Hello everyone,

In my company, we use an always on VPN profile with the IKEv2 protocol. The profile is implemented into all devices by using a powershell script. We have implemented this VPN profile to our UK, South Africa, and Jordan office employees but only Jordan office employees are facing issues.

They keep facing disconnections when in meetings or when devices are locked or even random disconnections at some times. To regain connectivity, they have to either disable WiFi and re-enable it again or even restart the devices.

After troubleshooting, I found that this might be related to the power plans so I disabled automatic turn off for the WiFi cards when device is not used and the “System unattended sleep timeout” this helped a lot to reduce the number of disconnections when devices are locked, but during usage or when in meetings the users still face disconnections. So I did further troubleshooting and discovered that Jordan ISPs block VPN traffic and I called each and every ISP in Jordan and asked them to whitelist our VPN IP Address which also helped a lot but still the users are facing disconnection issues. I really have tried everything but it does not seem to have fixed the issue.

I understand it might be the network setup of our users at their homes but they even face the issue in the office and it is not affecting everyone. I myself located in Jordan but don’t have any issue and other users as well do not have issues but there are users who are plagued with these issues.

Any assistance and advice will be very much appreciated.

https://preview.redd.it/vzvrivnuclyd1.png?width=158&format=png&auto=webp&s=baf39e732c311f75568994a047ac87269bb70edc

I had a guest account in the tenant of my former employers org, and have locked out as per their offboarding procedure. Now the problem is that I cannot leave the org now. It prompts me to log in which I can't because I am locked out of it.

Is there really no way to leave the organisation from my Microsoft account now that the account no longer exists?

I'm new to Microsoft Azure and have been exploring its services, particularly those offered in the free tier. I've also looked into dedicated GPU rental services like Vast.ai, Runpod, etc. I'm considering an arbitrage strategy: renting a GPU instance from Azure or another major cloud provider and then listing it on these marketplaces for profit. Azure's initial $200 free credits could help kickstart this venture.

Here are my main questions:

1. Is this allowed under Azure's Terms & Conditions?
2. How practical and profitable is this approach?
3. How can I minimize costs while the instance is not actively rented? I want to avoid wasting money on an idle instance.

I'd appreciate any insights, tips, or experiences you can share. Understanding the feasibility of this idea and any potential pitfalls will be incredibly helpful. Thank you!

P.S. If there's a more suitable subreddit for this question, please point me in the right direction.

I am doing my Azure path and just thought it would be great to join an Azure discord server.

Are there any?

Hello IT people. I have a question for you. Is there a. way to het free credits for azure ? I need for a learning purposes. Yes i can and i know that if i create a account i will get free 200 credits . but i dont want to give them my personal information.

Please i need this because i need to know azure for a job and i want to study azure but it s not enough just to watch courses....

Thank you :) Wish you all the best

Is anyone going to ignite?

Any one open to a reddit meetup at ignite?

Currently I'm looking to encrypt my VM's OS Disk and Data disk.

VM has windows OS (Client version) 

I'm using cloud shell commands to encrypt with ADE: Azure Disk Encryption scenarios on Windows VMs - Azure Virtual Machines | Microsoft Learn

VM is domain joined and has some group policies applied on it.

I have made sure that the listed GPOs are enabled as per the article and pre-reqs. 

Group Policy requirements

BitLocker group policy settings

But it keeps on failing with the same error.

How should I identify which GPO is restricting the encryption?

Also I could see this error while decrypting (To re-encrypt)

https://preview.redd.it/p9ppbjqo8iyd1.png?width=544&format=png&auto=webp&s=078a2ed653ba41c4d8785c65839c21eb8db807d4

 Your feedback would be helpful, Thanks!

HI

I have my Debian VM in azure, I seen that I can reserve, so I did for 3 years. Same spec.

How do I allocate, that this VM gets moved under that reservation umbrella? Or is this automatic?

Thanks

£110 / 3 yrs is not a bad price to host my website and my own VPN. Pretty happy with this.

We have several pools of AVD VMs created with Azure Marketplace image of Windows 11 23H2.

