Recent Discussions
Unable to delete tenant
I want to delete a single tenant I've created some time ago using my personal MS account (@outlook.com). The goal is to start fresh. In the Manage tenants page I see this 'All initial checks passed. Click 'Delete' to Delete tenant 'Default Directory'', meaning all the checks are passed. However, when I try to delete 'Default Directory' I am getting below error: 'Unable to delete tenant Default Directory. Known issues exist where some enterprise applications are not capable to delete within the portal. Click the notification title for more information and manual troubleshooting steps.' But I don't have any enterprise applications left in my tenant. Is it even possible to delete only tenant?
Windows App - RDP channel crashes when printing on a redirected canon printer
Hey team, I would like to know, if anyone else struggles with the following scenario: A canon printer is installed on a local client. The user is working in the AVD environment. The printers are redirected into the AVD-Session via "printer redirect". Since the users are migrating to the new "Windows App", the AVD session breaks as soon as the user is printing on a redirected Canon-Printer. When printing on another printer, there is no issue. Also: With the "Microsoft-Remotedesktop" Application, everything works as it should. A Microsoft ticket is already raised. I would like to know if there are other environments, which are encountering the same issue.
Azure Files Manage Access is missing
Good day, We have fully and correctly configured an Azure File Share and the associated permissions. All required Azure RBAC roles as well as the necessary data plane permissions are assigned. However, we are observing inconsistent behavior in the Azure Portal regarding the “Manage access” buttons: At times, the “Manage access” buttons are visible: - In the top menu bar of the file share - In the context menu (three‑dot menu) of individual directories At other times, these buttons are not displayed at all, even though: - The same user with the same permissions is used - The same storage account and the same file share are accessed The behavior is sporadic and not reproducible in a controlled manner. Already verified: Required Azure RBAC roles are assigned Required permissions for Azure Files are correctly configured Permissions are effective and functional No error messages are shown in the Azure Portal when the buttons are missing A screenshot showing the state when the functionality was working is here. We would appreciate your support in investigating this issue.Agentic AI in IT: Self-Healing Systems and Smart Incident Response (Microsoft Ecosystem Perspective)
Modern IT infrastructures are evolving rapidly. Organizations now run workloads across hybrid cloud environments, microservices architectures, Kubernetes clusters, and distributed applications. Managing this complexity with traditional monitoring tools is becoming increasingly difficult. https://dellenny.com/agentic-ai-in-it-self-healing-systems-and-smart-incident-response-microsoft-ecosystem-perspective/
finops toolkit - missing clusterUri
I installed finops toolkit but I did not get any value in the clusterURI from my hub. Any thoughts on how to fix it? thanks instructions: Copy the Data Explorer cluster URI: Select the resource group where your FinOps hub instance was deployed. Select Settings > Deployments > hub > Outputs. Copy the clusterUri output value.Azure Build Issues >> Publish Through VS 2022 Community Edition is causing 404 Errors at Many Action
Hi everyone, Problem: My .NET Core App, hosted on Azure App Services, is encountering 404 Exceptions for various UI actions. App Overview: It's an ASP.NET Core App hosted on Azure (PaaS/Azure App Services). Publishing Details: We're using VS 2022 Community Edition and performing a manual publish. Local Testing: Everything works smoothly during local testing. Temporary Fix: The problem is sometimes resolved by publishing again or restarting the App Services. Seeking Help: Any insights into what might be causing this issue? Could there be any missing configurations either in Azure or Microsoft? Thanks! Ashish Tripathi
Convert Azure Files Storage account to AES256
