Category: Microsoft
Category Archives: Microsoft
What to Do When QuickBooks Connection Has Been Lost Windows 10
I’m having trouble QuickBooks Connection Has Been Lost Windows 10, I encounter errors or the process doesn’t seem to work. How can I resolve this issue and regain access to my QuickBooks account?
I’m having trouble QuickBooks Connection Has Been Lost Windows 10, I encounter errors or the process doesn’t seem to work. How can I resolve this issue and regain access to my QuickBooks account? Read More
Deployed Teams app cannot find any installation, but I’ve installed it via “Upload custom app”
I’ve followed the Build notification bot with JavaScript docs to create a Team App that sends a “Hello World” message to an specific user (email). I’ve validated that the app is working locally, and that I can receive messages if I install the app locally using Teams Toolkit.
However, after deploying the app to the cloud and installing it using the “Upload custom app dialog”, I’m not able to receive messages. I can see in the Web App Monitoring in Azure that request are coming to the cloud service, however, it seems it cannot find any installations, and hence, any members to send the message to.
I made sure that the manifest I’m using to install the app is the same one I used to deploy the app to the cloud. How can I troubleshoot this?
I’ve followed the Build notification bot with JavaScript docs to create a Team App that sends a “Hello World” message to an specific user (email). I’ve validated that the app is working locally, and that I can receive messages if I install the app locally using Teams Toolkit. However, after deploying the app to the cloud and installing it using the “Upload custom app dialog”, I’m not able to receive messages. I can see in the Web App Monitoring in Azure that request are coming to the cloud service, however, it seems it cannot find any installations, and hence, any members to send the message to. I made sure that the manifest I’m using to install the app is the same one I used to deploy the app to the cloud. How can I troubleshoot this? Read More
Business Process Tracking Preview Update
Background
Last November, we announced the Public Preview of the Integration Environment and Business Process Tracking. Since this time, we have been engaged with many customers learning about their use cases and listening to their feedback. Based upon this feedback, we have made some investments that we are going to be announcing during the week of June 10th, 2024. Look for updates on this blog and at the Integrate 2024 event.
In preparation for this new release, we want to provide you with advanced notice of a breaking change that will take place. Based upon customer feedback, we are implementing support for business process stage statuses. This will allow customers to define success and failure milestones that give you more control over reporting the outcome of your business process. This new capability requires a breaking change to our existing schema which will impact existing business processes.
To avoid runtime tracking errors, the following steps are required. Please note that these runtime tracking errors will not impact any workflow runtime executions.
Call to action
The new schema is not compatible with the older schema, as a result, we are recommending the following actions take place by June 3rd, 2024:
Document what your business process is currently doing by taking notes, screenshots, etc.
Undeploy any existing business processes. This will prevent future runtime tracking errors from occurring as a result of an old schema.
Undeploying can be achieved by clicking on the … menu on a deployed business process and then selecting the Undeploy label.
By undeploying your business process, the related tracking profile(s) will be removed from associated Logic Apps and related configuration values will be removed from Environment Variables found within impacted Logic Apps.
Detecting invalid tracking profile schemas
In the event, that existing business processes are not undeployed before June 3rd, customers can expect to find the following error in the Notifications panel found in the Logic Apps Overview page: The tracking profile schema isn’t supported.
Additional Support
If you require additional support after June 3rd, please reach out to customer support where a support engineer can further assist in removing the business process.
Microsoft Tech Community – Latest Blogs –Read More
Why am I getting QBWC1085 error in QuickBooks Web Connector?
I’m encountering an issue with QBWC1085 error in QuickBooks Web Connector. Every time I try, it gives me an error message. What could be causing this problem, and how can I fix it?
I’m encountering an issue with QBWC1085 error in QuickBooks Web Connector. Every time I try, it gives me an error message. What could be causing this problem, and how can I fix it? Read More
How can I resolve a QuickBooks Error 12057 When Incorrect Internet Explorer settings
I’m having trouble QuickBooks Error 12057 Every time , I encounter errors or the process doesn’t seem to work. How can I resolve this issue and regain access to my QuickBooks account?
I’m having trouble QuickBooks Error 12057 Every time , I encounter errors or the process doesn’t seem to work. How can I resolve this issue and regain access to my QuickBooks account? Read More
What to Do When Unable to update QB Premier (2014 Edition): Error 15227
I’m experiencing an issue with QuickBooks Error 15227. I’ve tried restarting the software and my computer, but the problem persists. How can I fix this and ensure that multi-user access works properly?
