Recent Discussions
AD B2C - Custom Policies - Evaluate custom extension
Hi! I am using Custom Policies for our AD B2C Application. I want to use this custom extension on my users: AlwaysMFA: boolean The extension is set on some users, but not all. I have a trouble of writing the logic since the profile keeps executing even for users what does not have the attribute at all. This is the logic: <OrchestrationStep Order="10" Type="ClaimsExchange"> <Preconditions> <Precondition Type="ClaimEquals" ExecuteActionsIf="false"> <Value>extension_AlwaysMFA</Value> <Value>True</Value> <Action>SkipThisOrchestrationStep</Action> </Precondition> </Preconditions> <ClaimsExchanges> <ClaimsExchange Id="PhoneFactor-Verify-Blacklisted" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify" /> </ClaimsExchanges> </OrchestrationStep> How should I write it to handle both the true, false and "notset"? The documentation does not say anything about this.12Views0likes2CommentsFile restores failure from Azure VM Backup fail
We have several Azure VMs being backed up to a recovery vault. I am testing doing file restores from a VM just in case it is needed. I am using the procedure as outlined in the article Recover files and folders from Azure VM backup - Azure Backup | Microsoft Learn. All of the VMs are on a VNet in Azure, including the one I am running the restore from. The recovery services vault has a private endpoint on the VNet. When I run the generated script from an elevated command prompt, I get the general error "Exception caught while connecting to Target. Please retry after some time." I have tried several times over the week, so I don't think it is a transient issue. In looking at Troubleshoot Azure VM file recovery - Azure Backup | Microsoft Learn under the heading "The script runs but the connection to the iSCSI target failed", I get back a response from the NSLookup with an external IP address. If I try to ping, I get no answer, which I expected since pings are usually blocked. I have made sure outbound port 3260 is not blocked. Does anyone have any suggestions? Eric Logsdon7Views0likes2Commentspl-300 exam
I recently cleared my PL-300 certification within 1 week of preparation on my first attempt with a score of 930. I hope my experience can help you in your preparation journey. I took an online course and watched several YouTube videos related to this certification. I also reviewed various FAQs to gain a deeper understanding. The most significant help in my preparation was practicing exam questions from ITExamsPro. I highly recommend them. These tests contain verified answers that help you understand the concepts in depth. they are very similar to the actual exam. I found that around 80% of the questions appeared in my real exam. These Pl-300 questions come with detailed explanations for each question, which was invaluable for my preparation. They also offered exam notes which highlights important topics which is also quite helpful.10Views0likes0CommentsInvalid Storage Account
I’m trying to migrate a Resource Group across subscriptions but one VM in particular throws up this error The Move Resources request contains VMs which are associated with invalid storage accounts. Please check details for these resource ids and referenced storage account names. (Code: MoveResourcesHaveInvalidState, Target: Microsoft.Compute/virtualMachines) Storage Account 'storageaccountname' either does not exist or is in an invalid state. (Code: MoveResourcesHaveInvalidState, Target: /subscriptions/subscriptionID/resourceGroups/RGName/providers/Microsoft.Compute/virtualMachines/ The referenced storage account does not exist and I have cycled the options on the boot diagnostic storage account to no avail1.5KViews0likes7CommentsAzure GIT - Looking for a REST API to retrieve commits/PRs between two tags
Hi, I am looking for a rest API to retrieve a list of commits/PRs between two given tags. EX; assume I have one tag named release-202410 from main branch and another tag named release-202411 from dev branch. I want to get a list of commits happed between the release-202410 and release-202411. basically, the idea is to get the list of new changes in release-202411 commits and PRs wise workaround would also be fine if there is no out-of-the box feature for this6Views0likes1CommentAzure Course Blueprints
Overview The Course Blueprint is a comprehensive visual guide to the Azure ecosystem, integrating all the resources, tools, structures, and connections covered in the course into one inclusive diagram. It enables students to map out and understand the elements they've studied, providing a clear picture of their place within the larger Azure ecosystem. It serves as a 1:1 representation of all the topics officially covered in the instructor-led training. Links: Each icon in the blueprint has a hyperlink to the pertinent document in the learning path on Learn. Filters: You have the capability to filter layers to concentrate on segments of the course by modules. I.E.: Just day 1 of AZ-104, using filters in Visio and selecting modules 1-3 Enhanced Integration: The Visio Template+ for expert courses such as SC-100 and AZ-305 now features an additional layer that allows you to compare SC-100, AZ-500, and SC-300 within the same diagram. Similarly, you can compare AZ-305, AZ-204, and AZ-104 to identify differences and study gaps. Since SC-300 and AZ-500 are potential prerequisites for SC-100, and AZ-204 or AZ-104 for AZ-305, this comparison is particularly useful for understanding the extra knowledge or skills required to advance to the next level. Celebrating 24,000 Downloads! Advantages for Students Defined Goals: The blueprint presents learners with a clear vision of what they are expected to master and achieve by the course’s end. Focused Learning: By spotlighting the course content and learning targets, it steers learners’ efforts towards essential areas, leading to more productive learning. Progress Tracking: The blueprint allows learners to track their advancement and