Skip to main content
Complete GuideAzure Resource ManagerClassic Deployment (ASM)AZ-104

How Azure Resource Manager Differs from the Classic Deployment Model

Two control planes have governed Azure since its earliest days — one flat, imperative, and gone; one layered, declarative, and now the only one that exists. Understanding the difference isn't just history. It's the reason resource groups, tags, RBAC, and infrastructure-as-code work the way they do today, and it still shows up on certification exams, in architecture interviews, and in the occasional decade-old subscription nobody's touched since 2015.

Current status, verified

The classic deployment model (Azure Service Manager / ASM) was fully retired on August 31, 2024. Classic resource provider endpoints were disabled on that date, and self-service migration tooling built specifically for classic-to-ARM migration is no longer available for most resource types. Azure Resource Manager has been the sole supported deployment and management model since that date.

This guide explains the architectural differences for learning, certification, and interview purposes — and gives practical steps for identifying and handling any classic resource remnants you might still encounter in an older subscription.

2010 → 2024
Azure Service Manager (classic) was the control plane from Azure's earliest days until its retirement on August 31, 2024
XML → JSON
Classic used the XML-based Service Management API. ARM uses a JSON-based REST API — the foundation for templates, Bicep, and the Azure SDKs
Flat → Grouped
Classic resources lived loosely under a subscription. ARM introduced resource groups as a first-class organizing and access-control boundary
All-or-nothing → RBAC
Classic access was co-administrator or nothing. ARM introduced granular, built-in and custom role-based access control

Every cloud platform accumulates a first control plane and, if it lives long enough, a second one that replaces it. Azure's first was the Service Management API — what almost everyone calls the "classic" deployment model, or ASM (Azure Service Manager). It shipped with Azure's public launch and worked the way infrastructure automation worked in 2010: a flat list of resources under a subscription, managed through an XML-based API, secured by a management certificate, with no native concept of grouping, tagging, or fine-grained access control. Azure Resource Manager (ARM) arrived years later as a deliberate redesign — not a patch, a different model entirely — introducing resource groups, a JSON-based declarative API, role-based access control, and the templating foundation that Bicep and most infrastructure-as-code tooling on Azure still builds on today. For a decade, both models coexisted, and choosing between them was a real architectural decision. That decision no longer exists: classic was fully retired on August 31, 2024, and ARM is Azure's only deployment model. Understanding the difference remains useful anyway — for exams, for reading old architecture diagrams, and for recognizing decade-old subscriptions that still carry the classic model's fingerprints.

Figure 1 — Two control planes: flat and certificate-secured vs. grouped and identity-secured
CLASSIC (ASM) — flat resource list, one subscription, one access levelSUBSCRIPTION (classic)Cloud ServiceStorage AcctVirtual NetworkVM (classic)VM (classic)EndpointNo grouping. No tags. No resource-level RBAC.Access: management certificate or co-admin — all or nothing.API: XML-based Service Management API. Sequential deploys.ARM — resource groups, layered RBAC, declarative templatesSUBSCRIPTION (ARM)Resource Group: prodVM · VNet · StorageTags · Locks · RBAC scopedeployed via Bicep/ARM JSONResource Group: devVM · VNet · StorageIndependent RBAC scopeisolated from prodGrouped by lifecycle. Tags + resource locks native.Access: granular RBAC (built-in + custom roles), per scope.API: JSON-based REST API. Parallel, idempotent deploys.THE CORE SHIFT: classic managed individual resources directly against a subscription.ARM introduced a MANAGEMENT LAYER above resources — Resource Manager — that everytool (portal, CLI, PowerShell, SDKs, Terraform) calls through, giving consistent accesscontrol, tagging, and deployment behavior regardless of which tool issued the request.This is why ARM enabled things classic structurally could not: resource groups as an accessboundary, declarative idempotent templates, tag-based cost tracking, and Azure Policy —none of which classic's flat, certificate-secured model had any mechanism to express.
Classic resources sat directly under a subscription with no native grouping, secured by an all-or-nothing management certificate or co-administrator role. ARM inserted a consistent management layer — Resource Manager itself — between every tool and every resource, which is what makes resource groups, granular RBAC, tags, and declarative templates possible in the first place.
01What Was the Classic Deployment Model (ASM)?Background

Azure Service Manager was Azure's original control plane, in use since the platform's earliest public availability around 2010. "Classic" is the informal name most documentation and engineers use; ASM is the formal one. Every resource you created — a virtual machine, a cloud service, a storage account, a virtual network — was provisioned and managed through the Service Management API, an XML-based API that predates the JSON-and-REST conventions most cloud platforms use today.

