Recent Discussions
Help ! - Hub Spoke Architecture and Routing via NVA
I have a classic example of routing. I want to force all traffic via Fortigate firewalls. EastWest and NorthSouth. However when large Supernet of Azure Vnet is used to route and force the traffic via UDR at gateway subnet, its not working. Because Routes learned at Hub Vnet via Vnet peering is taking precedence. To isolate, i have created multiple small subnet routes for Gateway subnet. Each pointing to spoke vnet and next hop as Fortigate firewall. However this is working, i want to make solution solid. Means if someone creates new vnet in future and peer with Hub, it should not get direct traffic. Is that possible? Or this is typical shortcoming of Azure where routing works with preference to vnet peeering.? Below is architecture -
Inherited VM data disk setup query
Hi there, I've inherited a VM in Azure: OS Premium SSD disk of 127GB 4 x 4095 GB Standard HDD In the VM the data drive totals 10.2TB with 7.6TB of space. I want to reduce the size but realize I can't, I'd have to create new smaller drives then move data to new drive letter in WIndows. My confusion is why are there four identically sized disks? Also how do they only total 10.2TB when in the Windows partition manager there is no unallocated space? Any suggestions if I've missed anything would be great. THank you.
RemoteApp for Word/Excel with Google Drive
I want to set up RemoteApp so users can use Word and Excel remotely. At the same time, I want them to be able to access and save files directly from Google Drive within those apps. We currently only have 3 users who need this, but we plan to expand in the future. What’s the best way to do this? Do I need a specific setup, plugin, or service to make Google Drive work seamlessly with Word/Excel in a RemoteApp environment?
Issues with FSLogix Profiles on Win11 25H2 Multiuser sessionhost's
Hey guys we have currently lot of issues with AVD and FSLogix 26.01. There seems to be an issue that the profile container isnt't unmounted correctly. We have lot's of users who are not able to login correctly because the profile can't be mounted because its already in use by another process. I'm currently looking what could cause that. We use a Azure files storage were i don't see any issues. It looks like a process within the userprofile is blocking the unload of the profile. Should i be able to see in the logs of FSLogix which process is causing this. Or what is a effective way to troubleshoot that? Thanks for any help Best regards Marc
Integrate Agents with Skills in Github Copilot
The past year saw the rise of Agentic workflows. Agents have a task or goal to accomplish and build context, take actions using tools. Tools while affective in surfacing the requisite sources and actions can easily increase in numbers causing context bloat, high token consumption. Agent Skills was proposed in a recent Anthropic paper to address the above challenges. Agent Skills are now supported in Visual Studio Code (Experimental) and can be used with Github Copilot. It works across Copilot coding agent, Copilot CLI, and agent mode in Visual Studio Code Insiders. Copilot coding agent is available with the GitHub Copilot Pro, GitHub Copilot Pro+, GitHub Copilot Business and GitHub Copilot Enterprise plans. The agent is available in all repositories stored on GitHub, except repositories owned by managed user accounts and where it has been explicitly disabled. An Agent Skill is created to teach Copilot on performing specialized tasks with detailed instructions while also being repeatable. At its core, Agent Skills are folders which contain instructions, scripts, and resources that the Copilot automatically loads when relevant to the query. On receiving a prompt, Copilot determines if a skill is relevant to your task and it then loads the instructions. The skills instructions are executed along with any resources included in the directory structure relevant to the specific skill. One guideline would be to encapsulate into a skill anything which is being done repeatedly. In the example below, we have a skill for creating a github issue for a feature request using a specific template (the template will be referenced by the skill based on the type of issue to be created). The SKILL.md file is very detailed in all the instructions required for supporting multiple github issues related actions. The description is key to understanding the Skill and when the Agent requires a specific Skill, the appropriate instructions are loaded. The loaded Skill is then executed in a secure code execution environment. A further option provided