Recent Discussions
Multiple on-premises VPN devices
Hi All, I have a requirement to build a VPN tunnel from Azure to On Premise .On Premise,we have 2 VPN Gateway as Primary and Secondary . I believe we will have to create 2 VPN TUnnels to on premise . But I am confused how do I route the traffic to Primary and then to secondary (if Primary Fails) without using BGP Please help
CA policy Application not found in Target Resources
Hi, We have a CA policy for some external users (users created in AD and synked to Entra ID) that block access to everything in M365 except Azure Virtual Desktop (Resource ID: 9cdead84-a844-4324-93f2-b2e6bb768d07) and Security Info (for MFA setup). I read about Windows App, that it will replace the "Remote Desktop" app and it's web interface https://client.wvd.microsoft.com/arm/webclient/. So I tried to use the new Windows App web interface (https://windows.cloud.microsoft) with my external test user, but I can not log on. I get a screen that I don't have access. Checked the sign in logs and found that I try to log on to resource called "Windows 365 Portal". Test - Logging on using the Windows App installed on a PC: Application: Windows 365 Client Application ID: 4fb5cc57-dbbc-4cdc-9595-748adff5f414 Resource: Azure Virtual Desktop Resource ID: 9cdead84-a844-4324-93f2-b2e6bb768d07 Test - Logging on using the Windows App web interface (https://windows.cloud.microsoft/): Application: Windows 365 Portal Application ID: 3b511579-5e00-46e1-a89e-a6f0870e2f5a Resource: Windows 365 Portal Resource ID: 3b511579-5e00-46e1-a89e-a6f0870e2f5a "Windows 365 Portal" does not exist in the list of applications that I can set as an exception in the CA policy. The closest I found was "Windows 365", but that does not solve the problem (different Resource ID). What to do?
Azure VMWare (AVS) Cost Optimization Using Azure Migrate Tool
What is AVS? Azure VMware Solution provides private clouds that contain VMware vSphere clusters built from dedicated bare-metal Azure infrastructure. Azure VMware Solution is available in Azure Commercial and Azure Government. The minimum initial deployment is three hosts, with the option to add more hosts, up to a maximum of 16 hosts per cluster. All provisioned private clouds have VMware vCenter Server, VMware vSAN, VMware vSphere, and VMware NSX. As a result, you can migrate workloads from your on-premises environments, deploy new virtual machines (VMs), and consume Azure services from your private clouds. Learn More: https://learn.microsoft.com/en-us/azure/azure-vmware/introduction What is Azure Migrate Tool? Azure Migrate is a comprehensive service designed to help you plan and execute your migration to Azure. It provides a unified platform to discover, assess, and migrate your on-premises resources, including servers, databases, web apps, and virtual desktops, to Azure. The tool offers features like dependency analysis, cost estimation, and readiness assessments to ensure a smooth and efficient migration process. Learn More: https://learn.microsoft.com/en-us/azure/migrate/migrate-services-overview How Azure Migrate can be used to Discover and Assess AVS? Azure Migrate enables the discovery and assessment of Azure VMware Solution (AVS) environments by collecting inventory and performance data from on-premises VMware environments, either through direct integration with vCenter (via Appliance) or by importing data from tools like RVTools. Using Azure Migrate, organizations can analyze the compatibility of their VMware workloads for migration to AVS, assess costs, and evaluate performance requirements. The process involves creating an Azure Migrate project, discovering VMware VMs, and generating assessments that provide insights into resource utilization, right-sizing recommendations, and estimated costs in AVS. This streamlined approach helps plan and execute migrations effectively while ensuring workloads are optimized for the target AVS environment. Note: We will be narrating the RVtools Import method in this article. What Is RVTools? RVTools is a lightweight, free utility designed for VMware administrators to collect, analyze, and export detailed inventory and performance data from VMware vSphere environments. Developed by Rob de Veij, RVTools connects to vCenter or ESXi hosts using VMware's vSphere Management SDK to retrieve comprehensive information about the virtual infrastructure. Key Features of RVTools: Inventory Management: Provides detailed information about virtual machines (VMs), hosts, clusters, datastores, networks, and snapshots. Includes details like VM names, operating systems, IP addresses, resource allocations (CPU, memory, storage), and more. Performance Insights: Offers visibility into resource utilization, including CPU and memory usage, disk space, and