-#Customer intent: As a developer or IT administrator, I want to use API connectors to integrate your sign-up user flows with REST APIs.

-#Customer intent: As a developer, I want to register a Microsoft Graph application, so that I can automate tenant management tasks in my Azure AD B2C by using Microsoft Graph API.

-#Customer intent: As a developer, I want to manage resources in my Azure AD B2C tenant by calling the Microsoft Graph API and using an application identity to automate the process.

-> This article is designed to work with the [Azure OpenAI Service legacy models](/azure/ai-services/openai/concepts/legacy-models) like `Text-Davinci-003`, which support prompt-based completions. Newer models like the current `GPT-3.5 Turbo` and `GPT-4` model series are designed to work with the new chat completion API that expects a specially formatted array of messages as input.

-> The Azure OpenAI SynapseML integration supports the latest models via the [OpenAIChatCompletion()](https://github.com/microsoft/SynapseML/blob/0836e40efd9c48424e91aa10c8aa3fbf0de39f31/cognitive/src/main/scala/com/microsoft/azure/synapse/ml/cognitive/openai/OpenAIChatCompletion.scala#L24) transformer, which isn't demonstrated in this article. After the [release of the GPT-3.5 Turbo Instruct model](https://techcommunity.microsoft.com/t5/azure-ai-services-blog/announcing-updates-to-azure-openai-service-models/ba-p/3866757), the newer model will be the preferred model to use with this article.

-### Improve throughput with request batching

-In the `OpenAICompletion` object definition, you specify the `"batchPrompt"` value to configure the dataframe to use a **batchPrompt** column. Create the dataframe with a list of prompts for each row.

-> [!NOTE]

-> There's currently a limit of 20 prompts in a single request and a limit of 2048 tokens, or approximately 1500 words.

-> [!NOTE]

-> The syllable group, phoneme name, and spoken phoneme of pronunciation assessment are currently only available for the en-US locale. For information about availability of pronunciation assessment, see [supported languages](language-support.md?tabs=pronunciation-assessment) and [available regions](regions.md#speech-service).

-For the `en-US` locale, the phoneme name is provided together with the score, to help identify which phonemes were pronounced accurately or inaccurately. For other locales, you can only get the phoneme score.

-The table in this section summarizes the 24 locales supported for pronunciation assessment, and each language is available on all [Speech to text regions](regions.md#speech-service). Latest update extends support from English to 23 additional languages and quality enhancements to existing features, including accuracy, fluency and miscue assessment. You should specify the language that you're learning or practicing improving pronunciation. The default language is set as `en-US`. If you know your target learning language, [set the locale](how-to-pronunciation-assessment.md#get-pronunciation-assessment-results) accordingly. For example, if you're learning British English, you should specify the language as `en-GB`. If you're teaching a broader language, such as Spanish, and are uncertain about which locale to select, you can run various accent models (`es-ES`, `es-MX`) to determine the one that achieves the highest score to suit your specific scenario.

- Yes, you can. If there's a failure during the migration process, the instance will automatically roll back to the stv1 platform. However, if you encounter any other issues post migration, you can roll back only if you have requested an extension to the old gateway purge. By default, the old gateway is purged in 15 mins that can be extended up to 48 hours by contacting support in advance. You should make sure to contact support before the old gateway is purged, if a rollback is required. Note to contact support if the instance is stuck in an "Updating" status for more than 2 hours.

-| tenant-id | Tenant ID or URL of the Microsoft Entra service. Policy expressons are allowed.| Yes | N/A |

-> - Details about Health check on Function Apps can be found here: [Monitor function apps using Health check](/azure-functions/configure-monitoring?tabs=v2#monitor-function-apps-using-health-check).

-> | workspaces / batchEndpoints | Yes | Yes |

-> Workspace tags don't propagate to compute clusters and compute instances.

-<a name="ultra-disk-backup">Ultra disks</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#ultra-disk-limitations). <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/1GLRnNCntU). <br><br> - Configuration of Ultra disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Ultra disks. <br><br> - GRS type vaults cannot be used for enabling backup.