by Agent Skills is reusing the generated code by storing it in the filesystem to avoid repeated execution. In Visual Studio Code, enable the "chat.useAgentSkills" setting to use Agent Skills prior to the run. An Agent can have nested agents which is used to detail sub agents (Nested Agents is also enabled in settings as shown below) and thus decouple functionality. Any prompt in the chat will now have the option to pick from the Agent Skills in addition to the tools available. We can write our own skills, or use those which are shared by others - anthropics/skills repository or GitHub’s community created github/awesome-copilot collection. While skills are very powerful, using shared skills needs to be done with discretion and from a security perspective only use skills shared by trusted sources. Resources https://github.blog/changelog/2025-12-18-github-copilot-now-supports-agent-skills/ https://code.visualstudio.com/docs/copilot/customization/agent-skills
[Urgent]: Locked out of Azure Portal - GitHub Login Loop & Authenticator 6-digit vs 8-digit Mismatch
I am writing this out of frustration as I have been locked out of my Azure web portal (azure.com) for a long time. I normally log in via GitHub, but something seems to have changed regarding the admin settings or 2FA requirements. I am now stuck at the Microsoft Authenticator verification step. The major issue is that my Authenticator app shows an 8-digit PIN, but the Azure login screen requires a 6-digit PIN. I also do not receive any push notifications/pop-ups on my phone, despite being logged into the correct account in the app. Key Details: This is a personal account. My login works perfectly on accounts.microsoft.com and the Azure Mobile App. I cannot use the web portal, which is preventing me from managing my servers. I have a VM that frequently runs out of memory (OOM) and needs an immediate upgrade and a new IP address—tasks I cannot do from the mobile app. I cannot open a support ticket because I can't log in. I contacted pre-sales support two months ago; they promised an engineer would email me within 7 days, but I never heard back. Please help me regain access to my account.Azure AD Premium still requires although I already have it in place
Hi Folks, I have a AAD tenant with EMS E5 license in place that gives me the AD Premium P2 features already. I've setup a brand new AD Connect server and everything went well except after 6 hours or so, AAD still keep showing me the license error below. ADConnect server wouldn't appear under the Sync services because of this. Appreciate any ideas!
AVD Remote published Application Disconnection
Is anyone aware of any known issues with AVD Remote Applications? We’re experiencing random disconnections across all Remote App users, with error details in insight point to StackCrash . The January 2026 update and OBB fix patches have already been applied, but the problem persists. ServiceRDStackStackCrash (-1073741819)Logic Apps Data Mapper Integer Formatting Issue
Hello team, I am working on a data map that is giving me a hard time in the logic app. For my transformations, I do json-to-json transformation using the new data mapper. I have managed to handle all fields but for some reason one integer field is giving me a very hard time. <number key="id"> <xsl:value-of select="/*/*[@key='mapparameters']/*[@key='counterpartyType1id']" /> </number> Here, if I pass let's say 12345, I want to see 12345 but the result is 12345.0. This action's output is directly being sent to a HTTP call in the logic app and based on the workflow run logs, everything seems okay. In the logs, the value seen as 12345. However, when we check the backend, this field is 12345.0 in the request body and this causes an error as the application does not accept it. I tried to format the number and convert it in any way but with no luck, the issue is this problem started happening out of the blue someday. Does anyone can guide me a potential resolution? Thanks.Need Help: Shortpath Drops & RDstack error in AVD
I’m seeing persistent AVD connection issues and would appreciate guidance. Frequent ShortpathTransportNetworkDrop (68) and ShortpathNetworkDrop (16644) errors GetInputDeviceHandlesError (4463) US based users and hostpool/sessionhost Users experience instability and degraded performanceUnable change the custom name in Azure share File URl
Hi all, I am trying to change the custom name in my Azure File Share URL from its current format (//<Storage Account Name>.file.core.windows.net/<file share name>) to desired format (//AFS/<file share name>) without having to do any changes in on-premises side. but unable to do this work. I would like to access Azure file share from on-premises system file explorer using (//AFS/<file share name>) URL. If any possibility is there, please let me know your feedback. Thanks