I’m experiencing an issue with QuickBooks Error 15227. I’ve tried restarting the software and my computer, but the problem persists. How can I fix this and ensure that multi-user access works properly? Read More
Sensitivity labels for images not carried over to SharePoint
Hi there,
I have a customer using the Purview Information Protection client to apply sensitivity labels locally in Windows before uploading files into SharePoint. The Office files are retaining the sensitivity labels but images (JPGs PNGs, etc.) and PDFs are not. Is this a hard limitation or is there a way to retain (or activate) the sensitivity labels on images in SharePoint/OneDrive?
Thanks,
Alan
Hi there, I have a customer using the Purview Information Protection client to apply sensitivity labels locally in Windows before uploading files into SharePoint. The Office files are retaining the sensitivity labels but images (JPGs PNGs, etc.) and PDFs are not. Is this a hard limitation or is there a way to retain (or activate) the sensitivity labels on images in SharePoint/OneDrive? Thanks,Alan Read More
Automated end-user feedback response is now GA
We are excited to announce that the automated end-user feedback response feature is now GA! The user submission automatic feedback response capability in Microsoft Defender for Office 365 enables organizations to automatically respond to end user submissions of phish based on the verdict from the automated investigation.
This feature saves SecOps time by converting the process of sending manual responses back to end users on reported messages to be automated. This layers additional value to the automated investigation and response (AIR) feature for SecOps teams and also helps encourage end users to contribute to the security posture of the organization by providing acknowledgment and feedback on those user reports of phish automatically.
Configuration
The ability to automatically respond to end user submissions of phish is configurable and can be turned on from the user reported settings page (Settings > Email & collaboration > User reported settings) and configured to send based on the AIR verdict.
User submission automatic feedback response configuration found in settings > email & collaboration > user reported settings > automatically email users the results of the investigation:
Phishing or Malware: Selecting this box indicates that the organization would like end users to receive an automatic response email on email submissions of phish when the associated user submission investigation identifies a threat of normal phish, high confidence phish or malware.
Spam: Selecting this box indicates that the organization would like end users to receive an automatic response email on email submissions of phish when the associated user submission investigation shows the threat of spam.
No threats found: Selecting this box indicates that the organization would like end users to receive an automatic response email on email submissions of phish when the associated user submission investigation finds no threats.
Response Timing
The automated end user feedback response is sent at the conclusion of the investigation when the investigation hits a final status. This means investigations in pending approval status must be approved before the response will be sent.
Email Template
The email that is sent to the end users utilizes the same email template as the organization’s Mark & Notify email template and allows the customization of the email body for the respective threats of Phishing, Junk and No threats found (corresponding to the Phishing or Malware, Spam, and No threats found settings above respectively). Learn more about Mark & Notify on this page: Admin review for reported messages – Office 365 | Microsoft Learn.
User submission automatic feedback response configuration of email message using customize admin review email notification:
Function
Once enabled, Microsoft Defender for Office 365 will automatically respond to end user submissions based on the investigation verdict and the configured settings. For example, if an organization has enabled the user feedback response for emails with no threats found, if a user reported a message as phish it would trigger automated investigation and response (AIR) and begin an investigation on the user reported message. If that investigation concludes with no threats found and the organization had enabled the automatic feedback response for no threats found, then the end user who submitted the message would receive an email stating there were no threats found on the submitted message. The message would resemble the below, but the body of the message and footers would contain what the organization has put in for admin review for reported messages for the no threats found option.
Sample user submission automatic feedback response for no threats found:
If an organization has enabled the user feedback response for emails with Phishing or Malware, if a user reported a message as phish it would begin an investigation on the user reported message. If that investigation discovers high confidence phish or malware the investigation would be looking for these to be remediated either with the approval of recommend actions, shown as pending actions in the investigation, incident and action center, or remediation through other means such as explorer. Once the high confidence phish or malware threats found in the investigation have been remediated, the investigation would close as “Remediated” or “Partially Remediated” at which point the user submission feedback email would automatically be sent to the user who reported the message. If only a threat of normal phish was identified for a message, the investigation would not produce pending actions however the end user would still receive a response indicating the message was phish. The message would resemble the below, but the body of the message and footers would contain what the organization has put in for admin review for reported messages for the phishing option.
Sample user submission automatic feedback response for high confidence phish or malware:
Note: The response is not sent to end users until any discovered high confidence phish or malware threats are remediated, meaning responses will not be sent when the investigation is pending action. The investigation must reach “Remediated” or “Partially Remediated” status in order for the response to be triggered.
