Recent Discussions
Restrict Cost Consumption by using Azure Automation, Budget and Policy
Video See the demo video by using below link Demonstration Video Automation Runbook Logic Logic which set tag value once threshold exceeds # Authenticate using Managed Identity (recommended for Automation Accounts) Connect-AzAccount -Identity # Define Subscription ID and Reset Tag $subscriptionId = (Get-AzContext).Subscription.Id $tags = @{ "cost exceeded" = "yes" } # Resetting the tag value # Update the tag Update-AzTag -ResourceId "/subscriptions/$subscriptionId" -Tag $tags -Operation Merge Write-Output "Tag 'cost exceeded' reset to 'yes' for subscription $subscriptionId" Logic which reset tag value every month # Authenticate using Managed Identity (recommended for Automation Accounts) Connect-AzAccount -Identity # Define Subscription ID and Reset Tag $subscriptionId = (Get-AzContext).Subscription.Id $tags = @{ "cost exceeded" = "no" } # Resetting the tag value # Update the tag Update-AzTag -ResourceId "/subscriptions/$subscriptionId" -Tag $tags -Operation Merge Write-Output "Tag 'cost exceeded' reset to 'no' for subscription $subscriptionId" Azure Policy Logic { "properties": { "displayName": "budget", "policyType": "Custom", "mode": "All", "metadata": { "version": "1.0.0", "createdBy": "f6bb4303-e52d-4cba-9790-01f0798164b7", "createdOn": "2025-03-13T05:08:05.8483517Z", "updatedBy": "f6bb4303-e52d-4cba-9790-01f0798164b7", "updatedOn": "2025-03-13T06:32:35.1740944Z" }, "version": "1.0.0", "parameters": {}, "policyRule": { "if": { "allOf": [ { "field": "type", "notEquals": "Microsoft.Resources/subscriptions" }, { "value": "[subscription().tags['cost exceeded']]", "equals": "yes" } ] }, "then": { "effect": "Deny" } }, "versions": [ "1.0.0" ] }, }
Accessing a deployed NodeJS app?
I'm a complete noob to Azure. I have managed to deploy a NodeJS all to a Function App (container?). I can go into Deployment > Advanced > Kudu and then to Debug Console > CLI, and it will show a directory listing. In my case, I see: A/SP.NET /data /LogFiles /ShutdownSential /site .gitconfig gitsafedirectory.marker So I go into /site and then into /wwwroot, and I see my files: /node_modules host.json index.js The default URL for this is (I obfuscated the sensitive bits) is blahblah-func-70.azurewebsites.net. If I go to this URL I get a pretty page saying my function is running. What I need to get to is the index.js file. What URL do I use to do that? If I append /index.js to that URL, I get a 404. Thanks!Unable to get Python3.12 running on Azure App services
Good day, I am having endless trouble getting a python app to run on azure service apps. I cannot find anywhere to install modules like pip, which I need to install openai. Can someone please assist as I've been struggling for 2 days now... I am fairly new to this process. Deployment goes through, but it fails to install pip modules Thank you in advance! WDeleteBlobLogicApp on malware blob upload
Dear All, I start by saying that I don't know whether this matter (and issue for me) was already raised here or somewhere else, I couldn't find anything relevant to me. I have deployed the DeleteBlobLogicApp as explained here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-configure-malware-scan However, there seem to be issues with the workflow actions. Firstly, the trigger event action was good, but then it failed at the next action "GetBlobEntity": the error that it returned was: "The 'from' property value in the 'query' action inputs is of type 'Null'. The value must be an array.because of that the blob is not deleted from the container" which I fixed, thanks mostly to Copilot as I am not programmer or developer, by changing the relevant code part like so: { "type": "Query", "inputs": { "from": "@if(empty(triggerBody()?['Entities']), json('[]'), triggerBody()?['Entities'])", "where": "@equals(item().type, 'blob')" }, "runAfter": {} } But then I got stuck and had to give up at the next action "Delete Blob": Here the returned error was: InvalidTemplate. Unable to process template language expressions in action 'Delete_Blob' inputs at line '0' and column '0': 'The template language expression 'body('GetBlobEntity')[0].Url' cannot be evaluated because array index '0' cannot be selected from empty array. The action's code part is the following: { "type": "Http", "inputs": { "uri": "@{body('GetBlobEntity')[0].Url}", "method": "DELETE", "headers": { "x-ms-version": "2019-07-07" }, "authentication": { "audience": "https://@{triggerBody()? ['CompromisedEntity']}.blob.core.windows.net/", "type": "ManagedServiceIdentity" } }, "runAfter": { "GetBlobEntity": [ "Succeeded" ] } } Do you have any clue on how to code it correctly? Thank you very much and I am sorry if it wasn't the right discussion board! Gianluca
Azure ADF ServiceNow connector can't retrieve table columns but same login can do in REST API
I have tried to create a pipeline using copy activity to extract data from a table in our ServiceNow dev platform. I have first used the latest version of the ServiceNow connector. However, it didn't work. When I tried to import schema, it shows below error message: Failed to load. The API request to ServiceNow failed. Request Url: https://airtrunkautemp.service-now.com/api/now/table/sys_dictionary?sysparm_query=name%3dfacilities_request^ORname%3dsm_order^ORname%3dtask, Status Code: Forbidden, Error message: {"error":{"message":"Insufficient rights to query records","detail":"Field(s) present in the query do not have permission to be read"},"status":"failure"} Activity ID: 5a99e871-893d-4426-809e-0b22654248f8 Then I tried to use the legacy version of the ServiceNow connector, extract full table data using query. After I executed the pipeline, only 1 column sys_id is returned. I have contacted the ServiceNow support for the issue, they checked and got back me the access login has no issue. Then I wrote python to use REST API to retrieve data from the same table, it works, I could extract all table columns without the insufficient rights issue. Does anyone have this experience before? How did you solve it?
