Fix this, open since 2018: Save me minutes of my life every time I login: https://github.com/microsoft/AzureStorageExplorer/issues/2886

Azure Policy built-in Azure Security Baseline should not require use of legacy methods for collecting Activity Logs

The built-in policy definitions are:
- "Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'"
- "Azure Monitor should collect activity logs from all regions"

These policies refer to Log Profiles, which have been deprecated in favour of diagnostic settings. We are collecting subscription Activity Logs with diagnostic settings but still getting failures on the Security Baseline.

We have found ourselves in a situation where we deployed purge-protected key vaults into a QA environment and could not remove these to deploy into live due to the purge protection and the common namespace that the accounts reside in. We recommend Microsoft support is able to remove such accounts even if this involves going through support and signing a digital declaration accepting responsibility. This should more so be the case for empty key vaults.

We have an application where users can upload a profile picture. We are using the Content Moderation API and the Face API to review the images.

On some mobile devices, images are not always saved in the orientation in which they were taken. So an image taken with the phone horizontally will still result in a vertical image.

Currently to deal with this we have to rotate the image in code and recall the APIs, It would be nice if the API could detect the image orientation and provide that information back as part of the result.

When attempting to use the MFA authentication options SMS, App Authentication Code, or Hardware Token MFA, the vendor specific radius attribute (26) is not returned from the radius server. This inhibits 3rd party integrations that depend on this attribute, preventing these MFA authentication methods from being used.

Even not allow to use double byte chatactor (ex. Japanese charactor) for resource group name, it is possible to use them right now.

Prevent not to allow for using "unsuitable charactor" when create resource group.

https://docs.microsoft.com/en-us/rest/api/resources/resourcegroups/createorupdate

Devices re-named in local AD AFTER being hybrid-joined to AzureAD do not reflect name changes in the display name. This should be rectified. The device details page in the Azure AD portal should also include the Object ID string (like the user details page) as an intermediate step to assist in manually updating the display name attribute via powershell.

Domain joined windows machines require a registry setting to disable the VMICTimeProvider and force time sync to domain hierarchy. This could be avoided if the Time Synchronization setting under Guest Integration options in Hyper-V manager was configurable from the Azure Portal or Azure Powershell.

Currently there is no option for users to Upgrade a VM running windows Server 2012 R2 or any OS to a newer version/edition like windows server 2016. Same with client OS also.
Shouldn't Microsoft support an In-Place upgrade to get to a Higher Version of the OS since it is supported in a physical machine, it should be also supported on VMs which will make the life of the customers easy and would also in turn sell new licenses for windows for each of the upgrade.

RBAC and Policy can be scoped at Subscription and Resource Group levels in Blueprints; we need the ability to scope Policy and RBAC assignments to Management Groups as well.

Currently, we do not recommend Blueprints if using MGs for centralized governance management.

Allow protect Cloud Shell storage with Azure storage firewall. Is not supported now to limit access to Azure Storage account. I need protect storage to be accessible from azure backend only

It would be nice to be able to save filtered queries made to Cosmos Db Collections.

This would allow us to share those queries with for example project members who have no technical background but need to perform regular data quality checks during development phase of the project.

We are working with a cloud service provider that supports VPN connections but they want an IP address for out end point. We don't want to use a dynamic IP address and that is the only option available on Azure at the moment.

You Azure Blog site link to Subscribe is broken. https://azure.microsoft.com/en-us/blog/feed/

There's a couple scenarios where we need to use substring in our B2C custom policies. At the moment we're using Azure Functions, but this seems a bit overkill for something as simple as getting a substring - it would be good if we could do this in IEF without having to use Azure Function.

Suggest support Vim mode in kusto editor.

The Azure Open VPN using Azure Authentication only supports the Azure VPN application from Microsoft store and needs a later version of Windows 10.
Because it's Open VPN there should be a posibility to create a .ovpn file to be able to use the VPN with any Open VPN applcation from any OS.
This is not supportet with Azure Authentication.
This would be greate if the support for Azure Authentication would support .ovpn cconfiguration and clients

At the company I work for we use ELK/Elasticsearch as centralised logging solution. Would be great if we can get logs from B2C to Elasticsearch (or Logstash), so that all our logs are all in one place. There's a lot of integration options for Logstash - see https://www.elastic.co/guide/en/logstash/current/input-plugins.html - it would be great if B2C supported logs getting sent to http/udp endpoints, or azureeventhubs (which can be read by Logstash) instead of Application Insights only.