+> [!NOTE]

+> Currently, Azure AD Premium P1 for Azure AD B2C is the default pricing tier, and it's equivalent to Azure AD Free tier, but it costs money. Therefore, in terms of features, Azure AD Premium P1 license applied to Azure AD tenant, is not equivalent to Azure AD B2C Premium P1 license in a B2C tenant, and the same is true for Premium P2. Hence, you expect that some features available in Azure AD tenant may be missing in Azure AD B2C even when the tenants have Azure AD Premium P2 and Azure AD B2C Premium P2 licenses respectively. For instance, Azure AD Premium P2 offers identity protection in Azure AD B2C tenants, but does not offer other Azure AD Premium P2 features that apply to Azure AD tenants.

+This article provides examples for using the boolean claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [claims transformations](claimstransformations.md).

+Computes an `And` operation of two boolean input claims, and sets the output claim with result of the operation.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputClaim1 | boolean | The first claim to evaluate. |

+| InputClaim | inputClaim2 | boolean | The second claim to evaluate. |

+|OutputClaim | outputClaim | boolean | The claim that will be produced after this claims transformation has been invoked (true or false). |

+### Example of AndClaims

+The following claims transformation demonstrates how to `And` two boolean claims: `isEmailNotExist`, and `isSocialAccount`. The output claim `presentEmailSelfAsserted` is set to `true` if the values of both input claims are `true`.

+ - **inputClaim1**: true

+ - **inputClaim2**: false

+ - **outputClaim**: false

+| Element | TransformationClaimType | Data Type | Notes |

+| inputClaim | inputClaim | boolean | The claim to be checked. |

+### Example of AssertBooleanClaimIsEqualToValue

+The following claims transformation demonstrates how to check the value of a boolean claim with a `true` value. If the value of the `accountEnabled` claim is false, an error message is thrown.

+- Input claims:

+ - **inputClaim**: false

+ - **valueToCompareTo**: true

+- Result: Error thrown

+### Calling the AssertBooleanClaimIsEqualToValue claims transformation

+The following `Example-AssertBoolean` validation technical profile calls the `AssertAccountEnabledIsTrue` claims transformation.

+<TechnicalProfile Id="Example-AssertBoolean">

+ <DisplayName>Unit test</DisplayName>

+ <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />

+ <OutputClaims>

+ <OutputClaim ClaimTypeReferenceId="ComparisonResult" DefaultValue="false" />

+ </OutputClaims>

+ <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />

+The self-asserted technical profile calls the validation `Example-AssertBoolean` technical profile.

+<TechnicalProfile Id="SelfAsserted-AssertDateTimeIsGreaterThan">

+ <DisplayName>Example</DisplayName>

+ <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />

+ <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>

+ ...

+ <ValidationTechnicalProfile ReferenceId="Example-AssertBoolean" />

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputClaim | boolean | The claim to be compared. |

+| OutputClaim | compareResult | boolean | The claim that is produced after this claims transformation has been invoked. |

+### Example of CompareBooleanClaimToValue

+The following claims transformation demonstrates how to check the value of a boolean claim with a `true` value. If the value of the `IsAgeOver21Years` claim is equal to `true`, the claims transformation returns `true`, otherwise `false`.

+ - **inputClaim**: false

+ - **valueToCompareTo**: true

+ - **compareResult**: false

+Computes a `Not` operation of the boolean input claim and sets the output claim with result of the operation.

+| Element | TransformationClaimType | Data Type | Notes |

+| OutputClaim | outputClaim | boolean | The claim that is produced after this claims transformation has been invoked (true or false). |

+### Example of NotClaims

+The following claims transformation demonstrates how to perform logical negation on a claim.

+ - **inputClaim**: false

+ - **outputClaim**: true

+Computes an `Or` of two boolean claims and sets the output claim with result of the operation.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputClaim1 | boolean | The first claim to evaluate. |

+| InputClaim | inputClaim2 | boolean | The second claim to evaluate. |

+| OutputClaim | outputClaim | boolean | The claim that will be produced after this claims transformation has been invoked (true or false). |

+### Example of OrClaims

+The following claims transformation demonstrates how to `Or` two boolean claims.

+ - **inputClaim1**: true

+ - **inputClaim2**: false

+ - **outputClaim**: true

+## Next steps

+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

+ Title: Define a claims transformation technical profile

+description: Define a claims transformation technical profile in a custom policy in Azure Active Directory B2C.

+The **OutputClaims** element is mandatory. Provide at least one output claim returned by the technical profile. The following example shows how to set default values in the output claims:

+The claims transformation technical profile enables you to execute a claims transformation from any user journey's orchestration step. In the following example, the orchestration step calls one of the unlink technical profiles, such as **UnLink-Facebook-OAUTH**. This technical profile calls the output claims transformation **RemoveAlternativeSecurityIdByIdentityProvider**, which generates a new **AlternativeSecurityIds2** claim. The output claim contains the list of user's social identities, while removing the Facebook identity from the collections.

+| IncludeClaimResolvingInClaimsHandling | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this metadata to `true`. |

+| ContentDefinitionReferenceId | No | The identifier of the [content definition](contentdefinitions.md) associated with this technical profile. The content definition metadata is required for [FormatLocalizedString](string-transformations.md#formatlocalizedstring), [GetLocalizedStringsTransformation](string-transformations.md#getlocalizedstringstransformation), and [GetMappedValueFromLocalizedCollection](string-transformations.md#getmappedvaluefromlocalizedcollection) claims transformations.|

+This article provides examples for using the date claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [claims transformations](claimstransformations.md).

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of AssertDateTimeIsGreaterThan

+ - **leftOperand**: 2022-01-01T15:00:00

+ - **rightOperand**: 2022-01-22T15:00:00

+ - **AssertIfEqualTo**: false

+ - **AssertIfRightOperandIsNotPresent**: true

+ - **TreatAsEqualIfWithinMillseconds**: 300000 (30 seconds)

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of ConvertDateTimeToDateClaim

+## ConvertDateToDateTimeClaim

+Converts a `Date` claim type to a `DateTime` claim type. The claims transformation converts the time format and adds 12:00:00 AM to the date.

+| Element | TransformationClaimType | Data Type | Notes |

+| - | -- | | -- |

+| InputClaim | inputClaim | date | The claim type to be converted. |

+| OutputClaim | outputClaim | dateTime | The claim type that is produced after this claims transformation has been invoked. |

+### Example of ConvertDateToDateTimeClaim

+The following example demonstrates the conversion of the claim `dateOfBirth` (date data type) to another claim `dateOfBirthWithTime` (dateTime data type).

+```xml

+ <ClaimsTransformation Id="ConvertToDateTime" TransformationMethod="ConvertDateToDateTimeClaim">

+ <InputClaims>

+ <InputClaim ClaimTypeReferenceId="dateOfBirth" TransformationClaimType="inputClaim" />

+ </InputClaims>

+ <OutputClaims>

+ <OutputClaim ClaimTypeReferenceId="dateOfBirthWithTime" TransformationClaimType="outputClaim" />

+ </OutputClaims>

+ </ClaimsTransformation>

+```

+- Input claims:

+ - **inputClaim**: 2022-01-03

+- Output claims:

+ - **outputClaim**: 2022-01-03T00:00:00.0000000Z

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | secondDateTime | dateTime | The second date to compare. Null value is treated as the current date and time. |

+| InputParameter | operator | string | One of following values: `same`, `later than`, or `earlier than`. |

+### Example of DateTimeComparison

+Use this claims transformation to determine if first date plus the `timeSpanInSeconds` parameter is later, earlier, or equal to another. The following example shows that the first date (2022-01-01T00:00:00) plus 90 days is later than the second date (2022-03-16T00:00:00).

+ - **firstDateTime**: 2022-01-01T00:00:00.100000Z

+ - **secondDateTime**: 2022-03-16T00:00:00.100000Z

+ - **operator**: later than

+ - **timeSpanInSeconds**: 7776000 (90 days)

+ - **result**: true

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of GetCurrentDateTime

+- Output claims:

+ - **currentDateTime**: 2022-01-14T11:40:35.0000000Z

+This article provides examples for using general claims transformations of the Azure Active Directory B2C (Azure AD B2C) custom policy. For more information, see [claims transformations](claimstransformations.md).

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of CopyClaim

+ - **inputClaim**: bob@contoso.com

+ - **outputClaim**: bob@contoso.com

+Checks if the input claim exists, and sets output claim to `true` or `false` accordingly.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of DoesClaimExist

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of Hash

+The following example demonstrates how to hash an email address. The claims transformation adds the salt to the email address before hashing the value. To call this claims transformation, set a value to the `mySalt` claim.

+ <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="plaintext" />

+ <InputClaim ClaimTypeReferenceId="mySalt" TransformationClaimType="salt" />

+ <OutputClaim ClaimTypeReferenceId="hashedEmail" TransformationClaimType="hash" />

+ - **plaintext**: someone@contoso.com

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of AdjustNumber

+Use this claim transformation to increase or decrease a numeric claim value. The following claim transformation increases a numeric claim value.

+ - **inputClaim**: 1

+ - **Operator**: INCREMENT

+ - **outputClaim**: 2

+### Example of AdjustNumber with null value

+If the input claim is null, the output claim will be one.

+ - **inputClaim**: NULL

+ - **Operator**: INCREMENT

+ - **outputClaim**: 1

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of AssertNumber

+The following example asserts the number of attempts is over five. The claims transformation throws an error according to the comparison result.

+ - **inputClaim**: 10

+ - **Operator**: GREATERTHAN

+ - **CompareToValue**: 5

+ - **throwError**: true

+### Example of AssertNumber evaluation mode

+ - **inputClaim**: 10

+ - **Operator**: GREATERTHAN

+ - **CompareToValue**: 5

+ - **throwError**: false

+ - **outputClaim**: true

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of ConvertNumberToStringClaim

+ - **inputClaim**: 12334 (long)

+ - **outputClaim**: "12334" (string)

+## Next steps

+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

+This article provides examples for using the JSON claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [claims transformations](claimstransformations.md).

+## CreateJsonArray

+Create a JSON single element array from a claim value.

+| Element | TransformationClaimType | Data Type | Notes |

+| - | -- | | -- |

+| InputClaim | inputClaim | string | The claim to be added to the output claim. |

+| OutputClaim | outputClaim | string | The JSON string that is produced after this claims transformation has been invoked. |

+### Example of CreateJsonArray

+The following example creates a JSON single array.

+```xml

+<ClaimsTransformation Id="createlJsonPayload" TransformationMethod="CreateJsonArray">

+ <InputClaims>

+ <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim" />

+ </InputClaims>

+ <OutputClaims>

+ <OutputClaim ClaimTypeReferenceId="result" TransformationClaimType="outputClaim" />

+ </OutputClaims>

+</ClaimsTransformation>

+```

+- Input claims:

+ - **inputClaim**: someone@example.com

+- Output claims:

+ - **outputClaim**: ["someone@contoso.com"]

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of GenerateJson

+The following example generates a JSON string based on the claim value of "email" and "OTP" and constant strings.

+- Input claims:

+ - **outputClaim**:

+ ```json

+ {

+ "personalizations": [

+ {

+ "to": [

+ {

+ "email": "someone@example.com"

+ }

+ ],

+ "dynamic_template_data": {

+ "otp": "346349",

+ "verify-email" : "someone@example.com"

+ },

+ "subject": "Contoso account email verification code"

+ }

+ ],

+ "template_id": "d-989077fbba9746e89f3f6411f596fb96",

+ "from": {

+ "email": "service@contoso.com"

+ }

+ ```

+### Another example of GenerateJson

+The following example generates a JSON string based on the claim values and constant strings.

