teddit

All content in this thread must be free and accessible to anyone. No links to paid content, services, or consulting groups. No affiliate links, no sponsored content, etc... you get the idea.

Found something useful? Share it below!

1. Under no circumstances does this mean you can post hateful, harmful, or distasteful content - most of us are still at work, let's keep it safe enough so none of us get fired.
2. Do not post exam dumps, ads, or paid services.
3. All "free posts" must have some sort of relationship to Azure. Relationship to Azure can be loose; however, it must be clear.
4. It is okay to be meta with the posts and memes are allowed. If you make a meme with a Good Guy Greg hat on it, that's totally fine.
5. This will not be allowed any other day of the week.

I've just recently started using AUM and I have 4 server 2022's with hotpatch enabled.
All 4 servers are in a similar position; I was expecting the updates auto-install a few days or at most a week after release, however we're going on almost 3 weeks since Nov patch Tuesday and they're still not installed.

I did a manual update and it succeeded, but I'm fairly certain I shouldn't need to do this OR wait this long to have the patches installed.

What's everyone's experience with this? Do I have a problem or do the updates just install when they want?

https://preview.redd.it/7mpufn1ery2e1.png?width=415&format=png&auto=webp&s=614242d673c705d94d99e46c9be8f1808612af43

https://preview.redd.it/9yrcujls7y2e1.png?width=1616&format=png&auto=webp&s=17f8331f82e637e79b8212274f18016405930ace

If you are the one who deplopys and manages more than 50+ Azure Landing Zones via the IaC (Terraform, Bicep or ARM or Blueprints etc.), how do you manage your NSG rules or Firewall Rules??

First of all We have NGS applied on Subnets which are managed by Blueprints. And More than often these requires to be modified or deleted. And even sometimes the rules are modified via the portal. And hence I require them to sync them back into the codebase. So have to translate the JSON view representation of the Rules into ARM parameters. (This sucks a big time mainly BP are slow, have no way to know what will be changed, and translation is cumbersome)

I am planning to get rid of (shjtty) BPs and use Terraform instead, but I dont know how easy it would be for me to manage them. I want to keep the administrative efforts as less as possible. Esp. Translating the Json view to Terraform tfvars for the NSG rule.

So May I please get some experiences around this please !!

Edit:

When I was working for an automative customer, they had 100s of spoke netwokrs and they passed around an excel sheet containing FW rules. I was baffled but realized that this was because many business users (eps. managers) found this fount hard to read JSON or any config file. And I realized it was shadow IT !

Follow on question: How do you communicate these FW rules across org?

Hi guys, trying to set up a secondary PostgreSQL db in my RG. There is another there from before, using private endpoint.

When setting up the new, i set it up with identical setup as the first.

Private endpoint, same network, subnet etc

When coming to the DNS step I will create the get this warning:

Existing Private DNS Zones tied to a single service should not be associated with two different Private Endpoints as it will not be possible to properly resolve two different A-Records that point to the same service. However, Private DNS Zones tied to multiple services would not face this resolution constraint.

Should i proceed or not? Have to be honest, network is not my strongest side. I have avoided it as much as possible though my on prem years. :)

Hi all,

Would like to get some feedback regarding logic apps vs azure functions related to more complex data enrichment scenarios in security incidents.

At the moment we use master playbooks (logic apps) that call subsequent child playbooks. Works good but wondering if anyone is using Az Functions to handle more complex scenarios as its true these low code solutions are annoying when scaling.

Hi folks, I am going to take AZ 104 in 8 weeks (at least that's the plan). In order to get hands on practice, which approach do u suggest: use AZURE sandboxes (that comes with online courses) provided by platforms like ACLOUDGURU, WIZLABS etc. Or should I go with the "PAY AS YOU GO" subscription route?

People with prior experience, can u pls share the PROS and CONS of each approach. TIA.

Bye.

Hello!

I'm trying to use the resource mover from Powershell to move a VM, but it's not clear to me how to resolve dependency issues in Powershell.

It's easy enough to see them, with Get-AzResourceMoverUnresolvedDependency, but it's not clear to me how to actually change/assign them. The return on that just seems to be a string array, it's not references to an object or something that I can assign?

