Recent Discussions
AVD with FSLogix - profiles not loading
Setup AVD with FSLogix several months back and profiles had been loading fine. About a month ago, profiles stopped loading and the logs show "Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced." This is in regards to connecting to the profile share path. If I manually try to go to that path, I receive the same error. The accounts do have a password, so it shouldn't be anything to do with a blank password. There are no sign-in time restrictions enforced on these accounts. What's left is a "policy restriction", which is kind of vague. Things I've tried: update to latest FSLogix verify permissions on profile storage enabled these in local policy: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options ‘Accounts: Limit local account use of blank passwords to console logon only‘ = disabled Computer Configuration > Administrative Templates > System > Credentials Delegation ‘Restrict delegation of credentials to remote servers‘ = disabled I have a ticket open with MS support for 3 weeks now, but thus far they've been completely useless.
bypass of MFA for Admin portals
Hello, I have a conditional access policy that bypasses MFA for custom enterprise apps when working from our trusted IPs. Since this policy is working as designed and expected, I thought it would be a simple matter to add the admin portal apps to it so sites like portal.azure.com are also bypassed. But for some reason it doesn't work even though sign-in logs reflect that the password only policy is indeed being applied to the sign in. Is there something additional I need to do? Are admin portals hardcoded for MFA? I have included some screenshots of the policy and logs for review. Thanks,Blog about Automating Vacation Requests with Azure Logic Apps and SharePoint
In today’s fast-paced business environment, automation plays a vital role in improving operational efficiency. One of the most common yet time-consuming HR processes is managing employee vacation requests. Fortunately, Azure Logic Apps offers a low-code/no-code solution to automate this workflow efficiently and with minimal setup. In this blog post, I’ll walk you through how to use Azure Logic Apps to build an automated vacation request workflow, integrating with services like Outlook, SharePoint, and Microsoft Teams. https://dellenny.com/automating-vacation-requests-with-azure-logic-apps-and-sharepoint/Linux Virtual Machine Agent Status "Not Ready"
We currently have a CEF server deployed in Azure which is a Linux VM. This morning I had no logs in sentinel and checked on the vm and noticed there was an error stating the Agent Status is "Not Ready". Having a hard time finding a solution to this problem, has anyone had this issue before? Thanks.Script or Query for Management Group Compliance Statistics
I've been trying to reproduce the Azure Portal Compliance statistics for a Management Group in a PowerShell script or Resource Graph query without much luck. What I'd like to do is reproduce the numbers like compliance percentage, number of compliant / non-compliant resources, in the portal display. And run a daily script or query to track the numbers over time. (Without doing screen shots every day.) Just to be clear, I've attached a screenshot of a compliance screen for management group TEST1. I want to automate calculation of the Overall Resource Compliance (46%, 317 out of 692), and the policies/initiatives compliance state and resource compliance percentages at the bottom of the screen. I'm only interested in the resource compliance percentages below a threshold like 90% in order to help guide our remediation efforts. I've found several scripts and resource graph queries online but none seem to address management group scope. And even the ones that produce numbers for subscription scope don't seem to match the portal numbers. Has anyone successfully reproduced the portal MG compliance numbers with a script or quiery? Or, is it possible to obtain the logic behind the portals' MG scope compliance code? Seems like we should be able to reproduce the numbers shown by the console. Thanks.What to do then Microsoft website for downloading AVD Agent Bootloader is down?
Today, query.prod.cms.rt.microsoft.com website is down, which means that then deploying AVD session hosts to hostpool with Bicep and custom extension, my download and install script will fail because it can not reach the website URL: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWrxrH It says 502 bad gateway. I have tried to search the internet for an alternative URL where the AVD Agent Bootloader can be downloaded from, but have not come across any - only for the RDAgent installer.
duplicate fslogix profile issue
There are two profile for few users one is starting with sid_username and another with username_sid for pooled azure virtual desktop. We want all user profile having naming convention username_sid for all users. Below are the settings configured: - -Swap directory name components is enabled -flipflopprofiledirectory Name is set to 1 Any recommendation will be helpful.
Entra ID credentials in Azure Virtual Desktop
Hello, When Entra ID users want to access their passwords in Chrome/Edge they get a Windows security prompt asking for their credentials. When they enter their Entra ID username and password, they get the notification that these are wrong. To test i tried to run a program as a specific Entra ID user and I get the same issue. What do Entra ID users enter for those login prompts?
