Recent Discussions
Advanced Container Apps Networking: VNet Integration and Centralized Firewall Traffic Logging
Azure community, I recently documented a networking scenario relevant to Azure Container Apps environments where you need to control and inspect application traffic using a third-party network virtual appliance. The article walks through a practical deployment pattern: • Integrate your Azure Container Apps environment with a Virtual Network. • Configure user-defined routes (UDRs) so that traffic from your container workloads is directed toward a firewall appliance before reaching external networks or backend services. • Verify actual traffic paths using firewall logs to confirm that routing policies are effective. This pattern is helpful for organizations that must enforce advanced filtering, logging, or compliance checks on container egress/ingress traffic, going beyond what native Azure networking controls provide. It also complements Azure Firewall and NSG controls by introducing a dedicated next-generation firewall within your VNet. If you’re working with network control, security perimeters, or hybrid network architectures involving containerized workloads on Azure, you might find it useful. Read the full article on my blog
Blank screen in "new" AI Foundry and unable to go back to "classic" view
Hi, I toggled on the "new" AI foundry experience. But it just gives me a blank page. I cannot disable it and go back to the old view though. When I go to https://ai.azure.com/ it takes me to the "nextgen" page (e.g. https://ai.azure.com/nextgen/?wsid=%2Fsubscriptions...) Removing "nextgen" from the URL just redirects me back to the "nextgen" version. This also happens to my colleague, and we can't use the Foundry. Can you help?
Corrupted VT+ transaction files
We are a small accounting company using VT+ Transaction on a local drive synchronized with OneDrive for backup and file storage. A few days ago when we tried to open the application, we suddenly started receiving the following error messages: Run Time Error 0 and Run Time Error 440, and the program does not start. According to VT+ support the program files are corrupted and the data can only be restored up to the year 2022, as the more recent backups are also affected. Somehow the system is overriding our backups, which makes the latest ones unusable. Any advice what could cause that and how to resolve the issue. Thanks
Azure Web App Deployment Failed: 429 Throttling & Policy Errors (Student Subscription)
Hello, I am trying to complete a university lab requiring an Azure Web App (Python 3.9/3.10/3.11 / Linux) running on an App Service Plan to test autoscaling features. I am using an "Azure for Students" subscription. I am unable to deploy the resource regardless of the region I choose. Here is what I have tried: Region : France Central I get a Throttling error : "App Service Plan Create operation is throttled for subscription [My-Sub-ID]. Code: 429" Region : Switzerland North I get a Policy error : "Resource was disallowed by Azure Policy... The objective of this policy is to ensure that your subscription has full access to Azure services with optimal performance." Region : Canada Central / Switzerland North : I attempted to create a new Resource Group and App Service Plan in these regions, but I am still facing deployment failures or throttling issues. I simply need to deploy a Web App with a plan that supports Autoscale. Which region is currently open/unthrottled for Student Subscriptions to create an App Service Plan? Is there a specific workaround to bypass this 429 error for a lab environment? Thank you for your help.
Weird problem when comparing the answers from chat playground and answer from api
I'm running into a weird issue with Azure AI Foundry (gpt-4o-mini) and need help. I'm building a chatbot that classifies each user message into: follow-up to previous message repeat of an earlier message brand-new query The classification logic works perfectly in the Azure AI Foundry Chat Playground. But when I use the exact same prompt in Python via: AzureChatOpenAI() (LangChain) or the official Azure OpenAI code from "View Code" (client.chat.completions.create()) …I get totally different and often wrong results. I’ve already verified: same deployment name (gpt-4o-mini) same temperature / top_p / max_tokens same system and user messages even tried copy-pasting the full system prompt from the Playground But the API version still behaves very differently. It feels like Azure AI Foundry’s Chat Playground is using some kind of hidden system prompt, invisible scaffolding, or extra formatting that is NOT shown in the UI and NOT included in the “View Code” snippet. The Playground output is consistently more accurate than the raw API call. Question: Does the Chat Playground apply hidden instructions or pre-processing that we can’t see? And is there any way to: view those hidden prompts, or replicate Playground behavior exactly through the API or LangChain? If anyone has run into this or knows how to get identical behavior outside the Playground, I’d really appreciate the help.