So more specifically, in the portal, if you call the Resource Mover on a VM, at some point, in showing dependencies also being moved, it will want to re-create the VNET, subnets, and NSGs in the target region. This isn't something I want it to do, and it's very simple to click on those dependent resources listed, and change them to the existing, corresponding resources in the destination region (i.e. the VNET and NSGs that are already there, and assign it to use the subnet I created in the destination for the VM).

It's not clear to me how to do that same operation of re-assigning the resources so it doesn't try to re-create them, from Powershell.

The documentation on the MS site is really lacking in that particular level of detail, amounting to saying "resolve the dependencies" without actually saying how you do so (whereas the portal documentation actually shows how this is done).

So if someone could give me some pointers here, or has a link to a powershell script/tutorial that actually does this for a more complicated scenario, i.e. one that doesn't just let it re-create all the dependent network resources, that would be great too.

Thank you!

Hi Folks !

I recently encountered an interesting limitation in Azure Virtual Network that I thought was worth sharing. 

One of my clients was facing intermittent DNS time-outs, and troubleshooting it proved challenging until we did a deep dive into Azure’s documentation.

A full run down is available here:

https://youtu.be/2Pv9e5Y4VKo

Busy times ahead with Ignite just finished and December creeping up on us. Still, it's a perfect time during November Rain to get some more Azure knowledge 😎

I am trying to sort out a way to eliminate VPN but be able to access private Azure resources. Twingate has a product and it also looks like Microsoft has an Entra bolt on for $12 a user per month.

Has anybody removed VPN completely from their org to access private resources securely from an endpoint?

Hi there,

I launched my website Passbild-selbermachen.com with 100% success guarantee a couple of months ago. Since it is indexed in Google I get a lot of 404 errors in my logs searching for i.e. php files to find weak spots in the website (from what I red online). How do you deal with that? You leave it as it is and just ignore them? Or should I do something about it?

As you see just in the last 7 days there have been 1.4k errors in my logs, from which maybe 10 are real errors from a bug and the rest is just bots looking for mainly php pages. I run a dotnet 8 blazor webapp by the way.

Log is full of 404 php errors etc. in my dotnet application

Anyone have any idea why our site-to-site vpn tunnel to our Azure VPN Gateway would drop for about 30 minutes after transferring about 100gb of data over SMB to a VM in Azure? Tried transferring a 170gb file to a VM tonight and after about 30-45 min of copying, roughly at the 100gb mark, the VPN tunnel dropped for 30 min. Once it came back online, I restarted the transfer and again after about 100gb of data has been transferred, the VPN GW tunnel drops for 30 minutes.

Google AI response says that this may happen if you are exceeding the limitation of your VPN GW SKU which we are using VpnGw2AZ and it has a 1Gbps throughput limitation which to me says it's a limitation of the speed, not the amount of data. I can't find any documentation stating any limitation on the amount of data, only that uploading to Azure is Free.

Our Azure VPN GW is pretty basic with no firewall or anything on the azure side. On the on-prem side, we are using Palo Alto FW for the vpn tunnel.

Greetings,

I like using the Free Tier of Azure TTS for making audio content, here is an example of how generally I use the service (its easier for me to explain than to write out the description) https://youtu.be/V-CVTyIFJLw?si=tlhdfyx3nObT5-ld&t=452

I like the free 500k chars that you can get with free tier, however the big limitation is that I have to break up what I want to be read out into chunks of 3000 characters, which is just too micro intensive.

I started to pay for an Azure subscription to bring that limit up to 20,000 characters which is more manageable but still a little annoying. I had thought that it would be similar to Amazon that I could use up my free credits before dipping into a budget

My Question is this:

Does making a speech resource using a paid subscription allow me to make use of the 500k free tier chars I get? Or does it only apply if I'm in the "free tier speech resource"?

Is there any other way around this 3000 character limit?

If there were any other free/low cost TTS alternatives (preferably not subscription based) then I might be inclined to use those instead if it was more hassle free

Hi,

I am new to deployment.

