Recent Discussions
The November Innovation Challenge Winning Teams!
We run the Innovation Challenge program because we believe the only way we can have the best AI platform for every person and every organization is by having a truly diverse and highly skilled community of developers building AI solutions on Azure. We run the Innovation Challenge program because we are geeks who love a good hackathon. We run the Innovation Challenge program because we get blown away by what our community can do. From our first Innovation Challenge hackathon in June of 2024 to our sixth that just finished in November of 2025, the growth curve is steep! Our judges work with the best development teams in the world, delivering cutting edge AI solutions. But even with our front row view of things, we are amazed by what can be done today when ad hoc teams come together, despite limited resources and tight deadlines. Participants were asked to choose one of these real world use cases. Auto-resolve Service Desk: Create a multi agent service desk experience that reduces wait times and backlog while earning trust through safe automation, transparency, and graceful escalation. Civic Chat: Build an intelligent civic engagement platform that enables communities to access local government information, participate in discussions, and receive personalized updates using Azure AI services. Customer Personalization Orchestrator: Build a team of agents that segments customers, retrieves product content, creates message variants, and executes A/B/n experiments, with safety checks for content and proof of uplift. This time around there were 76 projects from over 300 participants representing more than a dozen organizations in the program. The winners chosen by the judges came from Código Facilito, DIO, GenSpark, Project Blue Mountain, and Women in Cloud. First place $10,000 AgroHelpdesk: an intelligent service desk for agribusiness that uses a coordinated set of AI agents Second place $5,000 CivicUtopia: an intelligent and inclusive civic engagement platform designed to streamline how citizens interact with their local governments and political landscape. Multi-Agent Service Desk for Education: Large educational institutions struggle with repetitive service desk requests—password resets, course enrollment inquiries, transcript requests, and more. This solution intelligently resolves routine cases while escalating only the complex ones to human staff. Third place $2,500 ResolveIQ: an intelligent helpdesk solution that uses autonomous AI agents, advanced orchestration, and Azure cognitive services to revolutionize customer support and internal assistance. ChainReach AI: multi-agent system that automatically personalizes marketing campaigns at scale CivicChat (D.C.) : a multilingual, AI-powered civic engagement assistant designed to make government information accessible, trustworthy, and easy to understand Tune into Microsoft DevRadio over the next couple weeks to meet these teams!
Issue with AVD User Profile – FSLogix Not Recreating
Hi all, We have a user who has repeatedly reported that their settings and favorites are not loading in AVD. To troubleshoot, we deleted the user’s FSLogix profile from our storage account to allow it to recreate automatically. However, the profile is not being recreated. We are operating in a hybrid environment, and the user is part of a group assigned the Storage File Data SMB Share Elevated Contributor role. From the profile logs, we found the following error: FindFile failed for path: \\<redacted>.file.core.windows.net\userprofiles\<redacted>\Profile*.VHD (Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.) What are some likely causes and additional troubleshooting steps we should take?
