Recent Discussions
Azure SQL DTU or vCore
Hello everyone, I have a windows server with SQL Server 2016 standard edition which contains 11 databases of various sizes (some of a few gigabytes and others reaching 150Gbytes), the windows server has 4vCore + 16Gbytes of ram and being a test environment we don't have big problems use it with those resources. Taking into account that on that server: 1) few users are connected and only for some days of the week 2) we use SQL Agent service, DB Mail, linked server and integrated authentication in AD (synchronized with AAD) I have looked at the Azure cost calculator but I have doubts (and above all a little confusion!) regarding the type of PaaS service that would be better to use, I would certainly choose serverless but there are two types: SQL Database and SQL Managed instances For Azure SQL Database there is the "Single Database" or "Elastic Pool" typology and for both the purchase model is for DTU or vCore. I would therefore like to have your opinion to understand the best solution to adopt while keeping the costs as low as possible being a test environment. Thank you!
Issue with Hyper-V VM on Tagged VLAN – Traffic Reaches Local Hosts but Not External Networks
Hi everyone, I’m having an issue getting a Hyper-V VM to work correctly when using a tagged VLAN interface. I have a test VM configured with a trunk port and a tagged VLAN. Here is the configuration I’m using: Set-VMNetworkAdapterVlan -VMName "testvlan" -Trunk -NativeVlanId 2 -AllowedVlanIdList "4" The strange part is this: When the VM is on VLAN 4 (tagged), it can reach other resources on the same VLAN as long as those resources are running on the same Hyper-V host. But if the target resource is outside the Hyper-V host, the VM cannot reach it at all. The hardware vendor has already ruled out any issue with the top-of-rack switches interconnecting the hosts. If I reconfigure the VM’s network adapter in access mode on the same VLAN, then all traffic works normally and the VM can reach resources outside the host without any problem. So it seems that traffic leaves the host correctly only when the adapter is in access mode, not when using a trunk with VLAN tagging. Has anyone seen this behavior before or has suggestions on what to check next?
Custom Script Extensions and Session Host Configuration
Currently the Custom Script Extensions functionality definable in the Session Host Configuration only allows to define a script URL. What is the intended mechanism of authentication for this solution? Currently it seems that its only possible to use an anonymous access level Blob. Defining a token within the script URL is not great due to the fact that the URL is viewable in plain text via the Azure Portal. Neither of those will satisfy. CSE configuration by the Session Host Configuration during deployment. Key vault references are used when defining credentials for domain join and local admin accounts for the Session Hosts. Would it be possible to have key vault references for CSE Storage Account Name/Key or SAS token or the possibility to define a Managed Identity instead? These can be defined when deploying the CSEs manually. Please guide me as to what the best solution would be to this topic.
Azure File copy task v4 and later causes 403 error
I've configured a release pipeline in ADO which copies some files to a Storage Account. Using Azure File copy task version 6 consistently fails with a 403 error. RESPONSE Status: 403 This request is not authorized to perform this operation using this permission. After much wasted time checking IP restrictions, checking access and recreating service connections I tried using an earlier version of the task that some other pipelines which do the same thing were using. I found that using version 4 or later of the file copy task causes the issue. Setting the task version to 3 works. Are there any known issues around this?
Issue with AVD User Profile – FSLogix Not Recreating
Hi all, We have a user who has repeatedly reported that their settings and favorites are not loading in AVD. To troubleshoot, we deleted the user’s FSLogix profile from our storage account to allow it to recreate automatically. However, the profile is not being recreated. We are operating in a hybrid environment, and the user is part of a group assigned the Storage File Data SMB Share Elevated Contributor role. From the profile logs, we found the following error: FindFile failed for path: \\<redacted>.file.core.windows.net\userprofiles\<redacted>\Profile*.VHD (Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.) What are some likely causes and additional troubleshooting steps we should take?The November Innovation Challenge Winning Teams!
