Apps on Azure topics

Help wanted: Refresh articles in Azure Architecture Center (AAC)

jodimartis — Tue, 17 Mar 2026 18:12:13 GMT

I’m the Project Manager for architecture review boards (ARBs) in the Azure Architecture Center (AAC).

We’re looking for subject matter experts to help us improve the freshness of the AAC, Cloud Adoption Framework (CAF), and Well-Architected Framework (WAF) repos. This opportunity is currently limited to Microsoft employees only.

As an ARB member, your main focus is to review, update, and maintain content to meet quarterly freshness targets. Your involvement directly impacts the quality, relevance, and direction of Azure Patterns & Practices content across AAC, CAF, and WAF. The content in these repos reaches almost 900,000 unique readers per month, so your time investment has a big, global impact. The expected commitment is 4-6 hours per month, including attendance at weekly or bi-weekly sync meetings.

Become an ARB member to gain:

Increased visibility and credibility as a subject‑matter expert by contributing to Microsoft‑authored guidance used by customers and partners worldwide.
Broader internal reach and networking without changing roles or teams.
Attribution on Microsoft Learn articles that you own.
Opportunity to take on expanded roles over time (for example, owning a set of articles, mentoring contributors, or helping shape ARB direction).

We’re recruiting new members across several ARBs. Our highest needs are in the Web ARB, Containers ARB, and Data & Analytics ARB:

The Web ARB focuses on modern web application architecture on Azure—App Service and PaaS web apps, APIs and API Management, ingress and networking (Application Gateway, Front Door, DNS), security and identity, and designing for reliability, scalability, and disaster recovery.
The Containers ARB focuses on containerized and Kubernetes‑based architectures—AKS design and operations, networking and ingress, security and identity, scalability, and reliability for production container platforms.
The Data & Analytics ARB focuses on data platform and analytics architectures—data ingestion and integration, analytics and reporting, streaming and real‑time scenarios, data security and governance, and designing scalable, reliable data solutions on Azure.

We’re also looking for people to take ownership of other articles across AAC, CAF, and WAF. These articles span many areas, including application and solution architectures, containers and compute, networking and security, governance and observability, data and integration, and reliability and operational best practices.

You don’t need to know everything—deep expertise in one or two areas and an interest in keeping Azure architecture guidance accurate and current is what matters most.

Please reply to this post if you’re interested in becoming an ARB member, and I’ll follow up with next steps. If you prefer, you can email me at v-jodimartis@microsoft.com.

Thanks! 🙂

Using Claude Opus 4.6 in Github Copilot

ArunaChakkirala — Mon, 16 Feb 2026 03:41:52 GMT

The model selection in Github Copilot got richer with the addition of Claude Opus 4.6. The Model capability along with the addition of agents makes it a powerful combination to build complex code which requires many hours or days. Claude Opus 4.6 is better in coding skills as compared to the previous models. It also plans more carefully, performs more reliably in larger codebases, and has better code review as well as debugging skills to catch its own mistakes. In my current experiment, I used it multiple times to review its own code and while it took time (understandably) to get familiar with the code base. After that initial effort on the evaluation, the suggestions for fixes/improvements were on dot and often even better than a human reviewer (me in this case). Opus 4.6 also can run agentic tasks for longer. Following the release of the model, Anthropic published a paper on using Opus 4.6 to build C Compiler with a team of parallel Claudes. The compiler was built by 16 agents from scratch to get a Rust-based C compiler which was capable of compiling the Linux kernel. This is an interesting paper (shared in resources).

Using Claude Opus 4.6 in Agentic Mode

In less than an hour, I built a document analyzer to analyse the content, extract insights, build knowledge graphs and summarize elements. The code was built using Claude Opus 4.6 alongwith Claude Agents in Visual Studio Code. The initial prompt built the code and in the next hour after a few more interactions - unit tests were added and the UI worked as expected specifically for rendering the graphs. In the second phase, I converted the capabilities into Agents with tools and skills making the codebase Agentic. All this was done in Visual Studio using Github Copilot. Adding the complexity of Agentic execution was staggered across phases but the coding agent may well have built it right in the first instance with detailed specifications and instructions. The Agent could also fix UI requirements and problems in graph rendering from the snapshot shared in the chat window. That along with the logging was sufficient to quickly get to an application which worked as expected. The final graph rendering used mermaid diagrams in javascript while the backend was in python.