  • No resource groups. Resources existed as a flat collection directly under a subscription. There was no native construct for grouping related resources together for lifecycle management or access control.
  • Certificate-based authentication. Management operations were authenticated via management certificates rather than an identity provider — a model that predates the now-standard approach of Microsoft Entra ID-backed identity and role assignment.
  • Coarse access control. Access was essentially binary: an account was either a co-administrator on the subscription (with full control over everything in it) or had no access at all. There was no equivalent of "read-only access to this one resource."
  • Sequential, imperative operations. Deployments were a sequence of individual API calls rather than a declarative description of desired end state — closer to a script than a template.
"Classic" resources are recognizable by their resource type prefix

If you ever encounter a classic resource in the Azure portal, its resource type follows a recognizable pattern — for example Microsoft.ClassicStorage/storageAccounts for a classic storage account, versus Microsoft.Storage/storageAccounts for its ARM equivalent. The word "Classic" (or "ClassicCompute," "ClassicStorage," "ClassicNetwork") in the resource provider namespace is the reliable signal, not just the resource's appearance in the portal.

02What Is Azure Resource Manager (ARM)?Background

Azure Resource Manager is the management layer introduced to replace ASM — not merely a newer API, but a structurally different model for how resources are organized, secured, and deployed. Every interaction with Azure today, regardless of tool — the Azure portal, Azure CLI, Azure PowerShell, the SDKs, Terraform, Bicep — goes through Resource Manager's consistent REST API surface.

  • Resource groups as a first-class construct. Every ARM resource belongs to exactly one resource group, which acts as a lifecycle, access-control, and organizational boundary.
  • Microsoft Entra ID-backed RBAC. Access is governed by role assignments — built-in roles like Owner, Contributor, and Reader, or custom roles — scoped to a management group, subscription, resource group, or individual resource.
  • Declarative deployment. ARM templates (JSON) and Bicep (a more concise DSL that compiles to ARM JSON) describe the desired end state of a set of resources. Resource Manager reconciles current state to that description, deploying resources in parallel where dependencies allow.
  • Tags, locks, and policy. Resources can carry key-value tags for cost tracking and organization, be protected with CanNotDelete or ReadOnly locks, and be governed by Azure Policy definitions enforced at deployment time.
ARM is the foundation Bicep and Terraform build on, not a competing layer

A common point of confusion: Bicep and Terraform aren't alternatives to ARM — they're authoring layers on top of it. Bicep compiles directly to ARM JSON templates. Terraform's AzureRM provider calls the same ARM REST API that the Azure CLI and portal call. There is no path to provisioning Azure resources today that bypasses Resource Manager; the tooling differs, the underlying management plane doesn't.

03Architectural Differences, Side by SideConcept

Every downstream difference between the two models traces back to one architectural decision: ARM inserted a consistent management layer between tools and resources; classic did not. That single choice is what made everything else — resource groups, RBAC, tags, idempotent templates — structurally possible.

AspectClassic (ASM)Azure Resource Manager
Management layerNone — tools called resource-specific APIs somewhat independentlyResource Manager sits between every tool and every resource, uniformly
API formatXML-based Service Management APIJSON-based REST API
Organizing constructFlat list under a subscriptionResource groups within a subscription
Deployment styleImperative — sequential API callsDeclarative — desired-state templates, parallel deployment
IdempotencyNot native — reapplying a script could duplicate or failNative — redeploying an unchanged template is a no-op
04The Complete Comparison TableReference

The single table worth bookmarking — every major dimension classic and ARM differed on, in one place.