Need to upgrade the VMs to 24H2 as a test to see if some black screen issues we've been having are made any better with upgrade.

I downloaded the 24H2 ISO and kicked it off, but its saying the VM isn't compatible with Windows 11 due to needing TPM 2.0 Compatibility. The image was created on Windows 11 23H2 with Standard security and we had no issues building it. I know there are settings in VM creation that allow you to change security type and add Trusted Launch, but we didn't use it on the original 23H2 build and I'm just trying to upgrade it now to 24H2.

Anything I can do to get around it without having to turn Trusted Launch on?

Could I turn on Trusted Launch on the image VM, upgrade it to 24H2 then set it back to standard?

to deploy in which it has some serverless functionality like view counter is anybody of you can recommend me some tutorial or blogpost to create I youtube there are very old tutorial in which they are using unsupported versions it would be a great help if u all can recommend me some good tutorials

My company is growing and we are weighing options when it comes to a data warehouse or lake house. We currently use Synapse pipelines for most of our data ingestion and some transformation. We use a combination of copy activities and PySpark notebooks and store data in an ADLS account.

We then, however, copy our ingested data over to on-prem sql servers and our final layer of aggregation and transformation is done mostly via SQL stored procedures.

What do other Azure customers do for their Data platform solutions?

Are dedicated SQL pools something we should look into? Is Fabric the way to go? Or maybe even Azure VMs?

It also looks like some companies prefer third party data services like snowflake or Databricks to provide this. Are those truly preferable to what Azure already offers?

Any advice is appreciated!

Hi,

Looking for feedback from people who have recently attempted az-500 exam, specially did they see any lab/stimulation to complete ,cheers, tnx

I'm looking to provision an SQL database using services like DigitalOcean, Linode, Vultr, or AZURE, but there’s a good chance that I might host my Node.js API on Vercel, where I have experience deploying to it.

For security reasons, I want to set up this API to interact with the database, as my application is a small WPF desktop app that will be used by no more than three users from their personal computers.

I have experience creating a Node.js API without any security features, primarily for testing. However, I now need to secure both the API and the database.

I realize that security can be a vast and complex subject, but I'm looking for some baseline practices that will allow me to achieve a reasonable level of security without diving into overwhelming details.

What are some practical steps or recommendations you would suggest for securing the API and the database in this scenario? Thank you!

Hi everyone,

Microsoft is adding support for exporting infrastructure templates to various IaC formats in the Azure Portal, but Pulumi isn't currently on their roadmap. Having the ability to export existing resources to Pulumi code (TypeScript, Python, Go, C#, Java) would be immensely valuable for teams using programming languages for their infrastructure.

If you believe in having more IaC options in Azure, please consider upvoting this feature request from u/Tech_Watching: https://feedback.azure.com/d365community/idea/6bde2424-a498-ef11-95f6-000d3a01397d

This would benefit not just Pulumi users, but the broader Azure community by making infrastructure code more accessible to developers who prefer working with familiar programming languages.

Thanks for your support!

We're currently running Azure (Entra) AD Sync successfully and added the additional (routable) "Alternative UPN Suffix" to our AD Domains and Trusts and have selected this for each of our users' "login name" in ADUC. We rolled out PTA with several agents and has been working fine and dandy for years.

Later on we enabled PHS when it became available in the AD Sync Wizard, and I noticed it didn't appear to be using it (Sign-in logs still show PTA being used, and Event Viewer logs still show "Azure AD Authentication Agent session" events), however other "priorities" have always prevented me from looping back to figure out why.

So now we're looking to disable AD Sync and from my understanding if we have PHS enabled, users won't be required to change their passwords, which would be ideal.
I started finally digging into this and am now wondering if the reason that PHS isn't working is because the "Directory Partition" is an internal (non-routable) domain??

Edit: If I follow this PHS troubleshooting doc it does say "Make sure that the domain attributes (domainFQDN and domainNetBios) have the expected values". What is expected? I assume routable domain name? The domainFQDN is of course my internal AD non-routable domain. Beyond that everything else it mentions checks out.

