Recent Discussions
Can IAM permission be given to Service Bus with Local authentication
If I have a Service Bus with queues in it and it has local authentication enabled. Can I give some users (using their on-premises synced account) the "Azure Service Bus Data Receiver" and "Azure Service Bus Data Sender" permission to allow them to see messages in the queue? They have Reader role on the parent Resource group so they can already see the Service Bus but can't access queues. Or IAM permissions won't work if the Service bus has local authentication enabled.
Unable to send pro-active messages to users on Microsoft Teams
I have built an application to send pro-active messages to users on Microsoft Teams. I am using C# Bot Framework SDK. The application is designed to support users from different tenants [Application Type: multi-tenant] and I have tested the same in the past by installing the app to users belonging to a different tenant than that where the Azure Bot Service is hosted and where the App is registered. Please note that the App doesn't require any API permission but just needs to be installed by the user. After the recent changes made by Microsoft on July 31, 2025, I am no longer able to create an Azure Bot Service having App Type as multi-tenant. We plan to publish this application to the Microsoft Teams store. I got to know from the GitHub Issue - https://github.com/OfficeDev/Microsoft-Teams-Samples/issues/1747 that once the application is certified by Microsoft it will be multi-tenant. Therefore, I created the Azure Bot Service and App Registration with App Type as single-tenant as multi-tenant option was no longer available. In the single-tenant configuration, I tested it by installing the application to user belong to the same tenant where the Azure Bot service is hosted and the App is registered. The code started to return an unauthorized exception. Neither I was not able to send out a Welcome Adaptive message card when the Bot application was installed by the user nor I was able to send out a pro-active message to the user. I had raised a question in the Microsoft Learn Question and Answer Forum and was asked by the Moderator to post it as a thread in the Microsoft Tech Community. I have mentioned the details in the question along with the attempts that I made to resolve the issue. Kindly go through the details mentioned in the question - https://learn.microsoft.com/en-us/answers/questions/5565284/unable-to-send-pro-active-messages-to-users-on-mic I’d really appreciate any help or guidance you can provide on resolving this issue. Thank you in advance for your time and support!
End-to-End Confidence in the Cloud A Walkthrough of Azure Playwright Testing (Preview)
If you’ve been using Playwright for your end-to-end testing, you know how powerful it is for browser automation. But running large test suites locally or in CI can be slow, flaky, and resource-hungry. That’s where Azure Playwright Testing (Preview) — also called Microsoft Playwright Testing — comes in. This walkthrough will show you how to go from a plain Playwright project to running tests at scale in the Azure cloud, complete with reporting, debugging, and parallel execution. https://dellenny.com/end-to-end-confidence-in-the-cloud-a-walkthrough-of-azure-playwright-testing-preview/
Green Pixelation in When Resizing RDP Window in Windows App
I'm experiencing an issue with Azure Virtual Desktop running on a Standard NV8as v4 VM. When I resize the RDP window using the Windows App, the session displays green pixelation artifacts, especially during or immediately after the window size change. The VM uses the AMD Radeon Instinct MI25 GPU, and I've tried updating and uninstalling the GPU driver, as well as installing the AmdGpuDriverWindows Extension but the issue persists.
Network Design Ideas for VMs
I am analyzing the current Azure environment at my new job and trying to figure out the architectural choices mostly networking wise. Currently, we have 10 VMs and each VM has its own VNet and they are all in the same region. In my experience so far, I have never seen such network design in Azure before.