-<a name="premium-ssd-v2-backup">Premium SSD v2</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#regional-availability). <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/h56TpTc773). <br><br> - Configuration of Premium v2 disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Premium v2 disks. <br><br> - GRS type vaults cannot be used for enabling backup.

-<tr><td><code>$unionWith</code></td><td><img src="media/compatibility/yes-icon.svg" alt="Yes">Yes</td></tr>

-If you have an [Azure for Students Starter account](https://azure.microsoft.com/offers/ms-azr-0144p/) and are eligible for an [Azure free account](https://azure.microsoft.com/free/), you can upgrade to it to a [Azure free account](https://azure.microsoft.com/free/). You get $200 Azure credit in your billing currency and 12 months of free services on upgrade. If you don't qualify for a free account, you can upgrade to [pay-as-you-go rates](https://azure.microsoft.com/offers/ms-azr-0003p/) with a [support request](https://go.microsoft.com/fwlink/?linkid=2083458).

-| What permissions do I need to perform onboarding? | You need one of these Microsoft Entra roles: Security Admin, Contributor, Owner on the subscription level (where the GCP project/s reside in). For consuming the security findings: Security Reader, Security Admin, Reader, Contributor, Owner on the subscription level (where the GCP project/s reside). |

-# Alerts and incidents in Microsoft Defender XDR (Preview)

-Microsoft Defender for Cloud is now integrated with Microsoft Defender XDR (Preview). This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender Portal. This integration provides richer context to investigations that span cloud resources, devices, and identities.

-## Integrate with Microsoft Defender XDR (Preview)

-# Overview of Microsoft Defender for Cloud DevOps Security

-These features help unify, strengthen, and manage multi-pipeline DevOps resources.

-DevOps security in Defender for Cloud allow you to manage your connected environments and provide your security teams with a high-level overview of issues discovered in those environments through the [DevOps security console](https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/DevOpsSecurity).

- - `On` - Advanced security is enabled.

- - `Off` - Advanced security is not enabled.

- - `Partially enabled` - Certain Advanced security features is not enabled (for example, code scanning is off).

- - `N/A` - Defender for Cloud doesn't have information about enablement.

-

- - `On` - PR annotations are enabled.

- - `Off` - PR annotations aren't enabled.

- - `N/A` - Defender for Cloud doesn't have information about enablement.

-

-description: Learn how to stream your security alerts to Microsoft Sentinel, third-party SIEMs, SOAR, or ITSM solutions

-# Stream alerts to a SIEM, SOAR, or IT Service Management solution

-Microsoft Defender for Cloud can stream your security alerts into the most popular Security Information and Event Management (SIEM),

-Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions.

-Security alerts are notifications that Defender for Cloud generates when it detects threats on your resources.

-Defender for Cloud prioritizes and lists the alerts, along with the information needed for you to quickly investigate the problem.

-Defender for Cloud also provides detailed steps to help you remediate attacks.

-Alerts data is retained for 90 days.

-There are built-in Azure tools for ensuring you can view your alert data in all of the most popular solutions in use today, including:

-## Stream alerts to Microsoft Sentinel

-Defender for Cloud natively integrates with Microsoft Sentinel, Azure's cloud-native SIEM and SOAR solution.

-[Learn more about Microsoft Sentinel](../sentinel/overview.md).

-Microsoft Sentinel includes built-in connectors for Microsoft Defender for Cloud at the subscription and tenant levels:

-When you connect Defender for Cloud to Microsoft Sentinel, the status of Defender for Cloud alerts that get ingested into Microsoft Sentinel is synchronized between the two services. So, for example, when an alert is closed in Defender for Cloud, that alert is also shown as closed in Microsoft Sentinel. If you change the status of an alert in Defender for Cloud, the status of the alert in Microsoft Sentinel is also updated, but the statuses of any Microsoft Sentinel **incidents** that contain the synchronized Microsoft Sentinel alert aren't updated.