Azure app service getting restarted abruptly
I have an Azure app service with app service plan P1mv3 : 1. We have deployed the .net 8 web api project which has a background service as well. Background service does below things - Get the journal data from one of our on-premises endpoint for 1700 journals. Generate the embeddings for all the journal names in the batches of 100 with a delay of 5 seconds after each batch using Azure open AI. We use these embeddings for vector search in cosmos db to better search by journal title. Delete all the records from existing cosmos DB container in the batches of 100 with a delay of 5 seconds after each batch. We do this as we need to insert the fresh data each week. Insert all the records with embeddings generated in step-2 in cosmos DB container in the batches of 100 with a delay of 10 seconds after each batch. The problem is once we deploy this to app service after verifying that everything works fine on local system, the app service just generates 800/1000 out of 1700 embeddings and just restarts. We can see the logs as "Hosting environment: Production", "Content root path: c:\home\site\wwwroot" etc after our custom logs depicting the progress to generate the embeddings. e.g. Progress: 1000/1700 items embedding results generated.Compute_Management Intent duplicates and causes workloads to loose connectivity
Hi. I have a situation where we are running a 2-noded Azure Local 23H2 with the latest april 2025 updates installed. We have 2 Intents: Compute_management and storage. On one of the nodes (and only on this node, the other node works fine), Network ATC sometimes duplicates the compute_management intent and creates a new VMSwitch. The old VMSwitch is still present and changes to Internal mode. The new VMSwitch is external but without the NIC attached. The issue happens always after node reboot and also if we live migrate any workload to the affected node. In Azure on the network intent we see the error: physical network adapter not found Both servers are running identitcal hardware (Lenovo SR650) and the NIC for compute_management is Intel X722-T2 1Gb 2port We are working with Microsoft support to find a solution but so far Microsoft have only collected logs and we are waiting for response. I hope that someone here in the community have an idea for a solution.
Can I use PowerShell script with Functions in Azure Devops "Powershell@2" task?
I have a powershell script that includes functions defined in it. When I run it manually the script works fine and reference to the functions works fine. But when I when I run it inside Azure Devops pipeline "Powershell@2" task, the script gets stuck at the point where first function is referenced and just hangs. Is there a particular way I need to call functions in this script?
Unable to trigger function app while using managed identity for the storage account connection
I am trying to create an Azure Function of BlobTrigger type, which needs to be triggered on dropping files in the storage account say filessa. Due to policy restriction the storage account cannot use shared access key. I am unable to trigger the function app dropping a file into a container. I see intermittently an error in the function app logs No valid combination of account information found. assembly : Azure.Storage.Blobs, Version=12.23.0.0, Culture=neutral, PublicKeyToken=9279e12e44c8 method : Azure.Storage.StorageConnectionString+<>c.<Parse>b__67_0 outerType : Microsoft.Azure.WebJobs.Host.Indexers.FunctionIndexingException outerMessage: Error indexing method 'Functions.SPAREventGridBlobTrigger' innermostMessage: No valid combination of account information found. I am referring to Configuring Azure Blob Trigger Identity Based Connection and have created the environment settings and assigned required roles to storage accounts (function App's storage account, say fnsa and the storage account which is used to upload the file to trigger the function app, filessa) as mentioned in this article. This is my simple code [Function(nameof(SPAREventGridBlobTrigger))] public async Task Run([BlobTrigger("samples-workitems/{name}", Source = BlobTriggerSource.EventGrid, Connection = "filessa_STORAGE")] Stream stream, string name) { using var blobStreamReader = new StreamReader(stream); var content = await blobStreamReader.ReadToEndAsync(); Console.WriteLine("Hello from Jey Jey Jey"); _logger.LogInformation($"C# Blob Trigger (using Event Grid) processed blob\n Name: {name} \n Data: {content}"); } I have assigned roles to the storage account filessa Storage Blob Data Owner and Storage Queue Data Contributor for the Azure Function identity. and assigned roles to the storage account fnsa Storage Blob Data Contributor for the Azure Function identity. (Actually I ended up adding many other roles like Storage Account Contributor, Storage Blob Data Reader and similar too to both storage accounts) Please advice me to on the items to be added in the environment settings. 1. the name and value of the connection of the storage account, filessa 2. the name and value of the connection of the storage account, fnsa 3. other items that needs to be mandatorily added to make it work I have tried added items like AzureWebJobsStorage, AzureWebJobsStorage__accountName, AzureWebJobsStorage__blobServiceUri, ..., AzureWebJobsfilessa_STORAGE, filessa_STORAGE. I have also referred to this microsoft documentation Tutorial: Trigger Azure Functions on blob containers using an event subscription ; tried adding the EventSubscription in the storage account filessa. The webhook https://FA-SPAREG-FA.azurewebsites.net/runtime/webhooks/blobs?functionName=Host.Functions.SPAREventGridBlobTrigger&code=_MPRFuo9sdEg== in Postman with POST returned back error Please help me with all the required environment settings to be added in the function app in Azure and any other suggestion or steps I have missed here to make this work.
