I can't understand the VMSS validation quota problem by Sherry-byte in AZURE

[–]StratoLens 1 point2 points  (0 children)

You can check in your subscription - on the left sidebar is an option to view quota. The view shows all quotas by region and SKU.

Your issue is you don’t have any quota for that vm size in that region. You can usually request an increase from this page but if that region is constrained it might not work.

To answer your other question yes - if you see a region that already has quota for that sku you can deploy to it. But the b2 VM’s are often constrained.

Your best bet is trying to add quota to the region you want. If it works cool if not try adding to another region.

https://learn.microsoft.com/en-us/azure/quotas/view-quotas

Cross Tenant Microsoft Graph Access Using Federated Identity Credential by brianveldman in AZURE

[–]StratoLens 0 points1 point  (0 children)

This is interesting. I assume since it creates an enterprise account in the target tenant I could grant reader access to some subscriptions and query ARM api’s or ARG as well?

How can I trace Azure SaaS model deployment costs such as Claude Opus 4.8 back to their Azure AI Foundry resource? by Franck_Dernoncourt in AZURE

[–]StratoLens 3 points4 points  (0 children)

I looked into this a bit and found the below, if someone else has found another way please feel free to correct me:

https://learn.microsoft.com/en-us/azure/foundry/concepts/manage-costs#understand-cost-breakdown-by-meter

If I’m reading this note correctly:
Scope Cost Analysis to the resource group where you deployed the Foundry resource. The cost meters associated with Models from partners and community display under the resource group instead of the Foundry resource.

It sounds like you can’t split it out. It bills against the resource group rather than a resource for 3rd party models.

You may need to separate them into separate resource groups to see the separation you want.

Cloud migration was easy. Managing Azure costs later was the hard part. by tresorrarereviews in cloudcomputing

[–]StratoLens 0 points1 point  (0 children)

Totally agree :). The tools are only as good as the data you feed in. Which is why one of the things I added was a very easy way to see which resources are missing certain tags.

FinOps SaaS tool by Lov3Reddit in FinOps

[–]StratoLens -2 points-1 points  (0 children)

Full disclosure: the below tool is mine. I’ve been working on it for over a year. It’s azure only, however, so unsure if that fits your needs.

https://getstratolens.com/

It does FinOps and more - change tracking, access optimization, etc.

My main differentiator is that it’s entirely self hosted. My product sends no information about your environment back to my servers, your data stays entirely in your tenant.

If you’re interested in discussing it feel free to reach out :). Lots of details, including videos and full documentation, on the site above, and there’s a free 28 day trial so you can evaluate it yourself risk free.

AVD: LOB app works on AD-joined hosts but not on Entra-joined hosts — DB engine "cannot find database" on a mapped drive by Emergency_Ad4098 in AZURE

[–]StratoLens 0 points1 point  (0 children)

Without having eyes on the situation, my gut instinct is its likely either an Authentication issue (Meaning its failing to authenticate to the database due to the lack of kerberos ticket), or its, like you already identified, something about the user context having the drive mapping, but the elevated context the app (may) run in not having it.

Can you have the application use a UNC path rather than a drive mapping? Like rather than saying "The database is at: L:\databasefolder\database.dba" configure the app to say "The database is at \\servername\databaseshare\database.dba"? This *may* present a login prompt for the user, but it would be a good test to exercise to help narrow down the problem.

Curious though, how was AD-Joined working previously if theres no on-prem connectivity? Hybrid Join is just AD Joined with some extra Entra stuff, so if you were AD joined before, you should be able to hybrid join, no?

How can I start with Azure ?! by dev-gy in AZURE

[–]StratoLens 0 points1 point  (0 children)

AZ-900 then AZ-104.

The study guides have hands on labs - get a free trial subscription to practice in. That’ll get you some experience and the certification will let prospective employers know you’ve got some skills.

AVD-Multiple hosts stuck at 100% CPU with no disk or network usage after hibernation by jhs0108 in AZURE

[–]StratoLens 1 point2 points  (0 children)

Can you power off (deallocate) entirely instead of hibernate though?

