Recent Discussions
Downtime of API Management during deployment
Which actions will cause a downtime of Azure API Management so APIs will not be able to consume (Premium Tier)? E.g. changing network would be obviously. But what about deployments of APIs, Products, Scaling up and down... How can I find out which actions will make the APIs unavailable? Or is there a mechanism which will keep them available in each scenario (Even if "Service is being updated")? Thanks!How can I convert an website on Microsoft to IOS?
Hello everyone, Hope you all are doing good, I am Jeck. I have a website which I design and developed on my apple machine and basically made on IOS. Now, I want to change my website to Microsoft, my website is on https://www.bestelectricsmoker2021.com/ Can you guide me porperly or suggest me anyone who can work for me and extend my bussiness on Micosoft. Thank you Have a good day!
Azure Local
i am trying to install Azure local on nested Hyper-V VM as test environment, 1 DC, 1 HCI VM and unfortunately i am stuck with an error: "Type 'ValidateArcIntegration' of Role 'EnvironmentValidator' raised an exception: { "ExceptionType": "text", "ErrorMessage": "The provided account MSI@50342 does not have access to subscription ID \"7187cfd2-689c-4918-b43b-6e767d2bc1eb\". Please try logging in with different credentials or a different subscription ID. If a subscription is not specified, please check the configs by `Get-AzConfig`"Does Azure auto-monitor ports in ACI
I have just started working with ACI. I have a container running DNS/TLS on port 853. I'm seeing connections from private/internal IP and wondering if ACI auto monitors as they aren't any IP addresses in subscription. I can't see anything in the docs that would suggest it is auto-monitored, but wondering how/why those IP are able to route to the container. notice: ssl handshake failed 10.92.0.10 port 64047
Runtime installations on Azure Functions
We have a serverless requirement to run an ETL tool jobs from Azure Functions. The run time utility package for the ETL tool, would need to be installed on the azure functions, so it can run those utility tasks when invoked. Is there a standard way of installing a utility package every time the azure function is invoked? Note the azure function would be in python and python does not have an existing package to run informatica jobs.Mouse Click Offset Issue in Azure Virtual Desktop App on Windows 11 with Dual Monitors
We are experiencing a recurring mouse misalignment issue when using the Azure Virtual Desktop (AVD) Windows App on several Windows 11 clients. The problem occurs on devices with two external monitors and affects multiple users. Environment Windows version: 10.0.26200.6899 (Windows 11, 25H2) AVD Windows App: mainly version 2.0.757.0, some clients are on slightly different versions Hardware: Windows 11 PCs with two external monitors Display settings: both monitors at 1920x1080, 100% scaling Mac users (using the AVD app) report no issues Issue description The visual mouse pointer and the actual click position become misaligned inside the AVD RemoteApp session. For example, clicking on one item may select the item below it. This appears to be a rendering or coordinate-mapping issue within AVD when running inside the Windows App. Temporary workaround Minimizing the AVD window and then maximizing it immediately resolves the issue. This refresh/redraw action realigns the pointer and click coordinates. Questions Has anyone else seen mouse click offset issues in the AVD Windows App on Windows 11 25H2 with dual-monitor configurations? Are there known fixes, configuration adjustments, or recommended workarounds beyond the minimize/maximize redraw?
Can I send MgGraph traffic over Service Endpoint from Azure VM?
I have a Azure VM which resides on a subnet that has UDR to send all traffic to 0.0.0.0/0 through our firewall which in turn sends the http and https traffic to our proxy. I am having problems executing graph queries on this VM. "connect-mggraph" succeeds because "Microsoft.AzureActiveDirectory" service endpoint is there on this subnet. But after that query to get a user or anything else throws "an error occurred" message. My thinking is that the traffic is not being sent over https/http and thus not being forwarded to our proxy from the firewall. Thus , I want to see if it is possible to send this traffic through a Azure Service Endpoint instead?
