-The Microsoft Authentication Library (MSAL) defines two types of clients: public clients and confidential clients. The two client types are distinguished by their ability to authenticate securely with the authorization server and maintain the confidentiality of their client credentials.

-Here are some similarities and differences between public and confidential client apps:

-In MSAL, the client ID (also called the _application ID_ or _app ID_) is passed once at the construction of the application. It doesn't need to be passed again when the app acquires a token. This is true for both public and confidential client apps. Constructors of confidential client apps are also passed client credentials: the secret they share with the identity provider.

-The user-agent application is a form of public client application in which the client code is executed in a user-agent such as a web browser. Such clients don't store secrets because the browser context is openly accessible.

-Initialize the MSAL.js authentication context by instantiating a [PublicClientApplication][msal-js-publicclientapplication] with a [Configuration][msal-js-configuration] object. The minimum required configuration property is the `clientID` of your application, shown as the **Application (client) ID** on the **Overview** page of the app registration in the Azure portal.

- clientId: "11111111-1111-1111-111111111111",

- authority: "https://login.microsoftonline.com/common",

- redirectUri: "https://localhost:3001",

- postLogoutRedirectUri: "https://localhost:3001/logout",

-Invoke [handleRedirectPromise][msal-js-handleredirectpromise] when your application uses the redirect flows. When using the redirect flows, `handleRedirectPromise` should be run on every page load.

-There are three possible outcomes from the promise:

-Initialize the MSAL 1.x authentication context by instantiating a [UserAgentApplication][msal-js-useragentapplication] with a configuration object. The minimum required configuration property is the `clientID` of your application, shown as the **Application (client) ID** on the **Overview** page of the app registration in the Azure portal.

- clientId: "11111111-1111-1111-111111111111",

-Multiple instances of `UserAgentApplication` or `PublicClientApplication` aren't recommended as they cause conflicting cache entries and behavior in the browser.

-Single sign-on (SSO) provides a more seamless experience by reducing the number of times your users are asked for their credentials. Users enter their credentials once, and the established session can be reused by other applications on the device without further prompting.

-Azure Active Directory (Azure AD) enables SSO by setting a session cookie when a user authenticates for the first time. MSAL.js also caches the ID tokens and access tokens of the user in the browser storage per application domain. These two mechanisms (i.e. Azure AD session cookie and MSAL cache) are independent of each other, but works together to provide SSO behavior.

-When a user has your application open in several tabs and signs in on one of them, they can be signed into the same app open on the other tabs without being prompted. To do so, you'll need to set the *cacheLocation* in MSAL.js configuration object to `localStorage` as shown below.

-When a user authenticates, a session cookie is set on the Azure AD domain in the browser. MSAL.js relies on this session cookie to provide SSO for the user between different applications. In particular, MSAL.js offers the `ssoSilent` method to sign-in the user and obtain tokens without an interaction. However, if the user has multiple user accounts in a session with Azure AD, then the user is prompted to pick an account to sign in with. As such, there are two ways to achieve SSO using `ssoSilent` method.

-You can attempt to use the `ssoSilent` method without passing any `account`, `sid` or `login_hint` as shown in the code below:

-However, there's a likelihood of silent sign-in errors if the application has multiple users in a single browser session or if the user has multiple accounts for that single browser session. You may see the following error in the case of multiple accounts:

-The error indicates that the server couldn't determine which account to sign into, and will require either one of the parameters above (`account`, `login_hint`, `sid`) or an interactive sign-in to choose the account.

-If you like Azure AD to prompt the user for entering their credentials despite there being an active session with the authorization server, you can use the **login** prompt parameter in requests with MSAL.js. See [MSAL.js prompt behavior](msal-js-prompt-behavior.md) for more.

-When you acquire an access token using the Microsoft Authentication Library for .NET (MSAL.NET), the token is cached. When the application needs a token, it should try to fetch it from the cache first.

-Web APIs on ASP.NET Core should use Microsoft.Identity.Web. Web APIs on ASP.NET classic, use MSAL directly, by calling `AcquireTokenOnBehalfOf` and should configure memory or distributed caching. For more information, see [Token cache serialization in MSAL.NET](msal-net-token-cache-serialization.md?tabs=aspnet). There is no need to call `AcquireTokenSilent` API. There is no API to clear the cache. Cache size can be managed by setting eviction policies on the underlying cache store, such as MemoryCache, Redis etc.

-Applications which request tokens for an app identity, with no user involved, by calling `AcquiretTokenForClient` can either rely on MSAL's internal caching, define their own memory token caching or distributed token caching. For instructions and more information, see [Token cache serialization in MSAL.NET](msal-net-token-cache-serialization.md?tabs=aspnet).

-Since no user is involved, there is no need to call `AcquireTokenSilent` API. `AcquireTokenForClient` will look in the cache on its own. There is no API to clear the cache. Cache size is proportional with the number of tenants and resources you need tokens for. Cache size can be managed by setting eviction policies on the underlying cache store, such as MemoryCache, Redis etc.

-For authentication flows that require a user interaction, MSAL caches the access, refresh, and ID tokens, as well as the `IAccount` object, which represents information about a single account. Learn more about [IAccount](/dotnet/api/microsoft.identity.client.iaccount?view=azure-dotnet&preserve-view=true). For application flows, such as [client credentials](msal-authentication-flows.md#client-credentials), only access tokens are cached, because the `IAccount` object and ID token require a user, and the refresh token is not applicable.

-In the following example, the application first attempts to acquire a token from the token cache. If a `MsalUiRequiredException` exception is thrown, the application acquires a token interactively.

-In public client applications, clearing the cache is achieved by removing the accounts from the cache. This does not remove the session cookie which is in the browser, though.

- Requests can only be forwarded to alternate approvers a day after the request duration reaches half-life, and the decision of the main approver(s) has to time out after at least four days. If the request time-out is less or equal than three, there isn't enough time to forward the request to alternate approver(s). In this example, the duration of the request is 14 days. So, the request duration reaches half-life at day 7. So the request can't be forwarded earlier than day 8. Also, requests can't be forwarded on the last day of the request duration. So in the example, the latest the request can be forwarded is day 13.

- $TemplateId = (Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq "Group.Unified" }).Id

- $Template = Get-AzureADDirectorySettingTemplate | where -Property Id -Value $TemplateId -EQ

- $Setting = $Template.CreateDirectorySetting()

- $Setting["NewUnifiedGroupWritebackDefault"] = "False"

- New-AzureADDirectorySetting -DirectorySetting $Setting

- #Connect to MgGraph and select the Beta API Version

-> We recomend using Microsoft Graph PowerShell SDK with [Windows PowerShell 7](/powershell/scripting/whats-new/migrating-from-windows-powershell-51-to-powershell-7?view=powershell-7.3&preserve-view=true)

-

-* Digital Pigeon single sign-on (SSO) enabled subscription.

- > Please click [here](../develop/howto-add-app-roles-in-azure-ad-apps.md#app-roles-ui) to know how to configure Role in Azure AD. Role value is one of 'Digital Pigeon User', 'Digital Pigeon Power User', or 'Digital Pigeon Admin'. If role claim not supplied, default role is configurable in Digital Pigeon app by a Digital Pigeon Owner.

-1. On the **Basic SAML Configuration** section, perform the following steps:

- a. In the **Identifier** textbox, type a URL using the following pattern:

- `https://digitalpigeon.com/saml2/service-provider-metadata/<CustomerID>`

- b. In the **Reply URL** textbox, type a URL using the following pattern:

- `https://digitalpigeon.com/login/saml2/sso/<CustomerID>`

- > [!NOTE]

- > These values are not real. Update these values with the actual Identifier and Reply URL. Contact [Digital Pigeon Client support team](mailto:help@digitalpigeon.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.

-1. On the **Set up Digital Pigeon** section, copy the appropriate URL(s) based on your requirement.

-## Configure Digital Pigeon SSO

-To configure single sign-on on **Digital Pigeon** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Digital Pigeon support team](mailto:help@digitalpigeon.com). They set this setting to have the SAML SSO connection set properly on both sides.

- a. In the **Identifier (Entity ID)** text box, type a URL using one of the following patterns:

-

- | **Identifier** |

- ||

- | `https://<companyname>.cybozu.com` |

- | `https://<companyname>.kintone.com` |

-In this article, you'll learn how to integrate my.sdworx.com with Azure Active Directory (Azure AD). my.sdworx.com is a SD Worx portal. When you integrate my.sdworx.com with Azure AD, you can:

-1. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.

-To configure single sign-on on **my.sdworx.com** side, you need to send the **App Federation Metadata Url** to [my.sdworx.com support team](mailto:support@sdworx.com). They set this setting to have the SAML SSO connection set properly on both sides.

-In this section, you create a user called Britta Simon at my.sdworx.com. Work with [my.sdworx.com support team](mailto:support@sdworx.com) to add the users in the my.sdworx.com platform. Users must be created and activated before you use single sign-on.

- "redirectUri": "vcclient://openid",

-1. In **Redirect URI (optional)**, select **Public client/native (mobile & desktop)**, and then enter **vcclient://openid**.

-See the [Rules and display definitions reference](rules-and-display-definitions-model.md).

-$desIdentity=az disk-encryption-set show -n myDiskEncryptionSetName -g myResourceGroup --query "[identity.principalId]" -o tsv

-$diskEncryptionSetId=az disk-encryption-set show -n mydiskEncryptionSetName -g myResourceGroup --query "[id]" -o tsv

-5. Create a *azure-disk-pod.yaml* file to reference your *PersistentVolumeClaim*. For example:

-Building and running applications successfully in Azure Kubernetes Service (AKS) require understanding and implementation of some key considerations, including:

-The AKS product group, engineering teams, and field teams (including global black belts [GBBs]) contributed to, wrote, and grouped the following best practices and conceptual articles. Their purpose is to help cluster operators and developers understand the considerations above and implement the appropriate features.

-As a cluster operator, work together with application owners and developers to understand their needs. You can then use the following best practices to configure your AKS clusters as needed.

-**Multi-tenancy**

-**Security**

-**Network and storage**

-**Running enterprise-ready workloads**

-As a developer or application owner, you can simplify your development experience and define require application performance needs.

-## Kubernetes / AKS concepts

-To help understand some of the features and components of these best practices, you can also see the following conceptual articles for clusters in Azure Kubernetes Service (AKS):

-> [!IMPORTANT]

-> There is a latency issue with Azure Active Directory groups when attaching ACR. If the AcrPull role is granted to an Azure AD group and the kubelet identity is added to the group to complete the RBAC configuration, there might be up to a one-hour delay before the RBAC group update takes effect. We recommended you use the [Bring your own kubelet identity][byo-kubelet-identity] in the meantime. You can pre-create a user-assigned identity, add it to the Azure AD group, and then use the identity as the kubelet identity to create an AKS cluster. This ensures the identity is first added to the Azure AD group and then a token is generated by kubelet, which works around the latency issue.

-description: Learn how to configure outbound types in Azure Kubernetes Service (AKS)

-description: Learn how to define a custom egress route in Azure Kubernetes Service (AKS)

-> - If your cluster is running Kubernetes version 1.24.0 or greater, the OSM add-on installs version *1.2.2* of OSM.

-> - If your cluster is running Kubernetes version 1.24.0 or greater, the OSM add-on installs version *1.2.2* of OSM.

-> - If your cluster is running Kubernetes version 1.24.0 or greater, the OSM add-on installs version *1.2.2* of OSM.

-> - If your cluster is running Kubernetes version 1.24.0 or greater, the OSM add-on installs version *1.2.2* of OSM.

-Ports will be assigned from the range `40000-59999` and will be unique across the cluster. The assigned ports will also be added to environment variables inside the pod so that the application can determine what ports were assigned.

-# Use an Azure AD workload identity (preview) on Azure Kubernetes Service (AKS)

-> Azure deploys each new App Service plan into a deployment unit, internally called a webspace. Each region can have many webspaces, but your app can only move between plans that are created in the same webspace. An App Service Environment is an isolated webspace, so apps can be moved between plans in the same App Service Environment, but not between plans in different App Service Environments.