-You can enable the **bi-directional alert synchronization** feature to automatically sync the status of the original Defender for Cloud alerts with Microsoft Sentinel incidents that contain the copies of those Defender for Cloud alerts. So, for example, when a Microsoft Sentinel incident that contains a Defender for Cloud alert is closed, Defender for Cloud automatically closes the corresponding original alert.

-Learn more in [Connect alerts from Microsoft Defender for Cloud](../sentinel/connect-azure-security-center.md).

-The export of security alerts to Splunk and QRadar uses Event Hubs and a built-in connector.

-You can either use a PowerShell script or the Azure portal to set up the requirements for exporting security alerts for your subscription or tenant.

-Then youΓÇÖll need to use the procedure specific to each SIEM to install the solution in the SIEM platform.

- - Write permissions for event hubs and the Event Hub Policy

-### Step 1: Set up the Azure services

- Download and run [the PowerShell script](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/3rd%20party%20SIEM%20integration).

- Enter the required parameters and the script performs all of the steps for you.

- When the script finishes, it outputs the information youΓÇÖll use to install the solution in the SIEM platform.

- Here's an overview of the steps you'll do in the Azure portal:

- 1. Create an Event Hubs namespace and event hub.

- 2. Define a policy for the event hub with ΓÇ£SendΓÇ¥ permissions.

- 3. **If you're streaming alerts to QRadar** - Create an event hub "Listen" policy, then copy and save the connection string of the policy that youΓÇÖll use in QRadar.

- 4. Create a consumer group, then copy and save the name that youΓÇÖll use in the SIEM platform.

- 5. Enable continuous export of security alerts to the defined event hub.

- 6. **If you're streaming alerts to QRadar** - Create a storage account, then copy and save the connection string to the account that youΓÇÖll use in QRadar.

- 7. **If you're streaming alerts to Splunk**:

- 1. Create a Microsoft Entra application.

- 2. Save the Tenant, App ID, and App password.

- 3. Give permissions to the Microsoft Entra Application to read from the event hub you created before.

- For more detailed instructions, see [Prepare Azure resources for exporting to Splunk and QRadar](export-to-splunk-or-qradar.md).

-### Step 2: Connect the event hub to your preferred solution using the built-in connectors

-To stream alerts into **ArcSight**, **SumoLogic**, **Syslog servers**, **LogRhythm**, **Logz.io Cloud Observability Platform**, and other monitoring solutions, connect Defender for Cloud using continuous export and Azure Event Hubs:

-1. Enable [continuous export](continuous-export.md) to stream Defender for Cloud alerts into a dedicated event hub at the subscription level. To do this at the Management Group level using Azure Policy, see [Create continuous export automation configurations at scale](continuous-export.md?tabs=azure-policy#configure-continuous-export-at-scale-using-the-supplied-policies).

-2. Connect the event hub to your preferred solution using the built-in connectors:

-3. Optionally, stream the raw logs to the event hub and connect to your preferred solution. Learn more in [Monitoring data available](../azure-monitor/essentials/stream-monitoring-data-event-hubs.md#monitoring-data-available).

-## Use the Microsoft Graph Security API to stream alerts to third-party applications

-As an alternative to Microsoft Sentinel and Azure Monitor, you can use Defender for Cloud's built-in integration with [Microsoft Graph Security API](/graph/security-concept-overview/). No configuration is required.

-You can use this API to stream alerts from your **entire tenant** (and data from many Microsoft Security products) into third-party SIEMs and other popular platforms:

-To continue setting up export of alerts, [install the built-in connectors](export-to-siem.md#step-2-connect-the-event-hub-to-your-preferred-solution-using-the-built-in-connectors) for the SIEM you're using.

