Recent Discussions
Error: AADSTS54005: OAuth2 Authorization code was already redeemed
Hello, I tested Azure Virtual Desktop Quickstart, all days long. When I want so login with Windows App oder Remote Desktop to the VM, I get always the same error: CAA20003 AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. What's going wrong? Thank you! GeraldoW
SQL Server services set to Delayed Start - Why?
Reference:SQL Server services are set to Automatic (Delayed Start) start mode In SQL Server 2022 (16.x), setting theStart Modefor a SQL Server service toAutomaticin Configuration Manager, will configure that service to start inAutomatic (Delayed Start)mode instead, even though theStart Modeshows asAutomatic. Why did Microsoft make this default standard starting SQL Server 2022? What are the pros of doing this? Should we manually set to Delayed Start in lower versions of SQL Servers that are set to automatic start mode?
Azure Virtual Desktop
Hi There Hope you are doing great! I am new to Azure and Virtual Desktop and require some help to set it up correctly. I have created and setup the Virtual Desktop but looking for an option to automatically shut it down and deallocate, there is only 1 machine running and usually 1 user connects to it. if that user is not accessing the machine it needs to be deallocated after 30 or 15 min. Is it something anyone can help? Many ThanksAzure Monitor and Grafana
Hi All, Has anyone been able to setup Azure Monitor in Grafana to pull and display metric data? I have no issue connecting and finding log data (resources), but I cannot get any metric data to be discovered by the Grafana plugin. I can see and use the metric data in Azure, but not in Grafana. The account configured has read over the resources and will display log data fine. Any help and suggestions would be appreciated. Thanks.
Azure Maps does not zoom out completely
I'm working on a WordPress plugin and I needed to migrate from Bing Maps API to Azure Maps. I noticed that it is not possible to zoom out to the maximum on a map created with the Azure maps API when it is restricted to a smaller portion of a screen. The more noticeable it is, the smaller the map gets. Example: Comparion with the Bing Maps similar size: Of course, I tested this with minZoom options like: map = new atlas.Map( "new_map", { center: [0, 0], maxZoom: 24, minZoom: 1 // with 0 map disappears }); As you can see the maximum zoom out is drastically reduced. This WordPress plugin allows you to show albums with photos from all over the world and smaller maps may not show all of them. Internet search showed me only one other post about this issue https://community.fabric.microsoft.com/t5/Issues/Azure-Maps-will-not-completely-zoom-out/idi-p/3446379#feedback-success and similar but probably not correctly described in here: The new Azure Maps seems to zoom in too far - Microsoft Q&A Is there a solution to this problem or I missed something?
azure file share resource group name is in lowercase instead of uppercase prefix 'mc'
I have several AKS clusters in Azure. When create the clusters with Terraform, I see a default resource group created in the format 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>'. My setup is like this: created AKS cluster I have some Azure file shares which are loaded as PV in kubernetes I want to backup those file shares via Azure Recovery Service vault's backup policy and backup 'file share' item. I also created a Azure Recovery Services vault. While working with protected items (file shares) in vault where I try to backup file shares, I see that the source file shares' resource group is prefixed with lowercase 'mc_' instead of uppercase as stated in first line. This means: Instead of 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>', it's shown as 'mc_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>' for the file shares. Can you tell us why is this? The problem I am having is that, if I have some azure file shares as vault protected items and I try to import those resources in terraform state file, I get an error where terraform wants to re-create the backup items in vault as the resource group name does not match (due to 'mc' letter case). Azure appears to consider this parameter as case-sensitive during API calls (our suspicion), that's why even though the resource group is prefixed with "MC_" (uppercase) everywhere else (other Azure UIs and my terraform import's resource ID stated it in uppercase 'MC_' prefix, resource group UI and even Azure docs), but vault backup item for file share shows it prefixed with '"mc_" (lowercase) in the UI. Can you please explain why is this? Here's an example where I am trying to import Azure's data into terraform state file, but this should not cause any replacement. Please note down the 'source_storage_account_id' entry where it says is causing replacement, due to case issue. Case issues occur here ([a] 'mc' & 'MC'; [b]) 'Microsoft.Storage' & 'Microsoft.storage'): [a] .../resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/... --> /resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/... [b] ...providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME --> providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME From terraform plan: # module.main.azurerm_backup_protected_file_share.my_fileshares["STORAGE_ACCOUNT_NAME_pvc-<FILE_SHARE_ID>"] must be replaced # (imported from "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME") # Warning: this will destroy the imported resource -/+ resource "azurerm_backup_protected_file_share" "my_fileshares" { backup_policy_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupPolicies/CLUSTER_NAME-daily-backup" ~ id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME" -> (known after apply) recovery_vault_name = "CLUSTER_NAME-vault" resource_group_name = "CLUSTER_NAME-projectX" source_file_share_name = "pvc-<FILE_SHARE_ID>" ~ source_storage_account_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME" -> "/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME" # forces replacement } You can verify this case issue from here: any resource group named in this format: 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>'. Check resources under it, some of them have it in lowercase 'mc_' prefix, some have uppercase 'MC_' prefix. Why is this? For example: lowercase 'mc_' prefix for resource group: aks-agentpool nsg (Network security group), aks-agentpool routetable (Route table), kubernetes Load balancer, pvc- prefixed Disks. uppercase 'MC_' prefix for resource group: aks-defaultpool (Virtual machine scale set), random ID'd storate account (e.g. STORAGE_ACCOUNT_NAME), Managed Identity 3. Check file share backup item in a recovery services vault. The share is shown in lowercase 'mc_' prefix. Can you tell us why is this case shown differently? And are api calls for resource IDs case-sensitive?
Health state unavailable DomainTrustCheck failed
H, we are building an AVD environment (not for the first time) and sporadically VM's will show Health state in Host pool as unavailable, iv you click on the effected VM it will say DomainTruestCheck failed however if you log on the VM (via RDP as MTSC wont connect to it when in this state) and run domain join checks they all come back as no issue. If you shut the vm down to deallocated and turn on sometimes the same VM will come back as green available but then if you restart it, it will come back as unavailable for domain checks. We have built 4 different host pools using the store win11 multi session 23h2 some using "create Session Host Configuration" enabled (Preview) some disabled as the norm, they all do the same, we have tried removing from CA policies and sanity check on domain controller its the credentials work however if we look in sign in checks on Entra it says its failing Windows Sign in incorrect credentials, but the same credentials are being used to sign into azure sign into the VM sign into Domain controller and it never fails to log in at that point, also if the credentials were wrong surely it would fail health check every time not some of the time. Anyone any ideas, logged with Microsoft but they are on holiday for Christmas periodAnnouncing the winners of the December 2024 Innovation Challenge
The Innovation Challenge hackathon brings together developers from groups who are underrepresented in technology to solve for AI use cases from Azure customers. We’re proud to be supporting these organizations who helped to prepare the participants of our most recent hackathon: BITE-CON, Código Facilito, DIO, GenSpark, Microsoft Software and Systems Academy (MSSA), TechBridge, and Women in Cloud. In order to qualify for the hackathon, participants had to earn a Microsoft Applied Skills credential or one of these Azure certifications: Azure AI Engineer Associate,Azure Developer Associate,Azure Data Science Associate. Our goal for everyone who participates is to help them open up doors to new career opportunities by demonstrating highly in demand skills and the ability to work with a team to deliver a working proof of concept under a deadline. The winning projects worked to solve for a range of real world AI challenges. Observability for AI systems: ensure that systems operate effectively, ethically, and reliably by identifying issues like model drift, bias, performance degradation, and data quality problems. VoiceRAG: how do you implement retrieval-augmented generation (RAG), the prevailing pattern for combining language models with your own data, in a system that uses audio for input and output? Accessibility for state and local government websites: How can AI be used to ensure that both web content and documents that can be downloaded meet the Web Content Accessibility Guidelines (WCAG) international standard? Hallucination detection and context validation: How could output automatically cross-reference with a reliable knowledge base or API? How do you provide confidence scores and explanations for detected hallucinations? Role-Based content filtering for AI outputs: create an AI output moderation system that filters or adjusts generated content based on user roles and access levels to prevent misuse or exposure of