- If you want to alert on a status or runbook that isn't shown in the dropdown, click the **Add custom value** option next to the dimension. This action opens a dialog that allows you to specify a custom value, which hasn't emitted for that dimension recently. If you enter a value that doesn't exist for a property your alert won't be triggered.

-description: Guidance and recommendations for deploying Azure Monitor.

-# Azure Monitor best practices

-This scenario provides recommended guidance for configuring features of Azure Monitor to monitor the performance and availability of your cloud and hybrid applications and resources.

-Azure Monitor is available the moment you create an Azure subscription. The Activity log immediately starts collecting events about activity in the subscription, and platform metrics are collected for any Azure resources you created. Features such as metrics explorer are available to analyze data. Other features require configuration. This scenario identifies the configuration steps required to take advantage of all Azure Monitor features. It also makes recommendations for which features you should leverage and how to determine configuration options based on your particular requirements.

-Enabling Azure Monitor to monitor all of your Azure resources is a combination of configuring Azure Monitor components and configuring Azure resources to generate monitoring data for Azure Monitor to collect. The goal of a complete implementation is to collect all useful data from all of your cloud resources and applications and enable the entire set of Azure Monitor features based on that data.

-> [!IMPORTANT]

-> If you're new to Azure Monitor or are focused on simply monitoring a single Azure resource, then you should start with the tutorial [Monitor Azure resources with Azure Monitor](essentials/monitor-azure-resource.md). The tutorial provides general concepts for Azure Monitor and guidance for monitoring a single Azure resource. This scenario provides recommendations for preparing your environment to leverage all features of Azure Monitor to monitoring your entire set of applications and resources together at scale.

-## Scope of the scenario

-The goal of this scenario is to walk you through the basic steps of a complete Azure Monitor implementation to ensure that you're taking full advantage of its features and maximizing the observability of your cloud and hybrid applications and resources. It focuses on configuration requirements and deployment options as opposed to actual configuration details. Links are provided to other content that provide the details for actually performing required configuration.

-## Scenario articles

-This article introduces the scenario. If you want to jump right into a specific area, see one of the other articles that are part of this scenario described in the following table.

-| Article | Description |

-|:|:|

-| [Planning](best-practices-plan.md) | Planning that you should consider before starting your implementation. Includes design decisions and information about your organization and requirements that you should gather. |

-| [Configure data collection](best-practices-data-collection.md) | Tasks required to collect monitoring data from your Azure and hybrid applications and resources. |

-| [Analysis and visualizations](best-practices-analysis.md) | Standard features and additional visualizations that you can create to analyze collected monitoring data. |

-| [Alerts and automated responses](best-practices-alerts.md) | Configure notifications and processes that are automatically triggered when an alert is created. |

-| [Best practices and cost management](best-practices-cost.md) | Reducing your cloud monitoring costs by implementing and managing Azure Monitor in the most cost-effective manner. |

-## Next steps

-description: Learn how to navigate to a change in your service using custom filters in Azure Monitor's Change Analysis.

-ms.contributor: cawa

-ms.reviwer: cawa

-# Navigate to a change using custom filters in Change Analysis

-Browsing through a long list of changes in the entire subscription is time consuming. With Change Analysis custom filters and search capability, you can efficiently navigate to changes relevant to issues for troubleshooting.

-## Custom filters and search bar

-### Filters

-| Filter | Description |

-| | -- |

-| Subscription | This filter is in-sync with the Azure portal subscription selector. It supports multiple-subscription selection. |

-| Time range | Specifies how far back the UI display changes, up to 14 days. By default, itΓÇÖs set to the past 24 hours. |

-| Resource group | Select the resource group to scope the changes. By default, all resource groups are selected. |

-| Change level | Controls which levels of changes to display. Levels include: important, normal, and noisy. <ul><li>Important: related to availability and security</li><li>Noisy: Read-only properties that are unlikely to cause any issues</li></ul> By default, important and normal levels are checked. |

-| Resource | Select **Add filter** to use this filter. </br> Filter the changes to specific resources. Helpful if you already know which resources to look at for changes. [If the filter is only returning 1,000 resources, see the corresponding solution in troubleshooting guide](./change-analysis-troubleshoot.md#cant-filter-to-your-resource-to-view-changes). |

-| Resource type | Select **Add filter** to use this filter. </br> Filter the changes to specific resource types. |

-### Search bar

-The search bar filters the changes according to the input keywords. Search bar results apply only to the changes loaded by the page already and don't pull in results from the server side.

-## Next steps

-[Troubleshoot Change Analysis](./change-analysis-troubleshoot.md).

-description: Learn how to pin an Azure Monitor Change Analysis query to the Azure dashboard and share with your team.

-ms.contributor: cawa

-ms.reviwer: cawa

-# Pin and share a Change Analysis query to the Azure dashboard

-Let's say you want to curate a change view on specific resources, like all Virtual Machine changes in your subscription, and include it in a report sent periodically. You can pin the view to an Azure dashboard for monitoring or sharing scenarios. If you'd like to share a specific change with your team members, you can use the share feature in the Change Details page.

-## Pin to the Azure dashboard

-Once you have applied filters to the Change Analysis homepage:

-1. Select **Pin current filters** from the top menu.

-1. Enter a name for the pin.

-1. Click **OK** to proceed.

- :::image type="content" source="./media/change-analysis/click-pin-menu.png" alt-text="Screenshot of selecting Pin current filters button in Change Analysis":::

-A side pane will open to configure the dashboard where you'll place your pin. You can select one of two dashboard types:

-| Dashboard type | Description |

-| -- | -- |

-| Private | Only you can access a private dashboard. Choose this option if you're creating the pin for your own easy access to the changes. |

-| Shared | A shared dashboard supports role-based access control for view/read access. Shared dashboards are created as a resource in your subscription with a region and resource group to host it. Choose this option if you're creating the pin to share with your team. |

-### Select an existing dashboard

-If you already have a dashboard to place the pin:

-1. Select the **Existing** tab.

-1. Select either **Private** or **Shared**.

-1. Select the dashboard you'd like to use.

-1. If you've selected **Shared**, select the subscription in which you'd like to place the dashboard.

-1. Select **Pin**.

-

- :::image type="content" source="./media/change-analysis/existing-dashboard-small.png" alt-text="Screenshot of selecting an existing dashboard to pin your changes to. ":::

-### Create a new dashboard

-You can create a new dashboard for this pin.

-

-1. Select the **Create new** tab.

-1. Select either **Private** or **Shared**.

-1. Enter the name of the new dashboard.

-1. If you're creating a shared dashboard, enter the resource group and region information.

-1. Click **Create and pin**.

- :::image type="content" source="./media/change-analysis/create-pin-dashboard-small.png" alt-text="Screenshot of creating a new dashboard to pin your changes to.":::

-Once the dashboard and pin are created, navigate to the Azure dashboard to view them.

-1. From the Azure portal home menu, select **Dashboard**. Use the **Manage Sharing** button in the top menu to handle access or "unshare". Click on the pin to navigate to the curated view of changes.

- :::image type="content" source="./media/change-analysis/azure-dashboard.png" alt-text="Screenshot of selecting the Dashboard in the Azure portal home menu.":::

- :::image type="content" source="./media/change-analysis/view-share-dashboard.png" alt-text="Screenshot of the pin in the dashboard.":::

-## Share a single change with your team

-In the Change Analysis homepage, select a line of change to view details on the change.

-1. On the Changed properties page, select **Share** from the top menu.

-1. On the Share Change Details pane, copy the deep link of the page and share with your team in messages, emails, reports, or whichever communication channel your team prefers.

- :::image type="content" source="./media/change-analysis/share-single-change.png" alt-text="Screenshot of selecting the share button on the dashboard and copying link.":::

-## Next steps

-Learn more about [Change Analysis](change-analysis.md).

-description: Learn how to use visualizations in Azure Monitor's Change Analysis.

-# Visualizations for Change Analysis in Azure Monitor

-Change Analysis provides data for various management and troubleshooting scenarios to help you understand what changes to your application might have caused the issues. You can view the Change Analysis data through several channels:

-## Change Analysis overview portal

-You can connect to Azure Government by setting the cloud name to `AzureUSGovernment` and then proceeding to log in as you normally would with the `az login` command. After running the log-in command, a browser will launch where you enter the appropriate Azure Government credentials.

-In many cases resiliency across availability zones is achieved by HA architectures using application-based replication and HA, as explained in Using availability zones for high availability. However, often simpler, more cost-effective approaches are considered by using storage-based data replication instead.

-| Afrikaans | `af-ZA` | | Γ£ö | |

-| Bangla | `bn-BD` | | Γ£ö | |

-| Bosnian | `bs-Latn` | | Γ£ö | |

-| Chinese (Traditional) | `zh-Hant` | | Γ£ö | |

-| Fijian | `en-FJ` | | Γ£ö | |

-| Filipino | `fil-PH` | | Γ£ö | |

-| Haitian | `fr-HT` | | Γ£ö | |

-| Icelandic | `is-IS` | Γ£ö | | |

-| Indonesian | `id-ID` | | Γ£ö | |

-| Kiswahili | `sw-KE` | | Γ£ö | |

-| Lithuanian | `lt-LT` | | Γ£ö | |

-| Malagasy | `mg-MG` | | Γ£ö | |

-| Maltese | `mt-MT` | | Γ£ö | |

-| Samoan | `en-WS` | | Γ£ö | |

-| Serbian (Cyrillic) | `sr-Cyrl-RS` | |Γ£ö | |

-| Serbian (Latin) | `sr-Latn-RS` | | Γ£ö | |

-| Tamil | `ta-IN` | Γ£ö | Γ£ö | |

-| Telugu | `te-IN` | Γ£ö | Γ£ö | |

-| Tongan | `to-TO` | | Γ£ö | |

-| Turkish | `tr-TR` | Γ£ö | Γ£ö| Γ£ö |

-| Urdu | `ur-PK` | | | |

-This article leads you through the configuration steps to back up SQL Server databases by using Azure Backup.

-To back up SQL Server databases to Azure, you need an Azure account. If you don't have one, you can create a free account in just a few minutes. For more information, see [Create your Azure free account](https://azure.microsoft.com/pricing/free-trial/).

->[!NOTE]

->DPM 2019 UR2 supports SQL Server Failover Cluster Instances (FCI) using Cluster Shared Volumes (CSV).<br><br>

->Protection of [SQL Server failover cluster instance with Storage Spaces Direct on Azure](/azure/azure-sql/virtual-machines/windows/failover-cluster-instance-storage-spaces-direct-manually-configure) and [SQL Server failover cluster instance with Azure shared disks](/azure/azure-sql/virtual-machines/windows/failover-cluster-instance-azure-shared-disks-manually-configure) is supported with this feature. The DPM server must be deployed in the Azure Virtual Machine to protect SQL FCI instance deployed on Azure VMs.

-* If you have a database with files on a remote file share, protection will fail with Error ID 104. DPM doesn't support protection for SQL Server data on a remote file share.

- * SQL server 2014 added a new feature to create a [database for on-premises SQL Server in Windows Azure Blob storage](/sql/relational-databases/databases/sql-server-data-files-in-microsoft-azure). DPM can't be used to protect this configuration.

- 

- 

- 

- 

- 

- >

- >

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

-Microsoft Azure Backup Server (MABS) provides backup and recovery for SQL Server databases. In addition to backing up SQL Server databases, you can run a system backup or full bare-metal backup of the SQL Server computer. Here's what MABS can protect:

->[!Note]

->MABS v3 UR2 supports SQL Server Failover Cluster Instance (FCI) using Cluster Shared Volume (CSV).

->

->Protection of SQL Server FCI with Storage Spaces Direct on Azure, and SQL Server FCI with Azure shared disks is supported with this feature. The DPM server must be deployed in the Azure Virtual Machine to protect the SQL FCI instance, deployed on the Azure VMs.