CategoryClassic (ASM)Azure Resource Manager
AuthenticationManagement certificatesMicrosoft Entra ID (Azure AD) identities, service principals, managed identities
Access controlCo-administrator or nothing — subscription-wide, all-or-nothingRole-based access control (RBAC), scoped to management group / subscription / resource group / resource
Resource organizationFlat list per subscriptionResource groups — a lifecycle and access-control boundary
TaggingNot supportedNative key-value tags on every resource, for cost tracking and organization
Resource lockingNot supportedCanNotDelete and ReadOnly locks, at any scope
Deployment automationCustom scripts calling sequential API operationsARM JSON templates, Bicep, Terraform — declarative, idempotent, parallelizable
GovernanceNo native policy engineAzure Policy — enforce/audit rules at deployment and runtime
Cost managementNot resource-group-scoped; limited attributionCost Management + tags enable granular cost attribution
NetworkingClassic virtual networks — limited subnet/NSG capabilityFull VNets, subnets, NSGs, service endpoints, private endpoints, peering
StorageClassic storage accounts — single account typeStorage accounts with blob/file/queue/table services, tiers, redundancy options, RBAC per account
ComputeCloud Services (classic), IaaS VMs (classic)Virtual Machines, VM Scale Sets, Cloud Services (extended support), AKS, App Service, Container Apps
API surfaceXML, Service Management APIJSON, REST API — consistent across portal, CLI, PowerShell, SDKs
Current statusRetired August 31, 2024Sole supported deployment model
This table is a common AZ-104 and AZ-305 exam topic

Microsoft's associate and expert-level Azure certifications (particularly AZ-104: Azure Administrator) have historically tested the conceptual distinction between ARM and classic, even well after classic's practical retirement, because the underlying architectural concepts — resource groups, RBAC scope, declarative deployment — are foundational to nearly everything else on the exam. Knowing this table cold is worth the study time independent of whether you'll ever touch an actual classic resource.

05Resource Groups: ARM's Foundational IdeaDeep Dive

If there's one concept that captures what ARM added over classic, it's the resource group — a container that holds related resources for a solution, and the boundary against which most management operations (deployment, access control, deletion, cost tracking) are naturally scoped.

  • Lifecycle grouping. Resources that share a lifecycle — deployed together, retired together — belong in the same resource group. Deleting a resource group deletes everything in it, which makes environment teardown (a dev/test environment, for instance) a single operation instead of a manual resource-by-resource cleanup.
  • Access control boundary. A role assignment at the resource group level applies to every resource inside it, present and future — grant a team Contributor on a resource group, and they can manage everything deployed into it without needing per-resource assignments.
  • Deployment scope. ARM templates and Bicep files typically deploy into a single resource group (though subscription- and management-group-level deployments exist for broader scenarios), making the resource group the natural unit of "one deployable thing."
  • Region-independent container. A resource group has its own region (where its metadata is stored) but can contain resources from any region — a common point of confusion for people expecting the resource group's region to constrain what it can hold.
A resource can only belong to one resource group at a time

Resources can be moved between resource groups (and even between subscriptions, for supported resource types), but at any given moment a resource belongs to exactly one resource group — it isn't a tag-like many-to-many relationship. Design resource group boundaries around genuine lifecycle and access-control groupings (an application's full stack, an environment, a team's resources) rather than around loose thematic categories that don't reflect how the resources are actually managed.

06RBAC, Tags, and Locks: What ARM AddedDeep Dive

Three specific capabilities that classic had no equivalent for at all, not a lesser version — RBAC, tags, and resource locks are structurally new, made possible directly by ARM's management-layer design.

CapabilityWhat it doesClassic equivalent
RBACAssigns built-in or custom roles (defining allowed actions) to identities, scoped to any level of the management hierarchyNone — co-administrator or no access
TagsKey-value metadata attached to resources or resource groups, queryable and usable for cost allocation, automation, and policy targetingNone
Resource locksCanNotDelete prevents deletion while allowing modification; ReadOnly prevents bothNone
Azure PolicyEnforces or audits rules (allowed regions, required tags, allowed SKUs) at deployment time and continuously thereafterNone

The common thread: all four depend on Resource Manager knowing about every resource through a single, consistent interface. Classic's model — where different resource types were managed through somewhat separate mechanisms with no unifying layer — had no natural place to attach a role assignment, a tag, or a policy that would apply consistently regardless of resource type.

