- - **result**: true

-

- 1. In **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant, and `your-domain-name` with your custom domain.

- 1. Select **Next**, and then **Next** to complete the app registration wizard.

-1. In **Claim rule template**, select **Send LDAP attributes as claims**.

-1. Provide a **Claim rule name**. For the **Attribute store**, select **Select Active Directory**, add the following claims.

- Note some of the names will not display in the outgoing claim type dropdown. You need to manually type them in. (The dropdown is editable).

-1. Select **Finish**, then select **Close**.

-1. For **Response type**, select **id_token**.

-[Moula](https://moula.com.au/pay/merchants), [Surveypal](https://www.surveypal.com/app), [Kbot365](https://www.konverso.ai/virtual-assistant-digital-workplace/), [TackleBox](http://www.tacklebox.app/), [Powell Teams](https://powell-software.com/en/powell-teams-en/), [Talentsoft Assistant](https://msteams.talent-soft.com/), [ASC Recording Insights](https://teams.asc-recording.app/product), [GO1](https://www.go1.com/), [B-Engaged](https://b-engaged.se/), [Competella Contact Center Workgroup](http://www.competella.com/), [Asite](http://www.asite.com/), [ImageSoft Identity](https://identity.imagesoftinc.com/), [My IBISWorld](https://identity.imagesoftinc.com/), [insuite](../saas-apps/insuite-tutorial.md), [Change Process Management](../saas-apps/change-process-management-tutorial.md), [Cyara CX Assurance Platform](../saas-apps/cyara-cx-assurance-platform-tutorial.md), [Smart Global Governance](../saas-apps/smart-global-governance-tutorial.md), [Prezi](../saas-apps/prezi-tutorial.md), [Mapbox](../saas-apps/mapbox-tutorial.md), [Datava Enterprise Service Platform](../saas-apps/datava-enterprise-service-platform-tutorial.md), [Whimsical](../saas-apps/whimsical-tutorial.md), [Trelica](../saas-apps/trelica-tutorial.md), [EasySSO for Confluence](../saas-apps/easysso-for-confluence-tutorial.md), [EasySSO for BitBucket](../saas-apps/easysso-for-bitbucket-tutorial.md), [EasySSO for Bamboo](../saas-apps/easysso-for-bamboo-tutorial.md), [Torii](../saas-apps/torii-tutorial.md), [Axiad Cloud](../saas-apps/axiad-cloud-tutorial.md), [Humanage](../saas-apps/humanage-tutorial.md), [ColorTokens ZTNA](../saas-apps/colortokens-ztna-tutorial.md), [CCH Tagetik](../saas-apps/cch-tagetik-tutorial.md), [ShareVault](../saas-apps/sharevault-tutorial.md), [Vyond](../saas-apps/vyond-tutorial.md), [TextExpander](../saas-apps/textexpander-tutorial.md), [Anyone Home CRM](../saas-apps/anyone-home-crm-tutorial.md), [askSpoke](../saas-apps/askspoke-tutorial.md), [ice Contact Center](../saas-apps/ice-contact-center-tutorial.md)

-Annotations: API Version: snapshot.storage.k8s.io/v1beta1

- Self Link: /apis/snapshot.storage.k8s.io/v1beta1/namespaces/default/volumesnapshots/azuredisk-volume-snapshot

- skuname: Premium_LRS # Currently shared disk is only available with premium SSD

-If the identity making the request exists in Azure AD, Azure will team with Kubernetes RBAC to authorize the request. If the identity exists outside of Azure AD (i.e., a Kubernetes service account), authorization will deter to the normal Kubernetes RBAC.

-## Using a private endpoint connection

- <api name="API name" id="API id" calls="number" renewal-period="seconds" />

-App Service Hybrid Connections are only available in Basic, Standard, Premium, and Isolated pricing SKUs. There are limits tied to the pricing plan.

-az webapp deployment source sync ΓÇô-resource-group <group-name> ΓÇô-name <app-name>

-> [Deploy from local Git repo](deploy-local-git.md)

-az webapp deploy --resource-group <grou-name> --name <app-name> --src-url "https://storagesample.blob.core.windows.net/sample-container/myapp.zip?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3

-az webapp deploy --resource-group <grou-name> --name <app-name> --src-url "https://storagesample.blob.core.windows.net/sample-container/myapp.war?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3

-Because App Service Environments (ASEs) are isolated to a single customer, there are certain configuration settings that can be applied exclusively to App Service Environments. This article documents the various specific customizations that are available for App Service Environments.

-If you do not have an App Service Environment, see [How to Create an ASEv3](./creation.md).

-Setting InternalEncryption to true encrypts internal network traffic in your ASE between the front ends and workers, encrypts the pagefile and also encrypts the worker disks. After the InternalEncryption clusterSetting is enabled, there can be an impact to your system performance. When you make the change to enable InternalEncryption, your ASE will be in an unstable state until the change is fully propagated. Complete propagation of the change can take a few hours to complete, depending on how many instances you have in your ASE. We highly recommend that you do not enable InternalEncryption on an ASE while it is in use. If you need to enable InternalEncryption on an actively used ASE, we highly recommend that you divert traffic to a backup environment until the operation completes.

