User Profile
Surya_Narayana
MCT
Joined 3 years ago
User Widgets
Recent Discussions
Re: customizing Stakeholders's setting so that they can only see the shared dashboard in Azure Devops!
hi rebornlately adding some more points on top of Kidd_Ip , Firstly, its great question — this is a common need when you want to give executives, auditors, or clients limited visibility in Azure DevOps without exposing sensitive details like Assigned To or backlog-level information. Unfortunately, Stakeholder access level in Azure DevOps has limited customization options — it’s designed for basic visibility across work items, dashboards, and queries, not fine-grained control. However, you can still achieve your goal with a combination of security group permissions and custom dashboards. Understand Stakeholder access limitations: By default, users with the Stakeholder access level can: View dashboards (if shared with them) View work items and boards (in read-only mode) Cannot edit or create items (read-only) However, they can still see the "Assigned To" field and backlog items if they have project-level read access. Azure DevOps doesn’t provide a field-level security model for built-in fields like Assigned To. Use Security Permissions to Restrict Access You can restrict Stakeholders from viewing boards and backlogs by modifying security group permissions: Go to Project Settings → Boards → Area Paths For the Area Path in question, set: View work items in this node → Deny for the Stakeholders group. This prevents them from seeing the backlog, boards, and queries associated with those work items. They will still be able to see shared dashboards, since dashboards are controlled separately. Share dashboards explicitly0Views0likes0CommentsRe: Azure synapse analytics: understand how to find cost per pipeline
hi kavitha_eswarappa adding to Kidd_Ip That's a great question - understanding cost per pipeline in Azure Synapse Analytics can be tricky because costs are not directly itemized by pipeline in Azure billing. However, you can achieve a good approximation using a combination of Azure Monitor logs, Azure Cost Management, and custom tagging. Here's how you can approach it: Enable diagnostic logging for Synapse Enable diagnostic settings for your Synapse workspace and send logs (especially PipelineRuns and ActivityRuns) to Log Analytics. Go to your Synapse workspace ‚Üí Diagnostic settings Choose to send logs to a Log Analytics workspace Enable these categories: o PipelineRuns o ActivityRuns o IntegrationRuntimeMetrics This gives you detailed telemetry per pipeline and activity, including duration and compute utilization. Use tagging for cost attribution Add tags to your Synapse resources or even dynamically to pipeline runs (for example, customer name or project ID). Example tag scheme: Customer: ContosoProject: DataMigrationPipeline: SalesDataLoad Tags propagate into Azure Cost Management, so you can later group or filter costs per customer, project, or pipeline. Correlate logs with cost data In Cost Management + Billing, you'll see cost data by resource (for example, your Integration Runtime). Use Log Analytics queries to calculate execution time and run frequency for each pipeline, then multiply by the Integration Runtime cost rate. Sample Log Analytics query: AzureDiagnostics| where Category == "ActivityRuns"| summarize TotalRuns = count(), TotalDuration = sum(todouble(DurationInMs))/1000/60 by PipelineName| order by TotalDuration desc Then cross-reference with Integration Runtime cost: Azure-SSIS IR: billed by vCore-hour Synapse pipeline activities (Data Movement, Lookup, Copy): billed per run + data volume Use Azure Cost Management APIs You can pull detailed cost data via Cost Management Query API and join it with pipeline metadata to generate a per-pipeline cost dashboard (Power BI or Log Analytics Workbook). Alternative: Azure Purview + Tags If your pipelines are registered in Microsoft Purview, you can leverage metadata to track which datasets or pipelines belong to which customer/project - and align those to cost tags. Ref links: https://learn.microsoft.com/en-us/azure/synapse-analytics/monitor-synapse-analytics0Views0likes0CommentsRe: Azure SQL Access is Denied reading Azure Storage file
hi JohnTM That’s a common scenario when integrating Azure SQL Database with Azure Storage (for example, when using BULK INSERT, OPENROWSET, or EXTERNAL DATA SOURCE to read a blob file). The “Access is Denied” message typically indicates an authentication or permissions mismatch between SQL and Storage.10Views0likes0CommentsRe: Why do vpn/application gateways need to be in their subnet?