-## Integrate with Microsoft Defender XDR (Preview)

-## Integrate with Microsoft Defender XDR (Preview)

-## Integrate with Microsoft Defender XDR (Preview)

-| Running container images should have vulnerability findings resolved (powered by Qualys) | Azure running container images should have vulnerabilities resolved - (powered by Qualys) | Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | 41503391-efa5-47ee-9282-4eff6131462 |

-|Running container images should have vulnerability findings resolved (powered by Qualys)|Azure running container images should have vulnerabilities resolved - (powered by Qualys)|Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.|41503391-efa5-47ee-9282-4eff6131462|

-|Running container images should have vulnerability findings resolved (powered by Qualys)|Azure running container images should have vulnerabilities resolved - (powered by Qualys)|Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.|41503391-efa5-47ee-9282-4eff6131462|

-the page, [Differences between Windows PowerShell 5.1 and PowerShell 7.x][https://learn.microsoft.com/powershell/scripting/whats-new/differences-from-windows-powershell?view=powershell-7.4].

-[07]: /powershell/gallery/how-to/working-with-local-psrepositories

- Red Hat Enterprise Linux | 5.1, 5.3, 5.11, 6.x, 7.x, 8.x

-**Linux servers:**

-**Windows servers:**

- sudo ./install -r MS -q

-2. In **Replicate**, > **Source settings** > **Are your machines virtualized?**, select **Not virtualized/Other**.

-5. In **Guest credentials**, please select the dummy account created previously during the [replication installer setup](#download-the-replication-appliance-installer) to install the Mobility service manually (push install is not supported). Then click **Next: Virtual machines**.

-10. In **Cache storage account**, keep the default option to use the cache storage account that is automatically created for the project. Use the drop down if you'd like to specify a different storage account to use as the cache storage account for replication. <br/>

-## Create a Azure Database for MySQL flexible server instance

-1. The Microsoft Defender Threat Intelligence widget should fetch the data automatically if you have the relevant Microsoft Defender Threat Intelligence license. There is no need for credentials.

-1. You can check if you have the relevant license, and if necessary, purchase it, at the [Microsoft Defender Threat Intelligence official website](https://www.microsoft.com/security/business/siem-and-xdr/microsoft-defender-threat-intelligence).

-1. Select the **Microsoft Sentinel for SAP** connector and select **Open connector**.

-1. In the **Configuration > Configure an SAP system and assign it to a collector agent** area, you can view information on the health of your SAP systems. Learn how to [add new SAP systems](sap/deploy-data-connector-agent-container.md).

- The following table describes the different fields in the **Configure an SAP system and assign it to a collector agent** area.

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal |

-|-|::|::|::|::|

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| | -- | | - | -- |

-| .NET | | |  | |

-| Java | | |  | |

-| Java - Spring Boot | | |  | |

-| Node.js | | |  | |

-| Python | | |  | |

-| None | | |  | |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| | - | - | - | - |

-| .NET |  |  |  |  |

-| Go |  |  |  |  |

-| Java |  |  |  |  |

-| Java - Spring Boot | | |  | |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| | - | - | - | - |

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Java - Spring Boot | | |  | |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| Go |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-|-|--|--|--|--|

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Node.js |  |  |  |  |

-| PHP |  |  |  |  |

-| Python |  |  |  |  |

-| Go |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-|--|--|--|--|--|

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Java - Spring Boot |  |  |  |  |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| Go |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-|--|--|--|--|--|

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| Go |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-||::|::|::|::|

-| .NET |  |  |  |  |

-| Go |  |  |  |  |

-| Java |  |  |  |  |

-| Java - Spring Boot |  |  |  |  |

-| Kafka - Spring Boot |  |  |  |  |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-|--|--|--|-|--|

