Azure free account - does it cover SQL Managed Instance? - azure

I have started using my free Azure account and I found out that I cannot create SQL Managed Instance. I get a cryptic error message telling me to change subscription or region, no clear information. The list of free services does not include SQL MI but it does not mean much. SQL Dedicated Pool or Synapse are also not listed but I tried to create them and the Portal does not complain yet even though I did not click the final Create button yet.

So SQL Managed Instances are only available on certain subscription types. See:
You probably have an Azure Trial subscription. If not, you might also want to check your region as there are region limitations as mentioned in the article above.

Related

Unable to move Cloud Service (Extended Support) to another resource group

we have problem to move Cloud Service (Extended Support) from 1 resource group to another resource group in the same subscription. Both resource groups are in the same location.
Picture with status of the move validation
Error code in validation window is:
{ "code": "ResourceMoveNotSupported", "target": "/subscriptions/123456-xxxx-yyyy-zzzz-123456/resourceGroups/AAAAA-BBBBB-Migrated/providers/Microsoft.Compute/cloudServices/AAAAA-BBBBB",
"message": "Resource move is not supported for resource types
'Microsoft.Compute/cloudServices'." }
Additional information:
Source resource group was created automatically after successful in-place migration from Cloud Service (Classic) to Cloud Service (Extended Support). Now we need to move all resources created by migration back to the original resource group, where Cloud Service (Classic) was previously located. Cloud Service (Classic) was automatically deleted after migration.
The main reason why we migrated from Cloud Service (Classic) to Cloud Service (Extended Support) was ability to move between subscriptions, but we are unable to move it even inside the same subscription :(
Any ideas how to proceed with this problem?
Best course of action is to create an Azure Support Ticket.
These type of operations are deep internal to azure, and reasons why these fail range from config errors, failed internal transactions to straight up bugs for a scenario they did not consider.
Note: it might take some time and patience on your side to get the desired results reached from Azure support, as these type of tickets are usually low priority.
We finally managed to contact Azure Support.
This move is not supported :(
Since the Cloud Service extended support is a new published product,
we are sorry that currently it does not support migration from one
subscription to another. We are sorry that moving “Cloud Service
extended support” among resource groups in the same subscription is
also unsupported.

Azure SQL Permissions: How to allow using Query Performance Insight, but not changing settings such as the pricing tier?

I would like to give our team members the necessary permissions to use the Query Performance Insight feature for an Azure SQL database, including the possibility to see the query text of long-running queries.
They already have "Reader" and "Monitoring Contributor" roles, so they can access the Query Performance Insight feature in the Azure Portal and see the IDs of long-running queries. However, when they click on a long-running query, they cannot see the query text. An error is shown indicating that "The connection timed out while running the query".
If I assigned them the "SQL DB Contributor" role, they would be able to use that feature, but they could then also change database settings such as the pricing tier, which I do not want.
Is there a role assignment that does what I need?
I think you will need to create an Azure Custom Role, as described in https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles .
You can start with Reader, and then include permissions you want, or start with SQL DB Contributor, and remove permissions you don't want. This will require experimentation.
From your subscription, create a new Custom Role:
Then from that role, you will add or exclude permissions:
Permissions that would be interesting to me would be:
List Query Store texts - for adding to a Reader
and Update Database - for excluding from a DB Contributor
Once that's done, you would go to the Access Control blade for the server that contains your database, and then add your users with that new custom role. Test, tweak, repeat until you have the security profile you want. Which role you use as your basis depends upon how close to a least-privilege security model you wish to adopt.
Edit: One possible way to figure out the permission to assign would be:
Scale the database up
Scale it back down
Go to the resource group, select your database, and Export Template
Inspect the JSON, which will be the ARM that was applied during the operation (you might need to look at multiple deployments to figure this out)
Once you find the operation, the provider in the JSON should give you a clue as to what to exclude from any roles you create.
Adding to #WaitingForGuacamole's answer: We ended up creating a custom role definition containing Microsoft.Sql/servers/databases/queryStore/write and Microsoft.Sql/servers/databases/topQueries/queryText/action. Assigning this custom role definition to team members who already had the Reader role on the Azure SQL Server then allowed them to view the query texts in Query Performance Insight.
The actual two permissions were provided to us by a very helpful Azure support engineer. YMMV, it might also work with just Microsoft.Sql/servers/databases/topQueries/queryText/action (in addition to the read permissions), as indicated by an Azure Docs Github issue. However, the support engineer was positive we'd also need the Microsoft.Sql/servers/databases/queryStore/write one and we didn't follow up by researching why.

