App Services
201 Topics🚀 Azure Application Gateway: Smart Load Balancing & Security
Ensuring high availability and efficient load balancing is crucial for web applications. Azure offers several traffic management solutions, including Application Gateway, Front Door, Load Balancer, and Traffic Manager. Today, let's focus on why Application Gateway stands out as a powerful tool for managing web traffic. 🚀 Why we should use Azure Application Gateway? 🔹 Layer 7 Load Balancing: Unlike Layer 3 or 4 solutions, Application Gateway makes intelligent routing decisions based on HTTP request properties. For example, requests to /images/ can be directed to dedicated image servers, while /videos/ traffic is routed to specialized video servers. 🔹 SSL/TLS Termination (Offloading): Reduces processing load on backend servers by decrypting traffic at the gateway before forwarding it unencrypted. Note: This might conflict with compliance requirements, so verify your app’s security needs !! 🔹 Autoscaling: Dynamically scales up or down based on traffic patterns, ensuring cost-effective resource utilization. 🔹 Zone Redundancy: Operates across multiple Availability Zones, enhancing fault tolerance without needing separate gateways in each zone. 🔹 Web Application Firewall (WAF): Provides centralized security against common exploits like SQL injection and cross-site scripting (XSS). Built on OWASP 3.1 (WAF_v2), it can function in Detection Mode (alerting admins) or Prevention Mode (blocking threats proactively). 🔹 URL-Based Routing: Enables smart traffic distribution by directing different types of content to the most appropriate backend pools. Example: http://contoso.com/video/* → VideoServerPool 🔹 Multiple-Site Hosting: Hosts multiple web applications on a single gateway, routing requests based on hostname or domain. Example: http://contoso.com → ContosoServerPool 🔹 Redirection & Rewrite Capabilities: ✔ Redirect HTTP → HTTPS to enforce encrypted traffic. ✔ Rewrite HTTP headers & URLs to enhance security (e.g., add HSTS or remove sensitive response headers). 🔹 Cookie-Based Session Affinity: Ensures users maintain session continuity by always connecting to the same backend server. Useful when session state is stored locally. ⚙️ How to Deploy & Configure Azure Application Gateway ⚙️ ✅ Dedicated Subnet: Create a subnet (e.g., myAGSubnet) within a Virtual Network. ✅ Frontend IP: Define whether to use a public or private IP or both (If you configured multiple listeners) to receive client requests. ✅ Backend Pool: Assign backend servers via NICs, Virtual Machine Scale Sets, public/internal IPs, or FQDNs. ✅ HTTP/HTTPS Listener: Specify which port (e.g., 80, 443) will handle incoming requests. ✅ Routing Rules: Set up domain-based (host-based routing) or path-based routing logic. 🔹 Host-Based Routing means routing traffic based on the hostname in the HTTP request header 🔹 Path-based Routing allows you to direct traffic to different backend pools based on the URL path in the request. ✅ Health Probes: Ensure backend servers are online using TCP or HTTP-based monitoring.43Views0likes0CommentsAzure app service getting restarted abruptly
I have an Azure app service with app service plan P1mv3 : 1. We have deployed the .net 8 web api project which has a background service as well. Background service does below things - Get the journal data from one of our on-premises endpoint for 1700 journals. Generate the embeddings for all the journal names in the batches of 100 with a delay of 5 seconds after each batch using Azure open AI. We use these embeddings for vector search in cosmos db to better search by journal title. Delete all the records from existing cosmos DB container in the batches of 100 with a delay of 5 seconds after each batch. We do this as we need to insert the fresh data each week. Insert all the records with embeddings generated in step-2 in cosmos DB container in the batches of 100 with a delay of 10 seconds after each batch. The problem is once we deploy this to app service after verifying that everything works fine on local system, the app service just generates 800/1000 out of 1700 embeddings and just restarts. We can see the logs as "Hosting environment: Production", "Content root path: c:\home\site\wwwroot" etc after our custom logs depicting the progress to generate the embeddings. e.g. Progress: 1000/1700 items embedding results generated.43Views0likes1CommentMastering Azure Cost Management: Essential Tools for Cloud Financial Control in 2025
In today's cloud-first world, effective cost management isn't just about saving money—it's about strategic resource allocation that drives business value. Azure Cost Management provides powerful tools to monitor, analyze, and optimize your cloud spending, ensuring you get maximum ROI from your Microsoft Azure investments. Understanding Azure Cost Management Azure Cost Management is a free suite of tools that provides comprehensive visibility into your cloud spending patterns[7]. It helps you track resource usage, set budgets, and forecast future expenses with precision. This isn't just about cutting costs; it's about smart spending and strategic resource allocation that can give your organization a competitive edge. The platform offers detailed breakdowns of your expenses across various services and resources, allowing you to identify optimization opportunities and make informed decisions about your cloud infrastructure[9]. Key Features That Drive Value Cost Analysis: Your Financial Dashboard The Cost Analysis section provides detailed insights into your Azure spending patterns[2]. This interactive tool allows you to: - View cost trends by day, week, month, or custom time periods - Identify spending patterns and understand cost fluctuations - Detect anomalies or unexpected spikes in your Azure costs For optimal visibility, configure your cost analysis with **Daily** time granularity and **Resource** grouping. This combination provides the most detailed view