restricted data. AI search innovation: our industry has only just begun to get started combining AI search with RAG. What can you build that demonstrates the possibilities for improving the ways we interact with information online? There were many very strong projects and the judges had to make some hard decisions. We’re sure that every team that submitted a project will be doing epic stuff in the near future! Here are the projects awarded by the judges First place $10,000 Azure Insight Lens: Model Monitoring and Observability a comprehensive AI model monitoring and observability solution, designed to enhance model performance and optimize efficiency Second $5,000 Edu Echo a voice-first education platform designed to help 4th, 5th, and 6th grade students excel in math and language arts AbleSphere an AI-powered educational support application that empowers students with disabilities by providing real-time, personalized assistance Third $2,500 FAITH : Framework for AI Integrity and Testing Hallucinations an Azure AI based web application used to find hallucinations and ensure integrity among various AI models and LLMs along with confidence scores, complete reasoning, detailed analytics and visualizations by comparing with external knowledge sources Content-o enables organizations, whether in the financial, health, or service sectors, to offer their employees, associates, and third parties a point of access to receive information aligned and adjusted to their roles AI Search for Agricultural Planning and Control an AI-powered assistant tailored to the Brazilian agricultural sector, adhering to local legislation We’ll have our next hackathon in March 2025! Looking forward to getting inspired by what this community can do!How to connect ADF to AWS RDS
We are trying to connect an AZURE Data factory (ADF) to an AWS RDS (Relational Database Service)instance that does not have public access. We have a working VPN up and running however, we cannot connect over the private network to the AWS IP address/RDS server name. Looking online there is not a good way to do this without creating an additional NAT instance VM. Is there a way to do this with a cloud based ADF? Or does it make more sense to just create a self hosted ADF service either in AWS or in Azure to move the data into our data warehouse? Is it possible that fabric would have a solution for this problem?
Custom permission to enable diagnostic setting in Entra ID
Custom permissions doesnt works when tried to enable diagnostic settings, in Microsoft Entra ID portal. Error: "does not have authorisation to perform action 'microsoft.aadiam/diagnosticSettings/write' over scope '/providers/microsoft.aadiam/diagnostic Settings/resourcename" Selective permissions that I applied to user account. My approach is to use custom role specific permissions. Appreciate your help to knows the right permission required. Regards, Rajkumar
Getting error message "Invoking Azure function failed with HttpStatusCode - Unauthorized"
I have a synapse pipeline which contains a single component, an azure function activity component. The objective is to send a test JSON payload to a private endpoint using POST call. The azure function activity is configured to use the POST method and an azure function linked service has also been specified in the activity. We have a function app in premium plan, the linked service is pointing to the function app. Inside the function app, we have function which contains the main python code that makes the request. Function app stack is python and the function created inside is an HTTP trigger using V2 programming model and the authorization level selected is Function. When I debug the pipeline I am getting the error messageInvoking Azure function failed with HttpStatusCode - Unauthorized. Please support in resolving this. Thanks
Understanding Data Ingestion for Log Analytics and Sentinel Workspace
I'm trying to understand how data ingestion works for both Log Analytics and Microsoft Sentinel. Every time we notice a spike in data ingestion costs for Log Analytics, we see a similar increase in Sentinel costs as well. It seems like data is being ingested into both workspaces, potentially doubling the ingestion and driving up our costs. Can someone explain if this is expected behavior, or if there's a way to optimize and avoid duplicate data ingestion between Log Analytics and Sentinel?Android RD Client Mouse Middle Click Problems
I can use the RD Client application on my Android tablet. I can connect without any problems. I can also use it with a mouse and keyboard that I connect to my tablet via Bluetooth without any problems, but while all the buttons on the mouse work, only the middle button click works like the left mouse button instead of performing itsownfunction.Migrating Windows Server from 'Hybrid Azure AD Join' to 'Entra ID Join (Cloud-Only)'