Hi, Mild panic attack, so storage accounts used for Azure files were oriignally set up without AES256, looks like the hybrid join script now defaults to AES256. Which is great. So following this guide: Use Azure Active Directory Domain Services (Azure AD DS) to authorize user access to Azure Files over SMB | Microsoft Learn Looks like the original storage accounts were set up with RC4, we need to convert our existing storage accounts from RC4 to AES256. As a test, I created a new storage account on RC4, ran the PowerShell command to convert to AES256. Looks like it worked fine. Did this on the production AVD storage account. Lost access to the share, my heart sank. I can see KerberosEncryptionType was originally empty: Get-AdComputer avdprofilestorage -KerberosEncryptionType ran the command Set-AdComputer avdprofilestorage -KerberosEncryptionType AES256 few moments later, lost access. To revert there was no way to set a null command so ran: Set-AdComputer avdprofilestorage -KerberosEncryptionType RC4 then everything came back. Maximum compatibility is set on the storage account. Just wondering if there is anything else I have missed? Worst case scenario is being locked out of the share. ThanksLog Analytics query the logs that are not in IP range
Hi All, I'm struggling with writing a query that will find sign-ins in logs that are not in IP ranges. So we have Log Analytics Workplace which is collecting sign-in logs. And we want to trigger an alert when an account is signed in from an IP that is not in one of our IP ranges. We have a lot of known network rages and we have to use an external repository like github with a txt file of those rages. I've tried to use the function "ipv4_is_match()", but from my understanding, it's looking just like to like, but not looking foreach. That being said I've tried something like this, but it doesn't work. Does anyone experienced here can help with writing such a query, or even answer if it's possible? let ipList = externaldata (IPAddress:string) [ @"https://raw.githubusercontent.com/NameOfRepository/IPv4Range.txt" ]; SigninLogs | where UserPrincipalName contains "email address removed for privacy reasons" | where IsInteractive == true | where not (ipv4_is_match(IPAddress , ipList)How do I use Azure Data Studio with schemas?
I had thought that a database schema was the name of the structure on which tables are interconnected by primary keys and foreign keys. But in the tool, Azure Data Studio, the user is asked to select from a pre-defined set of schemas when creating a table. What is more is that when setting up or createing a database through Azure, we are given the opportuniityh to use a sample database and this is where "SalesLT" comes from and so there must be some place where we can define a schema with Azure Data Studio. Where would that be? It was generated when deciding to use a demo sample database. So there must be some way, using SQL code or otherwise, to generate a schema.How do I send Azure APIM product subscription approval to different email adresses
I am trying to identify if we have a Azure APIM instance shared between different teams then how can I send approval emails to different email addresses for different APIs/Products. I need to send approval emails for each product to the respective team's approver. How can this be achieved because by default APIM instance will send the approval to the APIM administrator's email address.
DFS referral taget on Azure VM
Hello guys, I've a problem on DFS. I've two entries as a target folder on DFS namespace, I set the second target as "Last among all targets" so users should never be referred to this target unless all other targets are unavailable. I don't understand why randomly on this shared folder I find some files duplicated ending with the name of the both target server, so it means that second target server was used due to the first one was not available (I think) But I am not sure of this, so there are logs to find out what's happaned to the first target? and why these files was been created? thanks for your support. Andrew
RD Client fails to connect if Screen Capture Protection enabled
Hi there, I have tested this by disabling the reg key (fEnableScreenCaptureProtect) that the policy applies, and I can then connect via my Android app. Is this something that will be addressed as my organization enables Screen Capture Protection but it prevents me from using my Android phone.H.264/AVC 444 mode on non-GPU enabled series in Azure Virtual Desktop
Hi, does enabling H.264/AVC 444 mode on non-GPU enabled (N series) VMs makes any sense in an Azure Virtual Desktop environment? Will it leverage the internal video card for encoding or it needs a dedicated GPU like in "N" series? Thanks a lot. AndreaEnable version-level immutability support
Hi, I have downnloaded azure sdk from https://github.com/Azure/azure-sdk-for-cpp. I need to set "Enable version-level immutability support" while creating container. But I cloud not find a way to set this option in c++ sdk. Could you help on this which API in c++ sdk to set the Version-level immutability? When I tried with azure cli, it says --enable-vlw is under review. az storage container-rm create --name sptestVersion --storage-account srinivasaraopcloud --resource-group 'QoreStor-Devs' --enable-vlw Argument '--enable-vlw' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatusBacking up Azure Files - High cost Read operations