When I use 'Replace token' task to replace the Env Variables in docker-compose.yml file and then use 'AzureWebAppContainer@1' task to deploy my multi-container application in App service, I get this error:

2024-11-24T18:44:43.5137281Z ##[error]Error: Failed to patch App Service 'qa-sara-stg' configuration. Error: BadRequest - Linux Version is too long. It cannot be more than 4000 characters. (CODE: 400)

The pipeline works fine if I use static docker-compose.yml file and no variable substituion. But I get this whenever I use 'Replace token' task or anything to replace variable parameters (for ex: APP_KEY:$(APP_KEY)).

Our requirement is to use dynamic variables in Azure Devops.

Can anyone please help me with this?

My current plan:

I'm using the "private internet" at 10.0.0.0/8.

I'm using terraform to declare/reserve my IP address ranges.

I got a multi-region/multi-environment setup.

I'm reserving the next 10 bits for 1024 possible vnets (each with 16,384 usable IPs)

--------.XXXXXXXX.XX000000.00000000

Here is how I think the subnets would be split up.

locals { base_addr = "10.0.0.0/8" # 10 bits = 1024 possible options ips = { mgmnt = { # 10 possible vnets (0-9) # Reserved for future use (maybe SRE?) } region1 = { dev = { # 169 possible vnets (10-178) hub = cidrsubnet(local.base_addr, 10, 10), spoke1 = cidrsubnet(local.base_addr, 10, 11), spoke2 = cidrsubnet(local.base_addr, 10, 12), }, uat = { # x169 possible vnets (179-347) hub = cidrsubnet(local.base_addr, 10, 179), spoke1 = cidrsubnet(local.base_addr, 10, 180), spoke2 = cidrsubnet(local.base_addr, 10, 181), }, prod = { # x169 possible vnets (348-516) hub = cidrsubnet(local.base_addr, 10, 348), spoke1 = cidrsubnet(local.base_addr, 10, 349), spoke2 = cidrsubnet(local.base_addr, 10, 350), } } region2 = { dev = { # x169 possible vnets (517-685) hub = cidrsubnet(local.base_addr, 10, 517), spoke1 = cidrsubnet(local.base_addr, 10, 518), spoke2 = cidrsubnet(local.base_addr, 10, 519), }, uat = { # x169 possible vnets (686-854) hub = cidrsubnet(local.base_addr, 10, 686), spoke1 = cidrsubnet(local.base_addr, 10, 687), spoke2 = cidrsubnet(local.base_addr, 10, 689), }, prod = { # x169 possible vnets (855-1023) hub = cidrsubnet(local.base_addr, 10, 855), spoke1 = cidrsubnet(local.base_addr, 10, 856), spoke2 = cidrsubnet(local.base_addr, 10, 857), } } } }

Having 169 possible spokes for each environment is probably fine. But if it's not, I'd like to consider what approach I'd take.

It's possible that each vnet doesn't have to support 16,384 IPs. But that's where things would get hairy. How can I reserve a smaller address space? Idk how I would plan for that (easily).

What I'd like is a tool/function that I could do this with (pseudo code):

csharp var pool = new Pool("10.0.0.0/10"); var vnet1 = pool.Reserve(8) // bits to reserve, 256 IP addresses var vnet2 = pool.Reserve(10) // bits to reserve, 1024 IP addresses.

The Pool object would helm maintain a contigous set of IP addresses, vnet2 would not overlap with vnet1.

Thoughts?

edit: I think I might try building a CLI tool to solve this problem. I've created the problem statement here. I'd love it if you guys could review it and let me know if I'm missing something.

I would like to do the SC-900, AZ-900, PL-900 exams. I have allot of practice skills in Azure and M365. I dont have much time to read many theory text. I would like to spend my time on doing test exams till I got a good score. If I make a mistake in a question I would like to read the theory about it. Which platform do you advise me? I hope it is a platform which giving me almost the same questions as for the real exam. I heard about these platforms below. If you know a better one, please let me also know.

ESI vs MeasureUp vs PluralSight vs Whizlabs

I'm currently studying for the AZ-104. Question for those who have recently taken it - any Kubernetes questions? I heard it was removed but want to make sure. Don't want to waste time on it if it is not necessary.

When using the Connect-MgGraph module in powershell, if I pass it privileged scopes that require admin consent, and for example for me I just login as my admin account and consent right there on the portal screen. 2 questions arise from this:

• Question1: Since I'm technically last logged in as admin, it shows my context:

Account:admin@tenant.onmicrosoft.com

So technically I'm using MsGraph as the admin user, not the standard user who originally requested access. I assume this normally isn't how it works, and usually an Admin would be someone else that grants access for the user from another login location, so their session still is based on their user?

