Recent Discussions
Built a Real-Time Azure AI + AKS + DevOps Project – Looking for Feedback
Hi everyone, I recently completed a real-time project using Microsoft Azure services to build a cloud-native healthcare monitoring system. The key services used include: Azure AI (Cognitive Services, OpenAI) Azure Kubernetes Service (AKS) Azure DevOps and GitHub Actions Azure Monitor, Key Vault, API Management, and others The project focuses on real-time health risk prediction using simulated sensor data. It's built with containerized microservices, infrastructure as code, and end-to-end automation. GitHub link (with source code and documentation): https://github.com/kavin3021/AI-Driven-Predictive-Healthcare-Ecosystem I would really appreciate your feedback or suggestions to improve the solution. Thank you!
Azure Function App Authentication
Hello! I am new to Azure and I am building my first Azure Function App. I want to write a function which get's triggered by HTTP, the request would be sent through Power Automate. Admin requires to have certificate authorization enabled for my Function App. Is it possible to send HTTP requests through Power Automate if certificate authorization is enabled?
Authenticate Azure Repositories in Pipelines
Hi, I'm trying to use Julia's LocalRegistry with Azure DevOps. LocalRegistry is basically a Git Repository with references to other Git repositories. In Azure DevOps I can checkout additional repositories using the following syntax: resources: repositories: - repository: ProjectA type: git name: ProjectA/GitA (...) - checkout: ProjectA However, Julia's LocalRegistry just uses the direct git repo URL and uses an internal git manager to pull the repo and find references. So, per design, I don't use the checkout-feature from DevOps but let Julia clone the Git repo internally. For this step, I can just put a PAT (and here, the SystemAccessToken is not working for me?), put it in the Git-Repo URL and use this for the LocalRegistry. However, I can't include a PAT into the Git-URL-References on the Registry Repo. Thus, Julias LocalRegistry can successfully obtain a copy of the current index, but it fails when it comes to actually pull other projects using the Package Manager with the following error message: error: GitError(Code:EUSER, Class:Callback, Aborting, user cancelled credential request.) What could I do here? How can I add the required credentials?JMS 2.0 based apps on Azure Service Bus Standard Tier
Hello Everyone, I have an app hosted on Azure which uses Azure Service Bus Premium Tier, I need to downgrade the subscription to Standard Tier, to cutdown on expenses as it's a major concern, also it fits my application load. My concern is, my app is based on JMS API 2.0, can I migrate from Premium to Standard? Is JMS API 2.0 supported by Standard Tier? If not, please suggest any solutions or workaround. ThanksHow to deploy n8n on Azure App Service and leverage the benefits provided by Azure.
Lately, n8n has been gaining serious traction in the automation world—and it’s easy to see why. With its open-source core, visual workflow builder, and endless integration capabilities, it has become a favorite for developers and tech teams looking to automate processes without being locked into a single vendor. Given all the buzz, I thought it would be the perfect time to share a practical way to run n8n on Microsoft Azure using App Service. Why? Because Azure offers a solid, scalable, and secure platform that makes deployment easy, while still giving you full control over your container and configurations. Whether you're building a quick demo or setting up a production-ready instance, Azure App Service brings a lot of advantages to the table—like simplified scaling, integrated monitoring, built-in security features, and seamless CI/CD support. In this post, I’ll walk you through how to get your own n8n instance up and running on Azure—from creating the resource group to setting up environment variables and deploying the container. If you're into low-code automation and cloud-native solutions, this is a great way to combine both worlds. The first step is to create our Resource Group (RG); in my case, I will name it "n8n-rg". Now we proceed to create the App Service. At this point, it's important to select the appropriate configuration depending on your needs—for example, whether or not you want to include a database. If you choose to include one, Azure will handle the connections for you, and you can select from various types. In my case, I will proceed without a database. Proceed to configure the instance details. First, select the instance name, the 'Publish' option, and the 'Operating System'. In this case, it is important to choose 'Publish: Container', set the operating system to Linux, and most importantly select the region closest to you or your clients. Service Plan configuration. Here, you should select the plan based on your specific needs. Keep in mind that we are using a PaaS offering, which means that underlying compute resources like CPU and RAM are still being utilized. Depending on the expected workload, you can choose the most appropriate plan. Secondly—and very importantly—consider the features offered by each tier, such as redundancy, backup, autoscaling, custom domains, etc. In my case, I will use the Basic B1 plan. In the Database section, we do not select any option. Remember that this will depend on your specific requirements. In the Container section, under 'Image Source', select 'Other