Azure Express Route Peering with on Prem Firewall
Is there any way we can have express route peer BGP directly with on Prem Firewall via /29 subnet The firewall has active / standby and VIP. The express route peering require two /30 . if I have an active standby and VIP on the firewall how is that going to work ?How to update the proxyAddresses of a Cloud-only Entra ID user
I currently have a client with an Entra ID user (not migrated from on-premises) that is cloud-based, but has proxyAddresses values assigned. Now, I want to update the proxyAddresses through the Graph Explorer and have used this link as a guide: https://learn.microsoft.com/en-us/answers/questions/2280046/entra-connect-sync-blocking-user-creation-due-to-h. Now this guide is suggesting you can use the BETA model and this URL format... https://graph.microsoft.com/beta/users/%USERGUID% It states you can use that URL to do both 'GET' and 'PATCH' queries - the PATCH query being the one that will change the settings. You have to put forth a body for the proxyAddresses property in the PATCH query, which represents all of the addresses you want the user to utilise as proxy addresses. Now the GET query works... The PATCH query does not... Screenshot provided: Now, regarding the error message, I have applied ALL possible permissions in the 'Modify Permissions' tab. It is still erroring, Now I cannot use Exchange Online PowerShell, as the user does not have a mailbox! Aside from potentially using a license for Exchange Online or provisioning a mailbox for the user, and making the necessary changes, would the only other option be to delete/recreate the user?Azure automation feature, improvements and bugs
This is by no means meant as critic as i love the Azure Automation Account product and its current features but these are thing that i would love to see as an offering/fixed for the future. Source Control (I can only speak for Github as that is what i use): Bugs: Tags being overwritten / removed by source controll both on full sync but also on incremential syncs (Already reported in case #2508010040002105) Features: Runbooks in source control is not being deleted in automation account when they have been deleted in source control. Support for diffrent sync types other than PowerShell 5.1 (Personally we will not consider upgrading to a newer version before there is source control implemented) Support for syncing the full repository instead of only a specific folder. So recursive source control for easier organisation in repositories I know we can setup multiple source control in azure automation but that seems a bit redundant and more maintance as the source control integration expires after 1 year does not matter if your PAT token is set to never expires Add support for syncing synopsis / description for at least PowerShell scripts so it grabs it directly from the given script and inputs it into the description field. Just the output of get-help .\ScriptName.ps1 Logging: Bugs: From time to time we see that logs is being displayed twice after each other so lets say you get the first result of logs. For this example lets say the first 10 entries in the All log page and scroll down further then the same 10 entries are repeated again and again and again this can also be seen by the time stamp of the log entry. (No new network requests for logs is being made so i believe this might be a bug in a javascript without being 100% certain) The most often time we see this bug is when a runbook is still running so it might be the log output stream that messes this up. And just to provide a picture for refrence without exposing anything sensitive the bug can be seen based on timestamps here: PowerShell 7 and above log outputs seems to contain some non escaped ASCI characters which makes the logs harder to read and also makes a log object being split into multiple log entries in Azure automation Log outputs Seems to have been fixed since i last tested Features: Searching for a specific job id in the general job list. Currently there is a work arround by going into a specific runbook - go to jobs - Press "Find job" and then you can lookup a jobid globally but the UI is not being updated correctly as displayed here: Would love to see a button here or be able to search for a jobid Formatting log outputs so you can do multi line output in a single log output entry E.G. "Write-output "New´r´nLine" So the output entry contains multiple lines for easier human readable log outputs Runbook page: Bugs: Searching for runbook names seems a bit buggy as far as i have seen there is 3 diffrent results for the end user Base image intialy looking at all runbooks One option is that it is not able to find a runbook with that name I have not been able to replicate it to get a picture of it. Another is that it displays a list of runbooks none of which matches what you searched for Third is that when you have searched for something and remove your search it does not return the original view Features: Ability to go to a previous job and