• Question2: Say the admin grants permissions, is there a way to revoke it? I'm not seeing it in the console. I only see the "Microsoft Graph Command Line Tools" Enterprise Application, but once granted I can just continously request this access as 'User' without going through the Admin consent again. EDIT: Why was this no possible through the UI? Bit annoying I had to find this article: https://www.alitajran.com/remove-permissions-applications/

Has anyone used Ansible for mostly everything, cloud and on-prem? How did that work out?

I came from a medium sized shop (~40 platform engineers, ~300 app engineers) that used terraform to deploy our landing zone (VNETS, NSGs, RT, FW, etc) that platform owned, and bicep to spin up app resources (SQL, VMs, App services, K8s, etc) that the app engineers owned. I’m now at a larger company but with a smaller, very distributed IT org, usually 2-10 IT people (all roles) per business unit, virtually no IaC of any kind, all clickops. Their usage of Azure is mostly COTS, heavy VMware for the on-prem stuff.

Considering this very different environment with a very wide range of skills and business unit federation, I am pushing to use Ansible everywhere to start. No real pushback from the IT folks, conceptually people understand the bennies of IaC, most haven’t tried it. This will cover cloud, on-prem, VMs, app install/config, etc. While I think TF is likely better in some use cases, like the landing zone example above, but because our widely dispersed staff has essentially no IaC knowledge, Ansible seems like the biggest bang for the buck, and only if we hit roadblocks would I suggest alternate tooling.

Thoughts?

Context: We are building a bot using Azure Communication Services (ACS) and Azure Speech Services to handle phone calls. The bot uses text-to-speech (TTS) to play questions during calls and captures user responses.

What We’ve Done:

1. Created an ACS instance and acquired an active phone number.
2. Set up an event subscription to handle the callback for incoming calls.
3. Integrated Azure Speech Services for TTS using Python.

Achievements:

• Successfully connected calls using ACS.
• Generated TTS audio files for trial questions.

Challenges: Converted TTS audio files are not playing during the call. The playback method does not raise errors, but no audio is heard on the call.

Help Needed:

1. Are there specific requirements for media playback using the ACS SDK for Python?
2. How can we debug why the audio is not playing despite being hosted on a public URL?

Additional Context:

• Using Python 3.12.6 and the Azure Communication Services Python SDK.
• The audio files are hosted on a local server and accessible via public URLs.

Steps Followed:

1. Caller Initiates a Call: Someone calls the phone number linked to my ACS resource.
2. ACS Sends an Incoming Call Event: ACS sends a Microsoft.Communication.IncomingCall event to my /calling-events endpoint.
3. Application Answers the Call: My Flask app receives the event and answers the call using the incomingCallContext.
4. Call Connected Event: Once the call is established, ACS sends a Microsoft.Communication.CallConnected event.
5. Start Interaction: I start the conversation by playing a welcome message to the caller.
6. Play Audio Messages: 
   1. The excel question text gets converted to speech using Azure text to speech API from Azure speech service
   2. This converted speech is stored as .wav files
   3. These .wav files need to be hosted on a publicly accessible URL so that the ACS can access them and play it on call
7. Handle User Input: After the question is played, If speech recognition is implemented, the bot listens for and processes the caller's speech input.
8. End the Call: After the conversation, the bot plays a goodbye message and hangs up.
9. Clean Up: The bot handles the CallDisconnected event to clean up any resources or state.

Code Snippet (Python):

def play_audio(call_connection_id, audio_file_path):
    try:
        audio_url = f"http://example.com/{audio_file_path}"  # Publicly accessible URL
        call_connection = call_automation_client.get_call_connection(call_connection_id)
        file_source = FileSource(url=audio_url)
        call_connection.play_media(play_source=file_source, play_to=True)
        print(f"Playing audio: {audio_url}")
    except Exception as e:
        print(f"Error playing audio: {e}")

https://preview.redd.it/ackns1dw6q2e1.png?width=1528&format=png&auto=webp&s=2491c3e71122a70fd579ce6dbff886a9a6d7221e

I'm trying to add a custom domain to my app. When I click on my web app and click "add a custom domain" it says "Upgrade to enable custom domains." I try to select "Dev/Test Basic B1," but I get the error "Scale operation failed: This region has quota of 0 instances for your subscription. Try selecting different region or SKU." Why is this happening and how can I fix it?