Display
When users receive an automatic feedback response, this will be reflected in the submission queue as “Marked as” similar to other submissions that may have manually received a response.
User submission automatic feedback response reflected on submissions queue marked as:
Learn More
To learn more about the automated end user feedback response feature visit Automatic user notifications for user reported phishing results in AIR – Microsoft Defender for Office 365 | Microsoft Learn.
To learn more about submissions and investigations in MDO please visit the following pages:
Automated investigation and response in Microsoft Defender for Office 365 – Office 365 | Microsoft Learn
View the results of an automated investigation in Microsoft 365 – Office 365 | Microsoft Learn
Admin review for reported messages – Office 365 | Microsoft Learn
How automated investigation and response works in Microsoft Defender for Office 365 – Office 365 | Microsoft Learn
Microsoft Tech Community – Latest Blogs –Read More
ADF Dataflows recently started occasionally reporting SubStatus, instead of RunStatus
In the last week or so, we have started to have pipelines fail because our dataflows have, occasionally, started reporting SubStatus instead of RunStatus in the output. Its not every time, nor can i see a pattern in e.g. the time delay between dataflow completing and the set variable task starting.
Has anyone else seen this before, and got a solution?
In the last week or so, we have started to have pipelines fail because our dataflows have, occasionally, started reporting SubStatus instead of RunStatus in the output. Its not every time, nor can i see a pattern in e.g. the time delay between dataflow completing and the set variable task starting. Has anyone else seen this before, and got a solution? Read More
Rotate Word Template Mail Merge Fields
I have been asked to create a Word template that is to be used to imprint addresses on envelopes.
I am using Power Automate to collect the data from Excel, insert the data into the Word template mail merge labels, and merge the multiple pages into a single word document.
The template fields currently look as below.
I am trying to figure out if the Labels can be rotated in the template so that they print out as such -.
I have been asked to create a Word template that is to be used to imprint addresses on envelopes.I am using Power Automate to collect the data from Excel, insert the data into the Word template mail merge labels, and merge the multiple pages into a single word document.The template fields currently look as below. I am trying to figure out if the Labels can be rotated in the template so that they print out as such -. Read More
Microsoft Partner FY25 GTM Launch Event – July 22, 2024 – Registration Now Open!
We’re thrilled to announce that registration is open for the Microsoft Partner FY25 GTM Launch Event!
Join us on July 22, 2024, to hear about the go-to-market (GTM) priorities and initiatives Microsoft Modern Work and Business Applications have planned for FY25. We’ll show you how you can play a critical role, as trusted advisors and service and solution providers, in delivering the right AI-powered tools and technologies to empower every organization to boost productivity, transform work, and open a new world of possibilities.
This year’s event features three tracks for partners.
· Build New Value with Business Applications Practices is for partners that provide Business Applications services and solutions to Enterprise and Corporate customers focused on Dynamics 365 and Power Platform.
· Cloud Solution Provider (CSP) Partner-Led GTM will show our CSP partners how to use the power of AI to build your Modern Work and Business Applications Copilot practice.
· Co-Sell with Microsoft to Managed Customers is for partners that work alongside our Microsoft sales teams to sell Microsoft 365-related licenses, services, and solutions to Enterprise and SMC-Corporate customers.
Register today to reserve your spot– and to get details ahead of the event about the sessions and topics that will be covered. Unable to attend the live event? Registering will help ensure you get notified automatically when session content is available on demand.
—
Advanced Support for Partners (ASfP) and Premier Support for Partners (PSfP) are paid partner offerings at Microsoft that provide unmatched value through a wide range of Partner benefits including account management, technical cloud enablement consultations, and an elevated technical support experience across the Microsoft Cloud (Azure, Microsoft 365, Dynamics 365, Power Platform).
Partners in ASfP have higher Microsoft AI Cloud Partner Program Capability Scores, attain more Solutions Partner designations, and see uplifts across Azure, M365, and D365. View the data and learn more on the new ASfP Impact slide below.
Please review these resources to learn more and consider booking a meeting to speak directly with our teams for a better understanding of the value-added benefits of ASfP and PSfP.
Book a meeting with an ASfP Evangelist
Visit the ASfP Website
Download the ASfP Fact Sheet
View the ASfP Impact Slide
Stop by the ASfP Partner Community
Book a meeting with a PSfP Specialist
We’re thrilled to announce that registration is open for the Microsoft Partner FY25 GTM Launch Event!
