Forum Widgets
Latest Discussions
Slow response times in different regions
I have a website which is primarily for people in Asia and uses Front Door. Microsoft say that content served through Front Door is hosted in POPs all over the world but Grafana checks show consistently bad performance in Asia. The London ping response times are consistently low from London but around 150ms from Singapore, frequently spiking to over 500ms. While London is closer to where the origin is hosted, I wouldn't expect pings to go to the origin but be handled by Front Door? Is there any way I can verify that the site is being propagated to regional POPs in the APAC area?
Team Foundation Server 2018 Data is Null
Hi All, I am trying to configure Team Foundation Server 2018 with SQL server but i am getting an error at readiness check validation " TF255407: An error occurred while attempting to validate the configuration database. Error message: Data is Null. This method or property cannot be called on Null values." I already have TFS setup running on one of the server which is currently live and its working fine. I want to setup one more server to test the backup of TFS data, so for that i have installed same version of TFS i.e. 2018 and SQL server 2016. Below are all the activities which i have performed. Running TFS Instance Details. TFS Version: 2018 SQL Server: 2016 SP1 OS: Windows server 2019 TFS DB's: Tfs_Configuration: 1.5 GB Tfs_Projects: 48 GB Tfs_Products: 24 GB Tfs_AppDevelopment: 29 GB Tfs_Migration: 7 GB New Server Details. TFS Version: 2018 SQL Server: 2016 SP1 OS: Windows server 2016 All above db backups i have restored on new server. Installed TFS 2018 and when trying to configure i am selecting existing deployment. Regards Imran Shaikh
Missing equivalent for Python MemorySearchTool and AgentMemorySettings in C# SDK
Hi Team, I am currently working with the Azure AI Foundry Agent Service (preview). I’ve been reviewing the documentation for managed long-term memory, specifically the "Automatic User Memory" features demonstrated in the Python SDK here: https://learn.microsoft.com/en-us/azure/ai-foundry/agents/how-to/memory-usage?view=foundry&tabs=python. In Python, it is very straightforward to attach a MemorySearchTool to an agent and use AgentMemorySettings(scope="user_123") during a run. This allows the service to automatically extract, consolidate, and retrieve memories without manual intervention. However, in the https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/ai/Azure.AI.Projects#memory-store-operations, I only see the low-level MemoryStoreClient which appears to require manual CRUD operations on memory items. My Questions: Is there an equivalent high-level AgentMemorySearchTool or similar abstraction in the current C# NuGet package (Azure.AI.Projects) that handles automatic extraction and retrieval? If not currently available, is this feature on the immediate roadmap for the .NET SDK? Are there any samples showing how to achieve "automatic" memory (where the Agent extracts facts itself) using the C# SDK without having to build a custom orchestration layer or call REST APIs directly? Any guidance on the timeline for feature parity between the Python and .NET SDKs regarding Agent Memory would be greatly appreciated. SDK Version: Azure.AI.Projects 1.2.0-beta.5
How to Fix Azure Event Grid Entra Authentication issue for ACS and Dynamics 365 integrated Webhooks
Introduction: Azure Event Grid is a powerful event routing service that enables event-driven architectures in Azure. When delivering events to webhook endpoints, security becomes paramount. Microsoft provides a secure webhook delivery mechanism using Microsoft Entra ID (formerly Azure Active Directory) authentication through the AzureEventGridSecureWebhookSubscriber role. Problem Statement: When integrating Azure Communication Services with Dynamics 365 Contact Center using Microsoft Entra ID-authenticated Event Grid webhooks, the Event Grid subscription deployment fails with an error: "HTTP POST request failed with unknown error code" with empty HTTP status and code. For example: Important Note: Before moving forward, please verify that you have the Owner role assigned on app to create event subscription. Refer to the Microsoft guidelines below to validate the required prerequisites before proceeding: Set up incoming calls, call recording, and SMS services | Microsoft Learn Why This Happens: This happens because AzureEventGridSecureWebhookSubscriber role is NOT properly configured on Microsoft EventGrid SP (Service Principal) and event subscription entra ID or application who is trying