We run the Innovation Challenge program because we believe the only way we can have the best AI platform for every person and every organization is by having a truly diverse and highly skilled community of developers building AI solutions on Azure. We run the Innovation Challenge program because we are geeks who love a good hackathon. We run the Innovation Challenge program because we get blown away by what our community can do. From our first Innovation Challenge hackathon in June of 2024 to our sixth that just finished in November of 2025, the growth curve is steep! Our judges work with the best development teams in the world, delivering cutting edge AI solutions. But even with our front row view of things, we are amazed by what can be done today when ad hoc teams come together, despite limited resources and tight deadlines. Participants were asked to choose one of these real world use cases. Auto-resolve Service Desk: Create a multi agent service desk experience that reduces wait times and backlog while earning trust through safe automation, transparency, and graceful escalation. Civic Chat: Build an intelligent civic engagement platform that enables communities to access local government information, participate in discussions, and receive personalized updates using Azure AI services. Customer Personalization Orchestrator: Build a team of agents that segments customers, retrieves product content, creates message variants, and executes A/B/n experiments, with safety checks for content and proof of uplift. This time around there were 76 projects from over 300 participants representing more than a dozen organizations in the program. The winners chosen by the judges came from Código Facilito, DIO, GenSpark, Project Blue Mountain, and Women in Cloud. First place $10,000 AgroHelpdesk: an intelligent service desk for agribusiness that uses a coordinated set of AI agents Second place $5,000 CivicUtopia: an intelligent and inclusive civic engagement platform designed to streamline how citizens interact with their local governments and political landscape. Multi-Agent Service Desk for Education: Large educational institutions struggle with repetitive service desk requests—password resets, course enrollment inquiries, transcript requests, and more. This solution intelligently resolves routine cases while escalating only the complex ones to human staff. Third place $2,500 ResolveIQ: an intelligent helpdesk solution that uses autonomous AI agents, advanced orchestration, and Azure cognitive services to revolutionize customer support and internal assistance. ChainReach AI: multi-agent system that automatically personalizes marketing campaigns at scale CivicChat (D.C.) : a multilingual, AI-powered civic engagement assistant designed to make government information accessible, trustworthy, and easy to understand Tune into Microsoft DevRadio over the next couple weeks to meet these teams!CMK and Customer Certificate support for TDE - Azure SQL PAAS
hi experts, I need bit of clarity as both CMK is supported for Azure SQL TDE ( Server and DB ) and also Certificate for protecting the DEK. How these 2 concepts are different in protecting the DEK in Azure SQL PaaS. CMK - https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql-mi Certificate - https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-ver16 Does it mean I can protect the DEK with both Custom Customer Certificate as well as CMKs ? Thank youAzure SQL Database : Can I use same primary key column and foreign key column for multiple tables?
CREATE TABLE Table1( PRIMARY KEY (Table1ID), Column2 int ); CREATE TABLE Table2( PRIMARY KEY (Table1ID), Column2 int, FOREIGN KEY (Table1ID) REFERENCES Table1(Table1ID) ); CREATE TABLE Table3( PRIMARY KEY (Table1ID), Column2 int, FOREIGN KEY (Table1ID) REFERENCES Table1(Table1ID) );Can anyone attest to the accuracy of an Azure Migrate Business Case?