Mouse pointer disappearing over Word/Excel/Outlook in AVD
Hi We are seeing a strange issue on a bunch of session hosts where user over certain apps cannot see the mouse pointer in their full screen AVD sessions. Session hosts are running Windows 10 22H2 up to date (well to February B week release); user client up to date, I am not aware we had user ever report this prior to completely rebuilding a new host pool last autumn for the AppReadiness crashing issues. From what we can tell this only seem to happen with Microsoft Excel, Word and the Outlook compose window, the mouse pointer basically becomes transparent as you can't see it so it makes it hard to select text or cells accurately. Clients are mostly a mix of HP and Lenovo PCs micro PCs running Windows 10 22H2 and Windows 11 23H2 Enterprise on Intel 8th to 12th Gen CPUs and AMD Ryzen Pro CPUs with integrated graphics. Does anyone else see this or any ideas what might be causing it?Azure Arc, on-prem servers, and MDE
I've onboarded a handful of on-prem server into Azure Arc and I would like to rollout the MDE extension. Do I have to enable MDE on the resource group or subscription before I can install it? I don't see it listed as an available extension when I go here: Azure Arc | Machines > server01 | Extensions > Install extensionI need an idea of how to make an architecture in Azure
Hello, I need help with a project. I need to upload an Excel file to my data lake and create an automated process that converts it to CSV without the need for user intervention or debugging. Can someone assist me with this? It is very important for me to complete this process successfully.
What service principal is used to authenticate Logic Apps to Azure resources?
This question is a bit more academic than practical, but I'm just trying to enhance my knowledge of how Azure authentication works under the hood. The default way to authenticate managed Logic Apps connections is through an OAuth popup asking you to grant permissions. Based on my reading of the Azure docs, this means that you're granting access to the delegated permissions of a service principal. For connectors that access the Graph API, such a service principal in your tenant with the correct delegated permissions: However, I'm struggling to find an equivalent service principal for connectors that use the Azure Resource Management API to interact with services like Log Analytics, sentinel, Logic Apps, etc. I do see a service principal called Azure Logic Apps, but it doesn't have any permissions associated with it. My understanding is that it would need to have the delegated permission user_impersonation to access Azure resources: So my questions here are What Service Principal is used for the OAuth connection to the Azure Resource Management API? If the Azure Logic Apps service principal is used, how is it able to connect to the ARM API without any permissions? Is there some Azure magic happening under the hood here?Windows App will replace Remote Desktop app for Windows
Starting May 27, 2025, the Remote Desktop app for Windows from the Microsoft Store will no longer be supported or available for download and installation. Users must transition to Windows App to ensure continued access to Windows 365, Azure Virtual Desktop, and Microsoft Dev Box. For more information about this transition, please see aka.ms/RemoteDesktopAppBlog.
FSLogix Lock issue - user cannot login - user cannot be manually disconnected from session
Issue just started happening. On latest version of FSLogix (hotfix 4), upgraded from hotfix 1. Issue presented in hotfix 1, MS support suggested to update to latest. We have a 15 minute policy pushed via intune that logs off disconnected sessions after 15 minutes. It has been working fine for over a year. This week, one user is affected. When they are disconnected, the AVD session host (Win10) does not log them off, and FSLogix seems to hold onto their session. The FSLogix logs indicate " Failed to acquired check session lock for user username" repeatedly. We don't allow local profiles to be created. We have the required registry keys added. User is 1 version back on the AVD client - also tried on latest client. Opened ticket with MS support. Only workaround is to reboot session host, but others are logged in and not a valid workaround. First time user logs in after a reboot, it works fine. Subsequent logins cause an issue, user receives "Singing out" as shown in screenshot and nothing happens. When I try to manually log off the user either from the azure portal or the session host, nothing happens. Anyone else experience this or have suggestions?