container registries'. For production environments, I recommend using Azure Container Registry (ACR) and pulling the n8n image from there. Now we will configure the Docker Hub options. This step is related to the previous one, as the available options vary depending on the image source. In our case, we will use the public n8n image from Docker Hub, so we select 'Public' and proceed to fill in the required fields: the first being the server, and the second the image name. This step is very important—use the exact same values to avoid issues. In the Networking section, we will select the values as shown in the image. This configuration will depend on your specific use case—particularly whether to enable Virtual Network (VNet) integration or not. VNet integration is typically used when the App Service needs to securely communicate with private resources (such as databases, APIs, or services) that reside within an Azure Virtual Network. Since this is a demo environment, we will leave the default settings without enabling VNet integration. In the 'Monitoring and Security' section, it is essential to enable these features to ensure traceability, observability, and additional security layers. This is considered a minimum requirement in production environments. At the very least, make sure to enable Application Insights by selecting 'Yes'. Finally, click on 'Create' and wait for the deployment process to complete. Now we will 'stop' our Web App, as we need to make some preliminary modifications. To do this, go to the main overview page of the Web App and click on 'Stop'. In the same Web App overview page, navigate through the left-hand panel to the 'Settings' section. Once there, click on it and select 'Environment Variables'. Environment variables are key-value pairs used to configure the behavior of your application without changing the source code. In the case of n8n, they are essential for defining authentication, webhook behavior, port configuration, timezone settings, and more. Environment variables within Azure specifically in Web Apps function the same way as they do outside of Azure. They allow you to configure your application's behavior without modifying the source code. In this case, we will add the following variables required for n8n to operate properly. Note: The variable APP_SERVICE_STORAGE should only be modified by setting it to true. Once the environment variables have been added, proceed to save them by clicking 'Apply' and confirming the changes. A confirmation dialog will appear to finalize the operation. Restart the Web App. This second startup may take longer than usual, typically around 5 to 7 minutes, as the environment initializes with the new configuration. Now, as we can see, the application has loaded successfully, and we can start using our own n8n server hosted on Azure. As you can observe, it references the host configured in the App Service. I hope you found this guide helpful and that it serves as a useful resource for deploying n8n on Azure App Service. If you have any questions or need further clarification, feel free to reach out—I'd be happy to help.Using Azure Firewall as a Gateway for All Outbound Traffic to the Internet
Hey everyone! I just uploaded a new guide on GitHub where I walk through setting up Azure Firewall in a classic Hub & Spoke scenario to manage all outbound internet traffic 🌐. In this guide, you'll find step-by-step instructions on: Setting up the Hub & Spoke network architecture Configuring Azure Firewall to control and monitor outbound traffic This tutorial is part of the hub-and-spoke-playground project, which includes various scenarios and scripts to showcase the benefits of the hub-and-spoke network topology in Azure. You can explore more scenarios and resources in the project’s GitHub repository: https://github.com/nicolgit/hub-and-spoke-playground . Would love to hear your thoughts and feedback!Freeze column headers in Azure DevOps Sprint Taskboard
Hello, Is there any way to keep the column headers in view while scrolling down the Azure DevOps Sprint Taskboard ? 1. Open a project in Azure DevOps and select Sprints in the left menu bar 2. Go to a Sprint's taskboard and scroll down 3. Notice that the Lane headers (New, In Progress, Resolved, Closed) are no longer visible; the user needs to scroll up in order to see in which column (or lane) a task resides.
Alert on Pending Updates
Hi, We've set up several onpremise servers with the Azure Arc agent, to allow us to manage updates via Azure Update Manager. I'd like to get a mail notification with pending updates before the maintenance is scheduled. Azure Update Manager provides a New alert rule (preview) feature that allows me to setup a new alert for pending updates easily. The issue is that it runs every 5 minutes, fires the alert, and sends the email every 5 minutes. Ideally this is sent before the maintenance schedule runs (every 2 weeks), so I know which updates will be applied before they get applied. Changing the frequency of evaluation can be changed to 1 day max, but that will trigger the message to be sent every day. I figured that I could edit the alert rule and change the Query type to Single event (preview), but not sure if that's the solution. When I try this, I cannot edit or save a query. No way to add something to the query and there's no save button: Any idea how I could trigger a Pending Update alert rule to run on a scheduled basis, eg every 2 weeks ? Thanks Best regards, Joeri MichielsRTT information not available