Hello! I've only created a business case in a simple lab environment using 5 on-prem Hyper-V servers. (SmartHotelHost lab from Github) The business case export explains that I'll be saving over $100K annually once fully migrated into Azure after multiple years. (It's only 5 servers!) That said, I've been reluctant to suggest the Business Case tool and steer clients toward the Azure Migrate Assessment and Azure Pricing Calculator which have proven to be reliable tools. Anyone have any experience with the business case? Was it accurate? Thanks a bunch! Rich
Need a new feature in WAF v2 custom rule to process IPv6 address
I have created a custom rule to allow traffic based on the Geo Location. The rule was designed to check the location of the actual client IP coming in the Request Header and deny if it is from non-UK region. This rule blocked genuine request from UK region since the client IP was an IPv6 address. WAF custom rule has a limitation of processing IPv6 address. https://learn.microsoft.com/en-us/azure/application-gateway/ipv6-application-gateway-portal#limitations Need this feature of processing IPv6 address in WAF custom rule.Azure support team not responding to support request
I am posting here because I have not received a response to my support request despite my plan stating that I should hear back within 8 hours. It has now gone a day beyond that limit, and I am still waiting for assistance with this urgent matter. This issue is critical for my operations, and the delay is unacceptable. The ticket/reference number for my original support request was 2410100040000309. And I have created a brand new service request with ID 2412160040010160. I need this addressed immediately.Azure Logic App workflow (Standard) Resubmit and Retry
Hello Experts, A workflow is scheduled to run daily at a specific time and retrieves data from different systems using REST API Calls (8-9). The data is then sent to another system through API calls using multiple child flows. We receive more than 1500 input data, and for each data, an API call needs to be made. During the API invocation process, there is a possibility of failure due to server errors (5xx) and client errors (4xx). To handle this, we have implemented a "Retry" mechanism with a fixed interval. However, there is still a chance of flow failure due to various reasons. Although there is a "Resubmit" feature available at the action level, I cannot apply it in this case because we are using multiple child workflows and the response is sent back from one flow to another. Is it necessary to utilize the "Resubmit" functionality? The Retry Functionality has been developed to handle any Server API errors (5xx) that may occur with Connectors (both Custom and Standard), including client API errors 408 and 429. In this specific scenario, it is reasonable to attempt retrying or resubmitting the API Call from the Azure Logic Apps workflow. Nevertheless, there are other situations where implementing the retry and resubmit logic would result in the same error outcome. Is it acceptable to proceed with the Retry functionality in this particular scenario? It would be highly appreciated if you could provide guidance on the appropriate methodology. Thanks -SriApplying DevOps Principles on Lean Infrastructure. Lessons From Scaling to 102K Users.
Hi Azure Community, I'm a Microsoft Certified DevOps Engineer, and I want to share an unusual journey. I have been applying DevOps principles on traditional VPS infrastructure to scale to 102,000 users with 99.2% uptime. Why am I posting this in an Azure community? Because I'm planning migration to Azure in 2026, and I want to understand: What mistakes am I already making that will bite me during migration? THE CURRENT SETUP Platform: Social commerce (West Africa) Users: 102,000 active Monthly events: 2 million Uptime: 99.2% Infrastructure: Single VPS Stack: PHP/Laravel, MySQL, Redis Yes - one VPS. No cloud. No Kubernetes. No microservices. WHY I HAVEN'T USED AZURE YET Honest answer: Budget constraints in emerging market startup ecosystem. At our current scale, fully managed Azure services would significantly increase monthly burn before product-market expansion. The funding we raised needs to last through growth milestones. The trade: I manually optimize what Azure would auto-scale. I debug what Application Insights would catch. I do by hand what Azure Functions would automate. DEVOPS PRACTICES THAT KEPT US RUNNING Even on single-server infrastructure, core DevOps principles still apply: CI/CD Pipeline (GitHub Actions) • 3-5 deployments weekly • Zero-downtime deploys • Automated rollback on health check failures • Feature flags for gradual rollouts Monitoring & Observability • Custom monitoring (would love Application Insights) • Real-time alerting • Performance tracking and slow query detection • Resource usage monitoring Automation • Automated backups • Automated database optimization • Automated image compression • Automated security updates