The Azure portal has a setting for Sign in to your last visited directory. It appears that when using the Deploy to Azure button (https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-azure-button) this last visited directory setting is not followed. This can lead to confusion when you go to deploy and you don't see the Azure subscriptions that you were just looking at in the portal and that you expected to deploy to.

For more information, please see the following GitHub issue: https://github.com/Azure/azure-quickstart-templates/issues/8680.

Currently Azure Lighthouse can only delegate permission on ressources reachabled from https://management.azure.com (Azure Resource Manager).

In case of some Azure products, like Azure Data Factories, with Lighthouse, we canno't fully manage the resource because it can be accross others Azure API, https://adf.azure.com

Could you integrate other dedicated API with Lighthouse to allow a full support of Azure resources ?

Thanks.

Hi !
I face a limitation with my nested template where I need to generate 2 EventHub (with other resources). I put the EH template in a nested one and wanted to use it two times in the main template but I've got this error message :
BadRequestError: TemplateSpecVersionInvalidArtifactPath: The artifact path 'eventhub.nest.json' is not supported. An artifact path should be unique and not contain any expressions.

Of course when I try with one call it works perfectly !
At the moment is there a solution to do that in the purpose to reuse an existing nested template ?

thx

We have a global subscription filter feature which can be used to select frequently one in azure portal. In this scenario, we need to manually select one subscription to see available resources even though cx has owner permission. Actually, sometimes cx will forget this step.

Please consider disable this feature and automatically updated in azure portal if cx already has owner role.

We have a feature to allow VNET peering across different tenants. However some cx need to disable this feature.

Please consider having a check box for cx to choose if they want to enable/ disable this feature. Or other workaround to help block this when they want to.

Need the ability to set the backup alerts on a RecoveryServiceVault via ARM templates.

Currently this is only available via the portal as per https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-built-in-monitor#notification-for-backup-alerts)

I would like to be able to cancel subscriptions using PowerShell

Hi,

I make a call to a function api via nested arm template but it calls api multiple times eventhough it is supposed to be called only once.

I did monitor my API, most of the times it gets called twice but sometimes even more.

Could you please look into it and let me know please?

{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{},"variables":{"apiVersionDeploy":"2017-05-10","funcionUrl":"http://...","environmentFunctionKey":"xxxx",},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"[variables('apiVersionDeploy')]","name":"test","dependsOn":[],"properties":{"templateLink":{"uri":"[concat(variables('funcionUrl'), '?code=', variables('environmentFunctionKey'))]"},"mode":"Incremental"}}],"outputs":{}}

Currently ,it's not possible to enable static website from ARM template .I understand management API for storage account does not have static website data-plane property.
However it's not convenient for users and it should be able to enable static website from ARM template.

Front Door supports up to 500 FrontendEndpoint objects according to the documentation: https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/front-door-limits.md

However, past around 60-70 FrontendEndpoints, the following api request is timing out with a 504 error:

https://resources.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/frontDoors/FRONTDOORNAME/frontendEndpoints

Note: This timeout also occurs with the az cli and Azure PowerShell.

If I delete a couple of endpoints, the api requests will start working again, but as soon as I add them back, this request starts erroring out with 504s again.

Current Workaround: It appears the "full" endpoint continues to work correctly with many FrontEndEndpoints, so it seems you can select the frontendEndpoints object out of this:

https://resources.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/frontDoors/FRONTDOORNAME

When deploying a app service with siteConfig in arm template, it always delete all existing app settings. Is there any way to keep existing appsettings?

Azure AD authentication is not support for the SQL Servers in the Containers right now. It's something that is in development.” please update Microsoft.Resources/deploymentScripts documentation on that limitations , it will help to make crucial decision about architecture.

Currently spaces are allowed in tags. This causes issues with tag governance, as a common occurrence for policy compliance failures is a leading or trailing space in a tag name. Please restrict the use of spaces in tag names, or strip spaces from the input.

Currently, to automate deployment of an integration account and map i have to insert the text from the map file in the content section of the maps section of the integration account template.

Inserting the map code as text means i have to escape any chars such as double qoutes. this is time consuming and would be much better if the template could simply referr to a map file in the visual studio project.

After applying tagging policy to Azure resources, if we are adding any wrong tags on any resource so wrong error message is showing. Error should be related to policy and it should say tag names are not compatible/not matching with policy defined.

Instead, error is coming as Could not save the tags. Access unauthorized.

There is no issue with access here.

Currently alerts sent to directory roles (e.g. Identity Protection alerts that get sent to Global Admins or Security Admins) are only sent to those people if they happen to be elevated in PIM at that time. Just because someone is not elevated does not mean they should not receive those alerts; alerts like these should be sent to the people with the directory role regardless of their elevation status in PIM.