Join us on July 22, 2024, to hear about the go-to-market (GTM) priorities and initiatives Microsoft Modern Work and Business Applications have planned for FY25. We’ll show you how you can play a critical role, as trusted advisors and service and solution providers, in delivering the right AI-powered tools and technologies to empower every organization to boost productivity, transform work, and open a new world of possibilities.
This year’s event features three tracks for partners.
· Build New Value with Business Applications Practices is for partners that provide Business Applications services and solutions to Enterprise and Corporate customers focused on Dynamics 365 and Power Platform.
· Cloud Solution Provider (CSP) Partner-Led GTM will show our CSP partners how to use the power of AI to build your Modern Work and Business Applications Copilot practice.
· Co-Sell with Microsoft to Managed Customers is for partners that work alongside our Microsoft sales teams to sell Microsoft 365-related licenses, services, and solutions to Enterprise and SMC-Corporate customers.
Register today to reserve your spot– and to get details ahead of the event about the sessions and topics that will be covered. Unable to attend the live event? Registering will help ensure you get notified automatically when session content is available on demand.
—
Advanced Support for Partners (ASfP) and Premier Support for Partners (PSfP) are paid partner offerings at Microsoft that provide unmatched value through a wide range of Partner benefits including account management, technical cloud enablement consultations, and an elevated technical support experience across the Microsoft Cloud (Azure, Microsoft 365, Dynamics 365, Power Platform).
Partners in ASfP have higher Microsoft AI Cloud Partner Program Capability Scores, attain more Solutions Partner designations, and see uplifts across Azure, M365, and D365. View the data and learn more on the new ASfP Impact slide below.
Please review these resources to learn more and consider booking a meeting to speak directly with our teams for a better understanding of the value-added benefits of ASfP and PSfP.
Book a meeting with an ASfP Evangelist
Visit the ASfP Website
Download the ASfP Fact Sheet
View the ASfP Impact Slide
Stop by the ASfP Partner Community
Book a meeting with a PSfP Specialist
Visit the PSfP Website Read More
May 28 Virtual Event: Optimizing Business Impact through the Commercial Marketplace
Sharing a really interesting virtual event whereby GM, Marketplace FastTrack Paul Maher will be discussing the direction of Microsoft Copilot in the Microsoft Commercial Marketplace. He’ll be joined by a team of experts who will offer insights into how to deepen success across offer type and channel.
This virtual event is on May 28, 9 – 10 am PDT and I understand it’s a great time for all Microsoft partners and organizations to gain insights and share experiences in this live, interactive session.
Register here: https://msit.events.teams.microsoft.com/event/12a098f6-9e2a-40ae-b43f-321e7d2eb166@72f988bf-86f1-41af-91ab-2d7cd011db47
Hope to see you’ll there!
Sharing a really interesting virtual event whereby GM, Marketplace FastTrack Paul Maher will be discussing the direction of Microsoft Copilot in the Microsoft Commercial Marketplace. He’ll be joined by a team of experts who will offer insights into how to deepen success across offer type and channel. This virtual event is on May 28, 9 – 10 am PDT and I understand it’s a great time for all Microsoft partners and organizations to gain insights and share experiences in this live, interactive session. Register here: https://msit.events.teams.microsoft.com/event/12a098f6-9e2a-40ae-b43f-321e7d2eb166@72f988bf-86f1-41af-91ab-2d7cd011db47 Hope to see you’ll there! Read More
Where are your users? WFH or Office?
▶ Head over to Working from home report (wfh.report) and feast your eyes on the demo map showing user locations.
And, if you are an admin, you can explore the whereabouts of your real users!
▶ Head over to Working from home report (wfh.report) and feast your eyes on the demo map showing user locations.And, if you are an admin, you can explore the whereabouts of your real users! Read More
Copy filtered data from one workbook to another workbook
Need help with vba macro in the below scenario
I have data in one workbook in sheet 1(raw data)
I have to apply filter to the sheet and filter by pending from status column.
Need to copy entire data except the header and paste in another existing workbook_2 in sheet 1,(report). Remove the filter.
Now again filter the data by completed status along with T-2 Working days from end date column.(Raw data).
Copy entire data, except the header and paste in (report) below the existing data.
Remove both the filters.
Again filter the data by exception in status column & copy entire data except the header and paste in report below the existing data.