Hi everyone, I need help with a scenario where I’m looking to move a server ( non DC ) from Microsoft Entra Hybrid Joined to cloud only (Entra ID) Joined only. The goal is to stop relying on the on-premises AD domain and make the server authenticate only through cloud-based accounts (Azure AD accounts). I’d appreciate any guidance, documentation or best practices on how to properly handle this migration while ensuring minimal disruption. Has anyone done this transition before? What steps and considerations should I be aware of in terms of network configuration, Cost.... etc? Thanks in advance for your help!Azure Course Blueprints
Overview The Course Blueprint is a comprehensive visual guide to the Azure ecosystem, integrating all the resources, tools, structures, and connections covered in the course into one inclusive diagram. It enables students to map out and understand the elements they've studied, providing a clear picture of their place within the larger Azure ecosystem. It serves as a 1:1 representation of all the topics officially covered in the instructor-led training. Links: Each icon in the blueprint has a hyperlink to the pertinent document in the learning path on Learn. Layers: You have the capability to filter layers to concentrate on segments of the course by modules. I.E.: Just day 1 of AZ-104, using filters in Visio and selecting modules 1-3 Enhanced Integration: The Visio Template+ for expert courses such as SC-100 and AZ-305 now features an additional layer that allows you to compare SC-100, AZ-500, and SC-300 within the same diagram. Similarly, you can compare any combination of AZ-305, AZ-204, AZ-700, and AZ-104 to identify differences and study gaps. Since SC-300 and AZ-500 are potential prerequisites for SC-100, and AZ-204 or AZ-104 for AZ-305, this comparison is particularly useful for understanding the extra knowledge or skills required to advance to the next level. Advantages for Students Defined Goals: The blueprint presents learners with a clear vision of what they are expected to master and achieve by the course’s end. Focused Learning: By spotlighting the course content and learning targets, it steers learners’ efforts towards essential areas, leading to more productive learning. Progress Tracking: The blueprint allows learners to track their advancement and assess their command of the course material. New Feature:A comprehensive list of topics for each slide deck is now available in a downloadable .xlsx file. Each entry includes a link to Learn and its dependencies. Download links Associate Level PDF Visio Released Updated Contents! AZ-104 Azure Administrator Associate Blueprint [PDF] Template 12/14/2023 10/28/2024 Contents AZ-204 Azure Developer Associate Blueprint [PDF] Template 11/05/2024 11/11/2024 Contents AZ-500 Azure Security Engineer Associate Blueprint [PDF] Template+ 01/09/2024 10/10/2024 Contents AZ-700 Azure Network Engineer Associate Blueprint [PDF] Template 01/25/2024 11/04/2024 Contents SC-300 Identity and Access Administrator Associate Blueprint [PDF] Template 10/10/2024 Contents Specialty PDF Visio Released Updated AZ-140 Azure Virtual Desktop Specialty Blueprint [PDF] Template 01/03/2024 02/05/2024 Expert level PDF Visio Released Updated AZ-305 Designing Microsoft Azure Infrastructure Solutions Blueprint [PDF] Template+ AZ-104 AZ-204 AZ-700 05/07/2024 12/09/2024 Contents SC-100 Microsoft Cybersecurity Architect Blueprint [PDF] Template+ AZ-500 SC-300 10/10/2024 Contents Skill based Credentialing PDF Visio Released Updated AZ-1002 Configure secure access to your workloads using Azure virtual networking Blueprint [PDF] Template 05/27/2024 Contents AZ-1003 Secure storage for Azure Files and Azure Blob Storage Blueprint [PDF] Template 02/07/2024 02/05/2024 Contents Benefits for Trainers: Trainers can follow this plan to design a tailored diagram for their course, filled with notes. They can construct this comprehensive diagram during class on a whiteboard and continuously add to it in each session. This evolving visual aid can be shared with students to enhance their grasp of the subject matter. Introduction to Course Blueprint for Trainers [10 minutes + comments] Real life demo AZ-104 Advanced Networking section [3 minutes] Visio stencilsAzure icons - Azure Architecture Center | Microsoft Learn Subscribe if you want to get notified of any update like new releases or updates. My emaililan.nyska@microsoft.com LinkedInhttps://www.linkedin.com/in/ilan-nyska/ Celebrating 30,000 Downloads! Please consider sharing your anonymous feedback <-- [~ 40 seconds to complete]
Application Gateway WAFv2 Custom Rules disappeared.
Hello All, We have a AGW with WAFv2 running. A while back we were working on adding new custom rules, but after saving the new rule, all of our existing WAF custom rules were deleted. Checking with Azure support, we came to know that the delete operation also works as a PUT operation for updating and/or deleting details. But we couldn't get a clear picture on what caused our rules to be deleted instead of adding the new rule. We are still in the process of exploring options to understand what could have caused this anomaly. Have any of you faced any such scenario(s)? Any insights or suggestions are welcome and much appreciated.How we can create SessionHost in Azure Virtual Desktop using Azure Powershell?