Choosing the Right Scaling Strategy for Your Kubernetes Workloads: Karpenter, KEDA, and Azure Arc
Overview Scalability is a cornerstone of cloud-native architecture. In the Kubernetes ecosystem, autoscaling strategies are evolving to meet the diverse needs of cloud workloads—from node provisioning to event-driven pod scaling and multi-cloud management. This post compares three complementary tools—Karpenter, KEDA, and Azure Arc—and how they integrate with Azure-native services to improve scalability, efficiency, and control. 1. Karpenter: Intelligent Node Autoscaling Karpenter is an open-source node provisioning tool designed to improve scheduling efficiency and reduce infrastructure cost. It works by launching right-sized compute resources in response to unschedulable pods, optimizing for speed and cost over traditional Cluster Autoscaler methods. Key Features Application-aware scheduling that honors taints, tolerations, and affinities. Fine-grained provisioning that scales nodes precisely to workload requirements. Improves resource utilization and cost-efficiency. Best For Dynamic compute provisioning on Amazon EKS (AWS). Workloads with varied and unpredictable resource demands. Scenarios requiring faster scaling than Cluster Autoscaler. Limitations Currently limited to AWS environments. Requires deployment within a managed node group. Read: Karpenter Documentation 2. KEDA: Event-Driven Pod Scaling for Kubernetes KEDA (Kubernetes Event-Driven Autoscaler) brings serverless-style autoscaling to Kubernetes by enabling scaling based on event sources. Instead of relying on CPU or memory metrics, KEDA can trigger pod autoscaling based on external systems like Azure Service Bus, Kafka, or custom metrics. Key Features Scales pods based on business/event metrics (queue length, message rate). Supports over 50+ scalers (Azure Service Bus, Kafka, Prometheus, etc.). Seamlessly integrates with Horizontal Pod Autoscaler (HPA). Best For Serverless, event-driven architectures. Use cases where demand is tied to queue length or stream activity. Real-time or bursty workloads like messaging and IoT. Security Leverages native Kubernetes RBAC and secrets management. KEDA Documentation 3. Azure Arc: Hybrid Management for Kubernetes Azure Arc isn’t an autoscaler—but it plays a strategic role in unifying management across hybrid and multi-cloud environments, including Kubernetes clusters. Key Features Extends Azure control plane to any Kubernetes cluster. Enables consistent governance, security policies, and CI/CD pipelines. Integrates with tools like Azure Monitor, Defender for Cloud, and Azure Policy. Best For Enterprises managing clusters across on-prem, edge, and other clouds. Teams needing to apply centralized Azure governance across distributed environments. Complementary With KEDA (for event-driven scaling). Karpenter (for node-level scaling on AWS). Azure Arc-enabled Kubernetes Overview Feature Comparison Matrix Capability Karpenter KEDA Azure Arc Primary Function Node autoscaling Pod autoscaling (event-based) Management and governance Cloud Support AWS only Multi-cloud Azure, any infrastructure Best For Cost-efficient compute usage Serverless/event-driven apps Hybrid/multi-cloud governance Integration with Azure No Yes (via Azure Event Hubs, etc.) Full support Security Kubernetes-native Kubernetes-native Azure-native + Kubernetes security 🔧 Deployment Resources 🔹 KEDA on Azure Kubernetes Service (AKS) Deploy KEDA on AKS 🔹 Azure Arc with AKS or Edge Kubernetes Azure Arc-enabled Kubernetes Overview 🔹 Self-Hosted GitHub Runners with Azure Container Apps (KEDA-based) Tutorial: Run GitHub Actions Runners with Azure Container Apps Jobs 🔹 GitHub Actions Runner on AKS with Autoscale Sample: GitHub Runner on AKS with KEDA 🔚 Conclusion There is no one-size-fits-all solution for Kubernetes autoscaling. Karpenter, KEDA, and Azure Arc each serve distinct roles: Use Karpenter for dynamic and cost-efficient node autoscaling on AWS. Use KEDA for scaling based on real-world signals like queue length and event spikes—especially on Azure. Use Azure Arc for consistent governance, visibility, and policy enforcement across all your Kubernetes environments. In many real-world scenarios, combining these tools unlocks the best outcomes.Azure role for managing Visual Studio subscribers
Granting Help Desk users the ability to manage and provisioning Visual Studio licenses from the VS admin centre. I prefer not to assign the User Access Administrator role; so I am looking on what are the key RBAC configuration only for the sole purpose of managing user license for Visual Studio. Out VS subscription is attached to an Azure sub. (https://manage.visualstudio.com)
How integreate Azure IoT Hub with Azure Synapse in RealTime
