Jet Mariano

Tag: Infrastructure as Code

  • Terraform Made Simple, your first working configuration from install to Azure access

    Introduction
    Infrastructure as Code is not optional anymore. Terraform gives you a declarative way to build, modify, and destroy cloud resources cleanly. This tutorial shows exactly how to install Terraform, create your first configuration, and connect it to Azure without affecting your company’s production environment. I used these steps to rebuild my own skills after leaving California and stepping into Utah’s quiet season of learning.

    Step 1
    Install Terraform using Winget

    1. Open PowerShell as admin
    2. Run the installer
      winget install HashiCorp.Terraform –source winget
    3. Restart your PowerShell window
    4. Verify the installation
      terraform -version

    You should see something like
    Terraform v1.14.0

    Step 2
    Create your Terraform workspace

    1. Create a folder
      mkdir C:\terraform\test1
    2. Go inside the folder
      cd C:\terraform\test1
    3. Create a new file
      New-Item main.tf -ItemType File

    Leave the file empty for now. Terraform just needs to see that a configuration file exists.

    Step 3
    Write your first Terraform configuration

    Open main.tf and paste this:

    provider “azurerm” {
    features {}
    }

    Nothing created yet. This is read only.

    The goal is to connect Terraform to Azure safely.

    Save the file.

    Step 4
    Initialize Terraform

    Run
    terraform init

    This downloads the AzureRM provider and sets up your working directory.

    You should see
    Terraform has been successfully initialized

    Step 5
    Install the Azure CLI

    Terraform connects to Azure using your Azure CLI login. Install it with:

    winget install Microsoft.AzureCLI

    Verify it
    az –version

    Step 6
    Log into Azure

    Run
    az login

    A browser opens. Select your Azure account.

    Important note
    If you see Martin’s Azure subscription, stop here and do not run terraform apply.
    Terraform plan is safe because it does not make changes.

    Step 7
    Check your Azure subscription

    az account show

    This confirms who you are logged in as and which subscription Terraform will use.

    Step 8
    Run your first Terraform plan

    terraform plan

    This reads your main.tf and checks for any required changes.
    Since your config is empty, the output will say:
    No changes. Infrastructure is up to date.

    Step 9
    Useful Azure CLI commands for Cloud Engineers

    Check all resource groups
    az group list -o table

    Check all VMs
    az vm list -o table

    Check storage accounts
    az storage account list -o table

    Check virtual networks
    az network vnet list -o table

    Check VM status
    az vm get-instance-view –name VMNAME –resource-group RGNAME –query instanceView.statuses[1].displayStatus

    Check Azure AD users
    az ad user list –filter “accountEnabled eq true” -o table

    Check your role assignments
    az role assignment list –assignee <your UPN> -o table

    These commands show LC that you are comfortable with both Terraform and Azure CLI.

    Step 10
    Can Terraform check Defender?

    Terraform itself does not “check” Defender, but you can manage Defender settings as resources.

    For example:

    azurerm_security_center_contact
    azurerm_security_center_subscription_pricing
    azurerm_security_center_assessment
    azurerm_defender_server

    Meaning
    Terraform is for configuration
    Azure CLI is for inspection
    Graph / PowerShell is for deep security reporting

    If LC wants real Defender reporting, we use:

    Connect-MgGraph
    Get-MgSecurityAlert
    Get-MgSecuritySecureScore

    You already know these.

    Step 11
    Cleaning up safely

    Since we did not deploy anything, no cleanup is required.

    If you later create real resources, destroy them with
    terraform destroy

    Final thoughts
    Terraform is one of the most powerful tools in cloud engineering. Once you know how to initialize it, authenticate with Azure, and run plans, you are already ahead of many engineers who feel overwhelmed by IaC. LC will immediately see that you are not just an Exchange guy or a VMware guy. You are becoming a modern DevOps cloud engineer who can manage infrastructure in code.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Terraform for M365 & Azure (With Real Examples)

    Title:

    Terraform for M365 and Azure — Infrastructure-as-Code Made Simple

    Introduction

    Terraform is one of the most powerful tools for managing cloud environments because it lets you declare what you want and Azure builds it. No guessing. No clicking. No forgetting what you changed.

    Even if M365 doesn’t support Terraform natively for all workloads, you can still automate Azure AD, Conditional Access, Groups, SPNs, Networking, Key Vault, and App Registrations through the Microsoft Graph provider.

    I used IaC principles while supporting Church systems — Terraform makes environments repeatable, auditable, and consistent.

    1. Installing Terraform

    choco install terraform

    2. Azure Login Block

    provider "azurerm" {
  features {}
}

provider "azuread" {
}

    3. Creating an Azure Resource Group

    resource "azurerm_resource_group" "rg1" {
  name     = "M365AutomationRG"
  location = "WestUS2"
}

    4. Creating an Azure AD Group

    resource "azuread_group" "security_group" {
  display_name     = "M365-Automation-Admins"
  security_enabled = true
}

    5. Creating an App Registration + Secret

    resource "azuread_application" "app" {
  display_name = "Terraform-Automation-App"
}

resource "azuread_service_principal" "sp" {
  application_id = azuread_application.app.application_id
}

resource "azuread_application_password" "sp_secret" {
  application_object_id = azuread_application.app.id
  display_name          = "secret1"
}

    6. Conditional Access via Terraform (Yes, possible!)

    Uses the Microsoft Graph Terraform provider.

    resource "msgraph_conditional_access_policy" "block_non_us" {
  display_name = "Block Non-US IP"
  state        = "enabled"

  conditions {
    users {
      include_users = ["all"]
    }
    locations {
      include_locations = ["All"]
      exclude_locations = ["US"]
    }
  }

  grant_controls {
    operator         = "OR"
    built_in_controls = ["block"]
  }
}

    7. Create an M365 Group (Unified Group)

    resource "msgraph_group" "m365_group" {
  display_name     = "Engineering Team"
  mail_nickname    = "engineering"
  security_enabled = false
  mail_enabled     = true
  group_type       = ["Unified"]
}

    8. Create Azure Key Vault

    resource "azurerm_key_vault" "kv" {
  name                = "m365-keyvault-prod"
  location            = azurerm_resource_group.rg1.location
  resource_group_name = azurerm_resource_group.rg1.name
  tenant_id           = data.azuread_client_config.current.tenant_id
  sku_name            = "standard"
}

    Conclusion

    Terraform is the “blueprint” of modern cloud administration.
    Clicking creates inconsistencies — IaC creates reliable, repeatable deployments.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

error: Content is protected !!