of your cloud spending, allowing you to identify specific resources driving your costs and make informed decisions about their value. Budgets and Alerts: Stay Ahead of Spending Setting up budgets should be one of your first actions when establishing a new Azure subscription[2]. The Budgets feature allows you to: - Create and manage spending thresholds - Receive email alerts when costs approach budget limits - Get notifications when forecasted spending indicates potential overages This proactive approach helps prevent unexpected charges and enables timely intervention before costs escalate. Advisor Recommendations: Expert Optimization Guidance Azure Cost Management integrates with Azure Advisor to provide personalized cost optimization recommendations[2], such as: - Resizing or shutting down underutilized resources - Leveraging reserved instances for consistent workloads - Modifying service configurations for better cost efficiency As a best practice, regularly check these recommendations to identify new optimization opportunities. What's New in 2025 Microsoft continues to enhance the Cost Management platform with new features. Recent updates include: - New fields for cost allocation for Enterprise Agreement customers[5] - Copilot nudges for proactive cost optimization[5][12] - Introduction of an open data billing format[5] - AI-enhanced cost insights and automation[1] - Improved cost allocation with tag inheritance[1] - Sustainable cloud operations with the Azure Carbon Optimization tool[1] - Expansion of savings plans and reservation models[1] Best Practices for Azure Cost Optimization 1. Right size Your Resources Monitor utilization patterns and adjust your VM sizes based on actual requirements rather than theoretical maximums[3]. Downsizing overprovisioned VMs is one of the most effective ways to reduce Azure expenses[1]. 2. Implement Autoscaling Solutions Autoscaling adjusts the number of compute resources in response to load, maintaining performance without over-provisioning[1]. It ensures only necessary resources are active, directly reducing operational costs. 3. Leverage Azure Reservations and Savings Plans Azure Reservations and Savings Plans offer reduced pricing for predictable workloads by committing to longer terms[1]. They provide substantial savings compared to pay-as-you-go rates and are suitable for workloads with stable requirements. 4. Use Azure Hybrid Benefit Azure Hybrid Benefit allows users to bring their existing on-premise Windows Server and SQL Server licenses to Azure, reducing licensing costs[1]. This is particularly beneficial for enterprises transitioning to hybrid cloud environments. 5. Implement Resource Tagging Use resource tags to categorize your Azure resources according to your organizational structure[2]. This enables precise cost allocation and helps teams understand their cloud spending, fostering accountability across departments and projects. Benefits of Effective Cost Management Organizations that master Azure Cost Management experience several key benefits[10]: - Transparency: Clear visibility into cloud spending enables informed decision-making - Automation: Streamlined financial operations with reduced manual interventions - Budgeting and Forecasting: Accurate planning of cloud expenses prevents surprises - Cost Allocation: Proper distribution of costs to specific departments ensures accountability -Optimization Recommendations: Actionable insights to reduce costs by identifying underutilized resources Conclusion As cloud adoption accelerates, mastering Azure Cost Management becomes increasingly critical for organizational success. By leveraging these tools and following best practices, you can transform your Azure strategy from a financial burden to a catalyst for growth and innovation. Remember that effective cost management isn't just about reducing expenses—it's about maximizing the value of every dollar spent in the cloud, ensuring your Azure investments align perfectly with your business objectives.139Views0likes0CommentsService Bus: Ip has been prevented to connect to the endpoint
Hi Since yesterday we are facing issues with our Azure Functions (ASP) connecting to the Azure Sevice Bus (Standard, not in VNET). This was working before without any issues and since yesterday it is not working anymore on all our environments so I wonder if there is any general issue. Message: Put token failed. status-code: 401, status-description: Ip has been prevented to connect to the endpoint.For more information see:Virtual Network service endpoints The Azure Functions are communication via Nat Gatway and the public Ip address is set in the IP Filter List of the SBN. As far as I deactivate the IP filter to allow any traffic, it is working again. I also can see, that the used outbound Ip is exactly the smae which is set in the ip filter list. We are susing the AMQP protocol. [Error] An unhandled exception occurred in the message batch receive loop (namespace='....servicebus.windows.net', entityPath='.../Subscriptions/...', singleDispatch='False', isSessionsEnabled='False', functionId='Host.Functions.ProcessTripsBc').System.UnauthorizedAccessException : Put token failed. status-code: 401, status-description: Ip has been prevented to connect to the endpoint.For more information see:Virtual Network service endpoints:Event Hubs: https://go.microsoft.com/fwlink/?linkid=2044192Service Bus: https://go.microsoft.com/fwlink/?linkid=2044235IP Filters:Event Hubs: https://go.microsoft.com/fwlink/?linkid=2044428Service Bus: https://go.microsoft.com/fwlink/?linkid=2044183TrackingId:0ac55176-7c9d-4577-bc35-246418724a7d_G0 Regards MichaelSolved172Views0likes1Commenthey words what is power bi
Through the Microsoft Learn Student Ambassador program, I have gained valuable skills in event management, public speaking, and software engineering that I may not have otherwise obtained as a regular student. The program has given me a new sense of purpose in my career, and the confidence to speak at virtual meetings and engage with a global community. If you're interested in becoming a Microsoft Learn Student Ambassador and unlocking these same55Views0likes1CommentAccess Sharepoint Online via Python without access to Azure AD
