Hi all,
I am trying to create a Policy to prevent virtual machines from being created in Azure.
There is a out-of-the-box template called Not allowed resource typeswhich is great but unfortunately it does not give me the information I need as I cannot find how to use Parameters.
The Parameter example on GitHub does not contain any examples.
How can I modify the Parameter example so virtual machines are blocked?
Hi all
I need to report which VMs don't have this option enabled:
I don't know which cmdlet to use, or where to aim to get this info. Can you help me out? Will you? :)
Thanks,
Dimas
Hi,
We have some resources on Azure for which we need to monitor the resource health and display it on our custom site which is not hosted on Azure. So our site needs to use some API which will get the resource health or status on Azure. So I want to know are there any API exposed by Azure which will give us the required health status of the resource?
Thanks,
Hrushikesh Pande
Hrushikesh Pande
Hi All ,
I'm SCCM administrator and experienced in Windows Server administration, Microsoft Certified Professional and i would like to start learning Azure. which certificate in Azure i should target ?
Thanks
Hi Team,
We are facing issue while connecting the VPN client through proxy server's, It's not get connected. But the same has been getting connected to the internet.
I am attaching the log file which is getting generated while connecting to the server.
=================================================
mdial32]11:22:2403Pre-Init EventCallingProcess = C:\Windows\Explorer.EXEDear Team,
We have Windows Server 2008. We have hosted some application on different cloud. Users has to remember windows Password,EMAIL Pssword & all cloud based application password.
We are looking for Single sign on password for Windows login & all application hosted on cloud.
Kindly advise.
Hi,
We use Azure Policy to enforce certain App Service settings (f.e. Security related).
an example, is the following policy to enforce AppService Security settings
{
"if": {
"anyOf": [
{
"allOf" : [
{
"field": "type",
"equals": "Microsoft.Web/sites"
},
{
"field": "Microsoft.Web/sites/httpsOnly",
"notEquals": "true"
}
]
},
{
"allOf" : [
{
"field": "type",
"equals": "Microsoft.Web/sites/config"
},
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"notEquals": "1.2"
}
]
}
]
},
"then": {
"effect": "append",
"details": [
{
"field": "Microsoft.Web/sites/httpsOnly",
"value": "true"
},
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"value": "1.2"
}
]
}
}
However, when creating a new Azure Function App (via the Azure Portal), I receive the following exception :
{"telemetryId":"bf4d4063-30b8-437b-8ef9-fc221ca30614","bladeInstanceId":"Blade_04ecec6b3dad41bd96c3069383dc4e2f_42_0","galleryItemId":"Microsoft.FunctionApp","createBlade":"CreateBlade","code":"InvalidTemplateDeployment","message":"The template deployment failed because of policy violation. Please see details for more information.","details":[{"code":"AppendPoliciesUndefinedFields","message":"Found policies that refer to an undefined field property for api-version '2016-03-01'. Fields: 'Microsoft.Web/sites/config/minTlsVersion'. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"TA Main PolicySet\",\"id\":\"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d\"},\"policyDefinition\":{\"name\":\"Enforce AppService Security\",\"id\":\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security\"},\"policySetDefinition\":{\"name\":\"TA Main PolicySet\",\"id\":\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet\"}}]'. Please contact the subscription administrator to update the policies.","additionalInfo":[{"type":"PolicyViolation","info":{"policySetDefinitionDisplayName":"TA Main PolicySet","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security","policySetDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet","policyDefinitionReferenceId":"4580426754168807178","policySetDefinitionName":"TA Main PolicySet","policyDefinitionName":"Enforce AppService Security","policyDefinitionEffect":"append","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d","policyAssignmentName":"53a9a736d57544488699247d","policyAssignmentDisplayName":"TA Main PolicySet","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup","policyAssignmentParameters":{}}}]}]}
Best regards,
Jens
Hi all,
I am working on a script to re-name AzureAD Devices.