07ARM Templates, Bicep, and Infrastructure as CodeDeep Dive

Classic deployment was fundamentally imperative: a script issued a sequence of API calls, each one an instruction ("create this," "attach that"), and getting from empty subscription to running environment meant executing that sequence correctly, in order, with no built-in concept of "what should exist" independent of "what steps got run."

ARM templates flipped this to declarative: a JSON (or Bicep) document describes the desired end state — these resources, with these properties, these relationships — and Resource Manager figures out how to reconcile the current state of the resource group to match it, deploying resources in parallel wherever their dependency graph allows, and safely no-op-ing on a redeploy of an already-matching template.

Bicep — a minimal declarative resource group deployment, for comparisonresource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { name: 'stcontosoprod001' location: resourceGroup().location sku: { name: 'Standard_LRS' } kind: 'StorageV2' tags: { environment: 'production' // tagging - impossible in classic owner: 'platform-team' } } // Redeploying this file with no changes is a safe no-op - idempotent // by design. Classic's imperative scripts had no equivalent guarantee.
This declarative foundation is why Terraform and Pulumi also work on Azure

Because ARM exposes a consistent, well-documented REST API describing resources as structured data rather than a sequence of imperative operations, third-party infrastructure-as-code tools were able to build Azure providers on top of it without needing Microsoft's cooperation beyond API access. Classic's more ad-hoc, XML-based, imperative API surface would have made an equivalent Terraform provider dramatically harder to build and maintain.

08Why and When Classic Was RetiredHistory

Classic's retirement wasn't sudden — it was a multi-year, phased wind-down, with different resource types retiring on different timelines as ARM equivalents matured and adoption grew.

MilestoneDateWhat happened
IaaS VMs (classic) deprecatedFebruary 28, 2020New customers could no longer create classic VMs; existing customers could continue
Classic storage account management deprecated via ASMAugust 31, 2021ARM offered full storage account functionality; classic management path began winding down
IaaS VMs (classic) fully retiredSeptember 6, 2023Any remaining active/allocated classic VMs were stopped and deallocated
New classic storage account creation blockedAugust 16, 2024No more classic storage accounts could be created by anyone
Classic resource providers fully retiredAugust 31, 2024ASM endpoints disabled. Classic resource providers (Cloud Services, Storage, Network, and others) stopped accepting management operations

Microsoft's stated rationale, consistent across its retirement communications, centered on the capability gap: ARM offered simplified resource deployment through a unified management layer, resource grouping for organized access control and monitoring, and — implicitly — a platform that every newer Azure capability (Policy, Cost Management, Managed Identity, Bicep, most PaaS services) was being built to assume, rather than accommodate as a legacy alternative.

By roughly 90% adoption, classic was already a minority workload before retirement

Microsoft's own migration guidance noted that by the time of the IaaS VM retirement announcement, approximately 90% of IaaS VMs on Azure were already running on Azure Resource Manager. The retirement dates formalized an transition that had, for most of Azure's customer base, already substantially happened — which is part of why the final retirement in August 2024 affected a comparatively small, often overlooked population of long-lived subscriptions.

Figure 2 — The phased retirement of classic, 2020 to 2024
A FOUR-YEAR WIND-DOWN, NOT A SINGLE CUTOVERFeb 2020Classic VMsdeprecated fornew customersAug 2021Classic storagemgmt via ASMdeprecatedSep 2023IaaS VMs(classic) fullyretiredAug 31, 2024ALL classic resourceproviders retired.ASM endpoints disabled.(today)ARM has been the sole supported deployment model since August 31, 2024.
Classic's retirement rolled out over roughly four years, resource type by resource type, rather than as a single flag-day cutover — a pattern common to major platform migrations, giving customers a long runway before the final, complete retirement of every remaining classic resource provider.
09Step-by-Step: Checking for Classic Resources TodayHow-To

Because retirement completed in 2024, self-service classic-to-ARM migration tooling for most resource types is no longer operable — the classic resource provider endpoints it depended on are disabled. If you're managing a subscription that's existed since before 2024 and have never audited it, these steps identify whether anything classic remains and what to do if it does.