Container on App Service keeps getting stopped and terminated
I've got a .Net app running in a Docker container that I'm trying to run on a Linux App Service but as per the (sanitised) log output below from the Platform log stream, it's getting terminated only 4 seconds after it started. Where can I get information on why this is happening? Starting container: a0e3af0a_myapp-dev-as. Starting watchers and probes. Starting metrics collection. Container is running. Container start method finished after 1990 ms. Container is terminating. Grace period: 0 seconds. Stop and delete container. Retry count = 0 Timestamps removed as the forum doesn't seem to like log output?Understanding Azure AD Tenants, Users, Groups, and Roles: A Practical Guide
As cloud adoption continues to shape modern IT infrastructures, Microsoft Azure Active Directory (Azure AD)—now part of Microsoft Entra ID—has become one of the most essential identity and access management (IAM) solutions for organizations. Whether you’re setting up a brand-new cloud environment or managing a hybrid workforce, understanding how Azure AD tenants, users, groups, and roles work is fundamental to keeping your environment secure, organized, and scalable. This guide breaks down each of these components in simple, practical terms, helping you gain the confidence to manage Azure identity services effectively. https://dellenny.com/understanding-azure-ad-tenants-users-groups-and-roles-a-practical-guide/How to Implement Azure AD Conditional Access Policies Step-by-Step
In today’s cloud-first world, identity is the new security perimeter. With employees logging in from different devices, locations, and networks, traditional access control is no longer enough. This is where Azure AD (now Microsoft Entra ID) Conditional Access comes in. It allows organizations to enforce automated decision-making about who can access what, under which conditions, and using which devices. If you’ve ever wondered how to configure Conditional Access the right way, without breaking user access or causing downtime, this guide walks you through the process https://dellenny.com/how-to-implement-azure-ad-conditional-access-policies-step-by-step/Managing Azure AD Identity Protection: Detecting and Mitigating Risky Sign-ins
In today’s digital landscape, securing user identities is more critical than ever. Organizations leveraging cloud services, especially Microsoft Azure, face an increasing number of identity-based threats, including account compromise, phishing attacks, and unauthorized access. Azure Active Directory (Azure AD) Identity Protection provides a robust set of tools to help IT teams detect, investigate, and mitigate risky sign-ins effectively. In this blog, we’ll explore how to manage Azure AD Identity Protection, detect risky sign-ins, and implement strategies to minimize security risks. https://dellenny.com/managing-azure-ad-identity-protection-detecting-and-mitigating-risky-sign-ins/Can anyone attest to the accuracy of an Azure Migrate Business Case?
Hello! I've only created a business case in a simple lab environment using 5 on-prem Hyper-V servers. (SmartHotelHost lab from Github) The business case export explains that I'll be saving over $100K annually once fully migrated into Azure after multiple years. (It's only 5 servers!) That said, I've been reluctant to suggest the Business Case tool and steer clients toward the Azure Migrate Assessment and Azure Pricing Calculator which have proven to be reliable tools. Anyone have any experience with the business case? Was it accurate? Thanks a bunch! Rich
Can I send MgGraph traffic over Service Endpoint from Azure VM?
I have a Azure VM which resides on a subnet that has UDR to send all traffic to 0.0.0.0/0 through our firewall which in turn sends the http and https traffic to our proxy. I am having problems executing graph queries on this VM. "connect-mggraph" succeeds because "Microsoft.AzureActiveDirectory" service endpoint is there on this subnet. But after that query to get a user or anything else throws "an error occurred" message. My thinking is that the traffic is not being sent over https/http and thus not being forwarded to our proxy from the firewall. Thus , I want to see if it is possible to send this traffic through a Azure Service Endpoint instead?Hyper-V Core - Setting up a VLAN
Hi All, Forgive me if I've put this post in an incorrect location. I'm not a large user of Microsoft forums. I have tried to find where to create a post under the servers section but I cannot find the create post button in that community. I'm happy for this post to be moved to the correct location. I have a server running Hyper-V core 2019 of which I remotely connect to from a Windows 10 Pro computer using Hyper-V manager. I have a number of VM and relevant snapshots on it. I have recently been asked by work to investigate setting up a VLAN on this server to group together 5 VMs on there own private network (hopefully using my existing VMs) with access to the internet. I have searched online on how to do this and in most cases the host Hyper-V server is a full blown OS not a base Hyper-V core. Can anyone guide me on the best source of information on how to setup this requirement? At this time I am imagining that most work has to be done on the command line screen of Hyper-V core via command line entries or PowerShell commands. If this is not possible can someone point me to reliable information on how i can upgrade my Hyper-V core to a full blown OS with a GUI ideally without losing my existing VMs? Thanks in advance. Regards, Barry
