Azure Storage: diagnose a private endpoint without opening the account
An operational runbook for Azure Storage private access failures by separating DNS, Private Endpoint, firewall, identity, logs and rollback evidence.
Read article
Tag
logs
17 articles connected to this technical signal.
KQL snippet: isolate Azure Storage 403 on a private endpoint
A short query to separate identity, firewall, public endpoint and wrong subresource when private Azure Storage access is denied.
Read articleAzure App Service: diagnose a private endpoint before redeploying
Build an operational runbook for App Service private access failures by separating DNS, Private Endpoint, access restrictions, Application Gateway, application logs and rollback evidence.
Read articleKQL snippet: correlate private App Service and Application Gateway
A short query to separate WAF, gateway, private DNS, access restrictions and App Service logs during a private access incident.
Read articleAzure Functions: diagnose a private HTTP endpoint before changing code
Build an operational runbook for private Azure Functions failures by separating DNS, Private Endpoint, access restrictions, private storage, Application Insights logs and rollback evidence.
Read articleKQL snippet: correlate an Azure Functions private HTTP endpoint
A short query to separate DNS, private access, Functions runtime and application exceptions during a private HTTP incident.
Read articleAzure AKS: diagnose private ingress before changing deployments
Build an operational runbook for AKS private ingress failures by separating DNS, Application Gateway, ingress controller, Kubernetes service endpoints, pod readiness and rollback evidence.
Read articleKQL snippet: correlate AKS private ingress and application logs
A short query to read ingress controller and application logs together when a private AKS route returns 502, timeouts or no endpoints.
Read articleAzure Container Apps: diagnose private ingress before changing revisions
Build an operational runbook for Azure Container Apps private ingress failures by separating DNS, ingress mode, revision routing, application logs and rollback evidence.
Read articleKQL snippet: diagnose Container Apps private ingress and revisions
A short query to correlate Azure Container Apps system and console logs when private ingress, probes or revision traffic fail.
Read articleAzure internal APIM: diagnose a private API before changing policies
Qualify a failure across Application Gateway, WAF, internal APIM and a private backend by separating DNS, routing, policy, identity and logs before any fix.
Read articleKQL snippet: correlate WAF and APIM on an Azure private API
A short query to see whether a private API request is blocked by Application Gateway WAF, received by APIM or missing from the expected path.
Read articleAzure managed identity: diagnose private access before changing permissions
Build a runbook for Key Vault, Storage or private API access failures with managed identity, RBAC, private DNS, logs and real execution evidence.
Read articleKQL snippet: diagnose Key Vault denial with managed identity
A short query to separate identity denial, network path and source address when an Azure workload can no longer access Key Vault.
Read articleService identity and secret rotation: a production runbook, not an isolated task
Build operable rotation for secrets, certificates, and application identities with dependency inventory, evidence, change windows, monitoring, and rollback.
Read articleKQL snippet: detect authentication errors after secret rotation
A short query to watch 401, 403, and 500 errors after rotating an application secret or service identity.
Read articlePrivate-network AI agent: which controls to keep around data, actions and logs
Design a private AI agent with technical guardrails around internal sources, triggered actions, identities, logs, human validation and network boundaries.
Read article