Recent Discussions
Weird problem when comparing the answers from chat playground and answer from api
I'm running into a weird issue with Azure AI Foundry (gpt-4o-mini) and need help. I'm building a chatbot that classifies each user message into: follow-up to previous message repeat of an earlier message brand-new query The classification logic works perfectly in the Azure AI Foundry Chat Playground. But when I use the exact same prompt in Python via: AzureChatOpenAI() (LangChain) or the official Azure OpenAI code from "View Code" (client.chat.completions.create()) …I get totally different and often wrong results. I’ve already verified: same deployment name (gpt-4o-mini) same temperature / top_p / max_tokens same system and user messages even tried copy-pasting the full system prompt from the Playground But the API version still behaves very differently. It feels like Azure AI Foundry’s Chat Playground is using some kind of hidden system prompt, invisible scaffolding, or extra formatting that is NOT shown in the UI and NOT included in the “View Code” snippet. The Playground output is consistently more accurate than the raw API call. Question: Does the Chat Playground apply hidden instructions or pre-processing that we can’t see? And is there any way to: view those hidden prompts, or replicate Playground behavior exactly through the API or LangChain? If anyone has run into this or knows how to get identical behavior outside the Playground, I’d really appreciate the help.
Error on deployment on a CHE
I'm experiencing an error during the deployment of any package to a cloud-hosted environment. The error occurs specifically at step 11, 'Global Update script for service model: AOS Service,' and results in a failure to resume the deployment process. The issue happens on the DB sync, however if I tried to sync the DB from the visual studio it succeeded without any errors. And If I tried to restore another empty DB for example, the deployment will succeed. And if I tried to restore the DB on another CHE, the same issue happens. The issue is that we need this DB, because it is the Master configuration DB, so we cannot delete it. So my question is what is the best way to solve this issue and how can we know what is the issue with this DB? Thanks in advance.
Seamless SSO According to MS Support
I am in the process of setting up a POC for AVD and followed all the instructions that I have found for enabling Seamless SSO for AVD. We are currently running in hybrid mode and I have created a server 2025 with latest patches. When I attempt to sign in via web or windows app, I signin to the web interface or the app and I am presented with the desktops. I launch a desktop and it prompts me for a user and pass (the user is pre-populated) My understanding is that this should not happen. It should seamlessly signin (This would cause issues with our users not using passwords) I contacted Microsoft support and they state that this is by design. They stated this is how it operates in their lab. Can someone clarify, if I sign into Windows app or the web, that my authentication should seamlessly sign me into the AVD server I have published? Thanks
Frequent platform-initiated VM redeployments (v6) in North Europe – host OS / firmware issues
Hi everyone, We’ve been experiencing recurring platform-initiated redeployments on Azure VMs (v6 series) in the North Europe region and wanted to check if others are seeing something similar. Around two to three times per week, one of our virtual machines becomes unavailable and is automatically redeployed by the Azure platform. The Service Health notifications usually mention that the host OS became unresponsive and that there is a low-level issue between the host operating system and firmware. The VM is then started on a different host as part of the auto-recovery process. There is no corresponding public Azure Status incident for North Europe when this occurs. From the guest OS perspective, there are no warning signs beforehand such as high CPU or memory usage, kernel errors, or planned maintenance events. This behavior looks like a host or hardware stamp issue, but the frequency is concerning. Has anyone else running v6 virtual machines in North Europe observed similar unplanned redeployments? Has Microsoft shared any statements or acknowledgements regarding ongoing host or firmware stability issues for this region or SKU? If you worked with Azure Support on this, were you told this was cluster-specific or related to a particular hardware stamp? We are already engaging Azure Support, but I wanted to check whether this is an isolated case or something others are also encountering. Thanks in advance for any insights or shared experiences.