Spoke-Hub-Hub Traffic with VPN Gateway BGP and Firewall Issue
Hello, I’m facing a situation where I’m trying to have Azure Firewall Inspection on the VPN Gateway VNET-VNET Connectivity. It seems to work if I go from SpokeA-HubAFirewall-HubAVPN—HubBVPN-SpokeB but if I try to go from SpokeA-HubAFirewall-HubAVPN-HubBVM or Inbound Resolver it fails to route correctly according to Connectivity Troubleshooter it stops at HubAVPN with Local Error: RouteMissing but then reaches destination health so makes me believe it’s getting there but not following the route I want it to take which might be causing routing issues. What Am I missing here? This connectivity was working before introducing the Azure Firewall for Inspection with the UDR. Is what I’m trying to accomplish not possible? I’ve tried different types of UDR rules on the Gateway Subnet, and this is my most recent configuration. The reason I’m trying to accomplish this is because I’m seeing a similar error in our Hub-Spoke Hybrid environment and I’m trying to replicate the issue. Current Configuration 2x Hubs with Spoke networks attached so example Hub-Spoke-A Configuration: Hub-A Contains following subnets and Resources VPN Gateway - GateWaySubnet Azure Firewall - AzureFirewallSubnet Inbound Private Resolver - PrivateResolverSubnet Virtual Machine – VM Subnet Gateway Subnet has an attached UDR with the following routes Propagation - True Prefix Destination – Hub-B Next Hop Type – Virtual Appliance Next Hope IP – Hub-A Firewall Prefix Destination – Spoke-B Next Hop Type – Virtual Appliance Next Hope IP – Hub-A Firewall Hub-Spoke-B Configuration: Hub-B Contains following subnets and Resources VPN Gateway - GateWaySubnet Azure Firewall - AzureFirewallSubnet Inbound Private Resolver - PrivateResolverSubnet Virtual Machine – VM Subnet Gateway Subnet has an attached UDR with the following Routes Propagation - True Prefix Destination – Hub-A Next Hop Type – Virtual Appliance Next Hope IP – Hub-B Firewall Prefix Destination – Spoke-A Next Hop Type – Virtual Appliance Next Hope IP – Hub-B Firewall Spoke Subnets has an attached UDR with the following Routes Propagation - True Prefix Destination – 0.0.0.0/0 Next Hop Type – Virtual Appliance Next Hope IP – HubA/HubB Firewall (Depending on what hub its peered to) VPN Gateways HA VNET-VNET with BGP Enabled. I can see that it knows the routes and like I said this was working prior introducing the UDRs for force traffic through the azure firewall.
How College Students Can Claim Free Azure Credits and Start Building in the Cloud
Are you a college student eager to explore cloud computing, AI, app development, or data science—but worried about the cost? Microsoft Azure has your back. With the Azure for Students offer, you can get $100 in free Azure credits—no credit card required. Here’s a step-by-step guide to help you claim your credits and start building today. ✅ How to Get Started Step 1: Check Your Eligibility You must be: 18 years or older Enrolled full-time at a degree-granting college or university Able to verify with valid university email address Step 2: Create a Personal Microsoft Account Don't use your college-issued work account. Instead, sign in with a personal Microsoft account (e.g., your Gmail). 👉 CREATE ONE HERE: https://signup.live.com Step 3: Sign-Up for Azure for Students Go to 👉 https://azure.microsoft.com/en-in/free/students/ Click “Start free” and sign in with your personal Microsoft account. Step 4: Verify Student Status Enter your basic details, college email and follow the prompts. You may be asked to upload a student ID or verify via GitHub Education. Step 6: Receive Your Credits Once verified, you’ll get: $100 in Azure credits valid for 12 months Access to free services like App Services, Azure Functions, and AI tools Step 7: Renew Annually for Free Still a student next year? Just revisit the sign-up page, re-verify, and get another $100 in credits. Unused credits from the previous year won’t carry over. 🚀 What Can You Build? Web apps and APIs Machine learning models AI-powered chatbots Big data pipelines Kubernetes deployments The possibilities are endless—and it’s all free while you’re a student. Your student years are the perfect time to experiment, build, and learn—without worrying about cloud costs. Azure for Students gives you the tools and credits to turn ideas into impact. 👉 Claim your credits now: https://azure.microsoft.com/en-in/free/students/ and start building your future in tech!