I have account with "Cloud Device Administrator" permissions, however it seems those are not sufficient to re-name the device objects.
I was reading the following article:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
which points to role "Device Managers" to be what i need. However in the bottom of the page it is noted that the role will be deprecated and should not be used.
Can someone advise which role should be assigned to the user to be able to re-name device object information?
I wish to create a subscription in the German data centre. I understand that the portal is different (https://portal.microsoftazure.de/) however I am not able to log in there with my AAD account. I get the message...
xxxxxx.com isn't in our system. Make sure that you've typed your email address correctly. It usually looks like someone@example.com or someone@example.onmicrosoft.com
This account works fine for the global portal. Is it not possible to use my AAD account in this German portal. If not, how do I signup? I already have an MA with the same email address.
I contacted support via Twitter and they advised I posted here.
Thanks
Hi,
I am unable to execute csom code in timer function app and I am getting 400 bad request
error after executing Execute query statement. The code was executing in visual studio code with out any errors
and please let me know why I am getting this issue. The am trying to connect a different tenant site.
Thanks
Azad
Razvi444
I'm sure this is a very basic question, but having found no answers elsewhere I'm sure someone here can help. We're new to Azure, having recently signed up for Office 365. I'm concerned to find that anyone with the directory role "User"
can log into portal.azure.com and browse our Azure resources including all users. A User also has access to UIs to create new VM's and sign up for Azure service plans. Maybe a User can't actually make any changes (I don't know for sure - I haven't
tried everything), but just to see these options there is disconcerting. I'm very concerned that any of our users or anyone on the Internet who obtains user credentials by whatever means has access to look around - or worse.
Is it possible to restrict Azure portal logins to just a specified set of users or just Global and Limited Administrators? If not, is it possible to make sure that anyone with the User role sees nothing upon logging into the portal? If neither of
those is possible how can I be assured that Users at least cannot make any changes? Thank you for any assistance.
Hello all,
I'm having an issue that my Azure AD is not syncing with my AD server (Hosted on Azure VM).
This is my environment:
AD Server (on premises) -> AD VM (on Azure) -> Azure Active Directory -> Office 365.. etc,..
The sync stops from AD VM (on Azure) to Azure Active Directory, I force the sync from the Synchronization Service Manager on the AD VM (on Azure) server and it's successful.
What else can I check?
Hi All,
We have AAD connect setup with 5 domain partitions syncing to Azure O365. Somehow one of the partitions got unchecked and getting run error "missing partion for run step" for all the cycles whenever it tries to sync the missing domain partition.
Currently we have one running profile with only GUID and we believe that is the one which got unchecked accidentally.
However,I would like to know when i add the domain partition back again to sync, will it create the run profile automatically or I should create it manually.
Kindly advise, it will be better if I get any article reference. Thanks!!
Regards
Afsar
Hi All,
I did not find a category related to "Azure Monitor" ..so i posted the question in Azure management portal category
Can any one please explain on how does Azure categorize which resource to be marked as eligible for auto scale and which are not to be marked as auto scale.When i logged into Azure portal, i do not see any resources marked as eligible for auto scale. Clicked Azure monitor --> Auto scale option. Please reply... Thanks -- Surya
how do we convert an ISO to a Azure template?
Is a azure template the same as a vhd?
dsk
what is the best way or tool to use to modify templates?
We want to modify templates to already have managed disks, a specific VLAN, subscription,...
dsk
Using Safari on a Macbook the portal is not available anymore. The following errors appear on the console:
TypeError: undefined is not an object (evaluating 'u.bootParameters.environment.extensionsMetadata.forEach')
x] – "17:20:45" – "MsPortalFx.Base.Diagnostics.ErrorReporter" – 2 – "MsPortalFx.Base.Diagnostics.ErrorReporter: column: 193
↵line: 26
↵message: undefined is not a function (near '...window.fx.injectCss...')…"
TypeError: undefined is not a function (near '...window.fx.injectCss...')
Please help me!