Container Apps Environment Networking (Consumption)
AI workloads are no longer just about models, they’re about how those models connect. On Azure, many teams are running inference APIs, background processors, and event-driven AI components on Azure Container Apps Environments (CAE). CAE fits AI workloads well: it scales fast, scales to zero, and removes Kubernetes overhead. But once AI services need to securely reach private data sources, on-prem systems, vector databases, or external AI services, networking becomes the real design challenge. I’ve written a short, practical deep dive on how Consumption-based vs Workload-profile Container Environments behave from a networking perspective, what works, what doesn’t, and why it matters for modern AI platforms. 👉 Read the full article here: https://vakhsha.com/blog.html?post=blog-06Ubuntu as session host
Hi all, I understand there is no native solution for running an ubuntu vm as a session host. I didn't find any image in the marketplace for this. I found this https://github.com/microsoft/LinuxBrokerForAVDAccess that proposes a solution. Does anyone actually uses this or any other solutions? Thanks in advanceIssue with gMSA when installing Cloud Sync
We are trying to install Cloud Sync to make use of the group writeback. However, we get the same error message every time we try to complete the installation We already tried: created a new sync server from scratch test the service account with "test-ADServiceAccount" check the encryption settings of the GMSA (the account is being created in the AD) removed an old orphaned GC tried it with a custom GMSA (same error) gave the server access to the GMSA via set-ADServiceAccount Did anyone else ever had this problem or know how to fix it?Unable to delete Foundry Agent identity Entra app in Azure
I'm trying to delete an Entra app in Azure created by Foundry Agent identity blueprint as its currently unused and is causing EntraID hygiene alerts. However getting an error mentioning that delete is not supported. Is there any other way to delete an unused Entra app for an agent identity blueprint? Error detail: Agent Blueprints are not supported on the API version used in this request.Understanding Storage Account replication downtime
I have a Storage account that's used as a CDN to host a lot of generally small files which occupy about 2GB. This is a small but critical part of our application which is used heavily by our app but which has no redundancy (it currently only has LRS replication). It's hosted in UK South and while Storage Accounts are very reliable, I'm concerned that if there's ever a regional outage there's nothing I'd be able to do. The requirements therefore are: Convert it from LRS to GZRS i.e. actively replicating from UK South to UK West. No app changes required to detect when the primary goes down and to switch to the secondary-this needs to be transparent. No or low downtime when the change is made. We need to be able to write to the secondary after failover. As a software company anything that limits our ability to push code changes is not acceptable, so RA-GZRS is off the table. After doing a bit of reading, I found the following warning in the docs: If you choose to perform a manual migration, downtime is required but you have more control over the timing of the migration process. https://learn.microsoft.com/en-us/azure/storage/common/redundancy-migration?tabs=portal#downtime-requirements This is typically light on detail and leaves some critical questions unanswered: Is there any way of estimating how long the downtime will be so I can appropriately set expectations of management and customers when scheduling the maintenance window needed? It specifically mentions manual migrations i.e. making the change through the Azure Portal, would making the change through IAC e.g. Bicep or Terraform be any different? Any input from anyone who's made any similar changes will also be appreciated. Edit: I've just checked and found that UK West still doesn't have Availability Zone support, is my best option for reducing the risk of this single point of failure to set the replication to GRS? https://learn.microsoft.com/en-us/azure/reliability/regions-list#azure-regions-list-1Azure Virtual Desktop (Pooled) – Sessions ending unexpectedly and users stuck across session hosts
Hi, We are currently investigating an issue in an Azure Virtual Desktop (AVD) environment where users are intermittently disconnected during sign-in or are unable to reconnect to their sessions. Environment: Azure Virtual Desktop Host pool: Pooled OS: Windows 10 / Windows 11 Enterprise multi-session FSLogix enabled Client: Windows App (Remote Desktop) Error message seen by users: "Your Remote Desktop Services session has ended. The administrator has ended the session, an error occurred while the connection was being established, or a network problem occurred." What we are seeing: Users fail to connect or get disconnected shortly after login. Session hosts appear healthy and powered on. No admin-initiated logoff is taking place. Rebooting the affected session host sometimes resolves the issue, but only temporarily. Actions already taken: Restarted AVD agent services on the session hosts. Placed affected hosts in drain mode. Rebooted the VMs. What we suspect: Some users may still have active or disconnected sessions on previous session hosts, possibly combined with FSLogix profile locks, which could be preventing new sessions from starting correctly. Questions: What is the recommended way to identify which users are logged into which session hosts across a pooled host pool? Are there best practices using the Azure Portal or PowerShell to detect and clean up stuck or disconnected sessions? Has anyone seen similar behavior in pooled AVD environments with Windows 10/11 and FSLogix enabled? Any advice or pointers would be appreciated. Thanks.