Can't install Azure ARC on multiple Server 2025 devices
I have multiple Server 2025 devices that when I click "Launch Azure Arc Setup" button on taskbar icon or "Azure Arc Setup" on start menu nothing happens. I then tried to download arcsetup.exe and it never advanced beyond the initializing Windows Installer screen. I got it to work on one server and 4-5 all have the same problem. Both physical and VM. Below are errors in the event log.Azure Migrate Physical Server Discovery - ServerDiscoveryService.exe Crash Bug
Summary The Azure Migrate appliance for physical server discovery fails to complete discovery due to a crash bug in ServerDiscoveryService.exe. The service successfully connects to target servers but crashes during WSMan transport cleanup before any discovery data is collected. Environment Appliance OS: Windows Server 2022 Standard Evaluation (Build 20348) Appliance Type: Physical server discovery (script-based installation) ServerDiscoveryService.exe Version: 2.0.3300.663 .NET Version: 8.0.22 (CoreCLR 8.0.2225.52707) Target Servers: Windows Server (various) and Linux, all on-premises Discovery Agent Version: 2.0.03300.663 Appliance Configuration Manager Version: 6.1.294.1847 Symptoms Target server validation succeeds in the appliance configuration manager CIM sessions connect successfully (logs show "TestConnection succeeded for CIM Session with HTTP protocol") Connections are immediately disposed with "Disposing all connections when the process is shutdown" No discovery data is collected Azure portal shows error 60001 with misleading "Could not load file or assembly 'Microsoft.Management.Infrastructure'" message Discovery status remains "Discovery Incomplete" for all Windows servers Root Cause The ServerDiscoveryService.exe process crashes repeatedly with an unhandled NullReferenceException in the WSMan transport finalizer. This is visible in the Windows Application Event Log: Application: ServerDiscoveryService.exe CoreCLR Version: 8.0.2225.52707 .NET Version: 8.0.22 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException: Object reference not set to an instance of an object. at System.Management.Automation.Remoting.Client.BaseClientTransportManager.CloseAsync() at System.Management.Automation.Remoting.Client.WSManClientSessionTransportManager.CloseAsync() at System.Management.Automation.Remoting.Client.BaseClientTransportManager.Finalize() The crash also triggers an access violation: Faulting application name: ServerDiscoveryService.exe, version: 2.0.3300.663 Exception code: 0xc0000005 Faulting application path: C:\Program Files\Microsoft Azure Server Discovery Service\ServerDiscoveryService.exe These crashes occur approximately every 10 minutes. Troubleshooting Completed Verified manual connectivity works: PowerShell Invoke-Command and New-CimSession both succeed from the appliance to target servers using the same credentials Verified WinRM configuration: Targets have WinRM HTTP listener on port 5985, LocalAccountTokenFilterPolicy is set to 1 Verified assemblies exist: Microsoft.Management.Infrastructure.dll is present in the GAC on both the appliance and target servers Tested both FQDNs and IP addresses: Same failure occurs with both Tested both local and domain credentials: Same failure with properly formatted credentials (domain\user) Verified time synchronization: Appliance clock is accurate Verified appliance is up to date: All components show current versions Tested with fresh appliance: Previously tried OVA-based appliance with similar results; rebuilt using Microsoft's PowerShell script installer on clean Server 2022—same issue Relevant Log Locations C:\ProgramData\Microsoft Azure\Logs\ConfigManager\ClientOperations_*.log - Shows successful CIM connections followed by immediate disposal C:\ProgramData\Microsoft Azure\Logs\ConfigManager\ApplianceOnboarding-Portal-*.log - Shows error 60000 "UnhandledException" with message "Internal error occured." (note: typo is in original) Windows Event Log (Application) - Contains the actual crash stack traces Conclusion This is a code defect in ServerDiscoveryService.exe—a null reference exception in a finalizer is a programming error that cannot be caused by configuration or environmental factors. The service connects successfully but crashes before completing its work. Request Please escalate to the Azure Migrate engineering team for a bug fix in ServerDiscoveryService.exe version 2.0.3300.663.New Windows App with AVD remote apps/desktop
