Day 537. The #Azure Portal setting for startup directory applies to your whole Microsoft Account and not just the browser you are currently in. Which is kind of stupid, because if you have multiple browsers set up for multiple Azure tenants, Azure will per default always log you into the same Azure tenant, regardless of your work environment.

Day 536. In case you are wondering, the terms "Azure tenant" and "Azure directory" largely refer to the same thing and are most often used interchangebly. They even always have the same UUID. According to #Microsoft support, there apparently is some distinction on a technical level though. Why does it always have to be this complicated?

Day 535. Once you have associated a custom route table to your #Azure Kubernetes Cluster, you are not allowed to change that route table. That seems to be a completely arbitrary limitation since you are allowed to change all custom routes, just not the name of the route table. And while they also state it in the docs, it doesn't get explained. Want to use a new route table for your cluster? Easy, deploy a new cluster.

Day 534. When you read the #Azure Service Principal of the Microsoft Graph application as data source in Terraform, the complete output is around 16000 lines and this data source alone will add approximately 760kB to your Terraform state. That is because this data source contains all of these application's app roles and all OAuth2 permission scopes including their descriptions.

Day 533. Hey, that's a cool diagram we found there in the #Azure Virtual Network DNS resolution docs.

Day 532. Does this combination of 'failed' provisioning state and 'all succeeded' status of our #Azure Virtual Machine Scale Set make any sense to you?

Day 531. Once you have enabled a Web Application Firewall on your #Azure Application Gateway by associating a WAF policy, there is no way to disable the WAF again. The only way to get rid of the WAF is to delete the Application Gateway and recreate it again. That seems like a completely arbitrary limitation and will hit you hard once you decide you no longer want to use the WAF feature.

Day 530. When creating an #Azure Log Analytics Workspace data export rule through #Terraform and you use a name that does not comply with the naming constraints, the Azure provider will tell you that this name is not allowed, but won't tell you what's wrong.
Tip: The names are not allowed to have an underscore.

Day 529. When you click on this "Copy to clipboard" in the #Azure Portal in the Application Gateway overiew, it doesn't only copy the gatway's Public IP address but also the name in the brackets. How is that helpful?

Day 528. On day 425 we showed how #Azure finally introduced a workaround for a limitation in their Private Link DNS integration concept by allowing the Azure DNS resolver to fall back to Public DNS in case a Private Link DNS zone does not have a corresponding DNS record. This could be a really useful feature for Private DNS zones in general, but for some reason you are only allowed to use it for Private Link DNS zones.