Can’t swap Azure subscriptions

So I have a situation where an Azure subscription expired and was then disabled (through no fault of my own I might add).

The status shows as disabled. Problem is now a new valid subscription has been added but I can’t move the resource groups from the old (and disabled) subscription to the new one because:

Error type

The subscription '8a6d2938-80eb-43bf-XXXX-142XXXX1ab90' is disabled and therefore marked as read only. You cannot perform any write actions on this subscription until it is re-enabled. (Code: ReadOnlyDisabledSubscription)
(Code: ReadOnlyDisabledSubscription)

In a nutshell the disabled subscription is now read only and I can’t shift resources if it is read write. That means I’d have to somehow re-enable it (typically converting it to PAYG), just to move to a new subscription.

So, the moral of this story seems to be, don’t let an Azure subscription expire and become disabled because migrating stuff out of it may not be possible!

Configuring Microsoft 365 PAYG Bizchat agents

You don’t need a full license of Microsoft 365 Copilot for each user to create custom Bizchat agents, you can tie your Copilot billing to an Azure subscription, create and publish custom Bizchats agents to your users with Microsoft Copilot Studio quick and easily as shown in this video.

Video link = https://www.youtube.com/watch?v=kow8UJmZLaU

A better KQL Query to report failed login by country

The above is an improved version of a KQL query you can use to report on failed logins to Entra ID over the past 30 days. It also excludes a country (here Australia) if desired.

The country codes are here:

https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

Note: if you copy and paste directly from here you will probably have the change the “ when you paste into your own environment as the wrong “ gets taken across!

Configuring Microsoft 365 Copilot Chat PAYG

https://www.youtube.com/watch?v=lmvuKIkLexY

How to add a metered or consumption billing to Microsoft 365 Copilot Chat is provided in this video. You’ll see s step by step process of what you need to do to allow agents built with Copilot Studio to your free version of Microsoft 365 Copilot Chat.

Keeping tabs on Azure costs via email

A common concern that holds many back from using all the resources available in Azure is consumption billing aka being billed for what you use rather than a flat fee as you get with Microsoft 365 services.

Here’s a way to keep an eye on those costs daily via email.

Firstly, login to the Azure portal as an administrator and then navigate to Cost Management + Billing. Next, you want to set up the report that you want to see daily.

For me I want to see Cost Analysis for the current monthly with accumulated costs, grouped by resource, granularity daily and as a stacked column as shown above. When you have it the way you want select the Save option on the menu at the top of the page.

You’ll be asked for a name, as you see above. Select Save when complete.

Also on the menu at the top, now select Subscribe as shown above.

Select the Add option from the Subscribe to emails option that appears on the right as shown above.

You should see the View you just saved at the top. Now complete the rest of the fields as desired. Personally, I select the option to include a CSV and want the report every day. The only challenge is that you can only specify a maximum end date 12 months out from the day you configure this. You’ll need to return annually to update this.

Select Save at the bottom of screen and you should now see your configuration listed as shown above.

You’ll get a summary email confirming these settings as shown above.

You should now start receiving a summary email on at the frequency your selected as shown above. You’ll see a screen shot of the report and a CSV attachment if you elected to include that.

Hopefully, this option provides greater piece of mind when it comes to monitoring costs with Azure. Remember, you can create as many subscription reports as you want to see a range of different details if desired.

Why can’t I delete a Power Platform PAYG billing plan?

*** Update 5 Feb 2025: Delete billing plan is now available. Developers were working on the back end causing the issue.

I want to delete the Power Platform PAYG Billing plan called CopilotStudio as seen above.

If I select the pla, as shown above, the the options See details and Edit are available only.

If I Select See details the above information is shown but with no delete option.

Selecting Edit plan displays the above, again with no Delete option.

The billing plan has no environments inside it.

Originally, the PAYG Billing plan was tied to an Azure Resource Group that has also now been removed. Yet, the billing plan remains?

Where is the delete option? Anyone know?

Distributed Password cracking attempts detected by Sentinel

Over the past couple of days I’ve inundated with failed logins from locations all around the world. You can see a partial list of the those IPs reported in Sentinel above.

But, for the first time I also found this alert had triggered an incident in Sentinel – Distributed Password cracking attempts in Microsoft Entra ID, as seen above.

Here is the list and locations so far:

IP Address	Origin (Country)	Potential Organization (if identifiable)
31.141.37.30	Russia	Provider: Rostelecom
38.222.57.97	United States	Comcast Cable Communications
190.99.43.237	Argentina	Telecom Argentina
187.55.129.25	Brazil	Vivo (Telefônica Brasil)
186.77.198.100	Brazil	Oi S.A.
24.152.24.225	United States	Cox Communications
102.212.239.10	Uganda	Uganda Telecom
131.161.44.200	United States	Microsoft Corporation
177.222.169.132	Brazil	TIM Brasil
31.155.228.215	Romania	UPC Romania
168.228.92.190	Brazil	NET Virtua
186.235.247.106	Brazil	Oi S.A.
177.124.90.249	Brazil	Vivo (Telefônica Brasil)
189.84.180.196	Brazil	Oi S.A.
190.89.30.3	Brazil	Vivo (Telefônica Brasil)
201.77.175.53	Brazil	Oi S.A.
206.0.9.157	United States	Comcast Cable Communications
138.0.25.140	Brazil	Oi S.A.
176.29.230.49	Ukraine	Ukrtelecom
191.99.34.144	Brazil	Claro Brasil
87.116.135.139	France	Orange S.A.
170.82.15.6	Brazil	Claro Brasil
84.54.71.37	Spain	Telefónica
170.231.164.96	Brazil	Oi S.A.
45.231.208.166	Mexico	Megacable
190.14.176.31	Colombia	ETB (Empresa de Telecomunicaciones de Bogotá)
85.106.118.20	Italy	TIM (Telecom Italia)
191.189.9.96	Brazil	Claro Brasil
152.249.19.25	Argentina	Telecom Argentina
189.34.199.125	Brazil	Vivo (Telefônica Brasil)
41.225.129.174	Nigeria	MTN Nigeria
85.96.249.52	Italy	Vodafone Italia
197.26.214.34	South Africa	MTN South Africa
187.183.41.6	Brazil	Claro Brasil
177.126.234.232	Brazil	Vivo (Telefônica Brasil)
149.86.137.85	United States	AT&T

Always nice to have Sentinel on the job letting me know what’s going on!

Entra Global Secure Access client for iOS now in preview

In it’s simplest form, think of Entra Global Secure Access as a full time secure VPN to resources like Microsoft 365 services such as SharePoint, Exchange, Teams, etc as well as to on premises resources and finally to Internet web sites.

Entra Global Secure Access does this on iOS via a Microsoft Defender app on the device and configuration via Intune. You can now try this out by following:

Global Secure Access client for iOS (preview)

The Entra Global Secure Access service requires a paid subscription as well as Entra ID P1 or P2 (i.e. it is Microsoft 365 Business Premium compatible). When you have enabled the client you will see in Defender:

Screenshot of the iOS Microsoft Defender dashboard.

Unfortunately, the preview as yet doesn’t support the Internet traffic forwarding, which other clients do. Hopefully, that is not far away as that will really make this a killer product in my books.

I have been using Entra Global Secure access on all my Windows and Android devices for quite a while now without issues and look forward to seeing the iOS client fully mature.