+- Input claims:

+ - **requestBody**:

+ ```json

+ {

+ "customerEntity":{

+ "email":"john.s@contoso.com",

+ "userObjectId":"01234567-89ab-cdef-0123-456789abcdef",

+ "firstName":"John",

+ "lastName":"Smith",

+ "role":{

+ "name":"Administrator",

+ "id": 1

+ }

+ }

+ }

+ ```

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputJson | string | The claims that are used by the claims transformation to get the item. |

+| OutputClaim | extractedClaim | string | The claim that is produced after this claims transformation has been invoked, the element value specified in the _claimToExtract_ input parameter. |

+### Example of GetClaimFromJson

+ - **claimToExtract**: emailAddress

+### Another example of GetClaimFromJson

+ - **claimToExtract**: displayName

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | jsonSourceClaim | string | The claim with the JSON payload. This claim is used by the claims transformation to get the claims. |

+### Example of GetClaimsFromJsonArray

+In the following example, the claims transformation extracts the following claims: email (string), displayName (string), membershipNum (int), active (boolean) and birthDate (datetime) from the JSON data.

+ <OutputClaim ClaimTypeReferenceId="membershipID" />

+ <OutputClaim ClaimTypeReferenceId="birthDate" />

+ - **jsonSourceClaim**:

+

+ ```json

+ [

+ {

+ "key": "email",

+ "value": "someone@example.com"

+ },

+ {

+ "key": "displayName",

+ "value": "Someone"

+ },

+ {

+ "key": "membershipID",

+ "value": 6353399

+ },

+ {

+ "key": "active",

+ "value": true

+ },

+ {

+ "key": "birthDate",

+ "value": "2005-09-23T00:00:00Z"

+ }

+ ]

+ ```

+ - **errorOnMissingClaims**: false

+ - **includeEmptyClaims**: false

+ - **jsonSourceKeyName**: key

+ - **jsonSourceValueName**: value

+ - **membershipID**: 6353399

+ - **birthDate**: 2005-09-23T00:00:00Z

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputJson | string | The claim with the JSON payload. This claim is used by the claims transformation to get the numeric claim. |

+| OutputClaim | extractedClaim | long | The claim that is produced after this claims transformation has been invoked, the element's value specified in the _claimToExtract_ input parameters. |

+### Example of GetNumericClaimFromJson

+In the following example, the claims transformation extracts the `id` element from the JSON data.

+ - **inputJson**:

+ ```json

+ {

+ "emailAddress": "someone@example.com",

+ "displayName": "Someone",

+ "id": 6353399

+ }

+ ```

+ - **claimToExtract**: id

+ - **extractedClaim**: 6353399

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputJson | string | The claim with the JSON payload. This claim is used by the claims transformation to get the item from the JSON data. |

+### Example of GetSingleItemFromJson

+ - **inputJson**:

+ ```json

+ {

+ "givenName": "Emily",

+ "lastName": "Smith"

+ }

+ ```

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputJsonClaim | string | The claim with the JSON payload. This claim is used by the claims transformation to get the value from the JSON array. |

+| OutputClaim | extractedClaim | string | The claim that is produced after this claims transformation has been invoked, the first element in the JSON array. |

+### Example of GetSingleValueFromJsonArray

+Convert XML data to JSON format.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | xml | string | The claim with the XML payload. This claim is used by the claims transformation to convert the data from XML to JSON format. |

+| OutputClaim | json | string | The claim that is produced after this claims transformation has been invoked, the data in JSON format. |

+### Example of XmlStringToJsonString

+## Next steps

+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

+This article provides reference and examples for using the phone number claims transformations in Azure Active Directory B2C (Azure AD B2C) custom policy. For more information about claims transformations in general, see [ClaimsTransformations](claimstransformations.md).

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | phoneNumber | phoneNumber | The claim to convert to a string. |

+| OutputClaim | phoneNumberString | string | The claim that is produced after this claims transformation has been invoked. |

+### Example of ConvertPhoneNumberClaimToString

+Validates the format of a phone number. If valid, change it to a standard format used by Azure AD B2C. If the provided phone number is not in a valid format, an error message is returned.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of ConvertStringToPhoneNumberClaim

+The following example checks that the **phoneString** claim is indeed a valid phone number, and then returns the phone number in the standard Azure AD B2C format. Otherwise, an error message is thrown.

+### Example of ConvertStringToPhoneNumberClaim without country code claim

+### Calling the ConvertStringToPhoneNumberClaim claims transformation

+The self-asserted technical profile that calls the validation technical profile that contains this claims transformation can define the error message.

+```xml

+<TechnicalProfile Id="SelfAsserted-LocalAccountSignup-Phone">

+ <Metadata>

+ <Item Key="UserMessageIfClaimsTransformationInvalidPhoneNumber">Custom error message if the phone number is not valid.</Item>

+ </Metadata>

+ ...

+</TechnicalProfile>

+```

+Extracts the country/region code and the national number from the input claim, and optionally throws an exception if the supplied phone number is not valid.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of GetNationalNumberAndCountryCodeFromPhoneNumberString

+### Example of GetNationalNumberAndCountryCodeFromPhoneNumberString with CallingCode parameter

+The following example tries to split the phone number into national number and country calling code.

+```xml

+<ClaimsTransformation Id="GetNationalNumberAndCountryCodeFromPhoneNumberString" TransformationMethod="GetNationalNumberAndCountryCodeFromPhoneNumberString">

+ <InputClaims>

+ <InputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="phoneNumber" />

+ </InputClaims>

+ <InputParameters>

+ <InputParameter Id="throwExceptionOnFailure" DataType="boolean" Value="false" />

+ <InputParameter Id="countryCodeType" DataType="string" Value="CallingCode" />

+ </InputParameters>

+ <OutputClaims>

+ <OutputClaim ClaimTypeReferenceId="nationalNumber" TransformationClaimType="nationalNumber" />

+ <OutputClaim ClaimTypeReferenceId="countryCode" TransformationClaimType="countryCode" />

+ </OutputClaims>

+</ClaimsTransformation>

+```

+### Calling the GetNationalNumberAndCountryCodeFromPhoneNumberString claims transformation

+The self-asserted technical profile that calls the validation technical profile that contains this claims transformation can define the error message.

+```xml

+<TechnicalProfile Id="SelfAsserted-LocalAccountSignup-Phone">

+ <Metadata>

+ <Item Key="UserMessageIfPhoneNumberParseFailure">Custom error message if the phone number is not valid.</Item>

+ </Metadata>

+ ...

+</TechnicalProfile>

+```

+## Next steps

+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

+## AddItemToAlternativeSecurityIdCollection

+Adds an `AlternativeSecurityId` to an `alternativeSecurityIdCollection` claim.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | Element | string | The claim to be added to the output claim. |

+| InputClaim | collection | alternativeSecurityIdCollection | The claim that is used by the claims transformation if available in the policy. If provided, the claims transformation adds the `item` at the end of the collection. |

+| OutputClaim | collection | alternativeSecurityIdCollection | The claim that is produced after this claims transformation has been invoked. The new collection that contains both the items from input `collection` and `item`. |

+### Example of AddItemToAlternativeSecurityIdCollection

+The following example links a new social identity with an existing account. To link a new social identity:

+1. In the **AAD-UserReadUsingAlternativeSecurityId** and **AAD-UserReadUsingObjectId** technical profiles, output the user's **alternativeSecurityIds** claim.

+1. Ask the user to sign in with one of the identity providers that are not associated with this user.

+1. Using the **CreateAlternativeSecurityId** claims transformation, create a new **alternativeSecurityId** claim type with a name of `AlternativeSecurityId2`

+1. Call the **AddItemToAlternativeSecurityIdCollection** claims transformation to add the **AlternativeSecurityId2** claim to the existing **AlternativeSecurityIds** claim.

+1. Persist the **alternativeSecurityIds** claim to the user account

+<ClaimsTransformation Id="AddAnotherAlternativeSecurityId" TransformationMethod="AddItemToAlternativeSecurityIdCollection">

+ <InputClaim ClaimTypeReferenceId="AlternativeSecurityId2" TransformationClaimType="item" />

+ <InputClaim ClaimTypeReferenceId="AlternativeSecurityIds" TransformationClaimType="collection" />

+ <OutputClaim ClaimTypeReferenceId="AlternativeSecurityIds" TransformationClaimType="collection" />

+ - **item**: { "issuer": "facebook.com", "issuerUserId": "MTIzNDU=" }

+ - **collection**: [ { "issuer": "live.com", "issuerUserId": "MTA4MTQ2MDgyOTI3MDUyNTYzMjcw" } ]

+ - **collection**: [ { "issuer": "live.com", "issuerUserId": "MTA4MTQ2MDgyOTI3MDUyNTYzMjcw" }, { "issuer": "facebook.com", "issuerUserId": "MTIzNDU=" } ]

+## CreateAlternativeSecurityId

+Creates a JSON representation of the userΓÇÖs alternativeSecurityId property that can be used in the calls to Azure Active Directory. For more information, see the [AlternativeSecurityId](/graph/api/resources/alternativesecurityid) schema.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | key | string | The claim that specifies the unique user identifier used by the social identity provider. |

+| InputClaim | identityProvider | string | The claim that specifies the social account identity provider name, such as facebook.com. |

+| OutputClaim | alternativeSecurityId | string | The claim that is produced after the claims transformation has been invoked. Contains information about the identity of a social account user. The **issuer** is the value of the `identityProvider` claim. The **issuerUserId** is the value of the `key` claim in base64 format. |

+### Example of CreateAlternativeSecurityId

+Use this claims transformation to generate a `alternativeSecurityId` claim. It's used by all social identity provider technical profiles, such as `Facebook-OAUTH`. The following claims transformation receives the user social account ID and the identity provider name. The output of this technical profile is a JSON string format that can be used in Azure AD directory services.

+<ClaimsTransformation Id="CreateAlternativeSecurityId" TransformationMethod="CreateAlternativeSecurityId">

+ <InputClaim ClaimTypeReferenceId="issuerUserId" TransformationClaimType="key" />

+ <InputClaim ClaimTypeReferenceId="identityProvider" TransformationClaimType="identityProvider" />

+ <OutputClaim ClaimTypeReferenceId="alternativeSecurityId" TransformationClaimType="alternativeSecurityId" />

+ - **key**: 12334

+ - **identityProvider**: Facebook.com

+ - **alternativeSecurityId**: { "issuer": "facebook.com", "issuerUserId": "MTA4MTQ2MDgyOTI3MDUyNTYzMjcw"}

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | alternativeSecurityIdCollection | alternativeSecurityIdCollection | The claim to be used to get the list of identity providers (issuer). |

+| OutputClaim | identityProvidersCollection | stringCollection | The claim that is produced after this claims transformation has been invoked. A list of identity providers associated with the input claim. |

+### Example of GetIdentityProvidersFromAlternativeSecurityIdCollectionTransformation

+ - **alternativeSecurityIdCollection**: [ { "issuer": "google.com", "issuerUserId": "MTA4MTQ2MDgyOTI3MDUyNTYzMjcw" }, { "issuer": "facebook.com", "issuerUserId": "MTIzNDU=" } ]

+ - **identityProvidersCollection**: [ "facebook.com", "google.com" ]

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | identityProvider | string | The claim that contains the identity provider name to be removed from the collection. |

+| InputClaim | collection | alternativeSecurityIdCollection | The claim that is used by the claims transformation. The claims transformation removes the identityProvider from the collection. |

+| OutputClaim | collection | alternativeSecurityIdCollection | The claim that is produced after this claims transformation has been invoked. The new collection, after the identityProvider removed from the collection. |

+### Example of RemoveAlternativeSecurityIdByIdentityProvider

+The following example unlinks one of the social identities with an existing account. To unlink a social identity:

+ - **identityProvider**: facebook.com

+ - **collection**: [ { "issuer": "live.com", "issuerUserId": "MTA4MTQ2MDgyOTI3MDUyNTYzMjcw" }, { "issuer": "facebook.com", "issuerUserId": "MTIzNDU=" } ]

+ - **collection**: [ { "issuer": "live.com", "issuerUserId": "MTA4MTQ2MDgyOTI3MDUyNTYzMjcw" } ]

+## Next steps

+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

+This article provides examples for using the string claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [claims transformations](claimstransformations.md).

