paste in your Default domain URL. Ensure this is properly formatted and begins with https://. Select Add to save your changes.
Select Review + create and Create.
Observe live metrics such as Virtual users, Response time, and Requests per second.
Stop the test once you verify that scaling is working correctly.

Autoscaling dynamically adjusts resources to maintain performance while optimizing cost — a key feature for production workloads.

Cleanup Your Resources

To avoid unnecessary costs, delete your lab resources after completion.

In the Azure portal:

Go to your resource group.
Select Delete resource group, enter the name, and confirm.

Conclusion

By completing this hands-on guide, you’ve implemented a full lifecycle workflow for deploying and managing web apps in Azure — from setup and deployment to autoscaling and cleanup.

Azure Web Apps simplifies application hosting by eliminating the need for physical infrastructure, offering built-in deployment pipelines, and supporting high availability and scalability out of the box.

Whether you’re migrating from on-premises servers or building new cloud-native applications, Azure App Service empowers your organization to innovate faster while keeping operations secure, scalable, and cost-effective.

Strengthening Identity Security: Performing Basic Multifactor Authentication (MFA) Tasks

Oladosu Ibrahim — Tue, 30 Sep 2025 14:15:10 +0000

Introduction

Passwords alone are no longer enough to keep accounts secure. Cyber threats continue to grow, and attackers often try to steal or guess credentials to gain unauthorized access. This is where Multifactor Authentication (MFA) becomes essential. MFA adds an extra layer of security by requiring users to verify their identity with a second factor—like a phone notification, code, or trusted device—before granting access.

In this walkthrough, you’ll learn how to set up and configure basic MFA tasks in Microsoft Entra ID. The exercise includes enabling per-user MFA, reviewing service settings, and configuring account lockout policies to protect against suspicious activities.

Skilling Objectives

By completing this lab, you will learn how to:

Enable and manage per-user MFA.
Configure MFA service settings to suit your organization’s needs.
Set account lockout rules to protect against repeated unauthorized attempts.

Step 1: Enable / Disable Per-user MFA Settings

Open the Microsoft Entra admin center at https://entra.microsoft.com.
Log in using your tenant credentials.
From the menu on the left, open the Identity submenu.
Select Users, then All users.
At the top of the page, select Per-user MFA.
Place a checkmark next to Bhogeswar Kalita.
Select Enable MFA from the list.
A message box will appear with an optional setup URL you can share with the user.
Click Enable.
After a few seconds, notice that Enforced now appears next to Bhogeswar’s name.

Step 2: Review the Service Settings for MFA

In the Entra admin center, go to the Identity submenu again.
Select Users, then All users.
Open the Per-user MFA option.
Select Service settings.
Review the following configurable options:

App passwords: Allow legacy apps to work with MFA.
Trusted IPs: Define safe IP ranges where MFA can be bypassed.
Verification options: Choose which second-factor methods users can use (phone call, mobile app, etc.).
Remember MFA on trusted device: Allow users on trusted devices to skip re-authentication for a set number of days.
1. If no changes are required, select Discard to exit.

Step 3: Configure MFA Account Lockout Settings

In the Entra admin center, open the Protection submenu.
Scroll down and select Show more.
Choose Multifactor authentication, then select Account lockout.
Set the following values:

Number of MFA denials to trigger account lockout: 3
Minutes until account lockout counter is reset: 180
Minutes until account is automatically unblocked: 15
1. Select Save to apply the settings.
2. Review additional MFA options such as Fraud alert, Block/unblock users, and Notifications for stronger security management.

Why Are We Performing MFA Tasks?

Performing MFA tasks is essential because it ensures that even if a password is stolen or guessed, attackers cannot gain access without the second factor of authentication. It provides stronger identity protection, reduces the risk of unauthorized access, and helps organizations maintain compliance with security best practices. MFA is one of the most effective ways to defend against phishing, password theft, and unauthorized logins.

Conclusion

In this exercise, you enabled per-user MFA, reviewed MFA service settings, and configured account lockout policies. By adding MFA to your organization’s identity management strategy, you provide users with stronger protection while keeping attackers at bay. This simple yet powerful layer of security greatly improves the overall resilience of your Microsoft Entra environment.