Infrastructure as Code • Configs in Git • Deployment scripts • Environment variables • Documented procedures Testing & Quality • Automated test suite • Pre-deployment health checks • Staging environment • Post-deployment verification KEY OPTIMIZATIONS Async Job Processing • Upload endpoint: 8 seconds → 340ms • 4x capacity increase Database Optimization • Feed loading: 6.4 seconds → 280ms • Strategic caching • Batch processing Image Compression • 3-8MB → 180KB (94% reduction) • Critical for mobile users Caching Strategy • Redis for hot data • Query result caching • Smart invalidation Progressive Enhancement • Server-rendered pages • 2-3 second loads on 4G WHAT I'M WORRIED ABOUT FOR AZURE MIGRATION This is where I need your help: Architecture Decisions • App Service vs Functions + managed services? • MySQL vs Azure SQL? • When does cost/benefit flip for managed services? Cost Management • How do startups manage Azure costs during growth? • Reserved instances vs pay-as-you-go? • Which Azure services are worth the premium? Migration Strategy • Lift-and-shift first, or re-architect immediately? • Zero-downtime migration with 102K active users? • Validation approach before full cutover? Monitoring & DevOps • Application Insights - worth it from day one? • Azure DevOps vs GitHub Actions for Azure deployments? • Operational burden reduction with managed services? Development Workflow • Local development against Azure services? • Cost-effective staging environments? • Testing Azure features without constant bills? MY PLANNED MIGRATION PATH Phase 1: Hybrid (Q1 2026) • Azure CDN for static assets • Azure Blob Storage for images • Application Insights trial • Keep compute on VPS Phase 2: Compute Migration (Q2 2026) • App Service for API • Azure Database for MySQL • Azure Cache for Redis • VPS for background jobs Phase 3: Full Azure (Q3 2026) • Azure Functions for processing • Full managed services • Retire VPS QUESTIONS FOR THIS COMMUNITY Question 1: Am I making migration harder by waiting? Should I have started with Azure at higher cost to avoid technical debt? Question 2: What will break when I migrate? What works on VPS but fails in cloud? What assumptions won't hold? Question 3: How do I validate before cutting over? Parallel infrastructure? Gradual traffic shift? Safe patterns? Question 4: Cost optimization from day one? What to optimize immediately vs later? Common cost mistakes? Question 5: DevOps practices that transfer? What stays the same? What needs rethinking for cloud-native? THE BIGGER QUESTION Have you migrated from self-hosted to Azure? What surprised you? I know my setup isn't best practice by Azure standards. But it's working, and I've learned optimization, monitoring, and DevOps fundamentals in practice. Will those lessons transfer? Or am I building habits that cloud will expose as problematic? Looking forward to insights from folks who've made similar migrations. --- About the Author: Microsoft Certified DevOps Engineer and Azure Developer. CTO at social commerce platform scaling in West Africa. Preparing for phased Azure migration in 2026. P.S. I got the Azure certifications to prepare for this migration. Now I need real-world wisdom from people who've actually done it!How to Restrict Subscription in Azure Application Gateway Private Link Shared with Another tenant
Hello Team, We are currently facing a challenge with implementing cross-subscription private link connections in Azure, specifically subscription restriction and auto-approval features. We have a managed service running inside AKS and are utilizing an application gateway for it. Our goal is to leverage the private link feature available in the application gateway, allowing Azure customers from other tenants to securely connect to it as a private endpoint. However, we require to restrict access to only allowed subscriptions for this resource ID and enable auto-approval for private endpoint connections from those specified subscriptions. We have explored Azure Policy as a solution, but unfortunately, we have not been successful in finding a suitable policy definition that meets our needs. We attempted to utilize the policy definition available at http://prevent-cross-subscription-private-link-azurepolicy.json which aims to prevent cross-subscription private link connections. Despite our efforts, it appears that this policy did not effectively achieve the desired outcome. Currently, anyone can use the resource ID and establish a private endpoint connection, which is not aligned with our security requirements. Therefore, we kindly request your assistance in reviewing our current approach and providing guidance on how we can enforce subscription restrictions and enable auto-approval for private endpoint connections from specific subscriptions only. Any insights, recommendations, or alternative solutions you can offer would be greatly appreciated.docker - Azure Container Instance - how to make my container accesable and recognized from outside?