->

->A SQL Server Always On availability group with theses preferences:

->- Prefer Secondary

->- Secondary only

->- Primary

->- Any Replica

- 

- 

- 

- 

- 

- >

- >

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

- 

-### Next steps

-* Learn more about contextual conversations from this [dialog sample](https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/11.qnamaker) or learn more about [conceptual bot design for multi-turn conversations](/azure/bot-service/bot-builder-conversations).

-> You pay to use Custom Speech models, but you are not charged for training a model.

-*Azure Communication Services provides developers tools to integrate Microsoft Teams Data Loss Prevention that is compatible with Microsoft Teams. For more information, go to [how to implement Data Loss Prevention (DLP] (../../../../how-to/chat-sdk/data-loss-prevention.md)

-| Send message | [Graph API](/graph/teams-licenses) | $0 or $0.00075|

-description: Common issues, workarounds, and diagnostic steps, when using the Azure Functions trigger for Azure Cosmos DB

-# Diagnose and troubleshoot issues when using Azure Functions trigger for Azure Cosmos DB

-This article covers common issues, workarounds, and diagnostic steps, when you use the [Azure Functions trigger for Azure Cosmos DB](change-feed-functions.md).

-The Azure Functions trigger and bindings for Azure Cosmos DB depend on the extension package [Microsoft.Azure.WebJobs.Extensions.CosmosDB](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.CosmosDB) over the base Azure Functions runtime. Always keep these packages updated, as they might include fixes and new features that might address any potential issues you may encounter.

-This article will always refer to Azure Functions V2 whenever the runtime is mentioned, unless explicitly specified.

-The key functionality of the extension package is to provide support for the Azure Functions trigger and bindings for Azure Cosmos DB. It also includes the [Azure Cosmos DB .NET SDK](sdk-dotnet-core-v2.md), which is helpful if you want to interact with Azure Cosmos DB programmatically without using the trigger and bindings.

-If you want to use the Azure Cosmos DB SDK, make sure that you don't add to your project another NuGet package reference. Instead, **let the SDK reference resolve through the Azure Functions' Extension package**. Consume the Azure Cosmos DB SDK separately from the trigger and bindings

-Additionally, if you're manually creating your own instance of the [Azure Cosmos DB SDK client](./sdk-dotnet-core-v2.md), you should follow the pattern of having only one instance of the client [using a Singleton pattern approach](../../azure-functions/manage-connections.md?tabs=csharp#azure-cosmos-db-clients). This process avoids the potential socket issues in your operations.

-### Azure Function fails with error message collection doesn't exist

-Azure Function fails with error message "Either the source collection 'collection-name' (in database 'database-name') or the lease collection 'collection2-name' (in database 'database2-name') doesn't exist. Both collections must exist before the listener starts. To automatically create the lease collection, set 'CreateLeaseCollectionIfNotExists' to 'true'"

-This means that either one or both of the Azure Cosmos DB containers required for the trigger to work don't exist or aren't reachable to the Azure Function. **The error itself will tell you which Azure Cosmos DB database and container is the trigger looking for** based on your configuration.

-1. Verify the `ConnectionStringSetting` attribute and that it **references a setting that exists in your Azure Function App**. The value on this attribute shouldn't be the Connection String itself, but the name of the Configuration Setting.

-2. Verify that the `databaseName` and `collectionName` exist in your Azure Cosmos DB account. If you're using automatic value replacement (using `%settingName%` patterns), make sure the name of the setting exists in your Azure Function App.

-3. If you don't specify a `LeaseCollectionName/leaseCollectionName`, the default is "leases". Verify that such container exists. Optionally you can set the `CreateLeaseCollectionIfNotExists` attribute in your Trigger to `true` to automatically create it.

-4. Verify your [Azure Cosmos DB account's Firewall configuration](../how-to-configure-firewall.md) to see that it's not blocking the Azure Function.

-### Azure Function fails to start with "Shared throughput collection should have a partition key"

-The previous versions of the Azure Cosmos DB Extension didn't support using a leases container that was created within a [shared throughput database](../set-throughput.md#set-throughput-on-a-database). To resolve this issue, update the [Microsoft.Azure.WebJobs.Extensions.CosmosDB](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.CosmosDB) extension to get the latest version.

-### Azure Function fails to start with "PartitionKey must be supplied for this operation."

-This error means that you're currently using a partitioned lease collection with an old [extension dependency](#dependencies). Upgrade to the latest available version. If you're currently running on Azure Functions V1, you'll need to upgrade to Azure Functions V2.

-### Azure Function fails to start with "Forbidden (403); Substatus: 5300... The given request [POST ...] can't be authorized by AAD token in data plane"

-This error means your Function is attempting to [perform a non-data operation using Azure AD identities](troubleshoot-forbidden.md#non-data-operations-are-not-allowed). You can't use `CreateLeaseContainerIfNotExists = true` when using Azure AD identities.

-### Azure Function fails to start with "The lease collection, if partitioned, must have partition key equal to id."

-This error means that your current leases container is partitioned, but the partition key path isn't `/id`. To resolve this issue, you need to recreate the leases container with `/id` as the partition key.

-### You see a "Value can't be null. Parameter name: o" in your Azure Functions logs when you try to Run the Trigger

-This issue appears if you're using the Azure portal and you try to select the **Run** button on the screen when inspecting an Azure Function that uses the trigger. The trigger doesn't require for you to select Run to start, it will automatically start when the Azure Function is deployed. If you want to check the Azure Function's log stream on the Azure portal, just go to your monitored container and insert some new items, you'll automatically see the Trigger executing.

-### My changes take too long to be received

-This scenario can have multiple causes and all of them should be checked:

-1. Is your Azure Function deployed in the same region as your Azure Cosmos DB account? For optimal network latency, both the Azure Function and your Azure Cosmos DB account should be colocated in the same Azure region.

-2. Are the changes happening in your Azure Cosmos DB container continuous or sporadic?

-If it's the latter, there could be some delay between the changes being stored and the Azure Function picking them up. This is because internally, when the trigger checks for changes in your Azure Cosmos DB container and finds none pending to be read, it will sleep for a configurable amount of time (5 seconds, by default) before checking for new changes (to avoid high RU consumption). You can configure this sleep time through the `FeedPollDelay/feedPollDelay` setting in the [configuration](../../azure-functions/functions-bindings-cosmosdb-v2-trigger.md#configuration) of your trigger (the value is expected to be in milliseconds).

-3. Your Azure Cosmos DB container might be [rate-limited](../request-units.md).

-4. You can use the `PreferredLocations` attribute in your trigger to specify a comma-separated list of Azure regions to define a custom preferred connection order.

-5. The speed at which your Trigger receives new changes is dictated by the speed at which you're processing them. Verify the Function's [Execution Time / Duration](../../azure-functions/analyze-telemetry-data.md), if your Function is slow that will increase the time it takes for your Trigger to get new changes. If you see a recent increase in Duration, there could be a recent code change that might affect it. If the speed at which you're receiving operations on your Azure Cosmos DB container is faster than the speed of your Trigger, you'll keep lagging behind. You might want to investigate in the Function's code, what is the most time consuming operation and how to optimize it.

-### Some changes are repeated in my Trigger

-The concept of a "change" is an operation on a document. The most common scenarios where events for the same document are received are:

-* The account is using Eventual consistency. While consuming the change feed in an Eventual consistency level, there could be duplicate events in-between subsequent change feed read operations (the last event of one read operation appears as the first of the next).

-* The document is being updated. The Change Feed can contain multiple operations for the same documents, if that document is receiving updates, it can pick up multiple events (one for each update). One easy way to distinguish among different operations for the same document is to track the `_lsn` [property for each change](../change-feed.md#change-feed-and-_etag-_lsn-or-_ts). If they don't match, these are different changes over the same document.

-* If you're identifying documents just by `id`, remember that the unique identifier for a document is the `id` and its partition key (there can be two documents with the same `id` but different partition key).

-### Some changes are missing in my Trigger

-If you find that some of the changes that happened in your Azure Cosmos DB container aren't being picked up by the Azure Function or some changes are missing in the destination when you're copying them, follow the below steps.

-When your Azure Function receives the changes, it often processes them, and could optionally, send the result to another destination. When you're investigating missing changes, make sure you **measure which changes are being received at the ingestion point** (when the Azure Function starts), not on the destination.

-If some changes are missing on the destination, this could mean that is some error happening during the Azure Function execution after the changes were received.

-In this scenario, the best course of action is to add `try/catch` blocks in your code and inside the loops that might be processing the changes, to detect any failure for a particular subset of items and handle them accordingly (send them to another storage for further analysis or retry). Alternatively, you can configure Azure Functions [retry policies](../../azure-functions/functions-bindings-error-pages.md#retries).

-> [!NOTE]

-> The Azure Functions trigger for Azure Cosmos DB, by default, won't retry a batch of changes if there was an unhandled exception during your code execution. This means that the reason that the changes did not arrive at the destination might be because you are failing to process them.

-If the destination is another Azure Cosmos DB container and you're performing Upsert operations to copy the items, **verify that the Partition Key Definition on both the monitored and destination container are the same**. Upsert operations could be saving multiple source items as one in the destination because of this configuration difference.

-If you find that some changes weren't received at all by your trigger, the most common scenario is that there's **another Azure Function running**. It could be another Azure Function deployed in Azure or an Azure Function running locally on a developer's machine that has **exactly the same configuration** (same monitored and lease containers), and this Azure Function is stealing a subset of the changes you would expect your Azure Function to process.

-Additionally, the scenario can be validated, if you know how many Azure Function App instances you have running. If you inspect your leases container and count the number of lease items within, the distinct values of the `Owner` property in them should be equal to the number of instances of your Function App. If there are more owners than the known Azure Function App instances, it means that these extra owners are the ones "stealing" the changes.

-One easy way to work around this situation, is to apply a `LeaseCollectionPrefix/leaseCollectionPrefix` to your Function with a new/different value or, alternatively, test with a new leases container.

-### Need to restart and reprocess all the items in my container from the beginning

-1. Delete the documents in the lease collection (or delete and re-create the lease collection so it's empty)

-1. Set the [StartFromBeginning](../../azure-functions/functions-bindings-cosmosdb-v2-trigger.md#configuration) CosmosDBTrigger attribute in your function to true.

-Setting [StartFromBeginning](../../azure-functions/functions-bindings-cosmosdb-v2-trigger.md#configuration) to true will tell the Azure function to start reading changes from the beginning of the history of the collection instead of the current time. This only works when there are no already created leases (that is, documents in the leases collection). Setting this property to true when there are leases already created has no effect; in this scenario, when a function is stopped and restarted, it will begin reading from the last checkpoint, as defined in the leases collection. To reprocess from the beginning, follow the above steps 1-4.

-### Binding can only be done with IReadOnlyList\<Document> or JArray

-This error happens if your Azure Functions project (or any referenced project) contains a manual NuGet reference to the Azure Cosmos DB SDK with a different version than the one provided by the [Azure Functions Azure Cosmos DB Extension](./troubleshoot-changefeed-functions.md#dependencies).

-To work around this situation, remove the manual NuGet reference that was added and let the Azure Cosmos DB SDK reference resolve through the Azure Functions Azure Cosmos DB Extension package.

-### Changing Azure Function's polling interval for the detecting changes

-As explained earlier for [My changes take too long to be received](#my-changes-take-too-long-to-be-received), Azure function will sleep for a configurable amount of time (5 seconds, by default) before checking for new changes (to avoid high RU consumption). You can configure this sleep time through the `FeedPollDelay/feedPollDelay` setting in the [configuration](../../azure-functions/functions-bindings-cosmosdb-v2-trigger.md#configuration) of your trigger (the value is expected to be in milliseconds).

-* [Enable monitoring for your Azure Functions](../../azure-functions/functions-monitoring.md)

-* [Azure Cosmos DB .NET SDK Troubleshooting](./troubleshoot-dotnet-sdk.md)

- 1. In **Queue Alias**, enter the queue alias to use to select the context of your data extractions via ODP in Data Factory. Use the format `SLT-<your queue alias>`.

-DDoS IP Protection is currently available in the following regions.

