Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
active-directory-b2c | Aad Sspr Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/aad-sspr-technical-profile.md | +#Customer intent: As a developer using Azure AD B2C, I want to define a Microsoft Entra ID self-service password reset technical profile. # Define a Microsoft Entra ID SSPR technical profile in an Azure AD B2C custom policy |
active-directory-b2c | Access Tokens | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/access-tokens.md | +#Customer intent: As a developer integrating Azure Active Directory B2C with a web application and web API, I want to understand how to request an access token, so that I can authenticate and authorize users to access my APIs securely. + # Request an access token in Azure Active Directory B2C |
active-directory-b2c | Active Directory Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/active-directory-technical-profile.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to define a technical profile for Microsoft Entra user management, so that I can interact with a claims provider that supports the standardized protocol and perform operations like reading, writing, and deleting user accounts. + # Define a Microsoft Entra technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Add Native Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-native-application.md | +#Customer intent: As a developer integrating Azure Active Directory B2C with a native client application, I want to register the client resources in my tenant, so that my application can communicate with Azure Active Directory B2C. + # Add a native client application to your Azure Active Directory B2C tenant |
active-directory-b2c | Add Password Change Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-password-change-policy.md | +#Customer intent: As an Azure AD B2C administrator, I want to set up a password change flow using custom policies, so that users can change their passwords without email verification, improving the user experience and security. + # Set up password change by using custom policies in Azure Active Directory B2C |
active-directory-b2c | Add Profile Editing Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-profile-editing-policy.md | +#Customer intent: As a developer integrating Azure Active Directory B2C into my application, I want to set up a profile editing flow, so that users can manage their profile attributes such as display name, surname, given name, and city. + # Set up a profile editing flow in Azure Active Directory B2C |
active-directory-b2c | Add Ropc Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-ropc-policy.md | |
active-directory-b2c | Add Sign In Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-sign-in-policy.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to set up a sign-in flow with a sign-in policy, so that users can sign in with a local or social account and reset their passwords. + # Set up a sign-in flow in Azure Active Directory B2C |
active-directory-b2c | Add Web Api Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-web-api-application.md | +#Customer intent: As a developer integrating a web API with Azure Active Directory B2C, I want to register my application in the Azure portal, so that it can accept and respond to requests from client applications with access tokens. + # Add a web API application to your Azure Active Directory B2C tenant |
active-directory-b2c | Age Gating | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/age-gating.md | +#Customer intent: As an application developer or administrator using Azure Active Directory B2C, I want to enable age gating in my user flow, so that I can identify and manage minors accessing my application based on their age and consent status. + # Enable age gating in Azure Active Directory B2C |
active-directory-b2c | Analytics With Application Insights | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/analytics-with-application-insights.md | +#Customer intent: As a developer using Azure AD B2C, I want to track user behavior by sending event data to Application Insights, so that I can gain insights on user behavior, troubleshoot policies, measure performance, and create notifications. + # Track user behavior in Azure AD B2C by using Application Insights |
active-directory-b2c | Api Connector Samples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/api-connector-samples.md | +#Customer intent: As a developer integrating web APIs into user flows using API connectors, I want to access code samples that use API connectors, so that I can easily implement functionality such as fraud and abuse protection, identity verification, and invitation codes in my applications. + # API connector REST API samples |
active-directory-b2c | Api Connectors Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/api-connectors-overview.md | description: Use Microsoft Entra API connectors to customize and extend your use Previously updated : 12/13/2023 Last updated : 01/11/2024 -#Customer intent: As a developer or IT administrator, I want to use API connectors to integrate your sign-up user flows with REST APIs. +#Customer intent: As a developer or IT administrator, I want to use API connectors to integrate sign-up user flows with REST APIs. + # Use API connectors to customize and extend sign-up user flows and custom policies with external identity data sources |
active-directory-b2c | App Registrations Training Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/app-registrations-training-guide.md | +#Customer intent: As an Azure AD B2C user, I want to understand the new App registrations experience, so that I can manage all my app registrations in one place and take advantage of new features like unified app list, API permissions, and support for different account types. + # The new App registrations experience for Azure Active Directory B2C |
active-directory-b2c | Application Types | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/application-types.md | +#Customer intent: As a developer building an application that requires user authentication, I want to understand the different types of applications that can be used with Azure Active Directory B2C, so that I can choose the appropriate authentication method for my application. + # Application types that can be used in Active Directory B2C |
active-directory-b2c | Authorization Code Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/authorization-code-flow.md | |
active-directory-b2c | Azure Monitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/azure-monitor.md | +#Customer intent: As an Azure AD B2C administrator, I want to monitor sign-in and auditing logs using Azure Monitor, so that I can route the logs to different monitoring solutions and gain insights into my environment. + # Monitor Azure AD B2C with Azure Monitor |
active-directory-b2c | B2clogin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2clogin.md | +#Customer intent: As an Azure AD B2C application developer, I want to update the redirect URLs in my identity provider's applications to reference b2clogin.com or a custom domain, so that I can authenticate users with Azure AD B2C using the updated endpoints and policies. + # Set redirect URLs to b2clogin.com for Azure Active Directory B2C |
active-directory-b2c | Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/best-practices.md | +#Customer intent: As an application developer integrating Azure Active Directory B2C, I want recommendations and best practices for integrating Azure AD B2C into my application environment, so that I can ensure a secure and efficient integration with Azure AD B2C. + # Recommendations and best practices for Azure Active Directory B2C |
active-directory-b2c | Billing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/billing.md | +#Customer intent: As a business decision maker managing an Azure AD B2C tenant, I want to understand the billing model based on monthly active users (MAU), so that I can determine the cost and pricing structure for my Azure AD B2C tenant. + # Billing model for Azure Active Directory B2C |
active-directory-b2c | Boolean Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/boolean-transformations.md | +#Customer intent: As a developer working with Azure Active Directory B2C, I want to understand how to use boolean claims transformations, so that I can manipulate and evaluate boolean claims in my application. + # Boolean claims transformations |
active-directory-b2c | Buildingblocks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/buildingblocks.md | +#Customer intent: As a developer creating a custom policy for Azure Active Directory B2C, I want to understand the structure and elements of the BuildingBlocks section, so that I can properly define the necessary components for my custom policy. + # BuildingBlocks |
active-directory-b2c | Claim Resolver Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claim-resolver-overview.md | +#Customer intent: As a developer using Azure Active Directory B2C custom policies, I want to understand how to use claim resolvers in my technical profiles, so that I can provide context information about authorization requests and populate claims with dynamic values. + # About claim resolvers in Azure Active Directory B2C custom policies |
active-directory-b2c | Claims Transformation Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claims-transformation-technical-profile.md | +#Customer intent: As a developer working with Azure Active Directory B2C custom policies, I want to define a claims transformation technical profile, so that I can manipulate claims values, validate claims, or set default values for a set of output claims. + # Define a claims transformation technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Claimsproviders | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claimsproviders.md | +#Customer intent: As a developer integrating with Azure Active Directory B2C, I want to understand how claims providers work and how to configure their technical profiles, so that I can communicate with different parties and leverage their capabilities. + # ClaimsProviders |
active-directory-b2c | Claimsschema | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claimsschema.md | +#Customer intent: As a policy administrator or developer, I want to understand the structure and attributes of the ClaimsSchema element, so that I can define and manage claim types in the policy effectively. + # ClaimsSchema |
active-directory-b2c | Claimstransformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claimstransformations.md | +#Customer intent: As a developer creating custom policies in Azure Active Directory B2C, I want to understand how to use claims transformations, so that I can convert and manipulate claims in user journeys. + # ClaimsTransformations |
active-directory-b2c | Client Credentials Grant Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/client-credentials-grant-flow.md | +#Customer intent: As a developer, I want to set up OAuth 2.0 client credentials flow in Azure Active Directory B2C, so that I can authenticate my app and call web resources without user interaction. + # Set up OAuth 2.0 client credentials flow in Azure Active Directory B2C |
active-directory-b2c | Conditional Access Identity Protection Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/conditional-access-identity-protection-overview.md | description: Learn how Identity Protection gives you visibility into risky sign- Previously updated : 11/23/2021 Last updated : 01/11/2024 +++#Customer intent: As an Azure AD B2C application owner, I want to enhance the security of my applications by using Identity Protection and Conditional Access, so that I can detect and respond to risky authentications and enforce organizational policies. + # Identity Protection and Conditional Access for Azure AD B2C |
active-directory-b2c | Conditional Access Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/conditional-access-technical-profile.md | +#Customer intent: As an Azure AD B2C administrator, I want to define a Conditional Access technical profile in a custom policy, so that I can automate risk assessment and enforce organizational policies for sign-ins, including blocking access and challenging users with multi-factor authentication. + # Define a Conditional Access technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Conditional Access User Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/conditional-access-user-flow.md | description: Learn how to add Conditional Access to your Azure AD B2C user flows Previously updated : 04/10/2022- Last updated : 01/11/2024 zone_pivot_groups: b2c-policy-type+++#Customer intent: As an Azure AD B2C administrator, I want to add Conditional Access to user flows, so that I can manage risky sign-ins to my applications and enforce organizational policies based on risk assessment. + # Add Conditional Access to user flows in Azure Active Directory B2C |
active-directory-b2c | Configure A Sample Node Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-a-sample-node-web-app.md | +#Customer intent: As a developer, I want to configure authentication in a Node.js web application using Azure Active Directory B2C, so that I can enable users to sign in, sign out, update profile, and reset password using Azure AD B2C user flows. + # Configure authentication in a sample Node.js web application by using Azure Active Directory B2C |
active-directory-b2c | Configure Authentication In Azure Static App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-static-app.md | +#Customer intent: As a developer building an Azure Static Web App, I want to configure authentication using Azure AD B2C, so that users can sign up, sign in, and reset their passwords securely. + # Configure authentication in an Azure Static Web App by using Azure AD B2C |
active-directory-b2c | Configure Authentication In Azure Web App File Based | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-web-app-file-based.md | +#Customer intent: As a web app developer, I want to configure Azure AD B2C authentication in my Azure Web App, so that users can securely sign in to the app using their Azure AD B2C credentials. + # Configure authentication in an Azure Web App configuration file by using Azure AD B2C |
active-directory-b2c | Configure Authentication In Azure Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-web-app.md | +#Customer intent: As a web app developer, I want to configure Azure AD B2C authentication in my Azure Web App, so that users can securely sign in to the app using their Azure AD B2C credentials and access protected resources. + # Configure authentication in an Azure Web App by using Azure AD B2C |
active-directory-b2c | Configure Authentication In Sample Node Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-sample-node-web-app-with-api.md | +#Customer intent: As a developer, I want to configure authentication in a Node.js web API using Azure Active Directory B2C, so that I can protect the web API with token-based authentication and ensure that requests are accompanied by a valid access token. + # Configure authentication in a sample Node.js web API by using Azure Active Directory B2C |
active-directory-b2c | Configure Authentication Sample Android App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-android-app.md | +#Customer intent: As a mobile app developer, I want to configure Azure AD B2C authentication in my Android app, so that I can securely sign users in and access protected web APIs. + # Configure authentication in a sample Android app by using Azure AD B2C |
active-directory-b2c | Configure Authentication Sample Angular Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md | +#Customer intent: As a developer building an Angular single-page application, I want to configure authentication using Azure Active Directory B2C, so that I can securely sign in users to my application and call a protected web API. + # Configure authentication in a sample Angular single-page application by using Azure Active Directory B2C |
active-directory-b2c | Configure Authentication Sample Ios App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-ios-app.md | +#Customer intent: As an iOS app developer, I want to configure authentication in my app using Azure AD B2C, so that I can securely sign users in and out, acquire tokens, and validate them for accessing protected resources. + # Configure authentication in a sample iOS Swift app by using Azure AD B2C |
active-directory-b2c | Configure Authentication Sample Python Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-python-web-app.md | +#Customer intent: As a Python web app developer, I want to configure Azure AD B2C authentication in my web application, so that I can securely sign users in and add authentication and authorization support to my app. + # Configure authentication in a sample Python web app by using Azure AD B2C |
active-directory-b2c | Configure Authentication Sample React Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-react-spa-app.md | +#Customer intent: As a developer building a React single-page application, I want to configure authentication using Azure Active Directory B2C, so that I can securely sign in users to my application and call a protected web API. + # Configure authentication in a sample React single-page application by using Azure Active Directory B2C |
active-directory-b2c | Configure Authentication Sample Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-spa-app.md | +#Customer intent: As a developer building a single-page application, I want to configure Azure AD B2C authentication in my application, so that users can sign up, sign in, and access protected resources using the OIDC PKCE flow. + # Configure authentication in a sample single-page application by using Azure AD B2C |
active-directory-b2c | Configure Authentication Sample Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-web-app-with-api.md | +#Customer intent: As a developer building a web application that calls a web API, I want to configure authentication using Azure AD B2C, so that I can securely sign users in to my application and call a secure web API. + # Configure authentication in a sample web app that calls a web API by using Azure AD B2C |
active-directory-b2c | Configure Authentication Sample Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-web-app.md | +#Customer intent: As a developer building a web application, I want to configure Azure AD B2C authentication in my app, so that I can securely sign users in and validate their ID tokens. + # Configure authentication in a sample web app by using Azure AD B2C |
active-directory-b2c | Configure Authentication Sample Wpf Desktop App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-wpf-desktop-app.md | +#Customer intent: As a developer creating a WPF desktop app, I want to configure authentication using Azure AD B2C, so that I can securely sign users into my application and call a protected web API. + # Configure authentication in a sample WPF desktop app by using Azure AD B2C |
active-directory-b2c | Configure Tokens | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-tokens.md | +#Customer intent: As a developer configuring token lifetimes in Azure Active Directory B2C, I want to understand the options and settings available for token lifetime and compatibility, so that I can customize them to fit the needs of my application and ensure secure access to resources. + # Configure tokens in Azure Active Directory B2C |
active-directory-b2c | Contentdefinitions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/contentdefinitions.md | +#Customer intent: As a developer, I want to customize the user interface of my application using Azure Active Directory B2C, so that I can provide a personalized and branded experience to my customers. + # ContentDefinitions |
active-directory-b2c | Cookie Definitions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/cookie-definitions.md | +#Customer intent: As a developer integrating Azure AD B2C into my application, I want to understand the cookies used by Azure AD B2C, so that I can properly handle and manage them in my application's authentication flow. + # Cookies definitions for Azure AD B2C |
active-directory-b2c | Custom Domain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-domain.md | |
active-directory-b2c | Custom Email Mailjet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-email-mailjet.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to send customized email to users that sign up for my applications using a third-party email provider like Mailjet, so that I can use my own email template and customize the email address, subject, and support localization and custom one-time password settings. + # Custom email verification with Mailjet |
active-directory-b2c | Custom Email Sendgrid | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-email-sendgrid.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to send customized email to users that sign up for my applications using a third-party email provider like SendGrid, so that I can use my own email template and address and support localization and custom one-time password settings. + # Custom email verification with SendGrid |
active-directory-b2c | Custom Policies Series Branch User Journey | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-branch-user-journey.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to create branching in the user journey based on the values of data in a custom policy, so that I can provide different user experiences and collect specific information from users based on their selections. + # Create branching in user journey by using Azure Active Directory B2C custom policy |
active-directory-b2c | Custom Policies Series Call Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-call-rest-api.md | +#Customer intent: As a developer using Azure Active Directory B2C custom policy, I want to learn how to call a REST API and handle errors returned by the service, so that I can validate user inputs and issue JWT tokens based on the response. + # Call a REST API by using Azure Active Directory B2C custom policy |