Enhancing Account Security in Microsoft Entra ID: Password Protection and Self-Service Reset

Oladosu Ibrahim — Tue, 30 Sep 2025 13:24:30 +0000

Introduction

Passwords remain a cornerstone of digital security, but weak or reused passwords are a common vulnerability. Microsoft Entra ID provides robust tools to enforce strong password policies, protect accounts from brute-force attacks, and empower users to reset their passwords securely without relying on IT support.

In this guide, you will learn how to configure password protection settings and explore the self-service password reset (SSPR) feature, helping your organization enhance security and streamline user management.

Skilling Objectives

By completing this walkthrough, you will learn how to:

Configure lockout policies and custom banned password lists.
Enforce strong password rules and smart lockout.
Enable and configure self-service password reset for specific user groups.
Define authentication methods and registration policies for SSPR.
Configure notifications for password reset events.

Step 1: Configure Password Protection

Open Microsoft Entra admin center and log in with your tenant credentials.
From the left menu, navigate to Protection → Authentication methods → Password protection.
Set Smart Lockout Policies:

Lockout threshold: 5 (Number of failed login attempts before account locks)
Lockout duration: 30 seconds (Time the account remains locked)

Configure Custom Banned Passwords:

Enable Enforce custom list.
Enter: Contoso, London, Widget

Enable Enforcement Mode:

Set Mode to Enforced.
Click Save.

💡 Why we configure password protection:
Setting lockout policies and banned password lists prevents brute-force attacks and ensures users create strong, secure passwords.

Step 2: Configure Self-Service Password Reset (SSPR)

In the Entra admin center, go to Protection → Password reset.

2A Enable SSPR for a Specific Group

Find Self-service password enabled and set the value to Selected.
Click No groups selected, then choose the Project23 group.
Click Select → Save.

💡 Why we enable SSPR:
Self-service password reset empowers users to securely reset their own passwords, reducing IT support tickets and improving productivity.

2B Configure Authentication Methods

Navigate to Authentication methods in the Password reset menu.
Set Number of methods required to reset to 1.
Enable the following methods for users:

Email
Mobile phone
Mobile app code
1. Click Save.

💡 Why authentication methods matter:
Users must verify their identity using trusted methods before resetting passwords, ensuring that only authorized individuals can perform a reset.

2C Configure Registration Requirements

Go to Registration → Require users to register when signing in? and set it to Yes.
Set Number of days before users are asked to re-confirm to 90.
Click Save.

💡 Purpose of registration:
Ensures users provide up-to-date authentication information, which strengthens security and guarantees that SSPR functions correctly when needed.

2D Configure Notifications

Navigate to Notifications within Password reset.
Leave Notify users on password reset? at Yes.
Change Notify all admins when other admins reset their password? to Yes.
Click Save.

💡 Why notifications are important:
Notifications keep users and administrators informed of password changes, helping detect unauthorized resets and improving accountability.

Conclusion

In this walkthrough, you configured password protection policies to enforce strong passwords and prevent account attacks. You also enabled and customized self-service password reset, defining authentication methods, registration policies, and notifications.

By applying these features in Microsoft Entra ID, you reduce the risk of compromised accounts, empower users to manage their credentials securely, and streamline IT operations—all while maintaining strong organizational security.

Mastering Identity Management in Microsoft Entra ID: From Users to Roles

Oladosu Ibrahim — Mon, 29 Sep 2025 16:42:01 +0000

Introduction

Groups in Microsoft Entra ID simplify how access is managed across applications, licenses, and resources. Instead of assigning permissions to individual users one by one, administrators can create groups, add users as members, and assign policies or licenses to the group. This makes administration more efficient, consistent, and scalable.

In this walkthrough, you will explore beginner-level group management tasks such as creating groups, assigning members, configuring dynamic membership, and applying licenses. These are essential skills for managing identity and access at scale.

This exercise should take approximately 15 minutes to complete.

Skilling Objectives

By completing this exercise, you will learn how to:

Create a Microsoft 365 group for collaboration.
Create a Security group with dynamic membership.
Add users to groups using different methods.
Assign licenses and ownership at the group level.

Step 1: Create a Microsoft 365 Group

Open Microsoft Entra admin center.
Log in with your tenant administrator credentials.
From the left menu, select Groups → All groups → + New group.
Enter the following details:

Group type: Microsoft 365
Group name: Project23
Group description: This group consists of members of the new AI Simulation software with codename Project23
Membership type: Assigned

Under Members, select + Add members → Bhogeswar Kalita → Select.
Click Create.