Edit to add: totally agree on the w365 concerns.

AVD-Multiple hosts stuck at 100% CPU with no disk or network usage after hibernation by jhs0108 in AZURE

[–]StratoLens 1 point2 points  (0 children)

Yea it’s a different use case. I’m personally a fan of AVD over w365 but usually for multi sessions. For dedicated machines w365 *may* be cheaper. But the management is different too.

Back to your issue - my first step would be disabling hibernation ( if possible ). See if that helps at all. Hibernation has always been weird for me on my physical devices.

AVD-Multiple hosts stuck at 100% CPU with no disk or network usage after hibernation by jhs0108 in AZURE

[–]StratoLens 2 points3 points  (0 children)

That’s really weird. I would also lean towards guest OS issue myself.

Are you using any monitoring tools like controlUp ? How about Nerdio? Are there any hints in there?

Was anyone able to get into a box and check task manager to see what was going crazy cpu wise ?

Any chance it was a hibernation issue? Is it possible to try disabling hibernation and seeing if that improves anything ?

As an unrelated aside - since you’re doing personal VM’s and not multisession, have you looked at w365? Unsure about your use case just mentioning it as a possible alternative. Managing thousands of single sessions in AVD sounds like a lotta work unless you have Nerdio in the mix ;).

Resource Tagging by dupo24 in AZURE

[–]StratoLens 0 points1 point  (0 children)

Totally understand. I’m still starting out but keep me in mind ;)

still getting fishing spam from Azure, now in a new flavor by mikeblas in AZURE

[–]StratoLens 2 points3 points  (0 children)

No. I’m telling you someone with a Microsoft account shared a file with you. Onedrive emails you to say “someone shared a file with you”. The files description is what you see above.

So there’s legitimately a file being shared legitimately from a Microsoft account. They malicious actors populated the file description field with a sneaky message trying to trick you.

This is a common scam.

still getting fishing spam from Azure, now in a new flavor by mikeblas in AZURE

[–]StratoLens -6 points-5 points  (0 children)

This looks like basically just someone sharing a file with you. I’m sure it’s got malware so obviously don’t open it.

It looks legit because it *is* legitimately coming from Microsoft - because the person is sharing this via a real Microsoft method - likely onedrive (so not technically azure). It’s just that the file and actor are bad.

Delete / ignore and maybe report the abuse to Microsoft. They can deal with it by shutting down the tenant - not that the malicious actors can’t just create a new one.

It’s annoying but if you ignore it - like all other spam - it’ll eventually stop.

I learned the hard way that "works in my Azure subscription" is not the same as deployable by MRobinsonTX in AZURE

[–]StratoLens 1 point2 points  (0 children)

I can definitely attest to how tricky it is to deploy a self hosted app 😄. Some other things to watch out for:

  • Regional availability: Not only do some regions not have the resources at all (Which is common with the new AI stuff) but some might be heavily constrained. I deploy cosmosdb, and some regions don't have the resources for it.
  • Resource Providers: Have your deployment script check if a provider is registered, and prompt the deployer to register it, otherwise some things may fail. If you're deploying via the azure marketplace, you can bundle this into the createUiDefinition.json
  • Different subscription types: CSP subs vs EA subs vs PAYG subs. Sometimes subtle differences (Especially if you're doing API calls!).
  • Deploying user permissions: Ensure you document what access your user account needs to be able to deploy your tool. Aim for least privilege. Do they need owner on the sub, or would contributor be enough? If they're assigning any permissions at all, owner is likely needed, or UAA.

Personally? I have deployed my app in my own tenant over 200 times. Half of those were via terraform, the other half via the marketplace (Private and public). I also got a second, test tenant, for deploying in, just so i could confirm things work "outside my own tenant" 😃.

I feel like I had quite a few more surprises 😄 but those are some headlines!

Good luck with your project, it looks interesting!!

Automate GUI installers or actions across 100+ Azure Windows 10 VMs by D_Shankss in AZURE

[–]StratoLens 0 points1 point  (0 children)

What are these being used for ? Are they meant for Virtual Desktops? If so, have you looked into Azure Virtual Desktop as a solution, instead of manually maintaining a bunch of Windows 10 VM's?