-| Americas | Europe | Middle East | Africa | Asia Pacific |

-||-||--||

-| West Central US | France Central | UAE Central | South Africa North | Australia Central |

-| North Central US | Germany West Central | Qatar Central | | Korea Central |

-| West US | Switzerland North | | | Japan East |

-| West US 3 | France South | | | West India |

-| | Norway East | | | Jio India Central |

-| | Sweden Central | | | Australia Central 2 |

-| | Germany North | | | |

-

-Learn how to [configure the MSDO Azure DevOps extension](azure-devops-extension.md).

-## CLean up resources

-description: You can perform sensor health monitoring by using SNMP. The sensor responds to SNMP queries sent from an authorized monitoring server.

-Monitoring sensor health is possible through the Simple Network Management Protocol (SNMP). The sensor responds to SNMP requests sent by an authorized monitoring server. The SNMP monitor polls sensor OIDs periodically (up to 50 times a second).

-Download the SNMP MIB file from Defender for IoT in the Azure portal. Select **Sites and sensors > More actions > Download SNMP MIB file**.

-| CPU temperature | 1.3.6.1.4.1.53313.3.2 | STRING | Celsius indication for zero to 100 based on Linux input. "No sensors found" will be returned from any machine that has no actual physical temperature sensor (for example VMs)|

-## Prerequisites for AES and 3-DES Encryption Support for SNMP Version 3

-## Set up SNMP monitoring

-1. On the side menu, select **System Settings**.

-1. Expand **Sensor Management**, and select **SNMP MIB Monitoring** :

-1. Select **Add host** and enter the IP address of the server that performs the system health monitoring. You can add multiple servers.

-1. In **Authentication** section, select the SNMP version.

- - If you select V2, type the string in **SNMP v2 Community String**. You can enter up to 32 characters, and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). Spaces aren't allowed.

- - If you select V3, specify the following:

-

- | Parameter | Description |

- |--|--|

- | **Username** | The SNMP username can contain up to 32 characters and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). Spaces aren't allowed. <br /> <br />The username for the SNMP v3 authentication must be configured on the system and on the SNMP server. |

- | **Password** | Enter a case-sensitive authentication password. The authentication password can contain 8 to 12 characters and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). <br /> <br/>The username for the SNMP v3 authentication must be configured on the system and on the SNMP server. |

- | **Auth Type** | Select MD5 or SHA-1. |

- | **Encryption** | Select DES (56 bit key size)^[1](#1) or AES (AES 128 bits supported)^[2](#2). |

- | **Secret Key** | The key must contain exactly eight characters and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). |

- <a name="1"></a>¹ RFC3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

- <a name="2"></a>² RFC3826 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model

-1. Select **Save**.

-For more information, see [Export troubleshooting logs](how-to-troubleshoot-the-sensor-and-on-premises-management-console.md).

-Here are some resources that may be useful while working with Azure Digital Twins. You can view more resources under the **Resources** header in the table of contents for this documentation set.

-## October 20, 2022

-## Microsoft Energy Data Services Preview Release

-### Key Announcement

-Microsoft Energy Data Services is now available in public preview.

-The Microsoft compliance framework requires that all customer data be deleted within 180 days in accordance with [Azure subscription states](https://learn.microsoft.com/azure/cost-management-billing/manage/subscription-states) handling.  This also includes storage of customer data in offline locations, such as database backups. 

-| First seen | This column displays the date that the asset was first observed by crawling | All |

-| Last seen | This column displays the date that the asset was last observed by crawling infrastructure. | All |

-| Discovered on | The date that the asset was found in a discovery run scanning for assets related to an organizationΓÇÖs known infrastructure. | All |

-| Last updated | This column displays the date that the asset was last updated in the system after new data was found in a scan. | All |

-| WhoIs name | | Host |

-| WhoIs email | The primary contact email in a WhoIs record. | Host |

-| WhoIS organization | The listed organization in a WhoIs record. | Host |

-| WhoIs registrar | The listed registrar in a WhoIs record. | Host |

-| WhoIs name servers | The listed name servers in a WhoIs record. | Host |

-This section provides information about the process used to detect the asset. It includes information about the discovery seed that connects to the asset, as well as the approval process. Options include ΓÇ£Approved InventoryΓÇ¥ which indicates the relationship between the seed and discovered asset was strong enough to warrant an automatic approval by the Defender EASM system. Otherwise, the process will be listed as ΓÇ£CandidateΓÇ¥, indicating that the asset required manual approval to be incorporated into your inventory. This section also provides the date that the asset was added to your inventory, as well as the date that it was last scanned in a discovery run.

-Azure Front Door Premium can connect to your origin using Private Link. Your origin can be hosted in a virtual network or hosted as a PaaS service such as Azure App Service or Azure Storage. Private Link removes the need for your origin to be access publicly.

-You must approve the private endpoint connection before traffic can pass to the origin privately. You can approve private endpoint connections by using the Azure portal, Azure CLI, or Azure PowerShell. For more information, see [Manage a Private Endpoint connection](../private-link/manage-private-endpoint.md).

-> You must approve the private endpoint connection before traffic will flow to your origin.

-After you enable an origin for Private Link and approve the private endpoint connection, it can take a few minutes for the connection to get established. During this time, requests to the origin will receive an Azure Front Door error message. The error message will go away once the connection is established.

-Within a single Azure Front Door profile, if two or more Private Link enabled origins are created with the same set of Private Link, resource ID and group ID, then for all such origins only one private endpoint gets created. Connections to the backend can be enabled using this private endpoint. This setup means you only have to approve the private endpoint once because only one private endpoint gets created. If you create more Private Link enabled origins using the same set of Private Link location, resource ID, group ID, you won't need to approve anymore private endpoints.

-When an Azure Front Door profile get deleted, private endpoints associated with the profile will also get deleted.

-If AFD-Profile-1 gets deleted, then PE1 private endpoint across all the origin will also get deleted.

-* If AFD-Profile-1 gets deleted, all private endpoints from PE1 through PE4 will get deleted.

-description: This tutorial shows how to deploy and use and create an in-store analytics retail application in IoT Central.

-# Tutorial: Deploy and walk through the in-store analytics application template

-For many retailers, environmental conditions within their stores are a key differentiator from their competitors. Retailers want to maintain pleasant conditions within their stores for the benefit of their customers.

-You can use the IoT Central _in-store analytics checkout_ application template to build an end-to-end solution. The application template lets you digitally connect to and monitor a retail store environment using different kinds of sensor devices. These sensor devices generate telemetry that you can convert into business insights to help the retailer reduce operating costs and create a great experience for their customers.

-Use the application template to:

-1. Connect different kinds of IoT sensors to an IoT Central application instance.

-2. Monitor and manage the health of the sensor network and any gateway devices in the environment.

-3. Create custom rules around the environmental conditions within a store to trigger alerts for store managers.

-4. Transform the environmental conditions within your store into insights that the retail store team can use to improve the customer experience.

-5. Export the aggregated insights into existing or new business applications to provide useful and timely information to retail staff.

-The application template comes with a set of device templates and uses a set of simulated devices to populate the dashboard.

-### Condition monitoring sensors (1)

-An IoT solution starts with a set of sensors capturing meaningful signals from within a retail store environment. It's reflected by different kinds of sensors on the far left of the architecture diagram above.

-### Gateway devices (2)

-Many IoT sensors can feed raw signals directly to the cloud or to a gateway device located near them. The gateway device performs data aggregation at the edge before sending summary insights to an IoT Central application. The gateway devices are also responsible for relaying command and control operations to the sensor devices when applicable.

-### IoT Central application

-The Azure IoT Central application ingests data from different kinds of IoT sensors and gateway devices within the retail store environment and generates a set of meaningful insights.

-Azure IoT Central also provides a tailored experience to the store operator enabling them to remotely monitor and manage the infrastructure devices.

-### Data transform (3)

-The Azure IoT Central application within a solution can be configured to export raw or aggregated insights to a set of Azure PaaS (Platform-as-a Service) services that can perform data manipulation and enrich these insights before landing them in a business application.

-### Business application (4)

-The IoT data can be used to power different kinds of business applications deployed within a retail environment. A retail store manager or staff member can use these applications to visualize business insights and take meaningful actions in real time. To learn how to build a real-time Power BI dashboard for your retail team, follow the [tutorial](./tutorial-in-store-analytics-create-app.md).

-In this tutorial, you learn how to:

-> - Use the Azure IoT Central **In-store analytics - checkout** template to create a retail store application

-An active Azure subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.

-## Create in-store analytics application

-Create the application using following steps:

-1. Navigate to the [Azure IoT Central Build](https://aka.ms/iotcentral) site. Then sign in with a Microsoft personal, work, or school account. Select **Build** from the left-hand navigation bar and then select the **Retail** tab.

-1. Select **Create app** under **In-store analytics - checkout**.

-The following sections walk you through the key features of the application:

-### Customize application settings

-You can change several settings to customize the user experience in your application. In this section, you'll select a predefined application theme. Optionally, you'll learn how to create a custom theme, and update the application image. A custom theme enables you to set the application browser colors, browser icon, and the application logo that appears in the masthead.

-Rather than use a predefined theme, you can create a custom theme. If you want to use a set of sample images to customize the application and complete the tutorial, download the [Contoso sample images](https://github.com/Azure-Samples/iot-central-docs-samples/tree/main/retail).

-1. Expand the left pane, if not already expanded.

-1. Select **Customization > Appearance**.

-1. Use the **Change** button to choose an image to upload as the masthead logo. Optionally, specify a value for **Logo alt text**.

-1. Use the **Change** button to choose a **Browser icon** image that will appear on browser tabs.

-1. Optionally, replace the default **Browser colors** by adding HTML hexadecimal color codes. For the **Header**, add *#008575*. For the **Accent**, add *#A1F3EA*.

-1. Select **Save**. After you save, the application updates the browser colors, the logo in the masthead, and the browser icon.

-1. Select **Application > Management.**

-1. Select **Change** to choose an image to upload as the application image. This image appears on the application tile in the **My Apps** page of the IoT Central application manager.

-1. Optionally, navigate to the **My Apps** view on the [Azure IoT Central application manager](https://aka.ms/iotcentral) website. The application tile displays the updated application image.

-### Create device templates

-You can create device templates that enable you and the application operators to configure and manage devices. You can create a template by building a custom one, by importing an existing template file, or by importing a template from the Azure IoT device catalog. After you create and customize a device template, use it to connect real devices to your application. Optionally, use a device template to generate simulated devices for testing.

-The **In-store analytics - checkout** application template has device templates for several devices. There are device templates for two of the three devices you use in the application. The RuuviTag device template isn't included in the **In-store analytics - checkout** application template. In this section, you add a device template for RuuviTag sensors to your application.

-To add a RuuviTag device template to your application:

-1. Select **Device Templates** in the left pane.

-1. Select **+ New** to create a new device template.

-1. Find and select the **RuuviTag Multisensor** device template in the Azure IoT device catalog.

-1. Select **Create**. The application adds the RuuviTag device template.

-1. Select **Device templates** on the left pane. The page displays all device templates included in the application template, and the RuuviTag device template you just added.

-### Customize device templates

-You can customize the device templates in your application in three ways. First, you customize the native built-in interfaces in your devices by changing the device capabilities. For example, with a temperature sensor, you can change details such as the display name of the temperature interface, the data type, the units of measurement, and minimum and maximum operating ranges.

-Second, customize your device templates by adding cloud properties. Cloud properties aren't part of the built-in device capabilities. Cloud properties are custom data that your Azure IoT Central application creates, stores, and associates with your devices. An example of a cloud property could be a calculated value, or metadata such as a location that you want to associate with a set of devices.

-Third, customize device templates by building custom views. Views provide a way for operators to visualize telemetry and metadata for your devices, such as device metrics and health.

-Here, you use the first two methods to customize the device template for your RuuviTag sensors.

-To customize the built-in interfaces of the RuuviTag device template:

-1. Select **Device Templates** in the left pane.

-1. Select the template for RuuviTag sensors.

