Currently working on deploying P2S VPN. I’ve followed Microsoft’s new recommended method from here and everything is working as expected but I don’t see any way to limit access to a specific set of users. Does anyone have any suggestion?

https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-gateway

What tools are recommended to obtain detailed information about the current state of an environment (Azure, Intune, and Microsoft 365) I am looking for security and costs related.

Currently using Azqr.

I've switched to using custom policies instead of user flows to have more control of the UI design for login/sign up/edit profile pages.

I'm really having trouble understanding how to pass claims back. User flows was a piece of cake I just had to check a box. Can anyone tell me really simply how to pass the email back in the token after sign-in in the LocalAccount demo on github: https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack

The starter pack by default passes the email as a claim after the sign UP process, but not after the sign IN. Even better would be newUser passed back as well as those are the only things I need to work with at the moment in my Web app.

Thank you

Hi,

I will install new Entra AD Connect 2.4.27.0 on Windows Server 2022 Server.

1 - Are there any known problems with version 2.4.27.0?

2 - I am planning to install PTA on additional machines. AFAIK , its required 3 PTA agents for HA. already installed with Entra AD connect.

My question is : Is it enough that the server with the pta agent installed only has access to the internet? Also, are there any ports that need to be opened between ADConnect and Domain Controller?

This was my second attempt the test was hard . I had been studying almost 4 hours a day for the past 3 weeks.

Hey all,

I'm trialing and exploring AVD in my test tenant and I find it rather neat so far. That said, I have a question about the new Session Host Configuration feature: Why can't it be used with Entra ID join on host pools? Seems it requires Active Directory join, which I don't have (or intend to have) on my test tenant. Not sure if it works with Entra DS either. What's the deal with that? I can't find any clear answers on Microsoft Learn nor Google.

Hey all,

We have a customer using sage and we are moving them to avd and I am getting conflicting info. Mind you, this is not my technical strong suite. Does sage require a domain controller in a hybrid environment to use in avd?

Hello everyone,

I’d like to ask for your input on what you think would be the best architecture for 15 users connected from different parts of the world (USA, Vietnam, South America). Currently, I have two Standard E4as_v4 VMs, a load balancer with an IP address, and a domain controller. Everything is hosted in West US 2. The users mainly work with web-based apps through Chrome.

How would you start refining this architecture?

I'm trying to create a deployment pipeline from BitBucket to Azure. Following the learn.microsoft.com documentation, there should be a 'Manage deployment token' button on the overview page of my static web app but I don't have that button and can't find any deployment token anywhere. Is there a simple way to get it?

According to the MS directions

What I see

UPDATE: Apparently I chose 'Web App' rather than 'Static Web App'

Idk if I am doing something wrong. But I cant see any ways to restore those snapshot files inside NFS fshare. Backup is not configured from the vault policy. I see its manual.

https://preview.redd.it/7vb0971cyz7e1.png?width=1666&format=png&auto=webp&s=de80080731c0f72be5df62d3c48f0647ae95300d

I think this is not supported. But we unable to restore following this :

https://learn.microsoft.com/en-us/azure/storage/files/storage-snapshots-files?tabs=portal#nfs-snapshot-limitations

I have an Azure Open AI instance deployed to Sweden with global standard deployment. If this service becomes unresponsive or unhealthy, is traffic automatically routed to another region?

I am trying to build a system that's highly available. My other thought was to have two instances in separate regions, and stick Azure API management gateway in front to manage traffic.

From Azure "Global deployments are available in the same Azure OpenAI resources as non-global deployment types but allow you to leverage Azure's global infrastructure to dynamically route traffic to the data center with best availability for each request. Global standard provides the highest default quota and eliminates the need to load balance across multiple resources."

This week's Azure Update is up with an extra holiday "treat" 🎄🎤

Happy Holidays!

https://youtu.be/ojqscsgfOMs

00:00 - Introduction

00:34 - #Redacted#

02:20 - New videos

02:43 - MySQL bindings for Azure Functions

02:59 - Free GitHub Copilot for VS Code

03:36 - AI Foundry risk and safety evals

04:19 - Close

I need some help. I've been wracking mine and my colleagues brains for a week or two on this..