  1. Check the Azure Advisor Service Retirement workbook

    In the Azure portal, open AdvisorWorkbooksService Retirement. Set the Subscription, Resource Group, and Location filters to All, then review the listed resources. This workbook is Microsoft's own tool for surfacing resources scheduled for or affected by retirement, and it's the fastest way to get a definitive list rather than manually hunting.

  2. List resources filtered by classic resource type prefixes

    Run az resource list --query "[?contains(type, 'Classic')]" -o table against each subscription. Classic resource types consistently include "Classic" in their provider namespace — Microsoft.ClassicStorage, Microsoft.ClassicCompute, Microsoft.ClassicNetwork — making this a reliable, scriptable check across every subscription in a tenant.

  3. Check storage accounts by their Type column specifically

    In the portal, browse to Storage accounts and inspect the Type column for each. An account showing microsoft.classicstorage/storageaccounts is a classic account — distinct from, and requiring different handling than, an ARM-native Microsoft.Storage/storageAccounts resource.

  4. If you find classic remnants, open a support request rather than attempting self-service migration

    Because the classic resource provider endpoints were disabled on August 31, 2024, the self-service migration tooling documented for years (validate/prepare/commit workflows via PowerShell or CLI) generally no longer functions against live classic resources for most resource types. If you discover classic remnants — most commonly leftover classic storage accounts with data, or classic virtual network references — open an Azure support request rather than assuming historical migration documentation is still directly actionable; Microsoft support can advise on current options for the specific resource type and its retirement state.

  5. Audit for classic references in older automation, not just live resources

    Beyond live classic resources, check older PowerShell scripts, Runbooks, or CI/CD pipelines for calls to classic cmdlets (anything with Azure module prefix rather than Az, or explicit Service Management API calls) — these will fail outright now that the endpoints are gone, and it's better to find and retire this dead automation deliberately than to discover it during an unrelated incident when a scheduled job silently starts failing.

Data in fully-retired classic storage accounts was generally preserved, not deleted

Per Microsoft's own retirement communications for classic storage specifically, data within classic storage accounts was preserved through the transition — accounts were migrated to Resource Manager on a rolling schedule rather than having their data destroyed at the retirement date. If you're investigating an old subscription and expecting data loss from the 2024 retirement, that's usually not what happened; the more common outcome is a dual listing (a classic-looking entry and its ARM-migrated counterpart) or a fully-transitioned ARM resource that no longer shows any classic characteristics at all.

Key Takeaways

The core difference is a management layer, not just an API version. ARM inserted Resource Manager between every tool and every resource. Classic had no equivalent unifying layer — which is why resource groups, RBAC, tags, and locks were structurally impossible under it.
Resource groups are ARM's foundational idea. A lifecycle, access-control, and deployment boundary that classic's flat, subscription-wide resource list had no way to express.
RBAC replaced all-or-nothing co-administrator access. Classic's binary access model gave way to granular, scoped, built-in and custom role assignments tied to Microsoft Entra ID identities.
Declarative templates replaced imperative scripts. ARM JSON and Bicep describe desired end state and deploy idempotently in parallel; classic scripts executed sequential API calls with no equivalent guarantee.
Classic was fully retired on August 31, 2024. This isn't a live architectural choice anymore — ARM is Azure's only deployment model, and classic resource provider endpoints are disabled.
If you find classic remnants today, open a support request. Self-service migration tooling built for the classic-to-ARM transition generally no longer functions now that the underlying endpoints are gone.
The concepts remain exam- and interview-relevant regardless. AZ-104 and architecture discussions still reference this comparison because the underlying ideas — resource groups, RBAC scope, declarative deployment — are foundational to how Azure works today.