- :::image type="content" source="media/tutorial-in-store-analytics-create-app/ruuvitag-device-summary-view.png" alt-text="Screenshot showing the in-store analytics application RuuviTag device template." lightbox="media/tutorial-in-store-analytics-create-app/ruuvitag-device-summary-view.png":::

-1. Select **RuvviTag** model in the RuuviTag device template menu.

-1. Scroll in the list of capabilities and find the `RelativeHumidity` telemetry type. It's the row item with the editable **Display name** value of *RelativeHumidity*.

-In the following steps, you customize the `RelativeHumidity` telemetry type for the RuuviTag sensors. Optionally, customize some of the other telemetry types.

-For the `RelativeHumidity` telemetry type, make the following changes:

-1. Update the **Display Name** value from *RelativeHumidity* to a custom value such as *Humidity*.

-1. Change the **Semantic Type** option from *Relative humidity* to *Humidity*. Optionally, set schema values for the humidity telemetry type in the expanded schema view. Schema settings allow you to create detailed validation requirements for the data that your sensors track. For example, you could set minimum and maximum operating range values for a given interface.

-To add a cloud property to a device template in your application:

-1. Enter the value *Location* for the **Display Name**. This value is automatically copied to the **Name** field, which is a friendly name for the property. You can use the copied value or change it.

-1. Select **Capability Type** as **Cloud Property**.

-1. Select *String* in the **Schema** dropdown. A string type enables you to associate a location name string with any device based on the template. For instance, you could associate an area in a store with each device.

-1. Set **Minimum Length** to *2*.

- Publishing a device template makes it visible to application operators. After you've published a template, use it to generate simulated devices for testing, or to connect real devices to your application. If you already have devices connected to your application, publishing a customized template pushes the changes to the devices.

-After you have created and customized device templates, it's time to add devices.

-Complete the steps in the following two articles to connect a real Rigado gateway and RuuviTag sensors. After you're done, return to this tutorial. Because you already created device templates in this tutorial, you don't need to create them again in the following set of directions.

-As part of using sensors in your Azure IoT Central application to monitor conditions, you can create rules to run actions when certain conditions are met. A rule is associated with a device template and one or more devices, and contains conditions that must be met based on device telemetry or events. A rule also has one or more associated actions. The actions may include sending email notifications, or triggering a webhook action to send data to other services. The **In-store analytics - checkout** application template includes some predefined rules for the devices in the application.

-In this section, you create a new rule that checks the maximum relative humidity level based on the RuuviTag sensor telemetry. You add an action to the rule so that if the humidity exceeds the maximum, the application sends an email.

-1. Expand the left pane.

-1. Select **Rules**.

-1. Select **+ New**.

-1. Enter *Humidity level* as the name of the rule.

-1. Choose the RuuviTag device template in **Device template**. The rule you define will apply to all sensors based on that template. Optionally, you could create a filter that would apply the rule only to a defined subset of the sensors.

-1. Choose `RelativeHumidity` as the **Telemetry**. It's the device capability that you customized in a previous step.

-1. Choose `Is greater than` as the **Operator**.

-1. Enter a typical upper range indoor humidity level for your environment as the **Value**. For example, enter *65*. You've set a condition for your rule that occurs when relative humidity in any RuuviTag real or simulated sensor exceeds this value. You may need to adjust the value up or down depending on the normal humidity range in your environment.

-1. Select **+ Email**.

-1. Enter *High humidity notification* as the friendly **Display name** for the action.

-1. Enter the email address associated with your account in **To**. If you use a different email, the address you use must be for a user who has been added to the application. The user also needs to sign in and out at least once.

-1. Optionally, enter a note to include in text of the email.

- Within a few minutes, the specified email account should begin to receive emails. The application sends email each time a sensor indicates that the humidity level exceeded the value in your condition.

-* Use the Azure IoT Central **In-store analytics - checkout** template to create a retail store application

-* Customize the application settings

-* Create and customize IoT device templates

-* Connect devices to your application

-* Add rules and actions to monitor conditions

-Now that you've created an Azure IoT Central condition monitoring application, here's the suggested next step:

-description: 'This tutorial shows how to customize the dashboard in an IoT Central application, and manage devices.'

-In this tutorial, you learn how to:

-The builder should complete the tutorial to create the Azure IoT Central in-store analytics application and add devices:

-* [Create an in-store analytics application in Azure IoT Central](./tutorial-in-store-analytics-create-app.md) (Required)

-To customize the dashboard, you have to edit the default dashboard in your application. Also, you can create additional new dashboards. The first step to customize the dashboard in your application is to change the name.

-1. Navigate to the [Azure IoT Central application manager](https://aka.ms/iotcentral) website.

-1. Open the condition monitoring application that you created in the [Create an in-store analytics application in Azure IoT Central](./tutorial-in-store-analytics-create-app.md) tutorial.

-1. Select **Dashboard settings** and enter **Name** for your dashboard and select **Save**.

-An Azure IoT Central application dashboard consists of one or more tiles. A tile is a rectangular container for displaying content on a dashboard. You associate various types of content with tiles, and you drag, drop, and resize tiles to customize a dashboard layout. There are several types of tiles for displaying content. Image tiles contain images, and you can add a URL that enables users to click the image. Label tiles display plain text. Markdown tiles contain formatted content and let you set an image, a URL, a title, and markdown code that renders as HTML. Telemetry, property, or command tiles display device-specific data.

-In this section, you learn how to customize image tiles on the dashboard.

-1. Select **Edit** on the image tile that displays the Northwind brand image.

-1. Change the **Title**. The title appears when a user hovers over the image.

-1. Select **Image**. A dialog opens and enables you to upload a custom image.

-1. Optionally, specify a URL for the image.

-1. Select **Update**

- :::image type="content" source="media/tutorial-in-store-analytics-customize-dashboard/brand-image-save.png" alt-text="Screenshot showing the in-store analytics application dashboard brand image tile." lightbox="media/tutorial-in-store-analytics-customize-dashboard/brand-image-save.png":::

-1. Optionally, select **Configure** on the tile titled **Documentation**, and specify a URL for support content.

-1. Select **Configure** on the image tile that displays the default store zone map.

-1. Select **Image**, and use the dialog to upload a custom image of a store zone map.

- :::image type="content" source="media/tutorial-in-store-analytics-customize-dashboard/store-map-save.png" alt-text="Screenshot showing the in-store analytics application dashboard store map tile." lightbox="media/tutorial-in-store-analytics-customize-dashboard/store-map-save.png":::

- The example Contoso store map shows four zones: two checkout zones, a zone for apparel and personal care, and a zone for groceries and deli. In this tutorial, you'll associate sensors with these zones to provide telemetry.

-A key step in customizing a dashboard is to rearrange the tiles to create a useful view. Application operators use the dashboard to visualize device telemetry, manage devices, and monitor conditions in a store. Azure IoT Central simplifies the application builder task of creating a dashboard. The dashboard edit mode enables you to quickly add, move, resize, and delete tiles. The **In-store analytics - checkout** application template also simplifies the task of creating a dashboard. It provides a working dashboard layout, with sensors connected, and tiles that display checkout line counts and environmental conditions.

-In this section, you rearrange the dashboard in the **In-store analytics - checkout** application template to create a custom layout.

-1. Select **ellipsis** and **Delete** to remove the following tiles: **Back to all zones**, **Visit store dashboard**, **Warm-up checkout zone**, **Cool-down checkout zone**, **Occupancy sensor settings**, **Thermostat settings**, **Wait time**, and **Environment conditions** and all three tiles associated with **Checkout 3**. The Contoso store dashboard doesn't use these tiles.

-1. Select **Save**. Removing unused tiles frees up space in the edit page, and simplifies the dashboard view for operators.

-After you remove unused tiles, rearrange the remaining tiles to create an organized layout. The new layout includes space for tiles you add in a later step.

-1. Select the **Occupancy firmware** tile and drag it to the right of the **Occupancy** battery tile.

-1. Select the **Thermostat firmware** tile and drag it to the right of the **Thermostat** battery tile.

-After you customize the dashboard layout, you're ready to add tiles to show telemetry. To create a telemetry tile, select a device template and device instance, then select device-specific telemetry to display in the tile. The **In-store analytics - checkout** application template includes several telemetry tiles in the dashboard. The four tiles in the two checkout zones display telemetry from the simulated occupancy sensor. The **People traffic** tile shows counts in the two checkout zones.

-In this section, you add two more telemetry tiles to show environmental telemetry from the RuuviTag sensors you added in the [Create an in-store analytics application in Azure IoT Central](./tutorial-in-store-analytics-create-app.md) tutorial.

-1. Select `RuuviTag` in the **Device template** list.

-1. Select a **Device instance** of one of the two RuuviTag sensors. In the example Contoso store, select `Zone 1 Ruuvi` to create a telemetry tile for Zone 1.

-1. Select `Relative humidity` and `Temperature` in the **Telemetry** list. These are the telemetry items that display for each zone on the tile.

-1. Select **Add tile**. A new tile appears to display combined humidity and temperature telemetry for the selected sensor.

-1. Select **Configure** on the new tile for the RuuviTag sensor.

-1. Change the **Title** to *Zone 1 environment*.

-1. Repeat the previous steps to create a tile for the second sensor instance. Set the **Title** to *Zone 2 environment* and then select **Update configuration.**

-1. Drag the tile titled **Zone 2 environment** below the **Thermostat firmware** tile.

-1. Drag the tile titled **Zone 1 environment** below the **People traffic** tile.

-1. Select **Edit** on the **People traffic** tile.

-1. Select `C500` in the **Device template** list. It is the template for the Rigado C500 gateway.

- :::image type="content" source="media/tutorial-in-store-analytics-customize-dashboard/completed-dashboard.png" alt-text="Screenshot showing the completed in-store analytics application dashboard." lightbox="media/tutorial-in-store-analytics-customize-dashboard/completed-dashboard.png":::

-* Change the dashboard name

-* Customize image tiles on the dashboard

-* Arrange tiles to modify the layout

-* Add telemetry tiles to display conditions

-* Add property tiles to display device details

-* Add command tiles to run commands

-Now that you've customized the dashboard in your Azure IoT Central in-store analytics application, here is the suggested next step:

-description: This tutorial shows you how to deploy and use smart inventory management application template for IoT Central

-# Tutorial: Deploy and walk through the smart inventory management application template

-Inventory is the stock of goods a retailer holds. Inventory management is critical to ensure the right product is in the right place at the right time. A retailer must balance the costs of storing too much inventory against the costs of not having sufficient items in stock to meet demand.

-IoT data generated from radio-frequency identification (RFID) tags, beacons, and cameras provide opportunities to improve inventory management processes. You can combine telemetry gathered from IoT sensors and devices with other data sources such as weather and traffic information in cloud-based business intelligence systems.

-This application template focuses on device connectivity, and the configuration and management of RFID and Bluetooth low energy (BLE) reader devices.

-### RFID tags (1)

-RFID tags transmit data about an item through radio waves. RFID tags typically don't have a battery unless specified. Tags receive energy from the radio waves generated by the reader and transmit a signal back toward the RFID reader.

-### BLE tags (1)

-Energy beacon broadcasts packets of data at regular intervals. Beacon data is detected by BLE readers or installed services on smartphones and then transmitting that to the cloud.

-### RFID and BLE readers (1)

-RFID reader converts the radio waves to a more usable form of data. Information collected from the tags is then stored in local edge server or sent to cloud using JSON-RPC 2.0 over MQTT.

-BLE reader also known as Access Points (AP) are similar to RFID reader. It's used to detect nearby Bluetooth signals and relay its message to local Azure IoT Edge or cloud using JSON-RPC 2.0 over MQTT.

-Many readers are capable of reading RFID and beacon signals, and providing additional sensor capability related to temperature, humidity, accelerometer, and gyroscope.

-### Azure IoT Edge gateway (2)

-Azure IoT Edge server provides a place to preprocess that data locally before sending it on to the cloud. We can also deploy cloud workloads artificial intelligence, Azure and third-party services, business logic using standard containers.