VM states (e.g., powered on/off). Snapshot Analysis: Identifies unused or orphaned snapshots, helping to optimize storage and reduce overhead. Export to Excel: Allows users to export all collected data into an Excel spreadsheet (.xlsx) for analysis, reporting, and integration with tools like Azure Migrate. Health Checks: Identifies configuration issues, such as disconnected hosts, orphaned VMs, or outdated VMware Tools versions. User-Friendly Interface: Displays information in tabular form across multiple tabs, making it easy to navigate and analyze specific components of the VMware environment. Hand-on LAB Disclaimer: The data used for this LAB has no relationship with real world scenarios. This sample data is self-created by the author and purely for understanding the concept. To discover and assess your Azure VMware Solution (AVS) environment using an RVTools extract report in the Azure Migrate tool, follow these steps: Prerequisites RVTools Setup: Download and install RVTools from the RVTools Download Ensure connectivity to your vCenter server. Extract the data by running RVTools and saving the output as an Excel (.xlsx) file Permissions: You need at least the Contributor role on the Azure Migrate project. Ensure that you have appropriate permissions in your vCenter environment to collect inventory and performance data. File Requirements: The RVTools file must be saved in .xlsx format without renaming or modifying the tabs or column headers. Note: Sample Sheet: Please check the attachment included with this article. Note that this is not the complete format; some tabs and columns have been removed for simplicity. During the actual discovery and assessment process, please do not modify the tabs or columns. Procedure Step 1: Export Data from RVTools Follow the steps provided in official website to get RVTools Extract Sample Sheet: Please check the attachment included with this article. Note that this is not the complete format; some tabs and columns have been removed for simplicity. During the actual discovery and assessment process, please do not modify the tabs or columns. Step 2: Discover Log in to the Azure portal. Navigate to Azure Migrate and select your project or create new project. Under Migration goals, select Servers, databases and web apps. On Azure Migrate | Servers, databases and web apps page, under Assessment tools, select Discover and then select Using import. In Discover page, in File type, select VMware inventory (RVTools XLSX). In the Step 1: Import the file section, select the RVTools XLSX file and then select Import. Wait for some time to Import Once import completed check for Error Messages if any and rectify those and re upload, otherwise wait 10-15 minutes to reflect imported VMs in the discovery. Post discovery Reference Link: https://learn.microsoft.com/en-us/azure/migrate/vmware/tutorial-import-vmware-using-rvtools-xlsx?context=%2Fazure%2Fmigrate%2Fcontext%2Fvmware-context Step 3: Assess After the upload is complete, navigate to the Servers tab. Click on Assess -->Azure VMware Solution to assess the discovered machines. Edit assessment settings based on your requirements and Save Target region: Select the Azure region for the migration. Node Type: Specify the Azure VMware Solution series (e.g., AV36, AV36P). Pricing model: Select pay-as-you-go or reserved instance pricing. Discount: Specify any available discounts. Note: We will be explaining all the parameters in optimize session. As of now just review and leave parameters as it is. In Assess Servers, select Next. In Select servers to assess > Assessment name > specify a name for the assessment. In Select or create a group > select Create New and specify a group name. Select the appliance and select the servers you want to add to the group. Then select Next. In Review + create assessment, review the assessment details, and select Create Assessment to create the group and run the assessment. Step 4: Review the Assessment View an assessment In Windows, Linux and SQL Server > Azure Migrate: Discovery and assessment, select the number next to Azure VMware Solution. In Assessments, select an assessment to open it. As an example (estimations and costs, for example, only): Review the assessment summary. You can select Sizing assumptions to understand the assumptions that went in node sizing and resource utilization calculations. You can also edit the assessment properties or recalculate the assessment. Step 5: Optimize We have received a report without any optimization in our previous steps. Now we can follow below steps to optimize the cost and node count even further High level steps: Find limiting factor Find which component in settings are mapped for optimization depending on limiting factor Try to adjust the mapped component