active-directory-b2c | Custom Policies Series Collect User Input | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-collect-user-input.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to collect and manipulate user inputs by writing a custom policy, so that I can customize the user interface and process the inputs as claims in a JWT token. + # Collect and manipulate user inputs by using Azure Active Directory B2C custom policy |
active-directory-b2c | Custom Policies Series Hello World | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-hello-world.md | +#Customer intent: As a developer creating a custom policy for Azure Active Directory B2C, I want to learn how to configure the signing and encryption keys, build the custom policy file, upload the policy file to Azure portal, and test the custom policy, so that I can customize user flows to meet my business specific needs. + # Write your first Azure Active Directory B2C custom policy - Hello World! |
active-directory-b2c | Custom Policies Series Install Xml Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-install-xml-extensions.md | +#Customer intent: As a developer working with Azure AD B2C custom policies, I want to validate my custom policy files using the TrustFrameworkPolicy schema, so that I can ensure that my files are properly formatted and free of errors before uploading them. + # Validate custom policy files by using TrustFrameworkPolicy schema |
active-directory-b2c | Custom Policies Series Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-overview.md | +#Customer intent: As an identity app developer using Azure Active Directory B2C, I want to learn how to create and run my own custom policies, so that I can create complex user journeys and customize the behavior of the user experience to meet my business specific needs. + # Create and run your own custom policies in Azure Active Directory B2C |
active-directory-b2c | Custom Policies Series Sign Up Or Sign In Federation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-sign-up-or-sign-in-federation.md | +#Customer intent: As a developer, I want to set up a sign-up and sign-in flow with a social account using Azure Active Directory B2C custom policy, so that users can sign in to my application using their social media credentials. + # Set up a sign-up and sign-in flow with a social account by using Azure Active Directory B2C custom policy |
active-directory-b2c | Custom Policies Series Sign Up Or Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-sign-up-or-sign-in.md | +#Customer intent: As a developer, I want to set up a sign-up and sign-in flow for a local account using Azure Active Directory B2C custom policy, so that users can create and sign in to their accounts in my application. + |
active-directory-b2c | Custom Policies Series Store User | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-store-user.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to create and read user accounts using custom policies, so that I can store and retrieve user information from Microsoft Entra ID storage and issue JWT tokens. + # Create and read a user account by using Azure Active Directory B2C custom policy |
active-directory-b2c | Custom Policies Series Validate User Input | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-validate-user-input.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to validate user inputs by using custom policies, so that I can ensure that the data entered by users is accurate and meets the required criteria. + # Validate user inputs by using Azure Active Directory B2C custom policy |
active-directory-b2c | Custom Policy Developer Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policy-developer-notes.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to understand the available features and their availability, so that I can make informed decisions about which features to use in my application development. + # Developer notes for Azure Active Directory B2C |
active-directory-b2c | Custom Policy Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policy-overview.md | +#Customer intent: As an identity developer working with Azure AD B2C, I want to understand the basics of custom policies, so that I can configure and customize the behavior of my Azure AD B2C tenant for different identity tasks. + # Azure AD B2C custom policy overview |
active-directory-b2c | Custom Policy Reference Sso | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policy-reference-sso.md | +#Customer intent: As a developer configuring session behavior in Azure Active Directory B2C, I want to understand how to use session providers to manage single sign-on (SSO) sessions for different technical profiles, so that I can customize the SSO behavior and control the flow of my custom policy. + # Single sign-on session providers in Azure Active Directory B2C |
active-directory-b2c | Customize Ui With Html | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/customize-ui-with-html.md | +#Customer intent: As a developer customizing the user interface in Azure Active Directory B2C, I want to know how to customize the default pages and host my own HTML and CSS files, so that I can provide a branded and seamless user experience in my application. + # Customize the user interface with HTML templates in Azure Active Directory B2C |
active-directory-b2c | Customize Ui | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/customize-ui.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to customize the user interface of my application, so that I can provide a seamless and branded user experience for signing up, signing in, profile editing, and password resetting. + # Customize the user interface in Azure Active Directory B2C |
active-directory-b2c | Data Residency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/data-residency.md | +#Customer intent: As a user of Azure Active Directory B2C, I want to understand the region availability and data residency options, so that I can choose the appropriate location for storing my customer data and ensure compliance with corporate policies and regulations. + # Azure Active Directory B2C: Region availability & data residency |
active-directory-b2c | Date Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/date-transformations.md | +#Customer intent: As a developer using Azure AD B2C, I want to understand how to use date claims transformations, so that I can manipulate and compare dates in my authentication and authorization processes. + # Date claims transformations |
active-directory-b2c | Deploy Custom Policies Devops | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/deploy-custom-policies-devops.md | +#Customer intent: As a developer managing Azure AD B2C custom policies, I want to automate the deployment process using Azure Pipelines, so that I can consistently test, build, and ship my code to any target. + # Deploy custom policies with Azure Pipelines |
active-directory-b2c | Deploy Custom Policies Github Action | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/deploy-custom-policies-github-action.md | +#Customer intent: As a developer, I want to automate the deployment of Azure Active Directory B2C custom policies using GitHub Actions, so that I can easily manage and deploy my custom policies without manual intervention. + # Deploy custom policies with GitHub Actions |
active-directory-b2c | Direct Signin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/direct-signin.md | +#Customer intent: As a developer integrating Azure Active Directory B2C into my application, I want to set up direct sign-in and prepopulate the sign-in name, so that users can easily sign in using their preferred social identity provider and have a seamless authentication experience. + # Set up direct sign-in using Azure Active Directory B2C |
active-directory-b2c | Disable Email Verification | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/disable-email-verification.md | +#Customer intent: As an Azure AD B2C application developer, I want to disable email verification during the customer sign-up process, so that I can create a smoother sign-up experience and have the flexibility to differentiate between verified and unverified customers. + # Disable email verification during customer sign-up in Azure Active Directory B2C |
active-directory-b2c | Display Control Time Based One Time Password | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/display-control-time-based-one-time-password.md | +#Customer intent: As an Azure AD B2C administrator, I want to enable multifactor authentication using the TOTP method, so that end users can use an authenticator app to generate TOTP codes for enrollment and verification. + # TOTP display control |
active-directory-b2c | Display Control Verification | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/display-control-verification.md | +#Customer intent: As a user completing a verification process, I want to enter my email address or phone number and receive a verification code, so that I can verify my identity and proceed to the next step. + # Verification display control |
active-directory-b2c | Display Controls | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/display-controls.md | +#Customer intent: As a developer integrating Azure Active Directory B2C, I want to understand how to define and use display controls, so that I can create user interface elements with special functionality that interact with the back-end service and perform actions on the page. + # Display controls |
active-directory-b2c | Embedded Login | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/embedded-login.md | +#Customer intent: As a web application developer, I want to embed the Azure AD B2C sign-in user interface directly into my web application using the <iframe> HTML element, so that I can provide a simpler sign-up or sign-in experience for my users without redirecting them to a separate page or generating pop-up windows. + # Embedded sign-up or sign-in experience |
active-directory-b2c | Enable Authentication Android App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-android-app-options.md | +#Customer intent: As an Android app developer using Azure AD B2C for authentication, I want to configure authentication options in my app, so that I can customize and enhance the authentication experience for my users. + # Configure authentication options in an Android app by using Azure AD B2C |
active-directory-b2c | Enable Authentication Android App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-android-app.md | +#Customer intent: As an Android app developer, I want to enable Azure AD B2C authentication in my own app, so that my users can sign in using Azure AD B2C and access protected resources. + # Enable authentication in your own Android app by using Azure AD B2C |
active-directory-b2c | Enable Authentication Angular Spa App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-angular-spa-app-options.md | +#Customer intent: As an Angular developer, I want to configure authentication options in my application using Azure Active Directory B2C, so that I can customize and enhance the authentication experience for my users. + # Configure authentication options in an Angular application by using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication Angular Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-angular-spa-app.md | +#Customer intent: As a developer, I want to enable Azure Active Directory B2C authentication in my Angular application, so that users can sign in using Azure AD B2C and access protected resources. + # Enable authentication in your own Angular Application by using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication Azure Static App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-azure-static-app-options.md | +#Customer intent: As a developer using Azure Static Web Apps, I want to enable and customize Azure AD B2C authentication, so that I can enhance the authentication experience for my web apps and use custom domains, external identity providers, language customization, and custom parameters. + # Enable authentication options in an Azure Static Web App by using Azure AD B2C |
active-directory-b2c | Enable Authentication In Node Web App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app-options.md | +#Customer intent: As a Node.js web app developer, I want to enable and customize Azure Active Directory B2C authentication in my application, so that I can provide a secure and personalized authentication experience for my users. + # Enable authentication options in a Node.js web app by using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication In Node Web App With Api Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app-with-api-options.md | +#Customer intent: As a Node.js web API developer, I want to enable, customize, and enhance the authentication experience using Azure Active Directory B2C, so that I can secure my web API and provide a seamless authentication experience for my users. + # Enable Node.js web API authentication options using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication In Node Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app-with-api.md | +#Customer intent: As a developer, I want to enable authentication in my Node.js web API using Azure Active Directory B2C, so that I can protect my web API and authorize access using valid access tokens issued by Azure AD B2C. + # Enable authentication in your own Node.js web API by using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication In Node Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app.md | +#Customer intent: As a Node.js web application developer, I want to enable Azure Active Directory B2C authentication in my application, so that users can sign in, sign out, update their profile, and reset their password using Azure AD B2C user flows. + # Enable authentication in your own Node web application using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication Ios App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-ios-app-options.md | +#Customer intent: As an iOS Swift app developer, I want to enable, customize, and enhance the authentication experience using Azure AD B2C, so that I can provide a secure and seamless login process for my users. + # Enable authentication options in an iOS Swift app by using Azure AD B2C |
active-directory-b2c | Enable Authentication Ios App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-ios-app.md | +#Customer intent: As an iOS Swift app developer, I want to enable Azure AD B2C authentication in my app, so that users can sign in using their Azure AD B2C accounts and access protected resources. + # Enable authentication in your own iOS Swift app by using Azure AD B2C |
active-directory-b2c | Enable Authentication Python Web App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-python-web-app-options.md | +#Customer intent: As a Python web app developer, I want to enable and customize Azure AD B2C authentication in my application, so that I can provide a secure and personalized authentication experience for my users. + # Enable authentication options in a Python web app by using Azure AD B2C |
active-directory-b2c | Enable Authentication Python Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-python-web-app.md | +#Customer intent: As a Python web application developer, I want to enable Azure Active Directory B2C authentication in my application, so that users can sign in, sign out, update their profile, and reset their password using Azure AD B2C user flows. + # Enable authentication in your own Python web application using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication React Spa App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-react-spa-app-options.md | +#Customer intent: As a React application developer, I want to configure authentication options using Azure Active Directory B2C, so that I can customize and enhance the authentication experience for my single-page application. + # Configure authentication options in a React application by using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication React Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-react-spa-app.md | +#Customer intent: As a React developer, I want to enable Azure Active Directory B2C authentication in my React application, so that users can sign in using Azure AD B2C and access protected resources. + # Enable authentication in your own React Application by using Azure Active Directory B2C |
active-directory-b2c | Enable Authentication Spa App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-spa-app-options.md | +#Customer intent: As a developer integrating Azure AD B2C authentication into a single-page application, I want to customize the authentication experience by configuring various options such as custom domains, login hints, domain hints, UI locales, custom parameters, and ID token hints, so that I can provide a tailored and seamless authentication flow for my users. + # Configure authentication options in a single-page application by using Azure AD B2C |
active-directory-b2c | Enable Authentication Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-spa-app.md | +#Customer intent: As a developer building a single-page application, I want to enable authentication using Azure AD B2C, so that I can securely authenticate users accessing my application and protect sensitive data. + # Enable authentication in your own single-page application by using Azure AD B2C |
active-directory-b2c | Enable Authentication Web Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-api.md | +#Customer intent: As a developer building a web API, I want to enable authentication using Azure AD B2C, so that I can authorize access to my API endpoints and ensure that only users with valid access tokens can call them. + # Enable authentication in your own web API by using Azure AD B2C |
active-directory-b2c | Enable Authentication Web App With Api Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-app-with-api-options.md | +#Customer intent: As a web developer using Azure AD B2C, I want to configure authentication options in my web app that calls a web API, so that I can customize and enhance the authentication experience for my users. + # Configure authentication options in a web app that calls a web API by using Azure AD B2C |
active-directory-b2c | Enable Authentication Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-app-with-api.md | +#Customer intent: As a web developer, I want to enable Azure AD B2C authentication in my ASP.NET web application that calls a web API, so that I can secure access to my application and protect user data. + # Enable authentication in web apps that call a web API by using Azure AD B2C |
active-directory-b2c | Enable Authentication Web Application Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-application-options.md | +#Customer intent: As a web app developer, I want to enable and customize Azure AD B2C authentication options in my web application, so that I can provide a secure and personalized authentication experience for my users. + # Enable authentication options in a web app by using Azure AD B2C |
active-directory-b2c | Enable Authentication Web Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-application.md | +#Customer intent: As a web app developer, I want to enable Azure AD B2C authentication in my ASP.NET web application, so that I can provide secure access to my users and protect their data. + # Enable authentication in your own web app by using Azure AD B2C |
active-directory-b2c | Enable Authentication Wpf Desktop App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-wpf-desktop-app-options.md | +#Customer intent: As a developer creating a WPF desktop app, I want to enable authentication using Azure AD B2C, so that I can customize and enhance the authentication experience for my application. + # Enable authentication options in a WPF desktop app by using Azure AD B2C |
active-directory-b2c | Error Codes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/error-codes.md | +#Customer intent: As a developer integrating Azure Active Directory B2C into my application, I want to understand the possible error codes and their meanings, so that I can handle them appropriately and provide a better user experience. + # Error codes: Azure Active Directory B2C |
active-directory-b2c | Extensions App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/extensions-app.md | +#Customer intent: As an Azure AD B2C administrator, I want to verify the presence of the b2c-extensions-app in my directory, so that I can ensure the correct functioning of Azure AD B2C and avoid any loss of user information. + # Extensions app in Azure AD B2C |
active-directory-b2c | Find Help Open Support Ticket | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/find-help-open-support-ticket.md | +#Customer intent: "As an Azure Active Directory B2C user experiencing technical issues, I want to open a support ticket, so that I can receive assistance from Microsoft support engineers to resolve my problem and contribute to service improvements." + # Find help and open a support ticket for Azure Active Directory B2C |
active-directory-b2c | Force Password Reset | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/force-password-reset.md | +#Customer intent: As an Azure Active Directory B2C administrator, I want to set up a force password reset flow, so that I can ensure users reset their passwords when necessary for security purposes. + # Set up a force password reset flow in Azure Active Directory B2C |
active-directory-b2c | General Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/general-transformations.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to understand how to use general claims transformations, so that I can customize and manipulate user claims in my custom policies. + # General claims transformations |