-### Device management with IoT Central

-Azure IoT Central is a solution development platform that simplifies IoT device connectivity, configuration, and management. The platform significantly reduces the burden and costs of IoT device management, operations, and related developments. Customers and partners can build an end-to-end enterprise solution to achieve a digital feedback loop in inventory management.

-### Business insights and actions using data egress (3)

-IoT Central platform provides rich extensibility options through Continuous Data Export (CDE) and APIs. Business insights based on telemetry data processing or raw telemetry are typically exported to a preferred line-of-business application. It can be achieved using webhook, service bus, event hub, or blob storage to build, train, and deploy machine learning models and further enrich insights.

-In this tutorial, you learn how to,

-> [!div class="checklist"]

-> * create smart inventory management application

-> * walk through the application

-An active Azure subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.

-## Create smart inventory management application

-Create the application using the following steps:

-1. Navigate to the [Azure IoT Central Build](https://aka.ms/iotcentral) site. Then sign in with a Microsoft personal, work, or school account. Select **Build** from the left-hand navigation bar and then select the **Retail** tab.

-The following sections walk you through the key features of the application:

-After you deploy the application, your default dashboard is a smart inventory management operator focused portal. Northwind Trader is a fictitious smart inventory provider managing warehouse with Bluetooth low energy (BLE) and retail store with Radio-frequency identification (RFID). In this dashboard, you'll see two different gateways providing telemetry about inventory along with associated commands, jobs, and actions that you can perform.

-This dashboard is pre-configured to showcase the critical smart inventory management device operations activity.

-The dashboard is logically divided between two different gateway device management operations:

-* Retail store is implemented with a fixed RFID gateway and RFID tags at individual an item level to track and trace the stock in a store outlet.

-* View the gateway [location](../core/howto-use-location-data.md), status and related details.

-* You can easily track the total number of gateways, active, and unknown tags.

-* You can perform device management operations such as update firmware, disable sensor, enable sensor, update sensor threshold, update telemetry intervals and update device service contracts.

-### Device Template

-Select the Device templates tab, and you'll see the gateway capability model. A capability model is structured around two different interfaces **Gateway Telemetry and Property** and **Gateway Commands**

-**Gateway Telemetry and Property** - This interface represents all the telemetry related to sensors, location, device info, and device twin property capability such as gateway thresholds and update intervals.

-**Gateway Commands** - This interface organizes all the gateway command capabilities

-Select the rules tab to see two different rules that exist in this application template. These rules are configured to email notifications to the operators for further investigations.

-**Gateway offline**: This rule will trigger if the gateway doesn't report to the cloud for a prolonged period. Gateway could be unresponsive because of low battery mode, loss of connectivity, device health.

-**Unknown tags**: It's critical to track every RFID and BLE tags associated with an asset. If the gateway is detecting too many unknown tags, it's an indication of synchronization challenges with tag sourcing applications.

-When an Azure AD security principal requests access to an Azure IoT Hub Device Provisioning Service (DPS) API, the principal's identity is first *authenticated*. For authentication, the request needs to contain an OAuth 2.0 access token at runtime. The resource name for requesting the token is `https://iothubs.azure.net`. If the application runs in an Azure resource like an Azure VM, Azure Functions app, or Azure App Service app, it can be represented as a [managed identity](../active-directory/managed-identities-azure-resources/how-managed-identities-work-vm.md).

-* Cross-region IPv6 frontend IP configurations aren't supported.

-* Currently, regional load load balancers with floating IP enabled aren't supported by the cross-region load balancer.

- - **Servers, databases and web apps**: Assess on-premises servers including web apps and SQL Server instances and migrate them to Azure virtual machines or Azure VMware Solution (AVS) (Preview).

-Unknown operating system | The operating system of the VM was specified as **Other** in vCenter Server. This behavior blocks Azure Migrate from verifying the Azure readiness of the VM. Ensure that the operating system is [supported](./migrate-support-matrix-vmware-migration.md#azure-vm-requirements) by Azure before you migrate the server.

- <artifactId>azure-identity-providers-jdbc-mysql</artifactId>

- <version>1.0.0-beta.1</version>

-url=jdbc:mysql://${AZ_DATABASE_NAME}.mysql.database.azure.com:3306/demo?sslMode=REQUIRED&serverTimezone=UTC&defaultAuthenticationPlugin=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin&authenticationPlugins=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin

-> If you are using MysqlConnectionPoolDataSource class as the datasource in your application, please remove "defaultAuthenticationPlugin=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin" in the url.

-url=jdbc:mysql://${AZ_DATABASE_NAME}.mysql.database.azure.com:3306/demo?sslMode=REQUIRED&serverTimezone=UTC&authenticationPlugins=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin

- <artifactId>azure-identity-providers-jdbc-mysql</artifactId>

- <version>1.0.0-beta.1</version>

-url=jdbc:mysql://${AZ_DATABASE_SERVER_NAME}.mysql.database.azure.com:3306/${AZ_DATABASE_NAME}?sslMode=REQUIRED&serverTimezone=UTC&defaultAuthenticationPlugin=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin&authenticationPlugins=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin

-> If you are using MysqlConnectionPoolDataSource class as the datasource in your application, please remove "defaultAuthenticationPlugin=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin" in the url.

-url=jdbc:mysql://${AZ_DATABASE_SERVER_NAME}.mysql.database.azure.com:3306/${AZ_DATABASE_NAME}?sslMode=REQUIRED&serverTimezone=UTC&authenticationPlugins=com.azure.identity.providers.mysql.AzureIdentityMysqlAuthenticationPlugin

-Azure Native ISV Services enables customers to easily provision, manage, and tightly integrate most used ISV software and services on Azure. Currently, several services are publicly available across these areas: observability, data, networking, and storage. For a list of all our current ISV partner service, see [Extend Azure with Azure Native ISV Services](partners.md).

-A comprehensive list of features of Azure Native ISV Services is listed below.

-|||

-| [Apache Kafka for Confluent Cloud](apache-kafka-confluent-cloud/overview.md) | Fully managed event streaming platform powered by Apache Kafka. |

- <artifactId>azure-identity-providers-jdbc-postgresql</artifactId>

- <artifactId>azure-identity-providers-jdbc-postgresql</artifactId>

- |The region in which youΓÇÖre creating the mobile network site resource. We recommend that you use the East US region. |**Instance details: Region**|

- |The region in which you're deploying the private mobile network. We recommend you use the East US region. |**Instance details: Region**|

- - **Region:** select **East US**.

- - **Location:** enter *eastus*.

- - **Region:** select **East US**.

- | **Region** | Select **East US**. |

- | **Location** | Enter *eastus*. |

- |**Region** | Select **East US**. |

- - Set **Region** to **East US**.

- - **Region:** select **East US**.

- - **Location:** enter *eastus*.

-1. Select **Review + create**.

-1. Azure will now validate the configuration values you've entered. You should see a message indicating that your values have passed validation.

-1. Once your configuration has been validated, you can select **Create** to provision your SIMs. The Azure portal will display a confirmation screen when the SIMs have been provisioned.

- - **Region:** select **East US**.

-| Azure Monitor (Microsoft.Insights/privateLinkScopes) / azuremonitor | privatelink.monitor.azure.com<br/> privatelink.oms.opinsights.azure.com <br/> privatelink.ods.opinsights.azure.com <br/> privatelink.agentsvc.azure-automation.net <br/> privatelink.blob.core.windows.net | monitor.azure.com<br/> oms.opinsights.azure.com<br/> ods.opinsights.azure.com<br/> agentsvc.azure-automation.net <br/> blob.core.windows.net |

-# Customer intent: As someone with a basic network background, but is new to Azure, I want to understand the capabilities of Azure Private Link so that I can securely connect to my Azure PaaS services within the virtual network.

-You can edit a self-hosted integration runtime by navigating to **Integration runtimes** in the Microsoft Purview governance portal, hover on the IR then click the **Edit** button.

-You can delete a self-hosted integration runtime by navigating to **Integration runtimes**, hover on the IR then click the **Delete** button.

- results = search_client.search(search_text="*", include_total_count=True)

- results = search_client.search(search_text="wifi", include_total_count=True, select='HotelId,HotelName,Tags')

- results = search_client.search(search_text="hotels", select='HotelId,HotelName,Rating', filter='Rating gt 4', order_by='Rating desc')

-1. Add `search_fields` to scope query matching to a single field.

- results = search_client.search(search_text="sublime", search_fields='HotelName', select='HotelId,HotelName')

- results = search_client.search(search_text="*", facets=["Category"])

-+ Query strings must not be null (search=`*`) and the string should have the characteristics of a question, as opposed to a keyword search (a sequential list of arbitrary terms or phrases). If the query string doesn't appear to be answer, answer processing is skipped, even if the request specifies "answers" as a query parameter.

-For [Azure Virtual Machines](../../virtual-machines/windows/overview.md), ensure that your VM architecture includes more than one VM and that each VM is included in an [availability set](../../virtual-machines/windows/tutorial-availability-sets.md). We recommend using virtual machine scale sets for autoscaling capabilities.

-* [Microsoft Security Response Center](https://technet.microsoft.com/library/dn440717.aspx) - where Microsoft security vulnerabilities, including issues with Azure, can be reported or via email to secure@microsoft.com

-|[Microsoft Defender for Cloud](../../security-center/security-center-introduction.md)| A cloud workload protection solution that provides security management and advanced threat protection across hybrid cloud workloads.|

-|[StorSimple Encrypted Hybrid Storage](../../storsimple/storsimple-ova-overview.md)| An integrated storage solution that manages storage tasks between on-premises devices and Azure cloud storage.|

-|[Azure Client-Side Encryption](../../storage/common/storage-client-side-encryption.md)| A client-side encryption solution that encrypts data inside client applications before uploading to Azure Storage; also decrypts the data while downloading. |

-| [Azure Storage Shared Access Signatures](../../storage/common/storage-sas-overview.md)|A shared access signature provides delegated access to resources in your storage account. |

-|[Azure Storage Account Keys](../../storage/common/storage-account-create.md)| An access control method for Azure storage that is used for authentication when the storage account is accessed. |

-|[Azure File shares with SMB 3.0 Encryption](../../storage/files/storage-files-introduction.md)|A network security technology that enables automatic network encryption for the Server Message Block (SMB) file sharing protocol. |

-|[Azure Storage Analytics](/rest/api/storageservices/Storage-Analytics)| A logging and metrics-generating technology for data in your storage account. |

-|[Azure&nbsp;SQL&nbsp;Cell&nbsp;Level Encryption](/archive/blogs/sqlsecurity/recommendations-for-using-cell-level-encryption-in-azure-sql-database)| A database security technology that provides encryption at a granular level. |

-| [Azure SQL Always Encryption](/sql/relational-databases/security/encryption/always-encrypted-database-engine)|Protects sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. |

-| [Azure&nbsp;SQL&nbsp;Transparent Data Encryption](/sql/relational-databases/security/encryption/transparent-data-encryption-azure-sql)| A database security feature that encrypts the storage of an entire database. |

-| [Azure SQL Database Auditing](/azure/azure-sql/database/auditing-overview)|A database auditing feature that tracks database events and writes them to an audit log in your Azure storage account. |

-| [Virtual network rules](/azure/azure-sql/database/vnet-service-endpoint-rule-overview)|A firewall security feature that controls whether the server for your databases and elastic pools in Azure SQL Database or for your dedicated SQL pool (formerly SQL DW) databases in Azure Synapse Analytics accepts communications that are sent from particular subnets in virtual networks. |

-| [Azure Active Directory](../../active-directory/fundamentals/active-directory-whatis.md)|A cloud-based authentication repository that supports a multi-tenant, cloud-based directory and multiple identity management services within Azure. |

-| [Azure Active Directory B2C](../../active-directory-b2c/overview.md)|An identity management service that enables control over how customers sign-up, sign-in, and manage their profiles when using Azure-based applications. |

-| [Azure Active Directory Domain Services](../../active-directory-domain-services/overview.md)| A cloud-based and managed version of Active Directory Domain Services. |

-| [Network&nbsp;Security&nbsp;Groups](../../virtual-network/virtual-network-vnet-plan-design-arm.md)| A network-based access control feature using a 5-tuple to make allow or deny decisions. |

-| [Azure Application Gateway](../../application-gateway/overview.md)|An advanced web application load balancer that can route based on URL and perform SSL-offloading. |

-| [Azure ExpressRoute](../../expressroute/expressroute-introduction.md)| A dedicated WAN link between on-premises networks and Azure Virtual Networks. |

-| [Azure Traffic Manager](../../traffic-manager/traffic-manager-overview.md)| A global DNS load balancer.|

-| [Azure Application Proxy](../../active-directory/app-proxy/application-proxy.md)| An authenticating front-end used to secure remote access for web applications hosted on-premises. |

-|[Azure Firewall](../../firewall/overview.md)|A managed, cloud-based network security service that protects your Azure Virtual Network resources.|

-|[Virtual Network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md)|Extends your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection.|

-|[Azure Private Link](../../private-link/private-link-overview.md)|Provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services.|

-|[Azure Bastion](../../bastion/bastion-overview.md)|A service you deploy that lets you connect to a virtual machine using your browser and the Azure portal.|

-# Tutorial: Forward syslog data to a Log Analytics workspace by using the Azure Monitor agent

-In this tutorial, you'll configure a Linux virtual machine (VM) to forward syslog data to your workspace by using the Azure Monitor agent. These steps allow you to collect and monitor data from Linux-based devices where you can't install an agent like a firewall network device.

