After setting up a new Azure Subscription, you'll get errors in the Portal that say Resource Providers are enabled for Azure Services:
Resource provider 'Microsoft.BotService' not registered for the subscription
You might also get the following error message:
(Code: NoRegisteredProviderFound)
To fix these errors, you will need to enable the Resource Providers in Azure so that you can allow management from the Portal.
You can enable these Resource Providers one-by-one manually through the portal by navigating to the Subscription > Resource Providers and clicking the “Register” button, but this can take a long time if you want to enable all Resource Providers.
To add them quickly, you can run a one-line PowerShell command to enable all that are currently disabled.
A company I'm working with is located in multiple countries and has added Multi-Geo licenses for Microsoft 365. Recently, we rolled out Orchestry to streamline requests and approvals for creating new Teams on behalf of staff.
Currently, one of the shortcomings of Orchestry is the lack of support for Microsoft's multi-geo capabilities. If you have a tenant spanning more than one location, you will need to manually move Teams that were provisioned in Orchestry after they've been created. The lack of multi-geo support is not great—a SharePoint Administrator is required to run PowerShell commands to manually move the site to bring it under compliance with any GDPR or other data governance requirements.
This post will detail the steps for a workflow that allows you to provision Teams in Orchestry and have them automatically moved to the correct location using a webhook and an Azure Automation Runbook.
Recently, a company I work with submitted a request to give users the ability to power off and deallocate their Azure Virtual Desktop VMs. They currently have the “Start VM on connect” feature enabled on the Host Pool, but there is no foolproof way to shutdown a VM and deallocate it at the same time. Users were clicking “Shutdown”, but this doesn't reduce the cost of the Azure bill and the company wanted to avoid having an Azure administrator make these power changes.
In general, regular users are not familiar with the Azure Portal and can't be expected to navigate through a series of blades to power off a VM. They also should not be expected to know the name of the Virtual Machine they're signed into to identify which resource they need to select.
To work around these issues, you can create a small shortcut on the Public Desktop in the AVD that sends a PowerShell command to deallocate the Virtual Machine. This solution works great for Personal desktop configurations because only one user is expected to be logged on at a time and no other users will be kicked off. Paired with the “Start VM on Connect” feature, users can have the ability to control their VM status and Azure will only allocate it when they need it.
This post will go through the steps for how you can implement this in your environment and give users the ability to power Azure VMs off and deallocate them at the same time.
Your organization may have a primary domain that's used for sending and receiving email (e.g. bill@company.com), but you may also have other domains that aren't used for email routing (company.net, companywebsite.com). You or another administrator may have setup SPF, DMARC, and DKIM records for these externally facing domains that handle email, but there is still a risk of email spoofing attacks on your non-sending domains.
Without SPF, DMARC, and DKIM records in your DNS, there's a potential for anyone to send email as if it comes from your domain. This can cause you a huge headache as an administrator to clean up and organizations can lose brand trust from customers if they receive these emails.
To prevent this spoofing attack, all you need to do is add 3 records to your DNS config for each domain. These records are used by the recipient's email server to verify whether the sender is authenticated to use the domain. If the record check fails, the message is rejected and the recipient doesn't receive the email.
One of the most important pieces of an Azure Virtual Desktop rollout is to add a TXT record in your DNS service. This will allow users to discover their email address when they sign in to the Azure Virtual Desktop client for the first time.
A company I work with is looking to reduce the cost of their Azure environment. After a quick look, I noticed that they have a number of VMs that are running 24/7 and are not used all the time. Some of these VMs are user-facing and only need to be online during business hours during the week. Other VMs are used for batch jobs and are only used once or twice day. The rest of the time they sit idle, consuming resources and costing money.
Adding some logic to the VMs to start and stop them at certain times of the day can reduce your Azure spend and is easy to implement.
Recently, a company I work with requested a way for users to access a web app that they were hosting on-premises, but didn't want to open up connections to the app to the internet. The app is out of support from the vendor and can't be opened outside of their secure network.
We planned to allow access to the app by instructing users to connect over a VPN, but we found this would be a hassle for users, as they would need to install the VPN client, connect to the VPN, and then launch a browser to access the app. In this case, the site also requires IE11 with a custom extension to be installed. These requirements just to access a single site really made it a headache for users and the Helpdesk received regular tickets from staff who had issues accessing the site.
Instead of the VPN approach, we deployed a Microsoft Edge shortcut in Azure Virtual Desktop. This approach has advantages because it allows users to launch a browser window and jump onto the network that the Host Pool is connected to. If you have your networking configured correctly in Azure, you can access internal sites and apps without going over the internet directly from the client PC. This also allows you to control the browser version and other settings that are configured in the Host Pool. If paired with Intune policies, you can define the browser settings and extensions that are available to users and require certain sites to open in Internet Explorer Compatibility Mode. This could be helpful if you have a legacy app that only works in IE11 and requires a specific extension to be installed.
In this post, I'll show you how to deploy a Microsoft Edge shortcut in Azure Virtual Desktop.
UPDATE: On April 18, 2023, Microsoft released a Public Preview of the new Azure Virtual Desktop app in the Microsoft Store. This should fix the issues noted in this post. Download the new app here: http://aka.ms/AVDStoreClient
I recently had an issue with an Azure AD Joined host pool in Azure Virtual Desktop where users could not successfully login using their Azure AD credentials.
In our environment, both the client computer and the Azure Virtual Desktop host computer are Azure AD Joined. The user was able to log in to their Azure AD Joined computer, but when they tried to log in to the Azure Virtual Desktop host computer, they would get an error message:
Couldn't connect.
Something went wrong when we tried to connect. If this keeps happening, ask your admin or tech support for help.
Error code: 0x9735
Extended error code: 0x0
Activity ID: {e194ae11-b2ed-4d33-9520-c1d5ed140000}
After setting up RedCap in Azure in a previous post, I got a request to add an external person to your RedCap installation. I wanted to document what I did to make it easier for others.