We use AVD and by extension FSLogix in Azure File Share. Everything is in UK West

We had an issue a few weeks ago where we didn't get an alert for the profile storage being full because the last engineer to increase the space, didn't change the alert.

The alert is a static number I'm unable to setup a Dynamic alert .. If storage has X number GB free then alert me.

I've looked into chucking the diagnostic logs into Azure Monitor/Log Analytics but I can only get Transactional logs not any kind of metrics.

Can anyone help me monitor for X GB free on this Azure Premium File Share?

Hi,

Was wondering if anyone has had this issue: We converted some users from on premise synced to cloud only using the recycle bin method. we've set the immunable ID to $null using msGraph. This works for the most part, but users are unable to update their own passwords. this results in an unexpected error. Resetting it from Entra ID admin portal also results in an unexpected error.

Only way to reset the password is using the admin.microsoft.com portal, but we would like to allow users to update their own passwords.

Disabling the sync all together is sadly not possible for our envirioment at this time, still some on premise resources that are needed, we would like to make the users that don't need to access these resources cloud only.

Microsoft support has been unhelpful till now.

I'm looking for some ways to save money on Azure hosting for VMs. There is a hybrid benefit for VMs where you can bring your own Windows license to save money. I noticed they have sealed OEM licenses for sale on eBay. Microsoft says that your license needs to have either Software Assurance or a subscription for the hybrid benefits to to work.

Assuming I setup a VM using an OEM license for the hybrid benefit and the license is valid, what would happen if MS did an audit and the license was not in SA or a subscription? Would I owe money, get fined, etc? Would they shut the server down or tell me to shut it down?

Alternatively, if I have an OEM license is it possible to get SA or subscription for that license? I'm assuming that would save some money.

Hi, We are looking into using Azure Form Recognizer to perform OCR on our documents and Images. Can anyone help me/ guide me on how to use the read type alone in python?

I have my AZ-104 renewal coming up in Feb next year. I have never appeared for any azure certification renewal exam. Please share your experience on the mode of exam, pattern and do’s/dont’s.

Is it worth renewing your certification every year?

Hi,

Struggling to copy CSV & Xlsx files from zip file . I did -Pipeline level parameter which I assigned to Source while card file name as ["*.CSV","*xlsx"] -used copy activity -source data set as zip file. & Compression to zip deflate

• Both source and destination are in binary format in dataset

I have deployed a container to ACA with 5 inbound ports: 2 from external network and 3 from internal.

One of the internal ports is for the admin interface, and I would like to make it available for some external IPs.

What would be the simplest and most cost efficient way to expose that singular port? NGS, App Gateway, nginx reverse proxy container, something else?

We are a small startup. No one has Azure experience. But we need to setup a k8s cluster and do some small things. We already have AWS and GCP. We use google workspace for authentication on any app we can.

So... I need to figure out how I will give our developers, infra team, gitlab runner doing terraform and such access to azure. It seems like users in AZ are tenant level. So SSO seems more or less baked in as we only plan to have one tenant for the foreseeable future. But can we hook it up so users are using google to login as that user? And if so... should we?

I plan to use terraform to manage the users and their permissions if that makes any difference. I of course will have to setup the terraform access manually. But after that I hope I can make all the managed groups, subscriptions, and use setup with terraform if I can.

So I'm trying to configure a SMB share that I can access over the VPN, however while I'm on the VPN, the dns only resolves to the public IP address for the storage account of a 57.x.x.x, but obviously I'm trying to get it to resolve the private endpoint. I created the endpoint and the private dns zone in my resource group with the DNS record, and I added it as a route in my VPN configuration, however it still only sees the public IP address. Can someone help me?

Hi everyone,

I’m building a tool called Cloud Impact that helps businesses track and reduce their cloud carbon footprint while meeting ESG (Environmental, Social, and Governance) compliance requirements.

The idea is to provide: • Cloud Usage Insights: See the carbon emissions from your AWS, GCP, and Azure workloads.

•	Optimization Recommendations: Automate workload placement to regions powered by renewable energy.