active-directory-b2c | Https Cipher Tls Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/https-cipher-tls-requirements.md | +#Customer intent: As a developer integrating Azure Active Directory B2C with my endpoints, I want to understand the TLS and cipher suite requirements, so that I can ensure my endpoints are compatible and establish a secure connection with Azure AD B2C. + # Azure Active Directory B2C TLS and cipher suite requirements |
active-directory-b2c | Id Token Hint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/id-token-hint.md | +#Customer intent: As a developer integrating Azure AD B2C with a relying party application, I want to define an ID token hint technical profile, so that I can send a JWT token with a hint about the user or the authorization request. This allows me to validate the token and extract the claims for further processing. + # Define an ID token hint technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Idp Pass Through User Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/idp-pass-through-user-flow.md | +#Customer intent: As a developer integrating Azure Active Directory B2C with my application, I want to pass the access token from an identity provider to my application, so that I can retrieve information about the user and enable seamless sign-up and sign-in experiences. + # Pass an identity provider access token to your application in Azure Active Directory B2C |
active-directory-b2c | Implicit Flow Single Page Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/implicit-flow-single-page-application.md | +#Customer intent: As a developer building a single-page application (SPA) with a JavaScript framework, I want to implement OAuth 2.0 implicit flow for sign-in using Azure Active Directory B2C, so that I can securely authenticate users without server-to-server exchange and handle user flows like sign-up and profile management. + # Single-page application sign-in using the OAuth 2.0 implicit flow in Azure Active Directory B2C |
active-directory-b2c | Integer Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/integer-transformations.md | +#Customer intent: As a developer working with Azure Active Directory B2C, I want to understand how to use integer claims transformations, so that I can manipulate numeric claims and perform comparisons in my application. + # Integer claims transformations |
active-directory-b2c | Json Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/json-transformations.md | +#Customer intent: As a developer working with Azure AD B2C, I want to understand how to use JSON claims transformations, so that I can manipulate and generate JSON data for my authentication and authorization processes. + # JSON claims transformations |
active-directory-b2c | Jwt Issuer Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/jwt-issuer-technical-profile.md | +#Customer intent: As a developer implementing custom policies in Azure Active Directory B2C, I want to define a technical profile for a JWT token issuer, so that I can emit a JWT token that is returned to the relying party application during the authentication flow. + # Define a technical profile for a JWT token issuer in an Azure Active Directory B2C custom policy |
active-directory-b2c | Localization String Ids | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/localization-string-ids.md | +#Customer intent: As a developer implementing user interface localization in Azure Active Directory B2C, I want to access the list of localization string IDs, so that I can use them in my policy to support multiple locales or languages in the user journeys. + # Localization string IDs |
active-directory-b2c | Localization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/localization.md | +#Customer intent: As a developer implementing localization in Azure Active Directory B2C policies, I want to understand how to use the Localization element to support multiple languages and locales in user journeys, so that I can provide a localized experience for users in different regions. + # Localization element |
active-directory-b2c | Manage Custom Policies Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-custom-policies-powershell.md | +#Customer intent: As an Azure AD B2C administrator, I want to manage custom policies using Azure PowerShell, so that I can review, update, and delete policies in my Azure AD B2C tenant. + # Manage Azure AD B2C custom policies with Azure PowerShell |
active-directory-b2c | Manage User Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-user-access.md | +#Customer intent: As an application developer using Azure Active Directory B2C, I want to manage user access to my application by identifying minors, requiring parental consent, gathering birth and country/region data, and capturing a terms-of-use agreement, so that I can comply with regulatory standards and provide appropriate experiences for different user groups. + # Manage user access in Azure Active Directory B2C |
active-directory-b2c | Manage User Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-user-data.md | +#Customer intent: As a developer integrating Azure Active Directory B2C, I want to understand how to manage user data, including deleting and exporting data, so that I can ensure compliance with GDPR regulations and provide users with control over their data. + # Manage user data in Azure Active Directory B2C |
active-directory-b2c | Microsoft Graph Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/microsoft-graph-get-started.md | -#Customer intent: As a developer, I want to register a Microsoft Graph application, so that I can automate tenant management tasks in my Azure AD B2C by using Microsoft Graph API. +#Customer intent: As a developer, I want to register a Microsoft Graph application, so that I can automate tenant management tasks in my Azure AD B2C directory, such as migrating user stores, deploying custom policies, and obtaining audit logs. + # Register a Microsoft Graph application |
active-directory-b2c | Microsoft Graph Operations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/microsoft-graph-operations.md | -#Customer intent: As a developer, I want to manage resources in my Azure AD B2C tenant by calling the Microsoft Graph API and using an application identity to automate the process. ++#Customer intent: As a developer, I want to programmatically manage resources in my Azure AD B2C directory using Microsoft Graph API, so that I can automate user management tasks, such as creating, updating, and deleting users, identity providers, user flows, custom policies, and policy keys. # Manage Azure AD B2C with Microsoft Graph |
active-directory-b2c | Multi Factor Auth Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/multi-factor-auth-technical-profile.md | +#Customer intent: As a developer integrating Azure AD B2C, I want to understand how to define a Microsoft Entra ID multifactor authentication technical profile, so that I can implement phone number verification and TOTP code verification in my custom policy. + # Define a Microsoft Entra ID multifactor authentication technical profile in an Azure AD B2C custom policy |
active-directory-b2c | Multi Factor Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/multi-factor-authentication.md | zone_pivot_groups: b2c-policy-type #Customer intent: As a developer, I want to learn how to enable multifactor authentication in consumer-facing applications secured by Azure Active Directory B2C. +++#Customer intent: As an application developer using Azure Active Directory B2C, I want to enable multifactor authentication for sign-up and sign-in experiences, so that I can add an extra layer of security to my applications without writing code. + # Enable multifactor authentication in Azure Active Directory B2C |
active-directory-b2c | Multiple Token Endpoints | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/multiple-token-endpoints.md | +#Customer intent: As a developer migrating an OWIN-based web API to a new domain, I want to enable support for multiple token issuers, so that I can migrate my web applications in a staged manner and remove support for the old token issuer from the API. + # Migrate an OWIN-based web API to b2clogin.com or a custom domain |
active-directory-b2c | Oauth1 Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/oauth1-technical-profile.md | +#Customer intent: As a developer implementing Azure Active Directory B2C custom policies, I want to define an OAuth1 technical profile, so that I can federate with an OAuth1 based identity provider like Twitter and allow users to sign in with their existing social or enterprise identities. + # Define an OAuth1 technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Oauth2 Error Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/oauth2-error-technical-profile.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to define an OAuth2 custom error technical profile, so that I can handle and return custom error messages to my OAuth2 or OpenId Connect relying party application when something goes wrong within my policy. + # Define an OAuth2 custom error technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Oauth2 Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/oauth2-technical-profile.md | +#Customer intent: As a developer integrating Azure AD B2C with an OAuth2 based identity provider, I want to define an OAuth2 technical profile in a custom policy, so that I can federate with the identity provider and allow users to sign in with their existing social or enterprise identities. + # Define an OAuth2 technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | One Time Password Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/one-time-password-technical-profile.md | +#Customer intent: As a developer integrating Azure AD B2C, I want to define a one-time password technical profile, so that I can generate and verify one-time passwords for user authentication in my custom policy. + # Define a one-time password technical profile in an Azure AD B2C custom policy |
active-directory-b2c | Openid Connect Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/openid-connect-technical-profile.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to define an OpenID Connect technical profile in a custom policy, so that I can federate with an OpenID Connect based identity provider and allow users to sign in with their existing social or enterprise identities. + # Define an OpenID Connect technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Openid Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/openid-connect.md | +#Customer intent: As a web application developer, I want to implement web sign-in with OpenID Connect in Azure Active Directory B2C, so that I can securely authenticate users and outsource identity management experiences in my web applications to Microsoft Entra ID. + # Web sign in with OpenID Connect in Azure Active Directory B2C |
active-directory-b2c | Page Layout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/page-layout.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to stay up-to-date with the latest page layout versions, so that I can ensure that my page elements reflect the latest security enhancements, accessibility standards, and fixes. + # Page layout versions |
active-directory-b2c | Partner Gallery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-gallery.md | +#Customer intent: As an Azure AD B2C user, I want to integrate with ISV partners for multifactor authentication, role-based access control, identity verification and proofing, fraud protection, and compliance with PSD2 SCA requirements, so that I can enhance the security and user experience of my applications. + # Azure Active Directory B2C ISV partners |
active-directory-b2c | Partner Idology | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-idology.md | +#Customer intent: As an Azure AD B2C administrator, I want to integrate IDology with Azure AD B2C, so that I can verify and authenticate user identities using IDology's identity verification and proofing solutions. + # Tutorial for configuring IDology with Azure Active Directory B2C |
active-directory-b2c | Partner Itsme | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-itsme.md | +#Customer intent: As a developer integrating Azure AD B2C authentication with itsme OpenID Connect (OIDC), I want to configure the itsme Identity Provider in Azure AD B2C, so that users can sign in securely using their itsme digital ID app without the need for passwords or multiple PIN codes. + # Configure itsme OpenID Connect (OIDC) with Azure Active Directory B2C |
active-directory-b2c | Partner Twilio | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-twilio.md | +#Customer intent: As a developer integrating Azure AD B2C with Twilio Verify API, I want a walkthrough on how to integrate a sample online payment app with Twilio Verify API, so that I can comply with PSD2 transaction requirements through dynamic linking and strong customer authentication. + # Integrating Twilio Verify App with Azure Active Directory B2C |
active-directory-b2c | Password Complexity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/password-complexity.md | +#Customer intent: As an Azure AD B2C administrator, I want to configure the complexity requirements for passwords, so that I can enforce strong password policies and customize password complexity rules for different user flows. + # Configure complexity requirements for passwords in Azure Active Directory B2C |
active-directory-b2c | Phone Authentication User Flows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-authentication-user-flows.md | +#Customer intent: As a developer, I want to enable phone sign-up and sign-in for user flows, so that users can sign up for my application using their phone number as an identity option. + # Set up phone sign-up and sign-in for user flows |
active-directory-b2c | Phone Based Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-based-mfa.md | +#Customer intent: As an Azure AD B2C administrator, I want to monitor phone authentication failures and mitigate fraudulent sign-ups, so that I can protect against malicious use of the telephony service and ensure a secure authentication process. + # Securing phone-based multifactor authentication |
active-directory-b2c | Phone Factor Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-factor-technical-profile.md | +#Customer intent: As a developer implementing phone number verification in Azure AD B2C, I want to define a phone factor technical profile, so that I can provide a user interface for users to verify or enroll their phone numbers, support multiple phone numbers, and return claims indicating the status of the phone number. + # Define a phone factor technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Phone Number Claims Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-number-claims-transformations.md | +#Customer intent: As a developer using Azure AD B2C, I want to understand how to define phone number claims transformations, so that I can convert phone number data types, validate phone number formats, and extract country/region codes and national numbers from phone numbers. + # Define phone number claims transformations in Azure AD B2C |
active-directory-b2c | Policy Keys Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/policy-keys-overview.md | +#Customer intent: As an Azure AD B2C administrator, I want to understand how to manage policy keys, so that I can establish trust with external identity providers, REST API services, and configure encryption and signing for token validation. + # Overview of policy keys in Azure Active Directory B2C |
active-directory-b2c | Predicates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/predicates.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to perform validation on user input data, so that I can ensure that only properly formed data is entered into the system. + # Predicates and PredicateValidations |
active-directory-b2c | Protocols Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/protocols-overview.md | +#Customer intent: As a developer integrating Azure AD B2C into my application, I want to understand the authentication protocols supported by Azure AD B2C, so that I can choose the appropriate protocol for my application and ensure secure authentication and authorization for my users. + # Azure AD B2C: Authentication protocols |
active-directory-b2c | Publish App To Azure Ad App Gallery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/publish-app-to-azure-ad-app-gallery.md | +#Customer intent: As a developer of an Azure Active Directory B2C app, I want to publish my app to the Microsoft Entra app gallery, so that customers can easily find and deploy my app, enable single sign-on, and automate user setup within their Microsoft Entra tenant. + # Publish your Azure Active Directory B2C app to the Microsoft Entra app gallery |
active-directory-b2c | Register Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/register-apps.md | +#Customer intent: As a developer, I want to register my applications in Azure Active Directory B2C, so that I can enable authentication for various modern application architectures and specify the type of app that I want to register. + # Register apps in Azure Active Directory B2C |
active-directory-b2c | Relyingparty | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/relyingparty.md | +#Customer intent: As a developer integrating Azure Active Directory B2C into my application, I want to understand how to configure the RelyingParty element, so that I can enforce user journeys and specify the claims needed for the issued token. + # RelyingParty |
active-directory-b2c | Restful Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/restful-technical-profile.md | +#Customer intent: As a developer integrating a RESTful service with Azure Active Directory B2C, I want to define a technical profile, so that I can send and receive data from the REST API using input and output claims collections. + # Define a RESTful technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Saml Identity Provider Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-identity-provider-technical-profile.md | +#Customer intent: As a developer integrating Azure AD B2C with a SAML-based identity provider, I want to understand how to define a SAML identity provider technical profile, so that I can configure the necessary metadata and certificates for the integration. + # Define a SAML identity provider technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Saml Issuer Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-issuer-technical-profile.md | +#Customer intent: As a developer configuring SAML token issuance in Azure AD B2C, I want to define a technical profile for a SAML token issuer, so that I can emit a SAML token that is returned to the relying party application. + # Define a technical profile for a SAML token issuer in an Azure Active Directory B2C custom policy |
active-directory-b2c | Saml Service Provider Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-service-provider-options.md | +#Customer intent: As a developer integrating a SAML application with Azure AD B2C, I want to understand the configuration options available for connecting the application, so that I can properly configure the SAML response signature, encryption, and other settings required for successful integration. + # Options for registering a SAML application in Azure AD B2C |
active-directory-b2c | Saml Service Provider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-service-provider.md | +#Customer intent: As a developer integrating SAML applications with Azure AD B2C, I want to register a SAML application in Azure AD B2C, so that I can authenticate users using the SAML protocol and achieve single sign-on with SAML-based applications. + # Register a SAML application in Azure AD B2C |
active-directory-b2c | Secure Api Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/secure-api-management.md | +#Customer intent: As an API developer, I want to secure my Azure API Management API with Azure AD B2C, so that I can restrict access to only authenticated clients and ensure that only valid access tokens are accepted. + # Secure an Azure API Management API with Azure AD B2C |
active-directory-b2c | Secure Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/secure-rest-api.md | +#Customer intent: As a developer integrating a REST API within an Azure AD B2C user flow, I want to learn how to secure my REST API endpoint with authentication, so that only authorized services like Azure AD B2C can make calls to the endpoint. + # Secure APIs used for API connectors in Azure AD B2C |
active-directory-b2c | Self Asserted Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/self-asserted-technical-profile.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to define a self-asserted technical profile with display claims and output claims, so that I can collect and validate user input and return the claims to the next orchestration step. + # Define a self-asserted technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | Service Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/service-limits.md | +#Customer intent: As an Azure AD B2C user, I want to understand the service limits and restrictions, so that I can ensure that my application stays within the allowed usage constraints and request limits. + # Azure Active Directory B2C service limits and restrictions |
active-directory-b2c | Session Behavior | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/session-behavior.md | +#Customer intent: As a developer configuring session behavior in Azure Active Directory B2C, I want to understand the different types of single sign-on sessions (Azure AD B2C session, federated identity provider session, application session) and how to configure their behavior, so that I can implement the most appropriate SSO method for my policy. + |
active-directory-b2c | Social Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/social-transformations.md | +#Customer intent: As a developer using Azure AD B2C, I want to understand how to use social account claims transformations, so that I can link new social identities with existing accounts, create alternative security IDs, get a list of identity providers, and remove alternative security IDs by identity provider. + # Social accounts claims transformations |
