Forum Widgets
Latest Discussions
TDE with database level customer-managed keys - using Terraform
I am trying to create my database in azure with TDE with database level customer-managed keys - using Terraform. Need help in achieving that. I see --encryption-protector $keyid can be used in creation of db using Azure CLI. Is there something similar to use in terraform? We have azurerm_mssql_server_transparent_data_encryption" for TDE at server level. I am looking for something similar for database level.
Azure DevOps pipeline - how to deploy DB project to on-prem using custom path to SqlPackage.exe
Hi, I've been trying to figure this out for a while, but can't find my way around it. Our DevOps team has the SqlPackage.exe file saved in a custom location on a virtual machine used for the agents. I need to access the file to be able to deploy DB projects to on-premise server using Azure DevOps pipeline. I tried couple different approaches, but nothing seems to work for me. At the moment my deployment pipeline downloads artifacts and is able to use them for deployment, but can not actually deploy the project due to missing SqlPackage.exe file in the expected location. Any help would be greatly appreciated! EDIT: At the moment I'm trying to use CmdLine@2 task (see below), but it's giving me an error. - task: CmdLine@2 inputs: script: '"C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\Common7\IDE\Extensions\Microsoft\SQLDB\DAC\sqlpackage.exe" /Action:Publish /SourceFile:"$(System.DefaultWorkingDirectory)/_WIP Build DB Symfonie2_ods/files/s/Symfonie2_ODS/bin/Debug/Symfonie2_ODS.dacpac" /TargetServerName:$(TargetServer) /TargetDatabaseName:$(TargetDatabaseName) -U $(SqlUsername) -P $(SqlPassword)/TargetEncryptConnection:False'
Empowering Data Security with Azure Rights Management and Azure Information Protection
In today’s digital world, data is one of the most valuable assets a business can have. Whether it’s customer information, financial records, or internal documents, keeping that data safe is absolutely necessary. As more companies move to cloud-based systems and work in hybrid environments, the need for smart and reliable data protection tools is growing fast. That’s where Azure Rights Management (RMS) and Azure Information Protection (AIP) come in. These tools help businesses organize, label, and secure their data across different platforms, making sure it stays protected no matter where it goes. Understanding Azure Rights Management (RMS) Azure RMS is a cloud-based service designed to safeguard digital information through encryption, identity, and authorization policies. It ensures that data remains protected regardless of where it resides—on a local device, in the cloud, or in transit. Core Protection Workflow The Azure RMS protection process is straightforward yet powerful: Encryption: When a user initiates protection, the content is encrypted using strong cryptographic standards. Policy Attachment: An access policy is embedded within the file, defining what actions are permitted (e.g., read-only, no print, no forward). Authentication: Access is granted only after successful authentication via Azure Active Directory (Azure AD). Decryption and Enforcement: Once authenticated, the file is decrypted and the access policy is enforced in real time. Encryption Standards in Use Azure RMS employs: AES 128-bit and 256-bit encryption for securing documents. RSA 2048-bit encryption for protecting customer-specific root keys. These standards ensure that even if data is intercepted, it remains unreadable and unusable without proper authorization. Azure Information Protection: Beyond Encryption While Azure RMS focuses on securing content, Azure Information Protection (AIP) adds a layer of intelligence through classification and labeling. AIP enables organizations to define and apply sensitivity labels that reflect the value and confidentiality of their data. From Classic to Unified Labeling Microsoft has transitioned from the classic AIP client to the Unified Labeling Client, which integrates directly with Microsoft 365 compliance solutions. This shift simplifies management and enhances compatibility with modern Office applications. Sensitivity Labels in Action Sensitivity labels help organizations manage data access and usage by categorizing content into levels such as: Public: Safe for public distribution. General: Internal use only. Confidential: Restricted to specific internal groups. Highly Confidential: Limited to named individuals with strict usage controls (e.g., no printing or downloading). Labels can be applied manually by users or automatically based on content inspection, context, or metadata. Built-In Labeling in Office Apps Modern Office apps now support built-in labeling, eliminating the need for separate add-ins. This native integration ensures a smoother user experience and reduces the risk of compatibility issues or performance degradation. Licensing Overview To leverage AIP features, organizations must have the appropriate licensing: Office 365 E3 and above: Basic classification and