An issue came up this week where some external consultants needed access to remote onto an Azure Windows VM to configure a third-party application. The consultants were given AAD logins and are working from home with dynamic IP addresses. What is the best way to grant them access to RDP onto the VM? The preferred method would be via a private endpoint into the VNet via point-to-site VPN or Bastion, but external consultants can’t be granted access that way.
Consider the scenario where some PowerShell scripts need to be scheduled on an Azure virtual machine, which connects to an Azure SQL Managed Instance. The PowerShell script needs to run on a schedule and must be able to connect to the managed instance securely. You would rather not have to manage passwords. What’s the best way to do this? You guessed it, Managed Identity. This post will describe two ways of doing it, one using Azure AD with a Managed Identity and one using SQL Authentication and Azure Key Vault using a Service Principal.
I have set up server auditing for some managed instances in the same virtual cluster to record login success and failed events and write them to blob storage. Downstream, an ADF pipeline reads the events asynchronously and inserts them into a database for further analysis and reporting. Server audit stops writing Recently the server audit stopped writing to blob storage, even though the server audit status was still running and enabled.
Bicep stopped deploying with this error I’m trying to deploy a resource group which has two storage accounts in it with this PowerShell command using a bicep template: 1 New-AzResourceGroupDeployment -ResourceGroupName $resourcegroupName -TemplateFile .\azuredeploy.bicep -TemplateParameterFile .\azuredeploy.test.parameters.json Error New-AzResourceGroupDeployment: Cannot retrieve the dynamic parameters for the cmdlet. Build succeeded: 0 Warning(s), 0 Error(s) I haven’t made any code changes, just not deployed this resource for a while. I decided to update bicep to the latest version (at the time of writing is Bicep CLI version 0.
Storage underlying a Managed Instance Microsoft Azure should not require you to have deep understanding of the underlying technologies used to provide the service, after all the whole point of PaaS is to abstract you away from implementation details. One of these details is storage of data files in the file system. When provisioning a General Tier Sql Managed Instance, the maximum storage size for the instance is capped at 8 TB.
Goodbye JSON Since Microsoft released bicep version 0.3 I thought I’d give it a try because anyone that’s authored ARM templates will know, they tend to make your eyes bleed after a while. Bicep aims to drastically simplify the authoring experience with a cleaner syntax, improved type safety, and better support for modularity and code re-use. I’m sold! I reverse-engineered an existing simple template that deploys two storage accounts by using bicep decompile and got a template like this:
Should we stop using -- in SQL comments? Interesting blog post from Brent Ozar on whether we should stop using -- for SQL Comments. I use these comments a lot because they are quick and easy for me to type. I don’t like voluminous comments but this is a good point. If clicking the link is too much effort for you, he is saying you should do this 1 2 3 4 5 6 SELECT * FROM dbo.
Found an error in Microsoft documentation? Submit a pull request! Much of the Microsoft documentation is open source on GitHub which means that if you spot an error in either the code examples, the grammar, spelling, a typo or copy-and-paste error, you can quickly fix it and people reading the docs after you will benefit. This is such a difference from when I started using Microsoft products back in the 90s where nothing was open source and all documentation was either in a printed manual or a chm file.
Maintenance Window now in Preview (at the time of writing) On 2nd March 2021, Microsoft announced a long-awaited feature, at least by me, to give choice over when OS and SQL patching occurs behind-the-scenes in Azure SQL Managed Instance. Before this feature, Microsoft would patch the Virtual Cluster supporting Managed Instances outside of regular business hours in the region your Managed Instance is located. You now get two additional options:
The problem I came across an interesting (!) issue with an Azure Sql Managed Instance today. One of our users came across this error when trying to SELECT from a view in a database where they are not a member of the db_owner database role or any elevated server-level permission by right clicking the view in SSMS 18.8 and choosing Select Top 1000 Rows. Select Top 1000 Rows in SSMS EXECUTE denied on xp_instance_reg_read in mssqlsystemresource The full text of the error is The EXECUTE permission was denied on the object 'xp_instance_regread', database 'mssqlsystemresource', schema 'sys'.