Basically the title. I need to connect 2 vm environments, one hosted on AWS and one new one on Azure. I followed all the steps to get the site-to-site vpn connection up to connect the two networks and everything is showing connected and I am seeing traffic coming in and going out of Azure. When I ping from the AWS server to the Azure server, the ping comes back fine. When I ping from the Azure server back to the AWS server, it times out.
Traceroute doesn't pull back anything, and I confirmed that the Local network group has the correct address group from aws (pretty large subnet mask because it is only needed temporarily). AWS also has the Azure subnet in its routing tables.

Anyone have any ideas of something simple I might be missing? My end goal is to get these networks connected so I can stand up a new domain controller on Azure and have it replicate for a lift and shift.

We are running Entra connect 2.3.6 and would like to upgrade (in-place upgrade) to the latest version. According to the upgrade documentation, any customization to the default sync rules needs to be fixed first since they will be overwritten after the upgrade. I inherited this Connect server and I can't say for sure if there is any customization. Any quick way to check. I believed the previous upgrade was done using the swing method. The upgrade was successful without any change after. Does't that mean there was no change to the default sync fule? Thanks

Let's say I have three microservices all served as their own container application. If I want a custom domain name (say "domain.com") and SSL certificate then do I need three domain names and SSL certificates or could I use one domain name and one SSL certificate for all three?

Thanks in advance!

I'm fairly fresh in Azure (my company is slowly moving items to it) and just need to setup daily email alerts for backups. In Veeam, this is as simple as going to the setting in the job and adding an e-mail address. I've been trying to accomplish this for the majority of the day and my head is spinning at the number of things that need to be setup and linked together in order to get a simple e-mail alert for backup status, not to mention the fact that, from what i'm understanding there's cost associated with this due to the requirement of a logic app.

Am i just over complicating this or is it really this ridiculous to setup? I don't understand how something as simple as an e-mail alert which is basic in every other system i've worked with could possibly be so convoluted.

I turned on Application Gateway Access Log on our Application Gateway for 4 hours, sending it to Log Analytics. It stored over 8000GB of data.

I need a better way to track all the traffic going trough this that has reasonable costs and storage.

I was theorizing I could export it to a storage account instead of LogAnalytics, then use for example fluentd to read the storage account and send all the logs to OTEL where we have a pretty solid and cheap logging system.

Anyone have any good ideas/experience how to maintain Application Gateway Access Logs?

I have been trying for 2 days to publish my c# dotnet 8.0 isolated function app to flex-consumption. Keep in mind i have no trouble publishing to the old consumption func apps.

Why is that ?? I have tried doing

1. Directly from visual studio - FAILED
2. Publish to localfolder and then via CLI - FAILED
3. VS code made standard project - FAILED

If anyone has already or knows how to, I'd really appreciate some help. Im trynna get some more ram baby :)

Hi, I'm quite new to azure and wanted to deploy this skill. I created a resource group and inside it a search service where I used the pii template. I created an indexer and once I run that even on a small txt file, it didn't seem to detect any pii. I guess my question is how should be diagnosing this problem; is the issue with the skill did I index the txt file wrong, etc. Thanks

I see that Azure OpenAI has released prompt caching for some OpenAI models.

I am using gpt-4o-mini to ask multiple questions over the same document. This is a perfect case for prompt caching.

When I receive my usage output the “prompt token details” (completion.usage.prompt_token_details) is none, even on follow up questions. From the release note this should contain “cached_tokens”.

I would like to utilize the prompt caching to lessen costs but cannot find Python code for accomplishing this anywhere.

Prompt caching should be enabled by default. Any advice on how to take advantage of this new feature?

I cannot get this to work for the life of me. My UPN matches, my proxy address matches, and my email address matches. I canot figure out why this won't work.

Have any of you had a problem with Soft Match?

Heyo, curious if anyone stores their 2FA recovery codes from different sites within an Azure Key Vault? I understand that there are many ways of securely storing these codes, I'm just curious if anyone specifically using AKV and, if so, what your experience has been like.

I work closely with enterprise customers that rely on AKV and so I'm thinking about it's use for personal matters.

I appreciate any responses!