How to troubleshoot if a cookie is being sent to application gateway with each and every request
I have a rule on WAF policy associated with application gateway with a rule (set as topmost rule) to allow traffic if a particular cookie is sent with the request. But we are seeing some requests that are not hitting that rule and instead hitting different rule and thus getting blocked. My thinking is that the cookie is not being sent by the application in that request, although the developer says that it should be sent with each request. How can I log enough detail on application gateway to see if a cookie was really sent with the request that was blocked or not.
[Design Pattern] Handling race conditions and state in serverless data pipelines
Hello community, I recently faced a tricky data engineering challenge involving a lot of Parquet files (about 2 million records) that needed to be ingested, transformed, and split into different entities. The hard part wasn't the volume, but the logic. We needed to generate globally unique, sequential IDs for specific columns while keeping the execution time under two hours. We were restricted to using only Azure Functions, ADF, and Storage. This created a conflict: we needed parallel processing to meet the time limit, but parallel processing usually breaks sequential ID generation due to race conditions on the counters. I documented the three architecture patterns we tested to solve this: Sequential processing with ADF (Safe, but failed the 2-hour time limit). 2. Parallel processing with external locking/e-tags on Table Storage (Too complex and we still hit issues with inserts). 3. A "Fan-Out/Fan-In" pattern using Azure Durable Functions and Durable Entities. We ended up going with Durable Entities. Since they act as stateful actors, they allowed us to handle the ID counter state sequentially in memory while the heavy lifting (transformation) ran in parallel. It solved the race condition issue without killing performance. I wrote a detailed breakdown of the logic and trade-offs here if anyone is interested in the implementation details: https://medium.com/@yahiachames/data-ingestion-pipeline-a-data-engineers-dilemma-and-azure-solutions-7c4b36f11351 I am curious if others have used Durable Entities for this kind of ETL work, or if you usually rely on an external database sequence to handle ID generation in serverless setups? Thanks, Chameseddine
Azure Static Web App CI/CD
Hi everyone! I know this is a silly question, but I want to ask why, after connecting my Azure Static Web App to my GitHub and it would connect the Git Workflow, the commit would fail. Although, I haven't finished setting up some other resources yet, and I just connected my StatWebApp URL to my Azure Maps, there are other resources that I still need to deploy, and I still need to properly wire the backend to my Azure AI Services. Thanks in advance!
Issue with Hyper-V VM on Tagged VLAN – Traffic Reaches Local Hosts but Not External Networks
Hi everyone, I’m having an issue getting a Hyper-V VM to work correctly when using a tagged VLAN interface. I have a test VM configured with a trunk port and a tagged VLAN. Here is the configuration I’m using: Set-VMNetworkAdapterVlan -VMName "testvlan" -Trunk -NativeVlanId 2 -AllowedVlanIdList "4" The strange part is this: When the VM is on VLAN 4 (tagged), it can reach other resources on the same VLAN as long as those resources are running on the same Hyper-V host. But if the target resource is outside the Hyper-V host, the VM cannot reach it at all. The hardware vendor has already ruled out any issue with the top-of-rack switches interconnecting the hosts. If I reconfigure the VM’s network adapter in access mode on the same VLAN, then all traffic works normally and the VM can reach resources outside the host without any problem. So it seems that traffic leaves the host correctly only when the adapter is in access mode, not when using a trunk with VLAN tagging. Has anyone seen this behavior before or has suggestions on what to check next?The November Innovation Challenge Winning Teams!