Now from report sheet of workbook_2, have to copy column F,G,H,J and have to paste it in sheet 1 of Workbook_3 in column B only starting from row 4.
Need help with vba macro in the below scenario I have data in one workbook in sheet 1(raw data) I have to apply filter to the sheet and filter by pending from status column.Need to copy entire data except the header and paste in another existing workbook_2 in sheet 1,(report). Remove the filter.Now again filter the data by completed status along with T-2 Working days from end date column.(Raw data). Copy entire data, except the header and paste in (report) below the existing data.Remove both the filters.Again filter the data by exception in status column & copy entire data except the header and paste in report below the existing data. Now from report sheet of workbook_2, have to copy column F,G,H,J and have to paste it in sheet 1 of Workbook_3 in column B only starting from row 4. Read More
What’s new in SSMS 20 and what’s next in version 21 | Data Exposed
In this episode, we’ll review the major changes in SSMS 20, and talk about the roadmap and next release.
Resources:
SSMS Release notes: Release notes for SQL Server Management Studio (SSMS)
SSMS Download: Download SQL Server Management Studio (SSMS)
Blog post series, Upcoming changes for SQL Server Management Studio (SSMS):
Part 1 – SSMS 20 connection changes
Part 2 – SSMS 20 connection dialog
Part 3 – SSMS 20 GA and roadmap
New SSMS connection page: https://aka.ms/ssms-connection
Feedback site: https://aka.ms/sqlfeedback
View/share our latest episodes on Microsoft Learn and YouTube!
Microsoft Tech Community – Latest Blogs –Read More
Help with a worksheet
Looking to have a spreadsheet that auto populated a total printable sheet count correlating to an equation.
Example: unit qty total = 152,000
Units per skid= 2,400
63 skids @ 2,400 and 1 skid @800
Id like this transferred to the work sheet in cells that read as: ___ of ___
And have it automate the above blank information in accordance to what the equation above would be. And to make it printable in numerical order.
Sorry if I am unclear but I am no where near an excel wiz.
Thank you
Looking to have a spreadsheet that auto populated a total printable sheet count correlating to an equation. Example: unit qty total = 152,000 Units per skid= 2,400 63 skids @ 2,400 and 1 skid @800 Id like this transferred to the work sheet in cells that read as: ___ of ___And have it automate the above blank information in accordance to what the equation above would be. And to make it printable in numerical order. Sorry if I am unclear but I am no where near an excel wiz. Thank you Read More
Trying to Duplicate Form
I’m unable to duplicate form from personal account to work account. I try and open the link on my other microsoft account and it just asks me to sign in again and after signing in, it doesn’t appear in my form lists.
I’m unable to duplicate form from personal account to work account. I try and open the link on my other microsoft account and it just asks me to sign in again and after signing in, it doesn’t appear in my form lists. Read More
Guests are no longer able to access SharePoint site
Previously we required guests that receive an invitation to our SharePoint site to create a free Microsoft account and then accept the invitation. Recently we have found folks that have a Google account are able to accept the invitation and can access our site with a one-time passcode. Those that are doing that, are losing access periodically and it is become a nightmare to assess. They receive a message that “We couldn’t find your account” or no account exists. We see them in our AD as a guest, they are permissioned to the SharePoint site, but continue to get an error. Only when we remove them entirely from our tenant, have them create a free Microsoft account and then accept the invitation will they have consistent access without errors.
Did Microsoft make a change lately that is causing this disruption? Any ideas on how we can mitigate it?
Previously we required guests that receive an invitation to our SharePoint site to create a free Microsoft account and then accept the invitation. Recently we have found folks that have a Google account are able to accept the invitation and can access our site with a one-time passcode. Those that are doing that, are losing access periodically and it is become a nightmare to assess. They receive a message that “We couldn’t find your account” or no account exists. We see them in our AD as a guest, they are permissioned to the SharePoint site, but continue to get an error. Only when we remove them entirely from our tenant, have them create a free Microsoft account and then accept the invitation will they have consistent access without errors.Did Microsoft make a change lately that is causing this disruption? Any ideas on how we can mitigate it? Read More
Check your user locations in real time, WFH or Offices
▶▶▶ Head over to Working from home report (wfh.report) and feast your eyes on the demo map showing user locations.
And, if you are an admin, you can expore the whereabouts of your real users!
▶▶▶ Head over to Working from home report (wfh.report) and feast your eyes on the demo map showing user locations. And, if you are an admin, you can expore the whereabouts of your real users! Read More
ARM Deployment Stacks now GA!
