Alan

My feedback

  1. 276 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    We have released a public preview of custom roles with support for a handful of permissions related to managing application registrations. We’re now working on support for enterprise application management permissions, and will continue to release more permissions iteratively over time.

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview

    We very much appreciate all of your feedback here. We’re not done yet, so please keep letting us know what you think and where we can improve.

    Regards,
    Vince Smith
    Azure Active Directory team

    Alan supported this idea  · 
    Alan commented  · 

    Like the other comments and up-votes before me, this functionality is sorely needed. I would rather not grant people the ability to modify AAD polices for instance just to allow them the permission to modify Risky Events (Security Admin required).

    We need more granularity!!!

  2. 160 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Web Apps » Bugs  ·  Flag idea as inappropriate…  ·  Admin →
    Alan commented  · 

    This is still an issue and looks like it has been for just under two years (in two months). Update???

  3. 180 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Alan supported this idea  · 
    Alan commented  · 

    The number of attribute options in Exchange are laughable. We absolutely need the flexibility of this group type to be mail-enabled! Either that or transfer the same options to dynamically scope security groups to the exchange groups. Must have!!

  4. 426 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    33 comments  ·  Site Recovery  ·  Flag idea as inappropriate…  ·  Admin →
    Alan commented  · 

    This functionality is also needed when replicated VM's are moved between on premise datacenters. It would be nice to be able to keep the data already replicated and use it to preseed the VM replication after it has been moved to the other datacenter.

  5. 92 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Alan commented  · 

    Agreed! Our application owner currently manage their own maintenance windows on-premise to avoid unnecessary alert calls from the NOC during planned outages. As we begin to migrate to Azure, there is no maintenance mode or alert suppression functionality. This is hampering our ability to enable alerting in Azure as well as causing some of the application owners to postpone moving servers/apps to Azure. Nobody wants to get woken up at 3am for a planned outage window.

    This has been requested here and other threads for a couple of years now. Please take this under review for implementation.

    Alan supported this idea  · 
  6. 186 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Networking » Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    Alan supported this idea  · 
    Alan commented  · 

    Blend this in with global peering functionality (currently in preview) so we can leverage gateway transit, etc. between regions as well rather than creating dozens of gateways to the ExpressRoute circuits for BGP routes.

  7. 17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Site Recovery  ·  Flag idea as inappropriate…  ·  Admin →
    Alan commented  · 

    To expand on this... Migrating VM's from VMM on prem to Azure is a bit limited as we can only associated the VMM server with one Vault. If we want to migrate an on premise VM to Azure but in a different subscription than the Vault is registered, We currently have to migrate the VM to Azure and then use code copy/recreate the VM, storage, and network in the target subscription.

    Although it would still be a two step migration as we can only register a VMM server with a single Vault, If we could then set up another replicate and migrate it again within Azure across subscription, that would save a lot of scripting time.

    ... Of course the REAL solution here is to allow us to register VMM servers and Hyper-V hosts with multiple vaults!

    Alan supported this idea  · 
  8. 7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Site Recovery  ·  Flag idea as inappropriate…  ·  Admin →
    Alan commented  · 

    To expand on this... Migrating VM's from VMM on prem to Azure is a bit limited as we can only associated the VMM server with one Vault. If we want to migrate an on premise VM to Azure but in a different subscription than the Vault is registered, We currently have to migrate the VM to Azure and then use code copy/recreate the VM, storage, and network in the target subscription.

    Although it would still be a two step migration as we can only register a VMM server with a single Vault, If we could then set up another replicate and migrate it again within Azure across subscription, that would save a lot of scripting time.

    ... Of course the REAL solution here is to allow us to register VMM servers and Hyper-V hosts with multiple vaults!

    Alan supported this idea  · 
  9. 71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Networking » VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Scott,

    Thanks for the feedback – totally understand the pain points and confusion. There are a couple of constraints on the Azure side and also specifically with VPN. The key issue is this is for packets coming over the Internet which we can only assume total packet size of 1500 bytes max. Azure SDN platform performs additional encapsulation on the packets within our datacenter networks, so it will be subtracted from there.

    1. On the Azure VPN gateways, the recommendation is to set TCP MSS clamping to 1350; or if not possible for your device, then set MTU to 1400 bytes on the IPsec tunnel interface. We had updated/clarified the Azure documentation to call that out.

    2. Changing MTU currently is not possible from the Azure VPN gateways. We will take it into configuration, but it will not be possible in the short term due to the scale…

    Alan supported this idea  · 
    Alan commented  · 

    I also just completed an exhaustive troubleshooting session with Premier Support to discover the MTU was the root cause for erratic responses to ASE web apps behind our ILB. I realize that ILB's and Connectors start getting into the realm of the MS network but it is extremely difficult to properly troubleshoot an issue without deeper visibility than we currently have. Coordinating with engineering for traces adds additional time to the process as they are always running with a full schedule so unless I pull in my TAM and escalate to a Sev. A, I go on the waiting list.

    My issue was related to Express Route but I believe this tunnels via IPSec on your backend. Like Scott, I would also like the option to modify the settings for the ILB or ER interface. When we start integrating multiple technologies like Citrix and streaming media services they require different frame sizes for optimization so clamping the MSS to a single size on our ASR on prem does not scale very well.

  10. 26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Alan supported this idea  · 
  11. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Site Recovery  ·  Flag idea as inappropriate…  ·  Admin →
    Alan shared this idea  · 
  12. 78 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Alan supported this idea  · 

Feedback and Knowledge Base