On this page:
https://docs.microsoft.com/en-us/azure/billing/billing-how-to-change-azure-account-profile#update-your-countryregion
it says:
"Because of technical constraints, we can't change the country/region for an existing account."
What possible technical constraints would cause this?
dsk
Hi,
At my project we have a system with some queues and functions to process data. It is important to know how long the messages are in the queue so we know the processing speed.
On the Azure dashboard I already added some charts for how many messages there are in the queue, but now I have created a query that calculates the time they are in the queue.
The default metrics charts have a nice metrics bar, which shows averages. The query chart doesn't have a metrics bar.
Is it possible to add a bar for my query?
See screenshot attached I want a bar added to the bottom chart.
Unfortunately I cannot share this particular query, it is based on Timecharts example.
Thanks in advance!
(If this is the wrong forum to ask the question, I am sorry. Please help me to find the right place to ask the question.)
On this page:
https://docs.microsoft.com/en-us/azure/billing/billing-how-to-change-azure-account-profile#update-your-countryregion
it says:
"Because of technical constraints, we can't change the country/region for an existing account."
What possible technical constraints would cause this?
Dear Sir,
site-to-site VPN Gateway between Azure and On-Premise.
whileCreate Local Network Gateway,
for IP address :- can we put dynamic DNS name instead of public IP,
because our internet provider is giving dynamic IP not static.
Thanks and regards.
Bihar Networking Solution Patna - 801503
According to Microsoft you won't be able to use, Configurable Token Lifetime policy after 1 November 2019. AD Conditional Access would replace this option.
So I made a CA that would apply to "Office 365 Exchange Online"and with the condition that it would only apply when accessed through a browser. I changed the Sign-in frequency to 1 hour as a test.
An hour after being signed-in I can still access outlook.office.com without having to sign in again. Anyone know what I am doing wrong?
We still use ADFS 2016.
How toDesigning, planning, Implementation Microsoft Azure, If Possible to share with me video link and url.
- ConfigMgr is my high! Twitter: http://twitter.com/#!/@henrikhoe
azure CLI opens then disappears?
installed azure CLI
installed jnode
Opened azure CLI as administrator
Added jnode and azure CLI to environmental paths
It opens for a few seconds then disappears.
The cmd opens without any cursor then loads for 1 sec then closes.
What is going on?
dsk
Hey, I posted this thread in another site a while ago, but didn’t get any reply. I apologize if you saw this before.
Azure resource locks can be used to prevent accidentally deleting or modifying resources. ReadOnly lock means authorized users can read a resource, but they can't delete or update the resource. Resource Manager locks apply only to operations that happen in the management plane. The locks usually don't restrict how resources perform their own functions in the data plane.
However, applying ReadOnly can lead to unexpected results because some operations that seem like read operations actually require additional actions. For example, placing a ReadOnly lock on a storage account prevents all users from listing the keys. (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources). But depending on your working history in the Portal, your experiences might be different. If you just listed the access keys of a storage account before placing a ReadOnly lock on the storage account, you could still be able to see the keys for a while. Is this because the keys are cached? However, if you start a new Portal session after placing the ReadOnly lock, you would get the message “The resource is locked”. That means you can list the access keys in one Portal session while getting denied from another Portal session at the same time.
You will also see different behaviors when accessing different storage account services. From the Portal session where you can still list the keys, you can still access Blob, File, Table and Queue services; and you can upload blobs to blob containers. However, in the new Portal session where the keys are no longer available, you can’t access File, Table and Queue services. Although you can still access Blob service, you can’t access blob containers. Of course, it is impossible to upload or download blobs/files.
It seems that eventually the “cached” keys would time out. (I don’t know how long it would take.) And the access keys become unavailable in both old and new Portal sessions. At that time, it is impossible to upload/download blobs/files to/from the storage account from the Portal. However, you can still perform data transfer by using Azure Storage Explorer as long as a connection had been established before the ReadOnly lock is placed, or you copied down the access key and set up a new connection.
Placing a ReadOnly lock to a storage account should not prevent data operations with the storage. But it seems in the Portal accessing different storage services needs the access keys. ReadOnly lock prevents getting the keys if it is not “cached” yet. Therefore, you may or may not be able to perform data transfer operations in the Portal.
I don’t know if my guess is correct or not. Hope someone can provide some real explanations. Is there a way to enforce the lock behavior, at least within the Portal, i.e. once the ReadOnly lock is placed on a storage account, we would get the same behavior, whether the operation is allowed or denied, in all existing or new Portal sessions?
azure terraform questions? are you able to answer basic questions.
Where do we place the OS image for terraform to associate with with directory where the *tf file is located?
Will *tf file overwrite any changes already in the OS image? These can be either Images in Microsoft market place or custom images.
If you cannot answer this question please provide a link or a resource on who can answer azure terraform questions that is recommended?,.. a good blog? Does microsoft have a blog for azure terraform?
dsk
I have a credit card and want to create an Azure account with it.
At the same time my brother also want to create an Azure account for learning purposes.
Question :
Is it possible to create two separate Azure accounts (with two different credentials) but with a single credit card?
I have a few computers behaving in the same fashion and looking for some help.
When I try to join a computer via Azure AD - I get the following error:
Server error code: 80192ee2
Correlation ID: not available
Server Message: not available
I can't seem to find any information about this error. However, I learned that if I disable the Geo Filtering in our comapny firewall it will join the domain no problem.