Knowledge Graph rendering using mermaid

What are Agents?

Agents perform complete coding tasks end-to-end. They understand your project, make changes across multiple files, run commands, and adapt based on the results. An agent runs in the local, background, cloud, or third-party mode. An agent takes a high-level task and it breaks the task down into steps. It executes those steps with tools and self-corrects on errors. Multiple agent sessions can run in parallel, each focused on a different task. On creating a new agent session, the previous session remains active and can be accessed between tasks via the agent sessions list.

The Chat window in Visual Studio Code allows for changing the model and also the Agent Mode. The Agent mode can be local for Local Agents or run in the background or on Cloud. Additionally, Third Party Agents are also available for coding. In the snapshot below, the Claude Agent (Third Party Agent) is used. In this project Azure GPT 4.1 was used in the code to perform the document analysis but this can be changed to any model of choice. I also used the ‘Ask before edits” mode to track the command runs. Alternatively, the other option was to let the Agent run autonomously.

Visual Studio Code - Models and Agent Mode

The local Agentic mode was also a good option and I used it a few times specifically as it is not constrained by network connectivity. But when the local compute does not suffice, the cloud mode is the next best option. Background agents are CLI-based agents, such as Copilot CLI running in the background on your local machine. They operate autonomously in the editor and Background agents use Git worktrees to work in an isolated environment from your main workspace to prevent conflicts with your active work.

How to get the model?

The model is accessible to GitHub Copilot Pro/Pro+, business, and enterprise users. Opus 4.6 operates more reliably in large codebases, offering improved code review and debugging skills. The Fast mode for Claude Opus 4.6, rolled out in research preview, provides a high-speed option with output token delivery speeds up to 2.5 times faster while maintaining comparable capabilities to Opus 4.6.

Resources

https://www.anthropic.com/news/claude-opus-4-6

https://www.anthropic.com/engineering/building-c-compiler

https://github.blog/changelog/2026-02-05-claude-opus-4-6-is-now-generally-available-for-github-copilot

https://code.visualstudio.com/docs/copilot/agents/overview

Integrate Agents with Skills in Github Copilot

ArunaChakkirala — Wed, 04 Feb 2026 03:36:38 GMT

The past year saw the rise of Agentic workflows. Agents have a task or goal to accomplish and build context, take actions using tools. Tools while affective in surfacing the requisite sources and actions can easily increase in numbers causing context bloat, high token consumption. Agent Skills was proposed in a recent Anthropic paper to address the above challenges.

Agent Skills are now supported in Visual Studio Code (Experimental) and can be used with Github Copilot. It works across Copilot coding agent, Copilot CLI, and agent mode in Visual Studio Code Insiders. Copilot coding agent is available with the GitHub Copilot Pro, GitHub Copilot Pro+, GitHub Copilot Business and GitHub Copilot Enterprise plans. The agent is available in all repositories stored on GitHub, except repositories owned by managed user accounts and where it has been explicitly disabled.

An Agent Skill is created to teach Copilot on performing specialized tasks with detailed instructions while also being repeatable. At its core, Agent Skills are folders which contain instructions, scripts, and resources that the Copilot automatically loads when relevant to the query. On receiving a prompt, Copilot determines if a skill is relevant to your task and it then loads the instructions. The skills instructions are executed along with any resources included in the directory structure relevant to the specific skill. One guideline would be to encapsulate into a skill anything which is being done repeatedly.

In the example below, we have a skill for creating a github issue for a feature request using a specific template (the template will be referenced by the skill based on the type of issue to be created). The SKILL.md file is very detailed in all the instructions required for supporting multiple github issues related actions. The description is key to understanding the Skill and when the Agent requires a specific Skill, the appropriate instructions are loaded. The loaded Skill is then executed in a secure code execution environment. A further option provided by Agent Skills is reusing the generated code by storing it in the filesystem to avoid repeated execution.

In Visual Studio Code, enable the "chat.useAgentSkills" setting to use Agent Skills prior to the run. An Agent can have nested agents which is used to detail sub agents (Nested Agents is also enabled in settings as shown below) and thus decouple functionality. Any prompt in the chat will now have the option to pick from the Agent Skills in addition to the tools available.

