Azure Front Door with Wildcard domains

 When setting up Azure Front Door with wildcard domain names, there are a few things that need to be taken care of to get everything working correctly. Here are some key steps -

1. Add your domain.
   
2. Create the Origin Group / Origin. When creating the Origin leave the Origin Host Header blank. If you have a Private Link to, say, a backend load balancer, then enable that as well.
   
   
   
   
3. In your Front Door Endpoint, add the route to your wildcard domain.
   
   
   
   
4. Since you would need to create a CNAME to point to the endpoint, use HTTP Forwarding from your DNS server (or DNS provider) for your naked domain to, say, www.whateveryourdomainis.com. Then create a CNAME for www to point to the Endpoint.
   
   
   
   
   If you have any questions, please reach out to blog@aileronconsulting.com. We are happy to assist.

blog@aileronconsulting.com

 

 

Azure SQL Iaas Agent Not Updating Data on Azure Portal

 On Azure Portal you can install "SQL Virtual Machine" resource to monitor your Windows Virtual Machines to automate management and administration tasks. Sometimes Azure Portal does not reflect the state of your VM and there would be no data displayed on the Azure Portal for the SQL VM resource. Your first option is to Force repair as shown below.

 

If that doesn't work you can try to run the following command from Azure CLI. Note that you will get a warning about sql_management_mode being deprecated but you can ignore it.

az sql vm create --name YOURSQLVMNAM --resource-group YOURRESOURCEGROUPNAME --location YOURRESOURCELOCATION --license-type payg --sql-mgmt-type Full

 

blog@aileronconsulting.com

 

Adding an existing database to Azure Elastic Pool - 'System' is not a valid database edition in this version of SQL Server. Error

 When adding an existing database to an Azure Elastic Pool you may encounter the "'System' is not a valid database edition in this version of SQL Server." error message. To address this issue, go to the "Compute + Storage" setting for your database and modify it to a "Standard" Service tier at a minimum.

blog@aileronconsulting.com

 

AI Testing Tools from NIST

NIST has released (July 2024) new AI testing tools.

Managing Misuse Risk for Dual-Use Foundation Models

Testing How AI System Models Respond to Attacks

Mitigating the Risks of Generative AI

Reducing Threats to the Data Used to Train AI Systems

blog@aileronconsulting.com

Azure Communication Service - Email hygiene

It is a good practice to review your Communication service email logs to remove any email addresses that are being bounced back. Follow the steps in this article to enable logging to Log Analytics - https://learn.microsoft.com/en-us/azure/communication-services/concepts/analytics/enable-logging. You can then use some of the out of the box queries such as ACSEmailStatusUpdateOperational and ACSEmailStatusUpdateOperational to view the results.

 

blog@aileronconsulting.com

Azure Bastion - How to connect natively from Windows

If you ever used the web based client for Azure Bastion service, you would have realized that you can't really limited on what you can do and is not the same as RDP (mstsc). There is a way to connect natively to Azure Bastion service if you used the Standard SKU. The official documentation is at https://learn.microsoft.com/en-us/azure/bastion/native-client#connect-windows.  The PowerShell script that will come handy is below.

az login
az account set --subscription "<<your subscription id>>"
#Launch RDP
az network bastion rdp --name "<<name of your bastion resource>>" --resource-group "<<resource group name>>" --target-resource-id "/subscriptions/<<subscription id>>/resourceGroups/<<resource group name>>/providers/Microsoft.Compute/virtualMachines/<<Virtual machine name>>"

blog@aileronconsulting.com

Azure Logic App - Send Email connector - Multiple TO addresses

When using Azure Logic App connector for Azure Communication Service, you no longer can have multiple email addresses in the TO parameter. That action has been deprecated. See https://learn.microsoft.com/en-us/connectors/acsemail/#send-email-(preview)---deprecated-%5bdeprecated%5d. Instead, use the additional CC and BCC parameters. See https://learn.microsoft.com/en-us/connectors/acsemail/#send-email.

blog@aileronconsulting.com

Azure Email Communication Service error - "Requested message could not be located. Couldn't find a record with the messageID"

 When using Azure Email Communication service, you may run into this error - "Requested message could not be located. Couldn't find a record with the messageID". This generally is not an issue. What seems to be happening is that a getstatus call is being made almost about the same time a send call is being made. The recommendation is to write your own polling logic. See https://learn.microsoft.com/en-us/azure/communication-services/quickstarts/email/send-email-advanced/manually-poll-for-email-status?tabs=connection-string

blog@aileronconsulting.com

Azure Email communication service - EmailDroppedAllRecipientsSuppressed

When using Email communication service, if you receive this error most likely a previous email to the recipient bounced back and the Email Communication Service will not send an email for another x number of hours & days. See https://learn.microsoft.com/en-us/azure/communication-services/concepts/email/sender-reputation-managed-suppression-list .

 {'id':'xxxxxxxxx','status':'Failed','error':{'code':'EmailDroppedAllRecipientsSuppressed','message':'Message dropped because all recipients were suppressed','target':null,'details':null,'innererror':null}}

 blog@aileronconsulting.com

 

Uploading large files using Azure Storage REST API

When uploading files that are over 250 MB to Azure storage using the Azure Blob REST API will require you to break the file into multiple blocks that can be upto 100 MB. Use the Put Block operation to write each of the blocks to the storage. Then use the Put Block List operation to write a blob that specifies the list of block IDs that make up the blob. 

blog@aileronconsulting.com

Azure App Gateway with Certificate in Key Vault

It is common practice to utilize the Azure App Gateway for your web apps. SSL traffic would terminate at the gateway in this scenario. Wouldn't it be nice if you didn't have to worry about renewing your SSL certificate manually. You can do that by using the App Service Certificates and storing them in a Key Vault. The only problem is that as of the writing of this post (Feb 2024), the Azure Portal does not support App Gateway (Standard V2 tier) reading certificates from the Key Vault. According to this document https://learn.microsoft.com/en-us/azure/application-gateway/key-vault-certs#supported-certificates, this can only be accomplished via "non-portal resources like PowerShell, the Azure CLI, APIs, and Azure Resource Manager templates (ARM templates)".

 The alternative is to export the certificate and manually import the PFX file into the Key Vault. You will have to remember to do this when you renew the certificate.

Hopefully this feature will be added to the Azure Portal soon.

blog@aileronconsulting.com

cUrl on Powershell

It is sometimes handy to run curl commands from PowerShell. 

Couple things you need to watch out for - 

1) The curl command is aliased to Invoke-WebRequest. If you really want use curl natively, then run this command in your PowerShell window first. 

remove-item alias:curl 

2) If you are POSTing or PUTing raw JSON in the body, then it helps to store the raw json in a file and passing it as a parameter via the -T option. Below is an example 

curl --location --request PUT 'https://Yourendpoint' --header 'Authorization: Bearer <yourtoken>' --header 'Content-Type: application/json' -T 'C:\temp\abc.txt' 

If you use Postman, you can generate the curl command or in other programming languages as well. 

blog@aileronconsulting.com