TL; DR– Deployment Stacks is a new resource type for managing a collection of Azure resources as a single unit for faster update and delete (cleanup), while also preventing unwanted changes to those resources. Now Generally Available!
The Problem: managing the lifecycle (creates, updates, deletes) of resources across multiple Azure scopes (Resource Group, Management Groups, Subscription) is both complex and time consuming. On top of that, ensuring resources have the proper guard rails in place adds more complexity to the deployment and management of those resources.
First let’s review common scenarios of where this added complexity is seen today:
Cleanup: resources with the same lifecycle are often created across multiple scopes. If you ever need to delete these resources, it requires manually navigating to each scope to clean them up (e.g. deleting test Storage accounts and VMs across numerous resource groups).
Unwanted (Accidental) changes: many developers require contributor and owner rights to certain scopes to work on their projects. Sometimes accidental changes can be done to resources (e.g. deleting resources, changing to a more premium SKU) using other clients (e.g. a user updating a “bicep-managed” or “ARM-Template” resource directly with the portal). This makes reconciling difficult when you need to redeploy that bicep file or ARM Template.
Why Deployment Stacks?
Deployment Stacks will enable users to deploy a collection of resources across scopes as a single atomic unit (Bicep or ARM Template). The deployment stack protects its managed resources against unwanted changes.
The Solution: 1st Party resource enabling 1-to-many CRUD operations and resource change prevention.
Cleanup: easily delete or update resources across scopes with a single update to the deployment stack resource as a 1-to-many operation. You can also delete the entire stack to clean up the entire set of managed resources in one atomic action.
Unwanted (Accidental) changes: block changes to managed resources with the deny settings capability of a deployment stack.
The Deployment Stack Resource – Key Concepts
A deployment stack is a method of deploy an ARM Template or Bicep file which tracks the resources deployed in a “managedResources” list. Beyond the capabilities of conventional ARM Template or Bicep deployments, there are two main capabilities that deployment stacks bring to Azure:
“ActionOnUnamange”: With this setting a deployment stack resource knows what action to take when a managed resource becomes unmanaged (removed from the ARM/Bicep template). A “managedResources” can be either deleted or detached. One can trigger the “actionOnUnmanage” behavior directly on all “managedResources” by deleting the deployment stack along with the desired setting or indirectly by removing resources from the template passed into the next deployment stack update along with the desired setting.
“DeleteResources”: this setting will delete resources that become unmanaged. Resource Groups and Management Groups will be detached.
“DeleteAll”: this setting will delete resources, resource groups, AND management groups that become unmanaged.
“DetachAll”: this setting will detach resources. In other words, the resources are removed from the deployment stack, and will continue to exist in Azure.
“DenySettingsMode”: this setting enables a denyAssignment that prevents any changes to “managedResources”, attempted from outside of the deployment stack.
“DenyDelete”: this setting will enable a denyAssignment that will block all attempted deletes to “managedResources”
“DenyWriteAndDelete”: this setting will enable a denyAssignment that will block all attempted writes and deletes to “managedResources”.
“None”: this setting disables the denyAssignment.
The Deployment Stack Resource – Create and Update
A deployment stack can be created at different scopes, such as, Resource Group, Subscription, and Management Group scope. To create a deployment stack, we need the following information:
A main template, main.bicep or azuredeploy.json, that defines the “managedResources” to be created by the deployment stack. Think of which resources that share the same lifecycle can be defined into a deployment stack (e.g. networking resources, DevTest environments, Applications). For example, here is “mainAppInfra.bicep”:
targetScope = ‘subscription’
param resourceGroupName1 string = ‘testapp-storage’
param resourceGroupName2 string = ‘testapp-network’
param resourceGroupLocation string = deployment().location
//Create Resource Groups
resource testrg1 ‘Microsoft.Resources/resourceGroups@2021-01-01’ = {
name: resourceGroupName1
location: resourceGroupLocation
}
resource testrg2 ‘Microsoft.Resources/resourceGroups@2021-01-01’ = {
name: resourceGroupName2
location: resourceGroupLocation
}
//Create Storage Accounts
module firstStorage ‘multistorage.bicep’ = if (resourceGroupName1 == ‘testapp-storage’) {
name: uniqueString(resourceGroupName1)
scope: testrg1
params: {
location: resourceGroupLocation
}
}
//Create Virtual Networks
module firstVnet ‘multinetwork.bicep’ = if (resourceGroupName2 == ‘testapp-network’) {
name: uniqueString(resourceGroupName2)
scope: testrg2
params: {
location: resourceGroupLocation
}
}
This file deploys storage account and virtual network to different resource groups.