Hi I am having one requirement where I need to create SessionHost VMs using Command Line , I followed references on Az.DesktopVirtualization Module where we have Cmdlet like New-AzWVDHostPool. Do we have similar cmdlet to create SessionHost as well? Kindly helpHow to Sync Area and Iteration Paths Between Jira and Azure DevOps
Azure DevOps area and iteration paths do not have a direct replica on the Jira side. So to sync information between both systems, the area and iteration path data has to be mapped to a custom field in the Jira issue. For this to work, you need a customizableAI-powered integrationsolution likeExalate. This solution will help you generate the script for mapping paths and maintaining the relationships between the work item and the issue. What is an Area Path? An area path establishes a hierarchy for work items related to a specific project. It helps you group work items based on team, product, or feature. Organizations working on a product or feature can use area paths to establish a hierarchy between teams at every level of involvement. You can assign the same area path to multiple teams. What is an Iteration Path? An iteration path assigns work items at the project level based on time-related intervals. Teams can share them to keep track of ongoing projects, specifically for sprints, releases, and subreleases. When new work items are added to the Sprint backlog, they become accessible via the existing iteration path. You can add up to 300 iteration paths per team. Sync Area and Iteration Paths: Jira to Azure DevOps Use Case You can create a custom field in your Jira instance to reflect the data from the iteration and area paths. How does this help your organization? Syncing this data gives more context about the teams involved on the Azure DevOps side. It provides context about the timelines and stages of progress for the mapped projects and entities. Primary Requirements Obtaining the right information from the API on both sides. Writing or generating the correctsync rulesfor both the incoming and outgoing data. Creatingtriggersto update the custom fields on Jira automatically. Fetching the right string from the area or iteration path. How Exalate Handles Jira to Azure DevOps Syncs Exalate supports one-way andtwo-way integrationbetween Jira and Azure DevOps as well as with Zendesk, ServiceNow, Salesforce, GitHub, etc. Exalate also supports AI-poweredGroovy scriptingwith the help of a chatbot. Users can also create trigger-based integrations for real-time syncs and bulk operations. To use Exalate, first install it on both Jira and Azure DevOps. Since this use case requires scripting, you need to set up a connection in the Script Mode. To configure the sync, open Exalate in your Azure DevOps dashboard, go to the connection you want to edit and click on the “Edit connection” icon. You have two options: Outgoing sync (on the Azure DevOps side) refers to the data being sent over to Jira. Incoming sync (on the Jira side) refers to the data to be received from the work item on Azure DevOps. Outgoing Sync (Azure DevOps): Send Area and Iteration Path Details from Azure DevOps to Jira To send out the area and iteration paths from the Azure DevOps work item, use the code below: replica.areaPath = workItem.areaPath replica.iterationPath = workItem.iterationPath Thereplicaretrieves the values of the area and iteration paths from the work item and saves them as a string. On the remote side, you can store the area/iteration path in a custom field using a type string or select list. Incoming Sync (Jira): Set Area Path from Azure DevOps as a Custom Field in Jira Let’s start with the area path. The area path starts with the name of the project. For example, an Azure DevOps project called AzureProject handled by Exalate’s dev team could have an area path:AzureProject\\ExalateDev. To set the area path based on the value received from the remote side text field, use the code below: issue.customFields."Area Path".value = replica.areaPath The issue.customFields."area-path".value retrieves data from the work item and stores it in the designated custom field on Jira. Incoming Sync (Jira) Set Iteration Path from Azure DevOps as a Custom Field in Jira The iteration path shows the name of the project as well as the specific sprint. For example, an Azure DevOps project called AzureProject in the first sprint could have an area path:AzureProject//Sprint1 If you don’t set the value for the Area field in the Sync Rules, Exalate uses the default area that has the same name as the project. To set the iteration path based on the value received from the remote side text field, use the code below: issue.customFields."iPath".value = replica.iterationPath Theissue.customFields."iPath".valueretrieves data from the work item and stores it in the designated custom field on Jira. Congratulations! You have successfully mapped the area and iteration path to a Jira custom field. If you still have questions or want to see how Exalate is tailored to your specific use case, drop a comment below or reach out to our engineers.
Recent Blogs
- 5 MIN READCross-Tenant Secure Integration of Azure Resources Based on Logic App Standard and Virtual WAN In today's interconnected world, enterprise-level systems often need to integrate resources across dif...Dec 30, 2024
- We are announcing the public preview of confidential temp disk encryption for confidential VMs. Until recently, confidential encryption has only been available for OS disks. It binds the disk ...Dec 29, 2024