Hi, We are having issues collecting RTT information from users in Australia East DC, the data is not being collected at all. This includes the latest Windows App and tried the latest AVD Remote desktop client, its really important we get this data as we have stood up new AVD pools and need to deal with connection issues. We have tried RTT on UDP and TCP only connections but get the same result. Users are just getting the calculating message and never succeeds: When looking in AVD Insights the data is not collected at all and just comes through as -1ms: We think this may be having a detrimental effect on UDP negotiation connections. Has anyone else come across this, we see no issues with the AVD Session Hosts and gone over the firewall, nothing should be blocking the data. Thanks Kevin
WordPress App how to restrict access to specific pages on the site
Hello all, I have a WordPress App hosted on Azure and I am struggling with how I can secure specific pages from public access. For example: www.mysite.com/wp-admin www.mysite.com/info.php I'd like it so that only specific IP addresses or Microsoft user accounts can access some, such as admin pages and for some pages I'd like no access at all, to where it just blocks any sort of visit. I've viewed the documentation for Front Door and some networking restrictions but that seems to be just IP addresses and I'm confused about how I can set those rule for specific pages within the App. I know WordPress offer plugins which have this sort of functionality but I'd like to take advantage of Azure's security features rather than plugins from WordPress. Any help is very appreciated. Thank youAzure stack HCI VM resourec under another subscription
Hello, I created a hci VM under another subscription (using script, the GUI not support this). The VM and related resources under this subscription in a separated resource group. Unfortunately the details of machine are not shown. This VM is not listed under the HCI cluster\Virtual Machines or Azure VMs. (Only see under resources in RG) Do you have any idea what is the problem? As I read this is a supported configuration. (or not?) ThxAzure VM Windows Server 2022 Domain Joining Issue
We have multiple Windows Server 2022 VMs in a dedicated Resource Group, created as per best practices for each engagement. All firewall roles, VNet, routing, and NSGs are configured, with Azure Firewall set up to communicate with the on-premises Active Directory. Telnet, nslookup, and ping tests are successful, but attempts to join the domain result in an error stating the network path object is no longer available. Any recommendation for effective troubleshooting steps?Azure Local - Design the infrastructure - some bad design choices I have stumbled on
Hi. I wanted to share my lasted blog article where I touch on some of the bad design choices I have stumbled on when working with customers existing Azure Local deployments that broke down or in other ways behaved with poor performance or disruptions. https://www.chkja.dk/2025/07/16/azure-local-design-the-infrastructure/ I hope to inspire and feel free to share your knowledge here in the thread :)
Upgrading a basic public IP address to Standard SKU for Azure Express Route Virtual Network Gateway
hi, There is a well known announcement from MS that the public IP basic sku is going to be retired in end Sep 2025. I have a Express Route Virtual Network Gateway with basic public IP. The Express Route Virtual Network Gateway has "Standard" SKU, which is a non-Az enabled Gateway SKU. I read the some of the guides in MS, but there is some conflicting information on the migration. (1) In https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance It says "New ExpressRoute Gateway is required. Follow the ExpressRoute Gateway migration guidance for upgrading from Basic to Standard SKU." (2) Then in https://learn.microsoft.com/en-us/azure/expressroute/gateway-migration The guided gateway migration experience supports: Non-Az-enabled SKU on Basic IP to Non-az enabled SKU on Standard IP. Non-Az-enabled SKU on Basic IP to Az-enabled SKU on Standard IP. Non-Az-enabled SKU on Standard IP to Az-enabled SKU on Standard IP. Notice that the first point say that for non-Az-enabled SKU, we can just upgrade the public IP from basic to standard sku. So, i am not sure if (1) a new gateway is required or (2) we just press the link to upgrade basic IP to standard IP ? I don't have a spare lab environment to test this for Express Route, so it can be very dangerous in production to do this action without any understanding or fall back plans. Please help.Migrating Builds from TFS 2017 to DevOps Server 2022, a few questions...
Hi all, We are going to be moving to DevOps Server 2022 and our on-prem build definitions will have to be converted to the infrastructure as code, YAML format. The question(s) I have relate to getting started. Currently, with TFS, I just choose New Definition, add/configure the steps or tasks and away the build goes. With the new format, it is my understanding that the build definition is now a YAML script file that will be kept in source control. How do I get started creating this file and where do I store it in source control, or is that all automatically done with a New Definition option? Once I figure that out, I'll be recreating our Definitions with the Classic option for task configuration until I'm up to speed with YAML to script on the fly. Any information or help is appreciated! Thanks!!