labeling. AIP Plan 1: Included in Microsoft 365 E3 and EMS E3. AIP Plan 2: Included in Microsoft 365 E5 and EMS E5, offering advanced capabilities like automatic labeling and document tracking. Real-World Use Cases Access Control: Limit access to sensitive documents based on user roles or departments. Version Management: Use labels to distinguish between draft and final versions. Automated Workflows: Trigger encryption or archiving when documents reach a certain sensitivity level. Why Azure Information Protection Matters Implementing AIP brings a host of benefits: Persistent Protection: Data remains secure even when shared externally or accessed offline. Granular Control: Define who can access data and what they can do with it. Visibility and Auditing: Monitor access patterns and revoke access if needed. Hybrid Compatibility: Protect data across cloud and on-premises environments using the Rights Management connector. Centralized Management: Streamline policy creation and enforcement across the organization. Conclusion Azure RMS and AIP together form a powerful duo for modern data protection. By combining encryption, identity management, and intelligent labeling, organizations can confidently secure their most valuable asset information while enabling seamless collaboration and compliance.Activate text entry box not accepting text
I have been experiencing this issue for a few weeks now and assumed it was just me. But I asked several co-workers and they are all experiencing the same issue. When attempting to active a PIM role in Azure, the text entry box for adding the reason you're activating the role will flash and change the outline to blue, indicating it is now ready to accept text entry. However, it will not allow typing in text. If you click inside the box several times, you might be offered the option to auto-fill a previously used entry (but not always). In order to actually type in the reason, I have to first click on "Roles" in the activation window, then click "Activate" again to get back to the text box. It will then accept text entry and allow completion of role assignment. It's not a huge problem, but it adds steps and time to role assignment, which isn't ideal since roles are usually being grabbed to take care of an apparent emergency. (I have a great short video showing exactly what I'm talking about, but the media insertion option would not allow adding it here.)
Create a Release Pipeline Agent in Azure DevOps
Hi, I am trying to install a new agent for my Azure DevOps. I have followed the instructions that Azure DevOps provides when trying to install/create a new agent, but I am constantly running into an issue when installing the agent mentioned in the following URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=AgentService.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 I am running .NET Framework 4.6.2 on my system, and I do not know how to create the agent on my local system, I keep running into this error. I have also updated my PAT for both GitHub and Azure DevOps. Regards, Asim Khan
Publish static html as artifact
Hi, I'm using a regular Azure DevOps Pipeline to create some documentation (HTML-based) and some coverage reports. Using Gitlab, it was possible to directly create a link to these artifacts and show the html as webpage. Using Azure DevOps, it will always trigger to download the html-content. Is there any way to create a link that just shows the artifact as an web-page?
Has anyone here integrated JIRA with Azure DevOps
We are currently using Azure Pipelines for our deployment process and Azure Boards to track issues and tickets. However, our company recently decided to move the ticketing system to JIRA, and I have been tasked with integrating JIRA with Azure DevOps. If you have done something similar, I will appreciate any guidance, best practices, or things to watch out for.azure-pipelines-agent on NixOS
I am trying to install azure-pipelines-agent on NixOS, because I want to use nix in my pipeline. I am finding this to be very difficult; the scripts like installdependencies.sh do not support NixOS as a distribution. Is there a known solution or workaround for this, or is it something that may be supported in the future?
Azure Form Recognizer Redaction Issue with Scanned PDFs and Page Size Variations
Hi all, I’m working on a PDF redaction process using Azure Form Recognizer and Azure Functions. The flow works well in most cases — I extract the text and bounding box coordinates and apply redaction based on that. However, I’m facing an issue with scanned PDFs or PDFs with slightly different page sizes. In these cases, the redaction boxes don’t align properly — they either miss the text or appear slightly off (above or below the intended area). It seems like the coordinate mapping doesn't match accurately when the document isn't a standard A4 size or has DPI inconsistencies. Has anyone else encountered this? Any suggestions on: Adjusting for page size or DPI dynamically? Mapping normalized coordinates correctly for scanned PDFs? Appreciate any help or suggestions!