I have windows container which should access to external VM database (that is not in container, lets say VM1) so I would define for them l2bridge network driver in order to use the same Virtual Network. docker network create -d "l2bridge" --subnet 10.244.0.0/24 --gateway 10.244.0.1 -o com.docker.network.windowsshim.vlanid=7 -o com.docker.network.windowsshim.dnsservers="10.244.0.7" my_transparent So I suppose we need to stick on this definitely. But now as well I need to make my container accessible from outside, on port 9000, from other containers as well as from other VMs. I suppose this has to be done based on its name (host name) since IP will be changed after the each restart. How I should make my container accessible from some other VM2 virtual machine - Should I do any modifications within the network configuration? Or I just to make sure they are both using the same DNS server? Of course I will do the expose of the port, but should I do any kind of additional network configuration in order to allow traffic on that specific port? I've read that by default network traffic is not allowed and that Windows may block some thing. I will appreciate help on this. ThanksIKEv2 and Windows 10/11 drops connectivity but stays connected in Windows
I’ve seen this with 2 different customers using IKEv2 User VPNs (virtual wan) and Point to Site gateways in hub and spoke whereby using the VPN in a Always On configuration (device and user tunnel) that after a specific amount of time (56 minutes) the IKEv2 connection will drop the tunnel but stay connected in Windows. To restore the connection, you just reconnect. has anyone else had a similar experience? I’ve seen the issue with ExpressRoute and with/without Azure firewalls in the topology too.
Outlook 365 Organization Chart not working with Azure Manager
I was hoping someone could help me because I couldn't find the information online. I am getting this message when I click on the Organization tab in the user details from the Outlook 365 "see more..." I get this message: "We don't have the details to show the organization chart for [Name of Person]. Organization details are provided by your admin or human resources department." I have updated their profile in Azure and selected their manager. For some reason on my desktop outlook application, it is showing the organization chart, but not titles. I am not sure why this is happening. I would appreciate any help! Thank you so very much!Remote Desktop Windows App Not able to Launch Application
Hey Everyone, We are deploying a POC / Build out of AVD in my companies environment. And all was going well. Until we were required to pass the CIS Benchmark for Security. Something in there has broken our environment in a strange way. We have an issue where Remote Apps will launch, but then get stuck at Preparing windows. The screen freezes for the user at preparing Windows, but as far as we can tell, the users connection is successful, the remote app launches on the VM itself, but from the Remote Desktop Client, the user is stuck on the blue logon screen. The User can even send a CTRL Alt Delete function which they can use to Lock the Computer, then they can unlock it, but it takes them straight back to the same stuck preparing windows screen. Its as if its never able to present the application. We have confirmed that this issue has occured due to GPO. Specifically it was GPO that was created based on the CIS Benchmarking Tool. So some security setting we have implemented has caused this isssue. Screenshot is of all the services that we disabled as part of the GPO but it may not be that, as CIS reccomendations were quite large and contained a lot of settings. Any ideas what I might be missing. Another interesting point is that remote apps launch fine on the Web version of AVD, and on IOS the apps launch no worries. So it is limited to the Windows version of the Remote desktop client. Any ideas would be greatly appreciated, other wise we are stuck with removing these rules one by one to try find the culprit which could take weeks. I have attached the list of rules we implemented as part of the benchmarking. Any help will earn my forever love and gratitude!!! Since AVD is so new, and even a quick name change has got me struggling with scouring the internet for anyone else experiencing this issue.
Recent Blogs
- Announcing private preview support for Azure Managed Prometheus on VM/VMSS, enabling unified monitoring with GPU, InfiniBand, and node-level metrics for HPC workloads.Dec 11, 2025
- Introduction Data migration is critical, yet it is one of the most complex tasks in any cloud adoption journey. Whether you’re moving workloads from on-premises environments, consolidating hybrid d...Dec 11, 2025