according to Scenario and Comfort Find Limiting factor: First understand which component (CPU, memory and storage) is deciding your ESXI Node count. This will be highlighted in the report The limiting factor shown in assessments could be CPU or memory or storage resources based on the utilization on nodes. It is the resource, which is limiting or determining the number of hosts/nodes required to accommodate the resources. For example, in an assessment if it was found that after migrating 8 VMware VMs to Azure VMware Solution, 50% of CPU resources will be utilized, 14% of memory is utilized and 18% of storage will be utilized on the 3 Av36 nodes and thus CPU is the limiting factor. Find which option in the setting can be used to optimize: This is depending on the limiting factor. For eg: If Limiting factor is CPU, which means you have high CPU requirement and CPU oversubscription can be used to optimize ESXI Node. Likewise, if storage is the limiting factor editing FTT, RAID or introducing External storage like ANF will help you to reduce Node count. Even reducing one node count will create a huge impact in dollar value. Let's understand how over commitment or over subscription works with simple example. Let's suppose I have two VMs with below specification Name CPU Memory Storage VM1 9 vCPU 200 GB 500 GB VM2 4 vCPU 200 GB 500 GB Total 13 vCPU 400 GB 1000 GB We have EXSI Node which has below capacity: vCPU 10 Memory 500 GB storage 1024 GB Now without optimization I need two ESXI node to accommodate 13 vCPU of total requirement. But let's suppose VM1 and VM2 doesn't consume entire capacity all the time. The total capacity usage at a time will not go beyond 10. then I can accommodate both VM in same ESXI node, Hence I can reduce my node count and cost. Which means it is possible to share resources among both VMs. Without optimization With optimization Parameters effecting Sizing and Pricing CPU Oversubscription Specifies the ratio of number of virtual cores tied to one physical core in the Azure VMware Solution node. The default value in the calculations is 4 vCPU:1 physical core in Azure VMware Solution. API users can set this value as an integer. Note that vCPU Oversubscription > 4:1 may impact workloads depending on their CPU usage. Memory overcommit factor Specifies the ratio of memory overcommit on the cluster. A value of 1 represents 100% memory use, 0.5, for example is 50%, and 2 would be using 200% of available memory. You can only add values from 0.5 to 10 up to one decimal place. Deduplication and compression factor Specifies the anticipated deduplication and compression factor for your workloads. Actual value can be obtained from on-premises vSAN or storage configurations. These vary by workload. A value of 3 would mean 3x so for 300GB disk only 100GB storage would be used. A value of 1 would mean no deduplication or compression. You can only add values from 1 to 10 up to one decimal place. FTT : How many device failure can be tolerated for a VM RAID : RAID stands for Redundant Arrays of Independent Disks Explains how data should be stored for redundancy Mirroring : Data will be duplicated as it is to another disk E.g.: To protect a 100 GB VM object by using RAID-1 (Mirroring) with an FTT of 1, you consume 200 GB. Erasure Coding : Erasure coding divides data into chunks and calculates parity information (redundant data) across multiple storage devices. This allows data reconstruction even if some chunks are lost, similar to RAID, but typically more space-efficient E.g.: to protect a 100 GB VM object by using RAID-5 (Erasure Coding) with an FTT of 1, you consume 133.33 GB. Comfort Factor: Azure Migrate considers a buffer (comfort factor) during assessment. This buffer is applied on top of server utilization data for VMs (CPU, memory and disk). The comfort factor accounts for issues such as seasonal usage, short performance history, and likely increases in future usage. For example, a 10-core VM with 20% utilization normally results in a 2-core VM. However, with a comfort factor of 2.0x, the result is a 4-core VM instead. AVS SKU Sizes Optimization Result In this example we got to know that CPU is my limiting factor hence I have adjusted CPU over subscription value from 4:1 to 8:1 Reduced node count from 6 (3 AV36P+3 AV64) to 5 AV36P Reduced Cost by 31% Note: Over-provisioning or over-committing can put your VMs at risk. However, in Azure Cloud, you can create alarms to warn you of unexpected demand increases and add new ESXi nodes on demand. This is the beauty of the cloud: if your resources are under-provisioned, you can scale up or down at any time. Running your resources in an optimized environment not only saves your budget but also allows you to allocate funds for more innovative ideas.