We can write our own skills, or use those which are shared by others - anthropics/skills repository or GitHub’s community created github/awesome-copilot collection. While skills are very powerful, using shared skills needs to be done with discretion and from a security perspective only use skills shared by trusted sources.

Resources

https://github.blog/changelog/2025-12-18-github-copilot-now-supports-agent-skills/

https://code.visualstudio.com/docs/copilot/customization/agent-skills

Azure Web App Deployment Failed: 429 Throttling & Policy Errors (Student Subscription)

Max5 — Sat, 17 Jan 2026 08:00:27 GMT

Hello,

I am trying to complete a university lab requiring an Azure Web App (Python 3.9/3.10/3.11 / Linux) running on an App Service Plan to test autoscaling features. I am using an "Azure for Students" subscription. I am unable to deploy the resource regardless of the region I choose.

Here is what I have tried:

Region : France Central I get a Throttling error : "App Service Plan Create operation is throttled for subscription [My-Sub-ID]. Code: 429"

Region : Switzerland North I get a Policy error : "Resource was disallowed by Azure Policy... The objective of this policy is to ensure that your subscription has full access to Azure services with optimal performance."

Region : Canada Central / Switzerland North : I attempted to create a new Resource Group and App Service Plan in these regions, but I am still facing deployment failures or throttling issues.

I simply need to deploy a Web App with a plan that supports Autoscale. Which region is currently open/unthrottled for Student Subscriptions to create an App Service Plan? Is there a specific workaround to bypass this 429 error for a lab environment? Thank you for your help.

Container on App Service keeps getting stopped and terminated

LouisT — Thu, 04 Dec 2025 11:35:32 GMT

I've got a .Net app running in a Docker container that I'm trying to run on a Linux App Service but as per the (sanitised) log output below from the Platform log stream, it's getting terminated only 4 seconds after it started.

Where can I get information on why this is happening?

Starting container: a0e3af0a_myapp-dev-as.
Starting watchers and probes.
Starting metrics collection.
Container is running.
Container start method finished after 1990 ms.
Container is terminating. Grace period: 0 seconds.
Stop and delete container. Retry count = 0

Timestamps removed as the forum doesn't seem to like log output?

How about Websoft9 application hosting Platform

gowingo — Tue, 28 Oct 2025 09:26:29 GMT

Websoft9 is One-click hosting for any website or application with 300+ customizable templates, including popular options like WordPress and Odoo.

Do you have use it on Azure Marketplace?

Metered Billing Accelerator

Alexander72 — Sat, 25 Oct 2025 10:23:32 GMT

Hi!

I want to implement a central instance of the Metered Billing Accelerator (https://github.com/microsoft/metered-billing-accelerator) so my Metered Billing Marketplace Offer apps.

I've reviewed the YouTube videos but they are quite old and certain things changed since the recording in Azure.

Does anyone here know how to install und use it?

Alex

App Not Able to Wheel Scroll in Popup Window

Matt_Fallen — Tue, 07 Oct 2025 19:18:15 GMT

We are working to finish off our transition from Citrix to Azure. We are working through final issues now and are stuck with an issue on wheel scrolling in a popup window.

One of our applications will launch and open a session in the browser. It is only approved for Internet Explorer and will start a session in whichever browser you are using. The original screens users are on when the application opens users have no issues with wheel scrolling. But after they make the selection of the department they need to work in, a window will popup that they would work in for that area of the application. Wheel scrolling will not work in this popup window. Users can still use the side scroll bar. But this is severely affecting users productivity.

Running into a wall at this point. Application vendor is advising this is an adjustment we need to make in our Azure environments, just as they would (and did years ago) for Citrix. Unfortunately our vendor can't speak to Azure at all and nobody can advise on the change to Citrix, so that I can try to mimic in Azure. That is even if it would be similar options to mimic.

We're willing to look into all options at this point.

Unable to send pro-active messages to users on Microsoft Teams

snarayanaswamy — Thu, 25 Sep 2025 11:13:44 GMT

I have built an application to send pro-active messages to users on Microsoft Teams. I am using C# Bot Framework SDK. The application is designed to support users from different tenants [Application Type: multi-tenant] and I have tested the same in the past by installing the app to users belonging to a different tenant than that where the Azure Bot Service is hosted and where the App is registered. Please note that the App doesn't require any API permission but just needs to be installed by the user.