to create event grid subscription. What is AzureEventGridSecureWebhookSubscriber Role: The AzureEventGridSecureWebhookSubscriber is an Azure Entra application role that: Enables your application to verify the identity of event senders Allows specific users/applications to create event subscriptions Authorizes Event Grid to deliver events to your webhook How It Works: Role Creation: You create this app role in your destination webhook application's Azure Entra registration Role Assignment: You assign this role to: Microsoft Event Grid service principal (so it can deliver events) Either Entra ID / Entra User or Event subscription creator applications (so they can create event grid subscriptions) Token Validation: When Event Grid delivers events, it includes an Azure Entra token with this role claim Authorization Check: Your webhook validates the token and checks for the role Key Participants: Webhook Application (Your App) Purpose: Receives and processes events App Registration: Created in Azure Entra Contains: The AzureEventGridSecureWebhookSubscriber app role Validates: Incoming tokens from Event Grid Microsoft Event Grid Service Principal Purpose: Delivers events to webhooks App ID: Different per Azure cloud (Public, Government, etc.) Public Azure: 4962773b-9cdb-44cf-a8bf-237846a00ab7 Needs: AzureEventGridSecureWebhookSubscriber role assigned Event Subscription Creator Entra or Application Purpose: Creates event subscriptions Could be: You, Your deployment pipeline, admin tool, or another application Needs: AzureEventGridSecureWebhookSubscriber role assigned Although the full PowerShell script is documented in the below Event Grid documentation, it may be complex to interpret and troubleshoot. Azure PowerShell - Secure WebHook delivery with Microsoft Entra Application in Azure Event Grid - Azure Event Grid | Microsoft Learn To improve accessibility, the following section provides a simplified step-by-step tested solution along with verification steps suitable for all users including non-technical: Steps: STEP 1: Verify/Create Microsoft.EventGrid Service Principal Azure Portal → Microsoft Entra ID → Enterprise applications Change filter to Application type: Microsoft Applications Search for: Microsoft.EventGrid Ideally, your Azure subscription should include this application ID, which is common across all Azure subscriptions: 4962773b-9cdb-44cf-a8bf-237846a00ab7. If this application ID is not present, please contact your Azure Cloud Administrator. STEP 2: Create the App Role "AzureEventGridSecureWebhookSubscriber" Using Azure Portal: Navigate to your Webhook App Registration: Azure Portal → Microsoft Entra ID → App registrations Click All applications Find your app by searching OR use the Object ID you have Click on your app Create the App Role: Display name: AzureEventGridSecureWebhookSubscriber Allowed member types: Both (Users/Groups + Applications) Value: AzureEventGridSecureWebhookSubscriber Description: Azure Event Grid Role Do you want to enable this app role?: Yes In left menu, click App roles Click + Create app role Fill in the form: Click Apply STEP 3: Assign YOUR USER to the Role Using Azure Portal: Switch to Enterprise Application view: Azure Portal → Microsoft Entra ID → Enterprise applications Search for your webhook app (by name) Click on it Assign yourself: In left menu, click Users and groups Click + Add user/group Under Users, click None Selected Search for your user account (use your email) Select yourself Click Select Under Select a role, click None Selected Select AzureEventGridSecureWebhookSubscriber Click Select Click Assign STEP 4: Assign Microsoft.EventGrid Service Principal to the Role This step MUST be done via PowerShell or Azure CLI (Portal doesn't support this directly as we have seen) so PowerShell is recommended You will need to execute this step with the help of your Entra admin. # Connect to Microsoft Graph Connect-MgGraph -Scopes "AppRoleAssignment.ReadWrite.All" # Replace this with your webhook app's Application (client) ID $webhookAppId = "YOUR-WEBHOOK-APP-ID-HERE" #starting with c5 # Get your webhook app's service principal $webhookSP = Get-MgServicePrincipal -Filter "appId eq '$webhookAppId'" Write-Host " Found webhook app: $($webhookSP.DisplayName)" # Get Event Grid service principal $eventGridSP = Get-MgServicePrincipal -Filter "appId eq '4962773b-9cdb-44cf-a8bf-237846a00ab7'" Write-Host " Found Event Grid service principal" # Get the app role $appRole = $webhookSP.AppRoles | Where-Object {$_.Value -eq "AzureEventGridSecureWebhookSubscriber"} Write-Host " Found app role: $($appRole.DisplayName)" # Create