Microsoft announced that Remote Desktop app would transition to Windows App so we've been testing it out and are looking for a place to offer feedback on Windows App. Have submitted Feedback via the Feedback option but no idea if others are experience similar or if certain changes are being considered, so starting this discussion to see if other AVD users have been trying the Windows App and how their experience has been? Some of the things we have observed is launching/starting a connection to a remote app or desktop is much, much slower via the Windows App vs. the Remote Desktop app. After connected, it seems to be ok, but when launching it is painfully slow most of the time. Also, we work from multiple workspaces with some users having a large number of apps assigned to them, you can no longer hover over an icon for a remote app and see which workspace the session is from. (ex: if you work on a dev, pre-prod and prod environment, you can't easily see which session is which from task bar now) Also, the size of the remote app 'icons' is huge - we would like to see an option to be able to size those down more like the sizes of the icons in Remote Desktop app. Understand you can pin to the home page, but depending on how many remote apps are assigned and used regularly it can be lots of scrolling to find what you are looking for (have to use the search option often as there isn't a sort by name option, or such) And from a security perspective, the way our conditional access rules are written, the new Windows App looks like a 365 app and we have quite strict rules for this. We are hoping to see the new Windows App change how it is identifying to allow more control/flexibility with conditional access rules for the new app. Will likely create a support ticket for this issue. Please share your experiences with the Windows App with your AVD usages.Azure Monitoring Agent Virtual Machines not connecting to log analytics workspace
Hey there, i tried to rollout monitoring for Azure Virtual Machines. For Testing i created a basic DCR to collect general Performance Counters of the associated VM's. The DCR is in Terraform defined as following : resource "azurerm_monitor_data_collection_rule" "log" { name = "test_rule" location = azurerm_resource_group.test_group.location resource_group_name = azurerm_resource_group.test_group.name kind = "Windows" destinations { log_analytics { workspace_resource_id = azurerm_log_analytics_workspace.default_workspace.id name = azurerm_log_analytics_workspace.default_workspace.name } } data_flow { streams = [ "Microsoft-Perf" ] destinations = [azurerm_log_analytics_workspace.default_workspace.name] } data_sources { performance_counter { streams = [ "Microsoft-Perf" ] sampling_frequency_in_seconds = 60 counter_specifiers = [ "\\Processor Information(_Total)\\% Processor Time", "\\Processor Information(_Total)\\% Privileged Time", "\\Processor Information(_Total)\\% User Time", "\\Processor Information(_Total)\\Processor Frequency", "\\System\\Processes", "\\Process(_Total)\\Thread Count", "\\Process(_Total)\\Handle Count", "\\System\\System Up Time", "\\System\\Context Switches/sec", "\\System\\Processor Queue Length", "\\Memory\\% Committed Bytes In Use", "\\Memory\\Available Bytes", "\\Memory\\Committed Bytes", "\\Memory\\Cache Bytes", "\\Memory\\Pool Paged Bytes", "\\Memory\\Pool Nonpaged Bytes", "\\Memory\\Pages/sec", "\\Memory\\Page Faults/sec", "\\Process(_Total)\\Working Set", "\\Process(_Total)\\Working Set - Private", "\\LogicalDisk(_Total)\\% Disk Time", "\\LogicalDisk(_Total)\\% Disk Read Time", "\\LogicalDisk(_Total)\\% Disk Write Time", "\\LogicalDisk(_Total)\\% Idle Time", "\\LogicalDisk(_Total)\\Disk Bytes/sec", "\\LogicalDisk(_Total)\\Disk Read Bytes/sec", "\\LogicalDisk(_Total)\\Disk Write Bytes/sec", "\\LogicalDisk(_Total)\\Disk Transfers/sec", "\\LogicalDisk(_Total)\\Disk Reads/sec", "\\LogicalDisk(_Total)\\Disk Writes/sec", "\\LogicalDisk(_Total)\\Avg. Disk sec/Transfer", "\\LogicalDisk(_Total)\\Avg. Disk sec/Read", "\\LogicalDisk(_Total)\\Avg. Disk sec/Write", "\\LogicalDisk(_Total)\\Avg. Disk Queue Length", "\\LogicalDisk(_Total)\\Avg. Disk Read Queue Length", "\\LogicalDisk(_Total)\\Avg. Disk Write Queue Length", "\\LogicalDisk(_Total)\\% Free Space", "\\LogicalDisk(_Total)\\Free Megabytes", "\\Network Interface(*)\\Bytes Total/sec", "\\Network Interface(*)\\Bytes Sent/sec", "\\Network Interface(*)\\Bytes Received/sec", "\\Network Interface(*)\\Packets/sec", "\\Network Interface(*)\\Packets Sent/sec", "\\Network Interface(*)\\Packets Received/sec", "\\Network Interface(*)\\Packets