-In this tutorial, you learn how to:

-To complete the steps in this tutorial, you must have the following resources and roles.

-## Before you start

-Complete the previous tutorials:

-## Verify VM properties

-1. In **Protected Items**, click **Replicated Items** > and the VM.

- latest available recovery points. Click **Properties** to view more details.

-1. In **Settings** > **Replicated Items**, click the VM > **+Test Failover**.

-4. Click **OK** to begin the failover. You can track progress by clicking on the VM to open its

- properties. Or you can click the **Test Failover** job in vault name > **Settings** > **Jobs** >

-7. To delete Azure VMs created during the test failover, click **Cleanup test failover** on the

-> [!div class="nextstepaction"]

-> [Run a failover](avs-tutorial-failover.md)

-JIO | JIO India West<br/><br/>Replication cannot be done between JIO and non-JIO regions for Virtual Machines present in JIO subscriptions. This is because JIO subscriptions can have resources only in JIO regions.

-Restricted Regions reserved for in-country disaster recovery |Switzerland West reserved for Switzerland North, France South reserved for France Central, Norway West for Norway East customers, JIO India Central for JIO India West customers, Brazil Southeast for Brazil South customers, South Africa West for South Africa North customers, Germany North for Germany West Central customers, UAE Central for UAE North customers.<br/><br/> To use restricted regions as your primary or recovery region, please get yourselves allowlisted by raising a request [here](/troubleshoot/azure/general/region-access-request-process) for both source and target subscriptions.

-Soft delete | Not supported | Soft delete is not supported because once it is enabled on cache storage account, it increases cost. Azure Site Recovery performs very frequent creates/deletes of log files while replicating causing costs to increase.

-The table below lists the limits in terms of number of disks that can replicate to a single storage account.

-Please note that the above limits are specific to Azure-to-Azure and Zone-to-Zone DR scenarios.

-Red Hat Enterprise Linux | 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6,[7.7](https://support.microsoft.com/help/4528026/update-rollup-41-for-azure-site-recovery), [7.8](https://support.microsoft.com/help/4564347/), [7.9](https://support.microsoft.com/help/4578241/), [8.0](https://support.microsoft.com/help/4531426/update-rollup-42-for-azure-site-recovery), 8.1, [8.2](https://support.microsoft.com/help/4570609/), [8.3](https://support.microsoft.com/help/4597409/), [8.4](https://support.microsoft.com/topic/883a93a7-57df-4b26-a1c4-847efb34a9e8) (4.18.0-305.30.1.el8_4.x86_64 or higher), [8.5](https://support.microsoft.com/topic/883a93a7-57df-4b26-a1c4-847efb34a9e8) (4.18.0-348.5.1.el8_5.x86_64 or higher), [8.6](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b)

-CentOS | 6.5, 6.6, 6.7, 6.8, 6.9, 6.10 </br> 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, [7.8](https://support.microsoft.com/help/4564347/), [7.9 pre-GA version](https://support.microsoft.com/help/4578241/), 7.9 GA version is supported from 9.37 hot fix patch** </br> 8.0, 8.1, [8.2](https://support.microsoft.com/help/4570609), [8.3](https://support.microsoft.com/help/4597409/), 8.4 (4.18.0-305.30.1.el8_4.x86_64 or later), 8.5 (4.18.0-348.5.1.el8_5.x86_64 or later), 8.6.

-14.04 LTS | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | No new 14.04 LTS kernels supported in this release. |

-14.04 LTS | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | No new 14.04 LTS kernels supported in this release. |

-14.04 LTS | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | No new 14.04 LTS kernels supported in this release. |

-14.04 LTS | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | No new 14.04 LTS kernels supported in this release. |

-16.04 LTS | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | No new 16.04 LTS kernels supported in this release. |

-16.04 LTS | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | No new 16.04 LTS kernels supported in this release. |

-16.04 LTS | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | No new 16.04 LTS kernels supported in this release. |

-16.04 LTS | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | No new 16.04 LTS kernels supported in this release. |

-18.04 LTS |[9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0)| 4.15.0-196-generic |

-18.04 LTS | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) |4.15.0-1151-azure </br> 4.15.0-193-generic </br> 5.4.0-1091-azure </br> 5.4.0-126-generic</br>4.15.0-1153-azure </br>4.15.0-194-generic </br>5.4.0-1094-azure </br>5.4.0-128-generic </br>5.4.0-131-generic |

-18.04 LTS |[9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | 4.15.0-1149-azure </br> 4.15.0-1150-azure </br> 4.15.0-191-generic </br> 4.15.0-192-generic </br>5.4.0-1089-azure </br>5.4.0-1090-azure </br>5.4.0-124-generic|

-18.04 LTS |[9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | 4.15.0-1139-azure </br> 4.15.0-1142-azure </br> 4.15.0-1145-azure </br> 4.15.0-1146-azure </br> 4.15.0-180-generic </br> 4.15.0-184-generic </br> 4.15.0-187-generic </br> 4.15.0-188-generic </br> 4.15.0-189-generic </br> 5.4.0-1080-azure </br> 5.4.0-1083-azure </br> 5.4.0-1085-azure </br> 5.4.0-1086-azure </br> 5.4.0-113-generic </br> 5.4.0-117-generic </br> 5.4.0-120-generic </br> 5.4.0-121-generic </br> 5.4.0-122-generic |

-20.04 LTS | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | 5.4.0-1095-azure <br> 5.15.0-1023-azure |

-20.04 LTS | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) |5.13.0-1009-azure </br> 5.13.0-1012-azure </br> 5.13.0-1013-azure </br> 5.13.0-1014-azure </br> 5.13.0-1017-azure </br> 5.13.0-1021-azure </br> 5.13.0-1022-azure </br> 5.13.0-1023-azure </br> 5.13.0-1025-azure </br> 5.13.0-1028-azure </br> 5.13.0-1029-azure </br> 5.13.0-1031-azure </br> 5.13.0-21-generic </br> 5.13.0-22-generic </br> 5.13.0-23-generic </br> 5.13.0-25-generic </br> 5.13.0-27-generic </br> 5.13.0-28-generic </br> 5.13.0-30-generic </br> 5.13.0-35-generic </br> 5.13.0-37-generic </br> 5.13.0-39-generic </br> 5.13.0-40-generic </br> 5.13.0-41-generic </br> 5.13.0-44-generic </br> 5.13.0-48-generic </br> 5.13.0-51-generic </br> 5.13.0-52-generic </br> 5.15.0-1007-azure </br> 5.15.0-1008-azure </br> 5.15.0-1013-azure </br> 5.15.0-1014-azure </br> 5.15.0-1017-azure </br> 5.15.0-1019-azure </br> 5.15.0-1020-azure </br> 5.15.0-33-generic </br> 5.15.0-51-generic </br> 5.15.0-43-generic </br> 5.15.0-46-generic </br> 5.15.0-48-generic </br> 5.4.0-1091-azure </br> 5.4.0-126-generic </br> 5.15.0-1021-azure </br> 5.15.0-1022-azure </br> 5.15.0-50-generic </br> 5.15.0-52-generic </br> 5.4.0-1094-azure </br> 5.4.0-128-generic </br> 5.4.0-131-generic |

-20.04 LTS |[9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | 5.4.0-1080-azure </br> 5.4.0-1083-azure </br> 5.4.0-1085-azure </br> 5.4.0-1086-azure </br> 5.4.0-1089-azure </br> 5.4.0-1090-azure </br> 5.4.0-113-generic </br> 5.4.0-117-generic </br> 5.4.0-120-generic </br> 5.4.0-121-generic </br> 5.4.0-122-generic </br> 5.4.0-124-generic </br> 5.4.0-125-generic |

-20.04 LTS |[9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | No new 20.04 LTS kernels supported in this release. |

-Debian 7 | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | No new Debian 7 kernels supported in this release. |

-Debian 7 | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | No new Debian 7 kernels supported in this release. |

-Debian 7 | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | No new Debian 7 kernels supported in this release. |

-Debian 7 | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | No new Debian 7 kernels supported in this release. |

-Debian 8 | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | No new Debian 8 kernels supported in this release. |

-Debian 8 | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | No new Debian 8 kernels supported in this release. |

-Debian 8 | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | No new Debian 8 kernels supported in this release. |

-Debian 8 | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | No new Debian 8 kernels supported in this release. |

-Debian 9.1 | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | No new Debian 9.1 kernels supported in this release. |

-Debian 9.1 | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | No new Debian 9.1 kernels supported in this release. |

-Debian 9.1 | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | No new Debian 9.1 kernels supported in this release. |

-Debian 9.1 | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | 4.9.0-19-amd64

-Debian 10 | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | No new Debian 10 kernels supported in this release. |

-Debian 10 | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | 4.19.0-22-amd64 </br> 4.19.0-22-cloud-amd64 </br> 5.10.0-0.deb10.19-amd64 </br> 5.10.0-0.deb10.19-cloud-amd64 |

-Debian 10 | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | No new Debian 10 kernels supported in this release.

