I am new to Azure so I decided to use Microsoft Learn Sandbox to fool around and find out.
After following this exercise, I managed to create a web app with a specific name.
After writing a simple GitHub workflow to build and deploy my application, I found out that my webapp is not accessible anymore. Of course it makes sense for a ressource to be deleted after the sandbox has expired and I should have thought about it before but I cannot create a new webapp using the same specific name in my personal Azure Pay-per-use subscription as I a greeted with an error explaining me that this name is not available.
After a bit of browsing I read various answers about the retention time of these resources, which can vary from a few minutes up to three months.
I understand that this retention system exists to allow users to restore deleted resources and that it can be configured by various policies but I could not find a specific response for the ones relative to Learn Sandbox.
When can I expect this resource to be deleted from the system so I can use my specific name again ?
How long does the sandbox stay around?
The sandbox environment created for a module is available for four consecutive hours to ensure that you can finish the module. The Microsoft Learn exercises are meant to be finished in one sitting, in an hour or less.
You can actually verify this in the Sandbox FAQ - How long does the sandbox stay around?
Related
I've got a free tier Azure Cloud Account. I used to have a project and requested a free agent for running pipelines. All was ok.
I deleted that project and created a new one.
I'm now trying to create a very basic Hello World kind of pipeline and getting it to run, to test things. The pipeline fails to run with the error below.
Error Message: No hosted parallelism has been purchased or granted. To request a free parallelism grant, please fill out the following form https://aka.ms/azpipelines-parallelism-request
I can see in my organization settings that I have that free agent available and 1800 mins/month of run time available. But i think that agent isn't getting used/found by my pipeline jobs.
I'm a noob at azure, so pardon me for any goof ups in the question.
You just write message to https://aka.ms/azpipelines-parallelism-request with your name, email, project etc. and after 24-48 hours you can run your pipeline
Microsoft comes with some temporary alternative approach until the automate is implemented to grant the permission for those users who requires the free hosted agent pools.
Now users needs to be drop the email to get the free tier access based on the project visibility types.
There is not a standard timeline for approval which someone can predict approval in days, but by considering the mass requests and manual approval process we can consider the timeline of 7 to 15 working days from your email.
For More information -> https://devblogs.microsoft.com/devops/change-in-azure-pipelines-grant-for-private-projects/
Solution: Just after posting this question, I thought of creating another project and make it private. I then ran a sample pipeline and it worked. So basically, my issue was that the pipeline granted to me was for a private project and not a public one. I had forgotten about it as i was revising azure after some time.
since 3 days, my "Microsoft Learn" account can not load azure sandbox anymore, I got this error message:
Unauthorized Sandbox use detected. Your sandbox has been terminated.
Actually, I did nothing, but visit a module called "Secure your Azure resources with role-based access control (RBAC)" in MSLEARN. in this module, by loading sandbox, it shows a different message, unlike other modules, i.e. "Loading Azure Portal...". afterwards, I find out my account does not work anymore.
In order to check this problem only for my account is, I have created another account, it works well.
I think my account has some problem, regarding my using. i did not find an answer in FAQ from Microsoft Learn
MS is currently resolving "abuse" of MS Learn resources, by crashing everything. You'll see other errors like:
no resources available...
policy denied...
...
New: I created another MS account and it works well. So it seems that MS has introduced some kind of quota per user usage of their MS learn sandboxes... Very stupid indeed, I'd like to pass tutorials at least with my Azure subscription, and now I can't mark tutorials complete and track the learning progress...
My company developed an Azure Resource Manager-based solution that deploys a set of resources (essentially a Storage, SQL DB and Web App), and it is already implemented as our provisioning process for new customers.
However, we are now studying the best way to perform updates, and one of the hypotheses we are considering is having a specific template that updates the binaries of this application.
The idea is to have a separate template, that only has the web app, an app host and a MSDeploy resource that gets the latest version of our package and reuploads it to that web app.
The only problem I'm seeing with this solution is the ability to handle any changes in configuration that are necessary with newer version of the binaries - we do not want users to have to re-input any parameters they placed for the original deploy (done via a Deploy To Azure button), so, any configurations will have to be performed within the application - the plan is for it to use the Microsoft.WindowsAzure.Management.WebSites library.
The major limitation with using Microsoft.WindowsAzure.Management.WebSites is that you are restricted to authenticating with either a certificate or a service principal. Ideally we would like to find a way for the updates to not need any authentication other than the one you provide when you are deploying the update.
Is there any recommendation of best practices to follow for this kind of scenario?
Thank you.
Link to the equivalent discussion on TechNet
It is possible to update only via ARM templates.
For example connection strings can be added automatically to the application settings even when creating the dependent resources themselves.
Ex. Account storage connection string.
Only first time creation of your web sites will take a bit more time, something like 30 sec.
ARM will not destroy your WebApps if they exist already. it will update only.
