Slider 1 mini Slider 2 mini

Saturday, 11 July 2026

Filled under:

 

During today’s Hayes BCM activity, a few users reported human-user authentication issues.

The affected access requests had been raised one day before the BCM. As per the current process, the account was created only on the active leader site and had not yet synchronized to the new leader after the switchover.

The users were advised to revoke the previous request and raise a new one so that the account could be created on the current active site.

During switchback, anyone involved or pulled into similar issues should first verify whether the account exists, run the role synchronization, and check again. If the account is no longer present after the switchback, ask the user to raise the TPAC request again.

This is expected process behaviour and not a configuration issue. Please avoid starting configuration troubleshooting unless the above checks have been completed.

Posted By Nikhil07:29
Filled under:

 

Generate a professional meeting summary for this call, suitable for sharing with the team.

First identify the type of meeting, such as Daily Scrum, Backlog Refinement, Iteration Planning, Retrospective, Product Alignment, Engineering Sync, or Dependency Discussion.

Structure the summary as follows:

  1. Meeting Objective
    Briefly state the purpose of the call.

  2. Key Discussion Points
    Group the discussion by topic and capture:

  • Current status or issue discussed
  • Key clarification or input provided
  • Decision or agreed direction
  • Remaining open question or gap
  1. Decisions Made
    List only decisions that were clearly agreed during the call.

  2. Action Items
    Create a table with:

  • Action
  • Owner
  • Target date or ETA, if mentioned
  • Dependency
  • Status
  1. Risks, Blockers and Dependencies
    Capture delivery risks, external dependencies, unclear ownership, technical blockers, or items requiring escalation.

  2. Items for Follow-up
    List topics that need to be revisited in the next call, refinement, planning, or separate technical discussion.

Important:

  • Do not invent owners, deadlines, decisions, or commitments.
  • If an owner or ETA was not confirmed, write “To be confirmed.”
  • Preserve the correct technical terms and product names.
  • Avoid repeating the same point in multiple sections.
  • Keep the summary concise, clear, professional, and action-oriented.
  • Highlight any item that may impact the current iteration or upcoming delivery.

Posted By Nikhil01:21

Friday, 10 July 2026

Filled under:

 https://chatgpt.com/share/6a5104dd-756c-83ec-a355-4906a9cbcdb2

Posted By Nikhil07:43

Thursday, 9 July 2026

Filled under:

 

Below are copy-ready GitLab issue titles and user stories.

1. Change DENY-COS-DBPublicEP assignment to Deny

As a developer,
I want to change the DENY-COS-DBPublicEP policy assignments from Audit to Deny in BA and BARZ,
so that Cosmos DB resources using public endpoints are actively restricted instead of only being reported.


2. Change Deny-COS-DB-ServerlesPrd assignment to Deny

As a developer,
I want to change the Deny-COS-DB-ServerlesPrd policy assignments from Audit to Deny in BA and BARZ,
so that non-compliant serverless Cosmos DB deployments are prevented.


3. Change Cosmos DB naming-policy assignments to Deny

As a developer,
I want to change the Deny-COS-vCoreName and Deny-COS-Name policy assignments from Audit to Deny in BA and BARZ,
so that Cosmos DB resources that do not follow the approved naming standards are blocked.


4. Assign Deny-COS-wo-ZoneRedundant in Audit mode

As a developer,
I want to assign the Deny-COS-wo-ZoneRedundant policy in Audit mode in BARZ,
so that non-zone-redundant Cosmos DB deployments can be identified before enforcement is enabled.


5. Review Cosmos DB backup policies with Murali

As a developer,
I want to confirm the required behavior and rollout scope for Deny-COS-BackupConfig, Modify-COSContBackup, and Modify-COSPeriodicBackup with Murali,
so that the backup policies can be implemented with the correct effects and assignments.