Hello, I'm researching how to connect Azure IoT Hub with Azure Synapse, I've already used IoT Hub a bit but I don't have any knowledge of Synapse, it is also required that the data be in RT, so if someone has already done something similar or knows where I can find answers I would appreciate it. Have a good day.Habilitar la colaboración B2B de Azure AD / Enable Azure AD B2B collaboration
Buenos días. Se está configurando una Colaboración Multitenant con varios Tenant. Se ha detectado que las Rooms sólo aparecen a los usuaurios las de su propio Tenant y no la de todos. Y necesitamos que aparezcan todas las Rooms de todos los Tenants para todos los usuarios de los diferentes Tenants. Actualmente se ha configurado Multitenant Collaboration en el portal Microsoft 365 admin center y las configuraciones Cross-Tenant Synchronization que se encuentra dentro del portal de Microsoft Entra Admin center. Nos ha comentado un Moderador de la comunidad de Microsoft que para que los Rooms aparezcan en todos los inquilinos es necesario habilitar B2B de Azure, ¿nos podéis ayudar por favor? Gracias. Un saludo. ------------------------------------------------------------------------------------------------------------------- Good morning. Multitenant Collaboration is being set up with multiple Tenants. It has been detected that the Rooms only appear to users those of their own Tenant and not that of all of them. And we need all the Rooms of all the Tenants to appear for all the users of the different Tenants. Multitenant Collaboration has currently been configured in the Microsoft 365 admin center portal and Cross-Tenant Synchronization configurations in the Microsoft Entra Admin center portal. A Microsoft Community Moderator told us for Rooms to appear in all tenants it is necessary to enable Azure B2B, can you please help us with that? Thank you. Best regards.Azure Entra External ID - Password policy
Hi All, I am investigating using Azure Entra External ID as an external identity provider for a web app but I want to be able to set the password policy for password reset etc but cant find anything in the documentation, I have posted on some other groups and my conclusion is you cant change the password complexity when using Azure Entra External ID, I wondered if someone could advise if this is correct and if so are there plans to add this, do you need additional licence, using this for various Saas projects and not being able to set your own complexity seems odd to me? Not sure what the etiquette is for multiple issues but I have another issue with Azure Entra External ID, when a user that is not registered and try to login in the message shown to the user is "You can't sign in here with a personal account. Use your work or school account instead.", this is incorrect and very misleading, it should be something like "No account with this email could be found" can I change the message or have I just configured wrong? Thanks in advance.Microsoft Print to PDF not working, nor any third-party PDF printer
Microsoft Print to PDF or any other third-party Print to PDF printers are not working for us. It looks like this is related to a bug in one of the latest security updates for Windows. Have anybody found a solution or workaround? Thanks!
Could not create an Azure subscription since user is not eligible for an Azure account.
Hi All, We have all of the Azure resources for our SaaS and development under one subscription. Since it has only been me running everything that has been OK. We are expanding and recently got some help. Also we are building a new SaaS, larger in scope, which will require some collaboration. I want to use the same Entra tenant for both production and development environments, so creating a new subscription under the existing tenant seems like the way to go. I tried to create a new subscription for all the development resources. I got the error message "Could not create an Azure subscription since user is not eligible for an Azure account. Please go to https://aka.ms/AccountReview to contact Azure support for assistance." The AccountReview link just led to the ticket system, which would not allow the creation of a ticket. I have been searching for solutions for a few hours without any luck. I am the owner of the account, and have given myself every possible permission I can find. I still keep getting the same message. Any suggestions would be welcome. Thanks in advance, Rob
Recent Blogs
- This article explores how to centralize logging from on-premises servers—both physical and virtual—into a single Log Analytics Workspace. The goal is to enhance monitoring capabilities for the Azur...May 08, 2025
- We are excited to announce that several enhancements to purchase-related data in Cost Management for Microsoft Customer Agreement (MCA) customers are now generally available. These improvements, roll...May 08, 2025
