Azure topics

Deep Dive: Implementing Retrieval-Augmented Generation (RAG) with Azure AI Search

JohnNaguib — Sat, 20 Jun 2026 05:36:19 GMT

Artificial Intelligence has changed the way businesses handle information, automate tasks, and interact with users. Large Language Models (LLMs) such as GPT-based systems can generate impressive responses, but they have one major limitation: they do not automatically know your private business data, internal documents, or the latest information.

https://dellenny.com/deep-dive-implementing-retrieval-augmented-generation-rag-with-azure-ai-search/

OneLake in Azure: The Data Lakehouse Revolution Changing the Future of Enterprise Data

JohnNaguib — Sat, 20 Jun 2026 05:34:00 GMT

Data has become the core asset of every modern organization. Companies today generate massive amounts of information from applications, customer interactions, IoT devices, business systems, and operational platforms. But the real challenge is no longer collecting data — it is organizing, managing, securing, and turning that data into meaningful business value.

https://dellenny.com/onelake-in-azure-the-data-lakehouse-revolution-changing-the-future-of-enterprise-data/

Azure Quantum orchestrated by enterprise apps via jBPM

C-NLTX — Tue, 16 Jun 2026 13:05:06 GMT

Hi Community! Sharing this quantum enterprise computing example:

https://www.linkedin.com/pulse/jbpm-quantum-orchestration-platform-sergey-lukyanchikov-ocvce

plus its GitHub repo:

https://github.com/C-NLTX/Open-Source

- enjoy!

Integrating Tableau to a Azure Internal Database

sharmerika — Mon, 08 Jun 2026 04:57:55 GMT

Hi everyone, I wanted to ask if it's possible if I can connect Tableau to an internal database that I'm planning to build. Not just Tableau but Monday.com too. And yeah, I know I need to build the database first, and sort everything out first, but it's for my presentation. I would really be grateful if someone can answer this and show me a bit of how I can do that. Do I need some token from tableau or something?

Restoring a user to Azure API Management instance who had registered using Azure B2C

curious7 — Tue, 02 Jun 2026 13:02:31 GMT

I am trying to restore a Azure API Management user account that I had backed up and has identity.provider and intentity.id backed up. When I restore this user using the ARM endpoint using URI similar to one below, the user gets restored but has both "AadB2c" and "Basic" as the auth type:-

"https://management.azure.com/subscriptions/${subscriptionId}/resourceGroups/${resourceGroup}/providers/Microsoft.ApiManagement/service/${apimName}/users/${userId}?api-version=2024-05-01"

Why is Basic being added as the value because the backup had "AadB2c" as the Auth Type?

And is there a way to avoid that and only have "AadB2C" as the Auth type.

Which Azure certification are you currently preparing for, or planning to take next?

Dravidan — Tue, 26 May 2026 18:25:37 GMT

I recently started exploring Microsoft Azure training and certifications, and I can clearly see how valuable they are for building cloud skills and growing a career in technology.

Azure certifications help professionals learn real-world cloud concepts, improve technical knowledge, and stay updated with technologies like AI, Security, DevOps, and Data Engineering.

Some of the most popular certifications are:

AZ-900 – Azure Fundamentals

AZ-104 – Azure Administrator

AZ-204 – Azure Developer

AZ-500 – Azure Security Engineer

Microsoft Learn also provides free learning paths and hands-on content, which makes it easier for beginners and experienced professionals to learn at their own pace.

Azure Managed Identity randomly returns 403 and then self-recovers

Dravidan — Sat, 23 May 2026 18:22:58 GMT

Our production apps intermittently lose Key Vault access via Managed Identity for a few minutes, then recover automatically without any config, RBAC, or deployment changes.

Everything appears healthy from Azure’s side, which makes root cause analysis extremely difficult. Has anyone else seen this behavior?

Is there no way to get better support for Azure - esp for SEV A tickets

ImranRana — Fri, 22 May 2026 07:36:03 GMT

We have had a sev A ticket open for over 5 days, and are incurring thousands in losses every day, and despite assurances from the Azure Support that it is being solved in hours and then having confirmations that it is solved, the issue is still not solved. I have asked numerous times to get our teams in touch with actual microsoft employees, not front end contractors, who is more like level 1 support, and just running messages between customer and back end team, and really are powerless to handle any suport issues themselves, and they are on complete mercy of "other teams" yet as a customer, apparantly we cant even get on a call with these other teams, and the poor front end contractors are getting the brunt of our pain. Absolutely are in the dark, as to what is actually happening in the back end, other than "trust me bro" we are working on it. No eta, no explanation.. hard to fathom how this can go on like this

Unable to backup APIM instance to storage account

curious7 — Thu, 14 May 2026 15:11:43 GMT

I have a Standard V2 APIM instance and a storage account that has public access disabled but allows traffic from the Integration subnet of the APIM and the "Microsoft.ApiManagement/Service" resource type and the specific instance of APIM allowed access. It also has the "Allow trusted MIcrosoft Services to access this resource" selected.