Error on deployment on a CHE
I'm experiencing an error during the deployment of any package to a cloud-hosted environment. The error occurs specifically at step 11, 'Global Update script for service model: AOS Service,' and results in a failure to resume the deployment process. The issue happens on the DB sync, however if I tried to sync the DB from the visual studio it succeeded without any errors. And If I tried to restore another empty DB for example, the deployment will succeed. And if I tried to restore the DB on another CHE, the same issue happens. The issue is that we need this DB, because it is the Master configuration DB, so we cannot delete it. So my question is what is the best way to solve this issue and how can we know what is the issue with this DB? Thanks in advance.Seamless SSO According to MS Support
I am in the process of setting up a POC for AVD and followed all the instructions that I have found for enabling Seamless SSO for AVD. We are currently running in hybrid mode and I have created a server 2025 with latest patches. When I attempt to sign in via web or windows app, I signin to the web interface or the app and I am presented with the desktops. I launch a desktop and it prompts me for a user and pass (the user is pre-populated) My understanding is that this should not happen. It should seamlessly signin (This would cause issues with our users not using passwords) I contacted Microsoft support and they state that this is by design. They stated this is how it operates in their lab. Can someone clarify, if I sign into Windows app or the web, that my authentication should seamlessly sign me into the AVD server I have published? ThanksFrequent platform-initiated VM redeployments (v6) in North Europe – host OS / firmware issues
Hi everyone, We’ve been experiencing recurring platform-initiated redeployments on Azure VMs (v6 series) in the North Europe region and wanted to check if others are seeing something similar. Around two to three times per week, one of our virtual machines becomes unavailable and is automatically redeployed by the Azure platform. The Service Health notifications usually mention that the host OS became unresponsive and that there is a low-level issue between the host operating system and firmware. The VM is then started on a different host as part of the auto-recovery process. There is no corresponding public Azure Status incident for North Europe when this occurs. From the guest OS perspective, there are no warning signs beforehand such as high CPU or memory usage, kernel errors, or planned maintenance events. This behavior looks like a host or hardware stamp issue, but the frequency is concerning. Has anyone else running v6 virtual machines in North Europe observed similar unplanned redeployments? Has Microsoft shared any statements or acknowledgements regarding ongoing host or firmware stability issues for this region or SKU? If you worked with Azure Support on this, were you told this was cluster-specific or related to a particular hardware stamp? We are already engaging Azure Support, but I wanted to check whether this is an isolated case or something others are also encountering. Thanks in advance for any insights or shared experiences.Container Apps Environment Networking (Consumption)
AI workloads are no longer just about models, they’re about how those models connect. On Azure, many teams are running inference APIs, background processors, and event-driven AI components on Azure Container Apps Environments (CAE). CAE fits AI workloads well: it scales fast, scales to zero, and removes Kubernetes overhead. But once AI services need to securely reach private data sources, on-prem systems, vector databases, or external AI services, networking becomes the real design challenge. I’ve written a short, practical deep dive on how Consumption-based vs Workload-profile Container Environments behave from a networking perspective, what works, what doesn’t, and why it matters for modern AI platforms. 👉 Read the full article here: https://vakhsha.com/blog.html?post=blog-06Ubuntu as session host
Hi all, I understand there is no native solution for running an ubuntu vm as a session host. I didn't find any image in the marketplace for this. I found this https://github.com/microsoft/LinuxBrokerForAVDAccess that proposes a solution. Does anyone actually uses this or any other solutions? Thanks in advanceIssue with gMSA when installing Cloud Sync
We are trying to install Cloud Sync to make use of the group writeback. However, we get the same error message every time we try to complete the installation We already tried: created a new sync server from scratch test the service account with "test-ADServiceAccount" check the encryption settings of the GMSA (the account is being created in the AD) removed an old orphaned GC tried it with a custom GMSA (same error) gave the server access to the GMSA via set-ADServiceAccount Did anyone else ever had this problem or know how to fix it?Unable to delete Foundry Agent identity Entra app in Azure