-Debian 10 | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | 4.19.0-21-amd64 </br> 4.19.0-21-cloud-amd64 </br> 5.10.0-0.bpo.15-amd64 </br> 5.10.0-0.bpo.15-cloud-amd64

-Debian 11 | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | 5.10.0-10-amd64 </br> 5.10.0-10-cloud-amd64 </br> 5.10.0-12-amd64 <br> 5.10.0-12-cloud-amd64 <br> 5.10.0-13-amd64 <br> 5.10.0-13-cloud-amd64 <br> 5.10.0-14-amd64 <br> 5.10.0-14-cloud-amd64 <br> 5.10.0-15-amd64 <br> 5.10.0-15-cloud-amd64 <br> 5.10.0-16-amd64 <br> 5.10.0-16-cloud-amd64 <br> 5.10.0-17-amd64 <br> 5.10.0-17-cloud-amd64 <br> 5.10.0-18-amd64 <br> 5.10.0-18-cloud-amd64 <br> 5.10.0-19-amd64 <br> 5.10.0-19-cloud-amd64 |

-SUSE Linux Enterprise Server 12 (SP1, SP2, SP3, SP4, SP5) | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | All [stock SUSE 12 SP1,SP2,SP3,SP4,SP5 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br> No new SUSE Linux Enterprise Server 12 kernels supported in this release. |

-SUSE Linux Enterprise Server 12 (SP1, SP2, SP3, SP4, SP5) | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | All [stock SUSE 12 SP1,SP2,SP3,SP4,SP5 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br> 4.12.14-16.106-azure:5 </br> 4.12.14-16.112-azure |

-SUSE Linux Enterprise Server 12 (SP1, SP2, SP3, SP4, SP5) | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | All [stock SUSE 12 SP1,SP2,SP3,SP4,SP5 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br> No new SLES 12 Azure kernels supported in this release. |

-SUSE Linux Enterprise Server 12 (SP1, SP2, SP3, SP4, SP5) | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | All [stock SUSE 12 SP1,SP2,SP3,SP4,SP5 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br>4.12.14-16.100-azure:5 </br> 4.12.14-16.103-azure:5 |

-SUSE Linux Enterprise Server 15 (SP1, SP2, SP3, SP4) | [9.52](https://support.microsoft.com/en-us/topic/update-rollup-65-for-azure-site-recovery-kb5021964-15db362f-faac-417d-ad71-c22424df43e0) | By default, all [stock SUSE 15, SP1, SP2, SP3, SP4 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br> 5.14.21-150400.12-azure:4 <br> 5.14.21-150400.14.10-azure:4 <br> 5.14.21-150400.14.13-azure:4 <br> 5.14.21-150400.14.16-azure:4 <br> 5.14.21-150400.14.7-azure:4 <br> 5.3.18-150300.38.83-azure:3 |

-SUSE Linux Enterprise Server 15 (SP1, SP2, SP3) | [9.51](https://support.microsoft.com/en-us/topic/update-rollup-64-for-azure-site-recovery-kb5020102-23db9799-102c-4378-9754-2f19f6c7858a) | By default, all [stock SUSE 15, SP1, SP2, SP3 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br> 5.3.18-150300.38.80-azure |

-SUSE Linux Enterprise Server 15 (SP1, SP2, SP3) | [9.50](https://support.microsoft.com/en-us/topic/update-rollup-63-for-azure-site-recovery-kb5017421-992e63af-aa94-4ea6-8d1b-2dd89a9cc70b) | By default, all [stock SUSE 15, SP1, SP2, SP3 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br> 5.3.18-150300.38.75-azure:3 |

-SUSE Linux Enterprise Server 15, SP1, SP2, SP3 | [9.49](https://support.microsoft.com/en-us/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b) | By default, all [stock SUSE 15, SP1, SP2, SP3 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported. </br></br>5.3.18-150300.38.69-azure:3 </br>

-Virtual machine scale set Flex | Availability scenario - supported. Scalability scenario - not supported. |

-Resize disk on replicated VM | Resizing up on the source VM is supported. Resizing down on the source VM is not supported. Resizing should be performed before failover. No need to disable/re-enable replication.<br/><br/> If you change the source VM after failover, the changes aren't captured.<br/><br/> If you change the disk size on the Azure VM after failover, changes aren't captured by Site Recovery, and failback will be to the original VM size.<br/><br/> If resizing to >=4 TB, please note Azure guidance on disk caching [here](../virtual-machines/premium-storage-performance.md).

-Authenticated Proxy | Not supported | If the VM is using an authenticated proxy for outbound connectivity, it cannot be replicated using Azure Site Recovery.

-> * Prepare your on-premises environment for migration.

-> * Set up the target environment.

-> * Set up a replication policy.

-> * Enable replication.

-|||

-Before you start, it's helpful to review the Azure Site Recovery architecture for [VMware and physical server migration](vmware-azure-architecture.md) or [Hyper-V virtual machine migration](hyper-v-azure-architecture.md)

- >The test failover operation is non-disruptive and helps you test migrations by creating virtual machines in an isolated network of your choice. Unlike the failover operation, during the test failover operation, data replication continues to progres. You can perform as many test failovers as you like before you are ready to migrate.

-When you configure application settings and environment variables, you modify the configuration input to your app without the need to change application code, such as with database connection strings. You can also store secrets used in [authentication configuration](key-vault-secrets.md).

-Application settings are encrypted at rest, copied to [staging](review-publish-pull-requests.md) and production environments, used by backend APIs, and may only be alphanumeric characters, plus `.` and `_`.

-Generally, your settings are infrequently set, so aren't required with every build.

-description: Before you can read a blob that is in the Archive tier, you must rehydrate it to either the Hot or Cool tier. You can rehydrate a blob either by copying it from the Archive tier to an online tier, or by changing its tier from Archive to Hot or Cool.

-To read a blob that is in the Archive tier, you must first rehydrate the blob to an online tier (Hot or Cool) tier. You can rehydrate a blob in one of two ways:

-For more information about rehydrating a blob, see [Blob rehydration from the Archive tier](archive-rehydrate-overview.md).

-To rehydrate a blob from the Archive tier by copying it to an online tier, use PowerShell, Azure CLI, or one of the Azure Storage client libraries. Keep in mind that when you copy an archived blob to an online tier, the source and destination blobs must have different names.

-After the copy operation is complete, the destination blob appears in the Archive tier. The destination blob is then rehydrated to the online tier that you specified in the copy operation. When the destination blob is fully rehydrated, it becomes available in the new online tier.

-The following examples show how to copy an archived blob to a blob in the Hot tier in the same storage account.

-N/A

-# Copy the source blob to a new destination blob in Hot tier with Standard priority.

-The following examples show how to copy an archived blob to a blob in the Hot tier in a different storage account.

-N/A

-The following example shows how to copy an archived blob to the Hot tier in a different storage account. Remember to replace placeholders in angle brackets with your own values:

-The following example shows how to copy an archived blob to the Hot tier in a different storage account. Remember to replace placeholders in angle brackets with your own values:

-# Copy to the destination blob in the Hot tier

-To rehydrate a blob by changing its tier from Archive to Hot or Cool, use the Azure portal, PowerShell, or Azure CLI.

-To change a blob's tier from Archive to Hot or Cool in the Azure portal, follow these steps:

- :::image type="content" source="media/archive-rehydrate-to-online-tier/rehydrate-change-tier-portal.png" alt-text="Screenshot showing how to rehydrate a blob from the Archive tier in the Azure portal ":::

-To change a blob's tier from Archive to Hot or Cool with PowerShell, use the blob's **BlobClient** property to return a .NET reference to the blob, then call the **SetAccessTier** method on that reference. Remember to replace placeholders in angle brackets with your own values:

-# Change the blob's access tier to Hot with Standard priority.

-To change a blob's tier from Archive to Hot or Cool with Azure CLI, call the [az storage blob set-tier](/cli/azure/storage/blob#az-storage-blob-set-tier) command. Remember to replace placeholders in angle brackets with your own values:

-To change a blob's tier from Archive to Hot or Cool with AzCopy, use the [azcopy set-properties](..\common\storage-ref-azcopy-set-properties.md) command and set the `-block-blob-tier` parameter to the desired tier, and the `--rehydrate-priority` to `standard` or `high`. By default, this parameter is set to `standard`. To learn more about the trade offs of each option, see [Rehydration priority](archive-rehydrate-overview.md#rehydration-priority).

-The rehydration priority setting can't be lowered from *High* to *Standard* for a pending operation. Also keep in mind that changing the rehydration priority may have a billing impact. For more information, see [Blob rehydration from the Archive tier](archive-rehydrate-overview.md).

-1. In the **Change tier** dialog, set the access tier to the target online access tier for the rehydrating blob (Hot or Cool). The **Archive status** field shows the target online tier.

- :::image type="content" source="media/archive-rehydrate-to-online-tier/update-rehydration-priority-portal.png" alt-text="Screenshot showing how to update the rehydration priority for a rehydrating blob in Azure portal":::

- "Changing rehydration priority to High for blob moving to Hot tier."

- "Changing rehydration priority to High for blob moving to Cool tier."

-Next, call the [az storage blob set-tier](/cli/azure/storage/blob#az-storage-blob-set-tier) command with the `--rehydrate-priority` parameter set to *High*. The target tier (Hot or Cool) must be the same tier that you originally specified for the rehydration operation. Remember to replace placeholders in angle brackets with your own values:

-# Update the rehydration priority for a blob moving to the Hot tier.

-When you rehydrate a blob by copying the archived blob to an online tier, Azure Storage immediately creates the destination blob in the Archive tier. The destination blob is then rehydrated to the target tier with the priority specified on the copy operation. For more information on rehydrating an archived blob with a copy operation, see [Copy an archived blob to an online tier](archive-rehydrate-overview.md#copy-an-archived-blob-to-an-online-tier).

-To perform the copy operation from the Archive tier to an online tier with Standard priority, use PowerShell, Azure CLI, or one of the Azure Storage client libraries. For more information, see [Rehydrate a blob with a copy operation](archive-rehydrate-to-online-tier.md#rehydrate-a-blob-with-a-copy-operation). Next, to change the rehydration priority from *Standard* to *High* for the pending rehydration, call **Set Blob Tier** on the destination blob and specify the target tier.

-After you've initiated the copy operation, you'll see in the Azure portal, that both the source and destination blob are in the Archive tier. The destination blob is rehydrating with Standard priority.

-1. In the **Change tier** dialog, set the access tier to the target online access tier for the rehydrating blob (Hot or Cool). The **Archive status** field shows the target online tier.

-After you've initiated the copy operation, check the properties of the destination blob. You'll see that the destination blob is in the Archive tier and is rehydrating with Standard priority.

-Next, call the **SetAccessTier** method via PowerShell to change the rehydration priority for the destination blob to *High*, as described in [Change the rehydration priority for a pending Set Blob Tier operation](#change-the-rehydration-priority-for-a-pending-set-blob-tier-operation). The target tier (Hot or Cool) must be the same tier that you originally specified for the rehydration operation. Check the properties again to verify that the blob is now rehydrating with High priority.

-After you've initiated the copy operation, check the properties of the destination blob. You'll see that the destination blob is in the Archive tier and is rehydrating with Standard priority.

-Next, call the [az storage blob set-tier](/cli/azure/storage/blob#az-storage-blob-set-tier) command with the `--rehydrate-priority` parameter set to *High*, as described in [Change the rehydration priority for a pending Set Blob Tier operation](#change-the-rehydration-priority-for-a-pending-set-blob-tier-operation). The target tier (Hot or Cool) must be the same tier that you originally specified for the rehydration operation. Check the properties again to verify that the blob is now rehydrating with High priority.

-Azurite is automatically available with [Visual Studio 2022](https://visualstudio.microsoft.com/vs/). If you are running an earlier version of Visual Studio, you'll need to install Azurite by using either Node Package Manager, DockerHub, or by cloning the Azurite GitHub repository.

-You can find the Azurite executable file in the extensions folder of your Visual Studio installation. The specific location can vary based on which version of Visual Studio you have installed. For example, if you've installed Visual Studio 2022 professional edition on a Windows computer or Virtual Machine (VM), you would find the Azurite executable file at this location:

-In Visual Studio 2022, create an **Azure Functions** project. As you create the project, choose the **Storage Emulator**.

-> [!div class="mx-imgBorder"]

-> 

-After you create the project, Azurite starts automatically.

-> [!div class="mx-imgBorder"]

-> 

-> [!div class="mx-imgBorder"]

-> 

-> [!div class="mx-imgBorder"]

-> 

-When the configuration completes, select **Close**. The Azurite emulator starts automatically.

-> [!div class="mx-imgBorder"]

-> 

-**Optional**. When using the fully-qualified domain name instead of the IP in request Uri host, by default Azurite will parse the storage account name from request Uri host. You can force the parsing of the storage account name from request Uri path by using `--disableProductStyleUrl`:

-Do not access default account in this way with Azure Storage Explorer. There is a bug that Storage Explorer is always adding account name in URL path, causing failures.

-By default, when using Azurite with a production-style URL, the account name should be the host name in fully-qualified domain name such as "http://devstoreaccount1.blob.localhost:10000/container". To use production-style URL with account name in the URL path such as "http://foo.bar.com:10000/devstoreaccount1/container", make sure to use the `--disableProductStyleUrl` parameter when you start Azurite.

-|[Azure Service Bus queues](service-bus-queues-output.md)|Yes|Access key|

-|[Azure Service Bus topics](service-bus-topics-output.md)|Yes|Access key|

-|[Azure Cosmos DB](azure-cosmos-db-output.md)|Yes|Access key|

-* Routing Preference and cross-region load balancer aren't supported.