active-directory-b2c | Solution Articles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/solution-articles.md | +#Customer intent: As a developer, I want to access downloadable solution guides and training for Azure Active Directory B2C, so that I can understand how to implement and leverage Azure AD B2C for customer identity management in my applications. + # Solutions and Training for Azure Active Directory B2C |
active-directory-b2c | String Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/string-transformations.md | +#Customer intent: As a developer using Azure AD B2C, I want to understand how to use string claims transformations, so that I can manipulate and compare string claims in my custom policies. + # String claims transformations |
active-directory-b2c | Stringcollection Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/stringcollection-transformations.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to understand how to use string collection claims transformations, so that I can add, parameterize, extract, and check values in string collections for claims. + # StringCollection claims transformations |
active-directory-b2c | Subjourneys | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/subjourneys.md | +#Customer intent: As a developer implementing user journeys in Azure AD B2C, I want to understand how to use sub journeys to organize and simplify the flow of orchestration steps, so that I can create reusable step sequences and implement branching to better represent the business logic. + |
active-directory-b2c | Supported Azure Ad Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/supported-azure-ad-features.md | +#Customer intent: As an Azure AD B2C tenant administrator, I want to understand the differences between Microsoft Entra ID and Azure AD B2C features, so that I can effectively manage user accounts and configure the appropriate features for my tenant. + # Supported Microsoft Entra ID features |
active-directory-b2c | Technicalprofiles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/technicalprofiles.md | +#Customer intent: As a developer integrating Azure Active Directory B2C into my application, I want to understand the different types of technical profiles available, so that I can choose the appropriate profile to communicate with Azure AD B2C and perform actions such as user creation, user profile reading, and authentication. + # Technical profiles |
active-directory-b2c | Tenant Management Check Tenant Creation Permission | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-check-tenant-creation-permission.md | +#Customer intent: "As an Azure AD B2C administrator, I want to restrict non-admin users from creating tenants, so that I can ensure security and prevent unauthorized access. Additionally, as a non-admin user, I want to check if I have permission to create a tenant, so that I can proceed with the necessary actions." + # Review tenant creation permission in Azure Active Directory B2C |
active-directory-b2c | Tenant Management Emergency Access Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-emergency-access-account.md | +#Customer intent: As an Azure AD B2C administrator, I want to create emergency access accounts with strong authentication and exclude them from conditional access policies, so that I can prevent accidental lockouts and ensure administrative access to the organization in case of emergencies. + # Manage emergency access accounts in Azure Active Directory B2C |
active-directory-b2c | Tenant Management Manage Administrator | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-manage-administrator.md | +#Customer intent: As an Azure AD B2C administrator, I want to manage administrator accounts, add new administrators (work and guest accounts), assign roles to user accounts, remove role assignments, delete administrator accounts, and protect administrative accounts with multifactor authentication, so that I can control access and ensure security in my Azure AD B2C tenant. + # Manage administrator accounts in Azure Active Directory B2C |
active-directory-b2c | Tenant Management Read Tenant Name | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-read-tenant-name.md | +#Customer intent: "As an Azure AD B2C administrator, I want to find and copy the tenant name and tenant ID, so that I can use them for configuration and management purposes in my organization's Azure AD B2C tenant." + # Find tenant name and tenant ID in Azure Active Directory B2C |
active-directory-b2c | Tokens Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tokens-overview.md | +#Customer intent: As a developer integrating Azure AD B2C into my application, I want to understand the different types of tokens used in Azure AD B2C, so that I can properly authenticate users and secure access to resources in my application. + # Overview of tokens in Azure Active Directory B2C |
active-directory-b2c | Troubleshoot With Application Insights | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/troubleshoot-with-application-insights.md | +#Customer intent: As a developer working with Azure Active Directory B2C, I want to collect logs from my custom policies using Application Insights, so that I can diagnose and troubleshoot any problems that may occur. + # Collect Azure Active Directory B2C logs with Application Insights |
active-directory-b2c | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/troubleshoot.md | +#Customer intent: As a developer using Azure AD B2C custom policies and user flows, I want to troubleshoot and handle common errors that occur during the authentication process, so that I can ensure a smooth user experience and resolve any issues that may arise. + # Troubleshoot Azure AD B2C custom policies and user flows |
active-directory-b2c | Trustframeworkpolicy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/trustframeworkpolicy.md | +#Customer intent: As a developer creating custom policies for Azure Active Directory B2C, I want to understand the structure and elements of the TrustFrameworkPolicy XML files, so that I can define the necessary attributes, elements, and references for my policies. + # TrustFrameworkPolicy |
active-directory-b2c | Tutorial Create Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-create-tenant.md | +#Customer intent: As a developer, I want to create an Azure Active Directory B2C tenant, link it to my subscription, switch to the directory, and add the Azure AD B2C resource as a favorite in the Azure portal, so that I can manage and configure my applications to interact with Azure AD B2C. + # Tutorial: Create an Azure Active Directory B2C tenant |
active-directory-b2c | Tutorial Delete Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-delete-tenant.md | +#Customer intent: As an Azure AD B2C administrator, I want to delete the tenant and all associated resources, so that I can clean up after completing tutorials or testing. + # Clean up resources and delete the tenant |
active-directory-b2c | Tutorial Register Spa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-register-spa.md | +#Customer intent: As a developer building a single-page application (SPA), I want to register the SPA in Azure Active Directory B2C, so that I can enable authentication and authorization for my application and allow users to sign in and access protected APIs. + # Register a single-page application in Azure Active Directory B2C |
active-directory-b2c | User Flow Custom Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-custom-attributes.md | +#Customer intent: As an Azure AD B2C administrator, I want to define custom attributes in Azure AD B2C, so that I can manage specific scenarios and persist additional user data for customer-facing applications, identity providers, and custom user journeys. + # Define custom attributes in Azure Active Directory B2C |
active-directory-b2c | User Flow Versions Legacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-versions-legacy.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to understand the differences between legacy and recommended user flow versions, so that I can choose the appropriate user flow for my production applications. + # Legacy user flow versions in Azure Active Directory B2C |
active-directory-b2c | User Flow Versions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-versions.md | +#Customer intent: As a developer using Azure Active Directory B2C, I want to understand the differences between Recommended user flows and Standard (Legacy) user flows, so that I can choose the appropriate user flow version for my application and ensure it is maintained and updated. + # User flow versions in Azure Active Directory B2C |
active-directory-b2c | User Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-migration.md | +#Customer intent: As an IT admin migrating user accounts to Azure AD B2C, I want to understand the different migration methods (pre migration and seamless migration), so that I can choose the appropriate approach and write the necessary application or script using the Microsoft Graph API. + # Migrate users to Azure AD B2C |
active-directory-b2c | User Profile Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-profile-attributes.md | +#Customer intent: As a developer integrating Azure AD B2C into my application, I want to understand the supported user profile attributes and their availability in the Azure portal, user flows, and custom policies, so that I can effectively manage and extend user profile data for my application. + # User profile attributes |
active-directory-b2c | Userinfo Endpoint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/userinfo-endpoint.md | +#Customer intent: As a developer integrating Azure AD B2C with my application, I want to understand how to create and configure a UserInfo endpoint, so that I can retrieve claims about the authenticated user and use them in my application. + # UserInfo endpoint |
active-directory-b2c | Userjourneys | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/userjourneys.md | +#Customer intent: As a developer integrating Azure AD B2C into an application, I want to understand how user journeys, authorization technical profiles, orchestration steps, preconditions, claims provider selection, claims exchanges, and journey lists work, so that I can configure the policy file correctly and ensure a successful user flow. + # UserJourneys |
active-directory-b2c | Validation Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/validation-technical-profile.md | +#Customer intent: As a developer implementing Azure Active Directory B2C custom policies, I want to define a validation technical profile, so that I can validate the output claims of a self-asserted technical profile and control the execution of subsequent validation technical profiles based on the success or failure of the validation. + # Define a validation technical profile in an Azure Active Directory B2C custom policy |
active-directory-b2c | View Audit Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/view-audit-logs.md | +#Customer intent: As an Azure AD B2C administrator, I want to access and view the audit logs for my B2C tenant, so that I can monitor activity, track user sign-ins, and troubleshoot any issues related to B2C resources and applications. + # Accessing Azure AD B2C audit logs |
active-directory-b2c | Whats New Docs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/whats-new-docs.md | Title: "What's new in Azure Active Directory business-to-customer (B2C)" description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)." Previously updated : 01/05/2024 Last updated : 01/11/2024 +#Customer intent: As a developer using Azure Active Directory B2C, I want to stay updated on the latest documentation changes and new features, so that I can effectively use and implement the B2C service in my applications. + # Azure Active Directory B2C: What's new |
ai-services | Integrate Synapseml | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/integrate-synapseml.md | This tutorial shows how to apply large language models at a distributed scale by - To install SynapseML for your Apache Spark cluster, see [Install SynapseML](#install-synapseml). > [!NOTE]-> This article is designed to work with the [Azure OpenAI Service legacy models](/azure/ai-services/openai/concepts/legacy-models) like `Text-Davinci-003`, which support prompt-based completions. Newer models like the current `GPT-3.5 Turbo` and `GPT-4` model series are designed to work with the new chat completion API that expects a specially formatted array of messages as input. +> The `OpenAICompletion()` transformer is designed to work with the [Azure OpenAI Service legacy models](/azure/ai-services/openai/concepts/legacy-models) like `Text-Davinci-003`, which supports prompt-based completions. Newer models like the current `GPT-3.5 Turbo` and `GPT-4` model series are designed to work with the new chat completion API that expects a specially formatted array of messages as input. If you working with embeddings or chat completion models, please check the [Chat Completion](#chat-completion) and [Generating Text Embeddings](#generating-text-embeddings) sections bellow. > -> The Azure OpenAI SynapseML integration supports the latest models via the [OpenAIChatCompletion()](https://github.com/microsoft/SynapseML/blob/0836e40efd9c48424e91aa10c8aa3fbf0de39f31/cognitive/src/main/scala/com/microsoft/azure/synapse/ml/cognitive/openai/OpenAIChatCompletion.scala#L24) transformer, which isn't demonstrated in this article. After the [release of the GPT-3.5 Turbo Instruct model](https://techcommunity.microsoft.com/t5/azure-ai-services-blog/announcing-updates-to-azure-openai-service-models/ba-p/3866757), the newer model will be the preferred model to use with this article. +> The Azure OpenAI SynapseML integration supports the latest models via the [OpenAIChatCompletion()](https://github.com/microsoft/SynapseML/blob/0836e40efd9c48424e91aa10c8aa3fbf0de39f31/cognitive/src/main/scala/com/microsoft/azure/synapse/ml/cognitive/openai/OpenAIChatCompletion.scala#L24) transformer. We recommend that you [create an Azure Synapse workspace](../../../synapse-analytics/get-started-create-workspace.md). However, you can also use Azure Databricks, Azure HDInsight, Spark on Kubernetes, or the Python environment with the `pyspark` package. The following image shows example output with completions in Azure Synapse Analy Here are some other use cases for working with Azure OpenAI Service and large datasets. -### Improve throughput with request batching +### Generating Text Embeddings ++In addition to completing text, we can also embed text for use in downstream algorithms or vector retrieval architectures. Creating embeddings allows you to search and retrieve documents from large collections and can be used when prompt engineering isn't sufficient for the task. For more information on using [OpenAIEmbedding](https://mmlspark.blob.core.windows.net/docs/0.11.1/pyspark/_modules/synapse/ml/cognitive/openai/OpenAIEmbedding.html), see our [embedding guide](https://microsoft.github.io/SynapseML/docs/Explore%20Algorithms/OpenAI/Quickstart%20-%20OpenAI%20Embedding/). ++from synapse.ml.services.openai import OpenAIEmbedding ++```python +embedding = ( + OpenAIEmbedding() + .setSubscriptionKey(key) + .setDeploymentName(deployment_name_embeddings) + .setCustomServiceName(service_name) + .setTextCol("prompt") + .setErrorCol("error") + .setOutputCol("embeddings") +) ++display(embedding.transform(df)) +``` ++### Chat Completion +Models such as ChatGPT and GPT-4 are capable of understanding chats instead of single prompts. The [OpenAIChatCompletion](https://mmlspark.blob.core.windows.net/docs/0.11.1/pyspark/_modules/synapse/ml/cognitive/openai/OpenAIChatCompletion.html) transformer exposes this functionality at scale. ++```python +from synapse.ml.services.openai import OpenAIChatCompletion +from pyspark.sql import Row +from pyspark.sql.types import * +++def make_message(role, content): + return Row(role=role, content=content, name=role) +++chat_df = spark.createDataFrame( + [ + ( + [ + make_message( + "system", "You are an AI chatbot with red as your favorite color" + ), + make_message("user", "Whats your favorite color"), + ], + ), + ( + [ + make_message("system", "You are very excited"), + make_message("user", "How are you today"), + ], + ), + ] +).toDF("messages") ++chat_completion = ( + OpenAIChatCompletion() + .setSubscriptionKey(key) + .setDeploymentName(deployment_name) + .setCustomServiceName(service_name) + .setMessagesCol("messages") + .setErrorCol("error") + .setOutputCol("chat_completions") +) ++display( + chat_completion.transform(chat_df).select( + "messages", "chat_completions.choices.message.content" + ) +) +``` ++### Improve throughput with request batching from OpenAICompletion You can use Azure OpenAI Service with large datasets to improve throughput with request batching. In the previous example, you make several requests to the service, one for each prompt. To complete multiple prompts in a single request, you can use batch mode. -In the `OpenAICompletion` object definition, you specify the `"batchPrompt"` value to configure the dataframe to use a **batchPrompt** column. Create the dataframe with a list of prompts for each row. +In the [OpenAItCompletion](https://mmlspark.blob.core.windows.net/docs/0.11.1/pyspark/_modules/synapse/ml/cognitive/openai/OpenAICompletion.html) object definition, you specify the `"batchPrompt"` value to configure the dataframe to use a **batchPrompt** column. Create the dataframe with a list of prompts for each row. > [!NOTE] > There's currently a limit of 20 prompts in a single request and a limit of 2048 tokens, or approximately 1500 words. +> [!NOTE] +> Currently, request batching is not supported by the `OpenAIChatCompletion()` transformer. + ```python batch_df = spark.createDataFrame( [ completed_batch_df = batch_completion.transform(batch_df).cache() display(completed_batch_df) ``` -> [!NOTE] -> There's currently a limit of 20 prompts in a single request and a limit of 2048 tokens, or approximately 1500 words. - ### Use an automatic mini-batcher You can use Azure OpenAI Service with large datasets to transpose the data format. If your data is in column format, you can transpose it to row format by using the SynapseML `FixedMiniBatcherTransformer` object. |
ai-services | How To Pronunciation Assessment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/how-to-pronunciation-assessment.md | zone_pivot_groups: programming-languages-ai-services In this article, you learn how to evaluate pronunciation with speech to text through the Speech SDK. To [get pronunciation assessment results](#get-pronunciation-assessment-results), you apply the `PronunciationAssessmentConfig` settings to a `SpeechRecognizer` object. > [!NOTE]+> For information about availability of pronunciation assessment, see [supported languages](language-support.md?tabs=pronunciation-assessment) and [available regions](regions.md#speech-service). +> > As a baseline, usage of pronunciation assessment costs the same as speech to text for pay-as-you-go or commitment tier [pricing](https://azure.microsoft.com/pricing/details/cognitive-services/speech-services). If you [purchase a commitment tier](../commitment-tier.md) for speech to text, the spend for pronunciation assessment goes towards meeting the commitment. > > For pricing differences between scripted and unscripted assessment, see [the pricing note](./pronunciation-assessment-tool.md#pricing). You can get pronunciation assessment scores for: - Syllable groups - Phonemes in [SAPI](/previous-versions/windows/desktop/ee431828(v=vs.85)#american-english-phoneme-table) or [IPA](https://en.wikipedia.org/wiki/IPA) format -> [!NOTE] -> The syllable group, phoneme name, and spoken phoneme of pronunciation assessment are currently only available for the en-US locale. For information about availability of pronunciation assessment, see [supported languages](language-support.md?tabs=pronunciation-assessment) and [available regions](regions.md#speech-service). - ## Syllable groups Pronunciation assessment can provide syllable-level assessment results. Grouping in syllables is more legible and aligned with speaking habits, as a word is typically pronounced syllable by syllable rather than phoneme by phoneme. +Pronunciation assessment supports syllable groups in `en-US` with IPA and in both `en-US` and `en-GB` with SAPI. + The following table compares example phonemes with the corresponding syllables. | Sample word | Phonemes | Syllables | To request syllable-level results along with phonemes, set the granularity [conf ## Phoneme alphabet format -For the `en-US` locale, the phoneme name is provided together with the score, to help identify which phonemes were pronounced accurately or inaccurately. For other locales, you can only get the phoneme score. +Pronunciation assessment supports phoneme name in `en-US` with IPA and in `en-US`, `en-GB` and `zh-CN` with SAPI. ++For locales that support phoneme name, the phoneme name is provided together with the score, to help identify which phonemes were pronounced accurately or inaccurately. For other locales, you can only get the phoneme score. The following table compares example SAPI phonemes with the corresponding IPA phonemes. pronunciationAssessmentConfig?.phonemeAlphabet = "IPA" With spoken phonemes, you can get confidence scores indicating how likely the spoken phonemes matched the expected phonemes. +Pronunciation assessment supports spoken phonemes in `en-US` with IPA and in both `en-US` and `en-GB` with SAPI. + For example, to obtain the complete spoken sound for the word "Hello", you can concatenate the first spoken phoneme for each expected phoneme with the highest confidence score. In the following assessment result, when you speak the word "hello", the expected IPA phonemes are "h ɛ l oʊ". However, the actual spoken phonemes are "h ə l oʊ". You have five possible candidates for each expected phoneme in this example. The assessment result shows that the most likely spoken phoneme was `"ə"` instead of the expected phoneme `"ɛ"`. The expected phoneme `"ɛ"` only received a confidence score of 47. Other potential matches received confidence scores of 52, 17, and 2. ```json |
