Recent Discussions
Logic Flow name in Azure Log Analytics
dependencies | where type == "Ajax" | where success == "False" | where name has "logicflows" | project timestamp, name, resultCode, duration, type, target, data, operation_Name, appName | order by timestamp desc This KQL query in Azure Application Insights> Azure Log Analytics is used to get errors for logicflows. It returns the data but, I cannot see the logicflow name or ID anywhere. Is there any way to fetch logicflow ID? The azure app insight is registered for a power app, where we are using automate flows to call apis. We need the flow's name in analytics. I tried looking the database, there is no field for logic flow's name or ID. Though when seen in user>sessions, it shows name in requestHeaders.How Azure Organizes Resources Subscriptions, Resource Groups, and Management Groups
When you start using Microsoft Azure for deploying applications or managing cloud infrastructure, understanding how Azure organizes its resources is fundamental. Azure provides a structured hierarchy—Management Groups, Subscriptions, and Resource Groups—that helps you manage, secure, and govern your resources effectively. Think of it like this: your Azure environment is a large, well-organized digital enterprise. Management Groups are the corporate headquarters, Subscriptions are individual departments, and Resource Groups are teams within those departments working on specific projects. In this blog, we’ll explore in detail how each of these levels functions, how they relate to each other, and how you can use them to streamline governance, billing, and access management in Azure. https://dellenny.com/how-azure-organizes-resources-subscriptions-resource-groups-and-management-groups-explained/
Azure Secure Virtual Hub VNET-Branch Routing
Hey trying to get connectivity going from our VNET to Branch over the S2S VPN I've setup and from what I can tell when doing a tracert to an branch private ip address it seems to stop at the Azure Firewall IP Address and I've even created an any/any rule on the firewall policy but no go so far. Is there something that I'm Missing? Here is my topology.. Secure Virtual Hub 1x VNET Spoke 1x VPN Site Both associated to the default route table which has a route for 0.0.0.0/0 next hop firewall Both Propagating to the None route table. I have created a DNAT rule to allow RDP which I'm assuming thats how I'm getting into the virtual machine via rdp but once I'm in I cannot route to anything back.
OPNSense nested in a Proxmox VM, trying to spoof VM NIC to transparently relay to host NIC
I am trying to set up OPNSense VM inside a Proxmox, which is running in a Azure VM with nesting enabled. I have my reasons to do it, so please spare me the "why not go native" questions. Since azure VMs don't support vIOMMU (note the "v" in vIOMMU stands for virtualized IOMMU, for L2 instances), I cannot pass the interface further from Proxmox to OPNSense, so I need to get by using bridges. The host configuration is: – eth0 – vmbr0 with eth0 assigned to it The configuration is: iface eth0 inet manual auto vmbr0 iface vmbr0 inet manual bridge-ports eth0 bridge-stp off bridge-fd 0 The guest configuration is: – VirtIO NIC attached to vmbr0, with MAC overridden using same address as the eth0 – Firewall: NO – MAC Filter: NO Running dhclient on eth0 or vmbr0 correctly discovers and assigns an IP address. Now, I am trying to get the OPNSense in a VM to get that IP address instead and to relay its traffic via the vmbr0 transparently outside of the host. I have done something very similar previously between OpenWRT running in a VM and another VM, using OpenWRT's "trivial relay" (kmod-trelay, see https://forum.openwrt.org/t/howto-kmod-trelay/49610/2, also https://github.com/openwrt/openwrt/commit/c3bba7f8c61ee98265bcffef8ee86e22aa89bbe9), and despite that this particular case is much simpler, I can't get the VM to communicate with the ISP properly. I tried simply by spoofing the eth0's MAC address by setting the OPNSense VM's interface to it, but that's not enough. I also checked the traffic on both ends using tcpdump, and, interestingly, vmbr0 does see the DHCP requests coming from the VM, and the ISP does respond, but that response never reaches the VM, nor the tap interface corresponding to the VM that Proxmox assigned to the bridge. What am I missing here?