assess their command of the course material. New Feature:A comprehensive list of topics for each slide deck is now available in a downloadable .xlsx file. Each entry includes a link to Learn and its dependencies. Download links Associate Level PDF Visio Released Updated Contents! AZ-104 Azure Administrator Associate Blueprint [PDF] Template 12/14/2023 10/28/2024 Contents AZ-204 Azure Developer Associate Blueprint [PDF] Template 11/05/2024 11/07/2024 Contents AZ-500 Azure Security Engineer Associate Blueprint [PDF] Template+ 01/09/2024 10/10/2024 Contents AZ-700 Azure Network Engineer Associate Blueprint [PDF] Template 01/25/2024 11/04/2024 Contents SC-300 Identity and Access Administrator Associate Blueprint [PDF] Template+ 10/10/2024 Contents Specialty PDF Visio Released Updated AZ-140 Azure Virtual Desktop Specialty Blueprint [PDF] Template 01/03/2024 02/05/2024 Expert level PDF Visio Released Updated AZ-305 Designing Microsoft Azure Infrastructure Solutions Blueprint [PDF] Template+ 05/07/2024 11/05/2024 Contents SC-100 Microsoft Cybersecurity Architect Blueprint [PDF] Template+ 10/10/2024 Contents Skill based Credentialing PDF Visio Released Updated AZ-1002 Configure secure access to your workloads using Azure virtual networking Blueprint [PDF] Template 05/27/2024 Contents AZ-1003 Secure storage for Azure Files and Azure Blob Storage Blueprint [PDF] Template 02/07/2024 02/05/2024 Contents Benefits for Trainers: Trainers can follow this plan to design a tailored diagram for their course, filled with notes. They can construct this comprehensive diagram during class on a whiteboard and continuously add to it in each session. This evolving visual aid can be shared with students to enhance their grasp of the subject matter. Introduction to Course Blueprint for Trainers [10 minutes + comments] Real life demo AZ-104 Advanced Networking section [3 minutes] Visio stencilsAzure icons - Azure Architecture Center | Microsoft Learn Subscribe if you want to get notified of any update like new releases or updates. My emaililan.nyska@microsoft.com LinkedInhttps://www.linkedin.com/in/ilan-nyska/ Please consider sharing your anonymous feedback <-- [~ 40 seconds to complete]Solved56KViews24likes20CommentsAzure Virtual Desktop - Black Screens on logins - What we've tried so far
TLDR - Azure Virtual Desktop Black Screens. Could be 2 Min long, could be much longer. Tried removing stuck profiles, spun up all new VMs to see if that would fix it, finally disabled an application service that was polluting the Event logs constantly with appcrashes. Hoping that maybe the event logs weren't able to keep up so we had a black screen while events caught up. Grasping at straws. We started getting reports of black screens when users login to one of our AVD Host Pools. Our users are using FSLogix for profiles, but we've also seen the issue when logging via RDP with a local admin account. We tested and saw similar results where you login, FSLogix Prompt goes by, then to Preparing Windows, then black screen. In a normal login, this black screen will last 10-20 seconds before desktop comes available and user can begin their session. With this issue, we were seeing black screens that just stayed there until you forced a logout of your account. We saw some profile issues with the VMs in the pool appearing to be stuck on a VM when it should be removed upon logoff with FSLogix and we saw some stuck local_username FSLogix profiles still in the users folder. Instead of finding the needle in a haystack, we spun up a new group of VMs and put the others in drain mode / excluded. With the new VMs, logins from RD Client were working fine yesterday afternoon, evening and this AM. But later in the morning, we saw some issues with users getting a black screen lasting 90 sec - 2 min before desktop loaded in. I had it happen to me when logging in, but it seemed to go away once I tried a couple more times. I even directly RDPd into the host that I had the 2 min black screen for me and was able to get in quickly. So issue appears to still be showing, but not as bad. We looked in event logs and saw that one particular application - the Aspen Multicase Web service was polluting the service event logs with appcrash errors every few seconds. So we've disabled that application service on all the VMs in the pool and logins have been normal since. We read event logs that were event 4625 (failed login) but the event said event logs couldn't keep up and needed to stop duplicate events...so we were thinking that this service was constantly writing to event logs, could the slow logins happen when the service is trying to run, failing and writing to event logs. the logs wouldn't be able to write the login info. But every other change we made things seem fine afterward for a while, but then the black screen will come back for at least 90sec - 2 min. Any suggestions on things we can try / look at that could be causing this?68KViews9likes271CommentsAudit user accessing entreprise App by SPN sign-in
I'm in a Hybrid Entra ID environment. Some users can use an "Entreprise Application" by utilizing IDs and a certificate. In the activity or sign-in logs, I can find the access entries, but I don't have the information on which user used the app registration or which certificate was used. I would like to have logs that allow me to identify WHO is using an SPN/App registration. Do you have any ideas? Thank you. Here an example: In this screenshot, I can see access made to an app using, for example, an appid+secret/certificate connection. So, it’s "logical" not to see a username since it's not required for this type of connection. However, I would really like to have this information or some indicator to identify which of my users accessed it. Currently, I only have the machine's IP address, but I would like more information. Maybe in Purview or with another service, but I haven't found anything.17Views0likes2CommentsHow to solve issue: Incorrect worker runtime specified for function app (AZFD0013)?