Event Hub Security (Networking)
Hello all, I have a logic app that streams enriched events into an event Hub. I noticed for this to work; I need to have the event Hub configured to "All Networks" as we currently do not have any Vnets or Private endpoints associated with the resource group. Does anyone have input on if the use of a private endpoint or vnet would help to secure the event hub? And if so where to begin in configuring said solution? Any input is greatly appreciated!
VPN over ExpressRoute with backup VPN
Hi. I have a requirement to design an ExpressRoute connection to Azure (Azure private peering only). We also want to encrypt ExpressRoute traffic with a VPN. This is documented. We also currently have a standard VPN (over the internet) connected to Azure and again there is documentation on how to set up ExpressRoute with an internet VPN as a backup. However, has anyone configured a VPN over ExpressRoute with an internet VPN as a backup? My gut feel is that it is possible via some clever routing advertising but I can't find any documentation on such an architecture. Any pointers appreciated.
Failed to remove group membership
Hi All, I am using a group in AAD to assign licenses to my Conference room room mailbox account. from last few days when i am trying to remove the particular group from a room account, i am getting below error. Failed to remove group membership Unable to complete due to service connection error. Please suggestAZURE AD Password Protection Requirements
As we prepare to install the Azure AD Password Protection DC Agent. We have three windows 2008 servers which are not compatible as per the notes below but we are building a 2016 DC. - Do we need to install the Azure AD Password Protection Agent across every DC's or it's ok in just one DC? Please your response will be highly appreciated. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises
Device In Azure AD showing as not compliant, yet in Intune the device is fine and compliant
Hello All I have several devices that are now failing SSO logins because of Conditional Access retuning as the device is not Compliant, Checking the device in Azure AD (Entra) is clearly shows the device is not compliant, which explains why the SSO logins are blocked. But when I check the device in Intune (Endpoint) it shows the device is compliant and all good (you will have to take my word the 2 screen shots are the same device as the host name is blurred) When checking the device ID in Azure AD and Intune they all match as you would expect. The Devices are checking in and Syncing with Azure and Intune on a regular basis. Azure is just not updating with the correct Compliance status from Intune. Any Ideas what is happening Cheers ColinPassed AZ-104 Exam in 2025 with Practice Questions
I’m happy to share that I passed the AZ-104: Microsoft Azure Administrator exam on September 28, 2025, with a score of 865/1000. I began my preparation on July 10, 2025, mainly using Microsoft Learn modules, hands-on practice in Azure, and practice questions from SkillCertExams. The practice sets really helped me get familiar with scenario-based questions and time management. I received my official result on September 30, 2025, and I can say the effort was worth it. My advice: focus on understanding how Azure services connect, take practice tests under timed conditions, and carefully review every mistake. Good luck to everyone.
From Doubt to Victory: How I Passed Microsoft SC-200
Hey everyone! I wanted to share my journey of how I went from doubting my chances to successfully passing the Microsoft SC-200 exam. At first, the idea of taking the SC-200 seemed overwhelming. With so many topics to cover, especially with the integration of Microsoft security technologies, I wasn’t sure if I could pull it off. But after months of studying and staying consistent, I finally passed! 🎉 Here’s what worked for me: Study Plan: I created a structured study schedule and stuck to it. I broke down each section of the exam objectives and allocated time for each part. Authentic Exam Questions: I used it-examstest for practice exams. Their realistic test format helped me get a good grasp of the exam pattern. Plus, the explanations for the answers were super helpful in understanding the concepts. Practice Exams: I did multiple mock tests. Honestly, they helped me more than I expected! They boosted my confidence, and I could pinpoint areas where I needed to improve. SC-200 Study Materials: I relied on a combination of online courses, books, and video resources. Watching the study videos and taking notes helped me retain the information better. Don’t Cram: I didn’t leave things to the last minute. It took me about 2-3 months of consistent study to get comfortable with the material. I made sure to take breaks and not burn myself out. Passing this exam felt amazing! If you're in the same boat and feeling uncertain, just stick with it! It’s a challenging exam, but with the right tools and preparation, you can do it. Keep pushing forward, and good luck to everyone! 💪 Would be happy to answer any questions if anyone has them!By-pass hub firewall for data centric solution