hi Longb1 That’s an excellent observation — and it’s true that Azure’s approach is a bit different from what we’re used to in traditional on-prem networks. In Azure Virtual Networks, resources like VPN Gateways, Application Gateways, and Azure Firewalls are managed services that act as network virtual appliances, rather than simple interfaces within your subnet. Why they need their own subnet: Isolation for managed routing and scaling Azure gateways aren’t regular VMs — they’re platform-managed resources. Placing them in a dedicated subnet allows Azure to fully control routing, scaling, and IP allocation without conflicting with your own workloads. Reserved IP ranges for internal operations The gateway subnet must have a few unused IPs (usually at least a /27 range) so that Azure can deploy internal control plane components, health probes, and HA pairs. That’s why you can’t use all IPs in that subnet — Azure reserves several. Separation of responsibilities Gateways handle sensitive operations (encryption, routing, traffic inspection), so isolating them reduces the blast radius of configuration or security issues in your main subnets. Predictable routing behavior Having a distinct subnet ensures Azure’s routing tables can always unambiguously identify the gateway’s next hop. If it shared a subnet with workloads, route propagation and effective routes could conflict. Why the subnet is small Azure usually asks for a /27 or larger subnet (e.g., 10.0.255.0/27) because that provides enough IPs for HA, future scaling, and reserved system addresses — but it’s still small enough not to waste address space.2Views0likes0CommentsRe: when will Prompt flow feature be available in foundry based projects
hi Hariteja2189 you’re absolutely right to notice the current limitation around Prompt Flow in Azure AI Foundry. According to Microsoft’s documentation, Prompt Flow is currently supported only in hub-based projects, not in the standard Foundry project type. Currently, Prompt Flow appears under Build and customize → Prompt flow only when you create a hub-based project in Azure AI Foundry. For standard Foundry projects (non-hub) the option is not visible/available. There is no public timeline from Microsoft that indicates when (or if) Prompt Flow support will be extended to non-hub Foundry projects. What you can do now If you need Prompt Flow now, consider starting a hub-based project for that workload. Keep using your current Foundry project for other workflows and migrate later if/when the feature is made available. Monitor the Azure AI Foundry release notes and docs (especially the “feature availability across clouds/regions” page) for updates. If this limitation impacts your architecture significantly, consider providing feedback or a feature request through Microsoft’s feedback channels or Q&A forum to influence prioritization.9Views0likes0CommentsRe: Reasoning Effort for Foundry Agents
hi SamLS42 This is a very relevant point when working with reasoning-capable models in Foundry. For the data-plane models under Azure AI Foundry Models (for example the “o*” series reasoning models) the reasoning_effort parameter is documented. You can set it to values like low, medium, or high. For example, the documentation says: “Reasoning models with reasoning_effort allow you to adjust the model’s cognitive load” (e.g., Grok 3 Mini model) Reference sites: https://learn.microsoft.com/en-us/azure/ai-foundry/openai/how-to/reasoning? https://ai.azure.com/catalog/models/grok-3-mini? I couldn’t locate any official documentation that confirms that the Agents API supports the reasoning_effort parameter explicitly. The reference for the Agents service and quick-start articles don't mention it. Therefore, the safe assumption is: No, you cannot currently set reasoning_effort via the Agents API endpoint — at least not publicly documented at this time. Next ? Microsoft’s public roadmap doesn’t show a guarantee of when (or whether) reasoning_effort will be exposed for the Agents API. You may want to open a support ticket or flag this feature request via the Azure feedback forums to see if it is under design. In the meantime: if you need control over reasoning depth, consider using the underlying model invocation (via Foundry Models or the OpenAI-style endpoint) where reasoning_effort is supported, then wrap that in your agent logic.21Views1like0CommentsRe: Health state of vdiadmin session host is 'Needs assistance'