Choose “ActionOnUnmanage” setting of “DeleteResources”, “DeleteAll” or “DetachAll”.
Choose “DenySettingsMode” setting of “DenyDelete”, “DenyWriteAndDelete” or “None”.
Choose the scope of the deployment stack and target scope of its deployment.
To help us start visualizing this, let’s look at what an Azure CLI command to create deployment stack at subscription scope looks like:
az stack sub create –name “DevTestEnvStack” –template-file “mainAppInfra.bicep” –location “westus2” –action-on-unmanage “deleteResources” –deny-settings-mode “denyDelete”
Here is the response from that command (some stack properties removed for simplicity of example):
{
“actionOnUnmanage”: {
“managementGroups”: “detach”,
“resourceGroups”: “detach”,
“resources”: “delete”
},
“deletedResources”: [],
“denySettings”: {
“applyToChildScopes”: false,
“excludedActions”: [],
“excludedPrincipals”: null,
“mode”: “denyDelete”
},
“deploymentId”: “/subscriptions/***/providers/Microsoft.Resources/deployments/DevTestEnvStack-24052002bd5h1”,
“detachedResources”: [],
“failedResources”: [],
“id”: “/subscriptions/***/providers/Microsoft.Resources/deploymentStacks/DevTestEnvStack”,
“location”: “westus2”,
“name”: “DevTestEnvStack”,
“provisioningState”: “succeeded”,
“resources”: [
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-network”,
“status”: “managed”
},
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-network/providers/Microsoft.Network/virtualNetworks/testnetbjildrqs4q6ve”,
“resourceGroup”: “testapp-network”,
“status”: “managed”
},
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-storage”,
“status”: “managed”
},
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-storage/providers/Microsoft.Storage/storageAccounts/teststore1ic7t5vnieyika”,
“resourceGroup”: “testapp-storage”,
“status”: “managed”
},
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-storage/providers/Microsoft.Storage/storageAccounts/teststore2ic7t5vnieyika”,
“resourceGroup”: “testapp-storage”,
“status”: “managed”
}
],
“type”: “Microsoft.Resources/deploymentStacks”
}
In this example, a deployment stack named “DevTestEnvStack” was created, and the resulting output of the command shows the details about the deployment stack resource and its managed resources. Note the “status” of each resource as “managed”. To refer back to those details, you can use the show command in CLI:
az sub stack show –name “DevTestEnvStack”
The result will contain all information on the specified deployment stacks object, such as, resource ID of the deployment stack, array of managed resources, deny setting configurations, and actionOnUnmanage settings. Let’s take a look at “actionOnUnmanage” in particular:
“actionOnUnmanage”: {
“managementGroups”: “detach”,
“resourceGroups”: “detach”,
“resources”: “delete”
}
Given the current configuration, if we were to remove a resource from the mainAppInfra.bicep template, that resource will be deleted by the Deployment Stack. In our example, let’s remove the virtual network resource from our template:
targetScope = ‘subscription’
param resourceGroupName1 string = ‘testapp-storage’
param resourceGroupName2 string = ‘testapp-network’
param resourceGroupLocation string = deployment().location
//Create Resource Groups
resource testrg1 ‘Microsoft.Resources/resourceGroups@2021-01-01’ = {
name: resourceGroupName1
location: resourceGroupLocation
}
resource testrg2 ‘Microsoft.Resources/resourceGroups@2021-01-01’ = {
name: resourceGroupName2
location: resourceGroupLocation
}
//Create Storage Accounts
module firstStorage ‘multistorage.bicep’ = if (resourceGroupName1 == ‘testapp-storage’) {
name: uniqueString(resourceGroupName1)
scope: testrg1
params: {
location: resourceGroupLocation
}
}
Now let’s we redeploy the deployment stack with the same command:
az stack sub create –name “DevTestEnvStack” –template-file “mainAppInfra.bicep” –location “westus2” –action-on-unmanage “deleteResources” –deny-settings-mode “denyDelete”
Here is the response from that command (some stack properties removed for simplicity of example):
{
“actionOnUnmanage”: {
“managementGroups”: “detach”,
“resourceGroups”: “detach”,
“resources”: “delete”
},
“deletedResources”: [
{
“id”: “/subscriptions/***/resourceGroups/testapp-network/providers/Microsoft.Network/virtualNetworks/testnet1bjildrqs4q6ve”,
“resourceGroup”: “testapp-network”
},
{
“id”: “/subscriptions/***/resourceGroups/testapp-network/providers/Microsoft.Network/virtualNetworks/testnet2bjildrqs4q6ve”,