+Compares two claims, and throw an exception if they are not equal according to the specified comparison inputClaim1, inputClaim2 and stringComparison.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of AssertStringClaimsAreEqual

+You can use this claims transformation to make sure, two claims have the same value. If not, an error message is thrown. The following example checks that the **strongAuthenticationEmailAddress** claim is equal to **email** claim. Otherwise an error message is thrown.

+- Input claims:

+ - **inputClaim1**: someone@contoso.com

+ - **inputClaim2**: someone@outlook.com

+- Input parameters:

+ - **stringComparison**: ordinalIgnoreCase

+- Result: Error thrown

+### Calling the AssertStringClaimsAreEqual claims transformation

+Creates a time based on time password (TOTP) URI. The URI is a combination of the user's unique identifier, such as email address, and a secret key. The URI is later converted into a QR code that is presented to the user.

+| Element | TransformationClaimType | Data Type | Notes |

+| OutputClaim | outputClaim | string | The claim that is produced after this claims transformation has been invoked. |

+### Example of BuildUri

+The following claims transformation generates a TOTP URI that will be displayed in the QR Code, or deep link.

+ - **scheme**: `otpauth`

+ - **host**: `totp`

+ - **query.issuer**: `{AuthenticatorIssuer}`

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputClaim1 | string | The claim to be changed. |

+| OutputClaim | outputClaim | string | The claim that is produced after this claims transformation has been invoked. |

+### Example of ChangeCase

+The following claim transformation changes the email claim to lower case.

+ - **toCase**: LOWER

+## CompareClaims

+Determines whether one string claim is equal to another. The result is a new boolean claim with a value of `true` or `false`.

+| Element | TransformationClaimType | Data Type | Notes |

+| - | -- | | -- |

+| InputClaim | inputClaim1 | string | First claim type, which is to be compared. |

+| InputClaim | inputClaim2 | string | Second claim type, which is to be compared. |

+| InputParameter | operator | string | Possible values: `EQUAL` or `NOT EQUAL`. |

+| InputParameter | ignoreCase | boolean | Specifies whether this comparison should ignore the case of the strings being compared. |

+| OutputClaim | outputClaim | boolean | The claim that is produced after this claims transformation has been invoked. |

+### Example of CompareClaims

+Use this claims transformation to check if a claim is equal to another claim. The following claims transformation checks if the value of the **email** claim is identical to the **Verified.Email** claim.

+<ClaimsTransformation Id="CheckEmail" TransformationMethod="CompareClaims">

+ <InputClaims>

+ <InputClaim ClaimTypeReferenceId="Email" TransformationClaimType="inputClaim1" />

+ <InputClaim ClaimTypeReferenceId="Verified.Email" TransformationClaimType="inputClaim2" />

+ </InputClaims>

+ <InputParameter Id="operator" DataType="string" Value="NOT EQUAL" />

+ <InputParameter Id="ignoreCase" DataType="string" Value="true" />

+ <OutputClaim ClaimTypeReferenceId="SameEmailAddress" TransformationClaimType="outputClaim" />

+- Input claims:

+ - **inputClaim1**: someone@contoso.com

+ - **inputClaim2**: someone@outlook.com

+- Input parameters:

+ - **operator**: NOT EQUAL

+ - **ignoreCase**: true

+ - **outputClaim**: true

+## CompareClaimToValue

+Determines whether a claim value is equal to the input parameter value.

+| Element | TransformationClaimType | Data Type | Notes |

+| - | -- | | -- |

+| InputClaim | inputClaim1 | string | The claim's type, which is to be compared. |

+| InputParameter | operator | string | Possible values: `EQUAL` or `NOT EQUAL`. |

+| InputParameter | compareTo | string | String comparison, one of the values: Ordinal, OrdinalIgnoreCase. |

+| InputParameter | ignoreCase | boolean | Specifies whether this comparison should ignore the case of the strings being compared. |

+| OutputClaim | outputClaim | boolean | The claim that is produced after this claims transformation has been invoked. |

+### Example of CompareClaimToValue

+Use this claims transformation to check if a claim is equal to a value you specified. For example, the following claims transformation checks if the value of the **termsOfUseConsentVersion** claim is equal to `v1`.

+<ClaimsTransformation Id="IsTermsOfUseConsentRequiredForVersion" TransformationMethod="CompareClaimToValue">

+ <InputClaims>

+ <InputClaim ClaimTypeReferenceId="termsOfUseConsentVersion" TransformationClaimType="inputClaim1" />

+ </InputClaims>

+ <InputParameters>

+ <InputParameter Id="compareTo" DataType="string" Value="V1" />

+ <InputParameter Id="operator" DataType="string" Value="not equal" />

+ <InputParameter Id="ignoreCase" DataType="string" Value="true" />

+ </InputParameters>

+ <OutputClaim ClaimTypeReferenceId="termsOfUseConsentRequired" TransformationClaimType="outputClaim" />

+- Input claims:

+ - **inputClaim1**: v1

+- Input parameters:

+ - **compareTo**: V1

+ - **operator**: EQUAL

+ - **ignoreCase**: true

+ - **outputClaim**: true

+Copies value of a claim to another if the value of the input claim matches the output claim predicate.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of CopyClaimIfPredicateMatch

+The following example tries to copy the signInName claim value to phoneNumber claim. In this example, the value will not be copied. The signInName claim is not in the expected format, phone number. For the complete sample, see [Phone number or email sign-in](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/scenarios/phone-number-passwordless/Phone_Email_Base.xml) starter pack policy.

+ - **inputClaim**: bob@contoso.com

+ - **outputClaim**: The output claim won't be changed from its original value.

+### Example of CopyClaimIfPredicateMatch that muches the predicate

+In this example, the claims transformation will copy the value. The signInName claim is in the correct format, phone number.

+ - **inputClaim**: +11234567890

+ - **outputClaim**: +11234567890

+## CreateOtpSecret

+Creates a TOTP string claim. The output of this claims transformation is a TOTP secret that is later stored in the Azure AD B2C user's account and shared with the Microsoft Authenticator app. The authenticator app uses the key to generate TOTP codes when the user needs to go through MFA. Your policy uses the key to validate the TOTP code provided by the user.

+| Element | TransformationClaimType | Data Type | Notes |

+|-- | -- | | -- |

+| OutputClaim | outputClaim | string | The claim that is produced after this claims transformation has been invoked, with the generated TOTP code. |

+### Example of CreateOtpSecret

+The following claims transformation creates a secret for the TOTP multi-factor authenticator.

+<ClaimsTransformation Id="CreateSecret" TransformationMethod="CreateOtpSecret">

+ <OutputClaim ClaimTypeReferenceId="secretKey" TransformationClaimType="outputClaim" />

+ - **outputClaim**: `hmlcmd4ph6fph64c`

+| Element | TransformationClaimType | Data Type | Notes |

+| OutputClaim | outputClaim | string | The claims that will be produced after this claims transformation has been invoked. The random value. |

+### Example of CreateRandomString

+ - **randomGeneratorType**: GUID

+ - **outputClaim**: bc8bedd2-aaa3-411e-bdee-2f1810b73dfc

+### Example of CreateRandomString the create a numeric value

+ - **randomGeneratorType**: INTEGER

+ - **maximumNumber**: 1000

+ - **stringFormat**: OTP_{0}

+ - **base64**: false

+ - **outputClaim**: OTP_853

+## CreateStringClaim

+Creates a string claim from the provided input parameter in the transformation.

+| Element | TransformationClaimType | Data Type | Notes |

+|-- | -- | | -- |

+| InputParameter | value | string | The string to be set. This input parameter supports [string claims transformation expressions](string-transformations.md#string-claim-transformations-expressions). |

+| OutputClaim | createdClaim | string | The claim that is produced after this claims transformation has been invoked, with the value specified in the input parameter. |

+### Example of CreateStringClaim

+The following claims transformation creates a string value with terms of service.

+```xml

+<ClaimsTransformation Id="CreateTermsOfService" TransformationMethod="CreateStringClaim">

+ <InputParameters>

+ <InputParameter Id="value" DataType="string" Value="Contoso terms of service..." />

+ </InputParameters>

+ <OutputClaims>

+ <OutputClaim ClaimTypeReferenceId="TOS" TransformationClaimType="createdClaim" />

+ </OutputClaims>

+</ClaimsTransformation>

+```

+- Input parameter:

+ - **value**: Contoso terms of service...

+- Output claims:

+ - **createdClaim**: The TOS claim contains the "Contoso terms of service..." value.

+## FormatLocalizedString

+Formats multiple claims according to a provided localized format string. This transformation uses the C# `String.Format` method.

+| Element | TransformationClaimType | Data Type | Notes |

+| OutputClaim | outputClaim | string | The claim that is produced after this claims transformation has been invoked. |

+### Example of FormatLocalizedString

+ - **inputClaim**: sarah@contoso.com

+ - **stringFormat**: ResponseMessge_EmailExists

+Formats a claim according to the provided format string. This transformation uses the C# `String.Format` method.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputClaim |string |The claim that acts as string format {0} parameter. |

+| OutputClaim | outputClaim | string | The claim that is produced after this claims transformation has been invoked. |

+### Example of FormatStringClaim

+ - **inputClaim**: 5164db16-3eee-4629-bfda-dcc3326790e9

+ - **stringFormat**: cpim_{0}@{RelyingPartyTenantId}

+Formats two claims according to the provided format string. This transformation uses the C# `String.Format` method.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputClaim1 |string | The claim that acts as string format {0} parameter. |

+| InputClaim | inputClaim2 | string | The claim that acts as string format {1} parameter. |

+| OutputClaim | outputClaim | string | The claim that is produced after this claims transformation has been invoked. |

+### Example of FormatStringMultipleClaims

+ - **inputClaim1**: Joe

+ - **inputClaim2**: Fernando

+ - **stringFormat**: {0} {1}

+ - **outputClaim**: Joe Fernando

+| Element | TransformationClaimType | Data Type | Notes |

+1. In the claims transformation, specify the list of claims to be set with the localized string. The `ClaimTypeReferenceId` is a reference to a claim already defined in the ClaimsSchema section in the policy. The `TransformationClaimType` is the name of the localized string as defined in the `StringId` of the `LocalizedString` element.

+### Example of GetLocalizedStringsTransformation

+Maps an element from the input claim's **Restriction** collection.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of GetMappedValueFromLocalizedCollection

+ - **mapFromClaim**: B2C_V1_90001

+ - **restrictionValueClaim**: You cannot sign in because you are a minor.

+Looks up a claim value from a list of values based on the value of another claim.

+| Element | TransformationClaimType | Data Type | Notes |

+| OutputClaim | outputClaim | string | The claim that will be produced after this claims transformation has been invoked. The value of the matching `Id`. |

+### Example of LookupValue

+ - **inputParameterId**: test.com

+ - **contoso.com**: 13c15f79-8fb1-4e29-a6c9-be0d36ff19f1

+ - **microsoft.com**: 0213308f-17cb-4398-b97e-01da7bd4804e

+ - **test.com**: c7026f88-4299-4cdb-965d-3f166464b8a9

+ - **errorOnFailedLookup**: false

+ - **outputClaim**: c7026f88-4299-4cdb-965d-3f166464b8a9

+### Example of LookupValue with error

+ - **inputParameterId**: live.com

+ - **contoso.com**: 13c15f79-8fb1-4e29-a6c9-be0d36ff19f1

+ - **microsoft.com**: 0213308f-17cb-4398-b97e-01da7bd4804e

+ - **test.com**: c7026f88-4299-4cdb-965d-3f166464b8a9

+ - **errorOnFailedLookup**: true

+ - No match found for the input claim value in the list of input parameter ids and errorOnFailedLookup is true.

