This is a two part question.
What is the maximum number of Azure AD groups you can create?
Is there a best practice? We have over 3000 groups, and I’m wondering if it’s slowing things down.
What is the maximum number of Azure AD groups you can create?
There is no specific limit about the number of groups. But there are limits about objects(include groups). A maximum of 50,000 objects can be created in a single directory by users of the Free edition of Azure Active Directory by default. See more details here.
Is there a best practice? We have over 3000 groups, and I’m wondering
if it’s slowing things down.
The official documentation does not say that this number will affect performance. And I haven't seen any feedback about this.
Related
My Azure Web App runs on a Windows-S1 App Service Plan and hit a connection limit at 100 connections:
Indeed the Azure docs say that there's a limit of 100 "per resource group" (see the table under App Service limits").
However, I remember much more generous limits and I could still find a blog post talking about limits in the thousands for an app service plan.
The only sensible interpretation would be that the generous limit is for all the apps in the plan together and the 100 is per resource group of the app (rather than the one of the plan).
But I don't see that explained properly. That the first row in the linked table simply says "unlimited" for the app in the plan doesn't fill me with confidence either. It also would be rather surprising that the resource group of the app has such a big impact, I only knew that the one of the plan has an impact (it defines the "webspace", an undocumented internal Azure concept).
Can somebody in the know confirm my interpretation or tell me how else to read this?
EDIT: If I can trust the connection graphs under "Diagnose and solve problems"/"TCP Connections", I have multiple apps simultaneously that each hit the 100 connections limit:
At the top of the page where the graph is it does say the data should be per app and indeed the graphs are different for each app.
But all apps are in the same resource group! So I have no idea what the actual limits are. I don't see where a 100 connections per app limit is documented anywhere.
EDIT2:
I don't think those graphs can be trusted. The following image shows two of them edited together for two apps in the same resource group and the same plan:
One app was turned off, on and off again near the end. Yet, the rest of the graphs are identical. This suggests to me that the graph is indeed not per app and merely shows zero when the app it's looked at through is turned off at that time. Really confusing.
Our organization contains many different projects, each containing users. I'd like to be able to set a cap which prevents each project from exceeding their respective monetary budget for vms or storage resources.
So far I see that I can create a budget with a specific scope for resource groups, and assign a dollar value.
I'm wondering if in order to manage our projects like this they each need their own subscription to be used as scope?
Also, do I understand correctly that resource groups will allow me to select storage and compute resources so these do not exceed the set dollar limit? Is there a mechanism for setting quotas in vm counts or storage amount?
Thank you.
You can use Azure Policy for better control of the number / SKU:
https://learn.microsoft.com/en-us/azure/governance/policy/overview#policy-definition
We have a suite of apps we are developing. We have already rolled the app out to about 50 users and have over 200 more. Sharing connections (custom connection & connector) and the apps have become super cumbersome. Long story short, this is a lot of time. Each time we have a new user we have to share 3 apps, 2x connections, and setup access on an internal method we have. We are using SQL, not CDS.
This has been misery. Is there a way to create 1x address that I would share with the Apps/Connection and I would just add users to this group? Would save us time to just add users to the one list. Then access is just shared via this common group. Does anyone know a better method to deploy powerapps like this? We can't share to "everyone". Thanks.
If you have an Azure Active Directory Security Group you can give them access to the connector and powerapp. See: https://powerapps.microsoft.com/en-us/blog/sharing-powerapps-with-multiple-users/
There are some kind of distinctions between Security Groups, Distribution Groups, O365 groups, and on prem vs Azure. I couldn't tell you the difference between them all, but you can follow Microsoft's instructions on how to share a canvas app which will go through some of these different methods of sharing.
I'm looking into transitioning all our company systems to MS Azure from our current on-premises setup. We have multiple affiliates operating using their versions of the same system (i.e. a custom built application that is fundamentally the same but is tailor fit to specific business cases/industries.
Is it possible for our mother company to register for MS Azure, and the affiliates exist as separate organizations on that plan? or is each organization required to have its own Azure subscription?
Many Thanks,
Jevb
I saw many different implementations of Azure for companies. Mostly based on per-separate-subscription model, sometimes I saw working with 1 subscription and then splitting teams to Resource Groups, I think it is all up to the company, budgets and goals.
I would recommend to read first these, maybe this will give you some hints how to start and migrate :)
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/reference/azure-scaffold
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/subscriptions/
https://learn.microsoft.com/en-us/azure/governance/management-groups/overview
You can have one tenant for your whole company, and individual subscriptions for each business case. The way that Azure does billing it is nice to split your industries into separate subscriptions until you have a solid tagging strategy in place.
I would highly suggest looking into management groups within Azure as you start to implement policy and RBAC for your individual subscriptions so that you can adhere to security best practices and avoid repeating yourself.
https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide
https://learn.microsoft.com/en-us/azure/governance/management-groups/overview
I have in development a multi tenant application that I am deploying to azure.
I would like to take advantage of the windows azure cache service as it looks like it will be a great performance improvement vs hitting the database for each call.
Lets say I have 2 tables . Businesses and Customers. A business can have multiple customers and the business table contains details about the business.
Business details don't change often but customer information is changing constantly for each of the different tenants.
I assume I need 2 named instances (1 for business details and 1 for customers)
Is 2 named caches enough or do I need separate these for each of the tenants? I think 2 would be ok as if I have to create separate for each it will get expensive pretty quickly.
Thank you.
Using different named caches is interesting if you have different cache requirements (Expiry policy, default TTL, Notifications, High Availability, ...).
In you case you could simply look at using different Regions per tenant:
Windows Azure Cache supports the creation and use of user-defined regions. A region is a subgroup for cached items. Regions also support the annotation of cached items with additional descriptive strings called tags. Regions support the ability to perform search operations on any tagged items in that region.
This would allow you to split your named cache (you would only need one), in regions per tenant holding the businesses and customers for that tenant. And if the businesses don't change that often, you can simple change the TTL for those items to 1, 2, .. hours.