So the question is - how can I determine which country needs to be whitelisted to alleviate this problem.
Just wondering if this is a bug or a limitation? When you want to add a user or security group to the Azure Analysis Services Admin via SSMS this is allowed. Same goes for adding a user to the Azure Analysis Services Admin via the portal.
However, when you want to add a security group via the portal nothing happens. You can click Add, select the group but when you add it it's not reflected and cannot be saved. Therefor I need to start SSMS and connect to each Analysis Service to add the security
group.
The below image shows "obj:e84..."which is a security group normally named something like "MSC-SEC-GROUP" which I've added via SSMS, so the correct naming isn't used for groups as well within the portal.
So two things:
- I cannot add a security group to Analysis Services Admin via the portal
- The name of the security group added via SSMS isn't displayed correctly in the portal's Analysis Services Admins view
Can a IaaS with "premium disks" migrate between different availability zones within the same region?
If we wanted to have HA between servers would it be best to use scale sets or a LB between avail zones(AZ) within the same region? Is there a minimum # of IaaS for a scale set?,... can we do this with two IaaS in a scale set?
I am thinking a LB cannot migrate between AZs within the same region hence would not provide HA?,... please confirm.
dsk
How do I create a policy which whitelists a pre-defined list of IP ranges for Event Hub and Service Bus, when the resource in question is VNET connected through a Service Endpoint?
I found
this sample which does part of what I want, however I am unable to make it trigger only for VNET connected Event Hub resources.
IaaS option to choose availability zone(s) during creation - if a specific AZ not chosen will the IaaS be randomly placed?
My understanding is that each AZ has three data centers so that a IaaS could migrate automatically if there is some kind of failure at a datacenter? And each region has three AZs?
Is there any advantage to placing a IaaS in a specific AZ? I can only think placing a IaaS in different AZs if a scale set is used.
Let me know. thanks.
dsk
Hey, I am learning how to build custom policies and try to understand the difference between the effects ‘Audit’ and ‘AuditIfNotExisits’. The effect ‘AuditIfNotExists’ could have additional properties like different ‘Type’ or ‘ResourceGroupName’ properties. This allows policy evaluation in a different scope/context than that defined in the policy ‘if’ block. And a policy with an ‘AuditIfNotExisits’ effect is evaluated after a create or update request is successfully handled, unlike a policy with an ‘Audit’ effect which is evaluated before the create or update request is handled. However, for simple policy compliance check purpose, the evaluation order difference doesn’t matter.
Regarding the property ‘ExistenceCondition’ in an ‘AuditIfNotExists’ policy, generally speaking, it could be replaced logically by a condition in the if block of an ‘Audit’ policy rule, assuming the same resource ‘Type’ and the same ‘ResourceGroupName’. i.e., the following rule
{ "mode": "All", "policyRule": { "if": { <condition1> }, "then": { "effect": "AuditIfNotExists", "details": { "type": "Resource_Type", "existenceCondition": { <condition2> } } } }, "parameters": {} } |
should be equivalent to the rule
{ "mode": "All", "policyRule": { "if": { "allOf" : [ <condition1>, { "not" : <condition2> } ] }, "then": { "effect": "Audit", } }, "parameters": {} } |
But my multiple tests failed for some unknown reason. For example I have the two following rules
{ "mode": "All", "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, { "not": { "field": "name", "like": "[concat('v','*')]" } } ] }, "then": { "effect": "Audit" } }, "parameters": {} } |
and
{ "mode": "All", "policyRule": { "if": { "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, "then": { "effect": "AuditIfNotExists", "details": { "type": "Microsoft.Compute/virtualMachines", "existenceCondition": { "field": "name", "like": "[concat('v','*')]" } } } }, "parameters": {} } |
Both rules are assigned to a resource group containing two VMs: vmtest1 and server2.
The policy with the ‘Audit’ effect marked successfully the VM ‘server2’ as non-complaint resource and ‘vmtest1’ as complaint resource. However the policy with the ‘AuditIfNotExists’ effect marked both VMs as compliant resources. Even I modified the ‘existenceCondition’ to
"existenceCondition": { "field": "name", "notlike": "[concat('v','*')]" } |
Both VMs still marked as compliant.
I must make a mistake in the ‘AuditIfNotExists’ policy rule definition. Could somebody help me to figure out? Thanks
First of all, please forgive me if this post is in the wrong forum, this seemed like the best match for Azure policy.
Background: My company has implemented a VM tagging requirement. All new and existing virtual machines must be tagged with certain tags in the Name field, "Department" and "Technical Contact" for example.
Solution: I created an Azure policy initiative with multiple "Require specified tag" definitions (one definition per required tag name). Verified this policy works as expected, existing machines without those tags are non-compliant, likewise new VM's
can not be created without those tags.
A new problem has presented itself however. My company also has a requirement to deploy the Network Watcher extension with all new VMs. Unfortunately the extension cannot be deployed with the aforementioned policy in place as the extensions would not have the necessary tags. I'm stuck at this point as I do not see a way to apply tags to extensions nor can I find a way to automatically deploy the Network Watcher extension after VM creation (preferred method).
Another acceptable solution would be to limit the scope of the policy definition to VMs only, excluding all other resources/items created when a VM is created.