User Profile
MathieuVandenHautte
Iron Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Deleting an Immutable, vault-locking enabled Recovery Services Vault in Azure
Hey everyone, just wanted to share something I confirmed with Microsoft Support - could be useful if you're managing Recovery Services vaults with immutability and vault-locking enabled. Once immutability and vault-lock are in place, the vault can't normally be deleted until all backup data has passed its retention period. It's meant to protect data and enforce policies. However, if you have a special case where you really need to delete the vault early, you can submit a request through Microsoft Support. You’ll need to open a support case. Clearly explain the situation and why early deletion is needed (include vault details, customer consent, or strong justification). Microsoft reviews these requests individually — it’s not guaranteed, but it's possible. Also important: costs keep adding up as long as the vault exists. So if you think you might need help, reach out to Support early to avoid unexpected billing. Hope this helps someone!Re: Network Design Ideas for VMs in Azure
Hi Galaxy876 For a small business scenario, simplicity is key - keep it straightforward and efficient. I’d recommend opting for a single virtual network with all VMs in one subnet. You can use an NSG on the subnet to segment the VMs as needed.169Views2likes0CommentsRe: Best Practices for Designing a Hub-and-Spoke Architecture in Azure
Hi MercedesCustodio24 All the VNet prefixes in my hub-and-spoke architectures are derived from a single prefix: Hub and spoke = /16. This /16 is then divided into multiple virtual networks. For the hub, I typically create a /20 VNet with /24 subnets. I avoid making my hub too small, as rebuilding it would be a nightmare.571Views0likes0CommentsRe: RDS on prem future
Hi MorganL2275 In case of legacy applications, moving on-premises workloads to Azure Virtual Desktop is a good option. New applications should be designed cloud-native (serverless) because they offer better scalability (instancing), security, uptime, and a lower soft cost.299Views0likes0CommentsRe: DNS configuration in Azure With an Azure DC VM
Hi simondury In most cases, you don't need Intune and classic GPO's will still do the trick. Regarding shared data, most of the time I use Azure files using AD DS and sometimes even a classic fileserver (Azure VM). If you go the classic fileserver road, you might also want to manage your users profile containers (FSlogix) there.646Views0likes0CommentsRe: DNS configuration in Azure With an Azure DC VM
Hi Sim I recommend using in Azure: - One (or two) domain controllers (with the DNS server role) - Multiple Azure Virtual Desktop session hosts, joined to the ADDS domain - Azure Files - A Network Virtual Appliance, acting as a VPN server (IPsec) and firewall On premises, I recommend using a security appliance, acting as a: - VPN server (IPsec) - DNS server (resolver and forwarder) - DHCP server660Views0likes2CommentsRe: UrlsAccessibleCheck for most of our AVD HealthCheckFailed
Hi amolpawar87 Please try this action plan on one or more AVD session hosts: 1. Uninstall all agent, boot loader, and stack components 2. Remove the session host from the host pool 3. Generate a new registration key for the VM 4. Reinstall the Azure Virtual Desktop Agent and boot loader https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-agent#step-1-uninstall-all-agent-boot-loader-and-stack-component-programs2KViews0likes0CommentsRe: AVD Outlook error
Hi timekiller44 What version of FSlogix are you using? I still keep all of my customer's Azure Virtual Desktop session hosts on FSLogix 2201 hotfix 2 (2.9.8228.50276). Please also check my post: https://techcommunity.microsoft.com/t5/fslogix/fslogix-2210-2-9-8361-52326-bugs-black-screen-and-log-off-issues/m-p/37072552.2KViews0likes0CommentsAuthenticated SMTP (587/TCP)
Hi all, For those who are struggling with setting up Authenticated SMTP (SMTP AUTH over 587/TCP) on multifunctionals or webforms (that don't support modern authentication/OAuth) since the deprecation of the legacy authentication protocols this year. Here are the prerequisites: A user with a mailbox (At least a Exchange Online P1 license) SMTP AUTH has to be enabled at the user- or tenantlevel Security defaults has to be turned off MFA has to be disabled in the per-user MFA portal The user has to be excluded from the conditional access policy that enforces MFA Please note that App Passwords are history since the deprecation of the legacy authentication protocols. Update 04/15/2024. Please note that Microsoft will remove support for SMTP AUTH in September 2025. The route forward is for developers to replace basic authentication with OAuth. https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/41147505.5KViews1like4CommentsRe: Issue - DNS_PROBE_FINISHED_NXDOMAIN
Microsoft recommends performing the following temporary workaround on a per-user level: 1 - From the Windows Start menu, proceed to "View network connections." 2 - Identify the network connection you're using, right click and select "Properties." 3 - Uncheck Internet Protocol Version 6 (TCP/IPv6). 4 - Highlight Internet Protocol Version 4 and select "Properties". 5 - Select "Use the following DNS server addresses". 6 - Under "Preferred DNS server" input "8.8.8.8". 7 - Press the "OK" button.2.4KViews0likes1CommentRe: Issue - DNS_PROBE_FINISHED_NXDOMAIN
Dmytro_Prylutskyi OD730433: OneDrive for Business Service Health Advisory User impact: Users may be unable to access the OneDrive for Business. More info: Users may be able to set their DNS server configuration settings to 8.8.8.8 to access OneDrive for Business. Current status: Our investigation has determined that the third-party ISP isn't related to the root cause of impact and we've updated the Title, User impact, and Scope of impact to match this new understanding. We're working with affected users to gather DNS configuration settings and network trace logs to help us better understand the cause of impact, allow us to resolve the issue. Scope of impact: Users attempting to access OneDrive for Business may be impacted. Start time: Thursday, March 7, 2024, at 4:00 PM UTC Next update by: Tuesday, March 12, 2024, at 11:00 AM UTC2.2KViews0likes2CommentsRe: Restore AD 2016 Backup after damage of DC
Hi RMAZOUZI, The preferred method is not to use backups to restore AD unless none of your DCs are functional. Add a new DC to your domain, add roles, seize the FSMO roles and do a cleanup. Restoring a domain controller from backup should only be a last resort.316Views0likes0CommentsRe: Azure Virtual Desktop - Restricting Access based on the Remote Desktop Client App Version
Hi Redsman13, This is not possible. Conditional access policies can only target these Azure Virtual Desktop resources: Azure Virtual Desktop with app ID "9cdead84-a844-4324-93f2-b2e6bb768d07" Microsoft Remote Desktop with app ID "a4a365df-50f1-4397-bc59-1a1564b8bb9c" Windows Cloud Login with app ID "270efc09-cd0d-444b-a71f-39af4910ec45"1.9KViews0likes1Comment
Recent Blog Articles
No content to show