Asav on azure
I need help creating a vpn from my Azure ASAV. As it stands right now the trace Capture on my Asav from my Azure Vm to the Remote site Asa private network says my Azure VMs aren't pushing traffic to the ASav. my question when each Azure vm has a public ip how can one then route the traffic tru the Asav. Anyone that has deployed asav on azure shld pls assist.Access to the delegated container subnet from the rest of the network
Hi All, We have an on-premise network: ONPREM-VLAN which is connected to an Azure VLAN: AZUREVLAN1 using Site to Site VPN connection. This AZUREVLAN1 is in subscription-1. We have another subscription: subscription-2 which has two more VLANs: AZUREVLAN2 and AZUREVLAN3. AZUREVLAN2 is one Azure region (same as AZUREVLAN1 i.e. Australia Southeast) and AZUREVLAN3 is in another Azure region (i.e. In Australia East). We have enabled Vnet peering between all the three VLANs. We have also established routing from our on-premise network: ONPREM-VLAN to all the three Azure VLANs. However, when we created a delegated container subnet in AZUREVLAN3 it is only accessible from other subnets within AZUREVLAN3. it is not accessible from any other VLANs (AZUREVLAN2, AZUREVLAN1 and ONPREM-VLAN) in the network. Here is the screenshot of that delegated container subnet: Is there a way i can enable routing from the rest of the network to this delegated subnet?Global Infrastructure 101 Understanding Data Centers, Regions, and Availability Zones in Azure
In this blog post, we’ll unravel the key building blocks of Microsoft Azure’s global infrastructure — data centers, regions, and availability zones — and how they all fit together to support performance, compliance, scalability, and resilience. https://dellenny.com/global-infrastructure-101-understanding-data-centers-regions-availability-zones-in-azure/What Is Microsoft Azure? A Beginner’s Guide to the Azure Ecosystem
In today’s digital world, cloud computing is at the heart of modern business operations — and Microsoft Azure stands as one of its most powerful players. Whether you’re an IT professional, developer, or business owner, understanding Azure can open doors to scalability, flexibility, and innovation. https://dellenny.com/what-is-microsoft-azure-a-beginners-guide-to-the-azure-ecosystem/Top 10 Azure Services Everyone Should Know (2025 Edition)
In today’s rapidly evolving cloud landscape, knowing your way around key cloud-platform services is no longer optional. If you’re working in IT, development, or business strategy, understanding the essential services on Microsoft Azure gives you a competitive edge. Azure supports everything from virtual machines to serverless functions to globally distributed databases. According to Microsoft, Azure offers “Compute, Storage, Networking, Databases, AI + Machine Learning” and many more categories. Here are the top 10 Azure services everyone should know in 2025—what they are, why they matter, and when to use them https://dellenny.com/top-10-azure-services-everyone-should-know-2025-edition/Azure Resource Manager (ARM) The Backbone of Cloud Resource Management
In the fast-paced world of cloud computing, effective management and governance of resources are vital. Microsoft Azure provides a powerful and centralized way to handle these tasks through Azure Resource Manager (ARM) — the core deployment and management service for Azure. ARM acts as the backbone of cloud resource management, ensuring consistency, control, and automation across all Azure environments. https://dellenny.com/azure-resource-manager-arm-streamline-and-secure-cloud-resource-management/Windows App External Keyboard Issues, Android Galaxy S10 Ultra Tablet
I am experiencing a few abnormal issues that I'd like to raise for awareness. Not major, as I'm sure I can find workarounds and get used to it but they are inconvenient for me. And I believe this might be related to the Samsung Android One UI 8.0 update that pushed to my tablet earlier this week as that is the biggest change that happened before I started experiencing this. For one, I used to be able to press the Cmd button on my external keyboard, by default no special config or setup was needed, and the windows menu would appear when remoted into a machine via the windows app. Now it backs me out of the app and takes me to the Android home screen. Also, the control, shift, arrow keys and control z features (for continuous selecting and undoing) do not work as before. It seems that after 2 arrow key presses the text will no longer be selected and the cursor for the arrow key will just move, even if control and shift are still held down. Similarly with control z, I can only undo one item, then with control still held if I press z it will just input the z key over and over. Any assistance is appreciated. I can provide more clarity if needed.Metered Billing Accelerator
Hi! I want to implement a central instance of the Metered Billing Accelerator (https://github.com/microsoft/metered-billing-accelerator) so my Metered Billing Marketplace Offer apps. I've reviewed the YouTube videos but they are quite old and certain things changed since the recording in Azure. Does anyone here know how to install und use it? BR Alex
🔒 Strengthening Azure DNS Zone Security with RBAC and Resource Locks