Frequently Asked Questions

Is the classic deployment model still available on Azure today?
No. Azure Service Manager (the classic deployment model) was fully retired on August 31, 2024. Classic resource provider endpoints were disabled on that date, meaning classic resource providers like Cloud Services (classic), Storage (classic), and Network (classic) stopped accepting management operations entirely. Azure Resource Manager has been the sole supported deployment and management model since that date — there is no current scenario where choosing between ARM and classic is a live architectural decision. If you're reading older documentation, tutorials, or exam prep material that discusses choosing between the two models, treat that framing as historical context rather than a decision you'll actually face today.
What's the single biggest architectural difference between ARM and classic?
Azure Resource Manager introduced a consistent management layer that sits between every tool (portal, CLI, PowerShell, SDKs, Terraform, Bicep) and every resource, whereas classic resources were managed through a more direct, XML-based Service Management API with no equivalent unifying layer. This single architectural choice is what made everything else possible: resource groups (a grouping and access-control boundary), role-based access control (granular permissions instead of all-or-nothing co-administrator access), tags (key-value metadata for cost tracking and organization), resource locks, and Azure Policy all depend on Resource Manager knowing about every resource through one consistent interface — something classic's more fragmented, resource-type-specific management approach had no structural way to support.
How do I know if a resource in my subscription is classic or ARM?
Check the resource's type property. Classic resources have "Classic" in their resource provider namespace — for example, Microsoft.ClassicStorage/storageAccounts for a classic storage account, Microsoft.ClassicCompute/virtualMachines for a classic VM, or Microsoft.ClassicNetwork/virtualNetworks for a classic virtual network — versus their ARM-native equivalents like Microsoft.Storage/storageAccounts, which lack the "Classic" segment entirely. In the Azure portal, this is visible in a resource's overview or, for storage accounts specifically, directly in the Type column of the storage accounts list. Running az resource list --query "[?contains(type, 'Classic')]" against a subscription via Azure CLI is a fast, scriptable way to check across many resources at once.
What happened to my data if I had classic resources when the retirement date passed?
For classic storage accounts specifically, Microsoft's retirement communications were explicit that data was preserved rather than deleted — remaining classic storage accounts were migrated to Azure Resource Manager on a rolling schedule around the retirement date, rather than having their contents destroyed. The more common outcome for a subscription that had classic resources at retirement time is either a completed migration to an ARM-equivalent resource (sometimes visible as two entries with the same name — one classic, one ARM/Storage Resource Provider — which is expected behavior during the transition), or in cases requiring specific handling, a resource in a state that needs direct engagement with Microsoft support to resolve. If you're concerned about a specific subscription, the Azure Advisor Service Retirement workbook and a direct support request are the most reliable ways to get a definitive answer for your situation rather than assuming a particular outcome.

Popular posts from this blog

The Cloud Incumbent: AWS Bedrock Hosts Every Frontier Model and Amazon Is Betting on Neutrality AWS at $37.6 billion quarterly revenue, growing 28%. $13 billion invested in Anthropic. A $100 billion Anthropic-to-AWS commitment. Trainium with $225 billion in customer revenue commitments. The most quietly powerful AI strategy in the race. By Francis Avorgbedor | Azure Engineer  ·  July 4, 2026  ·  14 min read  ·  Amazon · AWS · Cloud AI 74 SEVENAI Momentum Score — Rank #5 $37.6B AWS Q1 2026 revenue — 28% YoY growth ▲ Fastest in 15 quarters $13B Total Amazon investment in Anthropic to date ▲ Strategic anchor 100K+ Customers running Claude on AWS Bedrock ▲ Distribution moat Amazon's AI strategy is built on a thesis that every other Magnificent Seven company is testing against — and that Amazon is uniquely positioned to win regardless of the outcome. The thesis is neutrality. In a race where Microsoft has bet on OpenAI, Google has bet on Gemini, and Meta has bet...
Performance Fix Foundry Local 1.2 Linux ARM64 Embeddings Offline ASR The Edge Latency Drop: Fixing Latency Spikes by Offloading Embeddings to Foundry Local 1.2 You are paying a full cloud round trip — network, TLS, queue, throttle risk — to turn a twelve-word search query into a vector. That is the most expensive way possible to do one of the cheapest computations in your stack. Foundry Local 1.2 now runs on Linux ARM64, which means embeddings and speech recognition can happen on a Raspberry Pi, a Jetson, or a Graviton instance — offline, unmetered, and in single-digit milliseconds. The failure signature this guide resolves # Application Insights — the embedding call, not the LLM, is your tail latency: name p50 p95 p99 calls/day POST /embeddings (cloud) 89 ms 412 ms 3,847 ms 1,240,000 POST /chat/completions (cloud) 940 ms 1,720 ms 2,910 ms 38,000 ^^^^^^^^ ...