Hi without going into details I would like to access the Sharepoint/OneDrive via Python using the Microsoft Graph API or Sharepoint REST API. As a first step, I understand that I need to register an app in the Azure Portal. The problem I am encountering (and I haven't found a similar issue during my research) is that I don’t have access to the Azure Portal—only the IT department in my company has access to it. Is it still possible to access Sharepoint via the Microsoft Graph API or Sharepoint REST API without creating the app myself using my Microsoft account? Can IT create and register the app for me and then provide the client_id, client_secret, tenant_id, etc. (essentially a delegated app)? Or is it absolutely necessary for me to have an account in Azure? I have zero experience working with Azure AD, apart from what I’ve read in the documentation and seen on YouTube.389Views0likes1CommentTroubleshooting Azure Function App Proxy with Private Blob Container Access for Static Web App
Recently, I shared a problem I’m facing in my testing environment with a friend. I’ve decided to bring this issue to an open forum discussion to gather additional insights. I hope you can help me figure out what might be missing in my configuration. **Context:** I’m trying to replicate a solution in my test environment but encountering difficulties in a specific scenario. **Scenario:** I have a Function App acting as a proxy for a Static Web App hosted in a Blob Container. This Blob Container is set to private access, meaning public access is disabled. **The Problem:** The goal is for my Function App to authorize users and direct them correctly to the Static Web App. However, it’s not working as expected. **What I’ve tried so far:** 1. Configured Managed Identity for the Function App and granted the necessary permissions to the Blob Container. 2. Properly set up authentication and created the App Registration, which works flawlessly. 3. Verified that the proxy functions correctly when the Blob Container’s public access is enabled. **Current behavior:** - When public access to the Blob Container is enabled, everything works fine. - When public access is disabled, even with the proxy configured, access fails, and an error message "resource not found" is returned. **My questions are:** 1. Do I need to configure something additional in the proxy definition file? 2. Is there a specific setting, like a private endpoint or something similar, that I should implement to resolve this issue? **Additional considerations:** I haven’t configured a private endpoint yet, but I’m considering whether this would be the most appropriate solution for my case. My initial expectation was that granting the necessary permissions to the Function App via Managed Identity would solve the issue, but it hasn’t. I appreciate any guidance or suggestions you can provide!141Views0likes1CommentAzure support team not responding to support request
I am posting here because I have not received a response to my support request despite my plan stating that I should hear back within 8 hours. It has now gone a day beyond that limit, and I am still waiting for assistance with this urgent matter. This issue is critical for my operations, and the delay is unacceptable. The ticket/reference number for my original support request was 2410100040000309. And I have created a brand new service request with ID 2412160040010160. I need this addressed immediately.178Views0likes3CommentsVideo Script to Generating Video with Voiceover
Can anybody provide a step-by-step guide for a beginner user to make an app for Azure to work like Visla (https://app.visla.us/) that converts video text script to high-quality videos with Azure voiceover similar to what Visla offers?98Views0likes2CommentsUpdate App Registration Client Secret Using Microsoft Graph REST API v1.0
Hello, I have a customer who wants to set the App registration Client Secret to 1 year. Here are the customer's requirements: For existing application registrations under ‘Certificates & Secrets’ pane, any new secrets added by owners should have the duration limited to one year. If the owner tries to set the duration greater than one year and clicks ‘Add’ button, the action should not be allowed with proper error displayed. The same behavior should also be applicable to new application registration specific secrets. It should not impact any existing secret that is present (greater or less than one year) for current application registrations. We need a way to enable and disable the global policy in case we want to disable it if something doesn’t work as expected. We don’t want to impact anything else wrt application registrations or anything in service principles. Based on the article you shared; Microsoft Entra application management policy API overview - Microsoft Graph v1.0 | Microsoft Learn Below is the script we are trying to use to add the global policy and set as default policy with isEnabled = true. As we cannot test in a different tenant, can you please confirm the snippet below will work for the above requirements? MgPolicyAppManagementPolicy | select * $policy = @{ "displayName" = "Enforce Max Lifetime for Secrets" "description" = "Policy to enforce a maximum lifetime of 1 year for any new secrets." "applicationRestrictions" = @{ "passwordCredentials" = @{ "maxLifetime" = "P365D" # ISO 8601 duration format for 1 year } } } New-MgPolicyAppManagementPolicy -BodyParameter $policy Update-MgPolicyDefaultAppManagementPolicy -id <ABOVE_POLICY_ID -IsEnabled $true I tried to test it in my own tenant, but I ran to a permission issue. Can someone please confirm if this snippet works against the customer's requirements? Thanks.367Views0likes4Comments