We run the Innovation Challenge program because we believe the only way we can have the best AI platform for every person and every organization is by having a truly diverse and highly skilled community of developers building AI solutions on Azure. We run the Innovation Challenge program because we are geeks who love a good hackathon. We run the Innovation Challenge program because we get blown away by what our community can do. From our first Innovation Challenge hackathon in June of 2024 to our sixth that just finished in November of 2025, the growth curve is steep! Our judges work with the best development teams in the world, delivering cutting edge AI solutions. But even with our front row view of things, we are amazed by what can be done today when ad hoc teams come together, despite limited resources and tight deadlines. Participants were asked to choose one of these real world use cases. Auto-resolve Service Desk: Create a multi agent service desk experience that reduces wait times and backlog while earning trust through safe automation, transparency, and graceful escalation. Civic Chat: Build an intelligent civic engagement platform that enables communities to access local government information, participate in discussions, and receive personalized updates using Azure AI services. Customer Personalization Orchestrator: Build a team of agents that segments customers, retrieves product content, creates message variants, and executes A/B/n experiments, with safety checks for content and proof of uplift. This time around there were 76 projects from over 300 participants representing more than a dozen organizations in the program. The winners chosen by the judges came from Código Facilito, DIO, GenSpark, Project Blue Mountain, and Women in Cloud. First place $10,000 AgroHelpdesk: an intelligent service desk for agribusiness that uses a coordinated set of AI agents Second place $5,000 CivicUtopia: an intelligent and inclusive civic engagement platform designed to streamline how citizens interact with their local governments and political landscape. Multi-Agent Service Desk for Education: Large educational institutions struggle with repetitive service desk requests—password resets, course enrollment inquiries, transcript requests, and more. This solution intelligently resolves routine cases while escalating only the complex ones to human staff. Third place $2,500 ResolveIQ: an intelligent helpdesk solution that uses autonomous AI agents, advanced orchestration, and Azure cognitive services to revolutionize customer support and internal assistance. ChainReach AI: multi-agent system that automatically personalizes marketing campaigns at scale CivicChat (D.C.) : a multilingual, AI-powered civic engagement assistant designed to make government information accessible, trustworthy, and easy to understand Tune into Microsoft DevRadio over the next couple weeks to meet these teams!
Custom Script Extensions and Session Host Configuration
Currently the Custom Script Extensions functionality definable in the Session Host Configuration only allows to define a script URL. What is the intended mechanism of authentication for this solution? Currently it seems that its only possible to use an anonymous access level Blob. Defining a token within the script URL is not great due to the fact that the URL is viewable in plain text via the Azure Portal. Neither of those will satisfy. CSE configuration by the Session Host Configuration during deployment. Key vault references are used when defining credentials for domain join and local admin accounts for the Session Hosts. Would it be possible to have key vault references for CSE Storage Account Name/Key or SAS token or the possibility to define a Managed Identity instead? These can be defined when deploying the CSEs manually. Please guide me as to what the best solution would be to this topic.
Events
⏱️ This live AMA is on January 22nd, 2026 at 9:00 AM PT. This same session is also scheduled at 5:00 PM PT on January 22nd.
SESSION DETAILS
This session breaks down the complexity of Azure pr...
Online
⏱️ This live AMA is on January 22nd, 2026 at 5:00 PM PT. This same session is also scheduled at 9:00 AM PT on January 22nd.
SESSION DETAILS
This session breaks down the complexity of Azure pri...
Online
Recent Blogs
- 2 MIN READWe’re excited to announce that user delegation (UD) SAS is now in public preview for Azure Tables, Azure Files, and Azure Queues in all public regions. User delegation SAS is already available fo...Jan 16, 2026
- 8 MIN READPostgreSQL is a popular open‑source cloud database for modern web applications and AI/ML workloads, and deploying it on Azure VMs with high‑performance storage should be simple. In practice, however,...Jan 15, 2026