How to Reset an Azure Virtual Machine to Factory Settings Using a Managed Disk

How to Reset an Azure Virtual Machine to Factory Settings Using a Managed Disk Azure does not have a single "factory reset" button. What it does have is something better: the OS Disk Swap — a method that swaps out the corrupted or misconfigured OS disk for a clean Windows Server managed disk without deleting the VM, its NICs, its IP addresses, or any attached data disks. Here is how it works, when to use it, and the exact steps to execute it safely. FA Francis Avorgbedor Azure Engineer July 16, 2026 15 min read Azure VMs · Windows Server · Real-World Fix 3 Methods to achieve a clean Windows Server installation on an existing Azure VM ~15min Typical OS Disk Swap duration — VM retains its NICs, IPs, and data disks throughout 0 Data disks affected by an OS Disk Swap — data disks remain attached and untouched 1 Snapshot of the original OS disk you must take before starting — no exceptions Introduction Why Azure Does Not Have a Simple Factory Reset — and What to Do Instead On a ph...

AKS CrashLoopBackOff, Pending Pods, and NotReady Nodes — The Real Fixes Engineers Use

Incident Playbook AKS Kubernetes kubectl 2026 AKS CrashLoopBackOff, Pending Pods, and NotReady Nodes — The Real Fixes Engineers Use Every AKS engineer eventually faces the same nightmare: CrashLoopBackOff at 2am, pods stuck Pending for no clear reason, or nodes flipping to NotReady mid-deployment. The difference between panic and control is knowing the exact diagnostic sequence — and the real fixes that work in production. This guide gives you both. 3 commands get pods, describe pod, and logs diagnose roughly 90% of AKS incidents before you touch anything else Exit 137 The code that means OOMKilled — the container hit its memory limit and was killed by the kernel (128 + SIGKILL 9) Events The bottom of kubectl describe is where the real cause lives — Pending, FailedScheduling, and image errors all surface there CoreDNS The single component behind most "intermittent" production failures — service discovery breaks quietly and looks like an app bug Table of Contents 01 The 3 Comm...
Can I Update My Old Computer to Windows 11 — and How Much Will It Cost? Your i7, 16GB RAM, 512GB SSD machine is powerful enough to run Windows 11 comfortably. The TPM 2.0 and Secure Boot wall is a security checkbox, not a performance ceiling. Here are two proven ways to get past it, what each one costs, and what you are trading away by doing so. $0 Cost of the Windows 11 licence if your existing Windows 10 is genuine — the upgrade remains free in 2026 2 Proven methods to bypass TPM 2.0 and Secure Boot — Rufus (easy) and Registry edit (manual) 25H2 Current Windows 11 version — all known bypass methods tested and confirmed working as of July 2026 Oct 2025 Windows 10 end of life — no more security updates. Staying on Windows 10 now carries real risk. First — Check Your BIOS Before Anything Else You Might Not Actually Need a Bypass Before running any bypass, open your BIOS and look at two settings. Many computers that fail the Windows 11 compatibility check have TPM 2.0 present in the hard...

Top 100 Best AI Tools for Software Engineers and DevOps Professionals in 2026

2026 Edition 100 Tools Software Engineering DevOps AIOps Top 100 Best AI Tools for Software Engineers and DevOps Professionals in 2026 85% of developers now regularly use AI tools. Fully AI-generated code accounts for nearly 28% of all pull requests. The question is no longer whether to use AI tools — it is which ones, in which combination, for which part of the lifecycle. This guide cuts through the noise: 100 tools, 10 categories, honest pricing, real use cases, and a selection framework for building your stack without redundancy. 85% Percentage of developers who now regularly use AI tools, per JetBrains' 2025 State of Developer Ecosystem report — up from near zero three years ago 28% Share of all pull requests containing primarily AI-generated code in 2026 — the metric that signals AI coding assistants have moved from experiment to workflow $50B Cursor's reported valuation in April 2026 Series D talks — the number that signals investor confidence in the AI developer tools ma...