If there are no changes, then the deployment is very fast.
If your changes require a new Appsettings parameter, you can enter it in ARM , check in to your repository.
and next deployment will pick up and update the WebApp.
So no need for anyone to log-in and update.
Our final decision was to give up on using ARM exclusively. The Service Principal solution, through the SDK, would allow us to use a Web Job or a Site Extension to perform (automatic or prompted) updates that included configuration changes. However, it would require "too many" privileges - why would a customer trust an application that can, at will, create new resources or update existing ones to increase his Azure bill?
The decision was made to utilize Powershell only for updates - if the customer can see the scripts and authenticate himself, this is not a concern. Sadly, this increases update complexity, but we found it to be a necessary evil.
I maintain a family web site on Azure on my spare time. For a small fee, we have purchased a custom domain name to make it more "professional".
Unfortunately, the credit card associated with the susbscription has expired and since I was not actively monitoring the dedicated mail account I had created for this purpose, the susbscription has now been deleted (the susbscription is actually disabled in the portal, but the mail from Azure says that I need to create a new subscription if I want to change my mind).
In a matter of minutes, I registered a new subscription and thanks to continuous deployment, I could deploy the Web App from sources that I had kept on a GitHub account. However, an attempt to bring an external domain to the Web App fails with the reason being that the said domain is already in use by another Azure web site (presumably, the old Web App from the, now deleted, subscription)
A quick chat with the #AzureSupport team on Twitter, they suggested I file a support request from the Azure portal. However, since this is not a professionnal susbscription, I do not have a support plan. I see that support costs 25 $/month for at least 6 months in my situation.
This seems a bit too costly, like an order of magnitude higher than buying a new domain name for several years. At the same time, I don't understand why the deleted account is still locking the custom domain name. And it seems unfair that I need to pay to recover a domain name that I own but am unable to benefit from because it is associated with a Web App in a disabled Azure subscription!
Please, what are my options?
PS: Even though this is not a programmatic question, I post here because that's where Microsoft recommends to obtain community support. I have also posted a similar question on an appropriate MSDN Forum but the answers there are not satisfying.
Unfortunately on a technical level this will be something that can only be rectified by Azure support. Since you no longer have access to the account they will need to delete that domain association.
It is excessive that you are required to pay for a six month support contract to resolve an issue that is clearly an issue with the way Azure decommissions subscriptions.
The problem you now have is that you can't use Azure to host this domain until that association is removed. Your only options are to either have the complexity of using a VM or to move your site to AWS etc.
If you make those points to #AzureSupport team, maybe they will process it for you. Point them to this question and ask them to help you to keep using Azure.
We're completely upgrading our production and development environment from co-located boxes to an Azure implementation and we'll be developing using Visual Studio Online. Up until this point our dev has occurred on a Remote Desktop environment where developers were logging into Windows server and developing on that RDP box.
We want to set this up and we have some confusion about the Account types/set up types.
It appears there are two ways to set up our Azure and two ways to set up our developers. We are a MS partner w/ some MSDN licenses and Azure credits.
So for Azure we can use our existing MS accounts and just set up an Azure Pay As You Go (PAYG) subscription. This was suggested to us initially but it seems weird to have the entire companies Azure environment going through an individuals live ID. Then we saw we can sign up as an Organization now and it uses Azure AD. We have not been using Active Directory and we're not sure how much complexity this is going to add to our administration. Is there a discernible difference/benefit to going one way or the other?
Then, when we sign up our developers we can either have everyone sign up with their live ID's (we have MSDN w/ VS Premium credits for all developers) or we can set them up using Active Directory with Work Accounts. Having our credits allotted in work accounts sounds like a good way to control things at first reading, but it also seems a bit more complex. I'm wondering if there is much difference between MSDN accounts signed up w/ live IDs or AD Work Accounts. I can't find a real comparison article or pro/con type of discussion anywhere.
It sounds like you have already figured out the main differences. As an organization, I would suggest signing up for Azure as an organization. You can do that here. This is going to give you the management capabilities for resources typically needed by an organization.
Your developers can continue to use the MSDN subscriptions. As Dylan commented, these are not to be used for production environments. You should consider using these for Dev/Test environments and activating your MSDN benefits. This will save you some money. More on that here.
Visual Studio Online will work with your Work Accounts and again give you more control over managing your online resources. This link describes the sign-up process for both Microsoft Accounts and Work Accounts. And if you scroll down a bit you will find your original question specifically addressed.
Finally, you can also add your Work Account(s) to your existing MSDN subscriptions if you like. This way you (and your developers) can use the same account credentials when accessing Azure Subscriptions. Information on how to do that is available in this link.
Your Work Account subscription should be limited to personnel responsible for managing your "production" environment.
After signing up for Azure as an Organization, you can add users to the directory as described here. You can also add "external" users using their existing Microsoft Accounts. It's just a few dialogs to add a user.