I'm trying to delete an Entra app in Azure created by Foundry Agent identity blueprint as its currently unused and is causing EntraID hygiene alerts. However getting an error mentioning that delete is not supported. Is there any other way to delete an unused Entra app for an agent identity blueprint? Error detail: Agent Blueprints are not supported on the API version used in this request.Understanding Storage Account replication downtime
I have a Storage account that's used as a CDN to host a lot of generally small files which occupy about 2GB. This is a small but critical part of our application which is used heavily by our app but which has no redundancy (it currently only has LRS replication). It's hosted in UK South and while Storage Accounts are very reliable, I'm concerned that if there's ever a regional outage there's nothing I'd be able to do. The requirements therefore are: Convert it from LRS to GZRS i.e. actively replicating from UK South to UK West. No app changes required to detect when the primary goes down and to switch to the secondary-this needs to be transparent. No or low downtime when the change is made. We need to be able to write to the secondary after failover. As a software company anything that limits our ability to push code changes is not acceptable, so RA-GZRS is off the table. After doing a bit of reading, I found the following warning in the docs: If you choose to perform a manual migration, downtime is required but you have more control over the timing of the migration process. https://learn.microsoft.com/en-us/azure/storage/common/redundancy-migration?tabs=portal#downtime-requirements This is typically light on detail and leaves some critical questions unanswered: Is there any way of estimating how long the downtime will be so I can appropriately set expectations of management and customers when scheduling the maintenance window needed? It specifically mentions manual migrations i.e. making the change through the Azure Portal, would making the change through IAC e.g. Bicep or Terraform be any different? Any input from anyone who's made any similar changes will also be appreciated. Edit: I've just checked and found that UK West still doesn't have Availability Zone support, is my best option for reducing the risk of this single point of failure to set the replication to GRS? https://learn.microsoft.com/en-us/azure/reliability/regions-list#azure-regions-list-1Azure Virtual Desktop (Pooled) – Sessions ending unexpectedly and users stuck across session hosts
Hi, We are currently investigating an issue in an Azure Virtual Desktop (AVD) environment where users are intermittently disconnected during sign-in or are unable to reconnect to their sessions. Environment: Azure Virtual Desktop Host pool: Pooled OS: Windows 10 / Windows 11 Enterprise multi-session FSLogix enabled Client: Windows App (Remote Desktop) Error message seen by users: "Your Remote Desktop Services session has ended. The administrator has ended the session, an error occurred while the connection was being established, or a network problem occurred." What we are seeing: Users fail to connect or get disconnected shortly after login. Session hosts appear healthy and powered on. No admin-initiated logoff is taking place. Rebooting the affected session host sometimes resolves the issue, but only temporarily. Actions already taken: Restarted AVD agent services on the session hosts. Placed affected hosts in drain mode. Rebooted the VMs. What we suspect: Some users may still have active or disconnected sessions on previous session hosts, possibly combined with FSLogix profile locks, which could be preventing new sessions from starting correctly. Questions: What is the recommended way to identify which users are logged into which session hosts across a pooled host pool? Are there best practices using the Azure Portal or PowerShell to detect and clean up stuck or disconnected sessions? Has anyone seen similar behavior in pooled AVD environments with Windows 10/11 and FSLogix enabled? Any advice or pointers would be appreciated. Thanks.How to troubleshoot if a cookie is being sent to application gateway with each and every request
I have a rule on WAF policy associated with application gateway with a rule (set as topmost rule) to allow traffic if a particular cookie is sent with the request. But we are seeing some requests that are not hitting that rule and instead hitting different rule and thus getting blocked. My thinking is that the cookie is not being sent by the application in that request, although the developer says that it should be sent with each request. How can I log enough detail on application gateway to see if a cookie was really sent with the request that was blocked or not.
Events
in 2 days
Learn proven strategies to accelerate the time-to-value for your Microsoft cloud investments with Microsoft Marketplace. Microsoft Marketplace is your trusted source to find, try, and buy cloud and A...
Online
Recent Blogs
- 6 MIN READIntroduction In the rapidly evolving tech landscape, staying on top of key project updates is crucial. This article explores how to leverage GitHub's newly released Copilot SDK to build intelligent...Jan 26, 2026
- 5 MIN READThe transition from standalone Large Language Models (LLMs) to Agentic Orchestration marks the next frontier in AI development. We are moving away from simple "prompt-and-response" cycles toward...Jan 25, 2026