re-run it/restart it with the same parameters. Think a bit like the way you can restart a github action run Scheduling: Features: More of a feature request but adding the schedule for a runbook directly in the code is awesome. (This is something we currently do by adding a parameter that contains the scheduling information then we have a runbook going over all our runbooks every hour and looking for this parameter and then constructing a schedule if it does not exist and links the runbook to the schedule and finally we also add a tag mentioning If the schedule name is enabled or not (*back to the issue in source control removing the tag*)) Hybrid workers: Features: I personally would love the ability to pause a hybrid worker in a hybrid worker group - Why? - Well we currently have 4 hybrid workers all running windows and have monthly patch windows and if a job hits a hybrid worker that is in patch then the jobs would go into a suspended state and not be picked up again Now we could remove the hybrid worker from the group but that would also remove the extension which would be reinstalled when added and then we would hit this https://learn.microsoft.com/en-us/azure/automation/troubleshoot/extension-based-hybrid-runbook-worker#scenario-runbooks-go-into-a-suspended-state-on-a-hybrid-runbook-worker-when-using-a-custom-account-on-a-server-with-user-account-control-uac-enabled This is an issue we originally started experiencing when we migrated from agent-based hybrid workers to extension based due to the discontinuation of agent-based. Another great reason is when needing to troubleshoot something on a specific hybrid worker or even when needing to update modules on a specific hybrid worker as this can not be done while the hybrid worker is still running jobs unless you use force or hit a time that it is not running or by manually stopping the service and then again end up with suspended jobs that is not being picked up again. Additional features that i personally would love to see as an offering: A front end for azure automation for end users (Think self-service portal) as some kind of add-on feature allowing a specific group of people to start a given runbook but supplying a more user friendly front end for it while also including some more limitations for end user groupings. I know there is already third party solutions for this and tbh I almost created one my self on my last maternity leave but my company chose not to pursue it further as the statement is we have 1 self service platform being servicenow can be viewed https://github.com/Mynster9361/Self-Service-Frontend-Azure-Automation just to give some inspiration if needed RBAC permissions for individual runbooks (as far as i remember this can already be done through cli) A General overview management blade for managing webhooks and the associated runbooks Currently there is no way to know which runbooks has an active / inactive webhook assigned to them as the only way to see this is by going to a runbook go to the webhooks blade and look if there is one or not. Personally i would love to see a blade on the general overview called "Webhooks" that looks similar to this table maybe: RunbookNameExpirationLast triggeredStatusRunbook1 (Clickable to get directly to the runbook)Custom_name_for_this webhook02/01/2022 16:00 EnabledRunbook2webhook211/11/2026 16:00TodayDisabledRunbook3webhook311/11/2027 16:00TodayEnabled Instead of webhook being a gentleman agreemnet on when you can enable and when you shouldn't enable and naming and such you have 1 general overview of all webhooks which would give value in regards to security and easier management of webhooks The things i see as most critical or highest on my wish list: To list 2 things i would like to see sooner rather than later Source control definitely needs to be updated/revamped so it both supports other languages/versions and also does not remove tags. Another thing that would be nice to have is to force it to follow source control so if i delete something that is in source control it is also deleted in azure automation Hybrid workers in maintenance mode so it completes running jobs and you are able to work on the hybrid worker whether it be bugs or just regular updates.Permission/access Audit in Powershell
Hello, im trying to generate a report on "who has access" on all Projects in Azure DevOps I use the following $organization = "RELEVENT NAME" $pat = "APATKEY" $baseUrl = "https://dev.azure.com/$organization/_apis" $APIVersion = "7.0" # Get all projects in the organization $projectsUrl = "$baseUrl/projects?api-version=$APIVersion" $projects = Invoke-RestMethod -Uri $projectsUrl -Method Get -Headers @{Authorization = "Basic $($pat)"} # Loop through each project and get the groups and permissions for each added user foreach ($project in $projects.value) { $projectName = $project.name $projectUrl = "$baseUrl/$projectName/_apis/graph/users?api-version=$APIVersion&direction=2&$top=5000" $addedUsers = Invoke-RestMethod -Uri $projectUrl -Method Get -Headers @{Authorization = "Basic $($pat)"} Write-Host "Project: $projectName" foreach ($user in $addedUsers.value) { $userId = $user.descriptor $userUrl = "$baseUrl/$projectName/_apis/accesscontrolentries?api-version=$APIVersion&identityDescriptor=$userId" $permissions = Invoke-RestMethod -Uri $userUrl -Method Get -Headers @{Authorization = "Basic $($pat)"} $groups = $user.memberOf | Where-Object { $_.subjectKind -eq "Group" } $groups = $groups | ForEach-Object { $_.displayName } $groups = $groups -join ', ' Write-Host "User: $($user.displayName), Groups: $groups" foreach ($permission in $permissions.value) { $permissionName = $permission.displayName Write-Host " Permission: $permissionName" } } Write-Host "" } can any one help me figure out why it returns empty all the time.Import Test Steps via Excel Addin
Hello Together, we use the Excel AddIn (https://learn.microsoft.com/en-us/azure/devops/boards/backlogs/office/bulk-add-modify-work-items-excel?view=azure-devops&tabs=agile-process In this Documentation you can find the following Information: "You can't import or update test case steps or other test artifacts" Actually you can, if you paste the Steps as XML Tags (https://oshamrai.wordpress.com/2019/03/01/azure-devops-services-rest-api-14-create-and-add-test-cases/ So far so good. It works pretty well. I define my TestStep in another Excel Sheet, transform these Steps into the XML Format via VBA Script and Paste it in the Excel Sheet for synchronisation. If i do so, with pasting the plain text directly in the Cell, it automaticly transform these to a text after publishing. In DevOps i got my Test Steps as defined. There is only one Problem: Otherwise, if I paste it not as Text but paste the cell, it stays as XML text after Publishing. The reason seems to be, that the PlugIn or DevOps converts the special Characters like < > " " into "<" """ etc. You only realize this, when you export these TestCases to csv. Thats why it will not detected as TestSteps. The "Paste special" options makes no different. In Case of Import a banch of Testcases via Excel i have to go into every cell an paste the XML String again. Is there any Workaround? (Using the grid view in Test Plans is no option for us) Greetings MircoAzure AI Studio / Azure AI Foundry A Powerful Platform for Generative AI
In recent years, generative AI has moved rapidly from research labs to real-world applications. Microsoft’s offering in this space has evolved to meet demand: Azure AI Studio (also known under the broader banner Azure AI Foundry) is Microsoft’s integrated environment for creating, customizing, deploying, and managing AI models, agents, and applications. This blog explores what Azure AI Studio is, why it matters, what features it offers, its advantages and constraints, and how you might leverage it in your own projects. https://dellenny.com/azure-ai-studio-azure-ai-foundry-a-powerful-platform-for-generative-ai/Generative AI in Azure A Practical Guide to Getting Started
Generative AI has quickly become one of the most transformative technologies in the cloud era, enabling businesses to create content, enhance productivity, and unlock entirely new use cases. With Microsoft Azure’s AI services, developers and organizations can harness powerful generative AI capabilities without the need to build everything from scratch. In this blog, we’ll explore what generative AI in Azure looks like, the key services available, and how you can get started using them in your applications. https://dellenny.com/generative-ai-in-azure-a-practical-guide-to-getting-started/
'appcmd.exe' exited with code '1168' - release error
I'm trying to release my app on Azure DevOps but it is giving me this error on the "IIS Web App Manage" task: - Cannot find SITE object with identifier "SITE". 'appcmd.exe' exited with code '1168'. It is being released to 3 different servers ate the same time and in the other 2 servers it works. Since the last release I made, I didn't change anything in the server. I tried to restart the application pool, restart the server, and to release the old version of the application but it also failed.
Copy Config Db for Azure DevOps to new server?
I currently am migrating our DevOps server to a new location and I have decided to split the projects into different collections due to size and other reasons. My question is can I copy the configuration DB, change the URL and more to make this instance unique and have this running while the old DB is running? I primarily don't want to redo our entire server setup while making this as seemless as I can for our users. Thanks!
Recent Blogs
- The Challenge: Outbound Control in a Serverless World Serverless compute resources run in the serverless compute plane, and is managed by Microsoft, for ease of use. Databricks serverless provides...Sep 25, 2025
- 2 MIN READIntroduction A large enterprise customer set out to build a generative AI application using Azure OpenAI. While the app would be hosted on-premises, the customer wanted to leverage the latest large...Sep 25, 2025