Integration subnet of APIM has the "Microsoft.Storage" service connection configured.

I am following this MS KB to setup the backup:-

https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-disaster-recovery-backup-restore?tabs=powershell#back-up-an-api-management-service

And using the "Access using managed identity" method. The Service principal that I am using in Powershell & Managed Identity of APIM has been given the "Storage Blob Data Contributor" role on the storage account.

When I run the following 2 commands from a VM in the same VNET as the APIM Instance I get error: "Backup-AzApiManagement : Long running operation failed with status 'BadRequest'."

$storageContext = New-AzStorageContext -StorageAccountName $storageAccountName
Backup-AzApiManagement -ResourceGroupName $apiManagementResourceGroup -Name $apiManagementName -StorageContext $storageContext -TargetContainerName $containerName -TargetBlobName $blobName -AccessType "SystemAssignedManagedIdentity"

Storage logs seems to indicate that it successfully does the "putblob" operation and within few milliseconds does the "DeleteBlob" operation.

APIM activity logs have the following error for "Backup API Management Service":-

"message": "Unable to backup API service at this time. Please, retry the operation.If the issue persists, please contact support providing correlation ID

How can I troubleshoot this further or what needs to change in my setup to allow the backup?

Remote debug options for Linux container on App Services

LouisT — Thu, 14 May 2026 13:59:09 GMT

We run .Net hosted on Linux Docker containers running in App Service. This makes debugging very difficult as while there is an option for remote debugging, this is only for Windows containers.

https://learn.microsoft.com/en-us/visualstudio/debugger/remote-debugging-azure-app-service?view=visualstudio

The only option I can find for Linux is the one detailed in the link below from 2018 which involves running an SSH server in the Docker container and using an extension which doesn't seem to have a stable version.

az extension add --name webapp

az : WARNING: No stable version of 'webapp' to install. Preview versions allowed.

https://azure.github.io/AppService/2018/05/07/New-SSH-Experience-and-Remote-Debugging-for-Linux-Web-Apps.html

Are there any currently supported options for remote debugging in Linux containers? Are there any plans to introduce the remote debug feature for Linux App Services?

Ingesting Logs through Azure Private Link

NotMarcus77 — Wed, 13 May 2026 21:19:20 GMT

Hi,

We are currently using Azure Private Link within our environment and we are attempting to ingest logs into Log Analytics. When I reached out to Microsoft Support, it appears that the CCF connectors will not work using Private Link and the Azure Functions connectors are becoming depricated.

Has anyone else run into this issue and what is the solution for getting logs into Sentinel through the Private Link, specifically API log sources? Did this require a custom app for each of these log sources or some sort of custom script that lives on an AMA host within the Private Link to ingest the logs?

Any advice here would be greatly appeciated.

Thank you,

Can you backup API Management Instance without including the product subscription keys

curious7 — Tue, 12 May 2026 23:35:42 GMT

I am following this KB to backup and restore APIM instance:-
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-disaster-recovery-backup-restore?tabs=powershell

But it includes the product subscription keys which can be a security concern.

Can you backup API Management Instance without including the product subscription keys?

Cloud-Native vs. Hybrid for the 2026 Workplace

Gaaleh-Mem — Fri, 01 May 2026 14:54:03 GMT

When to choose Cloud-Native vs. Hybrid for the 2026 Workplace?

Hi everyone,

I am starting a discussion on the foundational phase of one project. As a Computer Engineer, I believe the most critical decision we face in 2026 is determining exactly when to step to a Full Cloud model versus maintaining a Hybrid Infrastructure.

In my view, the decision is not about cost, it is about resiliency, high availability and more avalability. I would like to exchange views with other engineers on these area: latency, edge requirements, integration and aglility.

In your experience, what are the Tipps that makes you choose one over the other for a 2026 environment?

I'm looking for technical architectural insights, not sales approaches.

Azure Automation Hybrid Runbook Worker Supported OS

PhilippZiemke — Thu, 30 Apr 2026 08:51:30 GMT

Hi everyone,

we are currently in the process of updating or environment to Server 2025. Since the mainstream support of Server 2022 ends October this year, we would also like to update our on-premise Azure Automation Hybrid Runbook Worker from 2022 to 2025.

As far as I can see from the documentation, OS is only supported up to Server 2022, but not Server 2025. Since the mainstream support end is closing in, is there any information on official support for Server 2025 for Azure Automation HRWs? Do you already have one successfully running with Server 2025?

Thanks!

Patterns for low-code Azure config state snapshot + recovery solution for resource groups

nicksal — Thu, 30 Apr 2026 02:08:17 GMT

I’m looking for patterns that capture resource configuration changes over time and support best-effort recovery (redeployment) of resource config state.

I understand that authoritative IaC (Bicep) would be the most mature option, however, I am wondering if anyone has ever implemented a solution similar to what I have described above.

Ideally this would be a low-code, Azure native solution.