Integrating Azure DevOps with Jira Service Management: Real-World Use Cases
If your development team works in Azure DevOps while support operates in Jira Service Management (JSM), you're probably dealing with manual ticket updates, information silos, and delayed responses. This friction slows down ticket resolution and creates unnecessary back-and-forth between teams. You can integrate both systems to automate data exchange and keep everyone on the same page. In this post, we'll explore why this integration matters, common use cases I've seen from teams using both platforms, and the key features you should consider when setting up your integration. Why Integrate Azure DevOps with Jira Service Management? When you integrate Azure DevOps with JSM, ticket escalation becomes automatic. A critical bug reported in JSM creates a work item in Azure DevOps with complete context—error logs, customer details, priority level, and all relevant information. Status updates sync bidirectionally. Your support team sees development progress without switching tools. Developers get full customer context without leaving Azure DevOps. The real benefits: Eliminate copy-paste errors Real-time visibility into work status Faster incident resolution Clear audit trails for SLAs and post-mortems Each team stays productive in their preferred environment Without integration, support agents need to check Azure DevOps regularly for updates to relay to customers. This creates delays, introduces errors, and wastes time on both sides. Common Use Cases for Azure DevOps + JSM Integration I have worked with hundreds of teams integrating these platforms. Here are the most common scenarios: 1. Incident and Bug Escalation This is probably the most common use case. Critical bugs reported in JSM automatically create high-priority work items in Azure DevOps with error logs, affected user details, and complete customer context. As developers update the work item, adding comments, changing status, or resolving the bug, those changes flow back to JSM automatically. Support agents can keep customers informed without constantly asking the dev team for updates. Use Case: Current Setup: Support uses JSM for customer tickets. Development uses Azure DevOps for bug tracking. Problem: Manually updating both systems is time-consuming and error-prone. Solution: Two-way sync ensures bugs and updates flow automatically between both systems. 2. Feature Request Management When customers submit feature requests through JSM and they get approved, they automatically flow to Azure DevOps as backlog items with inline images, custom fields, attachments, and more. When development completes the feature, the original JSM request closes automatically and notifies the customer. Use Case: Current Setup: Product managers collect feature requests in JSM. Developers track work in Azure DevOps. Problem: Manually creating work items for approved requests takes time, and context gets lost. Solution: Approved JSM requests automatically create Azure DevOps work items with full context. 3. Multi-Platform Sync for MSPs A central JSM instance can route tickets to different Azure DevOps projects based on work item type. This works especially well for MSPs managing multiple clients. You can connect your JSM instance with multiple client Azure DevOps environments while keeping data completely isolated per client. Use Case: Current Setup: An MSP uses one JSM instance. Multiple clients use separate Azure DevOps environments. Problem: Routing tickets manually to the right client's Azure DevOps is inefficient. Solution: Conditional routing based on customer tags or custom fields automatically sends tickets to the correct Azure DevOps project. 4. Post-Merger System Integration When two companies merge, one might use JSM for service management while the other uses Azure DevOps for development and QA. Rather than forcing everyone onto a single platform immediately, you can connect both systems to let teams continue using their existing tools during the transition. Use Case: Current Setup: Merged company with different tool stacks. Problem: Forcing immediate migration disrupts workflows. Solution: Integration bridges the gap while you plan a longer-term consolidation strategy. Key Features to Consider When Choosing Your Integration Approach Bidirectional vs. Unidirectional Sync Bidirectional sync is essential when both teams need to update shared information like status, priority, and comments. Updates flow both ways automatically without sync conflicts. For some use cases, you might only need one-way sync. For example, JSM → Azure DevOps for escalations where only support creates tickets, but developers provide all updates. Selective Filtering You don't want to sync everything. Look for solutions that let you sync only tickets meeting specific criteria: priority levels, labels, custom fields, or status values. Example filters: Only sync JSM tickets with "escalate-to-dev" label Only sync Azure DevOps bugs tagged "customer-reported" Only sync high and highest priority items This keeps Azure DevOps boards focused on actionable work rather than cluttered with routine requests. Field Mapping Flexibility JSM and Azure DevOps use different field structures. Your integration needs to handle transformations between JSM's field structure and Azure DevOps work item fields without losing data. Common mappings: JSM Status → Azure DevOps State JSM Priority → Azure DevOps Priority Custom fields require explicit mapping rules Scalability The solution should handle your current ticket volume and grow with your organization. Look for reliable performance, error handling, retry mechanisms, and the ability to add more integrations as your needs