hi msw070588 When a session host in Azure Virtual Desktop (AVD) displays a “Needs assistance” status, it usually means that one or more health checks have failed — often related to the AVD agent, connectivity, or host registration. Here are a few steps you can try to resolve the issue: Check the AVD Agent and Boot Loader Sign in to the affected VM. Open Services.msc and verify the following services are running: Remote Desktop Agent Loader Remote Desktop Agent Remote Desktop Services If any are stopped or missing, reinstall the latest AVD Agent and Boot Loader packages from Microsoft’s official links. Restart the VM afterward. Verify Network and Connectivity Ensure the VM has outbound internet access on port 443. Confirm that DNS resolves the required service endpoints: *.wvd.microsoft.com *.servicebus.windows.net If network security groups or firewalls are in use, make sure these URLs are not blocked. Check the Host Registration Token If the host was recently redeployed or reimaged, the registration token may have expired. In the Azure portal, go to Azure Virtual Desktop → Host pools → [your pool] → Registration key, and generate a new one. Re-register the host using the new key. Re-add the Host (if needed) If the problem persists: Remove the affected session host from the host pool. Re-add it using a new registration key to restore proper health status.12Views0likes0CommentsRe: Trying to ask a question on https://learn.microsoft.com/en-us/answers/
hi dalewebb1 i dont see any issues. site is up and running. support Options for future referennce Visit the Microsoft Support sites page: https://support.microsoft.com/ For documentation/training issues on Microsoft Learn, there’s a support article: Site: https://learn.microsoft.com/en-us/training/support/troubleshooting If you want to open a general Microsoft support request, the https://learn.microsoft.com/en-us/services-hub/unified/support/ provides access to creating tickets. https://learn.microsoft.com/en-us/services-hub/unified/support/31Views0likes0CommentsRe: URGENT: Accidental Deletion of Microsoft Clarity Project - Manual Restoration Request
hi katerina_shchuka sry to hear about the accidental deletion of your Clarity project “Aste Helsinki new”. As checked the official Clarity documentation and, unfortunately, found this key note: https://learn.microsoft.com/en-us/clarity/setup-and-installation/getting-started “Once you delete a project, you will not be able to recover any data associated with that project.” What this means for you: The project and its session data are permanently removed from Clarity when deleted by an Admin. Because of this, manual backend restoration is not supported under standard Clarity operations. If the data is critical, you might consider whether you previously exported any reports, recordings, or analytics from Clarity, since that may be the only available access to the lost information. Next steps you can take: Contact Microsoft Support and request a verification of any archival/back-end options (though these are rare) — share the details you provided (account email, project name, deletion date/time). Ask whether there was any backup retention at the service level for your tenant (some enterprise agreements may offer extended data retention). For the future: implement a regular export / backup process for Clarity session data, so you have a local copy of critical reports.8Views0likes0CommentsRe: Azure Firewall query
hi SB V this is a common design consideration when centralizing security and routing across multiple Azure subscriptions. Option 1: Azure Firewall in a Hub-and-Spoke Architecture If your goal is to centrally inspect, filter, and route traffic between spokes (subscriptions) and the internet, Azure Firewall deployed in a central security hub is often the right choice. How it works: You create a hub VNet containing the Azure Firewall. All other VNets (from multiple subscriptions) connect via VNet peering or Virtual WAN hubs to this central hub. The Firewall manages east-west (inter-VNet) and north-south (internet) traffic. You can route all outbound internet traffic to your on-prem firewall (Palo Alto) through VPN or ExpressRoute using User Defined Routes (UDRs). Pros: Full Layer 3–7 inspection (with Threat Intelligence, DNAT, FQDN, and TLS inspection). Centralized policy management using Firewall Policy. Native integration with Azure