ai-services | Language Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/language-support.md | With the cross-lingual feature, you can transfer your custom neural voice model # [Pronunciation assessment](#tab/pronunciation-assessment) -The table in this section summarizes the 24 locales supported for pronunciation assessment, and each language is available on all [Speech to text regions](regions.md#speech-service). Latest update extends support from English to 23 additional languages and quality enhancements to existing features, including accuracy, fluency and miscue assessment. You should specify the language that you're learning or practicing improving pronunciation. The default language is set as `en-US`. If you know your target learning language, [set the locale](how-to-pronunciation-assessment.md#get-pronunciation-assessment-results) accordingly. For example, if you're learning British English, you should specify the language as `en-GB`. If you're teaching a broader language, such as Spanish, and are uncertain about which locale to select, you can run various accent models (`es-ES`, `es-MX`) to determine the one that achieves the highest score to suit your specific scenario. +The table in this section summarizes the 25 locales supported for pronunciation assessment, and each language is available on all [Speech to text regions](regions.md#speech-service). Latest update extends support from English to 24 additional languages and quality enhancements to existing features, including accuracy, fluency and miscue assessment. You should specify the language that you're learning or practicing improving pronunciation. The default language is set as `en-US`. If you know your target learning language, [set the locale](how-to-pronunciation-assessment.md#get-pronunciation-assessment-results) accordingly. For example, if you're learning British English, you should specify the language as `en-GB`. If you're teaching a broader language, such as Spanish, and are uncertain about which locale to select, you can run various accent models (`es-ES`, `es-MX`) to determine the one that achieves the highest score to suit your specific scenario. [!INCLUDE [Language support include](includes/language-support/pronunciation-assessment.md)] |
api-management | Migrate Stv1 To Stv2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/migrate-stv1-to-stv2.md | On successful migration, update any network dependencies including DNS, firewall - **Can I roll back the migration if required?** - Yes, you can. If there's a failure during the migration process, the instance will automatically roll back to the stv1 platform. However, if you encounter any other issues post migration, you can roll back only if you have requested an extension to the old gateway purge. By default, the old gateway is purged in 15 mins that can be extended up to 48 hours by contacting support in advance. You should make sure to contact support before the old gateway is purged, if a rollback is required. Note to contact support if the instance is stuck in an "Updating" status for more than 2 hours. + Yes, you can. If there's a failure during the migration process, the instance will automatically roll back to the stv1 platform. However, if you encounter any other issues post migration, you can roll back only if you have requested an extension to the old gateway purge. By default, the old gateway is purged in 15 mins that can be extended up to 48 hours by contacting support in advance. You should make sure to contact support before the old gateway is purged, if a rollback is required. - **Is there any change required in custom domain/private DNS zones?** |
api-management | Validate Azure Ad Token Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/validate-azure-ad-token-policy.md | The `validate-azure-ad-token` policy enforces the existence and validity of a JS | Attribute | Description | Required | Default | | - | | -- | |-| tenant-id | Tenant ID or URL of the Microsoft Entra service. Policy expressons are allowed.| Yes | N/A | +| tenant-id | Tenant ID or URL of the Microsoft Entra service. Policy expressions are allowed.| Yes | N/A | | header-name | The name of the HTTP header holding the token. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | `Authorization` | | query-parameter-name | The name of the query parameter holding the token. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | N/A | | token-value | Expression returning a string containing the token. You must not return `Bearer` as part of the token value. Policy expressions are allowed. | One of `header-name`, `query-parameter-name` or `token-value` must be specified. | N/A | |
app-service | Monitor Instances Health Check | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/monitor-instances-health-check.md | Note that _/api/health_ is just an example added for illustration purposes. We d > - The Health check path should check critical components of your application. For example, if your application depends on a database and a messaging system, the Health check endpoint should connect to those components. If the application can't connect to a critical component, then the path should return a 500-level response code to indicate the app is unhealthy. Also, if the path does not return a response within 1 minute, the health check ping is considered unhealthy. > - When selecting the Health check path, make sure you're selecting a path that returns a 200 status code, only when the app is fully warmed up. > - In order to use Health check on your Function App, you must use a [premium or dedicated hosting plan](../azure-functions/functions-scale.md#overview-of-plans).-> - Details about Health check on Function Apps can be found here: [Monitor function apps using Health check](/azure-functions/configure-monitoring?tabs=v2#monitor-function-apps-using-health-check). +> - Details about Health check on Function Apps can be found here: [Monitor function apps using Health check](../azure-functions/configure-monitoring.md?#monitor-function-apps-using-health-check). > [!CAUTION] > Health check configuration changes restart your app. To minimize impact to production apps, we recommend [configuring staging slots](deploy-staging-slots.md) and swapping to production. |
azure-resource-manager | Tag Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/tag-support.md | To get the same data as a file of comma-separated values, download [tag-support. > | registries / models / versions | No | No | > | virtualclusters | Yes | Yes | > | workspaces | Yes | Yes |-> | workspaces / batchEndpoints | Yes | Yes | +> | workspaces / batchEndpoints | Yes | No | > | workspaces / batchEndpoints / deployments | Yes | Yes | > | workspaces / batchEndpoints / deployments / jobs | No | No | > | workspaces / batchEndpoints / jobs | No | No | To get the same data as a file of comma-separated values, download [tag-support. > | workspaces / services | No | No | > [!NOTE]-> Workspace tags don't propagate to compute clusters and compute instances. +> Workspace tags don't propagate to compute clusters and compute instances. It is not supported with tracking cost at cluster/batch endpoint level. ## Microsoft.Maintenance |
backup | Backup Support Matrix Iaas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix-iaas.md | Adding a disk to a protected VM | Supported. Resizing a disk on a protected VM | Supported. Shared storage| Backing up VMs by using Cluster Shared Volumes (CSV) or Scale-Out File Server isn't supported. CSV writers are likely to fail during backup. On restore, disks that contain CSV volumes might not come up. [Shared disks](../virtual-machines/disks-shared-enable.md) | Not supported.-<a name="ultra-disk-backup">Ultra disks</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#ultra-disk-limitations). <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/1GLRnNCntU). <br><br> - Configuration of Ultra disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Ultra disks. <br><br> - GRS type vaults cannot be used for enabling backup. -<a name="premium-ssd-v2-backup">Premium SSD v2</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#regional-availability). <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/h56TpTc773). <br><br> - Configuration of Premium v2 disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Premium v2 disks. <br><br> - GRS type vaults cannot be used for enabling backup. +<a name="ultra-disk-backup">Ultra disks</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#ultra-disk-limitations). <br><br> - The preview can be tested on any subscription and no enrollment is required. <br><br> - Configuration of Ultra disk protection is supported via Recovery Services vault and via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Ultra disks. <br><br> - GRS type vaults cannot be used for enabling backup. <br><br> - File-level restore is currently not supported for machines using Ultra disks. +<a name="premium-ssd-v2-backup">Premium SSD v2</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#regional-availability). <br><br> - The preview can be tested on any subscription and no enrollment is required. <br><br> - Configuration of Premium SSD v2 disk protection is supported via Recovery Services vault and via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Premium v2 disks. <br><br> - GRS type vaults cannot be used for enabling backup. <br><br> - File-level restore is currently not supported for machines using Premium SSD v2 disks. [Temporary disks](../virtual-machines/managed-disks-overview.md#temporary-disk) | Azure Backup doesn't back up temporary disks. NVMe/[ephemeral disks](../virtual-machines/ephemeral-os-disks.md) | Not supported. [Resilient File System (ReFS)](/windows-server/storage/refs/refs-overview) restore | Supported. Volume Shadow Copy Service (VSS) supports app-consistent backups on ReFS. |
communication-services | Teams User Calling | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/interop/teams-user-calling.md | The Azure Communication Services Calling SDK enables Teams user devices to drive Key features of the Calling SDK: -- **Addressing** - Azure Communication Services is using [Microsoft Entra user identifier](/powershell/module/azuread/get-azureaduser) to address communication endpoints. Clients use Microsoft Entra identities to authenticate to the service and communicate with each other. These identities are used in Calling APIs that provide clients visibility into who is connected to a call (the roster). And are also used in [Microsoft Graph API](/graph/api/user-get).+- **Addressing** - Azure Communication Services is using [Microsoft Entra user identifier](/powershell/module/microsoft.graph.users/get-mguser) to address communication endpoints. Clients use Microsoft Entra identities to authenticate to the service and communicate with each other. These identities are used in Calling APIs that provide clients visibility into who is connected to a call (the roster). And are also used in [Microsoft Graph API](/graph/api/user-get). - **Encryption** - The Calling SDK encrypts traffic and prevents tampering on the wire. - **Device Management and Media** - The Calling SDK provides facilities for binding to audio and video devices, encodes content for efficient transmission over the communications data plane, and renders content to output devices and views that you specify. APIs are also provided for screen and application sharing. - **Notifications** - The Calling SDK provides APIs that allow clients to be notified of an incoming call. In situations where your app is not running in the foreground, patterns are available to [fire pop-up notifications](../notifications.md) ("toasts") to inform users of an incoming call. |
container-apps | Background Processing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/background-processing.md | |
cosmos-db | How To Restrict User Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/how-to-restrict-user-data.md | Each authentication method gives access to different sets of operations, with so :::image type="content" source="./media/how-to-restrict-user-data/operations.png" alt-text="Split of operations per authentication type" border="false"::: +> [!NOTE] +> [Microsoft Entra ID identities data operations are supported by NoSQL.](how-to-setup-rbac.md) + In some scenarios, you may want to restrict some users of your organization to perform data operations (that is CRUD requests and queries) only. This is typically the case for developers who don't need to create or delete resources, or change the provisioned throughput of the containers they are working on. You can restrict the access by applying the following steps: |
cosmos-db | Compatibility | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/mongodb/vcore/compatibility.md | Below are the list of operators currently supported on Azure Cosmos DB for Mongo <tr><td><code>$skip</code></td><td><img src="media/compatibility/yes-icon.svg" alt="Yes">Yes</td></tr> <tr><td><code>$sort</code></td><td><img src="media/compatibility/yes-icon.svg" alt="Yes">Yes</td></tr> <tr><td><code>$sortByCount</code></td><td><img src="media/compatibility/yes-icon.svg" alt="Yes">Yes</td></tr>-<tr><td><code>$unionWith</code></td><td><img src="media/compatibility/yes-icon.svg" alt="Yes">Yes</td></tr> +<tr><td><code>$unionWith</code></td><td><img src="media/compatibility/no-icon.svg" alt="No">No</td></tr> <tr><td><code>$unset</code></td><td><img src="media/compatibility/yes-icon.svg" alt="Yes">Yes</td></tr> <tr><td><code>$unwind</code></td><td><img src="media/compatibility/yes-icon.svg" alt="Yes">Yes</td></tr> <tr><td><code>$shardedDataDistribution</code></td><td><img src="media/compatibility/no-icon.svg" alt="No">No</td></tr> |
cost-management-billing | Upgrade Azure Subscription | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cost-management-billing/manage/upgrade-azure-subscription.md | -If you have an [Azure for Students Starter account](https://azure.microsoft.com/offers/ms-azr-0144p/) and are eligible for an [Azure free account](https://azure.microsoft.com/free/), you can upgrade to it to a [Azure free account](https://azure.microsoft.com/free/). You get $200 Azure credit in your billing currency and 12 months of free services on upgrade. If you don't qualify for a free account, you can upgrade to [pay-as-you-go rates](https://azure.microsoft.com/offers/ms-azr-0003p/) with a [support request](https://go.microsoft.com/fwlink/?linkid=2083458). +If you have an [Azure for Students Starter account](https://azure.microsoft.com/offers/ms-azr-0144p/) and are eligible for an [Azure free account](https://azure.microsoft.com/free/), you can upgrade to it to an [Azure free account](https://azure.microsoft.com/free/). You get $200 Azure credit in your billing currency and 12 months of free services on upgrade. If you don't qualify for a free account, you can upgrade to [pay-as-you-go rates](https://azure.microsoft.com/offers/ms-azr-0003p/) with a [support request](https://go.microsoft.com/fwlink/?linkid=2083458). If you have an [Azure for Students](https://azure.microsoft.com/offers/ms-azr-0170p/) account, you can upgrade to [pay-as-you-go rates](https://azure.microsoft.com/offers/ms-azr-0003p/). |
defender-for-cloud | Concept Data Security Posture Prepare | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-data-security-posture-prepare.md | The table summarizes support for data-aware posture management. |Do I need to install an agent? | No, discovery requires no agent installation. | |What's the cost? | The feature is included with the Defender CSPM and Defender for Storage plans, and doesnΓÇÖt incur extra costs except for the respective plan costs. | |What permissions do I need to view/edit data sensitivity settings? | You need one of these Microsoft Entra roles: Global Administrator, Compliance Administrator, Compliance Data Administrator, Security Administrator, Security Operator.|-| What permissions do I need to perform onboarding? | You need one of these Microsoft Entra roles: Security Admin, Contributor, Owner on the subscription level (where the GCP project/s reside in). For consuming the security findings: Security Reader, Security Admin, Reader, Contributor, Owner on the subscription level (where the GCP project/s reside). | +| What permissions do I need to perform onboarding? | You need one of these [Azure role-based access control (Azure RBAC) roles](/azure/role-based-access-control/role-assignments-portal): Security Admin, Contributor, Owner on the subscription level (where the GCP project/s reside). For consuming the security findings: Security Reader, Security Admin, Reader, Contributor, Owner on the subscription level (where the GCP project/s reside). | ## Configuring data sensitivity settings |
defender-for-cloud | Concept Integration 365 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-integration-365.md | Title: Alerts and incidents in Microsoft Defender XDR (Preview) + Title: Alerts and incidents in Microsoft Defender XDR description: Learn about the benefits of receiving Microsoft Defender for Cloud's alerts in Microsoft Defender XDR Previously updated : 11/29/2023 Last updated : 01/03/2024 -# Alerts and incidents in Microsoft Defender XDR (Preview) +# Alerts and incidents in Microsoft Defender XDR -Microsoft Defender for Cloud is now integrated with Microsoft Defender XDR (Preview). This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender Portal. This integration provides richer context to investigations that span cloud resources, devices, and identities. +Microsoft Defender for Cloud is now integrated with Microsoft Defender XDR. This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender Portal. This integration provides richer context to investigations that span cloud resources, devices, and identities. The partnership with Microsoft Defender XDR allows security teams to get the complete picture of an attack, including suspicious and malicious events that happen in their cloud environment. Security teams can accomplish this goal through immediate correlations of alerts and incidents. |
defender-for-cloud | Connect Azure Subscription | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/connect-azure-subscription.md | Title: Connect your Azure subscriptions description: Learn how to connect your Azure subscriptions to Microsoft Defender for Cloud Previously updated : 11/23/2023 Last updated : 01/03/2024 If you want to disable any of the plans, toggle the individual plan to **off**. > [!TIP] > To enable Defender for Cloud on all subscriptions within a management group, see [Enable Defender for Cloud on multiple Azure subscriptions](onboard-management-group.md). -## Integrate with Microsoft Defender XDR (Preview) +## Integrate with Microsoft Defender XDR When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft Defender Portal. No further steps are needed. |
defender-for-cloud | Defender For Devops Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-devops-introduction.md | -# Overview of Microsoft Defender for Cloud DevOps Security +# Overview of Microsoft Defender for Cloud DevOps Security Microsoft Defender for Cloud enables comprehensive visibility, posture management, and threat protection across multicloud environments including Azure, AWS, GCP, and on-premises resources. DevOps security within Defender for Cloud uses a central console to empower secu - **Prioritize remediation of critical issues in code**: Apply comprehensive code-to-cloud contextual insights within Defender for Cloud. Security admins can help developers prioritize critical code fixes with pull request annotations and assign developer ownership by triggering custom workflows feeding directly into the tools developers know and love. -These features help unify, strengthen, and manage multi-pipeline DevOps resources. +These features help unify, strengthen, and manage multi-pipeline DevOps resources. ## Manage your DevOps environments in Defender for Cloud -DevOps security in Defender for Cloud allow you to manage your connected environments and provide your security teams with a high-level overview of issues discovered in those environments through the [DevOps security console](https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/DevOpsSecurity). +DevOps security in Defender for Cloud allows you to manage your connected environments and provide your security teams with a high-level overview of issues discovered in those environments through the [DevOps security console](https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/DevOpsSecurity). :::image type="content" source="media/defender-for-devops-introduction/devops-security-overview-2.png" alt-text="Screenshot of the top of the DevOps security page that shows all of your onboarded environments and their metrics." lightbox="media/defender-for-devops-introduction/devops-metrics.png"::: The DevOps inventory table allows you to review onboarded DevOps resources and t On this part of the screen you see: -- **Name** - Lists onboarded DevOps resources from Azure DevOps, GitHub, and/or GitLab. View the resource health page by clicking it. +- **Name** - Lists onboarded DevOps resources from Azure DevOps, GitHub, and/or GitLab. View the resource health page by selecting it. -- **DevOps environment** - Describes the DevOps environment for the resource (that is, Azure DevOps, GitHub, GitLab). Use this column to sort by environment if multiple environments have been onboarded.+- **DevOps environment** - Describes the DevOps environment for the resource (that is, Azure DevOps, GitHub, GitLab). Use this column to sort by environment if multiple environments are onboarded. ++- **Advanced security status** - Shows whether advanced security features are enabled for the DevOps resource. + - `On` - Advanced security is enabled. + - `Off` - Advanced security isn't enabled. + - `Partially enabled` - Certain Advanced security features isn't enabled (for example, code scanning is off). + - `N/A` - Defender for Cloud doesn't have information about enablement. -- **Advanced security status** - Shows whether advanced security features are enabled for the DevOps resource. - - `On` - Advanced security is enabled. - - `Off` - Advanced security is not enabled. - - `Partially enabled` - Certain Advanced security features is not enabled (for example, code scanning is off). - - `N/A` - Defender for Cloud doesn't have information about enablement. - > [!NOTE] > Currently, this information is available only for Azure DevOps and GitHub repositories. -- **Pull request annotation status** - Shows whether PR annotations are enabled for the repository. - - `On` - PR annotations are enabled. - - `Off` - PR annotations aren't enabled. - - `N/A` - Defender for Cloud doesn't have information about enablement. - +- **Pull request annotation status** - Shows whether PR annotations are enabled for the repository. + - `On` - PR annotations are enabled. + - `Off` - PR annotations aren't enabled. + - `N/A` - Defender for Cloud doesn't have information about enablement. + > [!NOTE] > Currently, this information is available only for Azure DevOps repositories. |