+Cleans the value of a given claim.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of NullClaim

+ - **outputClaim**: Welcome to Contoso App. If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions...

+ - **outputClaim**: NULL

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | emailAddress | string | The claim that contains the email address. |

+| OutputClaim | domain | string | The claim that is produced after this claims transformation has been invoked - the domain. |

+### Example of ParseDomain

+ - **domain**: outlook.com

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of SetClaimIfBooleansMatch

+ - **claimToMatch**: true

+ - **matchTo**: true

+ - **outputClaimIfMatched**: "Promotion code not found."

+ - **outputClaim**: "Promotion code not found."

+| Element | TransformationClaimType | Data Type | Notes |

+| OutputClaim| The name of the claim| string | If the extractGroups input parameter set to true, list of claim types that are produced after this claims transformation has been invoked. The name of the claim must match the Regex group name. |

+### Example of SetClaimsIfRegexMatch

+ - **claimToMatch**: "64854114520"

+ - **matchTo**: "^[0-9]{4,16}$"

+ - **outputClaimIfMatched**: "isPhone"

+ - **outputClaim**: "isPhone"

+ - **regexCompareResultClaim**: true

+### Example of SetClaimsIfRegexMatch with extract groups

+ - **claimToMatch**: "emily@contoso.com"

+ - **matchTo**: `(?&lt;mailAlias&gt;.*)@(.*)$`

+ - **outputClaimIfMatched**: "isEmail"

+ - **extractGroups**: true

+ - **outputClaim**: "isEmail"

+ - **regexCompareResultClaim**: true

+ - **mailAlias**: emily

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of SetClaimsIfStringsAreEqual

+ <InputParameter Id="stringMatchMsgCode" DataType="string" Value="B2C_V1_90005" />

+ <InputParameter Id="stringMatchMsg" DataType="string" Value="The TOS is upgraded to v2" />

+ - **inputClaim**: v1

+ - **matchTo**: V1

+ - **stringComparison**: ordinalIgnoreCase

+ - **stringMatchMsgCode**: B2C_V1_90005

+ - **stringMatchMsg**: The TOS is upgraded to v2

+ - **outputClaim1**: B2C_V1_90005

+ - **outputClaim2**: The TOS is upgraded to v2

+ - **stringCompareResultClaim**: true

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of SetClaimsIfStringsMatch

+ - **claimToMatch**: Minor

+ - **matchTo**: Minor

+ - **stringComparison**: ordinalIgnoreCase

+ - **outputClaimIfMatched**: B2C_V1_90001

+ - **isMinorResponseCode**: true

+ - **isMinor**: B2C_V1_90001

+Determines whether a specified substring occurs within the input claim. The result is a new boolean claim with a value of `true` or `false`. `true` if the value parameter occurs within this string, otherwise, `false`.

+| Element | TransformationClaimType | Data Type | Notes |

+| OutputClaim | outputClaim | string | The claim that is produced after this claims transformation has been invoked. A boolean indicator if the substring occurs within the input claim. |

+### Example of StringContains

+ - **inputClaim**: "Admin, Approver, Editor"

+ - **contains**: "admin,"

+ - **ignoreCase**: true

+ - **outputClaim**: true

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of StringSubstring

+For example, get the phone number country/region prefix.

+ - **inputClaim**: "+1644114520"

+ - **startIndex**: 0

+ - **length**: 2

+ - **outputClaim**: "+1"

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of StringReplace

+For example, normalize a phone number, by removing the `-` characters

+ - **inputClaim**: "+164-411-452-054"

+ - **oldValue**: "-"

+ - **newValue**: ""

+ - **outputClaim**: "+164411452054"

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of StringJoin

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of StringSplit

+ - **inputClaim**: `Admin,Author,Reader`

+ - **outputClaim**: `[ "Admin", "Author", "Reader" ]`

+## Next steps

+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

+This article provides examples for using the string collection claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [claims transformations](claimstransformations.md).

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | Element | string | The ClaimType to be added to the output claim. |

+### Example of AddItemToStringCollection

+| Element | TransformationClaimType | Data Type | Notes |

+| InputParameter | Element | string | The value to be added to the output claim. |

+### Example of AddParameterToStringCollection

+The following example adds a constant email address (admin@contoso.com) to the **otherMails** claim.

+| Element | TransformationClaimType | Data Type | Notes |

+### Example of GetSingleItemFromStringCollection

+The following example reads the **otherMails** claim and returns the first item into the **email** claim.

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | inputClaim | stringCollection | The claim to be searched. |

+### Example of StringCollectionContains

+ - **inputClaim**: ["reader", "author", "admin"]

+ - **item**: "Admin"

+ - **ignoreCase**: "true"

+ - **outputClaim**: "true"

+| Element | TransformationClaimType | Data Type | Notes |

+| InputClaim | collection | stringCollection | The claim to be searched. |

+### Example of StringCollectionContainsClaim

+ - **collection**: ["reader", "author", "admin"]

+ - **item**: "Admin"

+ - **ignoreCase**: "true"

+ - **outputClaim**: "true"

+## Next steps

+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

+In this tutorial, you'll learn how to transform your API so it doesn't reveal private backend info. Transforming an API might help you hide the technology stack info that's running in the backend. It also helps you hide the original URLs that appear in the body of the API's HTTP response.

+The tutorial also explains how to add protection to your backend API by configuring a rate limit with Azure API Management. You might want to limit the rate of API calls so the API isn't overused by developers. For more information, see [API Management policies](api-management-policies.md).

+> * Transform an API to strip response headers

+> * Replace original URLs in the body of the API response with API Management gateway URLs

+> * Protect an API by adding a rate limit policy (throttling)

+> * Test the transformations

+* Learn the [Azure API Management terminology](api-management-terminology.md).

+* Understand the [concept of policies in Azure API Management](api-management-howto-policies.md).

+* Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md).

+* Also, complete the following tutorial: [Import and publish your first API](import-and-publish.md).

+This section shows how to hide the HTTP headers that you don't want to show to your users. For example, delete the following headers in the HTTP response:

+* **X-Powered-By**

+* **X-AspNet-Version**

+1. Select the **GetSpeakers** operation, and then select **Send**.

+The original API response should look similar to the following response:

+1. In the **Outbound processing** section, select the code editor (**</>**) icon.

+ :::image type="content" source="media/transform-api/outbound-policy.png" alt-text="Navigate to outbound policy" border="false":::

+1. Position the cursor inside the **&lt;outbound&gt;** element, and then select **Show snippets** at the top-right corner of the screen.

+ :::image type="content" source="media/transform-api/show-snippets.png" alt-text="Show snippets":::

+ :::image type="content" source="media/transform-api/set-http-header.png" alt-text="Set HTTP header policy":::

+1. Modify your **\<outbound>** code to the following code:

+## Replace original URLs in the body of the API response with API Management gateway URLs

+This section shows how to hide original URLs that appear in the body of the API's HTTP response and instead redirect them to the API Management gateway.

+1. Select the **GetSpeakers** operation, and then select **Send**.

+1. Select **Demo Conference API** > **Design** > **All operations**.

+1. In the **Outbound processing** section, select the code editor (**</>**) icon.

+ :::image type="content" source="media/transform-api/outbound-policy.png" alt-text="Navigate to outbound policy" border="false":::

+1. Position the cursor inside the **&lt;outbound&gt;** element, and then select **Show snippets** at the top-right corner of the screen.

+ :::image type="content" source="media/transform-api/show-snippets-1.png" alt-text="Select show snippets":::

+1. In the right window, under **Transformation policies**, select **Mask URLs in content**.

+ :::image type="content" source="media/transform-api/mask-urls-new.png" alt-text="Mask URLs in content":::

+1. Select **Save**.

+This section shows how to add protection to your backend API by configuring rate limits. You might also want to limit the rate of API calls so that the API isn't overused by developers. In this example, the limit is set to three calls per 15 seconds for each subscription ID. After 15 seconds, a developer can retry calling an API.

+1. Select **Demo Conference API** > **Design** > **All operations**.

+1. In the **Inbound processing** section, select the code editor (**</>**) icon.

+ :::image type="content" source="media/transform-api/inbound-policy.png" alt-text="Navigate to inbound policy":::

+1. Position the cursor inside the **&lt;inbound&gt;** element, and then select **Show snippets** at the top-right corner of the screen.

+ :::image type="content" source="media/transform-api/show-snippets-2.png" alt-text="Set inbound policy" border="false":::

+1. In the right window, under **Access restriction policies**, select **Limit call rate per key**.

+ :::image type="content" source="media/transform-api/limit-call-rate-per-key.png" alt-text="Select limit call rate per key":::

+1. Modify your **rate-limit-by-key** code in the **\<inbound\>** element to the following code:

+At this point, if you look at the code in the code editor, your policies look like the following code:

+ :::image type="content" source="media/transform-api/stripped-response-headers.png" alt-text="Stripped response headers":::

+ As you can see, the URLs are replaced.

+ :::image type="content" source="media/transform-api/test-replaced-url.png" alt-text="Replaced URLs":::

+ After sending the request three times, you get the **429 Too Many Requests** response.

+ :::image type="content" source="media/transform-api/test-throttling-new.png" alt-text="Too many requests":::

+1. Wait for 15 seconds or more and then select **Send** again. This time you should get a **200 OK** response.

+> * Transform an API to strip response headers

+> * Replace original URLs in the body of the API response with API Management gateway URLs

+> * Protect an API by adding rate limit policy (throttling)

+> * Test the transformations

+## November 2021

+### General Availability of Managed Identity for Azure Automation

+**Type:** New feature

+Azure Automation now supports Managed Identities in Azure public, Azure Gov, and Azure China cloud. [System Assigned Managed Identities](/azure/automation/enable-managed-identity-for-automation) is supported for cloud as well as hybrid jobs, while [User Assigned Managed Identities](/azure/automation/automation-security-overview#managed-identities-preview) is supported only for cloud jobs. Read the [announcement](https://azure.microsoft.com/updates/azure-automation-managed-identities-ga/) for more information.

+### Preview support for PowerShell 7.1

+**Type:** New feature

+Azure Automation support for PowerShell 7.1 runbooks is available as public preview in Azure public, Azure Gov, and Azure China clouds. Read the [announcement](https://azure.microsoft.com/updates/azure-automation-powershell-7/) for more information.

+Each data center is assigned to a physical zone. Physical zones are mapped to logical zones in your Azure subscription. Azure subscriptions are automatically assigned this mapping at the time a subscription is created. You can use the dedicated ARM API called: [checkZonePeers](https://docs.microsoft.com/rest/api/resources/subscriptions/check-zone-peers) to compare zone mapping for resilient solutions that span across multiple subscriptions.

+ Title: Log support ticket for Azure Edge Hardware Center orders

+description: Learn how to log support request for issues related to orders created via Azure Edge Hardware Center.

+# Open a support ticket for Azure Edge Hardware Center

+This article applies to orders created by Azure Edge Hardware Center service. If you encounter any issues with your service, you can create a service request for technical support. This article walks you through:

+* How to create a support request.

+* How to manage a support request lifecycle from within the portal.

+## Create a support request

+Do the following steps to create a support request:

+1. Go to your Azure Edge Hardware Center order. Navigate to **Support + troubleshooting** section and then select **New support request**.

+1. In **New support request**, on the **Problem description** tab, take the following steps:

+ 1. From the **Issue type** dropdown list, select **Technical**.

+ 2. Choose your **Subscription**.

+ 3. Under **Service**, check **My Services**. From the dropdown list, select **Azure Edge Hardware Center**.

+ 4. Select your **Resource**. This corresponds to the name of your order.