After the recent changes made by Microsoft on July 31, 2025, I am no longer able to create an Azure Bot Service having App Type as multi-tenant. We plan to publish this application to the Microsoft Teams store. I got to know from the GitHub Issue - https://github.com/OfficeDev/Microsoft-Teams-Samples/issues/1747 that once the application is certified by Microsoft it will be multi-tenant. Therefore, I created the Azure Bot Service and App Registration with App Type as single-tenant as multi-tenant option was no longer available.

In the single-tenant configuration, I tested it by installing the application to user belong to the same tenant where the Azure Bot service is hosted and the App is registered. The code started to return an unauthorized exception. Neither I was not able to send out a Welcome Adaptive message card when the Bot application was installed by the user nor I was able to send out a pro-active message to the user.

I had raised a question in the Microsoft Learn Question and Answer Forum and was asked by the Moderator to post it as a thread in the Microsoft Tech Community.

I have mentioned the details in the question along with the attempts that I made to resolve the issue. Kindly go through the details mentioned in the question - Unable to send pro-active messages to users on Microsoft Teams - Microsoft Q&A

I’d really appreciate any help or guidance you can provide on resolving this issue. Thank you in advance for your time and support!

How to use the newly launched MCP Registry

ArunaChakkirala — Wed, 10 Sep 2025 09:00:03 GMT

The newly launched Model Context Protocol (MCP) Registry in preview is as an open catalog for publicly available MCP servers. This is key in providing discoverability of MCP servers and standardization of this process. The Registry serves as a source of truth for MCP Servers and has also published a process for adding MCP servers. The MCP Registry also allows to register public and private sub-registries. This is an interesting addition and bears some semblance to DNS in its design. The public sub-registry can be likened to a MCP marketplace for servers while a private sub-registry would be suitable for enterprises with stricter privacy and security requirements.

MCP Registry tracks MCP Servers

Accessing Data

The Registry data can be accessed through the API provided. No authentication is required for read only access.

The base URL is https://registry.modelcontextprotocol.io

GET /v0/servers - List all servers with pagination
GET /v0/servers/{id} - Get full server details including packages and configuration

For instance, the following curl query can be used to get the list of servers

curl --request GET \ --url https://registry.modelcontextprotocol.io/v0/servers \ --header 'Accept: application/json, application/problem+json'

The details on usage is in the github link here

Publishing Servers

This requires authentication and the client package to be installed

After installing the mcp-publisher client, the server.json file has be populated with the MCP server details to be added. Authentication can be done using github or DNS verification. The last step is to publish the server.

The github link here has the complete set of steps for adding servers.

More details can be found in the link here.

Implementing Zero-Trust Network Security for Azure Web Apps Using Private Endpoints

SaiMinThu — Sun, 07 Sep 2025 08:42:11 GMT

Author: Sai Min Thu
Date: 7.9.2025
Lab Objective: To demonstrate how to completely remove public internet access from an Azure App Service Web App and secure it within a private virtual network using Private Endpoints, adhering to a zero-trust network model.

In today's threat landscape, the principle of "never trust, always verify" is paramount. While Azure Web Apps are publicly accessible by default, many enterprise scenarios require workloads to be isolated from the public internet to meet strict compliance and security requirements.

This guide provides a step-by-step walkthrough of configuring an Azure Web App to be accessible only through a private network connection via an Azure Private Endpoint. We will:

Establish a foundational resource group and virtual network.
Deploy a basic web application.
Implement core security controls by creating a Private Endpoint and integrating with Private DNS.
Enforce network isolation by applying access restrictions.
Validate the security configuration.

Documents Details: Implementing Zero-Trust Network Security for Azure Web Apps Using Private Endpoints

What's the secret sauce for getting Functions API to work with static web site?

fcc_archivist — Tue, 26 Aug 2025 21:18:41 GMT

I'm brand new, got my first Azure static web site up and running so that's good! Now I need to create some images in code and that's fighting me tooth and nail.