Office-js addin with webapi in Api management. Failed to fetch
Hello. My application contains one office-js addin (typescript) project + one Webapi core (c#) project, both communicating through a fetch function when cors is enabled.It works together properly on my local computer. I published : - the webapi on azure api management (https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-rest-api). Test gaves a 200 OK. - the Office addin on azure. It works properly (as long the fetch function is not involved). However when used, fetch function raises errors (message = "failed to fetch").The issue may be about proper ssl certificates as described in : https://docs.microsoft.com/en-us/office/dev/add-ins/concepts/requirements-for-running-office-add-ins. Is it a possible solution ? I tried with self signed certificate with no success so far. Is there any tutorial explaining how to implement it ? Any help would be appreciatedUnderstanding Azure AD Tenants, Users, Groups, and Roles: A Practical Guide
As cloud adoption continues to shape modern IT infrastructures, Microsoft Azure Active Directory (Azure AD)—now part of Microsoft Entra ID—has become one of the most essential identity and access management (IAM) solutions for organizations. Whether you’re setting up a brand-new cloud environment or managing a hybrid workforce, understanding how Azure AD tenants, users, groups, and roles work is fundamental to keeping your environment secure, organized, and scalable. This guide breaks down each of these components in simple, practical terms, helping you gain the confidence to manage Azure identity services effectively. https://dellenny.com/understanding-azure-ad-tenants-users-groups-and-roles-a-practical-guide/How to Implement Azure AD Conditional Access Policies Step-by-Step
In today’s cloud-first world, identity is the new security perimeter. With employees logging in from different devices, locations, and networks, traditional access control is no longer enough. This is where Azure AD (now Microsoft Entra ID) Conditional Access comes in. It allows organizations to enforce automated decision-making about who can access what, under which conditions, and using which devices. If you’ve ever wondered how to configure Conditional Access the right way, without breaking user access or causing downtime, this guide walks you through the process https://dellenny.com/how-to-implement-azure-ad-conditional-access-policies-step-by-step/Managing Azure AD Identity Protection: Detecting and Mitigating Risky Sign-ins
In today’s digital landscape, securing user identities is more critical than ever. Organizations leveraging cloud services, especially Microsoft Azure, face an increasing number of identity-based threats, including account compromise, phishing attacks, and unauthorized access. Azure Active Directory (Azure AD) Identity Protection provides a robust set of tools to help IT teams detect, investigate, and mitigate risky sign-ins effectively. In this blog, we’ll explore how to manage Azure AD Identity Protection, detect risky sign-ins, and implement strategies to minimize security risks. https://dellenny.com/managing-azure-ad-identity-protection-detecting-and-mitigating-risky-sign-ins/Networking out Private VNET in AZURE with a third party app such as payment gateway?
I need to do networking so that my VNET in Azure connects to third party applications such as payment gateways or messaging apps which are in Public internet. Please let me know the options and why we should prefer one over the other?
Misplacement of schema in AllowedHostPathVolumesInKubernetesClusterList Policy Parameter?
In the Microsoft Cloud Security Benchmark, the policy parameter `AllowedHostPathVolumesInKubernetesClusterList` defines a `schema` object nested under metadata. Is this placement intentional, or should the schema be defined at the top level of the parameter https://github.com/Azure/azure-policy/blob/303a0000a3b9d1aed7361c69edaafd4340d37df7/built-in-policies/policySetDefinitions/Azure%20Government/Security%20Center/AzureSecurityCenter.json#L4132Spoke-Hub-Hub Traffic with VPN Gateway BGP and Firewall Issue