defender-for-cloud | Export To Siem | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/export-to-siem.md | Title: Stream your alerts from Microsoft Defender for Cloud to Security Information and Event Management (SIEM) systems and other monitoring solutions -description: Learn how to stream your security alerts to Microsoft Sentinel, third-party SIEMs, SOAR, or ITSM solutions + Title: Stream alerts to monitoring solutions +description: Learn how to stream your security alerts to Microsoft Sentinel, SIEMs, SOAR, or ITSM solutions. Previously updated : 04/04/2022 Last updated : 01/15/2024 -# Stream alerts to a SIEM, SOAR, or IT Service Management solution +# Stream alerts to monitoring solutions -Microsoft Defender for Cloud can stream your security alerts into the most popular Security Information and Event Management (SIEM), -Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions. -Security alerts are notifications that Defender for Cloud generates when it detects threats on your resources. -Defender for Cloud prioritizes and lists the alerts, along with the information needed for you to quickly investigate the problem. -Defender for Cloud also provides detailed steps to help you remediate attacks. -Alerts data is retained for 90 days. +Microsoft Defender for Cloud has the ability to stream security alerts into various Security Information and Event Management (SIEM), Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions. Security alerts are generated when threats are detected on your resources. Defender for Cloud prioritizes and lists the alerts on the Alerts page, along with additional information needed to quickly investigate the problem. Detailed steps are provided to assist you to remediate the detected threat. All alerts data is retained for 90 days. -There are built-in Azure tools for ensuring you can view your alert data in all of the most popular solutions in use today, including: +There are built-in Azure tools that are available that ensure you can view your alert data in the following solutions: - **Microsoft Sentinel** - **Splunk Enterprise and Splunk Cloud**-- **IBM's QRadar**-- **ServiceNow**-- **ArcSight** - **Power BI**+- **ServiceNow** +- **IBM's QRadar** - **Palo Alto Networks**+- **ArcSight** -## Stream alerts to Microsoft Sentinel +## Stream alerts to Defender XDR with the Defender XDR API -Defender for Cloud natively integrates with Microsoft Sentinel, Azure's cloud-native SIEM and SOAR solution. +Defender for Cloud natively integrates with [Microsoft Defender XDR](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) allows you to use Defender XDR's incidents and alerts API to stream alerts and incidents into non-Microsoft solutions. Defender for Cloud customers can access one API for all Microsoft security products and can use this integration as an easier way to export alerts and incidents. -[Learn more about Microsoft Sentinel](../sentinel/overview.md). +Learn how to [integrate SIEM tools with Defender XDR](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide). ++## Stream alerts to Microsoft Sentinel ++Defender for Cloud natively integrates with [Microsoft Sentinel](../sentinel/overview.md) Azure's cloud-native SIEM and SOAR solution. ### Microsoft Sentinel's connectors for Defender for Cloud -Microsoft Sentinel includes built-in connectors for Microsoft Defender for Cloud at the subscription and tenant levels: +Microsoft Sentinel includes built-in connectors for Microsoft Defender for Cloud at the subscription and tenant levels. -- [Stream alerts to Microsoft Sentinel at the subscription level](../sentinel/connect-azure-security-center.md)-- [Connect all subscriptions in your tenant to Microsoft Sentinel](https://techcommunity.microsoft.com/t5/azure-sentinel/azure-security-center-auto-connect-to-sentinel/ba-p/1387539)+You can: -When you connect Defender for Cloud to Microsoft Sentinel, the status of Defender for Cloud alerts that get ingested into Microsoft Sentinel is synchronized between the two services. So, for example, when an alert is closed in Defender for Cloud, that alert is also shown as closed in Microsoft Sentinel. If you change the status of an alert in Defender for Cloud, the status of the alert in Microsoft Sentinel is also updated, but the statuses of any Microsoft Sentinel **incidents** that contain the synchronized Microsoft Sentinel alert aren't updated. +- [Stream alerts to Microsoft Sentinel at the subscription level](../sentinel/connect-azure-security-center.md). +- [Connect all subscriptions in your tenant to Microsoft Sentinel](https://techcommunity.microsoft.com/t5/azure-sentinel/azure-security-center-auto-connect-to-sentinel/ba-p/1387539). -You can enable the **bi-directional alert synchronization** feature to automatically sync the status of the original Defender for Cloud alerts with Microsoft Sentinel incidents that contain the copies of those Defender for Cloud alerts. So, for example, when a Microsoft Sentinel incident that contains a Defender for Cloud alert is closed, Defender for Cloud automatically closes the corresponding original alert. +When you connect Defender for Cloud to Microsoft Sentinel, the status of Defender for Cloud alerts that get ingested into Microsoft Sentinel is synchronized between the two services. For example, when an alert is closed in Defender for Cloud, that alert is also shown as closed in Microsoft Sentinel. When you change the status of an alert in Defender for Cloud, the status of the alert in Microsoft Sentinel is also updated. However,the statuses of any Microsoft Sentinel **incidents** that contain the synchronized Microsoft Sentinel alert aren't updated. -Learn more in [Connect alerts from Microsoft Defender for Cloud](../sentinel/connect-azure-security-center.md). +You can enable the **bi-directional alert synchronization** feature to automatically sync the status of the original Defender for Cloud alerts with Microsoft Sentinel incidents that contain the copies of the Defender for Cloud alerts. For example, when a Microsoft Sentinel incident that contains a Defender for Cloud alert is closed, Defender for Cloud automatically closes the corresponding original alert. ++Learn how to [connect alerts from Microsoft Defender for Cloud](../sentinel/connect-azure-security-center.md). > [!NOTE] > The bi-directional alert synchronization feature isn't available in the Azure Government cloud. Another alternative for investigating Defender for Cloud alerts in Microsoft Sen ## Stream alerts to QRadar and Splunk -The export of security alerts to Splunk and QRadar uses Event Hubs and a built-in connector. -You can either use a PowerShell script or the Azure portal to set up the requirements for exporting security alerts for your subscription or tenant. -Then youΓÇÖll need to use the procedure specific to each SIEM to install the solution in the SIEM platform. +To export security alerts to Splunk and QRadar, you need to use Event Hubs and a built-in connector. You can either use a PowerShell script or the Azure portal to set up the requirements for exporting security alerts for your subscription or tenant. Once the requirements are in place, you need to use the procedure specific to each SIEM to install the solution in the SIEM platform. ### Prerequisites Before you set up the Azure services for exporting alerts, make sure you have: - Azure subscription ([Create a free account](https://azure.microsoft.com/free/)) - Azure resource group ([Create a resource group](../azure-resource-manager/management/manage-resource-groups-portal.md)) - **Owner** role on the alerts scope (subscription, management group or tenant), or these specific permissions:- - Write permissions for event hubs and the Event Hub Policy + - Write permissions for event hubs and the Event Hubs Policy - Create permissions for [Microsoft Entra applications](../active-directory/develop/howto-create-service-principal-portal.md#permissions-required-for-registering-an-app), if you aren't using an existing Microsoft Entra application - Assign permissions for policies, if you're using the Azure Policy 'DeployIfNotExist' <!- - if it **has the SecurityCenterFree solution**, you'll need a minimum of read permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/read` - if it **doesn't have the SecurityCenterFree solution**, you'll need write permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/action` --> -### Step 1: Set up the Azure services +### Set up the Azure services You can set up your Azure environment to support continuous export using either: -- A PowerShell script (Recommended)+#### PowerShell script (Recommended) ++1. Download and run [the PowerShell script](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/3rd%20party%20SIEM%20integration). ++1. Enter the required parameters. + +1. Execute the script. ++The script performs all of the steps for you. When the script finishes, use the output to install the solution in the SIEM platform. ++#### Azure portal - Download and run [the PowerShell script](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/3rd%20party%20SIEM%20integration). - Enter the required parameters and the script performs all of the steps for you. - When the script finishes, it outputs the information youΓÇÖll use to install the solution in the SIEM platform. +1. Sign in to the [Azure portal](https://portal.azure.com). -- The Azure portal+1. Search for and select `Event Hubs`. - Here's an overview of the steps you'll do in the Azure portal: +1. [Create an Event Hubs namespace and event hub](../event-hubs/event-hubs-create.md). - 1. Create an Event Hubs namespace and event hub. - 2. Define a policy for the event hub with ΓÇ£SendΓÇ¥ permissions. - 3. **If you're streaming alerts to QRadar** - Create an event hub "Listen" policy, then copy and save the connection string of the policy that youΓÇÖll use in QRadar. - 4. Create a consumer group, then copy and save the name that youΓÇÖll use in the SIEM platform. - 5. Enable continuous export of security alerts to the defined event hub. - 6. **If you're streaming alerts to QRadar** - Create a storage account, then copy and save the connection string to the account that youΓÇÖll use in QRadar. - 7. **If you're streaming alerts to Splunk**: - 1. Create a Microsoft Entra application. - 2. Save the Tenant, App ID, and App password. - 3. Give permissions to the Microsoft Entra Application to read from the event hub you created before. +1. Define a policy for the event hub with `Send` permissions. - For more detailed instructions, see [Prepare Azure resources for exporting to Splunk and QRadar](export-to-splunk-or-qradar.md). +**If you're streaming alerts to QRadar** -### Step 2: Connect the event hub to your preferred solution using the built-in connectors +1. Create an event hub `Listen` policy. ++1. Copy and save the connection string of the policy to use in QRadar. ++1. Create a consumer group. ++1. Copy and save the name to use in the SIEM platform. ++1. Enable continuous export of security alerts to the defined event hub. ++1. Create a storage account. ++1. Copy and save the connection string to the account to use in QRadar. ++For more detailed instructions, see [Prepare Azure resources for exporting to Splunk and QRadar](export-to-splunk-or-qradar.md). ++**If you're streaming alerts to Splunk**: ++1. Create a Microsoft Entra application. ++1. Save the Tenant, App ID, and App password. ++1. Give permissions to the Microsoft Entra Application to read from the event hub you created before. ++For more detailed instructions, see [Prepare Azure resources for exporting to Splunk and QRadar](export-to-splunk-or-qradar.md). ++### Connect the event hub to your preferred solution using the built-in connectors Each SIEM platform has a tool to enable it to receive alerts from Azure Event Hubs. Install the tool for your platform to start receiving alerts. Each SIEM platform has a tool to enable it to receive alerts from Azure Event Hu ## Stream alerts with continuous export -To stream alerts into **ArcSight**, **SumoLogic**, **Syslog servers**, **LogRhythm**, **Logz.io Cloud Observability Platform**, and other monitoring solutions, connect Defender for Cloud using continuous export and Azure Event Hubs: +To stream alerts into **ArcSight**, **SumoLogic**, **Syslog servers**, **LogRhythm**, **Logz.io Cloud Observability Platform**, and other monitoring solutions, connect Defender for Cloud using continuous export and Azure Event Hubs. > [!NOTE] > To stream alerts at the tenant level, use this Azure policy and set the scope at the root management group. You'll need permissions for the root management group as explained in [Defender for Cloud permissions](permissions.md): [Deploy export to an event hub for Microsoft Defender for Cloud alerts and recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2fcdfcce10-4578-4ecd-9703-530938e4abcb). -1. Enable [continuous export](continuous-export.md) to stream Defender for Cloud alerts into a dedicated event hub at the subscription level. To do this at the Management Group level using Azure Policy, see [Create continuous export automation configurations at scale](continuous-export.md?tabs=azure-policy#configure-continuous-export-at-scale-using-the-supplied-policies). +**To stream alerts with continuous export**: ++1. Enable continuous export: + - At the [subscription level](continuous-export.md). + - At the [Management Group level using Azure Policy](continuous-export.md?tabs=azure-policy#configure-continuous-export-at-scale-using-the-supplied-policies). -2. Connect the event hub to your preferred solution using the built-in connectors: +1. Connect the event hub to your preferred solution using the built-in connectors: | Tool | Hosted in Azure | Description | |:|:| :| To stream alerts into **ArcSight**, **SumoLogic**, **Syslog servers**, **LogRhyt | LogRhythm | No| Instructions to set up LogRhythm to collect logs from an event hub are available [here](https://logrhythm.com/six-tips-for-securing-your-azure-cloud-environment/). |Logz.io | Yes | For more information, see [Getting started with monitoring and logging using Logz.io for Java apps running on Azure](/azure/developer/java/fundamentals/java-get-started-with-logzio) -3. Optionally, stream the raw logs to the event hub and connect to your preferred solution. Learn more in [Monitoring data available](../azure-monitor/essentials/stream-monitoring-data-event-hubs.md#monitoring-data-available). +1. (Optional) Stream the raw logs to the event hub and connect to your preferred solution. Learn more in [Monitoring data available](../azure-monitor/essentials/stream-monitoring-data-event-hubs.md#monitoring-data-available). To view the event schemas of the exported data types, visit the [Event Hubs event schemas](https://aka.ms/ASCAutomationSchemas). -## Use the Microsoft Graph Security API to stream alerts to third-party applications +## Use the Microsoft Graph Security API to stream alerts to non-Microsoft applications -As an alternative to Microsoft Sentinel and Azure Monitor, you can use Defender for Cloud's built-in integration with [Microsoft Graph Security API](/graph/security-concept-overview/). No configuration is required. +Defender for Cloud's built-in integration with [Microsoft Graph Security API](/graph/security-concept-overview/) without the need of any further configuration requirements. -You can use this API to stream alerts from your **entire tenant** (and data from many Microsoft Security products) into third-party SIEMs and other popular platforms: +You can use this API to stream alerts from your **entire tenant** (and data from many Microsoft Security products) into non-Microsoft SIEMs and other popular platforms: - **Splunk Enterprise and Splunk Cloud** - [Use the Microsoft Graph Security API Add-On for Splunk](https://splunkbase.splunk.com/app/4564/) - **Power BI** - [Connect to the Microsoft Graph Security API in Power BI Desktop](/power-bi/connect-data/desktop-connect-graph-security). |
defender-for-cloud | Export To Splunk Or Qradar | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/export-to-splunk-or-qradar.md | description: Learn how to configure the required Azure resources in the Azure po Previously updated : 04/04/2022 Last updated : 01/14/2024 # Prepare Azure resources for exporting to Splunk and QRadar To configure the Azure resources for QRadar and Splunk in the Azure portal: 1. Search for the Microsoft Entra application you created before and select it. 1. Select **Close**. -To continue setting up export of alerts, [install the built-in connectors](export-to-siem.md#step-2-connect-the-event-hub-to-your-preferred-solution-using-the-built-in-connectors) for the SIEM you're using. +To continue setting up export of alerts, [install the built-in connectors](export-to-siem.md#connect-the-event-hub-to-your-preferred-solution-using-the-built-in-connectors) for the SIEM you're using. |
defender-for-cloud | Express Configuration Azure Commands | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/express-configuration-azure-commands.md | +The examples in this article should be run in PowerShell; they aren't for use "as is" with Bash. + - [Set SQL vulnerability assessment baseline on system database](#set-sql-vulnerability-assessment-baseline-on-system-database) - [Get SQL vulnerability assessment baseline on system database](#get-sql-vulnerability-assessment-baseline-on-system-database) - [Set SQL vulnerability assessment baseline on user database](#set-sql-vulnerability-assessment-baseline-on-user-database) |
defender-for-cloud | Quickstart Onboard Aws | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-aws.md | Title: Connect your AWS account description: Defend your AWS resources by using Microsoft Defender for Cloud. Previously updated : 11/23/2023 Last updated : 01/03/2024 # Connect your AWS account to Microsoft Defender for Cloud To view all the active recommendations for your resources by resource type, use :::image type="content" source="./media/quickstart-onboard-aws/aws-resource-types-in-inventory.png" alt-text="Screenshot of AWS options in the asset inventory page's resource type filter." lightbox="media/quickstart-onboard-aws/aws-resource-types-in-inventory.png"::: -## Integrate with Microsoft Defender XDR (Preview) +## Integrate with Microsoft Defender XDR When you enable Defender for Cloud, Defender for Cloud alerts are automatically integrated into the Microsoft Defender Portal. No further steps are needed. |
defender-for-cloud | Quickstart Onboard Gcp | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-gcp.md | Title: Connect your GCP project description: Defend your GCP resources by using Microsoft Defender for Cloud. Previously updated : 11/23/2023 Last updated : 01/03/2024 # Connect your GCP project to Microsoft Defender for Cloud To view all the active recommendations for your resources by resource type, use :::image type="content" source="./media/quickstart-onboard-gcp/gcp-resource-types-in-inventory.png" alt-text="Screenshot of GCP options in the asset inventory page's resource type filter." lightbox="media/quickstart-onboard-gcp/gcp-resource-types-in-inventory.png"::: -## Integrate with Microsoft Defender XDR (Preview) +## Integrate with Microsoft Defender XDR When you enable Defender for Cloud, Defender for Cloud alerts are automatically integrated into the Microsoft Defender Portal. No further steps are needed. |
defender-for-cloud | Quickstart Onboard Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-machines.md | Title: Connect on-premises machines description: Learn how to connect your non-Azure machines to Microsoft Defender for Cloud. Previously updated : 11/23/2023 Last updated : 01/03/2024 To verify that your machines are connected: ![Defender for Cloud icon for an Azure Arc-enabled server.](./media/quickstart-onboard-machines/arc-enabled-machine-icon.png) Azure Arc-enabled server -## Integrate with Microsoft Defender XDR (Preview) +## Integrate with Microsoft Defender XDR When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft Defender Portal. No further steps are needed. |
defender-for-cloud | Release Notes Archive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/release-notes-archive.md | description: A description of what's new and changed in Microsoft Defender for C Previously updated : 01/02/2024 Last updated : 01/03/2024 # Archive for what's new in Defender for Cloud? |