expand. Security and Compliance Essential security features: Encryption in transit and at rest OAuth or Basic authentication ISO certification Role-based access controls For MSPs: Complete data isolation between client environments Audit logging for compliance requirements Conflict Resolution You need clear rules for what happens when both sides update the same field simultaneously. Common approaches include last-write-wins logic or timestamp-based priority. Technical Implementation Approaches Webhooks + REST APIs Azure DevOps Service Hooks, combined with JSM REST API, provide real-time bidirectional sync. This is the recommended approach for most teams. The flow works like this: Change happens in Azure DevOps Service Hook triggers webhook Integration middleware receives a webhook Middleware calls the JSM REST API to update the ticket The same flow works in reverse for JSM → Azure DevOps updates. Custom Middleware For complex requirements, custom middleware gives you maximum flexibility: Custom field transformation logic Complex routing rules Conditional synchronization Workflow orchestration Error handling and retry logic Common technology stacks include Azure Functions, Logic Apps, or custom Node.js/Python microservices. Third-Party Integration Platforms Many teams opt for dedicated integration platforms rather than building from scratch. These platforms offer pre-built connectors for both JSM and Azure DevOps, significantly reducing implementation time. What third-party platforms typically provide: Pre-configured connectors that understand both JSM and Azure DevOps data structures out of the box Visual or scripting interfaces for setting up field mappings, filters, and sync rules with or without writing code Managed infrastructure so you don't need to host and maintain your own integration servers Built-in error handling and retry logic that handles API failures automatically Audit logging and monitoring dashboards for tracking sync activity and troubleshooting issues Support for complex scenarios like multi-project routing, conditional logic, and custom field transformations Regular updates to keep pace with API changes in both platforms When to consider third-party platforms: You need to get integration running quickly without significant development effort Your team lacks in-house expertise in API integration You want managed infrastructure rather than maintaining your own servers You need support and documentation for troubleshooting You plan to integrate multiple tools beyond just JSM and Azure DevOps You require complex field mappings and conditional routing that would be time-consuming to build Trade-offs to consider: Recurring subscription costs vs. one-time development investment Less control over the exact implementation compared to custom solutions Dependency on the platform's feature set and release cycle Data flows through a third-party service (though reputable platforms offer strong security and compliance) Most platforms available in the Azure DevOps marketplace or Atlassian marketplace offer free trials, allowing you to test their capabilities before committing. Choose the right approach considering the above trade-offs and advantages I have discussed. Good luck! Let's discuss if you have anything specific in mind related to this post.Azure Support Plans Compared Choosing the Right One for Your Organization
Microsoft Azure is one of the leading cloud platforms in the world, supporting businesses of all sizes with scalable services, advanced security, and global availability. But as organizations grow in their cloud usage, the importance of reliable support becomes impossible to ignore. Whether your team is just beginning with Azure or already running business-critical workloads, having the right support plan can make the difference between smooth operations and costly downtime. Azure offers multiple support plans with varying levels of responsiveness, guidance, and pricing. Understanding what each plan includes—and who it’s best suited for—can help your organization make an informed decision. In this guide, we’ll compare all Azure Support Plans so you can choose the one that aligns with your business needs, budget, and technical priorities. https://dellenny.com/azure-support-plans-compared-choosing-the-right-one-for-your-organization/Optimizing Costs in Azure Practical Tips for Beginners
When people first move to Microsoft Azure, the first reaction is often excitement—unlimited computing power, easy scaling, and a huge list of services to explore. But after a month of usage, that excitement sometimes turns into shock when the bill arrives. Azure is powerful, but it can get expensive if you’re not paying attention. The good news? Controlling your cloud costs isn’t difficult once you understand what drives your bill and how Azure helps you monitor and optimize usage. This guide is written for beginners who may not have much experience with cloud pricing models. We’ll walk through practical, real-world tips that help you keep spending in line without sacrificing performance. https://dellenny.com/optimizing-costs-in-azure-practical-tips-for-beginners/Exploring Azure Portal, CLI, and PowerShell — Which One Should You Use?
When working with Microsoft Azure, one of the great advantages is the flexibility it offers for managing cloud resources. Whether you prefer clicking through a visual interface, typing commands into a terminal, or automating scripts, Azure has a tool that fits your style. The three most common ways to interact with Azure are: https://dellenny.com/exploring-azure-portal-cli-and-powershell-which-one-should-you-use/
Can I connect a DELL Wyse 3040 Thin Client to an Azure Virtual Desktop WITHOUT WMS?
