New Service Improvement Idea: AVD Performance Insight Dashboard
Overview: Enhance the Azure Virtual Desktop (AVD) experience by introducing a dedicated dashboard that displays real-time CPU and memory usage for each AVD session along with the top 10 processes consuming CPU. This dashboard will empower IT administrators to quickly diagnose performance issues and optimize resource allocation. Key Features: Real-Time Monitoring: Display live CPU and memory metrics per AVD session. Auto-refresh capability to capture real-time performance changes. Process Analysis: Show a list of the top 10 processes consuming CPU per session. Provide detailed process metrics including CPU percentage, memory footprint, and process IDs. Historical Data & Trend Analysis: Archive performance data to visualize trends over time. Enable administrators to identify recurring patterns or spikes in resource usage. Alerting & Notifications: Set custom thresholds for CPU and memory usage. Generate alerts for sessions or processes that exceed set limits, triggering proactive remediation. Integration with Existing Tools: Seamlessly integrate with Azure Monitor and Log Analytics for deep-dive analysis. Export data to Power BI for advanced visualization and reporting. User-Friendly Interface: Interactive dashboard design with filtering options (e.g., by session, time frame, or specific metrics). Drill-down capability to analyze individual sessions or processes in detail. Benefits: Enhanced Troubleshooting: Quickly pinpoint performance bottlenecks by identifying resource-intensive sessions and processes. Proactive Maintenance: Early detection of abnormal resource usage allows for timely intervention before issues escalate. Optimized Resource Management: Understand usage patterns to make informed decisions on scaling, workload balancing, and capacity planning. Improved User Experience: Reduce downtime and performance issues, leading to smoother end-user operations in the virtual desktop environment. Implementation Considerations: Data Collection: Leverage AVD session performance counters and existing telemetry from Azure Monitor. Dashboard Development: Use modern visualization tools (e.g., Power BI or Azure Dashboard) for an intuitive user interface. Security & Compliance: Ensure data privacy and compliance with government/federal cloud standards where applicable.
Need insight to domain join failures for session host configuration
We are trying to use the session host configuration for a new AVD host pool. We have confirmed that it can join computer to the specified OU without difficulty when we do it manually, and that the key vault access is intact since the local admin is created without issue. But any new session hosts fail to join to the domain. They're created with all other specifications. If we try to add them manually it seems to create some kind of instability in the FSLogix where it will then permanently hang for users when trying to log off. It would be good if we had insight to the domain join failures so we don't have to manually join them. In the deployment I can see the network, the VM, and a DSC, but that DSC is only for joining to the AVD Host pool. I don't see anything in it to join using the key vault credentials.
Qualys Vulnerability management integration with Function app
Hello, I have deployed Qualys VM with sentinel by Azure function app. I am not getting any error, function app is working fine. I am getting blank output: Furthermore, I have not added any filter parameter in environment variables and don't have any idea what could be added here. Since the output is blank Qualys data connector is showing status disconnected. If anyone can help me out please comment below. TIAAutomating the Linux Quality Assurance with LISA on Azure
Introduction Building on the insights from our previous blog regarding how MSFT ensures the quality of Linux images, this article aims to elaborate on the open-source tools that are instrumental in securing exceptional performance, reliability, and overall excellence of virtual machines on Azure. While numerous testing tools are available for validating Linux kernels, guest OS images and user space packages across various cloud platforms, finding a comprehensive testing framework that addresses the entire platform stack remains a significant challenge. A robust framework is essential, one that seamlessly integrates with Azure's environment while providing the coverage for major testing tools, such as LTP and kselftest and covers critical areas like networking, storage and specialized workloads, including Confidential VMs, HPC, and GPU scenarios. This unified testing framework is invaluable for developers, Linux distribution providers, and customers who build custom kernels and images. This is where LISA (Linux Integration Services Automation) comes into play. LISA is an open-source tool specifically designed to automate and enhance the testing and validation processes for Linux kernels and guest OS images on Azure. In this blog, we will provide the history of LISA, its key advantages, the wide range of test cases it supports, and why it is an indispensable resource for the open-source community. Moreover, LISA is available under the MIT License, making it free to use, modify, and contribute. History of LISA LISA was initially developed as an internal tool by Microsoft to streamline the testing process of Linux images and kernel validations on Azure. Recognizing the value it could bring to the broader community, Microsoft open-sourced LISA, inviting developers and organizations worldwide to leverage and enhance its capabilities. This move aligned with Microsoft's growing commitment to open-source collaboration, fostering innovation and shared growth within the industry. LISA serves as a robust solution to validate and certify that Linux images meet the stringent requirements of modern cloud environments. By integrating LISA into the development and deployment pipeline, teams can: Enhance Quality Assurance: Catch and resolve issues early in the development cycle. Reduce Time to Market: Accelerate deployment by automating repetitive testing tasks. Build Trust with Users: Deliver stable and secure applications, bolstering user confidence. Collaborate and Innovate: Leverage community-driven improvements and share insights. Benefits of Using LISA Scalability: Designed to run large-scale test cases, from 1 test case to 10k test cases in one command. Multiple platform orchestration: LISA is created with modular design, to support run the same test cases on various platforms including Microsoft