Test failover for Azure SQL database
Hi I want to use a failover group to protect an Azure SQL server, for DR purposes, but I'm unsure how to perform a test failover. Can I use a recovery plan perform a test failover, keeping the primary node up and running for production, whilst the secondary is available for DR testing? Cheers Alex
How to sync date and time formats between Azure DevOps and Jira?
Jira Cloud and Azure DevOps have different APIs that support different data formats, even for the same type of data. Azure DevOps uses the HTML format, while Jira uses Wiki. When transferring date-time information between both platforms, transformers need to work behind the scenes to convert between both formatting styles. That’s the only way to get coherent data. But, this conversion is not available by default due to the lack of compatibility. So, a third-party tool is needed to bridge this gap. In this article, I’ll discuss how to sync date and time formats between Azure DevOps and Jira Cloud. We'll use a third-party integration tool called Exalate to implement this use case. Use case requirements If your Jira and Azure DevOps instances are hosted in different time zones, and you need to manipulate the date-time fields so that the same date is kept, here is how we do it. Let us assume the two teams are 5 hours apart. Here is what we can do: “Due Date” and “Start Date” are custom date-time fields in Azure DevOps “Start date” is a custom date field in Jira “Due” is the standard due date field in Jira We would like to add 5 hours to the Jira timestamp when they are received in the Azure DevOps instance. Then, we would like to subtract 5 hours from the Azure DevOps timestamp when they are received in Jira. How to use Exalate to sync date and time formats between Azure DevOps and Jira cloud? Exalate comes with an AI-powered scripting engine that allows you to write mapping rules for any connection. It supports the Groovy language, which you can use to write the transformation algorithm for the date-time information. To implement this use case, you need to install Exalate on both your Jira Cloud and Azure DevOps instance. Then, set up a connection in the Script mode. Once connected, click Configure Sync and navigate to the Rules tab, where you’ll set up sync rules. In the Rules tab, you’ll find default scripts for syncing basic fields like summary, description, comments, and attachments. To sync custom fields or behaviors, you’ll need to add your own scripts. The Rules tab is divided into: Outgoing Sync: Defines the information sent from Jira to Azure DevOps. Incoming Sync: Maps the information received from Azure DevOps into Jira. The same exists on the Azure DevOps side. Jira outgoing script replica.customFields."Start date" = issue.customFields."Start date" replica.due = issue.due The script for the data going out of Jira is being fetched from the custom field named “Start date”, while the due date is going over as the replica.due expression. Jira incoming script import java.text.SimpleDateFormat import java.text.DateFormat import java.util.Calendar import java.util.Date def datePattern = "yyyy-MM-dd HH:mm:ss"; DateFormat formatter = new SimpleDateFormat(datePattern); dateString = replica."start" dateString = dateString.replaceAll("T"," ").trim(); dateString = dateString.replaceAll("Z"," ").trim(); date = formatter.parse(dateString); def timestamp = date.time Calendar calendar = Calendar.getInstance() calendar.timeInMillis = timestamp calendar.add(Calendar.HOUR_OF_DAY, -5) def updatedTimestamp = calendar.timeInMillis issue.customFields."Start date".value = updatedTimestamp dateString = replica."duedate" dateString = dateString.replaceAll("T"," ").trim(); dateString = dateString.replaceAll("Z"," ").trim(); date = formatter.parse(dateString); timestamp = date.time calendar.timeInMillis = timestamp calendar.add(Calendar.HOUR_OF_DAY, -5) issue.due = calendar.getTime() The code snippet above allows you to set the datePattern and parsing it through a formatter. It also fetches the timestamp down to milliseconds from the calendar. The calendar.add(Calendar.HOUR_OF_DAY, -5) expression specifies that the timestamp coming into Jira should be at least 5 hours behind the original time obtained from Azure DevOps. Azure DevOps outgoing script replica."start" = workItem."Microsoft.VSTS.Scheduling.StartDate" replica."duedate" = workItem."Microsoft.VSTS.Scheduling.DueDate" This code snippet fetches the start and due dates from the default Microsoft Azure DevOps Server (formerly VSTS or Visual Studio Team System). Azure DevOps incoming script import java.text.SimpleDateFormat import java.util.Calendar import java.util.Date def convertJiraTimeToAdoTime(String dateString){ if(dateString == null) return String inputFormat = "yyyy-MM-dd HH:mm:ss.S" String outputFormat = "yyyy-MM-dd'T'HH:mm:ss'Z'" // Create SimpleDateFormat objects for the input and output formats SimpleDateFormat inputDateFormat = new SimpleDateFormat(inputFormat) SimpleDateFormat outputDateFormat = new SimpleDateFormat(outputFormat) // Parse the input date string into a Date object Date date = inputDateFormat.parse(dateString) def timestamp = date.time Calendar calendar = Calendar.getInstance() calendar.timeInMillis = timestamp calendar.add(Calendar.HOUR_OF_DAY, 5) def updatedTimestamp = calendar.timeInMillis // Convert the Date object into the output format return outputDateFormat.format(updatedTimestamp) // String } // does not set the field String inputDateString = replica.customFields."Start date"?.value workItem."Microsoft.VSTS.Scheduling.StartDate" = convertJiraTimeToAdoTime(inputDateString) inputDateString = replica.due workItem."Microsoft.VSTS.Scheduling.DueDate" = convertJiraTimeToAdoTime(inputDateString) This code snippet converts the incoming date-time information into a string before parsing it as input into the date object. It then fetches the date from the calendar to be 5 hours ahead of the time fetched from the Jira Cloud instance. Once you’re done, review the scripts to make sure everything is in order before publishing the changes. That’s all! Your date-time formats are now in sync between Azure DevOps and Jira Cloud. Using script-based solutions, like Exalate, can seem overwhelming at first, but if done correctly, they can be very effective for your integration needs. Have any specific use case that requires handling different data formats? Just ask our integration engineers for a walkthrough of what’s possible or drop a comment here.