the assignment New-MgServicePrincipalAppRoleAssignment ` -ServicePrincipalId $eventGridSP.Id ` -PrincipalId $eventGridSP.Id ` -ResourceId $webhookSP.Id ` -AppRoleId $appRole.Id Write-Host "Successfully assigned Event Grid to your webhook app!" Verification Steps: Verify the App Role was created: Your App Registration → App roles You should see: AzureEventGridSecureWebhookSubscriber Verify your user assignment: Enterprise application (your webhook app) → Users and groups You should see your user with role AzureEventGridSecureWebhookSubscriber Verify Event Grid assignment: Same location → Users and groups You should see Microsoft.EventGrid with role AzureEventGridSecureWebhookSubscriber Sample Flow: Analogy For Simplification: Lets think it similar to the construction site bulding where you are the owner of the building. Building = Azure Entra app (webhook app) Building (Azure Entra App Registration for Webhook) ├─ Building Name: "MyWebhook-App" ├─ Building Address: Application ID ├─ Building Owner: You ├─ Security System: App Roles (the security badges you create) └─ Security Team: Azure Entra and your actual webhook auth code (which validates tokens) like doorman Step 1: Creat the badge (App role) You (the building owner) create a special badge: - Badge name: "AzureEventGridSecureWebhookSubscriber" - Badge color: Let's say it's GOLD - Who can have it: Companies (Applications) and People (Users) This badge is stored in your building's system (Webhook App Registration) Step 2: Give badge to the Event Grid Service: Event Grid: "Hey, I need to deliver messages to your building" You: "Okay, here's a GOLD badge for your SP" Event Grid: *wears the badge* Now Event Grid can: - Show the badge to Azure Entra - Get tokens that say "I have the GOLD badge" - Deliver messages to your webhook Step 3: Give badge to yourself (or your deployment tool) You also need a GOLD badge because: - You want to create event grid event subscriptions - Entra checks: "Does this person have a GOLD badge?" - If yes: You can create subscriptions - If no: "Access denied" Your deployment pipeline also gets a GOLD badge: - So it can automatically set up event subscriptions during CI/CD deployments Disclaimer: The sample scripts provided in this article are provided AS IS without warranty of any kind. The author is not responsible for any issues, damages, or problems that may arise from using these scripts. Users should thoroughly test any implementation in their environment before deploying to production. Azure services and APIs may change over time, which could affect the functionality of the provided scripts. Always refer to the latest Azure documentation for the most up-to-date information. Thanks for reading this blog! I hope you found it helpful and informative for this specific integration use case 😀
Sign in to Azure DevOps
The https://dev.azure.com URL redirects to the landing page for the Azure DevOps product. I used to promote this as an URL to use to login to the product. Since this year the page is missing the "Already have an account? Sing in to Azure DevOps" link. As far as I can see there is no way to login to Azure DevOps trough this interface now. There is the usual "sing in" in the top right, which will redirect you to the azure portal (or at least for me it does). How are we supposed to login to Azure DevOps? Old login:[Urgent]: Locked out of Azure Portal - GitHub Login Loop & Authenticator 6-digit vs 8-digit Mismatch
I am writing this out of frustration as I have been locked out of my Azure web portal (azure.com) for a long time. I normally log in via GitHub, but something seems to have changed regarding the admin settings or 2FA requirements. I am now stuck at the Microsoft Authenticator verification step. The major issue is that my Authenticator app shows an 8-digit PIN, but the Azure login screen requires a 6-digit PIN. I also do not receive any push notifications/pop-ups on my phone, despite being logged into the correct account in the app. Key Details: This is a personal account. My login works perfectly on accounts.microsoft.com and the Azure Mobile App. I cannot use the web portal, which is preventing me from managing my servers. I have a VM that frequently runs out of memory (OOM) and needs an immediate upgrade and a new IP address—tasks I cannot do from the mobile app. I cannot open a support ticket because I can't log in. I contacted pre-sales support two months ago; they promised an engineer would email me within 7 days, but I never heard back. Please help me regain access to my account.Unable to delete Foundry Agent identity Entra app in Azure