-| .NET |  |  | |  |

-| Java |  |  | |  |

-| Java - Spring Boot |  |  | |  |

-| Node.js |  |  | |  |

-| Python |  |  | |  |

-| None |  |  | |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal |

-| - | :--: | :--: | :--: | :--: |

-| .NET |  |  |  |  |

-| Go (go-sql-driver for mysql) |  |  |  |  |

-| Java (JDBC) |  |  |  |  |

-| Java - Spring Boot (JDBC) |  |  |  |  |

-| Node.js (mysql) |  |  |  |  |

-| Python (mysql-connector-python) |  |  |  |  |

-| Python-Django |  |  |  |  |

-| PHP (MySQLi) |  |  |  |  |

-| Ruby (mysql2) |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal |

-| - | :--: | :--: | :--: | :--: |

-| .NET |  |  |  |  |

-| Go (pg) |  |  |  |  |

-| Java (JDBC) |  |  |  |  |

-| Java - Spring Boot (JDBC) |  |  |  |  |

-| Node.js (pg) |  |  |  |  |

-| PHP (native) |  |  |  |  |

-| Python (psycopg2) |  |  |  |  |

-| Python-Django |  |  |  |  |

-| Ruby (ruby-pg) |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| | -- | | - | -- |

-| .NET | | |  | |

-| Go | | |  | |

-| Java | | |  | |

-| Java - Spring Boot | | |  | |

-| Node.js | | |  | |

-| Python | | |  | |

-| None | | |  | |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal |

-|--|::|::|::|::|

-| .NET |  |  |  |  |

-| Go |  |  |  |  |

-| Java |  |  |  |  |

-| Java - Spring Boot |  |  |  |  |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-|-|--|--|--|--|

-| .NET |  |  |  |  |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal |

-| | :--: | :--: | :--: | :--: |

-| .NET |  |  |  |  |

-| Go | | |  | |

-| Java |  |  |  |  |

-| Java - Spring Boot |  |  |  |  |

-| Node.js |  |  |  |  |

-| PHP | | |  | |

-| Python |  |  |  |  |

-| Python - Django | | |  | |

-| Ruby | | |  | |

-| None |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| | - | - | - | - |

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Java - Spring Boot | | |  | |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| Go |  |  |  |  |

-| None |  |  |  |  |

-| Client Type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| | -- | | - | -- |

-| .NET | | |  | |

-| Java | | |  | |

-| Java - Spring Boot | | |  | |

-| Node.js | | |  | |

-| Python | | |  | |

-| PHP | | |  | |

-| Ruby | | |  | |

-| None | | |  | |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| | - | - | - | - |

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Java - Spring Boot | | |  | |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal |

-| -- | - | - | - | - |

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal |

-|-|::|::|::|::|

-| .NET |  |  |  |  |

-| Java |  |  |  |  |

-| Node.js |  |  |  |  |

-| Python |  |  |  |  |

-| Target resource | System assigned managed identity | User assigned managed identity | Connection string | Service principal |

-| -- | - | - | - | - |

-| App Configuration |  |  |  |  |

-| Azure SQL |  | |  | |

-| Azure Cache for Redis | | |  | |

-| Azure Cache for Redis Enterprise | | |  | |

-| Azure Cosmos DB - Cassandra |  |  |  |  |

-| Azure Cosmos - Gremlin |  |  |  |  |

-| Azure Cosmos DB for MongoDB |  |  |  |  |

-| Azure Cosmos Table |  |  |  |  |

-| Azure Cosmos - SQL |  |  |  |  |

-| Blob Storage |  |  |  |  |

-| Confluent Cloud | | |  | |

-| Event Hubs |  |  |  |  |

-| Keyvault |  |  | |  |

-| MySQL single server |  | | | |

-| MySQL flexible server |  | |  | |

-| Postgres single server |  | |  | |

-| Postgres, flexible server |  | |  | |

-| Storage Queue |  |  |  |  |

-| Storage File | | |  | |

-| Storage Table | | |  | |

-| Service Bus |  |  |  |  |

-| SignalR |  |  |  |  |

-| WebPub Sub |  |  |  |  |

-> Enabling Trusted launch on existing virtual machines (VMs) is currently not supported for following scenarios:

-> - Azure Generation 1 VMs is currently not supported.

-> - Azure Virtual Machine Scale Sets (VMSS) Uniform & Flex are currently not supported.