🔎 DNS security is more than just configuration it’s about protecting critical assets against unauthorized changes and accidental deletions. 🔎 Managing DNS zones effectively requires a layered security approach. 🔎 Two powerful mechanisms in Azure : Role-Based Access Control (RBAC) and Resource Locks 🚀 Role-Based Access Control (RBAC) 🚀 * Granular DNS Access Control * RBAC ensures controlled access management at both the DNS zone and record set levels. * Instead of assigning broad permissions, RBAC enables precise delegation using built-in roles such as: 🔹 Owner – Full control over the DNS zone, including configurations and deletions. 🔹 Contributor – Can modify DNS settings but cannot change access permissions. 🔹 Network Contributor – Can manage networking configurations related to DNS, but not modify records. 🔹 DNS Zone Contributor – Dedicated role for managing DNS zones without broader networking privileges. ✅ Key Advantages of RBAC in DNS Security: ✔ Prevent unauthorized modifications by restricting access to only necessary roles. ✔ Ensure operational integrity by limiting exposure to critical configurations. ✔ Improve governance by aligning roles with organizational security policies. 🔐 Resource Locks 🔐 * Guardrails for DNS Protection * Even with well-defined RBAC settings, accidental deletions can still occur. * Azure Resource Locks add an additional safeguard by preventing changes to a DNS zone or specific record sets. 🔹 Zone Lock ----> Protects an entire DNS zone from being deleted, preserving all associated record sets. 🔹 SOA Lock ----> Prevents unintentional zone deletions while allowing record modifications within the zone. ✅ How Resource Locks Enhance Security: ✔ Shields DNS zones from accidental or malicious deletions. ✔ Maintains continuity by ensuring record sets remain intact. ✔ Strengthens compliance controls for critical infrastructure. 🛠 Best Practices for Securing DNS with RBAC & Resource Locks 🔸 Assign least privilege roles—never give unnecessary access. 🔸 Implement locks on essential zones to prevent configuration errors. 🔸 Regularly audit access permissions using Azure Policy & Activity Logs. 🔸 Use Automation & Alerts to track modifications for enhanced security. 🔹 Implementing RBAC & Resource Locks ensures your cloud environment remains secure, operational, and fault-tolerant.URGENT: Accidental Deletion of Microsoft Clarity Project - Manual Restoration Request
Hello Microsoft Clarity Support Team, I am writing to request the manual restoration of a project that was accidentally deleted from our account. We urgently need to retrieve the historical session data for business continuity. I attempted to contact support via the email alias, but my messages to email address removed for privacy reasons were rejected with a 550 5.7.124 error ("Sender not allowed"), which is why I am utilizing this forum for immediate assistance. Please find the necessary project details below: Account Email: email address removed for privacy reasons Deleted Project Name (Exact): Aste Helsinki new Date/Time of Deletion: October 22, 2025, 12:51 AM Finland time (EEST) Could you please confirm if a manual restoration from your backend archives is possible for this specific project? Thank you for your prompt attention to this critical issue. Best regards, Kateryna Shchuka Aste HelsinkiAzure Firewall query
Hi Community, Our customer has a security layer subscription which they want to route and control all other subscription traffic via. Basically, they want to remove direct VPeers between subscriptions and to configure Azure Firewalls to allow them to control and route all other subscriptions traffic. All internet traffic would then be routed down our S2S VPN to our Palo Alto’s in Greenwich for internet access (both ways). However, there may be some machines they would assign Azure Public IP’s to for inbound web server connectivity, but all other access from external clients would be routed via the Palos inbound. Questions: Which one (Azure Firewall or Azure WAN) would be best option? What are the pros and cons? Any reference would be of great help.RHEL In-place upgrades and Azure Update Manager
Following the process in this article will cause a disconnection between the data plane and the control plane of the virtual machine (VM). Azure capabilities such as Auto guest patching, Auto OS image upgrades, Hotpatching, and Azure Update Manager won't be available. To utilize these features, it's recommended to create a new VM using your preferred operating system instead of performing an in-place upgrade. According to https://learn.microsoft.com/en-us/azure/virtual-machines/workloads/redhat/redhat-in-place-upgrade, Azure Update Manager will break if any RHEL in-place upgrades are performed due to data/control plane disconnect. As a Microsoft product, this dilemma seems to defeat the benefits of AUM if you're someone like me who uses Redhat 'pet' VMs (as opposed to 'cattle' VMs) for work, and would frankly like to centralize all operations within the lifecycle of a Linux box inside the Azure tenant (patching, upgrading, rollback, any possible automation/application deployment etc). Unfortunately it would seem that this issue is largely something outside of the Azure customer's control. So, to anyone with esoteric Azure knowledge: what gives? Why and how is there a data disconnect between the control planes? What does the process look like from a bird's eye view? Given that the issue exists in the first place I would imagine that there is some kind of developmental contradiction, otherwise a feature like this probably would have been figured out a while ago (or that it is, as I suspect, simply not high priority enough despite a solution which may already exist in development). Furthermore, for those who may have more intimate info on the matter, does any sort of discussion or planning of a solution for this issue exist? With kindness, MadDogOfShimano
Events
Get ready, New York! The Microsoft Ignite 2025 NYC Community Summit is coming to the heart of Times Square — and you’re invited to be part of the energy, insights, and innovation.
Whether you're a ...
In-Person
Recent Blogs
- Copilot/Copilot Studio Integration with SAP (No Code) By integrating SAP Cloud Identity Services with Microsoft Entra ID, organizations can establish secure, federated identity management acro...Oct 31, 2025
- 6 MIN READAs part of the journey to consistently improve Azure reliability and platform stability, we launched Azure Failure Prediction & Detection (AFPD), Azure’s premiere shift-left reliability solution. AFP...Oct 31, 2025