+ 5. Give a brief **Summary** of the issue you are experiencing.

+ 6. Select your **Problem type**.

+ 7. Based on the problem type you selected, choose a corresponding **Problem subtype**.

+ 8. Select **Next**.

+ 

+1. On the **Recommended solution** tab, check if the fix for the issue that you are observing is documented. If the error you are facing is not documented, select **Next**.

+ 

+1. On the **Additional details** tab, take the following steps:

+ 1. Under Problem details, provide the start date and time for the problem.

+ 1. Select the **Subscription type**.

+ 1. Supply a **Additional details about the issue**.

+ 1. In the **File upload**, select the folder icon to browse any other files you want to upload.

+ 1. Under **Advanced diagnostic information**, check **Allow collection of advanced diagnostic information**.

+ 

+ 1. Under **Support method**, based on your subscription, a **Support plan** is automatically populated.

+ 1. From the dropdown list, select the **Severity**.

+ 1. Specify a **Preferred contact method**.

+ 1. **Your availability** are automatically selected based on your subscription plan.

+ 1. Provide the language you prefer for Support.

+ 1. Under **Contact info**, provide your name, email, phone, optional contact, country/region. Microsoft Support uses this information to reach out to you for further information, diagnosis, and resolution.

+ 1. Select **Next**.

+ 

+4. On the **Review + Create** tab, review the information related to Support ticket. Select **Create**.

+ 

+ After you create the Support ticket, a Support personnel will contact you as soon as possible to proceed with your request.

+## Manage a support request

+After creating a support ticket, you can manage the lifecycle of the ticket from within the portal.

+### To manage your support requests

+1. To get to the help and support page, navigate to **Help + support**.

+ 

+2. A tabular listing of **Recent support requests** is displayed in **Help + support**.

+3. Select and click a support request. You can view the status and the details for this request. Click **+ New message** if you want to follow up on this request.

+## Next steps

+- [Troubleshoot issues related to Azure Edge Hardware Center orders](azure-edge-hardware-center-troubleshoot-order.md).

+ Title: Tutorial to create an order using Azure Edge Hardware Center

+description: The tutorial about creating an Azure Edge Hardware Center via the Azure portal.

+# Customer intent: As an IT admin, I need to understand how to create an order via the Azure Edge Hardware Center.

+# Tutorial: Create an Azure Edge Hardware Center

+Azure Edge Hardware Center service lets you explore and order a variety of hardware from the Azure hybrid portfolio including Azure Stack Edge devices. This tutorial describes how to create an order using the Azure Edge Hardware Center via the Azure portal.

+In this tutorial, you'll:

+> [!div class="checklist"]

+> * Review prerequisites

+> * Create an order

+## Prerequisites

+Before you begin:

+- Make sure that the `Microsoft.EdgeOrder` provider is registered. To create an order in the Azure Edge Hardware Center, the `Microsoft.EdgeOrder` provider should be registered against your subscription.

+ For information on how to register, go to [Register resource provider](../databox-online/azure-stack-edge-gpu-manage-access-power-connectivity-mode.md#register-resource-providers).

+- Make sure that all the other prerequisites related to the product that you are ordering are met. For example, if ordering Azure Stack Edge device, ensure that all the [Azure Stack Edge prerequisites](../databox-online/azure-stack-edge-gpu-deploy-prep.md#prerequisites) are completed.

+## Create an order

+When you place an order through the Azure Edge Hardware Center, you can order multiple devices, to be shipped to more than one address, and you can reuse ship to addresses from other orders.

+Ordering through Azure Edge Hardware Center will create an Azure resource that will contain all your order-related information. One resource each will be created for each of the units ordered. After you have placed an order for the device, you may need to create a management resource for the device.

+## Next steps

+In this tutorial, you learned about topics such as:

+> [!div class="checklist"]

+> * Review prerequisites

+> * Create an order

+Learn more on how to [Manage Azure Edge Hardware Center orders](azure-edge-hardware-center-manage-order.md)

+ Title: Manage Azure Edge Hardware Center orders

+description: Describes how to use the Azure portal to manage orders created via Azure Edge Hardware Center.

+# Use the Azure portal to manage your Azure Edge Hardware Center orders

+This article describes how to manage the orders created by Azure Edge Hardware Center. You can use the Azure portal to track and cancel orders created via the Edge Hardware Center.

+In this article, you learn how to:

+> [!div class="checklist"]

+> * Track order

+> * Cancel order

+> * Return hardware

+## Track order

+Follow these steps in the Azure portal to track the order you created using the Edge Hardware Center.

+1. In the Azure portal, go to **All resources**. Filter by **Type == Azure Edge Hardware Center**. This should list all the orders created using the Edge Hardware Center. From the list of orders, select your order and go to the order resource.

+ 

+2. In the selected order resource, go to **Overview**. In the right pane, you can view the status of the order. For example, here the order was delivered to the customer.

+ 

+ You can see the tracking information for your order after the hardware is shipped.

+ 

+## Cancel order

+Follow these steps in the Azure portal to track the order you created using the Edge Hardware Center.

+1. In the Azure portal, go to **All resources**. Filter by **Type == Azure Edge Hardware Center**. This should list all the orders created using the Edge Hardware Center. From the list of orders, select your order and go to the order resource.

+

+2. In the selected order resource, go to **Overview**. In the right pane, from the top command bar, select Cancel. You can only cancel an order after the order is created and before the order is confirmed. For example, here the **Cancel** is enabled when the order status is **Placed**.

+ 

+3. You see a notification that the order is being canceled. Once the order is canceled, the order status updates to **Canceled**.

+ 

+ If your order item shows up as **Confirmed** and you need to cancel it for some reason, send an email to [Operations team](mailto:email@example.com) with your request.

+## Return hardware

+If you used the Azure Edge Hardware Center to order your hardware, follow these steps to initiate the return. The example here is for Azure Stack Edge device but a similar flow applies to returning other hardware as well.

+## Next steps

+- Review [Azure Edge Hardware Center FAQ](azure-edge-hardware-center-faq.yml).

+ Title: Azure Edge Hardware Center overview

+description: Describes Azure Edge Hardware Center - an Azure service that lets you order all Azure hardware and manage and track those orders

+# Customer intent: As an IT admin, I need to understand how I can discover and order all first party Azure hardware and manage and track those orders.

+# What is Azure Edge Hardware Center?

+Azure Edge Hardware Center is a new Azure service that lets you order a variety of hardware or devices from the Azure hybrid portfolio. You can also use this service to see and track all your order related information at one place. The first party hardware that you order can then be used to build and run hybrid apps across datacenters, edge locations, remote offices, and the cloud.

+## Benefits

+Edge Hardware Center offers the following benefits:

+- **Place bulk orders of hardware** - You can order multiple units of a particular type of device or hardware at once by putting a quantity while placing your order.

+- **Ship multiple devices or hardware to different locations at the same time** - You can now ship hardware to multiple locations (within one country/region) through just one order. Add multiple addresses in the ΓÇ£Shipping + QuantityΓÇ¥ tab to achieve this.

+- **Save addresses for future orders** - You can save your frequently used addresses while placing an order. For subsequent orders, you can then select a shipping address from your address book.

+- **Stay updated with your order status** - You can view the order status updates for each of the order items. You can also choose to get notified through email when your order moves to next stage. You can add one or more people in the notification list.

+<!--## Available hardware

+Use the Edge Hardware Center to browse through and order SKUs from the following product families:

+|Hardware |Configuration |

+|||

+| Azure Stack Edge Pro - GPU |Azure Stack Edge Pro - 1 GPU <br> Azure Stack Edge Pro - 2 GPU |

+| Azure Stack Edge Pro R¹ |Azure Stack Edge Pro R - single node <br> Azure Stack Edge Pro R - single node with UPS |

+| Azure Stack Edge Mini R² |One configuration, selected automatically. |

+^1,2 R denotes rugged SKUs targeted for defense applications.-->

+## Resource provider

+Edge Hardware Center has its own independent resource provider (RP). This RP creates the following resource type when you place an order: **Microsoft.EdgeOrder**.

+Before you use this RP to create orders, your Azure subscription must be registered for this RP. Registration configures your subscription to work with the Edge Hardware Center RP. To register with this RP, you must have an *owner* or *contributor* access to the subscription.

+For more information, see [Register with an Azure Resource Provider](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider).

+### Create orders

+You can create an Edge Hardware Center order via the Azure portal or via the SDK. To create an order via Azure portal, see [Create an Edge Hardware Center order in the Azure portal](azure-edge-hardware-center-create-order.md).

+The independent Edge Hardware Center RP decouples the ordering process from that of the resource creation for the service that manages the device or the hardware. For example, you'll create an order for Azure Stack Edge using the Edge Hardware Center service. You'll then create a separate resource for Azure Stack Edge using the Azure Stack Edge service to manage and activate the device.

+For more information, see [Create an Azure Stack Edge resource after you place the order via the Edge Hardware Center](../databox-online/azure-stack-edge-gpu-deploy-prep.md?tabs=azure-edge-hardware-center#create-a-management-resource-for-each-device).

+### Track orders

+You can track the status of your order by going to the order item resource within Edge Hardware Center. For more information, see [Track the Edge Hardware Center order](azure-edge-hardware-center-manage-order.md#track-order).

+You can also [Cancel the order](azure-edge-hardware-center-manage-order.md#cancel-order) or [Return hardware](azure-edge-hardware-center-manage-order.md#return-hardware ) once you are done.

+You can also enable alerts to receive email notifications if the order status changes. The email notifications are enabled when the order is placed.

+<!--## Region availability

+The Edge Hardware Center service is available in East US, West Europe, and South East Asia for Azure public cloud. The orders created by Edge Hardware Center can also be used to deploy devices in Azure Government, Azure Government Secret, and Azure Government Top Secret.-->

+## Data residency

+Data residency norms apply for the orders created using the Edge Hardware Center service. When placing an order in Southeast Asia region, data related to your order resides only within Southeast Asia (Singapore) and is not replicated outside this region. Orders created in Southeast Asia region will not be resilient to region wide outages.

+For more information, see [Data residency for Azure Stack Edge](../databox-online/azure-stack-edge-gpu-data-residency.md#azure-edge-hardware-center-ordering-and-management-resource).

+## Billing and pricing

+You will be billed against the resource from where you have placed the order. If you place the order through the Edge Hardware Center, your bill is reflected against the resource created in the process. For each order item resource that you create, you are billed for the respective hardware unit.

+For specific information on pricing for the orders you created, go to the pricing page for the corresponding product. For Azure Stack Edge, see [Azure Stack Edge Pricing](https://azure.microsoft.com/pricing/details/azure-stack/edge/).

+## Next steps

+Learn how to:

+- [Create an Azure Edge Hardware Center order](azure-edge-hardware-center-create-order.md).

+- [Manage Azure Edge Hardware Center orders](azure-edge-hardware-center-manage-order.md).

+- [Troubleshoot ordering issues with Azure Edge Hardware Center](azure-edge-hardware-center-troubleshoot-order.md).

+ Title: Move Azure Edge Hardware Center resource across subscriptions, resource groups

+description: Use the Azure portal to move an Azure Edge Hardware Center resource to another subscription or a resource group.

+# Move Azure Edge Hardware Center resource across Azure subscriptions and resource groups via the Azure portal

+This article explains how to move an Azure Edge Hardware Center resource across Azure subscriptions, or to another resource group in the same subscription using the Azure portal.

+Both the source group and the target group are locked during the move operation. Write and delete operations are blocked on the resource groups until the move completes. This lock means you can't add, update, or delete resources in the resource groups. It doesn't mean the resources are frozen. <!--For example, if you move a SQL Server and its database to a new resource group, an application that uses the database experiences no downtime. It can still read and write to the database.--> The lock can last for a maximum of four hours, but most moves complete in much less time.