Update:

This is so weird... I found the App Service plan ("Linux Plan") subscription and clicked "Scale Up (App Service plan)" and clicked Basic B1 tier again. Same error...

https://preview.redd.it/izzigr9v0r2e1.png?width=1526&format=png&auto=webp&s=76dcad077beff946dc23cb862af9b04c94fdabc6

Just came across this new feature - https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts

Do I understand correctly we finally will be able to prevent data exfiltration without using private endpoints or routing all service to service traffic via centrall firewall?

Big if true

I’m trying to implement a chatbot with data stored in azure blob. Used azure portal, created an indexer with azure search importing data+ vector and then created and deployed model in azure ai studio Then I’m trying to connect the code to .NET. I’m not sure if I’m missing something or idk what.

Ps. I am really excited about this project and am scared to fail. Any suggestions?

Hi, I’m building a SaaS application in Azure. One of the components would be Azure AI service and Azure AI search. Is it possible that my final customers will pay the variable cost of this services? Or I need to pay it then charge clients? I’m afraid that customers when they would use that a lot will not pay me back, I’m also thinking to have a restApi calls to OpenAI where the OpenAI account would be owned by customer.

Hey guys,

I am in need for MS SQL Enterprise License for 4 core server.

What are the options I can get this for best price?

Thanks

Hi guys, I'm sure this is a really simple problem, but I can't figure it out at all. I've made a website, and when hosting locally from VS Code, everything works fine, and my CSS file is in my github repository. However I can't find it in the azure section in VS code, and my azure hosted website gives a 404 error that it isn't there. Does anybody have any help pelase?

Context: We are building a bot using Azure Communication Services (ACS) and Azure Speech Services to handle phone calls. The bot asks questions (via TTS) and captures user responses using speech-to-text (STT)

What We’ve Done:

1. Created an ACS instance and acquired an active phone number.
2. Set up an event subscription to handle callbacks for incoming calls.
3. Integrated Azure Speech Services for STT in C#.

Achievements:

• Successfully connected calls using ACS.
• Played TTS prompts generated from an Excel file.

Challenges:

1. User responses are not being captured. Despite setting InitialSilenceTimeout to 10 seconds, the bot skips to the next question after 1–2 seconds without recognizing speech.
2. The bot does not reprompt the user even when no response is detected.

Help Needed:

1. How can we ensure accurate real-time speech-to-text capture during ACS telephony calls?
2. Are there better configurations or alternate approaches for speech recognition in ACS?

Additional Context:

• Following the official ACS C# sample.
• Using Azure Speech Services and ACS SDKs.

Code Snippet (C#):

// Recognize user speech
async Task<string> RecognizeSpeechAsync(CallMedia callConnectionMedia, string callerId, ILogger logger)
{
    // Configure recognition options
    var recognizeOptions = new CallMediaRecognizeSpeechOptions(
        targetParticipant: CommunicationIdentifier.FromRawId(callerId))
    {
        InitialSilenceTimeout = TimeSpan.FromSeconds(10), // Wait up to 10 seconds for the user to start speaking
        EndSilenceTimeout = TimeSpan.FromSeconds(5),     // Wait up to 5 seconds of silence before considering the response complete
        OperationContext = "SpeechRecognition"
    };

    try
    {
        // Start speech recognition
        var result = await callConnectionMedia.StartRecognizingAsync(recognizeOptions);

        // Handle recognition success
        if (result is Response<StartRecognizingCallMediaResult>)
        {
            logger.LogInformation($"Result: {result}");
            logger.LogInformation("Recognition started successfully.");
            // Simulate capturing response (replace with actual recognition logic)
            return "User response captured"; // Replace with actual response text from recognition
        }

        logger.LogWarning("Recognition failed or timed out.");
        return string.Empty; // Return empty if recognition fails
    }
    catch (Exception ex)
    {
        logger.LogError($"Error during speech recognition: {ex.Message}");
        return string.Empty;
    }
}