I have found that Azure Files is unusable for large deployments due to the high cost of backups, especially for deployments with lots of small files. Most backup solutions have a changed block tracking mechanism and filter driver that can quickly determine what has changed between the prior backup. If nothing has changed since the last backup, the job quickly makes this determination and the backup job can take seconds to complete. But with Azure Backup backing up Azure Files, it appears to me that each backup has to enumerate every file and blob before making this determination. I first noticed this when I created a 1TB file share and nothing changed with the files from the prior backup and the job took 12 hours to complete. I then looked at my bill and it was $12 in read operations just for that backup where no files have changed. Azure Files is an awesome product, but securing your backups in a vault using Azure Backup just isn't doable from a price perspective. Does anyone know if there are changes on the horizon to Azure Backup in terms of a more robust change block tracking system?WindowsAppRuntime 1.4 Failures in AVD Multi-Session – Event ID 404 Production Case
We recently experienced a production issue in an Azure Virtual Desktop multi-session environment that initially looked random — but turned out to be a shared framework instability amplified by scale. Environment: AVD multi-session host pools FSLogix profile containers MSIX App Attach Intune-managed Clean golden image Everything looked healthy. Yet packaged applications started failing across multiple host pools. Symptoms observed Users reported: Error 0x80070005 AppXDeploymentServer Event ID 404 WindowsAppRuntime 1.4 marked as NeedsRemediation Failures persisted after: Reboots Host redeployments Image rebuild This was not: A profile corruption issue An App Attach packaging issue An Intune deployment failure What actually broke Under session churn conditions (logoff / new session / runtime re-validation), WindowsAppRuntime 1.4 entered a NeedsRemediation state. Event Viewer showed: AppXDeploymentServer Event ID 404 HRESULT 0x80070005 Runtime file creation failure under WindowsApps Multi-session did not cause the issue. It amplified it. Shared framework registration timing under concurrent sessions made a rare condition systemic. Why multi-session exposed it In single-session environments, runtime inconsistencies remain isolated. In multi-session: Shared framework dependencies are reused Concurrent validation occurs Host pools recycle under load Registration timing becomes critical What would be a rare edge case became recurring instability. Remediation approach Instead of periodic polling, we moved to event-driven self-healing. Detection trigger: AppXDeploymentServer Event ID 404 Remediation logic: Restart AppXSVC Re-provision WindowsAppRuntime 1.4 Prevent concurrent duplicate execution Log execution We implemented a Scheduled Task: Monitoring Operational log Triggering immediately on Event ID 404 Running under SYSTEM Deployed via Intune Win32 package Detection logic validating task presence This converted reactive troubleshooting into automated correction across host pools. Architectural takeaway Multi-session environments amplify shared dependency weaknesses. WindowsAppRuntime is not “just another component” — it is a platform dependency. If the runtime layer drifts, everything layered above it collapses: MSIX App Attach Packaged apps Registration consistency Self-healing must be part of AVD design. For the structured technical case study (including deployment pattern and remediation logic), full write-up here: https://modernendpoint.tech/avd-multi-session-failure-analysis/ Has anyone else observed WindowsAppRuntime 1.4 entering a NeedsRemediation state under multi-session load? Curious if others saw correlation with specific Windows updates. — Menahem Suissa Modern Endpoint ArchitectUnable to logon using Dell WYSE terminals
Hi all, I'm having an issue logging into AVD from Dell WYSE terminals. I have created a dynamic host group and added a service principal for them per guidance from Microsoft, and that has fixed an issue where the permission granting pop up was not displaying. After that, logon works fine with the web client but it will not complete sign-on with the Dell WYSE client. I have found the following errors in Azure AD but at a loss how to resolve as I have already added a service principal to the dynamic groups for hosts and unable to add a service principal for Windows Virtual Desktop AME.macOS: SSO no longer fully functional on AVD (Win11 25H2)