Hi, (I apologize if this post is placed incorrectly within the community.) we've used appStart/Stop VMs during off hours - V2 (GitHub - microsoft/startstopv2-deployments) (Start/Stop VMs during off hours - V2 - Microsoft Azure) It worked without any issues, but 8.10we received the notification described in the article: AZFD0013: The configured runtime does not match the worker runtime metadata found in the deployed function app artifacts. - Azure Functions | Microsoft Learn. In the notification it was written: We have a new Functions recommendation for startstopvm23dvt65bpvxrmw Incorrect worker runtime specified for function app We've noticed that your function app (**startstopvm23dvt65bpvxrmw**) is configured with the FUNCTIONS_WORKER_RUNTIME setting as "dotnet-isolated", but expected value for the deployed application payload is "dotnet". This is an unoptimized state which limits performance and may impact application reliability. To help detect this, you may now see the AZFD0013 event raised at the Warning level in your logs. This will be raised to Error level in a future update. To ensure your app can run properly, for its current payload, you should set the FUNCTIONS_WORKER_RUNTIME value to "dotnet". You must also update any deployment automations you have, such as templates or CI/CD pipelines, so they specify the correct value as well. Please seehttps://aka.ms/functions-invalid-worker-runtimefor more information. If I understand correctly, our FUNCTIONS_WORKER_RUNTIME is set to "dotnet-isolated", and we should reset it to "dotnet" But in the GitHub documentation I found: August 19, 2024Start/Stop v2 has been migrated to the.NET 8 isolated worker model. https://github.com/microsoft/startstopv2-deployments?tab=readme-ov-file#upcoming-or-recent-updates-to-startstop-v2 When I checked the application settings in Azure, I also get this notification. When I look in the configuration, there it is set as it is written in GitHub -I assume this setting is correct When I look in the environment variables, and look for FUNCTIONS_WORKER_RUNTIME. So there is dotnet-isolated. But I don't know if by changing this variable, something will not work on dotnet, when the configuration is also set to .NET 8 Isolated? Can anyone advise me on how to proceed to eliminate this problem? Thanks for all the tips, tricks and advice TomSolved383Views0likes2CommentsFunction App Service
Hi, I'm having trouble deploying my Python script to an Azure Function App. Can someone help me troubleshoot the deployment process and ensure the function works correctly? I have followed all the articles available on the internet, I am not able to figure out , where is actual issue?85Views0likes3CommentsFind out a server with Azure AD Connect
Hi All, Normally, if someone need to find on which server Azure AD Connect is installed it can be done in Azure portal under Microsoft Entra Connect - Microsoft Entra Connect Health - Sync Services. Is there any way to find out on which server Azure AD Connect is installed if Microsoft Entra Connect Health is not installed or its service stopped? I know in this case no server will be displayed under Microsoft Entra Connect Servers. The reason why I'm asking, someone deployed Azure AD Connect and ran syncing but for unknown reason stopped Azure AD Connect Health service. Because of that I couldn't find on which server Azure AD Connect tool was installed until that person advised. If he didn't tell me I most likely would need to sign in to each production server to check. However, just wondering if it can be done with some PowerShell command. Thanks.45Views0likes5CommentsAzure Government Cloud - Azure datafactory to Azure Devops on-prem Server integration setup
Hi, I'm trying to setup Azure datafactory to Azure Devops on-prem Server integration setup in Azure Government. I'm able to create a Azure DevOps Server in Virtual Machine using single server deployment. However I'm unable to integrate the ADF to the on-prem server. Has anyone done this setup ? CC:Jason IngramSteve Michelotti101Views0likes3CommentsRemote Desktop client connection
I'm trying to expand access to our AVD pools into our internal network and I'm getting the following error after I hit subscribe. I never get the initial Entra sign in when you click subscribe. The network I want to extend to is fairly secured with very limited access to the internet. I've been trying ever looser rule set to access the necessary services but at this point I'm allowing everything out on port 443 from my test machine without change. I was originally trying to connect to private endpoints through an express rout connection but I've removed the DNS forwarding that was directing the traffic there for now as well. The client update also fails and when I dig into the logs I can see that it has a TLS error "System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."15Views0likes2Comments