6. Validate and enforce Deny-COS-vCore-create-WOEID

As a developer,
I want to validate the requirement with Murali and change the Deny-COS-vCore-create-WOEID assignments from Audit to Deny in BA and BARZ,
so that non-compliant Cosmos DB vCore creation is prevented after approval.


7. Convert MongoDB vCore HA policy from JSON to Bicep

As a developer,
I want to convert policydefinition_DENY-COS-MongoVCoreDBHA.json to Bicep, rename the policy to DENY-COS-vCoreDBHA-LE, and deploy it in Audit mode in BA and BARZ,
so that the lower-environment HA policy is managed through the standard infrastructure-as-code approach before enforcement.

Follow-up issue for the next iteration

Title: Change DENY-COS-vCoreDBHA-LE assignment to Deny

As a developer,
I want to change the DENY-COS-vCoreDBHA-LE policy assignments from Audit to Deny for lower environments,
so that non-compliant MongoDB vCore HA configurations are actively blocked after audit validation.


8. Enforce MongoDB vCore SKU policy in lower environments

As a developer,
I want to change the deny-cos-vcore-sku-LE policy assignments from Audit to Deny in BA and BARZ for DEV, TEST, and UAT,
so that unsupported MongoDB vCore SKUs cannot be deployed in lower environments.


9. Enforce AMR HA policy in lower environments

As a developer,
I want to change the Deny-AMR-HA-LE policy assignments from Audit to Deny in BA and BARZ for DEV, TEST, and UAT,
so that non-compliant Azure Managed Redis HA configurations are blocked in lower environments.


10. Enforce AMR SKU restriction policy in lower environments

As a developer,
I want to change the Deny-AMR-SKU-Restrict-LE policy assignments from Audit to Deny in BA and BARZ for DEV, TEST, and UAT,
so that only approved Azure Managed Redis SKUs can be deployed in lower environments.


11. Change Deny-AMR-Auto-Update assignment to Deny

As a developer,
I want to change the Deny-AMR-Auto-Update policy assignments from Audit to Deny in BA and BARZ,
so that Azure Managed Redis resources cannot be configured with a non-compliant automatic-update setup.

Please verify the exact policy spellings—particularly ServerlesPrd and WOEID—as I retained them from the engineer’s notes.

Posted By Nikhil23:49
Filled under:

 Policy Governance and Cost Optimization across AMR, Redis, Cosmos DB and DocumentDB: Introduced audit-mode policies to identify HA-enabled instances in dev/test environments and implemented SKU restriction policies for Cosmos DB and Redis in lower environments. These changes provide visibility into unnecessary HA usage, reduce cost exposure from non-standard SKU provisioning, and strengthen governance by ensuring lower environments follow approved configuration standards. Additional AM18 compliance-related policies were also implemented for zone redundancy and private endpoints.

Then the remaining points become:

Azure Cosmos DB Pipeline and Key Vault Migration Enhancements: Enhanced Cosmos DB pipelines to dynamically select agent pools based on the requested region and added pipeline support for Key Vault migration activities. These changes improve pipeline stability, reduce dependency on hardcoded infrastructure, and enable controlled migration of keys from the infra-global subscription to application-owned subscriptions.

MongoDB vCore TPAC Access Enablement: Updated the TPAI pipeline to enable TPAC access for MongoDB vCore Red Zone, ensuring that only authorized TPAC users can execute the pipeline and provide access in a controlled, compliant, and auditable manner.

Posted By Nikhil04:53

Wednesday, 8 July 2026

Filled under:

 Azure Cosmos DB: Application-owned Key Vault enablement for CMK

Application teams can now use their own Key Vault for data-at-rest encryption key management instead of relying on the shared CMK Key Vault flow. This improves ownership, governance, and alignment with a controlled application-owned encryption model.

Posted By Nikhil23:38
Filled under:

 Azure Cosmos DB NoSQL: MIM group enablement for access continuity

Checks are being performed to ensure the required MIM group is available for Cosmos NoSQL APIs. This helps ensure user accounts remain functional and access management continues to work as expected.

Posted By Nikhil23:38