I have the following high-level solution: Source Data - flowing via kafka cluster on a series of topics Destination - Databricks via spark connector landing in ADLS Gen2 The source and destination are in separate subscriptions within the same tenant and private endpoint will be used to ensure data flow is over a private network. VNet peering will be used and possibly NSGs on the respective subnets. However, the hub firewall will be by-passed due to the volume and speed of the data. Security controls will be used to mitigate access on source and destination. I would like to understand the best practice for similar use-cases, should we by-pass the central firewall? The rationale is that the firewall will impact the data flow / performance.Differences between PowerShell and Browser when upload file
Hi All, Anybody have noticed similar behavior? When uploading the file into the storage account that is working find. But if on the same workstation you try to do this using the PowerShell command: Set-AzStorageBlobContent the if fails to: ErrorCode: AuthorizationPermissionMismatch Here is also the longer trace: $sa = get-azstorageAccount -ResourceGroupName RG01 -Name storage01 $strCTX = New-AzStorageContext -StorageAccountName $sa.StorageAccountName $strCTX | Set-AzStorageBlobContent -File C:\temp\test.txt -Container delate -Blob test.txt -Verbose VERBOSE: Performing the operation "Set" on target "test.txt". Set-AzStorageBlobContent: This request is not authorized to perform this operation using this permission. HTTP Status Code: 403 - HTTP Error Message: This request is not authorized to perform this operation using this permission. ErrorCode: AuthorizationPermissionMismatch ErrorMessage: This request is not authorized to perform this operation using this permission. RequestId: 3150eeb6-761e-0096-2edd-56e8bc000000 Time: Tue, 30 Sep 2025 10:25:51 GMT VERBOSE: Transfer Summary -------------------------------- Total: 1. Successful: 0. Failed: 1. Some thing which makes this a bit more odd, is, when I'm looking for the roles and their data accesses, they both looks like following: So I'm not even sure how I do have access to that SA.
How to disable login for one server
Quick question: How do i disable logon for just one of many servers in a host pool? I tried Change Logon /Disable, but users are still getting redirected to the disabled server, only to get the error message "Remote logins disabled" ... Surely there must be a simple solution i have missed?KQL Query for finding out resource's egress going through a specific Virtual Network Gateway
Is there a way to find out individual resources egress that are going through a Virtual Network Gateway VPN. Pretty much I have an issue where its been noticed that there's high egress going through our Azure to on-prem VPN, I believe it's due to backups but I want to find the specific resources that are causing it. Is there a KQL or way of logging that would be able to pull the individual resource names or resource IDs based on their egress going through a Virtual Network Gateway?How Azure AI is Revolutionizing Supply Chain Forecasting and Inventory
In today’s fast-paced global marketplace, supply chain efficiency can make or break a business. Companies face constant challenges such as demand fluctuations, supplier disruptions, and shifting customer expectations. Traditional forecasting methods—often reliant on historical data and rigid models—are no longer enough. This is where Azure AI is stepping in, transforming supply chain forecasting and inventory management with intelligent, adaptive, and real-time solutions. https://dellenny.com/how-azure-ai-is-revolutionizing-supply-chain-forecasting-and-inventory/Optimizing Azure DevOps Jira Integration: 5 Practical Use Cases for DevOps Teams
Many teams rely on Azure DevOps (ADO) for development and Jira for project or product management. While each tool is powerful on its own, things often get messy when work items, statuses, and updates live in separate systems. Integrating the two platforms can remove a lot of friction. Below are six common use cases I have seen from real teams, with concrete problems and solutions to make the connection between Jira and Azure DevOps work smoothly. 