💡 Why we create Microsoft 365 groups: They provide a shared workspace for collaboration in Outlook, Teams, and SharePoint, making it easier for project members to communicate and share resources.

Step 2: Create a Security Group with Dynamic Membership

In Microsoft Entra admin center, go to Groups → All groups → + New group.
Enter the following details:

Group type: Security
Group name: Guest Users
Group description: This group has all the Guest users currently in the tenant.
Membership type: Dynamic User
1. Under Dynamic user members, select Add dynamic query.
2. Configure the query:
Property: userType
Operator: Equals
Value: Guest
1. Click Save → Create.
2. Wait about 2 minutes for the group to populate, then select Refresh.

💡 Why we create Security groups: They are used to manage access to resources or apply security policies. With dynamic membership, users are automatically added or removed based on rules, reducing manual administration.

Step 3: Add an Existing User to a Group

Go to Groups → All groups → Project23.
Select Members → + Add members.
Mark the box next to External User and click Select.

💡 Why we add users to groups: Group membership ensures users inherit access and licenses automatically, reducing errors and improving consistency compared to managing each account individually.

Step 4: Add Licenses and Owners to a Group

Assign Group Owners

Go to Groups → All groups → Project23.
Select Owners → + Add owners.
Mark the box next to Bhogeswar Kalita and click Select.

👉 By default, the tenant administrator is the owner if no one is specified.

Assign Group Licenses

Open Microsoft 365 admin center.
Go to Billing → Licenses.
Select Microsoft Power Automate Free.
Open the Groups tab → + Assign licenses.
Select the Project23 group from the dropdown.
Click Assign and refresh to confirm.

💡 Why we assign licenses to groups: Group-based licensing streamlines administration—when new members are added to the group, they automatically inherit the required licenses without manual intervention.

Conclusion

In this exercise, you learned how to create Microsoft 365 and Security groups, add users, configure dynamic membership, assign licenses, and define group ownership in Microsoft Entra ID.

Groups are a cornerstone of modern identity management, helping administrators manage collaboration, enforce security, and scale license assignments efficiently. By mastering these basics, you can streamline user access and reduce administrative overhead across your organization.

Performing Basic User Management Tasks in Microsoft Entra ID: A Step-by-Step Guide

Oladosu Ibrahim — Mon, 29 Sep 2025 11:49:19 +0000

Introduction

Identity and Access Management (IAM) is one of the most critical responsibilities for IT administrators. Microsoft Entra ID (formerly Azure Active Directory) provides the foundation for securely managing users, roles, and access to resources in the cloud.

In this guide, you’ll perform basic user management tasks in Entra ID—from creating a new user to assigning licenses, roles, and even importing users in bulk. These are the essential skills every Identity and Access Administrator needs to master.

This exercise should take about 10 minutes to complete and covers five common user management tasks.

Skilling Objectives

By following this walkthrough, you will learn how to:

Create a new user and confirm login.
Assign Microsoft 365 licenses.
Invite an external guest user.
Assign administrative roles.
Bulk import multiple users from a CSV file.

Architecture Overview

The setup involves using:

Microsoft Entra admin center – for creating and managing users.
Microsoft 365 admin center – for assigning licenses.
CSV templates – for bulk user import.

These tools together provide a complete foundation for identity lifecycle management in the cloud.

Step 1: Create a New User

Open Microsoft Entra admin center.
Log in with your tenant administrator credentials.
Navigate to Users → All users → + New user → Create new user.
Fill in the details:
- User principal name: BhogeswarK
- Display name: Bhogeswar Kalita
- First name: Bhogeswar
- Last name: Kalita
- Usage location: United States (or your region)
Copy and save the auto-generated password.
Select Review + Create → Create.

✅ Subtask: Confirm Login

Open an InPrivate browsing window.
Go to Entra admin center.
Sign in with:
- Username: BhogeswarK@yourtenantname.onmicrosoft.com
- Password: saved password
Complete MFA setup if prompted.

Step 2: Assign a License to the User

Open Microsoft 365 admin center.
Go to Billing → Licenses.
Select Microsoft Power Automate Free.
Click + Assign licenses, choose Bhogeswar Kalita, then Assign.
A confirmation message will appear.

Step 3: Invite an External User

In Entra admin center, go to Users → All users → + New user.
Select Invite external user.
Enter details:
- Email: ExtUser@testemail.com
- Display name: External User
- Message: “Thank you for joining the company for this short work project.”
Click Review + Invite→ Invite.