The code to generate the image looks like this:

using Microsoft.Azure.Functions.Worker; using Microsoft.Azure.Functions.Worker.Http; using Microsoft.Extensions.Logging; using SkiaSharp; using System.Diagnostics; using System.IO; using System.Net; namespace Api { public class GenerateImage { private readonly ILogger _logger; public GenerateImage(ILoggerFactory loggerFactory) { Debug.WriteLine($"GenerateImage.GenerateImage()"); _logger = loggerFactory.CreateLogger<GenerateImage>(); } // http://localhost:7071/api/image/124 works [Function("GenerateImage")] public HttpResponseData Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "image/{id}")] HttpRequestData req, string id) { int width = 200, height = 100; Debug.WriteLine($"GenerateImage.Run() [id={id}]"); using var bitmap = new SKBitmap(width, height); using var canvas = new SKCanvas(bitmap); canvas.Clear(SKColors.LightBlue); var paint = new SKPaint { Color = SKColors.Black, TextSize = 24, IsAntialias = true }; canvas.DrawText($"ID: {id}", 10, 50, paint); using var ms = new MemoryStream(); bitmap.Encode(ms, SKEncodedImageFormat.Png, 100); ms.Position = 0; var response = req.CreateResponse(HttpStatusCode.OK); response.Headers.Add("Content-Type", "image/png"); response.Headers.Add("Cache-Control", "public, max-age=86400"); // 1 day // response.Body = ms; ms.CopyTo(response.Body); return response; } } }

and if I navigate to http://localhost:7071/api/image/124 (for example) it happily generates an image with the number 124 in it.

But if I add the HTML tag

to one of my other web pages, it says there's no such page. Apparently this is because my web pages are coming from my web site and it's at https://localhost:7154 and it doesn't know how to contact the Functions API.

My staticwebapp.config.json looks like this:

{ "routes": [ { "route": "/api/*", "allowedRoles": [ "anonymous" ] } ], "navigationFallback": { "rewrite": "/index.html", "exclude": [ "/api/*" ] } }

What am I missing?

How do I sign out of my OIDC Entra ID Application?

Timothy — Mon, 21 Jul 2025 13:06:12 GMT

We have an application protected with Entra ID using ODIC. To sign into our application or SPA goes through a series of redirects before getting a JWT and refresh token at the end of the Entra ID OIDC authentication flow. All of that works great.

When a user is done with our application, we want them to be able to sign out of our application. In our mind, that means invalidating the `refresh_token` they received when signing in. We're not seeing an OAuth endpoint to do that. Given the default lifetime for the refresh_token, I'd rather not simply ignore/discard it as it could be used to generate a new JWT (however unlikely).

I am posting this on here after searching the web for several hours. All I am able to find on the web is single sign-out (SLO), which would sign my user out of all of Office 365 when they sign out of our application. That is not what I want.

How do I invalidate the user's `refresh_token`? Is there a "revoke" endpoint in Entra ID? If not, then what other options do we have?

Can't access http context user claims in Azure Function

Joe Botelho — Tue, 17 Jun 2025 13:23:48 GMT

Background:

Create an Azure Function (.NET Core & C#) that will be consumed in a SPO App.

We created an Entra App Registration for the Azure Function and added App Roles for this App Registration where the App Role is using “Users/Group”, but not “Application”.

Issue:

In the SPO App (deployed in SPO Page), we can see the user claim and App Registration’s - App Role in the context of the user that’s hitting the SPO Page (thru Authorization header), however, in the Azure Function code the req.HttpContext.User.Claims object is empty.

So what is required or missing from a configuration perspective either in the Azure Function or App Registration to make this work?

LogicApps for AZURE VM with SharePoint farm

Mikel2024 — Tue, 27 May 2025 07:31:07 GMT

Hello

I was wondering if it is possible to access with LogicApps a SharePoint farm in a AZURE VM.

I am a developer and like to use my MSDN Subscription to access Logic Apps for using SharePoint test environment on a VM in AZURE.

If it is possible, how I can do that, what are the steps, like:

(1) App Registration

(2) Configure an endpoint to VM and SharePoint

(3) etc...

Thanks in advance for any suggestion or help.