Azure, Windows HyperV, BareMetal, and other cloud-based platforms. Customization: Users can customize test cases, workflow, and other components to fit specific needs, allowing for targeted testing strategies. It’s like building kernels on-the-fly, sending results to custom database, etc. Community Collaboration: Being open source under the MIT License, LISA encourages community contributions, fostering continuous improvement and shared expertise. Extensive Test Coverage: It offers a rich suite of test cases covering various aspects of compatibility of Azure and Linux VMs, from kernel, storage, networking to middleware. How it works Infrastructure LISA is designed to be componentized and maximize compatibility with different distros. Test cases can focus only on test logic. Once test requirements (machines, CPU, memory, etc) are defined, just write the test logic without worrying about environment setup or stopping services on different distributions. Orchestration. LISA uses platform APIs to create, modify and delete VMs. For example, LISA uses Azure API to create VMs, run test cases, and delete VMs. During the test case running, LISA uses Azure API to collect serial log and can hot add/remove data disks. If other platforms implement the same serial log and data disk APIs, the test cases can run on the other platforms seamlessly. Ensure distro compatibility by abstracting over 100 commands in test cases, allowing focus on validation logic rather than distro compatibility. Pre-processing workflow assists in building the kernel on-the-fly, installing the kernel from package repositories, or modifying all test environments. Test matrix helps one run to test all. For example, one run can test different vm sizes on Azure, or different images, even different VM sizes and different images together. Anything is parameterizable, can be tested in a matrix. Customizable notifiers enable the saving of test results and files to any type of storage and database. Agentless and low dependency LISA operates test systems via SSH without requiring additional dependencies, ensuring compatibility with any system that supports SSH. Although some test cases require installing extra dependencies, LISA itself does not. This allows LISA to perform tests on systems with limited resources or even different operating systems. For instance, LISA can run on Linux, FreeBSD, Windows, and ESXi. Getting Started with LISA Ready to dive in? Visit the LISA project at aka.ms/lisa to access the documentation. Install: Follow the installation guide provided in the repository to set up LISA in your testing environment. Run: Follow the instructions to run LISA on local machine, Azure or existing systems. Extend: Follow the documents to extend LISA by test cases, data sources, tools, platform, workflow, etc. Join the Community: Engage with other users and contributors through forums and discussions to share experiences and best practices. Contribute: Modify existing test cases or create new ones to suit your needs. Share your contributions with the community to enhance LISA's capabilities. Conclusion LISA offers open-source collaborative testing solutions designed to operate across diverse environments and scenarios, effectively narrowing the gap between enterprise demands and community-led innovation. By leveraging LISA, customers can ensure their Linux deployments are reliable and optimized for performance. Its comprehensive testing capabilities, combined with the flexibility and support of an active community, make LISA an indispensable tool for anyone involved in Linux quality assurance and testing. Your feedback is invaluable, and we would greatly appreciate your insights.
Custom permission to enable diagnostic setting in Entra ID
Custom permissions doesnt works when tried to enable diagnostic settings, in Microsoft Entra ID portal. Error: "does not have authorisation to perform action 'microsoft.aadiam/diagnosticSettings/write' over scope '/providers/microsoft.aadiam/diagnostic Settings/resourcename" Selective permissions that I applied to user account. My approach is to use custom role specific permissions. Appreciate your help to knows the right permission required. Regards, Rajkumar
Security issue with Mac client - client is making inappropriate connections
Hello, I use Little Snitch on MacOS to monitor for inappropriate outbound connections. The new Windows app that replaces the RDP app is doing some very shady connection attempts. As soon as I launched it, Little Snitch notified me of continuous connection attempts by the new Windows client to *ALL MY SAFARI BOOKMARKS* - I kept denying connection after connection, but based on the hostnames being accessed, I could tell it was sequentially iterating through my bookmarks toolbar, trying to ping every endpoint i have saved. I have now blocked your client from any outbound connection attempts. I do not understand why a client I am using for accessing local machines is now talking to all sorts of remote domains I did not give it permission to access. Seems like a fundamental design flaw of this new version - why is it trying to connect to my safari bookmarks automatically?
Run Logic app if new virtual machine is created
Hello, I'm building logic app that get triggered on resource creation event by connecting it to event grid. my goal is only to run this if new vm is created however logic app get executed on every create success event. I noticed whenever there is deletion or creation on VM the logic app get triggered. Even in the event payload there is no difference between create and delete VM. how to limit the call of logic app only if new VM is created?[Solved] Allow PIN support for Windows 10 devices
I want to allow my Windows 10 1909 (Hyper-V VM) to be able to use PIN for sign ins. I have created a non-administrator account and joined my VM during Windows installation to the AAD from the start. I also configured this for PIN policy in Windows 10 in Azure portal - Intune I created a group in Intune and put my VM device + User into that. then I assigned this profile that I created for PIN to that group. added my administrator user as the group owner. I've also read this article: https://support.microsoft.com/en-us/help/3201940/can-t-configure-a-pin-when-convenience-pin-and-hello-for-business-poli still, in my Windows 10 account settings, there is no sign of PIN. i've waited 2 hours, synced my device from AAD portal and also from Windows settings to receive the latest policies. still nothing. I'm running out of clues that why this is not working. any ideas? Thanks in advance