Monitor and Sentinel for logging and analytics. Works across subscriptions and tenants. Cons: More manual setup for complex routing scenarios. Cost can increase with large data throughput. If you want dynamic routing and large-scale branch connectivity, Virtual WAN may scale better. Option 2: Azure Virtual WAN with Secured Virtual Hub If you’re managing multiple regions, branches, or large-scale environments, consider Azure Virtual WAN with Secured Hub (Azure Firewall Manager). How it works: Provides centralized, automated routing and connectivity between VNets, branches, and on-prem. Each region can have a “secured hub” with Azure Firewall managed via Azure Firewall Manager. Simplifies global routing — all traffic can be forced through your on-prem Palo Alto firewalls or Azure Firewall as per policy. Pros: Scalable for global/multi-region design. Simplified management — no need to manually configure peering/UDRs. Integrated with Microsoft’s backbone network for optimized performance. Built-in security and routing orchestration with Firewall Manager. Cons: Slightly higher cost for small or single-region environments. Less granular control if you need custom routing per subscription. Recommendation For a single-region, centralized control model, use a Hub-and-Spoke with Azure Firewall. For a multi-region, large-scale, or hybrid setup (especially with branch offices), Azure Virtual WAN (Secured Hub) is the better long-term option. You can also combine both: use Azure Firewall inside a Virtual WAN Secured Hub to route traffic to your Palo Alto firewalls for final outbound inspection.0Views0likes0CommentsRe: Windows 7 What Browsers will still work with Windows 7?
hi wayne3842 That's a great initiative to help your neighbor's grandson get started with computers! Unfortunately, Windows 7 has reached end of support (January 2020), and most modern browsers (like Microsoft Edge, Chrome, and Firefox) no longer support it due to missing security updates and outdated system components. A few points to consider: Modern browsers: Microsoft Edge and Google Chrome no longer work on Windows 7. Firefox dropped official support in September 2023. Possible alternatives: You might try Mypal or Pale Moon, which are community-maintained browsers that can still run on older systems, though they have limited security protection. Best long-term option: If possible, consider upgrading the device to Windows 10 (it still runs well on older hardware, especially with an SSD). This will allow access to Microsoft Edge and other modern browsers - with much better performance and security. If upgrading isn't an option, make sure the system is offline or used only for local learning (like typing practice or basic coding) to avoid security risks.130Views0likes0CommentsRe: AZURE AD Contacts problem
hi kwo This is a known situation that can occur in hybrid environments where contact objects (typically Mail Contacts) get orphaned in Microsoft Entra ID (formerly Azure AD) after user deletions in on-premises AD. These orphaned objects often remain under Contacts because they were originally synced via Exchange attributes, not directly through the user object itself. Here are some steps you can try to resolve it: a.Check if they’re actually “Contact” objects in Entra ID Run this in Microsoft Graph PowerShell: Get-MgContact | Select-Object DisplayName, Mail, Id If they appear here, it means they exist as contact-type objects, not users. b.Clean up orphaned contacts manually If confirmed, you can delete them with: Get-MgContact | Where-Object {$_.Mail -like "*@yourdomain.com"} | Remove-MgContact (Use filters carefully — test with -WhatIf first!) c.Check Exchange Online for mail contacts Sometimes, these are actually Mail Contacts synced via Exchange Online Directory. Run: Get-MailContact | Select DisplayName, ExternalEmailAddress If they appear here, remove them with: Remove-MailContact -Identity "DisplayName" d.Run a Full DirSync / Entra Connect sync cycle Force a sync to ensure the deletions replicate properly: Start-ADSyncSyncCycle -PolicyType Initial e.If still stuck It could be an issue with Exchange Online Directory sync caching. In such cases: Open a Microsoft 365 Admin Support ticket Ask them to check for stale “DirSync: Contact” objects and perform a backend cleanup.14Views0likes0CommentsRe: I am getting message, 'to edit files in this free version of word, they must be saved to Onedrive.'