Hello, I’m facing a situation where I’m trying to have Azure Firewall Inspection on the VPN Gateway VNET-VNET Connectivity. It seems to work if I go from SpokeA-HubAFirewall-HubAVPN—HubBVPN-SpokeB but if I try to go from SpokeA-HubAFirewall-HubAVPN-HubBVM or Inbound Resolver it fails to route correctly according to Connectivity Troubleshooter it stops at HubAVPN with Local Error: RouteMissing but then reaches destination health so makes me believe it’s getting there but not following the route I want it to take which might be causing routing issues. What Am I missing here? This connectivity was working before introducing the Azure Firewall for Inspection with the UDR. Is what I’m trying to accomplish not possible? I’ve tried different types of UDR rules on the Gateway Subnet, and this is my most recent configuration. The reason I’m trying to accomplish this is because I’m seeing a similar error in our Hub-Spoke Hybrid environment and I’m trying to replicate the issue. Current Configuration 2x Hubs with Spoke networks attached so example Hub-Spoke-A Configuration: Hub-A Contains following subnets and Resources VPN Gateway - GateWaySubnet Azure Firewall - AzureFirewallSubnet Inbound Private Resolver - PrivateResolverSubnet Virtual Machine – VM Subnet Gateway Subnet has an attached UDR with the following routes Propagation - True Prefix Destination – Hub-B Next Hop Type – Virtual Appliance Next Hope IP – Hub-A Firewall Prefix Destination – Spoke-B Next Hop Type – Virtual Appliance Next Hope IP – Hub-A Firewall Hub-Spoke-B Configuration: Hub-B Contains following subnets and Resources VPN Gateway - GateWaySubnet Azure Firewall - AzureFirewallSubnet Inbound Private Resolver - PrivateResolverSubnet Virtual Machine – VM Subnet Gateway Subnet has an attached UDR with the following Routes Propagation - True Prefix Destination – Hub-A Next Hop Type – Virtual Appliance Next Hope IP – Hub-B Firewall Prefix Destination – Spoke-A Next Hop Type – Virtual Appliance Next Hope IP – Hub-B Firewall Spoke Subnets has an attached UDR with the following Routes Propagation - True Prefix Destination – 0.0.0.0/0 Next Hop Type – Virtual Appliance Next Hope IP – HubA/HubB Firewall (Depending on what hub its peered to) VPN Gateways HA VNET-VNET with BGP Enabled. I can see that it knows the routes and like I said this was working prior introducing the UDRs for force traffic through the azure firewall.
Can anyone attest to the accuracy of an Azure Migrate Business Case?
Hello! I've only created a business case in a simple lab environment using 5 on-prem Hyper-V servers. (SmartHotelHost lab from Github) The business case export explains that I'll be saving over $100K annually once fully migrated into Azure after multiple years. (It's only 5 servers!) That said, I've been reluctant to suggest the Business Case tool and steer clients toward the Azure Migrate Assessment and Azure Pricing Calculator which have proven to be reliable tools. Anyone have any experience with the business case? Was it accurate? Thanks a bunch! Rich
Azure DDoS Protection Standard
Hi Team, Is it recommended to have Azure DDoS Protection Standard enabled for Virtual Network where Virtual network gateways are associated with that Virtual network? This VNG is establishing a VPN tunnel with Onprem VPN Devices. what is the security risk if I am using basic DDoS protection?Hyper-V Core - Setting up a VLAN
Hi All, Forgive me if I've put this post in an incorrect location. I'm not a large user of Microsoft forums. I have tried to find where to create a post under the servers section but I cannot find the create post button in that community. I'm happy for this post to be moved to the correct location. I have a server running Hyper-V core 2019 of which I remotely connect to from a Windows 10 Pro computer using Hyper-V manager. I have a number of VM and relevant snapshots on it. I have recently been asked by work to investigate setting up a VLAN on this server to group together 5 VMs on there own private network (hopefully using my existing VMs) with access to the internet. I have searched online on how to do this and in most cases the host Hyper-V server is a full blown OS not a base Hyper-V core. Can anyone guide me on the best source of information on how to setup this requirement? At this time I am imagining that most work has to be done on the command line screen of Hyper-V core via command line entries or PowerShell commands. If this is not possible can someone point me to reliable information on how i can upgrade my Hyper-V core to a full blown OS with a GUI ideally without losing my existing VMs? Thanks in advance. Regards, Barry
Events
Organizations exploring AI apps and agents face a critical choice: build, buy, or blend. There’s no one-size-fits-all—each approach offers unique benefits and trade-offs. Tune in for insights into th...
Online
Recent Blogs
- TOC Introduction Environment Variable Build Time Compatible Memory Conclusion 1. Introduction One of the most common issues during project development is the scenario where “...Nov 30, 2025
- When working with Confidential VMs (CVMs) in Azure, ensuring secure backups is just as important as protecting workloads in use. Confidential VMs use hardware-based Trusted Execution Environments (TE...Nov 29, 2025