+Moving a resource only moves it to a new resource group or subscription. It doesn't change the location of the resource.

+<!--## Supported regions

+All the Azure public regions where you can create an Azure Edge Hardware Center order resource. For more information, see [Region availability for Edge Hardware Center](azure-edge-hardware-center-overview.md#region-availability). -->

+## Prerequisites

+Before you begin:

+- If moving your resource to a different subscription:

+ - Make sure that both the source and destinations subscriptions are active.

+ - Make sure that both the source and resource subscriptions exist within the same Azure Active Directory tenant.

+ - The destination subscription must be registered to the `Microsoft.EdgeOrder` resource provider. If not, you receive an error stating that the subscription is not registered for a resource type. You might see this error when moving a resource to a new subscription, but that subscription has never been used with that resource type.

+- If moving your resource to a different resource group, make sure that the account moving the resources must have at least the following permissions:

+ - *Microsoft.Resources/subscriptions/resourceGroups/moveResources/action* on the source resource group.

+ - *Microsoft.Resources/subscriptions/resourceGroups/write* on the destination resource group.

+## Move resource group or subscription

+1. In the Azure portal, go to the Azure Edge Hardware Center resource that you want to move. The Azure Edge Hardware Center resource in this example is created for an Azure Stack Edge order.

+ - To move to another subscription, select the option available for **Resource group (Move)**.

+ - To move to another resource group within the same subscription, select the option available for **Subscription ID (Move)**. <!--is activated against a device and storage accounts are created. It is however not required to activate the device and you can move an unregistered resource as well.-->

+ 

+1. On the **Source + target** tab, specify the destination Resource group in the same subscription. The source resource group is automatically set. If you are moving to a new subscription, also specify the subscription. Select **Next**.

+ 

+1. On the **Resources to move** tab, Edge Hardware Center service will determine if the resource move is allowed. As the validation begins, the validation status is shown as **Pending validation**. Wait for the validation to complete.

+ 

+ After the validation is complete and if the service determines that the resource move is allowed, validation status updates to **Succeeded**.

+ 

+ Select **Next**.

+1. On the **Review** tab, verify the **Selection summary** and select the checkbox to acknowledge that tools and scripts will need to be updated when moving to another resource group. To start moving the resources, select **Move**.

+ 

+1. Check the notification in the Azure portal to verify that the resource move has completed.

+ 

+## Verify migration

+Follow these steps to verify that the resource was successfully moved to the specified subscription or resource group.

+- If you moved across subscriptions, go to the target subscription to see the moved resource. Go to **All resources** and filter against the target subscription to which you moved your resource.

+ 

+ <!--The shares, storage accounts associated with the resource should also be present with the moved resource.-->

+

+- If you moved to another resource group in the same subscription, go to the target resource group to see the moved resource. Go to **All resources** and filter against the target resource group to which you moved your resource.

+ 

+ <!--The shares, storage accounts associated with the resource should also be present with the moved resource.-->

+## Clean up

+After the Azure Edge Hardware Center resource has moved, you can clean up the source resources that aren't needed.

+If you moved to another resource group, you can delete the source resource group. To do so:

+1. On the Azure portal dashboard, select the source resource group.

+1. At the top of the pane, select **Delete**.

+## Next steps

+In this article, you moved an Azure Edge Hardware Center resource from one subscription or resource group to another by using the Azure portal and then cleaned up the source resources that aren't needed. To learn more about moving resources in Azure, see:

+- [Move resources to a new resource group or subscription](../azure-resource-manager/management/move-resource-group-and-subscription.md)

+ Title: Troubleshoot Azure Edge Hardware Center issues via the Azure portal

+description: Describes how to troubleshoot Azure Edge Hardware Center ordering issues.

+# Troubleshoot your Azure Edge Hardware Center ordering issues

+This article describes how to troubleshoot Azure Edge Hardware Center ordering issues.

+## Unsupported subscription or region

+**Error Description:** In Azure portal, you get this error:

+*Selected subscription or region is not supported. Choose a different subscription or region.*

+**Suggested solution:** Make sure that you used a supported subscription such as [Microsoft Enterprise Agreement (EA)](https://azure.microsoft.com/overview/sales-number/), [Cloud Solution Provider (CSP)](/partner-center/azure-plan-lp), or [Microsoft Azure Sponsorship](https://azure.microsoft.com/offers/ms-azr-0036p/). Pay-as-you-go subscriptions aren't supported. For more information, see [Azure Edge Hardware Center resource prerequisites](azure-edge-hardware-center-create-order.md#prerequisites).

+There's the possibility that Microsoft may allow a subscription type upgrade on a case-by-case basis. Contact [Microsoft support](https://azure.microsoft.com/support/options/) so that they can understand your needs and adjust these limits appropriately.

+## Resource provider not registered for subscription

+**Error:** In Azure portal, you select a subscription to create Edge Hardware Center order and get the following error:

+*Resource provider(s): Microsoft.EdgeOrder are not registered for subscription &lt;subscription name&gt; and you don't have permissions to register a resource provider for subscription &lt;subscription name&gt;*.

+**Suggested solution:** Elevate your subscription access or find someone with owner or contributor access to register the resource provider.

+## Resource disallowed by policy

+**Error:** In Azure portal, you attempt to register a resource provider and get the following error:

+*Resource &lt;resource name&gt; was disallowed by policy. (Code: RequestDisallowedByPolicy). Initiative: Deny generally unwanted Resource Types. Policy: Not allowed resource types.*

+**Suggested solution:** This error occurs due to an existing Azure Policy assignment that blocks the resource creation. Azure Policy definitions and assignments are set by an organization's system administrator to ensure compliance while using or creating Azure resources. If any such policy assignment is blocking Azure Edge Hardware Center resource creation, contact your system administrator to edit your Azure Policy definition.

+## Selected subscription type not supported

+You will see this error when placing orders for Azure Stack Edge devices.

+**Error:** You have an EA, CSP, or sponsored subscription and you get the following error:

+* The selected subscription type is not supported. Make sure that you use a supported subscription. [Learn more](../databox-online/azure-stack-edge-deploy-prep.md#prerequisites).

+ If using a supported subscription type, make sure:

+

+- That the `Microsoft.EdgeOrder`provider is registered, when placing orders via the Azure Edge Hardware Center.

+

+For information on how to register, see [Register resource provider](../databox-online/azure-stack-edge-manage-access-power-connectivity-mode.md#register-resource-providers)*.

+**Suggested solution:** Follow these steps to register your Azure Edge Hardware Center resource provider:

+1. In Azure portal, go to **Home** > **Subscriptions**.

+2. Select the subscription that you'll use to order your device.

+3. Select **Resource providers** and then search for **Microsoft.EdgeOrder**.

+ If you don't have owner or contributor access to register the resource provider, you see the following error: *The subscription &lt;subscription name&gt; doesn't have permissions to register the resource provider(s): Microsoft.EdgeOrder.*

+ For more information, see [Register resource providers](../databox-online/azure-stack-edge-manage-access-power-connectivity-mode.md#register-resource-providers).

+## Next steps

+* Learn how to [Manage Azure Edge Hardware Center order](azure-edge-hardware-center-manage-order.md).

+|maxAutoLockRenewalDuration|00:05:00|The maximum duration within which the message lock will be renewed automatically. This only applies for functions that receive a batch of messages.|

+3. Check the option "Migrate all Application Insights resources in this subscription", or leave it unchecked if you want to migrate only the current resource you are in.

+ > [!NOTE]

+ > Checking this option will impact all **existing** Application Insights resources (that were not migrated yet). As long as the migration to alerts is in preview, new Application Insights resources will still be created with non-alerts smart detection.

+4. Select an action group to be configured for the new alert rules. You can choose between using the default action group (as explained above) or using one of your existing action groups.

+5. Select **Migrate** to start the migration process.

+For migrating a single Application Insights resource, body.txt should include:

+For migrating all the Application Insights resources in a subscription, body.txt should include:

+```json

+{

+ "scope": [

+ "/subscriptions/{subscriptionId} "

+ ],

+ "actionGroupCreationPolicy" : "{Auto/Custom}",

+ "customActionGroupName" : "{actionGroupName}"

+}

+```

+Long-term retention can be enabled for Azure SQL Database and for Azure SQL Managed Instance. This article provides a conceptual overview of long-term retention. To configure long-term retention, see [Configure Azure SQL Database LTR](long-term-backup-retention-configure.md) and [Configure Azure SQL Managed Instance LTR](../managed-instance/long-term-backup-retention-configure.md).

+## January 2022

+|Rule ID |Rule Title |Change details |

+||||

+|VA1054 |Minimal set of principals should be members of fixed high impact database roles |Logic change |

+|VA1220 |Database communication using TDS should be protected through TLS |Logic change |

+|VA2120 |Features that may affect security should be disabled |Logic change |

+|VA2129 |Changes to signed modules should be authorized |Logic change |

+$endDate = (Get-Date).AddDays(45).ToUniversalTime()

+1. Select a model type, then select **Create**. You can view a list of regions that support the **Advanced** model type in the [Keyword recognition region support](regions.md#keyword-recognition) documentation.

+```tsv

+> You can view a list of regions that support the **Advanced** model type in the [Keyword recognition region support](regions.md#keyword-recognition) documentation.

+Available regions for **intent recognition** via the Speech SDK are in the following table.

+The [Speech SDK](speech-sdk.md) supports **voice assistant** capabilities through [Direct Line Speech](./direct-line-speech.md) for regions in the following table.

+Available regions for **Speaker Recognition** are in the following table.

+### Keyword recognition

+Available regions for **Keyword recognition** are in the following table.

+| Region | Custom Keyword (Basic models) | Custom Keyword (Advanced models) | Keyword Verification |

+| | -- | -- | -- |

+| West US | Yes | No | Yes |

+| West US 2 | Yes | Yes | Yes |

+| East US | Yes | Yes | Yes |

+| East US 2 | Yes | Yes | Yes |

+| West Central US | Yes | No | Yes |

+| South Central US | Yes | Yes | Yes |

+| West Europe | Yes | Yes | Yes |

+| North Europe | Yes | Yes | Yes |

+| UK South | Yes | Yes | No |

+| East Asia | Yes | No | Yes |

+| Southeast Asia | Yes | Yes | Yes |

+| Central India | Yes | Yes | Yes |

+| Japan East | Yes | No | Yes |

+| Japan West | Yes | No | No |

+| Australia East | Yes | Yes | No |

+| Brazil South | Yes | No | No |

+| Canada Central | Yes | No | No |

+| Korea Central | Yes | No | No |

+| France Central | Yes | No | No |

+| North Central US | Yes | Yes | No |

+| Central US | Yes | No | No |

+| South Africa North | Yes | No | No |

+> Bing Speech was decommissioned on October 15, 2019. If your applications, tools, or products are using the Bing Speech APIs, see [Migrate from Bing Speech to the Speech service](how-to-migrate-from-bing-speech.md).

+## Reference docs

+The [Speech SDK](speech-sdk.md) provides most of the functionalities needed to interact with the Speech service. For scenarios such as model development and batch transcription you can use the REST API.

+### Speech SDK reference docs

+Use the following list to find the appropriate Speech SDK reference docs:

+- <a href="https://aka.ms/csspeech/csharpref" target="_blank" rel="noopener">C# SDK </a>

+- <a href="https://aka.ms/csspeech/cppref" target="_blank" rel="noopener">C++ SDK </a>

+- <a href="https://aka.ms/csspeech/javaref" target="_blank" rel="noopener">Java SDK </a>

+- <a href="https://aka.ms/csspeech/pythonref" target="_blank" rel="noopener">Python SDK</a>

+- <a href="https://aka.ms/csspeech/javascriptref" target="_blank" rel="noopener">JavaScript SDK</a>

+- <a href="https://aka.ms/csspeech/objectivecref" target="_blank" rel="noopener">Objective-C SDK </a>

+> [!TIP]

+> The Speech service SDK is actively maintained and updated. To track changes, updates and feature additions refer to the [Speech SDK release notes](releasenotes.md).