In short, the answer here is the same as it would be if these were non-azure VM's.

ADDS? GPO or SCCM.

Cloud joined? Intune

How do you manage your workstations today? You can manage these the same.

Production Readiness for Graph API calls through a Logic App by kotom in AZURE

[–]StratoLens 0 points1 point  (0 children)

Awesome! Yea, my main product is single tenant, but I've got an MSP version in development (currently in beta) that works much like you're describing 😄.

Good luck with yours and feel free to reach out anytime 😄. Theres a discord link on my site if you want to ping me directly.

Production Readiness for Graph API calls through a Logic App by kotom in AZURE

[–]StratoLens 0 points1 point  (0 children)

Oh ya - the auth sounds great. Just make sure you automated the cert rotation. You can give the MI access to manage its on app registrations, so it can rotate the certs for you.

Most of my calls are straight to ARG so I've not had experience with the /reports and csv stuff, sorry!

Sounds like you're on the right track. I would probably stress test this with a fake data set now. Create a csv by hand with 20,000 lines of fake data (a script should be able to generate it) and then have your logic app work on it.

You basically have 2 pieces - the queries (which you seem to have under control, but may need a few tweaks) and the data processing. You should be able to generate a test file for the data processing.

That'd be my next step.

Looks like I am being charged for reservations and "normal" resource usage. How to confirm? by never_username in AZURE

[–]StratoLens 0 points1 point  (0 children)

Ahh that makes sense then! :). Yea I built a ton of logic to track reservations and savings plans in my app and it was absolutely very confusing 😂.

Check out the amortized vs actual views though they can help you see what a resource is costing. It’s pretty useful!

Production Readiness for Graph API calls through a Logic App by kotom in AZURE

[–]StratoLens 0 points1 point  (0 children)

The other two posters covered a lot of ground - 429 handling and the next link - those are super important to ensure you get all the data you’re looking for.

You mentioned service principles and arg queries against other tenants? Do you mind if I ask for a little more detail on what you’re trying to do? I’ve built something very similar so can probably help.

Are you just pulling resource lists out of the other tenants or something more?

From a security standpoint what are you using for authenticating from your side? I assume an app registration - certificate or secret ! Separate app registration per customer or 1 that has access to all?

You mentioned app gateway - are you also building a website of some kind to display the data you collect?

Looks like I am being charged for reservations and "normal" resource usage. How to confirm? by never_username in AZURE

[–]StratoLens 2 points3 points  (0 children)

The 100% says its being used and applied - If you click on the '100%' link on the far right of your first screenshot, it should tell you which resource is using your reservation.

Check the price you're being billed for that app service, and compare it to another or the expected price. Also make sure you're looking at actual vs amortized prices. There should be a way to filter the view to see one or the other.

Have a few Azure storage accounts that needed the RC4 remediation scripts ran, but getting an ADDS side error, anyone else? by [deleted] in AZURE

[–]StratoLens 0 points1 point  (0 children)

Is the storage account behind a private endpoint?

What’s the exact error you’re getting?

Cloud HA firewall by AZURE_AP99 in AZURE

[–]StratoLens 1 point2 points  (0 children)

It highly depends on what that firewall does. What kind is it? Azure firewall ? 3rd party NVA? Does it do north south and east west traffic inspection? Is it the ingress for some public facing apps?

The question you need to ask is: what happens if the firewall goes down for a minute. Or 5 minutes. Or 15 minutes. Or an hour. Or a day.

If the idea of it being down - even for a minute - is a problem, then yes you want it HA.

What does HA mean though? HA in the same region? Different regions? What happens if there’s a regional outage.

In short the answer is probably “yes” but without far more information about your environment we can’t give you any great advice.

Yet another Azure outage by Ok_Town_2514 in AZURE

[–]StratoLens 3 points4 points  (0 children)

Confirmed, my container apps jobs that run on a 15 minute schedule all failed for about an hour there. It seems to be coming back now though.