Kind regards

Michael

Container App - Dapr - Service Bus

jhb — Thu, 15 May 2025 09:58:53 GMT

Our app is running as Dapr enabled Container App in an Container Apps Environment using Dapr pubsub component for Service Bus messages. Our Service Bus is on the Standard plan without VNET integration.
The built in Service Bus Firewall does not support ipv6 it just support ipv4, but the daprd sidecar try to access it over ipv6 and get "connection denied".
I have tried to set DAPR_DISABLE_IPV6=true and DAPR_INET=4 environment variables in my container because Windsurf suggested it, but it does not help.

Is there a way to force ipv4 for Dapr in Container Apps Environment? Or any other solution for our problem? Without setting "allow all networks" or changing to Premium tier for the Service Bus.

Unable to trigger function app while using managed identity for the storage account connection

lizyjeywin — Tue, 06 May 2025 02:36:07 GMT

I am trying to create an Azure Function of BlobTrigger type, which needs to be triggered on dropping files in the storage account say filessa. Due to policy restriction the storage account cannot use shared access key.
I am unable to trigger the function app dropping a file into a container. I see intermittently an error in the function app logs No valid combination of account information found.

assembly : Azure.Storage.Blobs, Version=12.23.0.0, Culture=neutral, PublicKeyToken=9279e12e44c8

method : Azure.Storage.StorageConnectionString+<>c.<Parse>b__67_0

outerType : Microsoft.Azure.WebJobs.Host.Indexers.FunctionIndexingException

outerMessage: Error indexing method 'Functions.SPAREventGridBlobTrigger'

innermostMessage: No valid combination of account information found.

I am referring to Configuring Azure Blob Trigger Identity Based Connection and have created the environment settings and assigned required roles to storage accounts (function App's storage account, say fnsa and the storage account which is used to upload the file to trigger the function app, filessa) as mentioned in this article.

This is my simple code

[Function(nameof(SPAREventGridBlobTrigger))]
public async Task Run([BlobTrigger("samples-workitems/{name}", Source = BlobTriggerSource.EventGrid, Connection = "filessa_STORAGE")] Stream stream, string name)
{
using var blobStreamReader = new StreamReader(stream);
var content = await blobStreamReader.ReadToEndAsync();
Console.WriteLine("Hello from Jey Jey Jey");
_logger.LogInformation($"C# Blob Trigger (using Event Grid) processed blob\n Name: {name} \n Data: {content}");
}

I have assigned roles to the storage account filessa Storage Blob Data Owner and Storage Queue Data Contributor for the Azure Function identity.

and assigned roles to the storage account fnsa Storage Blob Data Contributor for the Azure Function identity.

(Actually I ended up adding many other roles like Storage Account Contributor, Storage Blob Data Reader and similar too to both storage accounts)
Please advice me to on the items to be added in the environment settings.

1. the name and value of the connection of the storage account, filessa
2. the name and value of the connection of the storage account, fnsa
3. other items that needs to be mandatorily added to make it work

I have tried added items like

AzureWebJobsStorage, AzureWebJobsStorage__accountName, AzureWebJobsStorage__blobServiceUri, ...,

AzureWebJobsfilessa_STORAGE, filessa_STORAGE.

I have also referred to this microsoft documentation Tutorial: Trigger Azure Functions on blob containers using an event subscription ; tried adding the EventSubscription in the storage account filessa.
The webhook https://FA-SPAREG-FA.azurewebsites.net/runtime/webhooks/blobs?functionName=Host.Functions.SPAREventGridBlobTrigger&code=_MPRFuo9sdEg== in Postman with POST returned back error

Please help me with all the required environment settings to be added in the function app in Azure
and any other suggestion or steps I have missed here to make this work.

Printing from RDP session not working on macOS Sequoia 15.4

nina2025 — Thu, 10 Apr 2025 20:44:54 GMT

Hi,

I just wanted to let you know that printing from a Microsoft Remote Desktop Beta session using a redirected printer does not appear to work on macOS Sequoia. The issue has been present since version 15.1.1 and continues in the latest 15.4 update.

I’ve tested several versions of Microsoft Remote Desktop Beta, including 10.9.3, 10.7.5, 10.6.8, and others. In all of them, the printer appears inside the RDP session, and the print job briefly enters the queue before disappearing without printing.

Additionally, in the new Windows App, as well as in Microsoft Remote Desktop Beta starting with version 10.9.4 (2160), no printers appear at all inside the RDP session — printer redirection seems to be completely absent.