+### REST API references

+For Speech-to-text REST APIs, refer to the listing below:

+- [REST API: Speech-to-text](rest-speech-to-text.md)

+- [REST API: Pronunciation assessment](rest-speech-to-text.md#pronunciation-assessment-parameters)

+- <a href="https://westus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-0" target="_blank" rel="noopener">REST API: Batch transcription and customization </a>

+> Bing Speech was decommissioned on October 15, 2019. If your applications, tools, or products are using the Bing Speech APIs or Custom Speech, see [Migrate from Bing Speech to the Speech service](how-to-migrate-from-bing-speech.md).

+**Example: Pagination rules**

+If you want to send multiple sequence requests with one variable in a range, you can define a variable such as `{offset}`, `{id}` in AbsoluteUrl, Headers, QueryParameters, and define the range rule in pagination rules. See the following examples of pagination rules:

+- **Example 1**

+ You have multiple requests:

+

+ ```

+ baseUrl/api/now/table/incident?sysparm_limit=1000&sysparm_offset=0,

+

+ baseUrl/api/now/table/incident?sysparm_limit=1000&sysparm_offset=1000,

+

+ ......

+

+ baseUrl/api/now/table/incident?sysparm_limit=1000&sysparm_offset=10000

+ ```

+ You need to specify the range pagination:

+

+ `AbosoluteUrl = baseUrl/api/now/table/incident?sysparm_limit=1000&sysparm_offset={offset}`

+ The pagination rule is: `QueryParameter.{offset} = RANGE:0:10000:1000`

+- **Example 2**

+ You have multiple requests:

+ ```

+ baseUrl/api/now/table/t1

+

+ baseUrl/api/now/table/t2

+

+ ......

+

+ baseUrl/api/now/table/t100

+ ```

+ You need to specify the range pagination:

+ `AbosoluteUrl = baseUrl/api/now/table/t{id}`

+ The pagination rule is: `AbsoluteUrl.{id} = RANGE:1:100:1`

+1. Enter an expression that will be evaluated after all child activities defined in the Until activity are executed. If the expression evaluates to false, the Until activity will execute all its child activities again. When it evaluates to true, the Until activity will complete. The expression can be a literal string expression, or any combination of dynamic [expressions, functions](control-flow-expression-language-functions.md), [system variables](control-flow-system-variables.md), or [outputs from other activities](how-to-expression-language-functions.md#examples-of-using-parameters-in-expressions). The example below checks the value of a previously defined pipeline array variable called TestVariable to see if it evaluates to ['done'].

+- Salesforce

+- Salesforce Service Cloud

+If you're a new customer, we recommend that you explore using Azure Stack Edge Pro - GPU devices for your workloads. For more information, go to [What is Azure Stack Edge Pro with GPU](azure-stack-edge-gpu-overview.md). For information about ordering an Azure Stack Edge Pro with GPU device, go to [Create a new resource for Azure Stack Edge Pro - GPU](azure-stack-edge-gpu-deploy-prep.md#create-a-new-resource).

+### Create an order resource

+To create an order resource, use the Azure Edge Hardware Center. [Azure Edge Hardware Center](../azure-edge-hardware-center/azure-edge-hardware-center-overview.md) lets you explore and order a variety of hardware from the Azure hybrid portfolio including Azure Stack Edge Pro devices.

+When you place an order through the Edge Hardware Center, you can order multiple devices, to be shipped to more than one address, and you can reuse ship to addresses from other orders.

+Ordering through Edge Hardware Center will create an Azure resource that will contain all your order-related information. One resource each will be created for each of the units ordered. You will have to create an Azure Stack Edge resource after you receive the device to activate and manage it.

+### Create a management resource for each device

+<!--### [Azure CLI](#tab/azure-cli)

+After you place an order, Microsoft reviews the order and contacts you by email with shipping details.-->

+| Kubernetes distributions and configurations: | **Supported**<br> ΓÇó Any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters<br><br>**Unsupported**<br> ΓÇó Any [taints](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) applied to your nodes *might* disrupt the configuration of Defender for Containers<br>ΓÇóThe AKS Defender profile doesn't support AKS clusters that don't have RBAC enabled.<br><br>**Tested on**<br> ΓÇó [Azure Kubernetes Service](../aks/intro-kubernetes.md)<br> ΓÇó [Amazon Elastic Kubernetes Service (EKS)](https://aws.amazon.com/eks/)<br> ΓÇó [Azure Kubernetes Service on Azure Stack HCI](/azure-stack/aks-hci/overview)<br> ΓÇó [Kubernetes](https://kubernetes.io/docs/home/)<br> ΓÇó [AKS Engine](https://github.com/Azure/aks-engine)<br> ΓÇó [Azure Red Hat OpenShift](https://azure.microsoft.com/services/openshift/)<br> ΓÇó [Red Hat OpenShift](https://www.openshift.com/learn/topics/kubernetes/) (version 4.6 or newer)<br> ΓÇó [VMware Tanzu Kubernetes Grid](https://tanzu.vmware.com/kubernetes-grid)<br> ΓÇó [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) |

+| Aspect | Details |

+|--|:-|

+| Release state: | General availability (GA) |

+| Pricing: | **Microsoft Defender for open-source relational databases** is billed as shown on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |

+| Protected versions of PostgreSQL: | Single Server - General Purpose and Memory Optimized. Learn more in [PostgreSQL pricing tiers](../postgresql/concepts-pricing-tiers.md). |

+| Protected versions of MySQL: | Single Server - General Purpose and Memory Optimized. Learn more in [MySQL pricing tiers](../mysql/concepts-pricing-tiers.md). |

+| Protected versions of MariaDB: | General Purpose and Memory Optimized. Learn more in [MariaDB pricing tiers](../mariadb/concepts-pricing-tiers.md). |

+| Clouds: | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br> :::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure China 21Vianet |

+| Supported destinations: | Any [taints](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) applied to your nodes *might* disrupt the configuration of Defender for Containers <br><br> The AKS Defender profile doesn't support AKS clusters that don't have RBAC enabled. | Any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters |

+ $hdiWorkerNodes = 4

+## January 2022

+- **Bug fixes**

+

+ Restart workflow struck issue with servers with HA and Geo-redundant backup option enabled is fixed.

+- **Known issues**

+

+ When you are using ARM templates for provisioning or configuration changes for HA enabled servers, if a single deployment is made to enable/disable HA and along with other server properties like backup redundancy, storage etc. then deployment would fail. You can mitigate it by submit the deployment request separately for to enable\disable and configuration changes. You would not have issue with Portal or Azure cli as these are request already separated.

+ On servers where we have HA and Geo-redundant backup option enabled, we found an rare issue encountered by a race condition which blocks the restart of the standby server to finish. As a result of this issue, when you failover the HA enabled Azure database for MySQL - Flexible server MySQL Instance may get stuck in restarting state for a long time. The fix will be deployed to the production in the next deployment cycle.

+Use the link in the data connector page to deploy your parsers, or follow the instructions from the [Microsoft Sentinel GitHub repository](https://github.com/Azure/Azure-Sentinel/tree/master/ASIM).

+| **_ResourceId** | guid | The Azure Resource ID of the reporting device or service, or the log forwarder resource ID for events forwarded by using Syslog, CEF, or WEF. **_ResourceId** is not generated for sources for that do not have a resource concept, such as Microsoft Defender for Endpoint and will be empty for events from these sources. |

+### Install ASIM testing tools

+To test ASIM, [deploy the ASIM testing tool](https://aka.ms/ASimTestingTools) to a Microsoft Sentinel workspace where:

+- Your parser is deployed.

+- The source table used by the parser is available.

+- The source table used by the parser is populated with a varied collection of relevant events.

+### Validate the output schema

+To make sure that your parser produces a valid schema, use the ASIM schema tester by running the following query in the Microsoft Sentinel **Logs** page:

+ ```KQL

+ <parser name> | getschema | invoke ASimSchemaTester('<schema>')

+ ```

+Handle the results as follows:

+| Message | Action |

+| - | |

+| **(0) Error: Missing mandatory field [\<Field\>]** | Add this field to your parser. In many cases, this would be a derived value or a constant value, and not a field already available from the source. |

+| **(0) Error: Missing mandatory alias [\<Field\>] aliasing existing column [\<Field\>]** | Add this alias to your parser. |

+| **(0) Error: Missing mandatory alias [\<Field\>] aliasing missing column [\<Field\>]** | This error accompanies a similar error for the aliased field. Correct the aliased field error and add this alias to your parser. |

+| **(0) Error: Missing recommended alias [\<Field\>] aliasing existing column [\<Field\>]** | Add this alias to your parser. |

+| **(0) Error: Missing optional alias [\<Field\>] aliasing existing column [\<Field\>]** | Add this alias to your parser. |

+| **(0) Error: type mismatch for field [\<Field\>]. It is currently [\<Type\>] and should be [\<Type\>]** | Make sure that the type of normalized field is correct, usually by using a [conversion function](/azure/data-explorer/kusto/query/scalarfunctions#conversion-functions) such as `tostring`. |

+| **(1) Warning: Missing recommended field [\<Field\>]** | Consider adding this field to your parser. |

+| **(1) Warning: Missing recommended alias [\<Field\>] aliasing non-existent column [\<Field\>]** | If you add the aliased field to the parser, make sure to add this alias as well. |

+| **(1) Warning: Missing optional alias [\<Field\>] aliasing non-existent column [\<Field\>]** | If you add the aliased field to the parser, make sure to add this alias as well. |

+| **(2) Info: Missing optional field [\<Field\>]** | While optional fields are often missing, it is worth reviewing the list to determine if any of the optional fields can be mapped from the source. |

+| **(2) Info: extra unnormalized field [\<Field\>]** | While unnormalized fields are valid, it is worth reviewing the list to determine if any of the unnormalized values can be mapped to an optional field. |

+|||

+> [!NOTE]

+> Errors will prevent content using the parser from working correctly. Warnings will not prevent content from working, but may reduce the quality of the results.

+>

+### Validate the output values

+To make sure that your parser produces valid values, use the ASIM data tester by running the following query in the Microsoft Sentinel **Logs** page:

+ ```KQL

+ <parser name> | limit <X> | invoke ASimDataTester('<schema>')

+ ```

+This test is resource intensive and may not work on your entire data set. Set X to the largest number for which the query will not timeout, or set the time range for the query using the time range picker.

+Handle the results as follows:

+| Message | Action |

+| - | |

+| **(0) Error: type mismatch for column [\<Field\>]. It is currently [\<Type\>] and should be [\<Type\>]** | Make sure that the type of normalized field is correct, usually by using a [conversion function](/azure/data-explorer/kusto/query/scalarfunctions#conversion-functions) such as `tostring`. |

+| **(0) Error: Invalid value(s) (up to 10 listed) for field [\<Field\>] of type [\<Logical Type\>]** | Make sure that the parser maps the correct source field to the output field. If mapped correctly, update the parser to transform the source value to the correct type, value or format. Refer to the [list of logical types](normalization-about-schemas.md#logical-types) for more information on the correct values and formats for each logical type. <br><br>Note that the testing tool lists only a sample of 10 invalid values. |

+| **(0) Error: Empty value in mandatory field [\<Field\>]** | Mandatory fields should be populated, not just defined. Check whether the field can be populated from other sources for records for which the current source is empty. |

+| **(1) Error: Empty value in recommended field [\<Field\>]** | Recommended fields should usually be populated. Check whether the field can be populated from other sources for records for which the current source is empty. |

+| **(1) Error: Empty value in alias [\<Field\>]** | Check whether the aliased field is mandatory or recommended, and if so, whether it can be populated from other sources. |

+|||

+> [!NOTE]

+> Errors will prevent content using the parser from working correctly. Warnings will not prevent content from working, but may reduce the quality of the results.