defender-for-cloud | Release Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/release-notes.md | Title: Release notes description: This page is updated frequently with the latest updates in Defender for Cloud. Previously updated : 01/03/2024 Last updated : 01/15/2024 # What's new in Microsoft Defender for Cloud? If you're looking for items older than six months, you can find them in the [Arc | Date | Update | |--|--|+| January 15 | [General availability of Defender for Cloud's integration with Microsoft Defender XDR](#general-availability-of-defender-for-clouds-integration-with-microsoft-defender-xdr) | +| January 12 | [DevOps security Pull Request annotations are now enabled by default for Azure DevOps connectors](#devops-security-pull-request-annotations-are-now-enabled-by-default-for-azure-devops-connectors) | | January 4 | [Recommendations released for preview: Nine new Azure security recommendations](#recommendations-released-for-preview-nine-new-azure-security-recommendations) | +### General availability of Defender for Cloud's integration with Microsoft Defender XDR ++January 15, 2024 ++We're announcing the general availability (GA) of the integration between Defender for Cloud and Microsoft Defender XDR (formerly Microsoft 365 Defender). ++The integration brings competitive cloud protection capabilities into the Security Operations Center (SOC) day-to-day. With Microsoft Defender for Cloud and the Defender XDR integration, SOC teams can discover attacks that combine detections from multiple pillars, including Cloud, Endpoint, Identity, Office 365, and more. ++Learn more about [alerts and incidents in Microsoft Defender XDR](concept-integration-365.md). ++### DevOps security Pull Request annotations are now enabled by default for Azure DevOps connectors ++January 12, 2024 ++DevOps security exposes security findings as annotations in Pull Requests (PR) to help developers prevent and fix potential security vulnerabilities and misconfigurations before they enter production. As of January 12, 2024, PR annotations are now enabled by default for all new and existing Azure DevOps repositories that are connected to Defender for Cloud. ++By default, PR annotations are enabled only for High severity Infrastructure as Code (IaC) findings. Customers will still need to configure Microsoft Security for DevOps (MSDO) to run in PR builds and enable the Build Validation policy for CI builds in Azure DevOps repository settings. Customers can disable the PR Annotation feature for specific repositories from within the DevOps security blade repository configuration options. ++Learn more about [enabling Pull Request annotations for Azure DevOps](enable-pull-request-annotations.md#enable-pull-request-annotations-in-azure-devops). + ### Recommendations released for preview: Nine new Azure security recommendations January 4, 2024 The following Qualys recommendations for Containers Vulnerability Assessment are | Current recommendation name | New recommendation name | Description | Assessment key | | | | | | | Container registry images should have vulnerability findings resolved (powered by Qualys) | Azure registry container images should have vulnerabilities resolved (powered by Qualys) | Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | dbd0cb49-b563-45e7-9724-889e799fa648 |-| Running container images should have vulnerability findings resolved (powered by Qualys) | Azure running container images should have vulnerabilities resolved - (powered by Qualys) | Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | 41503391-efa5-47ee-9282-4eff6131462 | +| Running container images should have vulnerability findings resolved (powered by Qualys) | Azure running container images should have vulnerabilities resolved - (powered by Qualys) | Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | 41503391-efa5-47ee-9282-4eff6131462c | ### Public preview of Windows support for Containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management The below Qualys recommendations for Containers Vulnerability Assessment were re |Current recommendation name|New recommendation name|Description|Assessment key| |--|--|--|--| |Container registry images should have vulnerability findings resolved (powered by Qualys)|Azure registry container images should have vulnerabilities resolved (powered by Qualys)|Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. |dbd0cb49-b563-45e7-9724-889e799fa648|-|Running container images should have vulnerability findings resolved (powered by Qualys)|Azure running container images should have vulnerabilities resolved - (powered by Qualys)|Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.|41503391-efa5-47ee-9282-4eff6131462| +|Running container images should have vulnerability findings resolved (powered by Qualys)|Azure running container images should have vulnerabilities resolved - (powered by Qualys)|Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.|41503391-efa5-47ee-9282-4eff6131462c| ### Change to Container Vulnerability Assessments recommendation names The following Container Vulnerability Assessments recommendations were renamed: |Current recommendation name|New recommendation name|Description|Assessment key| |--|--|--|--| |Container registry images should have vulnerability findings resolved (powered by Qualys)|Azure registry container images should have vulnerabilities resolved (powered by Qualys)|Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. |dbd0cb49-b563-45e7-9724-889e799fa648|-|Running container images should have vulnerability findings resolved (powered by Qualys)|Azure running container images should have vulnerabilities resolved - (powered by Qualys)|Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.|41503391-efa5-47ee-9282-4eff6131462| +|Running container images should have vulnerability findings resolved (powered by Qualys)|Azure running container images should have vulnerabilities resolved - (powered by Qualys)|Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.|41503391-efa5-47ee-9282-4eff6131462c| |Elastic container registry images should have vulnerability findings resolved|AWS registry container images should have vulnerabilities resolved - (powered by Trivy)|Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.|03587042-5d4b-44ff-af42-ae99e3c71c87| ### Risk prioritization is now available for recommendations |
governance | Migrate From Azure Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/governance/machine-configuration/migrate-from-azure-automation.md | configuration to a MOF file and create a machine configuration package. Some modules might have compatibility issues with machine configuration. The most common problems are related to .NET framework vs .NET core. Detailed technical information is available on-the page, [Differences between Windows PowerShell 5.1 and PowerShell 7.x][https://learn.microsoft.com/powershell/scripting/whats-new/differences-from-windows-powershell?view=powershell-7.4]. +the page, [Differences between Windows PowerShell 5.1 and PowerShell 7.x][07]. One option to resolve compatibility issues is to run commands in Windows PowerShell from within a module that's imported in PowerShell 7, by running `powershell.exe`. You can review a sample module configuration stored in Azure Automation by making a REST request to the service [04]: /powershell/gallery/how-to/working-with-local-psrepositories [05]: ./how-to-create-package.md [06]: ./how-to-create-package.md#author-a-configuration-[07]: /powershell/gallery/how-to/working-with-local-psrepositories +[07]: https://learn.microsoft.com/powershell/scripting/whats-new/differences-from-windows-powershell?view=powershell-7.4 [08]: https://github.com/Azure/azure-policy/blob/bbfc60104c2c5b7fa6dd5b784b5d4713ddd55218/samples/GuestConfiguration/package-samples/resource-modules/WindowsDscConfiguration/DscResources/WindowsDscConfiguration/WindowsDscConfiguration.psm1#L97 [09]: ./dsc-in-machine-configuration.md#special-requirements-for-get [10]: ../../azure-resource-manager/management/overview.md#terminology |
healthcare-apis | Import Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/healthcare-apis/fhir/import-data.md | Content-Type:application/fhir+json Once $import is initiated, an empty response body with a **callback** link is returned in the `Content-location` header of the response together with ```202-Accepted``` status code. Store this callback link to check the import status. +$import operation registration is implemented as idempotent call (same registration payload yields same registration). This affects ability to re-process files with the same name. Refrain from updating files in-place, instead we suggest you use different file name for updated data, or, if update in-place with same file name is unavoidable, add e-tags in the registration payload. + To check import status, make the REST call with the ```GET``` method to the **callback** link returned in the previous step. You can interpret the response using the following table: Incase the ID of the resource isn't known, do a history search on the entire res ## Troubleshooting Lets walk-through solutions to some error codes you may encounter during the import operation.- ### 200 OK, but there's an error with the URL in the response **Behavior:** Import operation succeeds and returns ```200 OK```. However, `error.url` are present in the response body. Files present at the `error.url` location contain JSON fragments similar to below example: |
key-vault | Quick Create Go | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/key-vault/certificates/quick-create-go.md | Title: Quickstart ΓÇô Azure Key Vault Go client library - Manage certificates description: Learn how to create, retrieve, and delete certificates from an Azure key vault using the Go client library Previously updated : 02/17/2022 Last updated : 01/10/2024 |
key-vault | Quick Create Go | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/key-vault/secrets/quick-create-go.md | Title: 'Quickstart: Manage secrets by using the Azure Key Vault Go client librar description: Learn how to create, retrieve, and delete secrets from an Azure key vault by using the Go client library. Previously updated : 12/29/2021 Last updated : 01/10/2024 |
managed-grafana | How To Data Source Plugins Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/managed-grafana/how-to-data-source-plugins-managed-identity.md | Within the Standard service tier, users who have subscribed to the Grafana Enter * [AppDynamics](https://grafana.com/grafana/plugins/dlopes7-appdynamics-datasource) * [Azure Devops](https://grafana.com/grafana/plugins/grafana-azuredevops-datasource)+* [Databricks](https://grafana.com/grafana/plugins/grafana-databricks-datasource) * [DataDog](https://grafana.com/grafana/plugins/grafana-datadog-datasource) * [Dynatrace](https://grafana.com/grafana/plugins/grafana-dynatrace-datasource) * [GitLab](https://grafana.com/grafana/plugins/grafana-gitlab-datasource) * [Honeycomb](https://grafana.com/grafana/plugins/grafana-honeycomb-datasource)+* [Jira](https://grafana.com/grafana/plugins/grafana-jira-datasource) +* [Looker](https://grafana.com/grafana/plugins/grafana-looker-datasource) * [MongoDB](https://grafana.com/grafana/plugins/grafana-mongodb-datasource) * [New Relic](https://grafana.com/grafana/plugins/grafana-newrelic-datasource) * [Oracle Database](https://grafana.com/grafana/plugins/grafana-oracle-datasource) Within the Standard service tier, users who have subscribed to the Grafana Enter * [Snowflake](https://grafana.com/grafana/plugins/grafana-snowflake-datasource) * [Splunk](https://grafana.com/grafana/plugins/grafana-splunk-datasource) * [Splunk Infrastructure monitoring (SignalFx)](https://grafana.com/grafana/plugins/grafana-splunk-monitoring-datasource)+* [Sqlyze Datasource](https://grafana.com/grafana/plugins/grafana-odbc-datasource) +* [Sumo Logic](https://grafana.com/grafana/plugins/grafana-sumologic-datasource) * [Wavefront](https://grafana.com/grafana/plugins/grafana-wavefront-datasource) ### Other data sources |
managed-grafana | How To Grafana Enterprise | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/managed-grafana/how-to-grafana-enterprise.md | Grafana Enterprise plugins, as of October 2023: - Splunk - Splunk Infrastructure Monitoring - Sqlyze Datasource+- Sumo Logic - Wavefront > [!NOTE] |
migrate | Migrate Support Matrix Physical | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/migrate/migrate-support-matrix-physical.md | For Linux servers, based on the features you want to perform, you can create a u Operating system | Versions | - Red Hat Enterprise Linux | 5.1, 5.3, 5.11, 6.x, 7.x, 8.x + Red Hat Enterprise Linux | 5.1, 5.3, 5.11, 6.x, 7.x, 8.x, 9.x CentOS | 5.1, 5.9, 5.11, 6.x, 7.x, 8.x Ubuntu | 12.04, 14.04, 16.04, 18.04, 20.04 Oracle Linux | 6.1, 6.7, 6.8, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8, 8.1, 8.3, 8.5 |
migrate | Troubleshoot Appliance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/migrate/troubleshoot-appliance.md | The validation of a physical server fails on the appliance with the error messag ### Remediation -**Linux servers:** +#### [Linux servers](#tab/linux) Connect to the target server that's failing validation. Run the following commands to see if it returns the BIOS GUID of the server: You can also run the commands from the command prompt on the appliance server by ssh <username>@<servername> ```` -**Windows servers:** +Few Linux machines like Oracle/CentOS have a configuration value that requires **tty** option to be enabled by default which can cause an error. In such cases, you can disable this setting by adding **a "!"** character in the **/etc/sudoers** file. You can also add the following at the end of **/etc/sudoers/** file to ensure that no other configuration in the file can override this: +- Defaults !visiblepw +- Defaults !requiretty ++#### [Windows servers](#tab/windows) Run the following code in PowerShell from the appliance server for the target server that's failing validation to see if it returns the BIOS GUID of the server: $HostIntance | fl * When you run the preceding code, you need to provide the hostname of the target server. It can be IP address/FQDN/hostname. After that, you're prompted to provide the credentials to connect to the server. ++ ## "No suitable authentication method found" error occurs for the server during validation You get the error "No suitable authentication method found" when you try to validate a Linux server through the physical appliance. |
migrate | Tutorial Migrate Gcp Virtual Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/migrate/tutorial-migrate-gcp-virtual-machines.md | description: This article describes how to migrate GCP VMs to Azure with Azure M Previously updated : 12/14/2022 Last updated : 01/15/2024 A Mobility service agent must be pre-installed on the source GCP VMs to be migra 2. Run the installer script: ```- sudo ./install -r MS -q + sudo ./install -r MS -v VmWare -q -c CSLegacy ``` 3. Register the agent with the replication appliance: |
migrate | Tutorial Migrate Physical Virtual Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/migrate/tutorial-migrate-physical-virtual-machines.md | Now, select machines for migration. :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/select-replicate.png" alt-text="Screenshot on selecting Replicate option."::: -2. In **Replicate**, > **Source settings** > **Are your machines virtualized?**, select **Not virtualized/Other**. +2. In **Replicate**, > **Source settings** > **Are your machines virtualized?**, select **Physical or other (AWS, GCP, Xen, etc.)**. 3. In **On-premises appliance**, select the name of the Azure Migrate appliance that you set up. 4. In **Process Server**, select the name of the replication appliance.-5. In **Guest credentials**, please select the dummy account created previously during the [replication installer setup](#download-the-replication-appliance-installer) to install the Mobility service manually (push install is not supported). Then click **Next: Virtual machines**. +5. In **Guest credentials**, select the dummy account created previously during the [replication installer setup](#download-the-replication-appliance-installer) to install the Mobility service manually (push install is not supported). Then click **Next: Virtual machines**. :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/source-settings.png" alt-text="Screenshot on source settings."::: Now, select machines for migration. 8. In **Target settings**, select the subscription, and target region to which you'll migrate, and specify the resource group in which the Azure VMs will reside after migration. 9. In **Virtual Network**, select the Azure VNet/subnet to which the Azure VMs will be joined after migration. -10. In **Cache storage account**, keep the default option to use the cache storage account that is automatically created for the project. Use the drop down if you'd like to specify a different storage account to use as the cache storage account for replication. <br/> +10. In **Cache storage account**, keep the default option to use the cache storage account that is automatically created for the project. Use the dropdown if you'd like to specify a different storage account to use as the cache storage account for replication. <br/> >[!NOTE] > - If you selected private endpoint as the connectivity method for the Azure Migrate project, grant the Recovery Services vault access to the cache storage account. [**Learn more**](migrate-servers-to-azure-using-private-link.md#grant-access-permissions-to-the-recovery-services-vault) > - To replicate using ExpressRoute with private peering, create a private endpoint for the cache storage account. [**Learn more**](migrate-servers-to-azure-using-private-link.md#create-a-private-endpoint-for-the-storage-account-1) |
mysql | Quickstart Create Server Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/mysql/flexible-server/quickstart-create-server-cli.md | Select the specific subscription under your account using [az account set](/cli/ az account set --subscription <subscription id> ``` -## Create a Azure Database for MySQL flexible server instance +## Create an Azure Database for MySQL flexible server instance Create an [Azure resource group](../../azure-resource-manager/management/overview.md) using the `az group create` command and then create your Azure Database for MySQL flexible server instance inside this resource group. You should provide a unique name. The following example creates a resource group named `myresourcegroup` in the `eastus2` location. |
sap | Rise Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sap/workloads/rise-integration.md | For customers with SAP solutions such as RISE with SAP Enterprise Cloud Services - [Integrating Azure services with SAP RISE](./rise-integration-services.md) - [Identity and security in Azure with SAP RISE](./rise-integration-security.md) +## Enablement of integration scenarios ++It's important to distinguish the responsibility between SAP and customer when enabling certain Azure scenarios. The following diagram illustrates most common situations. ++[![Diagram showing the breakdown of responsibility between customer and SAP for different aspects of enablement of integration scenarios.](./media/sap-rise-integration/sap-rise-integration-table.png)](./media/sap-rise-integration/sap-rise-integration-table.png) ++There might be some circumstances when an initial request needs to be placed with SAP RISE for enablement. However, most Azure scenarios depend on open network communication to available SAP interfaces and activities entirely within customer's responsibility. Diagram shown doesn't replace or extends an existing responsibility matrix between the customer and SAP RISE/ECS. ++## First steps ++Review the specifics within this document and then jump to individual documents for your scenario. From the integration table, some examples are listed. ++- [Setup network peering](./rise-integration-network.md#virtual-network-peering-with-sap-riseecs) +- [Enable Power App to consume SAP interfaces](./rise-integration-services.md#on-premises-data-gateway) +- [Enable Power BI](./rise-integration-services.md#on-premises-data-gateway), Fabric and Synapse to consume SAP data. +- [Enable Microsoft Entra ID as SSO provider](./rise-integration-security.md#single-sign-on-for-sap) +- [Defend SAP at machine speed with Sentinel](./rise-integration-security.md#microsoft-sentinel-with-sap-rise) to block compromised users during attacks. + ## Azure support SAP RISE customers in Azure have the SAP landscape run by SAP in an Azure subscription owned by SAP. The subscription and all Azure resources of your SAP environment are visible to and managed by SAP only. In turn, the customer's own Azure environment contains applications that interact with the SAP systems. Elements such as virtual networks, network security groups, firewalls, routing, Azure services such as Azure Data Factory and others running inside the customer subscription access the SAP managed landscape. When you engage with Azure support, only resources in your own subscriptions are in scope. Contact SAP for issues with any resources operated in SAP's Azure subscriptions for your RISE workload. |
sentinel | Enable Enrichment Widgets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/enable-enrichment-widgets.md | This section contains instructions for creating or finding your credentials for #### Credentials for Microsoft Defender Threat Intelligence -1. The Microsoft Defender Threat Intelligence widget should fetch the data automatically if you have the relevant Microsoft Defender Threat Intelligence license. There is no need for credentials. +1. The Microsoft Defender Threat Intelligence widget should fetch the data automatically if you have the relevant [Microsoft Defender Threat Intelligence](https://www.microsoft.com/security/business/siem-and-xdr/microsoft-defender-threat-intelligence) license. There is no need for credentials. -1. You can check if you have the relevant license, and if necessary, purchase it, at the [Microsoft Defender Threat Intelligence official website](https://www.microsoft.com/security/business/siem-and-xdr/microsoft-defender-threat-intelligence). +1. If you don't have the proper license, [contact the Microsoft Security team](https://info.microsoft.com/ww-landing-security-generic-contact-me.html?culture=en-us&country=ww) for guidance. ## Add new widgets when they become available |