Using Github Copilot from Azure Subscription

MSOPS1 — Wed, 29 Apr 2026 10:28:33 GMT

Hello,
I have a question on how GitHub Copilot can be accessed and managed through an Azure subscription. If I am getting a Github Copilot license, how is my azure subscription getting linked to the billing and licensing?
Specifically, I would like clarification on how the Azure subscription is linked to GitHub Copilot billing and licensing.

MFA required for Global Admin without Conditional Access or PIM enforcement

schiachris — Tue, 28 Apr 2026 15:06:56 GMT

Hi,

I'm analyzing a break-glass account scenario in Microsoft Entra ID and would like to validate a behavior I'm observing.

The account:

Has Global Administrator role (permanent assignment)
Is excluded from all Conditional Access policies (fully validated)
Is excluded from Authentication Methods policies and MFA Registration Campaign (fully validated)
Has no per-user MFA enabled (disabled)
PIM is not enforcing MFA (role is permanently active, no activation required)
Security Defaults are disabled
SSPR is not enforcing MFA

All configurable sources that could require MFA have been reviewed and fully ruled out.

However, when signing into Microsoft Admin Portals (Entra/Azure), MFA is still required and cannot be skipped.

In Sign-in logs:

Conditional Access → Not Applied
Authentication Details show:
"MFA required in Azure AD"
"App requires multifactor authentication"

Additionally, there is a Microsoft-managed policy:
"Multifactor authentication for admins accessing Microsoft Admin Portals"
but it is in Report-only mode.

Question:
Is Microsoft Entra ID enforcing MFA automatically for privileged roles (like Global Administrator) in admin portals, even when no Conditional Access or PIM policy requires it?

And if so, is there any supported way to fully exclude a break-glass account from this behavior?

Thanks in advance.

Azure Artifact Signing: SignTool "Access is denied" with active Public Trust profile

samuelRiosLazo — Sat, 25 Apr 2026 23:21:29 GMT

I’m blocked on Azure Artifact Signing for Windows EXE signing.

What is already confirmed:

- Account endpoint: https://wus2.codesigning.azure.net/

- Code signing account: notarios

- Certificate profile: notarios-public-trust (Public Trust, Active)

- Identity validation: Completed

- User object id: 9aa27294-c04d-4aab-a7b2-3a8b10be96f9

- RBAC includes:

- Artifact Signing Identity Verifier

- Artifact Signing Certificate Profile Signer

(also assigned at certificate profile scope)

Signing command (signtool 10.0.26100.0 x64 + dlib):

... sign /v /debug /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 /dlib "<...>\\Azure.CodeSigning.Dlib.dll" /dmdf "C:\temp\metadata-corr.json" "C:\temp\notarial-app-test.exe"

Error every time:

- SignTool Error: Access is denied.

- Number of files successfully Signed: 0

I also tested Azure CLI auth and explicit AccessToken in metadata; same result.

CorrelationId for troubleshooting:

- notarios-20260425-1859

If anyone from Microsoft can check backend logs for that CorrelationId, I’d appreciate the exact reason and remediation.

Azure RBAC Custom Role Best Practices or Common Build Patterns

nicksal — Mon, 20 Apr 2026 18:40:54 GMT

As a platform admin, I want to grant application admins Contributor access while removing their ability to write or delete most Microsoft.Network resource types, with a few exceptions such as Private Endpoints, Network Interfaces, and Application Gateways.

Based on the effective control plane permissions logic, we designed two custom roles. The first role is a duplicate of the Contributor role, but with Microsoft.Network//Write and Microsoft.Network//Delete added to notActions. The second role adds back specific Microsoft.Network operations using wildcarded resource types, such as Microsoft.Network/networkInterfaces/*.

Application Admin Effective Permissions = Role 1 (Contributor - Microsoft.Network) + Role 2 (for example, Microsoft.Network/networkInterfaces/, Microsoft.Network/networkSecurityGroups/, Microsoft.Network/applicationGateways/write, etc.)

I understand that Microsoft RBAC best practices recommend avoiding wildcard (*) operations. However, my team has found that building roles with individual operations is extremely tedious and time-consuming, especially when trying to understand the impact of each operation.

Does anyone have suggestions for a simpler or more maintainable pattern for implementing this type of custom RBAC design?

Legacy SSRS reports after upgrading Azure DevOps Server 2020 to 2022 or 25H2

fujiwaraH2O — Sat, 18 Apr 2026 04:24:17 GMT

We are currently planning an upgrade from Azure DevOps Server 2020 to Azure DevOps Server 2022 or 25H2, and one of our biggest concerns is reporting.

We understand that Microsoft’s recommended direction is to move to Power BI based on Analytics / OData. However, for on-prem environments with a large number of existing SSRS reports, rebuilding everything from scratch would require significant time and effort.

Since Warehouse and Analysis Services are no longer available in newer versions, we would like to understand how other on-prem teams are handling legacy SSRS reporting during and after the upgrade.

Have you rebuilt your reports in Power BI, moved to another reporting approach, or found a practical way to keep existing SSRS reports available during the transition?

Any real-world experience, lessons learned, or recommended approaches would be greatly appreciated.