+>

+### Check for incomplete parsing

+> Ensure you create a new and exclusive Recovery Services vault for setting up the preview appliance. Don't use an existing vault.

+* **IP not found or Machine does not have IP address**: If the virtual machine doesn't have a valid IP address associated with it, then you will not be able to select the machine on Azure portal. Ensure to assign a valid IP address to the virtual machine, [refresh the configuration server](vmware-azure-manage-configuration-server.md#refresh-configuration-server). It could also be caused if the machine does not have a valid IP address associated with one of its NIC's. Either assign a valid IP address to all NIC's or remove the NIC that's missing the IP. After this, virtual machine will be listed on the portal.

+ UnifiedAgent.exe /Role "Agent" /InstallLocation "C:\Program Files (x86)\Microsoft Azure Site Recovery" /Platform "VmWare" /Silent

+Syntax | `UnifiedAgent.exe /Role \<Agent/MasterTarget> /InstallLocation \<Install Location> /Platform "VmWare" /Silent`

+Syntax | `./install -d \<Install Location> -r \<Agent/MasterTarget> -v VmWare -q`

+`-r` | Mandatory installation parameter. Specifies whether the Mobility service (Agent) or master target (MasterTarget) should be installed.

+## Disable cache for authenticated paths

+If you have enabled [enterprise-grade edge](enterprise-edge.md), or set up [manual integration with Azure Front Door](front-door-manual.md), you may want to disable caching for your secured routes.

+To disable Azure Front Door caching for secured routes, add `"Cache-Control": "no-store"` to the route header definition.

+For example:

+```json

+{

+ "route": "/members",

+ "allowedRoles": ["authenticated, members"],

+ "headers": {

+ "Cache-Control": "no-store"

+ }

+}

+```

+- Values are case-sensitive

+> - Create an Azure Front Door Standard/Premium instance

+> This tutorial requires the Azure Static Web Apps Standard and Azure Front Door Standard / Premium plans.

+## Copy web app URL

+1. Navigate to the Azure home screen.

+1. Search for **Front Door**.

+1. Select **Front Door Standard/Premium**.

+ Make sure to select the service labeled *Front Door Standard/Premium* and not the plain *Front Door* option.

+1. Select the **Azure Front Door Standard/Premium** option.

+1. Select the **Quick create** option.

+1. Select the **Continue to create a front door** button.

+ | Name | Enter **my-static-web-app-front-door**. |

+ | Tier | Select **Standard**. |

+ | Endpoint name | Enter a unique name for your Front Door host. |

+ | Origin type | Select **Custom**. |

+ | Origin host name | Enter the hostname of your static web app that you set aside from the beginning of this tutorial. Make sure your value does not include a trailing slash or protocol. (For example, `desert-rain-04056.azurestaticapps.net`) |

+ | Caching | Check the **Enable caching** checkbox. |

+ | Query string caching behavior | Select **Use Query string** from the dropdown. |

+1. Select **Review + create**.

+1. Select **Create**.

+ The creation process may take a few minutes to complete.

+1. Select **Go to resource**.

+## Disable cache for auth workflow

+Add the following settings to disable Front Door's caching policies from trying to cache authentication and authorization-related pages.

+### Add a condition

+1. Under *Settings*, select **Rule set**.

+1. In the *Rule set name* textbox, enter **Security**.

+1. In the *Rule name* textbox, enter **NoCacheAuthRequests**.

+1. Select **Add a condition**.

+1. Select **Request path**.

+1. Select **Begins With** in the *Operator* drop down.

+1. Select the **Edit** link above the *Value* textbox.

+1. Enter **/.auth** in the textbox.

+1. Select the **Update** button.

+1. Select the **No transform** option from the *Case transform* dropdown.

+### Add an action

+1. Select the **Add an action** dropdown.

+1. Select **Cache expiration**.

+1. Select **Bypass cache** in the *Cache Behavior* dropdown.

+1. Select the **Save** button.

+### Associate rule to an endpoint

+Now that the rule is created, you apply the rule to a Front Door endpoint.

+1. Select the **Unassociated** link.

+1. Select the Endpoint name to which you want to apply the caching rule.

+1. Select the **Next** button.

+1. Select the **Associate** button.

+## Copy Front Door ID

+Use the following steps to copy the Front Door instance's unique identifier.

+1. Select the **Overview** link on the left-hand navigation.

+1. From the *Overview* window, copy the value labeled **Front Door ID** and paste it into a file for later use.

+- Disable caching for secured routes

+1. For all secured routes in your app, disable Azure Front Door caching by adding `"Cache-Control": "no-store"` to the route header definition.

+ ```json

+ {

+ "route": "/members",

+ "allowedRoles": ["authenticated, members"],

+ "headers": {

+ "Cache-Control": "no-store"

+ }

+ }

+ ```

+## Considerations

+- **Custom domains**: Now that Front Door is managing your site, you no long use the Azure Static Web Apps custom domain feature. Azure Front Door has a separate process for adding a custom domain. Refer to [Add a custom domain to your Front Door](../frontdoor/front-door-custom-domain.md). When you add a custom domain to Front Door, you'll need to update your static web app configuration file to include it in the `allowedForwardedHosts` list.

+- **Traffic statistics**: By default, Azure Front Door configures [health probes](../frontdoor/front-door-health-probes.md) that may affect your traffic statistics. You may want to edit the default values for the [health probes](../frontdoor/front-door-health-probes.md).

+- **Serving old versions**: When you deploy updates to existing files in your static web app, Azure Front Door may continue to serve older versions of your files until their [time-to-live](https://wikipedia.org/wiki/Time_to_live) expires. [Purge the Azure Front Door cache](../frontdoor/front-door-caching.md#cache-purge) for the affected paths to ensure the latest files are served.

+## Clean up resources

+If you no longer want to use the resources created in this tutorial, delete the Azure Static Web Apps and Azure Front Door instances.

+**Writers:** Vengatesh Parasuraman, Fretz Nuson, Ron Dunn, Khendr'a Reid, John Hoang, Nithesh Krishnappa, Mykola Kovalenko, Brad Schacht, Pedro Matinez, Mark Pryce-Maher, and Arshad Ali.

+### Partitioning column returns NULL values

+If your query returns `NULL` values instead of partitioning columns or cannot find the partition columns, you have few possible troubleshooting steps:

+- If you are using tables to query partitioned data set, note that the tales do not support partitioning. Replace the table with the [partitioned views](create-use-views.md#partitioned-views).

+- If you are using the [partitioned views](create-use-views.md#partitioned-views) with the OPENROWSET that [queries partitioned files using the FILEPATH() function](query-specific-files.md), make sure that you have correctly specified wildcard pattern in the location that that you have used the proper index for referencing the wildcard.

+- If you are querying the files directly in the partitioned folder, note that the partitioning columns are not the parts of the file columns. The partitioning values are placed in the folder paths and not the files. Therefore, the files do not contain the partitioning values.

+### Query failed because of a topology change or compute container failure

+This error might indicate that some internal process issue happened in the serverless SQL pool. File a support ticket with all necessary details that could help Azure support team to investigate the issue.

+Please specify in the support requests anything that might be unusual compared to the regular workload, such as large number of concurrent requests or some special workload or query that started executing before this error happened.

+Serverless SQL pools enable you to query Cosmos DB analytical storage using the `OPENROWSET` function. Make sure that your Cosmos DB container has analytical storage. Make sure that you correctly specified account, database, and container name. also, make sure that your Cosmos DB account key is valid - see [prerequisites](query-cosmos-db-analytical-store.md#prerequisites).

+### Cannot query Cosmos DB using the OPENROWSET function

+If you cannot connect to your Cosmos DB account, take a look at [prerequisites](query-cosmos-db-analytical-store.md#prerequisites). Possible errors and troubleshooting actions are listed in the following table.

+| Syntax errors:<br/> - Incorrect syntax near `Openrowset`<br/> - `...` is not a recognized `BULK OPENROWSET` provider option.<br/> - Incorrect syntax near `...` | Possible root causes:<br/> - Not using Cosmos DB as the first parameter.<br/> - Using a string literal instead of an identifier in the third parameter.<br/> - Not specifying the third parameter (container name). |

+| There was an error in the Cosmos DB connection string. | - The account, database, or key isn't specified. <br/> - There's some option in a connection string that isn't recognized.<br/> - A semicolon (`;`) is placed at the end of a connection string. |

+| Resolving Cosmos DB path has failed with the error "Incorrect account name" or "Incorrect database name." | The specified account name, database name, or container can't be found, or analytical storage hasn't been enabled to the specified collection.|

+| Resolving Cosmos DB path has failed with the error "Incorrect secret value" or "Secret is null or empty." | The account key isn't valid or is missing. |

+### UTF-8 collation warning is returned while reading Cosmos DB string types

+- If you are using full-fidelity [schema representation](../../cosmos-db/analytical-store-introduction.md#schema-representation) make sure that you are adding type suffix after property name like `$.price.int64`. If you don't see a value for the referenced path, maybe it is stored under different type path, for example `$.price.float64`. See [how to query Cosmos DB collections in the full-fidelity schema](query-cosmos-db-analytical-store.md#query-items-with-full-fidelity-schema).

+### Resolving Cosmos DB path has failed

+If you are getting the error: `Resolving Cosmos DB path has failed with error 'This request is not authorized to perform this operation.'`, check do you use private endpoints in Cosmos DB. To allow SQL serverless to access an analytical store with private endpoint, you need to [configure private endpoints for Azure Cosmos DB analytical store](../../cosmos-db/analytical-store-private-endpoints.md#using-synapse-serverless-sql-pools).

+### Cosmos DB performance issues

+The serverless SQL pool assign the resources to the queries based on the size of data set and query complexity. You cannot change or limit the resources that are provided to the queries. There are some cases where you might experience unexpected query performance degradations and identify the root causes.

+If you are getting the [Resolving Cosmos DB path has failed](#resolving-cosmos-db-path-has-failed) error, make sure that you configured firewall.

+Learn here how to [query Cosmos DB analytical store](query-cosmos-db-analytical-store.md). You can use [online generator](https://htmlpreview.github.io/?https://github.com/Azure-Samples/Synapse/blob/main/SQL/tools/cosmosdb/generate-openrowset.html) to generate the `WITH` clause based on a sample Cosmos DB document.

+WITH taxi_rides AS (

+SELECT

+ CAST([tpepPickupDateTime] AS DATE) AS [current_day],

+ COUNT(*) as rides_per_day

+FROM

+ OPENROWSET(

+ BULK 'https://azureopendatastorage.blob.core.windows.net/nyctlc/yellow/puYear=*/puMonth=*/*.parquet',

+ FORMAT='PARQUET'

+ ) AS [nyc]

+WHERE nyc.filepath(1) = '2016'

+GROUP BY CAST([tpepPickupDateTime] AS DATE)

+public_holidays AS (

+SELECT

+ holidayname as holiday,

+ date

+FROM

+ OPENROWSET(

+ BULK 'https://azureopendatastorage.blob.core.windows.net/holidaydatacontainer/Processed/*.parquet',

+ FORMAT='PARQUET'

+ ) AS [holidays]

+WHERE countryorregion = 'United States' AND YEAR(date) = 2016

+),

+joined_data AS (

+ *

+)

+SELECT

+ *,

+ holiday_rides =

+ CASE

+ WHEN holiday is null THEN 0

+ WHEN holiday is not null THEN rides_per_day

+ END

+FROM joined_data

+This time, we want to highlight the number of taxi rides during public holidays. For that purpose, we choose **current_day** for the **Category** column and **rides_per_day** and **holiday_rides** as the **Legend (series)** columns.