For comparison, on a MacBook Pro 13" (2017) running macOS Ventura 13.7.2 with Microsoft Remote Desktop 10.9.10 (2327), everything works as expected.

Please let me know if this is a known issue or if a workaround is available.

Issue with Mounting Persistent Volume in MongoDB Container on Azure Container Apps

alexander_chekushev — Thu, 03 Apr 2025 07:09:51 GMT

Hi,

I'm running a MongoDB container (mongo:latest) on Azure Container Apps, but I'm facing an issue when mounting a persistent volume for MongoDB data. The container works fine before mounting the volume, but fails to start once the volume is mounted.

Here is the summary of the issues found in the container logs:

File Exists Errors: The error message __posix_open_file:924:/data/db/WiredTiger.wt: handle-open: open, along with the error code 17 (File exists), suggests that MongoDB is unable to open the WiredTiger.wt file because it already exists.
Operation Not Permitted: The error __posix_open_file:924:/data/db/WiredTiger.wt: handle-open: open, along with the error code 1 (Operation not permitted), indicates that MongoDB does not have permission to open the WiredTiger.wt file.
Renaming of Unexpected Files: The logs show that MongoDB is attempting to rename unexpected files (WiredTiger.wt to WiredTiger.wt.56, WiredTiger.wt.57, etc.) when it encounters issues.
WiredTiger Startup Failure: The message Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade. indicates that MongoDB is unable to start the WiredTiger storage engine.
Fatal Assertion: The error Fatal assertion followed by the message Terminating. Reason: 1: Operation not permitted means that MongoDB has encountered a critical error and is terminating.

Steps Taken to Mount the Volume:

Created a Storage Account and added a file share (Access tier: Transaction optimized).
In the Container Apps Environment, added Azure File (SMB) and specified:
1. Storage Account Name
2. Storage Account Key
3. File Share Name
4. Access Mode: Read/Write
In MongoDB Container App, added a volume with:
1. Volume type: Azure File Volume
2. File Share Name: Chosen from step 2
In MongoDB Container App, under the Containers section, added a volume mount:
1. Volume Name: Specified volume from step 3
2. Mount Path: /data/db

What I Have Tried:

In my MongoDB Container App, under the Containers section, on the Properties tab, fields Command override and Arguments override I tried to change permissions as following

Command override = /bin/bash
Arguments override = chown -R 999:999 /data/db && chmod -R 777 /data/db && exec /usr/bin/mongod
I also tried
Arguments override = -c "chown -R 999:999 /data/db && chmod -R 777 /data/db && exec /usr/bin/mongod"
and
Command override = /bin/bash -c "chown -R 999:999 /data/db && chmod -R 777 /data/db && exec /usr/bin/mongod"
Mounting volume to another directory /data/mongodb, then changing permissions for that directory and making this directory as working folder for MongoDB.

az containerapp update \ --name mongodb-container-app \ --resource-group rg-container-apps-4890 \ --command "/bin/bash -c 'mkdir -p /data/mongodb && chown -R mongodb:mongodb /data/mongodb && /usr/bin/mongod --bind_ip_all --dbpath /data/mongodb'"

Despite these efforts, I still encounter the same errors. Could anyone suggest what might be wrong with my setup or provide any guidance on resolving this issue?

Entra External Identities - Sign In with LinkedIn using OpenID Connect error

BerndV91 — Fri, 28 Mar 2025 12:13:24 GMT

Hi there,

I would like to add LinkedIn as an identity provider in my Entra External Identities tenant.

We have proceeded according to the following instructions (Sign In with LinkedIn using OpenID Connect - LinkedIn | Microsoft Learn) and used the LinkedIn Well-Known Config Endpoint (https://www.linkedin.com/oauth/.well-known/openid-configuration).

When saving the configuration I get the following error message in the EntraId portal:

Custom OIDC well-known endpoint validation error: Error when deserializing response Required property 'token_endpoint_auth_methods_supported' not found in JSON. Path '', line 12, position 1.

In the JSON provided by the LinkedIn Well-Known Config Endpoint the field 'token_endpoint_auth_methods_supported' is missing. However, according to the OpenId Connect specification, the field is optional.

Currently I cannot add LinkedIn as an identity provider via OIDC in EntraID.
Has anyone here already solved a similar problem?

Thanks!