Outbound Errors", "\\Network Interface(*)\\Packets Received Errors" ] name = "datasourceperfcounter" } } description = "General data collection rule for collecting windows performance counter rules" } Also i created the association of the DCR and my Virtual Machine using either Terraform, Policies and Portal. The Monitor Agent and identity is assinged in all cases properly. But the Connection of the DCR / DCR Associations doesn't seem to work in case of terraform or policy enrollment. For some reason the log analytic namespace neither receive an Heartbeat of the agent nor creating the tables for the performance counters. If i recreate the association between DCR and vm in those cases it works again. Is there any additional Step required when using the Policies or Terraform to setup the data collection rule or this a bug where some kind of required event is not raised properly ?Unable to delete Foundry Agent identity Entra app in Azure
I'm trying to delete an Entra app in Azure created by Foundry Agent identity blueprint as its currently unused and is causing EntraID hygiene alerts. However getting an error mentioning that delete is not supported. Is there any other way to delete an unused Entra app for an agent identity blueprint? Error detail: Agent Blueprints are not supported on the API version used in this request.Azure Policy - Enable Hybrid Use Benefit
Hello there. I'm struggling with a custom policy. My requirements are the following: Enable Hybrid Use Benefit for Microsoft.Compute/virtualMachines (properties.licenseType=Windows_Server) Work for both Marketplace and not-Marketplace virtual machines (ASRed, etc) Fix deployments that are done without it enabled Allow remediation of existing resources Initially I found https://github.com/Azure/Community-Policy/blob/master/Policies/Compute/deploy-hybrid-benefit-windows/azurepolicy.json which works for Marketplace, but not for VMs without imagePublisher and imageOffer. I identified properties.storageProfile.osDisk.osType as another way to identify Windows machines. The full policy if below, but it only works for remediation, it does not work for new deployments. What am I doing wrong? I also found this issue, which suggests adding a licenseType to the If, but then the all resources are in compliance: https://github.com/Azure/azure-policy/issues/426 remediation does not work and new resources don't as well. Any help is very appreciated! { "displayName": "Deploy Azure Hybrid Benefit for Windows.", "mode": "Indexed", "description": "This policy ensures virtual machines are configured for Azure Hybrid Benefit for Windows Server - https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing#ways-to-use-azure-hybrid-benefit-for-windows-server.", "metadata": { "category": "Compute", "version": "1.0.1" }, "parameters": { "effect": { "type": "string", "metadata": { "displayName": "Effects", "description": "Enable or disable the execution of the Policy." }, "allowedValues": [ "DeployIfNotExists", "Disabled" ], "defaultValue": "DeployIfNotExists" } }, "policyRule": { "if": { "allOf": [{ "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, { "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType", "equals": "Windows" } ] }, "then": { "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Compute/virtualMachines", "existenceCondition": { "allOf": [ { "field": "Microsoft.Compute/virtualMachines/licenseType", "equals": "Windows_Server" } ] }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "vmName": { "type": "String" }, "licenseType": { "defaultValue": "None", "type": "String", "allowedValues" : [ "None", "Windows_Server" ] } }, "variables": {}, "resources": [ { "type": "Microsoft.Compute/virtualMachines", "apiVersion": "2021-03-01", "name": "[parameters('vmName')]", "location": "[resourceGroup().location]", "properties": { "licenseType": "[parameters('licenseType')]" } } ], "outputs": { "policy": { "type": "string", "value": "[concat('Changed LicenseType for Windows VM', ': ', parameters('vmName'), '- ', parameters('licenseType'))]" } } }, "parameters": { "vmName": { "value": "[field('name')]" }, "licenseType": { "value": "Windows_Server" } } } } } } } } Thanks, Joel.
Recent Blogs
- As a leader in cloud infrastructure, Microsoft ensures that Azure’s IaaS customers always have access to the latest hardware. Our goal is to consistently deliver technology to support business critic...Feb 06, 2026
- Over the past several years of working with large enterprises, a clear pattern has emerged in conversations about modernizing backup infrastructure. Teams managing large on‑premises estates often usi...Feb 06, 2026
