Azure updates explained: ‘What-if’ for ARM template deployments

Azure updates explained: ‘What-if’ for ARM template deployments Azure updates explained: ‘What-if’ for ARM template deployments

Version 12.01.21

Azure expert Xander Oortgiesen (@vworlddotnl) brings you up to speed on the latest and greatest updates for Microsoft Azure. On the docket in this blog: What-If ARM Template deployments, 99.99% uptime for Azure Active Directory, and live logs for Containers in Azure Monitor.

ShareGate’s easy-to-use SaaS tools enable organizations to achieve more than ever before with Azure and Microsoft 365. In our ongoing series, Xander Oortgiesen explains what the most impactful recent Azure updates are and how you can use them to make your infrastructure more efficient.

Hello! Happy new year and all the best wishes for 2021! I hope you enjoyed my last Azure updates explained article, which was way back in 2020. I spoke about the new unified Connection Monitor in Network Watcher, ARM templates for Azure file share support, and Azure Monitor support for Windows Virtual Desktop.

We’re not even two weeks into the new year and we’ve already seen lots of new updates to Azure. Let’s dive into them!


Want to learn how to govern your Azure environment from the experts? At Deploy, ShareGate’s online event focused on Azure governance, 9 Azure experts shared their experiences and insights to help you identify best practices to increase efficiency and visibility in the cloud. Watch the sessions on demand now!

deploy logo

Expert presentations
on Microsoft Azure governance


What-if for ARM template deployments is now generally available

Deploying an Azure Resource Management (ARM) template can be a time-consuming process, which is why it’s particularly frustrating if your deployment doesn’t work as expected.

You could spend a lot of time troubleshooting and going back and forth using trial and error to try to figure out what went wrong and how to solve the problem.

The new what-if capability for ARM templates allows you to preview the effects of a template deployment before executing it—thereby letting you validate that everything works as expected before deploying it.

To demonstrate this, I’m using a simple example: I’ve created an ARM template that deploys a simple VM using Azure Powershell.

Code showing how to create a new VM with ARM templates

The VM was successfully deployed and is up and running. But let’s say we want to alter our template file with a more appropriate NIC name. Let’s edit the parameter file to change the NIC name value:

Code showing how to create a new nic name for a VM with ARM templates

In my example I’m using the Azure Cloud Shell. You can easily edit files using code control-s to save your file and control-q to exit the editor.

Ok, we have written the code to change the NIC name, but we haven’t deployed it yet. Now we want to test the what-if functionality to see that in action!

We are going to use the same command—New-AzResourceGroupDeployment—but with the what-if option included.

Code showing how to create a new nic name with what-if option for ARM templates

As you can see, only the change we just made to the NIC name, and all the references toward that change, are in green. Green indicates that they’re new.

If you want to test removing something from your template with the what-if option, the deleted item will appear in the code in red, and all references toward that change will be in green.

The what-if option is only a method to check what will happen once you deploy your ARM template. It won’t deploy or change anything for you.

After executing the command with the what-if option, our demo VM still has the original NIC name.

Screenshot of the what-if option for ARM templates

Just remove the what-if option to make your changes final!

What-if is available as part of the deployment cmdlets in Powershell AZ module (version 4.2 or later) and the deployment commands in AZ CLI (version 2.5 or later).

Why this Azure update matters

I have tested the what-if functionality on many occasions. Although it’s not perfect (depending on how well each Azure Resource Provider is implemented, you will sometimes see some false positives), it certainly can save you lots of time troubleshooting!

I’ve heard from Terraform users that this is a frequently used functionality for them. Now Microsoft has built-in support for that!

The Microsoft product group is still working on reducing false positives. Some additional ARM template what-if information can be found in this github.


99.99% uptime for Azure Active Directory

Microsoft recently announced that starting on April 1, 2021 (no it’s not an April Fools’ joke), their service level agreement (SLA) will be changed to 99.99% uptime for Azure Active Directory (AD) user authentication—an improvement over the previous 99.9%.

Microsoft states that they are currently handling tens of billions of authentication requests daily, and they have seen a significant increase due to more and more people working remotely due to COVID-19. At the beginning of the pandemic, there was unprecedented demand for cloud resources that led to some issues around Azure capacity and scalability.

Microsoft quickly got things under control, and it’s nice to see that they keep improving their SLAs on their services.

So, what does 99.99% really mean in terms of your business’s downtime? Let’s compare with Microsoft’s current SLA of 99.9%.

TimeAmount of downtime with 99.9%Amount of downtime with 99.99%
Daily1m 26s8s
Weekly10m 4s1m 0s
Monthly43m 49s4m 22s
Quarterly2h 11m 29s13m 8s
Yearly8h 45m 56s52m 35s

Why this Azure update matters

As you can see this is a major improvement—minutes instead of hours of downtime each year.

But I also want to make a point. Always design critical parts of your environment adequately (using the various Azure services) so that in case of an emergency you have your environment set in place!


Azure Monitor for Containers now supports live logs

It was already possible to extract an enormous amount of logging about your Azure Kubernetes (AKS) environment, but, until recently, this was only possible for historical logs. Azure Monitor for Containers now supports live logs for private clusters!

With this, you can see real-time data on your container logs, events, and pod metrics. This is an advanced diagnostic feature that I’m really excited about.

Inside the console pane you see the logs, events, and metrics generated by the container engine to further assist in troubleshooting issues in real-time. This functionality makes use of the Kubernetes API.

Here’s an example of when I deployed some live logs:

Screenshot of live logs in Azure Monitor for containers

In this example, you see logging of all the deployments. It’s live logging, but you can pause and scroll through the content.

Here’s an example of the view of some live logs:

Screen shot of live logs in Azure Monitor

In this example, you see an overview of your AKS environment with all the necessary information and the live view of your logging.

Here’s an example of the events you can view:

Screenshot of the live events you can see with Azure Monitor for containers

In this example, you see that it’s now possible to view live events from the nodes, controllers, containers and deployments. You can specify and filter your views.

Lastly, here’s an example of the metrics you can view:

Screenshot of the live metrics you can view with Azure Monitor for containers

In this example, you can view real-time metric data as it’s generated by the container engine from the nodes or controllers. And you can view historical metrics using the Azure Log Analytics.

Why this Azure update matters

The possibility to view live logs, events, and metrics has been a much-requested feature because it can help you troubleshoot and manage your AKS.

I personally find the ability to view this information using the Azure Portal interface very convenient; you don’t have to build queries and you have a lot of filter options.

The live data feature includes search functionality, and you can pause and scroll through the (sometimes) enormous amount of data. All the data can be exported using Azure Log Analytics.

Keep in mind that live logging and viewing can be data (and cost!) heavy, so if you use it all the time it could impact performance. So, use it only when there’s a reason. For example, if something isn’t working the way it should and you want to troubleshoot the issue, live logging can be really helpful.

Or, if you want to see the performance impact of a specific change, you can use live logging to keep track of what takes place before and after your change.


Thanks so much for reading this week’s edition of Azure updates explained! I hope you found it helpful and that you’ll tune in for our next edition as well.


Recommended by our team

What did you think of this article?

Stop wasting money in Azure: Watch our on-demand webinar to build an efficient Azure cost management strategy for your business