hi Sharjeel Faiz That message usually appears when you’re using the free (web-based) version of Microsoft Word or an unlicensed desktop copy of Office. The free version requires saving files to OneDrive because it’s tied to your Microsoft 365 account in the cloud. Here are a few things you can try: Check if Word is activated Open Word → Go to File > Account Under Product Information, see if it says “Product Activated.” If not, you’ll need to sign in with a Microsoft 365 subscription account or enter a product key for Office 2021. If you’re using Word for the web (browser version): The web version only supports saving and editing files on OneDrive. To edit local files, download and open them in the desktop version of Word. If you already have the desktop version installed: Make sure it’s fully updated via File > Account > Update Options > Update Now Then restart Word and try opening the file again from your local drive.17Views0likes0CommentsRe: Migration from Microsoft Entra Connect Sync to Entra Cloud Sync
hi Ivane99 It’s best not to manually disable the OUs right away. Instead, follow a phased approach using staging mode first: Set up Cloud Sync in staging mode. This lets you safely test synchronization — it reads your data but doesn’t export changes to Entra ID. Validate everything. Check that your users, groups, and attribute flows look correct in staging mode. Uncheck those OUs in Connect Sync. Once validated, disable those OUs in your existing Entra Connect configuration to avoid duplicate sync. Turn off staging mode. Cloud Sync will then start syncing those OUs for real. This method avoids accidental deletions and ensures a smooth handoff between sync engines. Also refer the site: https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/tutorial-pilot-aadc-aadccp17Views0likes2CommentsRe: Azure Virtual Desktop External Identities
hi tadhgclifford Since the feature is still in public preview, the setup can be a bit tricky because some configurations aren’t yet fully automated. A few things to double-check: App Assignment: Make sure the external user (B2B guest) has been explicitly assigned to the AVD application group — this doesn’t happen automatically even if the user has directory access. Group Membership Propagation: If you’re using Entra groups for app assignment, verify that the guest user appears in the group as a member (not pending). In some cases, it can take a few minutes to sync through Entra ID before AVD recognizes the user. RBAC Permissions: Confirm that the external user has at least the Desktop Virtualization User role on the AVD application group resource scope. Supported Client: External identities currently work only in the latest version of the Windows Desktop client (and sometimes not yet in the web client). If you’ve confirmed all of the above and still don’t see resources, it may help to collect logs via the AVD client diagnostics tool and raise a ticket through Azure Support — they can verify if your tenant has full External Identity preview enablement.21Views0likes2CommentsRe: Migration from Microsoft Entra Connect Sync to Entra Cloud Sync
hi Ivane99 here are few recommendation you should try - yes, what you’re observing is a known behavior when running Microsoft Entra Connect Sync and Cloud Sync in parallel for different organizational units (OUs). Each synchronization method maintains its own connector space and object anchoring, so dependencies (like group memberships or user-linking between sync types) aren’t shared across the two sync engines. In your case, since users are synced by Entra Connect Sync and mail groups by Cloud Sync, the Cloud Sync agent doesn’t have visibility into the user objects managed by Connect Sync — which is why it can’t process group memberships or update Entra ID accordingly. A few recommendations to help you move forward: Plan a full cutover per OU type (users, groups, etc.) Avoid splitting dependent OUs between the two sync methods. When possible, migrate all related objects (users, groups, and memberships) together under a single synchronization type — ideally Cloud Sync if that’s your long-term goal. Use staged migration You can follow Microsoft’s documented staged approach to transition from Entra Connect to Cloud Sync. It allows gradual migration by disabling sync on the Connect side once the Cloud Sync agent fully manages that OU. Plan a migration to Microsoft Entra Cloud Sync Verify attribute flows Ensure attributes like memberOf and objectGUID are correctly populated and that your Cloud Sync agent is configured with the proper scope filters and join rules. Licensing and group-based access Since you’re using dynamic or license assignment groups, confirm those group memberships resolve correctly once objects are fully synced by the same engine. You don’t necessarily need to sync all OUs at once, but for objects that depend on each other (like users and groups), they should be moved together to the same sync method to maintain relationship integrity. Hope that clarifies the behavior — you’re definitely on the right track, and once all dependent OUs are migrated to Cloud Sync, the issue should resolve itself.10Views0likes0CommentsRe: Outlook trying to log in to azure servers before mail server