How to reduce downloading time for releasing pipeline
When I do a deployment task on a given deployment server, it downloads all linked artifacts for the entire release. So I'm downloading a ton of stuff I don't need. For Example, if it taking 10 minutes to complete the task and out of 10 minutes, it takes 8 minutes just to download artifacts. Is there a way to avoid downloading unnecessary artifacts?Gatewayauthenticationfailed/objectid does not have authorization to perform on scope.
Hello, this is about activating the eligible role using the ARM API. Created a custom role (only with admin login action) no read action- coz we do not want user to see the machines in the portal. We have a ps script that is used inside the virtual machine to activate the eligible role using ARM API the role is assigned on subscription level and activated on resource level, using inheritance. It was working great, but from couple of weeks, we get this errors. "code":"GatewayAuthenticationFailed","message":"Gateway authentication failed for 'Microsoft.Authorization' AuthorizationFailed Message: The client '******@xxx.com' with object id 'xxxxa' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/xxxa/resourcegroups/ResGrp0213' or the scope is invalid. If access was recently granted, please refresh your credentials rest api used- PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/{roleAssignmentScheduleRequestName}?api-version=2020-10-01 it's a random issues on the random users.. #Azure #AVD #AzureVirtualMachines.
Unable to integrate Amazon Managed Grafana on Azure
Hello everyone, I am struggling here with Amazon Managed Grafana on Azure (the one available on Gallery). Have checked MS and AWS documentation and isn't clear regarding assertion mappings. Currently we are able to reach this error, when logging in with a user that do part of a group that was included on that AMG app in Azure (have test with another user account not there and gets blocked): From Entra ID sign in logs, is all good. So I think that could be related with AWS side, mostly assertion attributes that I have tried with what I have on Attributes & Claims on Azure app, but no luck :(. What I have on Azure app: What I have on AMG:Getting empty response while running a kql query using rest api
Hello All, Trying to run a KQL query using power via rest API by passing azure Entra app id and secret key. But we are getting empty response. Log analytics reader role is assigned on LA workspace and able to retrieve access token. When we try to run KQL query manually, we are seeing result. Below is sample snippet that i used, Not sure what is wrong with it? Any help would be highly appreciated. $tenantId = <Tenant id> $clientId = <azure entra application app id> $clientSecret = < app secret key> # Log Analytics Workspace details $workspaceId = <workspace ID> # Acquire a token $body = @{ client_id = $clientId scope = "https://api.loganalytics.io/.default" client_secret = $clientSecret grant_type = "client_credentials" } $query = "AppRequests | limit 10" $uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" $response = Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/x-www-form-urlencoded" -Body $body $accessToken = $response.access_token # Define the Log Analytics REST API endpoint $baseUri = "https://api.loganalytics.io/v1/workspaces/$workspaceId/query" # Set headers for the query $headers = @{ Authorization = "Bearer $accessToken" "Content-Type" = "application/json" } # Prepare the request body $requestbody = @{ query = $query } | ConvertTo-Json # Send the request $response = Invoke-RestMethod -Uri $baseUri -Method Post -Headers $headers -Body $requestbody -Debug # Display the results $response
Recent Blogs
- 3 MIN READLogic apps standard uses azure storage account to store artifact files such as host.json, connection.js etc,. With Hybrid environment in picture, access of azure storage account always cannot be guar...Mar 13, 2025
- Join Us for an Exclusive Round Table Discussion on the ONNX Generative AI Runtime! Date: 24th March 2025 Time: 8.30am PT Location: Microsoft AI Discord Community What is an AMA? An "Ask ...Mar 13, 2025