Hello everyone, Since updating our Test Azure Virtual Desktop Session Hosts from Windows 11 23h2 to 25H2 (26200.7462) , we've been experiencing an SSO issue that exclusively affects macOS clients. Symptoms For macOS users (Windows App), the following issues occur: Example Teams Teams shows the user as "Unknown User" Chat and collaboration features fail to load Error message: "You need to sign in again. This may be a requirement from your IT department or Teams, or the result of a password update. - Sign in" After clicking "Sign in," only a window appears with "Continue with sign-in" (no PW/MFA prompt) After this, all other applications work without further authentication Technical Details macOS Device: AppleM4 Pro macOS Tahoe 26.2 Installed WindowsApp version: 11.3.2 (2848) dsregcmd /status: No errors detected PRT is active and was updated for sign-in Entra Sign-In Logs: Error code: 9002341 EventLog on Session Host (AAD-Operational): Event ID: 1098 Error: 0xCAA2000C The request requires user interaction. Code: interaction_required Description: AADSTS9002341: User is required to permit SSO. Event ID: 1097 Error: 0xCAA90056 Renew token by the primary refresh token failed. Logged at RefreshTokenRequest.cpp, line: 148, method: RefreshTokenRequest::AcquireToken. Observations Affects: Both managed (internal) and unmanaged (external) macOS devices Does NOT affect: Windows clients connecting via Windows App Interesting: If a macOS user starts the session (with the error) and then reconnects on a Windows device, authentication works automatically there Workaround The issue can be resolved for macOS clients by removing the "DE" flag from "Automatic app sign-in" in the following file: C:\Windows\System32\IntegratedServicesRegionPolicySet.json Questions Is this a known issue? Has anyone experienced similar issues with macOS clients after the 25H2 update? Why does this issue only occur with macOS clients? Why does SSO only work after removing the "DE" flag for macOS devices, and why are Windows devices not affected? I would appreciate any insights or confirmation of this issue! Thank you and greetings FT_1Help! - How is VNet traffic reaching vWAN/on‑prem when the VNet isn’t connected to the vWAN hub
Hello, I needed some clarity on how the following is working: Attached is a network diagram of our current setup. The function apps (in VNet-1) initiate a connection(s) to a specific IP:Port or FQDN:Port in the on-premises network(s). A Private DNS zone ensures that any FQDN is resolved to the correct internal IP address of the on-prem endpoint. In our setup, both the function app and the external firewall reside in the same VNet. This firewall is described as “Unattached” because it is not the built-in firewall of a secured vWAN hub, but rather an independent Azure Firewall deployed in that VNet. The VNet has a user-defined default route (0.0.0.0/0) directing all outbound traffic to the firewall’s IP. The firewall then filters the traffic, allowing only traffic destined to whitelisted on-premises IP: Port or FQDN: Port combinations (using IP Groups), and blocking everything else. The critical question and the part that I am unable to figure out is: Once the firewall permits a packet, how does Azure know to route it to the vWAN hub and on to the site-to-site VPN? Because VNet-1 truly has no connection at all to the vWAN hub (no direct attachment, no peering, no VPN from the NVA). But the traffic is still reaching the on-prem sites. Unable to figure out how this is happening. Am I missing something obvious? Any help on this would be appreciated. Thank you!
Events
Build, buy, or blend? Gain the insights you need as a manufacturer to scale AI apps and agents across the factory floor using Microsoft Marketplace. We’ll go beyond AI theory and focus on practical m...
Online
Tune in for updates, insights, and live Q&A to help you buy from the Microsoft Marketplace. Follow this page for updates on the topics that will be covered during this month's session. Note: Offic...
Online
Recent Blogs
- As Azure continues to evolve to support modern workload patterns, we are refining how transactions are measured for Standard HDD managed disks. This update helps align billing more closely with actua...Mar 10, 2026
- 11 MIN READAzure SRE Agent handles tens of thousands of incident investigations each week for internal Microsoft services and external teams running it for their own systems. Last month, one of those incidents ...Mar 10, 2026