hi Johan18 This usually happens because newer Outlook builds attempt modern authentication (OAuth) or autodiscover lookups through Microsoft 365 endpoints before connecting to your on-premises or third-party mail server. When your mail server blocks cloud sources, Outlook may appear to “connect to Azure servers first.” A few things you can try: [ take backup before you do ] Disable modern authentication for that profile (if you’re using basic auth or IMAP/POP): Go to Control Panel → Mail → Email Accounts → Change → More Settings → Security tab. Uncheck “Always prompt for logon credentials” and ensure it’s not configured for modern auth. If it’s Exchange, you may need to force RPC over HTTP instead of MAPI over HTTP. Manually configure the account Skip autodiscover and set incoming/outgoing mail server names manually. Disable the “Guess smartly” options by creating the profile from Control Panel → Mail → Show Profiles → Add. Registry policy (advanced) You can disable Microsoft 365 autodiscover lookups by adding this registry key: o [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover] o "ExcludeHttpsAutoDiscoverDomain"=dword:00000001 o "ExcludeSrvRecord"=dword:00000001 o "ExcludeExplicitO365Endpoint"=dword:00000001 (Restart Outlook after adding these entries.) Test with Outlook Web Access or another client If the second account works fine, compare its connection type under File → Account Settings → Server Settings. These steps prevent Outlook from defaulting to Microsoft 365 autodiscover endpoints and force it to connect directly to your configured mail server.4Views0likes0CommentsRe: Surface Pro 4, ESU: Registration fails without any error
hi Detlef_Huss here is my view, the “Registering for extended security support” window closing with no error usually points to a missing prerequisite or a silent activation issue. A few quick things to check: Update everything first – make sure all latest Windows updates and the ESU preparation package are installed. Network access – confirm your device can reach Microsoft activation servers (no proxy or firewall blocks). Re-enter ESU key – open PowerShell as admin and run: slmgr /ipk <your-ESU-key> slmgr /ato Check Event Viewer under Applications and Services Logs → Microsoft → Windows → Security-SPP for activation errors. Restart and retry registration — sometimes it completes only after the next update cycle.6Views0likes0Comments
Groups
Global Cloud & AI Community
The Global Cloud & AI Community Learning Room is a collaborative space for everyone who is eager to learn Microsoft Azure, Artificial Intelligence (AI), Copilot, Intune, Defender for Cloud, XDR, Sentinel, Azure Hybrid Administration, and a lot more. Members are encouraged to post technical issues to get a solution from the experts. This learning room offers various resources such as training sessions, workshops, and webinars that are designed to enhance the skills of anyone who is interested in learning about Microsoft technologies. Members are welcome to participate in discussions, share their experiences, and contribute to the community’s collective knowledge. They gain opportunities to explore best practices, exchange real-world experiences, and grow their expertise while networking with a diverse global audience.
Microsoft Hero Community
Welcome to Microsoft Hero Community, an official Microsoft Learn Learning Room dedicated to empowering learners through a strong focus on Microsoft Cloud technologies. We regularly host sessions, events, webinars, and training programs to support your growth and success. Join us on your cloud journey, we’re here to help every step of the way!Latest Activity: Nov 08, 2025
Modern Development with Azure Integration and AI
Learn how Azure supports Modern Application development, within the Microsoft Stack, with AI and cutting edge integration services.Latest Activity: Nov 06, 2025Recent Blog Articles
No content to show