“resourceGroup”: “testapp-network”
}
],
“denySettings”: {
“applyToChildScopes”: false,
“excludedActions”: [],
“excludedPrincipals”: null,
“mode”: “denyDelete”
},
“deploymentId”: “/subscriptions/***/providers/Microsoft.Resources/deployments/DevTestEnvStack-24052317bd010”,
“deploymentScope”: null,
“description”: null,
“detachedResources”: [],
“failedResources”: [],
“id”: “/subscriptions/***/providers/Microsoft.Resources/deploymentStacks/DevTestEnvStack”,
“location”: “westus2”,
“name”: “DevTestEnvStack”,
“provisioningState”: “succeeded”,
“resources”: [
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-network”,
“status”: “managed”
},
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-storage”,
“status”: “managed”
},
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-storage/providers/Microsoft.Storage/storageAccounts/teststore1ic7t5vnieyika”,
“resourceGroup”: “testapp-storage”,
“status”: “managed”
},
{
“denyStatus”: “denyDelete”,
“id”: “/subscriptions/***/resourceGroups/testapp-storage/providers/Microsoft.Storage/storageAccounts/teststore2ic7t5vnieyika”,
“resourceGroup”: “testapp-storage”,
“status”: “managed”
}
],
“type”: “Microsoft.Resources/deploymentStacks”
}
Note that the virtual network resource is no longer “managed” and can now be seen in the “deletedResources” array property of the deployment stack response. This shows how deployment stacks can be used to easily delete resources by removing them from the template with the appropriate “–actionOnUnmanage” behavior defined.
You can also view the Deployment Stack and its contents in portal by navigating to the specified scope (Subscription for this example) > settings > deployment stacks.
Select the deployment stack “DevTestEnvStack” to view:
Beyond deciding on the behavior for “actionOnUnmanage” it is also important to define what deny settings mode should the deployment stack use. This enables guard-rails to help protect your “managedResources” against unwanted changes. In our initial example, we specified DenyDelete for our deny settings mode. Behind the scenes, our deployment stack resource created a deny assignment for each of its managedResources. This means that other users (not our deployment stack) can make updates/writes to the provisions test storage accounts, but can’t delete them, even if they have owner access to that resource and scope.
In some cases, you might need some flexibility or stop gap measure for the deny settings mode. For example, you may want to exclude a particular admin user from the deny assignment, such that they can go and delete the resource manually (outside of the context of a deployment stack), or maybe you want to exclude specific actions for all users (e.g. Still allow all users to perform Writes and Deletes to storage accounts and virtual network resource types). This can be done with the following exclusion parameters for deny settings:
“DenySettingsExcludedPrincipals”: this setting will exclude the list of AAD Principal IDs from the denyAssignment.
“DenySettingsExcludedActions”: this setting will exclude the list of RBAC Actions from the denyAssignment.
In our example, if we were to decide to exclude a specific user ID and also exclude the ability to delete storage accounts from the deployment stack’s deny settings, the command will now look like this:
az stack sub create –name “DevTestEnvStack” –location “westus2” –template-file “mainAppInfra.bicep” –actionOnUnmanage “DeleteAll” –deny-settings-mode “DenyDelete” –deny-settings-excluded-principals “12304812408-2148124081” –deny-settings-excluded-actions “Microsoft.Storage/storageAccounts/delete”
These exclusion flags give you the flexibility to enable access to “managedResources” for specific users or specific actions, while keeping all other “managedResources” secured with deny settings. For more information on deployment stacks, please visit our docs and our GitHub.
Deployment Stacks Docs Reference:
Quickstart: Create and deploy a deployment stack with Bicep (Preview) – Azure Resource Manager | Microsoft Learn
How-To: Create & deploy deployment stacks in Bicep – Azure Resource Manager | Microsoft Learn
Tutorial: Use deployment stack with Bicep – Azure Resource Manager | Microsoft Learn
GitHub: Azure/deployment-stacks: Contains preview Deployment Stacks CLI scripts and releases (github.com)
CLI Reference
PowerShell Reference
Microsoft Tech Community – Latest Blogs –Read More