Step 4: Assign a Role to a User

Method 1: Assign Role via User Settings

Go to Users → All users → Bhogeswar Kalita.
Select Assigned roles → + Add assignment.
From the dropdown, choose Attribute Definition Reader.
Select Eligible → Add.

Step 5: Bulk Import Users

In Entra admin center, go to Users → All users → Bulk operations → Bulk create.
Download the CSV template.
Edit the file with your users’ details:
- Required fields: Username, Display name, Initial password.
- Optional: Department, Usage location, etc.
Save the file (e.g., APL0501-BulkUser.csv).
Upload the file back into the Bulk create wizard.
Click Submit and wait for the success notification.

Conclusion

In this walkthrough, you performed the five core user management tasks in Microsoft Entra ID: creating users, assigning licenses, inviting guests, assigning roles, and importing users in bulk.

Mastering these basics ensures that you can effectively manage user identities, streamline onboarding, and secure access across your organization.

With these skills, you’re well-prepared to take on more advanced Identity and Access Administration tasks such as conditional access policies, identity governance, and lifecycle automation.

Creating DNS Zones and Configuring DNS Settings in Azure: A Step-by-Step Guide

Oladosu Ibrahim — Mon, 22 Sep 2025 12:12:01 +0000

Introduction

Applications often need to communicate using domain names instead of raw IP addresses. Managing these names securely inside your Azure environment is best done with Azure Private DNS, which eliminates the need for a custom DNS solution. With Private DNS zones, you can define custom domain names (like contoso.com) and resolve them directly within your virtual network.

In this guide, you will learn how to create a private DNS zone, link it to a virtual network, and add DNS records that support internal workload communication.

Skilling Objectives

By completing this walkthrough, you will learn how to:

Create and configure a private DNS zone.
Link the DNS zone to a virtual network.
Add DNS records for internal resources.

Architecture Overview

The solution uses:

A private DNS zone named private.contoso.com.
A virtual network link connecting the DNS zone to app-vnet.
A DNS record for the backend subnet to allow name-based resolution of workloads.

This setup ensures that workloads inside app-vnet can communicate using domain names, improving readability and maintainability of the environment.

Step 1: Create a Private DNS Zone

You’ll start by creating a private DNS zone.

In the Azure portal, search for Private DNS zones and select + Create.
Select your subscription and resource group (for example, RG1).
Enter the zone name private.contoso.com.
Choose a region such as East US.
Select Review + create and then Create.
Once deployment is complete, open the DNS zone resource.

Step 2: Link the DNS Zone to the Virtual Network

Next, link the DNS zone to your app-vnet so that workloads can resolve records from the zone.

In the portal, open the DNS zone you just created (private.contoso.com).
In the DNS management blade, select + Virtual network links.
Choose + Add to create a new link.
Provide a link name such as app-vnet-link.
Select the virtual network app-vnet.
Enable Auto registration to automatically register virtual machine hostnames.
Select Create and wait for deployment to complete.

Step 3: Create a DNS Record Set

Now, add a record for the backend subnet.

Open the DNS zone private.contoso.com.
In the DNS management blade, select + Recordsets.
Notice that Azure may have already created A records for your virtual machines.
Select + Add to create a new record set.
Enter the name backend.
Choose record type A.
Set the TTL to 1.
Enter the IP address 10.1.1.5.
Select Add to save the record.

This record means that any workload inside app-vnet can resolve backend.private.contoso.com to the private IP 10.1.1.5.

Conclusion

In this walkthrough, you created a private DNS zone in Azure, linked it to your virtual network, and configured a DNS record for the backend subnet. With this setup, workloads can communicate using domain names instead of IP addresses, while relying on Azure’s built-in DNS service.

This approach reduces complexity, improves readability, and provides a secure way to manage internal name resolution without deploying a custom DNS infrastructure.

Configuring Network Routing in Azure: A Step-by-Step Guide

Oladosu Ibrahim — Mon, 22 Sep 2025 11:51:24 +0000

Introduction

In any cloud deployment, network routing is a core component of security and traffic management. By default, Azure automatically handles routing within a virtual network. However, in scenarios where outbound traffic must be filtered and inspected by a firewall, custom routes are required.

This guide walks you through the process of configuring network routing in Azure by creating a route table, associating it with subnets, and directing outbound traffic through an Azure Firewall for inspection and policy enforcement.