I'm trying to delete an Entra app in Azure created by Foundry Agent identity blueprint as its currently unused and is causing EntraID hygiene alerts. However getting an error mentioning that delete is not supported. Is there any other way to delete an unused Entra app for an agent identity blueprint? Error detail: Agent Blueprints are not supported on the API version used in this request.Learn about Pulumi on Azure Thurs Aug 12 on LearnTV
AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It's a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on Microsoft LearnTV and learn more about Azure. When: August 12, 2021 11 AM Pacific / 2 PM Eastern Where: Microsoft LearnTV Agnostic tools for building your cloud infrastructure can be incredibly helpful to provide a strategy that looks beyond one single cloud. There are many alternatives in the market to using native tooling for your cloud provider or handle the work manually. Each of these "Infrastructure as Code" tools brings you the tools to deploy anywhere, anytime with the reliability and consistency you expect. You can use programming languages you might already know such as Node.js, Python, Go, and .NET and use standard constructs like loops and conditionals. Pulumi allows you to build, deploy, and manage modern cloud applications and infrastructure using familiar languages, tools, and engineering practices. With a tool like Pulumi you can build your architecture required for your IT operations to nearly 50 different cloud providers. If you also need on-prem or hybrid environments configured, Pulumi has you covered. Installing Pulumi just takes a few commands on your local environment. Pulumi uses different providers to support the various cloud services you may need. If Azure is your cloud of choice you can provision any of the services via Azure Resource Manager (ARM). The Azure provider must be configured with credentials to deploy and update resources in Azure. This can be done by either using the Azure CLI or by creating an Azure Active Directory Service Principal. To help me understand how to start working with Pulumi, I've reached out to one of my favorite people from the world of DevOps, Principal Developer Advocate at Pulumi, Matty Stratton. Matt Stratton is a Staff Developer Advocate at Pulumi, founder and co-host of the popular Arrested DevOps podcast, and the global chair of the DevOpsDays set of conferences. Matt has over 20 years of experience in IT operations and is a sought-after speaker internationally, presenting at Agile, DevOps, and cloud engineering focused events worldwide. Demonstrating his keen insight into the changing landscape of technology, he recently changed his license plate from DEVOPS to KUBECTL . He lives in Chicago and has three awesome kids, whom he loves just a little bit more than he loves Diet Coke. Matt is the keeper of the Thought Leaderboard for the DevOps Party Games online game show and you can find him on Twitter at @mattstratton. We will work together to learn how to get started, how to use the programming language you may already know, and find out if Pulumi for your Azure deployments is right for you. Here's our planned agenda for our show on LearnTV: Why bother writing automation code anyway I'm a developer. why do I can about infrastructure automation? I'm an ops person. Why should I write code? Why Pulumi when there are other tools and stuff already? We'll answer these questions and more this Thursday, August 12, 2021 at 11 AM PT / 2PM ET. Learn about Azure fundamentals with me! Live stream is normally found on Twitch, YouTube, and LearnTV at 11 AM PT / 2 PM ET Thursday. You can also find the recordings here as well: AzureFunBytes on Twitch AzureFunBytes on YouTube Azure DevOps YouTube Channel Follow AzureFunBytes on Twitter Useful Docs: Get $200 in free Azure Credit Microsoft Learn: Introduction to Azure fundamentals Cloud Engineering Summit Getting Started with Pulumi Upcoming workshops, etc What is Infrastructure as Code? What is Azure Resource Manager? Azure Command-Line Interface (CLI) - Overview | Microsoft Docs Application and service principal objects in Azure Active DirectoryAllow Pipelines to have Tags/Metadata like Azure Resources
We need the ability to add metadata to Azure DevOps Pipelines such as “Domain”, “Capability”, “Team”, “SRE Owner”, etc. This information needs to be available in the pipeline/ api response. It would also be useful to have the ability to filter/search by this in the UI, but that is not important for my immediate use case. Currently, to obtain this data, we are maintaining a separate reference table. It is not ideal.
