:::: MENU ::::
Browsing posts in: Azure

How to update Azure DevOps Service Principal connection once expired

When you use Azure DevOps to deploy your projects you can connect it to Azure via different methods. The most convenient type of service connection is `Azure Resource Manager using service principal authentication`.

This type of connection creates application in your Azure Active Directory which is used as a Service Principal. Then for this application secret is generated, so Azure DevOps can connect to Azure. This secret token is expiring from time to time. The default time to live is 2 years but it may vary.

Once the secret is expired you will get this type of error when trying to deploy your code to Azure:

##[error]Error: Failed to get resource ID for resource type 'Microsoft.Web/Sites' and resource name 'XXX'. Error: Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired. For more information refer https://aka.ms/azureappservicedeploytsg
Error during deployment once secret for Service Principal expired.
Continue Reading

Azure Log Analytics / Application Insights – search everywhere

If you have Azure Log Analytics or Application Insights, where you have different data sources, like exceptions, requests, traces, customEvents, you may want to search for some certain phrase everywhere, because you don’t know in which data source you should check or in which column.

There is quite handy way of doing that – search in query.

Quick example:

search in (exceptions, requests, traces, customEvents) "ManagedIdentityCredential"

And details in documentation.

Print all environment variables in Azure DevOps for Linux Agents with Bash

If you are looking how to achieve the same goal with Windows agents and PowerShell see Print all environment variables in Azure DevOps for Windows Agents with Powershell.

If you’d like to see all the environment variables configured during your build or release on Linux agent just add the Bash task with:


so it looks like

Bash task with printenv

and when you’ll execute your build or release pipeline you should be able to see all the environment variables:

Print all environment variables in Azure DevOps for Windows Agents with Powershell

If you are looking how to achieve the same goal with Linux agents and Bash see Print all environment variables in Azure DevOps for Linux Agents with Bash.

OK, so I had a problem with trying to figure out which variables are available for me and what are their values – Microsoft documentation is not always that helpful on that. As inspired by Mohit Goyal post I would like to share the same idea – on how to debug all the available variables but this time on those machines where you don’t have bash but powershell instead.

Just add to your pipeline PowerShell task, switch to inline script and fill the script

Get-ChildItem -Path Env:\ | Format-List

so it looks like

and after creation of a new release pipeline and execution of this pipeline you should have something like this:

Find blocked requests by Azure WAF in Log Analytics

Assuming that you have correctly connected Azure WAF to Log Analytics you can run a simple query to list all the requests that have been blocked by WAF

| where ResourceType == "FRONTDOORS" and Category == "FrontdoorWebApplicationFirewallLog"
| where action_s == "Block"
| order by TimeGenerated desc 

Collecting IP addresses in Azure App Insights

When you want to collect IP addresses in Azure App Insights, you have to enable it. By default IP addresses are masked and you can only see some basic information like city or country.

If you want to enable this feature you can’t use Azure Portal, at least for now. The easiest way to do it, is to use Azure Resource Explorer.

  1. Go to https://resources.azure.com/ and pick proper AD you want to work with
  2. Click on Read/Write mode in top of the page.
  3. Find your App Insight instance by going into subscriptions / YOUR_SUBSCRIPTION / resourceGroups / YOUR_RESOURCE_GROUP / providers / microsoft.insights / components
  4. In Data tab click on Edit
  5. Remove the content of the properties property and put "DisableIpMasking": true
  6. Hit Patch button since we are changing the part of the resource definition.
  7. Done!

Example JSON payload

  "id": "/subscriptions/XXX/resourceGroups/XXX/providers/microsoft.insights/components/XXX",
  "name": "XXX",
  "type": "microsoft.insights/components",
  "location": "westeurope",
  "tags": {},
  "kind": "web",
  "etag": "\"XXX\"",
  "properties": {
    "DisableIpMasking": true

Also this part of a documentation may be useful https://docs.microsoft.com/en-us/azure/azure-monitor/app/ip-collection