Skilling Objectives

By completing this walkthrough, you will learn how to:

Create and configure a custom route table.
Associate the route table with frontend and backend subnets.
Add a route that forces outbound traffic through a firewall’s private IP.

Architecture Overview

The architecture consists of a single application virtual network (app-vnet) with multiple subnets:

A frontend subnet hosting the application’s frontend workloads.
A backend subnet hosting the application’s backend workloads.
An Azure Firewall deployed inside the virtual network to filter and inspect traffic.
A route table that overrides Azure’s default system routes and sends all outbound traffic through the firewall.

This design ensures that every outbound request from your workloads is inspected by the firewall before leaving the virtual network.

Step 1: Record the Firewall’s Private IP Address

Before you configure the route table, you need the firewall’s private IP address.

In the Azure portal, search for Firewall and select your firewall instance (for example, app-vnet-firewall).
From the Overview page, copy the Private IP address.
This private IP will be used as the next hop in your custom route.

Step 2: Create a Route Table

Now create a custom route table to override Azure’s system routes.

In the Azure portal, search for Route tables and select + Create.
Use your existing subscription and resource group (for example, RG1).
Choose the region (such as East US).
Name the route table (for example, app-vnet-firewall-rt).
Select Review + create, then Create.
Once deployment is complete, open the new route table.

Step 3: Associate the Route Table with Subnets

Next, you need to link the route table to the subnets where traffic should be filtered.

Open the route table you just created.
In the Settings blade, select Subnets and then choose + Associate.
Associate the route table with the frontend subnet of app-vnet.
Repeat the same process and associate it with the backend subnet.

Now both frontend and backend workloads will send traffic using this route table.

Step 4: Create a Route in the Route Table

Finally, you’ll create a custom route that directs all outbound traffic to the firewall.

Open the same route table and select Routes under the Settings blade.
Choose + Add to create a new route.
Enter a route name such as outbound-firewall.
For destination type, select IP addresses.
Enter 0.0.0.0/0 as the destination address range to capture all outbound traffic.
For the next hop type, select Virtual appliance.
Enter the private IP address of the firewall you recorded earlier.
Select Add to save the route.

Conclusion

In this walkthrough, you configured network routing in Azure to ensure all outbound traffic passes through a firewall for inspection. You created a route table, associated it with your application’s frontend and backend subnets, and defined a custom route that directs all traffic to the firewall.

With this setup, your workloads are protected by centralized routing rules, ensuring that security policies are consistently enforced across the environment.

Creating and Configuring Azure Firewall: A Step-by-Step Guide

Oladosu Ibrahim — Mon, 15 Sep 2025 16:15:18 +0000

Introduction

As applications scale and attract more users, ensuring secure and controlled network access becomes a critical requirement. Azure Firewall is a fully managed, cloud-native network security service that provides centralized control, advanced filtering, and protection against threats. It enables organizations to apply consistent security policies across workloads while allowing essential communication such as application updates and DNS resolution.

In this guide, you will learn how to create and configure Azure Firewall, build a firewall policy, and add both application and network rules that secure your application virtual network (app-vnet).

Skilling Objectives

By following this walkthrough, you will learn how to:

Deploy an Azure Firewall into an existing virtual network.
Configure a firewall policy for centralized management.
Create an application rule that allows outbound access to Azure DevOps for continuous updates.
Create a network rule that supports DNS resolution.

Architecture Overview

The solution uses a single application virtual network (app-vnet) that hosts workloads. Azure Firewall is deployed inside a dedicated subnet called AzureFirewallSubnet, where it inspects and filters traffic. A firewall policy defines the security rules:

An application rule grants the application access to Azure DevOps services.
A network rule allows DNS resolution.

This design ensures secure outbound communication while maintaining centralized security management.

Step 1: Create Azure Firewall Subnet

Azure Firewall requires a dedicated subnet named AzureFirewallSubnet.

In the Azure portal, search for Virtual networks and open your application virtual network (app-vnet).
Select Subnets and then choose + Subnet.
Name the subnet AzureFirewallSubnet and assign the address range 10.1.63.0/26.
Leave other settings as default and save.

Step 2: Deploy Azure Firewall

In the Azure portal, search for Firewall and select + Create.
Use resource group RG1 and name the firewall app-vnet-firewall.
Choose the Standard SKU and configure it to use a new firewall policy named fw-policy.
Select East US as the region, attach it to the existing virtual network app-vnet
Create a new Firewall Policy called fw-policy and a new public IP address called fwpip
Complete the wizard by selecting Review + create and then Create.