•	Compliance Reporting: Generate reports aligned with frameworks like GHG Protocol.

I’d love to hear your feedback: • Do you currently track your cloud carbon footprint? If so, how?

•	What challenges do you face with cloud sustainability or ESG compliance?

•	Would you find a tool like this valuable?

Your input would mean a lot as I shape this idea. Thanks in advance!

I inherited a bunch of services behind Edgio CDNs (formerly Verizon?) and we went from having a year to move off to like 2 months. We have 40 customers that we need to move over to front door or something else and front door doesn't have the features we need. Anyone else in hell at the moment?

Hi,

I'm looking for more info on RDS licensing for Azure Virtual Desktop using Windows Server as the OS, specifically the "RDS User Subscription Licenses" bullet point found here: https://learn.microsoft.com/en-us/azure/virtual-desktop/licensing#eligible-licenses-to-use-azure-virtual-desktop (deploying for internal purposes only). I can't seem to find any info on this method anywhere.

I understand the RDS CAL w/ software assurance method and what's involved (unless there's an alternative to deploying the RDS license server role), but my hope in using AVD would be that there is also some kind of a PAYG model for per-user/per-device RDS licensing through Azure? This would be ideal for us.

Thanks,

I decided to create a Cost Anomaly alert, but I didn't want to tie it to a user account whose permission or existence may be transitory.

So I followed the documentation here: https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/analyze-unexpected-charges#create-an-anomaly-alert

Created a service principal, gave it Global Reader and Microsoft.CostManagement/scheduledActions/write, and then used the Azure CLI to log in as the service principal and used az rest to create the alert.

Not something I've ever really done before but it was fun.

However, I'm a little concerned because the rationale behind this is that since we've used a SP with a static existence that the alert rule will have a static set of permission to review and send alerts.

But after I created the rule I ran a GET to review it in the CLI and it shows the createdBy as a null value.

I know that rules created through the GUI will have that field filled by the user account.

So I'm worried that the rule may be non-functional since it doesn't seem to recognize that it has a creator whose permissions it would use to run the alerts.

Anyone else ever done this and confirmed that it works even without a createdBy value?

1. Under no circumstances does this mean you can post hateful, harmful, or distasteful content - most of us are still at work, let's keep it safe enough so none of us get fired.
2. Do not post exam dumps, ads, or paid services.
3. All "free posts" must have some sort of relationship to Azure. Relationship to Azure can be loose; however, it must be clear.
4. It is okay to be meta with the posts and memes are allowed. If you make a meme with a Good Guy Greg hat on it, that's totally fine.
5. This will not be allowed any other day of the week.

I'm exploring Azure OpenAI and noticed some interesting reasoning capabilities mentioned in the documentation. I wanted to know if the o1 GPT model support image analysis similar to GPT Vision.

For example, could I use something like this to analyze an image?

from openai import OpenAI
client = OpenAI()

response = client.chat.completions.create(
    model="gpt-4o-mini",
    messages=[
        {
            "role": "user",
            "content": [
                {"type": "text", "text": "What's in this image?"},
                {
                    "type": "image_url",
                    "image_url": {
                        "url": "https://upload.wikimedia.org/wikipedia/commons/thumb/d/dd/Gfp-wisconsin-madison-the-nature-boardwalk.jpg/2560px-Gfp-wisconsin-madison-the-nature-boardwalk.jpg",
                    },
                },
            ],
        }
    ],
    max_tokens=300,
)

print(response.choices[0])

Does Azure OpenAI o1 model currently have this capability?

I am a .NET software engineer with almost 2 years of experience. The job is for entry level (or higher), but having hand-on experience with Azure is a big plus. I REALLY want this job, but have no experience with Azure. So the question is:

How do I the quickest way possible gain enough hands-on experience with Azure Services to write it on my CV for this ENTRY level job?

I have two azure web apps, both in different regions. I want to make one app accessible only from another webapp webpage.

Example. I have a homepage created in one webapp on dot net. And i want to access another webapp created with python to able to access from the dot net webapp home page (webpage).

So technically dot net webapp should be publicly accessible and python app should be only accessible from dot net webapp and not accessible using its own domain name.