Non-SaaS Product GIT Branching Strategy
Dear Team, What’s your recommended approach? A non-SaaS product Two repos - Backend and Frontend Current Approach - Dev, QA and Prod Branches Sprint branch (can’t go with feature branch as multiple unlimited APIs and multiple user stories will impact the same set of APIs) created out of Dev and merged into Dev at end of sprint Post each Sprint Dev branch tagged and PR into QA branch Customers are given Docker images generated out of specific tags from QA branch Now comes the fun part- Say customer 1 on Tag v4.3.0, customer 2 on Tag v4.4.0 and product last release is Tag v4.5.0. Current active sprint once complete would be v4.6.0 Developers currently working on active sprint branch for v4.6.0 Bug 1 reported by customer 1 in v4.3.0 Bug 2 reported by customer 2 in v4.4.0 I can extract the specific tag code, make the changes, then manually make the changes in other tags and release to those customers if common bug, or else manually make the changes in active branch also so that next release it’s not missed What if Bug 1 is a Feature for customer 2 who doesn’t need it? So where will I store these changes? Which branch? I want to avoid having customer specific branches as it becomes a big overhead. Suggestions welcome!Combined SSPR and MFA policy issue
I'm dealing with an issue after migrating to the new MFA and SSPR combined policy, something we need to complete before October 2025. Old situation, before migrating to the new MFA policies: SSPR, separate policy. We do require 2 methods for resetting password, this may include weaker methods like SMS or Email. Legacy MFA policy with Microsoft and third-party authenticators only. User experience: When users are being asked to register an authenticator for the first time, they got the combined registration experience (2 steps) where they register their authenticator and a second authenticator for SSPR which was SMS or email. When the user wanted to reset their password using SSPR they had to authenticate first with their authenticator and the next step was to enter a code they got by SMS or email. All according to Microsoft recommendation and this all worked fine, until I migrated to the new combined MFA policies. Issue: I migrated to the new MFA policies and I still want to enforce 2 methods for SSPR, so an authenticator and SMS or email, however I don't want to allow users to use SMS or email for sign-in as it is not considered as safe. To enforce strong authentication methods, I use "authentication strength" allowing Microsoft and third-party authenticators only. If I wouldn't use authentication strength, I would allow users signing in with SMS as well. (since we now have a combined policy) However, this setup breaks the combined registration and SSPR interrupt mode, it simply doesn't work any more. As soon I apply the authentication strength, the users are only prompted to register an authenticator, combined registration is gone. Funny is that it doesn't even work when I allow SMS in the authentication strength. It allows me to register SMS, still no combined registration (2 methods) So basically, it means that users have to register their second method manually and afterwards in their personal sign-in properties, or I have to remove the 2 methods requirement from SSPR. I'm not in favour of doing this. I submitted a ticket to Microsoft, but I have the feeling they don't understand my issue. They even suggested enabling "Password only" in the authentication strength, as combined registration then suddenly works. Surprising solution as it enables unsecure 1-factor authentication. Anyone who was able to get SSPR and MFA combined registration working while using Authentication strength?
In Azure Devops, How to view all child work items for a dependent feature ?
I have a Epic with few features. In one of the feature, I have a user story that has a related link to other features. Is it possible to see all the features. its child user stories, tasks, bugs that are open for all the associated features ? Epic -> Feature 1 -> User stories -> Tasks, Bugs Epic -> Feature 2 -> User stories -> Tasks, Bugs Epic -> Feature 3 -> User stories -> Tasks, Bugs Epic -> Feature 4 -> Special User story (with relation to Feature 1, 2) -> Tasks, Bugs In the view I want to see all the features (that are associated to Special User story) and its childs Epic -> Feature 1 -> User stories, Tasks, Bugs Epic -> Feature 2 -> User stories, Tasks, Bugs
Modifying Release Retention Policy via the API in Azure DevOps Server
Hi, Is there a way to adjust the Release Retention in the Project Settings, specifically the Maximum retention policy and Default retention policy via the API in Azure DevOps Server? I'm looking to automate this process but am struggling to find clear documentation or references on the appropriate API endpoints or methods.
Query DevOps for Feature duration
We're using the Feature Timeline to create a high-level planning of Features across Iterations. Some are single-iteration features, but some span multiple Iterations. I want to get the Feature information into Excel with the Team addin, including the beginning and ending iteration. However, when I query, I get a single Iteration for each Feature. Which Iteration is returned seems to depend on the first Iteration where the Feature was planned. So I cannot see from the query data whether a Feature spans multiple iterations, and not even if the Iteration returned with the Feature is the first or last Iteration the Feature is planned in. I've included all available Date/Duration/remotely relevant columns to see if I can find out if the information I need is available somewhere. Apparently not: all Date columns except Created/Changed are empty, and there's nothing Duration-like. Since the Feature Timeline 'knows' that some features span multiple Iterations, the information must be stored somewhere. But WHERE? Screenshots included: Feature 26417 in the Feature Timeline, spanning sprints 6 and 7; and the same Feature in a Team query in Excel, showing no date information and only the Iteration Path to sprint 6.
Events
PLEASE NOTE: If you are planning to attend this event, please either use the 'Add to calendar' option below the "Attend" button, or create your own calendar reminder. Clicking attend will not automat...
Online
Recent Blogs
- By Mays_Algebary shruthi_nair As your Azure footprint grows with a hub-and-spoke topology, managing User-Defined Routes (UDRs) for inter-hub connectivity can quickly become complex and error...Jul 18, 2025
- Solution ideas The original framework introduced several Logic App and Function App patterns for SQL BPA, Update Manager, Cost Management, Anomaly Detection, and Smart Doc creation. In this artic...Jul 18, 2025