Note: Deployment may take several minutes.

Step 3: Configure Firewall Policy

Add an Application Rule

In the Azure portal, search for Firewall Policies and open fw-policy.
Go to Application rules and add a new rule collection.
Name it app-vnet-fw-rule-collection, set the priority to 200, and the action to Allow.
Add a rule called AllowAzurePipelines that allows HTTPS traffic from the source address range 10.1.0.0/23 to the fully qualified domain names (FQDNs) dev.azure.com and azure.microsoft.com.

This rule ensures that your application can securely communicate with Azure DevOps for updates.

Add a Network Rule

In fw-policy, open Network rules and add a new rule collection.
Name it app-vnet-fw-nrc-dns, set the priority to 200, and the action to Allow.
Add a rule called AllowDns that permits UDP traffic on port 53 from the source address range 10.1.0.0/23 to the IP addresses 1.1.1.1 and 1.0.0.1.

This rule ensures that DNS queries from the application workloads are resolved successfully.

Step 4: Verify the Deployment

In the Azure portal, search for Firewall and open app-vnet-firewall. Confirm that the provisioning state shows Succeeded.
Next, search for Firewall policies and open fw-policy. Ensure that its provisioning state also shows Succeeded.

Conclusion

In this walkthrough, you created and configured Azure Firewall to secure an application virtual network. You deployed the firewall into a dedicated subnet, created a centralized firewall policy, and added both application and network rules.

With this setup, your application is now protected by a managed firewall service while still maintaining necessary outbound access for updates and DNS resolution. This approach centralizes network security and prepares your environment for future scaling and advanced protection needs.

Hosting Your Resume Website on GitHub: A Step-by-Step Guide

Oladosu Ibrahim — Fri, 12 Sep 2025 23:13:51 +0000

Introduction

Version control isn’t just for professional developers, it’s a powerful tool for anyone who wants to showcase their projects online. With Git and GitHub Pages, you can turn a simple HTML file into a live website in minutes.

In this guide, we’ll walk through how to:

Configure Git with your username and email.
Initialize a Git repository and create your first HTML file.
Push your project to GitHub.
Host your resume website using GitHub Pages.

By the end, you’ll have your resume running as a personal website, accessible to anyone with the link.

Skilling Objectives

You will learn how to:

Set up Git with your global configuration (username and email).
Create a new project directory and initialize it with Git.
Add and commit files using Git commands.
Push your repository to GitHub.
Deploy a simple HTML file as a live website using GitHub Pages.

Step 1: Configure Git

Before creating a project, you need to configure Git with your identity. This ensures your commits are properly linked to your account.

git config --global user.name "Sudais@1998"
git config --global user.email "oladosuadeniyi39@gmail.com"

Step 2: Create a New Project Directory

Create a folder for your resume project, navigate into it, and initialize Git.

mkdir sudaisdirectory
cd sudaisdirectory
git init

Check that Git has been initialized by listing hidden files:

ls -al

Step 3: Add an HTML File

Create your main HTML file:

touch index.html
vi index.html

Inside vi, press i to enter insert mode and paste your HTML code.
When done, press Esc, then type:

:wq

This saves and quits the editor.

Step 4: Connect to GitHub

Now, go to your GitHub account and create a new repository (e.g., my-resume). Copy the repository link and connect it to your local project:

git remote add origin https://github.com/Sudais1998/my-resume.git

Step 5: Commit and Push Your Project

Add your files to Git’s staging area, commit them, and push them to GitHub:

git status
git add .
git status
git commit -m "new commit"
git push origin master

Step 6: Deploy with GitHub Pages

On GitHub, go to your repository and select master.
Select index.html to view the code
Click on the Settings tab.
Scroll to Pages.
Under “Source,” select the master branch and save.
Once deployed, GitHub will provide you with a live link.
Select visit site or click on the link

Step 7: View Your Resume Website

Open the GitHub Pages link.
Your index.html file should now be live as a personal resume website.

Conclusion

In this hands-on guide, you’ve learned how to:

Configure Git with your identity.
Create a project and version-control it locally.
Push your repository to GitHub.
Deploy a static site with GitHub Pages.

This is a beginner-friendly yet professional way to publish your resume or portfolio. With this foundation, you can expand your project to include more HTML pages, CSS styling, or even JavaScript features, making your personal website stand out.