The organisation I work for has moved away from WYSE 3040s with an on-premise RDS farm. We now use laptops, docks and Microsoft 365/SharePoint the whole thing. Intune management too. This is working fine but I have had "an idea". I now have a box of some 30 old thin clients. WYSE 3040 Thin OS 9.1.4234 Can I use a WYSE 3040 to connect straight to an Azure Virtual Desktop? Reason: We have some volunteer staff who come in to the office for just 2-3 hours one day a week. They do basic processing of physical paper forms, updating spreadsheets, entering invoice details etc etc, boring but essential tasks. They dont need anything fancy. BUT ... We (a charity) cant afford to buy them a laptop for 2-3 hours a week. So I have set up an AVD successfully, hoorah for me. I can access the AVD no problem using the Windows App on a Windows laptop or on a Mac device. Can I point a WYSE device straight at the AVD WITHOUT using Wyse Management Suite? The old WMS is on the local server which will be decommissioned. I dont want to use that. When I do a factory reset on a WYSE and go to configure Windows Virtual Desktop it does not seem to do anything. It does prompt me for MFA and does show our tenant welcome page background image so it is doing "something" Has anyone done this successfully?
What would be the expected behavior for an NSP?
I'm using a network security perimeter in Azure. In the perimeter there are two resources assigned: A storage Account and An Azure SQL Databse. I'm using the BULK INSERT dbo.YourTable FROM 'sample_data.csv' getting data from the storage account. The NSP is enforced for both resources, so the public connectivity is denied for resources outside the perimeter I have experienced this behavior: the azure SQL CANNOT access the storage account when I run the command. I resolved using: I need to add an outbound rule in the NSP to reach the storage fqdn I need to add an inbound rule in the NSP to allow the public IP of the SQL Azure When I do 1 and 2, azure SQL is able to pump data from the storage. IMHO this is not the expected behavior for two resources in the NSP. I expect that, as they are in the same NSP, they can communicate to each other. I have experienced a different behavior when using keyvault in the same NSP. I'm using the keyvault to get the keys for encryption for the same storage. For the key vault, i didn't have to create any rule to make it able to communicate to the storage, as they are in the same NSP. I know, Azure SQL is in preview for the NSP and the keyvault in GA, but I want to ask if the experienced behavior (the SQL CANNOT connect to the storage even if in the same NSP) is due to a unstable or unimplemented feature, or I'm missing something? What is the expected behavior? Thank you community!!RemoteApps opened in RDWeb requiring users to hit "Show Details"
When users connect to any of our remoteapps via RDWeb, they end up stuck at this "Configuring remote connection" prompt for about a full minute, unless they click "Show Details", which brings them instantly to the login screen. I surmise this may have to do with one of the following two things: 1. We have a legal disclaimer that must be dismissed with the "OK" button before proceeding with logon. 2. We use Cisco's DUO MFA. I am working on creating a test server we can publish a remoteapp from that does not meet either of these criteria and will report back. In the meantime, I have captured some logs from RDWeb that I can provide to any interested staff/developers. We are using the latest version of RDWeb at this time, 2.1.65.0.Manage/restore metadata when blob is updated
I'm using an Azure Storage container of block blobs as a data source for an Azure AI Search Index, and I'm using Blob metadata key value pairs for some custom data. But metadata gets wiped when a blob is updated. How are folks managing that? For reference, I've got a CosmosDB set up also for now with a cross-reference I can restore from, but it's manual. I considered using Cosmos as my data source instead, but I also need a place to store/serve media files from related to these records.
Events
Organizations exploring AI apps and agents face a critical choice: build, buy, or blend. There’s no one-size-fits-all—each approach offers unique benefits and trade-offs. Tune in for insights into th...
Online
Recent Blogs
- Our Python + MCP series is a three-part, hands-on journey into one of the most important emerging technologies of 2025: MCP (Model Context Protocol) — an open standard for extending AI agents and cha...Dec 05, 2025
- SRE teams strive for proactive operations, catching issues before they impact customers and reducing the chaos of incident response. While perfection may be elusive, the real goal is minimizing outag...Dec 05, 2025