Azure Managed Instance and Failover / DR Options

Azure SQL Managed Instance became generally available on 1-October, 2018. However, I've seen virtually nothing written about what options we have with regards to fail-over and disaster recovery. Specifically I would like to know what happens in the event of a server failure hosting an MI instance. I would also like to know what happens in the event of a data center failure. Does anyone have information about this?
Currently, Active Geo-replication is not available in Managed Instance.
Note: Active Geo-replication support is coming to public preview very soon.
For more details, refer "Overview:Active geo-replication and auto-failover groups" and "Setup DR with SQL Managed Instance"
Update: Geo-replication for Azure SQL Managed Instance is now in public preview.
For more details, see https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auto-failover-group#best-practices-of-using-failover-groups-with-managed-instances

Transfer SQL Azure servers, Storage Accounts away from CSP subscription

We have a CSP subscription through a partner, and the whole experience is rubbish. Costing / billing APIs not available, can't use our Office 365 Azure AD, can't use SendGrid, can't see the cost of resources in the portal, loads of features missing. It's rubbish.
We're moving away and want to transfer a substantial number of SQL Azure servers (with many pools and databases) and Storage Accounts (with lots of items) to another, new PAYG subscription, which uses our O365 Azure AD.
#AzureSupport on Twitter pointed me to - https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources
But this says, "The source and destination subscriptions must exist within the same Azure Active Directory tenant."
It suggests two ways forward:
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
But... The "Change Directory" option is not present for CSP accounts (lo and behold! another missing feature)
https://learn.microsoft.com/en-us/azure/billing/billing-subscription-transfer
But.. Heading to https://account.windowsazure.com/Subscriptions as instructed gives me a 500 error, with "We are sorry, but we could not complete that operation.".
Also.. Of course, the CSP (Ingram) do not offer any of these kinds of options on their sub management portal.
#AzureSupport then recommended I post here.
Can anyone advise / help please? Would be very much appreciated, thank you.
You are currently blocked, as there is not a good workflow to migrate from CSP to Pay-as-you-go, as the below User Voice entry suggests others are looking for the same. Please up vote and comment on this.
Change subscription from CSP to pay-as-you-go
As for getting switched back to PAYG, I suggest exporting your data and importing in to new services that have been set-up under your desired account set-up. If you need the instance names, these will need to be deleted before the data can be imported into the newly created service with the existing instance names, in cases where instances names can be reused after deletion of the particular service.
There is currently no supported means to migrate a subscription away from CSP once migrated, from my investigation.
Use Azure Data Migration Service to migrate from source to target. This though, will not allow you to keep the same instance names, as both the source and target will need to exist at the same time.

Creating Azure Search

I am having trouble creating an Azure Search instance from the preview portal:
Search creation failed in resource group x.
I have tried different combinations of:
resource groups (even created a new one)
regions (East US, West Europe, North Europe)
pricing tiers (both free and standard)
What am I doing wrong?
Just to close on this issue, we have determined that there was an issue with the Azure portal in a recent update that is causing new subscriptions to fail to create new Azure Search services. This would explain why it worked for me but failed for you (as I suspect you have a new subscription).
The Azure portal is working to roll back this change. I am still waiting to get the time but I am hopeful this should happen in the next day or two.
I really apologize for this issue.
Liam
Its advisable to check the limits while planning to create azure search. here are some details:
https://azure.microsoft.com/en-us/documentation/articles/search-limits-quotas-capacity/

Resources