Share via

Unable to login to Azure Managed Grafana (sso.wcde.grafana.azure.com)

Freelancer 5 Reputation points
2025-11-02T08:47:23.1566667+00:00

I have Azure Managed Grafana deployed and I was able to login successfully. I then went ahead and disabled public network access and created a private endpoint.

When I now login using the URL of my Azure Managed Grafana I can prompted to fill in my Entra ID credentials which I do and then I get a screen which says:

"Hmmm… can't reach this page

Check if there is a typo in sso.wcde.grafana.azure.com.

DNS_PROBE_FINISHED_NXDOMAIN"

Does anybody know what the issue is here and how to fix this?

Azure Managed Grafana
Azure Managed Grafana
An Azure service used to deploy Grafana dashboards for analytics and monitoring solutions.
0 comments
Answer accepted by question author
  1. Sandhya Kommineni 2,375 Reputation points Microsoft External Staff Moderator
    2025-11-03T02:39:06.6366667+00:00

    Hello Freelancer,

    Thanks for posting your question in Microsoft Q&A forum

    If you have successfully created an Azure Managed Grafana workspace but can't access the Grafana UI when opening the endpoint URL,

    Check provisioning state

    If you get a page with an error message such as can't reach this page, stating that the page took too long to respond, follow the process below:

    1. In the Azure platform, open your workspace and go to the Overview page. Make sure that the Provisioning State is Succeeded and that all other fields in the Essentials section are populated. If everything seems good, continue to follow the process below. Otherwise, delete and recreate a workspace. Screenshot of the Azure platform. Overview - Essentials.
    2. If you saw several browser redirects and then landed on a generic browser error page as shown above, then it means there's a failure in the backend.
    3. If you have a firewall blocking outbound traffic, allow access to your workspace, to your URL ending in grafana.azure.com, and Microsoft Entra ID.

    When public access is disabled and a private endpoint is created, the Grafana workspace is only accessible from within the virtual network (VNet) or networks that can resolve the private DNS zone.

    The default public DNS name (sso.wcde.grafana.azure.com) will not resolve outside the private network unless you have configured a private DNS zone or DNS forwarding to resolve the private endpoint's FQDN.

    Recommended Approach:

    Configure Private DNS Zone

    • Create a private DNS zone in Azure for grafana.azure.com and link it to your VNet. Add an A record in the private DNS zone that maps the Grafana workspace's FQDN to the private IP address of the private endpoint. This ensures that when you access the Grafana URL from within the VNet, it resolves to the private endpoint IP.​

    Verify Private Endpoint Configuration

    • In the Azure portal, go to your Grafana workspace > Networking > Private Endpoint. Confirm that the private endpoint is properly created and linked to your VNet. Check the network interface associated with the private endpoint for the correct FQDN and private IP.​

    Test DNS Resolution

    • From a VM within the VNet, try to resolve the Grafana workspace's FQDN using nslookup or dig to confirm it resolves to the private IP. If it does not resolve, double-check the private DNS zone configuration and ensure the VNet is linked to the zone.​

    Access from On-Premises or Other Networks

    • If you need to access Grafana from outside the VNet (e.g., on-premises), configure DNS forwarding or use a VPN/ExpressRoute to connect to the VNet and resolve the private DNS zone.​ If you are using Entra ID (Azure AD) for authentication, ensure that the authentication endpoints (like login.microsoftonline.com) are also accessible from your network, as authentication flows may require outbound internet access or DNS resolution for those domains.​

    If you are testing, you can temporarily add an entry in your local hosts file to map the Grafana FQDN to the private IP, but this is not recommended for production.​

    By following these steps, you should be able to resolve the DNS issue and access your Azure Managed Grafana workspace via the private endpoint.

    Refer document:

    I hope the provided answer is helpful, do let me know if you have any further questions on this Please accept as Yes & upvote if the answer is helpful so that it can help others in the community.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Freelancer 5 Reputation points
    2025-11-14T09:59:39.2933333+00:00

    The issue was with reaching sso.wcde.grafana.azure.com. By default the private DNS zone for Grafana does not allow 'Fallback to Internet', it's not enabled, but sso.wcde.grafana.azure.com is actually 20.218.190.100. As soon as I enabled 'Fallback to Internet' I could login successfully.

    Thank you very much for your help. The issue can be closed.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.