sentinel | Monitor Sap System Health | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/monitor-sap-system-health.md | This article describes how to use the following features, which allow you to per 1. From the Microsoft Sentinel portal, select **Data connectors**. 1. In the search bar, type *Microsoft Sentinel for SAP*.-1. Select the **Microsoft Sentinel for SAP** connector and select **Open connector**. -1. In the **Configuration > Configure an SAP system and assign it to a collector agent** area, you can view information on the health of your SAP systems. Learn how to [add new SAP systems](sap/deploy-data-connector-agent-container.md). +1. Select the **Microsoft Sentinel for SAP** connector and select **Open connector page**. +1. In the **Configuration > Configure an SAP system and assign it to a collector agent** area, view details about the health of your SAP systems. For example: - The following table describes the different fields in the **Configure an SAP system and assign it to a collector agent** area. + :::image type="content" source="media/monitor-sap-system-health/health-status.png" alt-text="Screenshot of the health status table." lightbox="media/monitor-sap-system-health/health-status.png"::: ++For more information, see [Deploy and configure the container hosting the SAP data connector agent](sap/deploy-data-connector-agent-container.md). ### System health status and details +The following table describes the different fields in the **Configure an SAP system and assign it to a collector agent** area. + |Field |Description |Values |Notes | ||||| |SID |The name of the connected SAP system ID (SID). | | | |
service-bus-messaging | Service Bus Integrate With Rabbitmq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-bus-messaging/service-bus-integrate-with-rabbitmq.md | Title: How to integrate Service Bus with RabbitMQ description: Step-by-step guide on how to integrate Service Bus with RabbitMQ Previously updated : 11/17/2021 Last updated : 01/10/2024 |
service-connector | How To Integrate App Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-app-configuration.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | -|-|::|::|::|::| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | +|-|:--:|::|::|:--:| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Confluent Kafka | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-confluent-kafka.md | This page shows supported authentication methods and clients to connect Apache K Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| | -- | | - | -- | -| .NET | | | ![yes icon](./media/green-check.png) | | -| Java | | | ![yes icon](./media/green-check.png) | | -| Java - Spring Boot | | | ![yes icon](./media/green-check.png) | | -| Node.js | | | ![yes icon](./media/green-check.png) | | -| Python | | | ![yes icon](./media/green-check.png) | | -| None | | | ![yes icon](./media/green-check.png) | | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | No | No | Yes | No | +| Java | No | No | Yes | No | +| Java - Spring Boot | No | No | Yes | No | +| Node.js | No | No | Yes | No | +| Python | No | No | Yes | No | +| None | No | No | Yes | No | ## Default environment variable names or application properties |
service-connector | How To Integrate Cosmos Cassandra | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-cosmos-cassandra.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| | - | - | - | - | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | | | ![yes icon](./media/green-check.png) | | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | No | No | Yes | No | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Cosmos Db | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-cosmos-db.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps, and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| | - | - | - | - | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | | | ![yes icon](./media/green-check.png) | | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | No | No | Yes | No | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Cosmos Gremlin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-cosmos-gremlin.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -|-|--|--|--|--| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| PHP | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|-|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| PHP | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Cosmos Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-cosmos-sql.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -|--|--|--|--|--| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | ## Default environment variable names or application properties and Sample code |
service-connector | How To Integrate Cosmos Table | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-cosmos-table.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -|--|--|--|--|--| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|-|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Event Hubs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-event-hubs.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -||::|::|::|::| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Kafka - Spring Boot | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +||:--:|::|:--:|:--:| +| .NET | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | Yes | Yes | Yes | Yes | +| Kafka - Spring Boot | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Key Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-key-vault.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -|--|--|--|-|--| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | Yes | Yes | No | Yes | +| Java | Yes | Yes | No | Yes | +| Java - Spring Boot | Yes | Yes | No | Yes | +| Node.js | Yes | Yes | No | Yes | +| Python | Yes | Yes | No | Yes | +| None | Yes | Yes | No | Yes | |
service-connector | How To Integrate Mysql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-mysql.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps, and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | -| - | :--: | :--: | :--: | :--: | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go (go-sql-driver for mysql) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java (JDBC) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot (JDBC) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js (mysql) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python (mysql-connector-python) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python-Django | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| PHP (MySQLi) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Ruby (mysql2) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | +||:--:|::|::|:--:| +| .NET | Yes | Yes | Yes | Yes | +| Go (go-sql-driver for mysql) | Yes | Yes | Yes | Yes | +| Java (JDBC) | Yes | Yes | Yes | Yes | +| Java - Spring Boot (JDBC) | Yes | Yes | Yes | Yes | +| Node.js (mysql) | Yes | Yes | Yes | Yes | +| Python (mysql-connector-python) | Yes | Yes | Yes | Yes | +| Python-Django | Yes | Yes | Yes | Yes | +| PHP (MySQLi) | Yes | Yes | Yes | Yes | +| Ruby (mysql2) | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | > [!NOTE] > System-assigned managed identity, User-assigned managed identity and Service principal are only supported on Azure CLI. |
service-connector | How To Integrate Postgres | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-postgres.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps, and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | -| - | :--: | :--: | :--: | :--: | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go (pg) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java (JDBC) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot (JDBC) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js (pg) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| PHP (native) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python (psycopg2) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python-Django | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Ruby (ruby-pg) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | +||:--:|::|::|:--:| +| .NET | Yes | Yes | Yes | Yes | +| Go (pg) | Yes | Yes | Yes | Yes | +| Java (JDBC) | Yes | Yes | Yes | Yes | +| Java - Spring Boot (JDBC) | Yes | Yes | Yes | Yes | +| Node.js (pg) | Yes | Yes | Yes | Yes | +| PHP (native) | Yes | Yes | Yes | Yes | +| Python (psycopg2) | Yes | Yes | Yes | Yes | +| Python-Django | Yes | Yes | Yes | Yes | +| Ruby (ruby-pg) | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | > [!NOTE] > System-assigned managed identity, User-assigned managed identity and Service principal are only supported on Azure CLI. |
service-connector | How To Integrate Redis Cache | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-redis-cache.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| | -- | | - | -- | -| .NET | | | ![yes icon](./media/green-check.png) | | -| Go | | | ![yes icon](./media/green-check.png) | | -| Java | | | ![yes icon](./media/green-check.png) | | -| Java - Spring Boot | | | ![yes icon](./media/green-check.png) | | -| Node.js | | | ![yes icon](./media/green-check.png) | | -| Python | | | ![yes icon](./media/green-check.png) | | -| None | | | ![yes icon](./media/green-check.png) | | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | No | No | Yes | No | +| Go | No | No | Yes | No | +| Java | No | No | Yes | No | +| Java - Spring Boot | No | No | Yes | No | +| Node.js | No | No | Yes | No | +| Python | No | No | Yes | No | +| None | No | No | Yes | No | ## Default environment variable names or application properties and sample code |
service-connector | How To Integrate Service Bus | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-service-bus.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | -|--|::|::|::|::| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | +|--|:--:|::|::|:--:| +| .NET | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Signalr | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-signalr.md | This article supported authentication methods and clients, and shows sample code Supported authentication and clients for App Service, Azure Functions and Container Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -|-|--|--|--|--| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|-|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Sql Database | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-sql-database.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps, and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | -| | :--: | :--: | :--: | :--: | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | | | ![yes icon](./media/green-check.png) | | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| PHP | | | ![yes icon](./media/green-check.png) | | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python - Django | | | ![yes icon](./media/green-check.png) | | -| Ruby | | | ![yes icon](./media/green-check.png) | | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | +|--|:--:|::|::|:--:| +| .NET | Yes | Yes | Yes | Yes | +| Go | No | No | Yes | No | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| PHP | No | No | Yes | No | +| Python | Yes | Yes | Yes | Yes | +| Python - Django | No | No | Yes | No | +| Ruby | No | No | Yes | No | +| None | Yes | Yes | Yes | Yes | > [!NOTE] > System-assigned managed identity,User-assigned managed identity and Service principal are only supported on Azure CLI. |
service-connector | How To Integrate Storage Blob | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-storage-blob.md | This page shows the supported authentication types, client types and sample code Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| | - | - | - | - | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | | | ![yes icon](./media/green-check.png) | | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Go | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| None | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | No | No | Yes | No | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | +| Go | Yes | Yes | Yes | Yes | +| None | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Storage File | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-storage-file.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client Type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| | -- | | - | -- | -| .NET | | | ![yes icon](./media/green-check.png) | | -| Java | | | ![yes icon](./media/green-check.png) | | -| Java - Spring Boot | | | ![yes icon](./media/green-check.png) | | -| Node.js | | | ![yes icon](./media/green-check.png) | | -| Python | | | ![yes icon](./media/green-check.png) | | -| PHP | | | ![yes icon](./media/green-check.png) | | -| Ruby | | | ![yes icon](./media/green-check.png) | | -| None | | | ![yes icon](./media/green-check.png) | | +| Client Type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | No | No | Yes | No | +| Java | No | No | Yes | No | +| Java - Spring Boot | No | No | Yes | No | +| Node.js | No | No | Yes | No | +| Python | No | No | Yes | No | +| PHP | No | No | Yes | No | +| Ruby | No | No | Yes | No | +| None | No | No | Yes | No | ## Default environment variable names or application properties and sample code |
service-connector | How To Integrate Storage Queue | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-storage-queue.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| | - | - | - | - | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java - Spring Boot | | | ![yes icon](./media/green-check.png) | | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|--|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Java - Spring Boot | No | No | Yes | No | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | |
service-connector | How To Integrate Storage Table | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-storage-table.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | -| -- | - | - | - | - | -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret / connection string | Service principal | +|-|-|--|-|-| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | ## Default environment variable names or application properties and sample code |
service-connector | How To Integrate Web Pubsub | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-integrate-web-pubsub.md | This page shows supported authentication methods and clients, and shows sample c Supported authentication and clients for App Service, Azure Functions, Container Apps and Azure Spring Apps: -| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | -|-|::|::|::|::| -| .NET | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Java | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Node.js | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Python | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Client type | System-assigned managed identity | User-assigned managed identity | Secret/connection string | Service principal | +|-|:--:|::|::|:--:| +| .NET | Yes | Yes | Yes | Yes | +| Java | Yes | Yes | Yes | Yes | +| Node.js | Yes | Yes | Yes | Yes | +| Python | Yes | Yes | Yes | Yes | |
service-connector | How To Manage Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/how-to-manage-authentication.md | Select one of the four different authentication options offered by Service Conne Service Connector offers the following authentication options: -| Target resource | System assigned managed identity | User assigned managed identity | Connection string | Service principal | -| -- | - | - | - | - | -| App Configuration | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Azure SQL | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | | -| Azure Cache for Redis | | | ![yes icon](./media/green-check.png) | | -| Azure Cache for Redis Enterprise | | | ![yes icon](./media/green-check.png) | | -| Azure Cosmos DB - Cassandra | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Azure Cosmos - Gremlin | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Azure Cosmos DB for MongoDB | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Azure Cosmos Table | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Azure Cosmos - SQL | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Blob Storage | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Confluent Cloud | | | ![yes icon](./media/green-check.png) | | -| Event Hubs | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Keyvault | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | -| MySQL single server | ![yes icon](./media/green-check.png) | | | | -| MySQL flexible server | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | | -| Postgres single server | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | | -| Postgres, flexible server | ![yes icon](./media/green-check.png) | | ![yes icon](./media/green-check.png) | | -| Storage Queue | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| Storage File | | | ![yes icon](./media/green-check.png) | | -| Storage Table | | | ![yes icon](./media/green-check.png) | | -| Service Bus | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| SignalR | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | -| WebPub Sub | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | ![yes icon](./media/green-check.png) | +| Target resource | System assigned managed identity | User assigned managed identity | Connection string | Service principal | +|--|-|--|-|-| +| Azure App Configuration | Yes | Yes | Yes | Yes | +| Azure Blob Storage | Yes | Yes | Yes | Yes | +| Azure Cache for Redis | No | No | Yes | No | +| Azure Cache for Redis Enterprise | No | No | Yes | No | +| Azure Cosmos DB for Apache Cassandra | Yes | Yes | Yes | Yes | +| Azure Cosmos DB for Apache Gremlin | Yes | Yes | Yes | Yes | +| Azure Cosmos DB for MongoDB | Yes | Yes | Yes | Yes | +| Azure Cosmos DB for NoSQL | Yes | Yes | Yes | Yes | +| Azure Cosmos DB for Table | Yes | Yes | Yes | Yes | +| Azure Database for MySQL single server | Yes | No | No | No | +| Azure Database for MySQL flexible server | Yes | No | Yes | No | +| Azure Database for PostgreSQL single server | Yes | No | Yes | No | +| Azure Database for PostgreSQL flexible server | Yes | No | Yes | No | +| Azure Event Hubs | Yes | Yes | Yes | Yes | +| Azure Files | No | No | Yes | No | +| Azure Key Vault | Yes | Yes | No | Yes | +| Azure Queue Storage | Yes | Yes | Yes | Yes | +| Azure Service Bus | Yes | Yes | Yes | Yes | +| Azure SignalR Service | Yes | Yes | Yes | Yes | +| Azure SQL Database | Yes | No | Yes | No | +| Azure Table Storage | No | No | Yes | No | +| Azure Web PubSub | Yes | Yes | Yes | Yes | ## Review or update authentication configuration |
static-web-apps | Authentication Custom | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/static-web-apps/authentication-custom.md | |
static-web-apps | Publish Gatsby | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/static-web-apps/publish-gatsby.md | |
static-web-apps | Publish Hugo | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/static-web-apps/publish-hugo.md | |
static-web-apps | Publish Vuepress | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/static-web-apps/publish-vuepress.md | |
virtual-machines | Trusted Launch Existing Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/trusted-launch-existing-vm.md | Azure Virtual Machines supports enabling Trusted launch on existing [Azure Gener [Trusted launch](trusted-launch.md) is a way to enable foundational compute security on [Azure Generation 2 VMs](generation-2.md). Trusted launch protects your Virtual Machines against advanced and persistent attack techniques like boot kits and rootkits by combining infrastructure technologies like Secure Boot, vTPM and Boot Integrity Monitoring on your VM. > [!IMPORTANT]-> Enabling Trusted launch on existing virtual machines (VMs) is currently not supported for following scenarios: >-> - Azure Generation 1 VMs is currently not supported. -> - Azure Virtual Machine Scale Sets (VMSS) Uniform & Flex are currently not supported. +> - If enabled for Generation 2 VM, **[Server-side encryption with customer-managed keys](disk-encryption.md)** (SSE-CMK) should be disabled before executing Trusted launch upgrade. SSE-CMK encryption should be re-enabled after completion of Trusted launch upgrade. +> - Support for **enabling Trusted launch on existing Azure Generation 1 VMs** is currently in private preview. You can gain access to preview using registration link **https://aka.ms/Gen1ToTLUpgrade**. +> - Enabling Trusted launch on existing Azure virtual machine scale sets (VMSS) Uniform & Flex are currently not supported. ## Prerequisites Azure Virtual Machines supports enabling Trusted launch on existing [Azure Gener - [Trusted launch supported OS Image](trusted-launch.md#operating-systems-supported). For custom OS image or disks, the base image should be **Trusted launch capable**. - Azure Generation 2 VM(s) is not using [features currently not supported with Trusted launch](trusted-launch.md#unsupported-features). - Azure Generation 2 VM(s) should be **stopped and deallocated** before enabling Trusted launch security type.-- Azure Backup if enabled for Generation 2 VM(s) should be configured with [Enhanced Backup Policy](../backup/backup-azure-vms-enhanced-policy.md). Trusted launch security type cannot be enabled for Generation 2 VM(s) configured with *Standard Policy* backup protection.+- Azure Backup if enabled for VM(s) should be configured with [Enhanced Backup Policy](../backup/backup-azure-vms-enhanced-policy.md). Trusted launch security type cannot be enabled for Generation 2 VM(s) configured with *Standard Policy* backup protection. + - Existing Azure VM backup can be migrated from *Standard* to *Enhanced* policy using private preview migration feature. Submit on-boarding request to preview using link https://aka.ms/formBackupPolicyMigration. ## Best practices This section steps through using the Azure portal to enable Trusted launch on ex 1. Log in to [Azure portal](https://portal.azure.com) 2. Validate virtual machine generation is **V2** and **Stop** VM. 3. On **Overview** page in VM **Properties**, Select **Standard** under **Security type**. This navigates to **Configuration** page for VM. |