Forum Widgets
Latest Discussions
Cloud-Native vs. Hybrid for the 2026 Workplace
When to choose Cloud-Native vs. Hybrid for the 2026 Workplace? Hi everyone, I am starting a discussion on the foundational phase of one project. As a Computer Engineer, I believe the most critical decision we face in 2026 is determining exactly when to step to a Full Cloud model versus maintaining a Hybrid Infrastructure. In my view, the decision is not about cost, it is about resiliency, high availability and more avalability. I would like to exchange views with other engineers on these area: latency, edge requirements, integration and aglility. In your experience, what are the Tipps that makes you choose one over the other for a 2026 environment? I'm looking for technical architectural insights, not sales approaches.
Azure Automation Hybrid Runbook Worker Supported OS
Hi everyone, we are currently in the process of updating or environment to Server 2025. Since the mainstream support of Server 2022 ends October this year, we would also like to update our on-premise Azure Automation Hybrid Runbook Worker from 2022 to 2025. As far as I can see from the https://learn.microsoft.com/en-us/azure/automation/extension-based-hybrid-runbook-worker-install?tabs=windows%2Cps#supported-operating-systems, OS is only supported up to Server 2022, but not Server 2025. Since the mainstream support end is closing in, is there any information on official support for Server 2025 for Azure Automation HRWs? Do you already have one successfully running with Server 2025? Thanks!Patterns for low-code Azure config state snapshot + recovery solution for resource groups
I’m looking for patterns that capture resource configuration changes over time and support best-effort recovery (redeployment) of resource config state. I understand that authoritative IaC (Bicep) would be the most mature option, however, I am wondering if anyone has ever implemented a solution similar to what I have described above. Ideally this would be a low-code, Azure native solution.
MFA required for Global Admin without Conditional Access or PIM enforcement
Hi, I'm analyzing a break-glass account scenario in Microsoft Entra ID and would like to validate a behavior I'm observing. The account: Has Global Administrator role (permanent assignment) Is excluded from all Conditional Access policies (fully validated) Is excluded from Authentication Methods policies and MFA Registration Campaign (fully validated) Has no per-user MFA enabled (disabled) PIM is not enforcing MFA (role is permanently active, no activation required) Security Defaults are disabled SSPR is not enforcing MFA All configurable sources that could require MFA have been reviewed and fully ruled out. However, when signing into Microsoft Admin Portals (Entra/Azure), MFA is still required and cannot be skipped. In Sign-in logs: Conditional Access → Not Applied Authentication Details show: "MFA required in Azure AD" "App requires multifactor authentication" Additionally, there is a Microsoft-managed policy: "Multifactor authentication for admins accessing Microsoft Admin Portals" but it is in Report-only mode. Question: Is Microsoft Entra ID enforcing MFA automatically for privileged roles (like Global Administrator) in admin portals, even when no Conditional Access or PIM policy requires it? And if so, is there any supported way to fully exclude a break-glass account from this behavior? Thanks in advance.
Using Github Copilot from Azure Subscription
Hello, I have a question on how GitHub Copilot can be accessed and managed through an Azure subscription. If I am getting a Github Copilot license, how is my azure subscription getting linked to the billing and licensing? Specifically, I would like clarification on how the Azure subscription is linked to GitHub Copilot billing and licensing.
Sign in to Azure DevOps
The https://dev.azure.com URL redirects to the landing page for the Azure DevOps product. I used to promote this as an URL to use to login to the product. Since this year the page is missing the "Already have an account? Sing in to Azure DevOps" link. As far as I can see there is no way to login to Azure DevOps trough this interface now. There is the usual "sing in" in the top right, which will redirect you to the azure portal (or at least for me it does). How are we supposed to login to Azure DevOps? Old login:
Azure Artifact Signing: SignTool "Access is denied" with active Public Trust profile
I’m blocked on Azure Artifact Signing for Windows EXE signing. What is already confirmed: - Account endpoint: https://wus2.codesigning.azure.net/ - Code signing account: notarios - Certificate profile: notarios-public-trust (Public Trust, Active) - Identity validation: Completed - User object id: 9aa27294-c04d-4aab-a7b2-3a8b10be96f9 - RBAC includes: - Artifact Signing Identity Verifier - Artifact Signing Certificate Profile Signer (also assigned at certificate profile scope) Signing command (signtool 10.0.26100.0 x64 + dlib): ... sign /v /debug /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 /dlib "<...>\\Azure.CodeSigning.Dlib.dll" /dmdf "C:\temp\metadata-corr.json" "C:\temp\notarial-app-test.exe" Error every time: - SignTool Error: Access is denied. - Number of files successfully Signed: 0 I also tested Azure CLI auth and explicit AccessToken in metadata; same result. CorrelationId for troubleshooting: - notarios-20260425-1859 If anyone from Microsoft can check backend logs for that CorrelationId, I’d appreciate the exact reason and remediation.Legacy SSRS reports after upgrading Azure DevOps Server 2020 to 2022 or 25H2
We are currently planning an upgrade from Azure DevOps Server 2020 to Azure DevOps Server 2022 or 25H2, and one of our biggest concerns is reporting. We understand that Microsoft’s recommended direction is to move to Power BI based on Analytics / OData. However, for on-prem environments with a large number of existing SSRS reports, rebuilding everything from scratch would require significant time and effort. Since Warehouse and Analysis Services are no longer available in newer versions, we would like to understand how other on-prem teams are handling legacy SSRS reporting during and after the upgrade. Have you rebuilt your reports in Power BI, moved to another reporting approach, or found a practical way to keep existing SSRS reports available during the transition? Any real-world experience, lessons learned, or recommended approaches would be greatly appreciated.Azure RBAC Custom Role Best Practices or Common Build Patterns
As a platform admin, I want to grant application admins Contributor access while removing their ability to write or delete most Microsoft.Network resource types, with a few exceptions such as Private Endpoints, Network Interfaces, and Application Gateways. Based on the effective control plane permissions logic, we designed two custom roles. The first role is a duplicate of the Contributor role, but with Microsoft.Network//Write and Microsoft.Network//Delete added to notActions. The second role adds back specific Microsoft.Network operations using wildcarded resource types, such as Microsoft.Network/networkInterfaces/*. Application Admin Effective Permissions = Role 1 (Contributor - Microsoft.Network) + Role 2 (for example, Microsoft.Network/networkInterfaces/, Microsoft.Network/networkSecurityGroups/, Microsoft.Network/applicationGateways/write, etc.) I understand that Microsoft RBAC best practices recommend avoiding wildcard (*) operations. However, my team has found that building roles with individual operations is extremely tedious and time-consuming, especially when trying to understand the impact of each operation. Does anyone have suggestions for a simpler or more maintainable pattern for implementing this type of custom RBAC design?
Copy an Epic with all child work items
Is it possible to copy an Epic with all child work items - i.e., User stories and tasks in addition to the Features? Reason is that we have several Epics with the same structure of Features with its subitems/child work items > User stories > Tasks. I’m able to utilize “Create copy of work items” at several levels and copy the levels child work items – however I would like to create a template with all levels: Epic > Features > User stories > Tasks. Is that possible, and if so how?