Azure Files vs Azure NetApp Files: Which One Should You Choose?

Azure Files vs Azure NetApp Files: Which One Should You Choose? Performance tiers, protocol support, dual-protocol capability, pricing models, SAP/Oracle/HPC suitability, data management features, and the decision framework that maps each workload type to the right service — with step-by-step setup procedures for both. FA Francis Avorgbedor Azure Engineer July 15, 2026 20 min read Azure Storage · Architecture 4 Azure Files tiers: Premium SSD, Standard Hot, Cool, Tx Optimized 3 ANF performance tiers: Standard, Premium, Ultra — all SSD-backed 4TiB ANF minimum provisioning — significant cost floor for small workloads Dual ANF serves the same data via SMB and NFS simultaneously — AF cannot Introduction Two Services, One Surface Area — Completely Different Purposes Microsoft offers two fully managed, enterprise-grade file storage services in Azure. They share a surface area — both serve file shares over standard protocols, both run on managed infrastructure, and both integrate with Microsof...
Troubleshooting Guide AKS Kubernetes Real Solutions kubectl Azure Kubernetes Service (AKS) Troubleshooting Guide: Real Solutions to Common Problems CrashLoopBackOff at 2am. Pods stuck Pending with no obvious cause. Nodes going NotReady mid-deployment. DNS resolution silently failing in production. Every AKS engineer encounters these — the difference between engineers who panic and engineers who stay calm is knowing the exact sequence of diagnostic commands to run. This guide gives you that sequence, the root cause analysis for each failure mode, and the fix. 3 commands 90% of AKS problems are diagnosed with the same three kubectl commands: describe pod, logs --previous, and get events — in that order, every time Exit 137 The exit code that tells you everything: container killed by SIGKILL — either the Linux OOM killer (memory limit exceeded) or kubelet after grace period expired 5 min The CrashLoopBackOff ceiling: Kubernetes applies exponential backoff (10s → 20s → 40s → 80s → 160s → 3...

How to Deploy an AI Chatbot on Azure Using Azure OpenAI and App Service

Step-by-Step Guide Azure OpenAI App Service Production Python How to Deploy an AI Chatbot on Azure Using Azure OpenAI and App Service From zero to a production-grade AI chatbot: provision Azure OpenAI, write a streaming Flask API backend, deploy it on Azure App Service with Managed Identity, wire in conversation history and content safety, and instrument it with Application Insights — all with complete code and Terraform IaC. No API keys in environment variables. No hardcoded secrets. No half-finished PoC patterns. 7 phases This guide covers the full deployment lifecycle: architecture design → resource provisioning → backend code → App Service deployment → streaming → security → monitoring Zero keys The chatbot authenticates to Azure OpenAI using Managed Identity and DefaultAzureCredential — no API keys stored in environment variables, Key Vault, or code SSE Server-Sent Events stream GPT tokens to the browser as they generate — the same token-by-token typing effect users expect from pr...
Planning Guide Site-to-Site VPN Gateway SKUs BGP & IPsec Azure Site-to-Site VPN Prerequisites: Network Planning, Gateway Requirements, IPsec, and Routing Half of what determines whether a Site-to-Site VPN deployment goes smoothly happens before the gateway exists at all — the subnet size, the SKU, the address space plan, and the ASN choice are all decisions that are painful or impossible to change once traffic is flowing. Get the prerequisites right, and the actual gateway creation is the boring, predictable part. Current status, verified Azure is actively consolidating VPN Gateway SKUs. The Basic SKU and the original VpnGw1–VpnGw5 SKUs are being phased out in favor of zone-redundant AZ SKUs (VpnGw1AZ through VpnGw5AZ), which Microsoft now recommends for all new deployments. After June 2026, Azure will attempt to automatically migrate remaining Standard and High Performance SKU gateways — and that migration can fail outright if the gateway subnet is too small for the target SKU. T...