1. Keeping User Stories and Bugs in Sync Challenge: Teams use Jira for user requests and Azure DevOps for development tasks. Manually updating both systems is tedious and error-prone. Solution: Enable two-way synchronization so that changes in Jira automatically reflect in Azure DevOps and vice versa (including comments and status updates). This keeps bugs and stories aligned without duplicate work. “Before we integrated Jira with Aure DevOps, I spent too much time manually updating task statuses in both systems. Now, with the automatic sync, my team is focused on actual coding work instead of managing project statuses across platforms.” — DevOps Engineer 2. One-Way Sync for Project Management–First Teams Challenge: Some organizations plan and track everything in Jira but manage code exclusively in Azure DevOps. Developers only need the essentials pushed across. Solution: Use a one-way sync from Jira → Azure DevOps to bring over metadata like titles, statuses, sprints, and due dates. Developers see the context they need without cluttering both systems with manual updates. “We rely on Jira for all project planning and management, but the developers need a clean workspace in Azure DevOps. A one-way sync from Jira to ADO helps us keep things efficient and ensures developers always have the latest information without double entry.” — Product Owner 3. Creating Jira Tickets from Azure DevOps Tasks or Bugs Challenge: External partners or stakeholders may only work in Jira Service Management to manage tickets. Developers in Azure DevOps often need their work mirrored for transparency. Solution: Configure automated ticket creation in Jira when certain ADO tasks are tagged. Both teams can track progress in their preferred tool without duplicating effort. “We use Azure DevOps internally, but our external stakeholders only work in Jira. Automating the creation of Jira tickets based on Azure DevOps tasks or bugs has made collaboration seamless and ensured no work is lost in translation.” — DevOps Lead 4. Syncing Epics, Features, and Work Items Challenge: High-level epics might live in Jira, while features and tasks are managed in Azure DevOps. Without integration, visibility across systems is fragmented. Solution: Sync epics and features so Jira provides portfolio-level visibility, while Azure DevOps remains the system of record for detailed development work. This keeps roadmaps and execution aligned. “Tracking epics in Jira while managing the technical work in Azure DevOps used to cause us to lose visibility. Now, everything from high-level epics to individual tasks is in sync, so we always know where we stand.” — Azure DevOps Product Manager 5. Managing Multiple Jira Projects with One Azure DevOps Project Challenge: Large organizations often run multiple Jira projects (by teams or business units) but only one Azure DevOPs project for development. Syncing everything consistently is tough. Solution: Map multiple Jira projects to a single Azure DevOps project, syncing only the key data (titles, statuses, sprints, custom fields). This creates a unified development view without losing project-specific details. “We have multiple teams using different Jira projects, but we consolidate all development work into a single Azure DevOps project. Syncing across these platforms used to be a nightmare, but now everything stays aligned, and we’re able to track all initiatives in one place.” — Azure DevOps Engineer 💬 Have you integrated Jira with Azure DevOps in your team? What worked well, and what challenges did you run into?
Redirection pulic IP adress of vm azure to local adress on premise
Hello, I have VM on azure and other one on premise, the VM on premise access to antenna, which is located in premise, and I have installed VPN between vm azure and vm on premise, Antenna on premise: ip 10.10.18.2 Vm on premise: ip 10.10.19.3 …………………………………… there is connection between antenna and vm on premise. Vm on azure: ip 10.10.19.2 , Public address : 10.40.40.40 ………………….. Ther is connection between vm azure to antenna ( I have set route 10.10.18.0 to 10.10.19.0). I want to access to this antenna from synapse by Rest API service, so I wonder how i can redirect public address of vm on azure to local address of antenna on premise through vm azure?Understanding HUB vnet route tables relation
Hi there Please help me understand the relation/usage between/of the different route tables in a Hub vnet. Let's say I have a Hub vnet with ExpressRoute GWs for on-prem connectivity, and VPN GWs for Vnet-Vnet VPN connections to other HUBs. Spokes are peered to the Hub. The ER GW holds a route table. The VPN GW. holds its route table. And the GatewaySubnet holds a route table. I can view the ER GW Private Peering route table. I can see the BGP Peers/Routes in the VPN virtual gateway. But in the hub I cannot really see the effective GatewaySubnet route table. (I know I can by deploying a VM in a subnet in the hub) When exactly is the GatewaySubnet route table consulted/used? In which flows? Please elaborate on the GatewaySubnet vs. ER GW vs. VPN GW route tables and their exhange of routes or lack of. Thanks in advance! /Thomas
Recent Blogs
- Drasi , the open-source Rust data change processing platform, simplifies the creation of change-driven systems through continuous queries, reactions, and clearly defined change semantics. Continuous ...Oct 03, 2025
- 3 MIN READOrganizations around the world are accelerating their cloud modernization journeys with Oracle Database@Azure. Today, we’re excited to share two important updates that expand both the capabilities an...Oct 03, 2025