-If you want to disable all inbound TLS 1.0 and TLS 1.1 traffic for all of the apps in an ASE, you can set the following **clusterSettings** entry:

-The ASE supports changing the cipher suite from the default. The default set of ciphers is the same set that is used in the multi-tenant service. Changing the cipher suites affects an entire App Service deployment making this only possible in the single-tenant ASE. There are two cipher suites required for an ASE; TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. If you wish to operate your ASE with the strongest and most minimal set of cipher suites, then use just the two required ciphers. To configure your ASE to use just the ciphers that it requires, modify the **clusterSettings** as shown below.

-An App Service Environment (ASE) v2 can be migrated to an [App Service Environment v3](overview.md). To learn more about the migration process and to see if your App Service Environment supports migration at this time, see the [Migration to App Service Environment v3 Overview](migrate.md).

-The following command will check whether your App Service Environment is supported for migration. If you receive an error or if your App Service Environment is in an unhealthy or suspended state, you can't migrate at this time. For an estimate of when you can migrate, see the [timeline](migrate.md#preview-limitations). If your environment [won't be supported for migration](migrate.md#migration-feature-limitations) or you want to migrate to ASEv3 without using the migration feature, see [migration alternatives](migration-alternatives.md).

-App Service can now migrate your App Service Environment (ASE) v2 to an [App Service Environment v3](overview.md). App Service Environment v3 provides [advantages and feature differences](overview.md#feature-differences) over earlier versions. Make sure to review the [supported features](overview.md#feature-differences) of App Service Environment v3 before migrating to reduce the risk of an unexpected application issue.

-If you're currently using App Service Environment (ASE) v1 or v2, you have the opportunity to migrate your workloads to [App Service Environment v3](overview.md). App Service Environment v3 has [advantages and feature differences](overview.md#feature-differences) that provide enhanced support for your workloads and can reduce overall costs. Consider using the [migration feature](migrate.md) if your environment falls into one of the [supported scenarios](migrate.md#supported-scenarios). If your environment isn't currently supported by the migration feature, you can wait for support if your scenario is listed in the [upcoming supported scenarios](migrate.md#preview-limitations). Otherwise, you can choose to use one of the alternative migration options given below.

-> [!NOTE]

-> This article is about the App Service Environment v3 which is used with Isolated v2 App Service plans

->

-App Service Environments (ASEs) are appropriate for application workloads that require:

-ASE's host applications from only one customer and do so in one of their virtual networks. Customers have fine-grained control over inbound and outbound application network traffic. Applications can establish high-speed secure connections over VPNs to on-premises corporate resources.

-There are many networking features that enable apps in the multi-tenant App Service to reach network isolated resources or become network isolated themselves. These features are enabled at the application level. With an ASE, there's no added configuration required for the apps to be in the virtual network. The apps are deployed into a network isolated environment that is already in a virtual network. On top of the ASE hosting network isolated apps, it's also a single-tenant system. There are no other customers using the ASE. If you really need a complete isolation story, you can also get your ASE deployed onto dedicated hardware.

-The ASE is a single tenant deployment of the Azure App Service that runs in your virtual network.

-Applications are hosted in App Service plans, which are created in an App Service Environment. The App Service plan is essentially a provisioning profile for an application host. As you scale your App Service plan out, you create more application hosts with all of the apps in that App Service plan on each host. A single ASEv3 can have up to 200 total App Service plan instances across all of the App Service plans combined. A single Isolated v2 App Service plan can have up to 100 instances by itself.

-> [!NOTE]

-> It is possible for the App Service plans and the apps they host to be provisioned in a different Subscription to the App Service Environment. This can be useful for segregating access. The prerequisties are:

-> - The Subscriptions must share the same Azure AD Tenant

-> - The App Service Environment, App Service plans and apps must be in the same region

-> - Today you cannot create App Service Plans and apps in a different subscription using the Azure Portal. Instead, use either [Azure REST API](/rest/api/appservice/app-service-plans/create-or-update) or [Azure Resource Manager Templates](/azure/templates/microsoft.web/allversions).

-The ASE feature is a deployment of the Azure App Service into a single subnet in a customer's virtual network. When you deploy an app into an ASE, the app will be exposed on the inbound address assigned to the ASE. If your ASE is deployed with an internal virtual IP (VIP), then the inbound address for all of the apps will be an address in the ASE subnet. If your ASE is deployed with an external VIP, then the inbound address will be an internet addressable address and your apps will be in public DNS.

-The number of addresses used by an ASEv3 in its subnet will vary based on how many instances you have along with how much traffic. There are infrastructure roles that are automatically scaled depending on the number of App Service plans and the load. The recommended size for your ASEv3 subnet is a `/24` CIDR block with 256 addresses in it as that can host an ASEv3 scaled out to its limit.

-The apps in an ASE do not need any features enabled to access resources in the same virtual network that the ASE is in. If the ASE virtual network is connected to another network, then the apps in the ASE can access resources in those extended networks. Traffic can be blocked by user configuration on the network.

-The multi-tenant version of Azure App Service contains numerous features to enable your apps to connect to your various networks. Those networking features enable your apps to act as if they were deployed in a virtual network. The apps in an ASEv3 do not need any configuration to be in the virtual network. A benefit of using an ASE over the multi-tenant service is that any network access controls to the ASE hosted apps is external to the application configuration. With the apps in the multi-tenant service, you must enable the features on an app by app basis and use RBAC or policy to prevent any configuration changes.

-Compared to earlier versions of the ASE, there are some differences with ASEv3. With ASEv3:

-There are a few features that are not available in ASEv3 that were available in earlier versions of the ASE. In ASEv3, you can't:

-With ASEv3, there is a different pricing model depending on the type of ASE deployment you have. The three pricing models are:

-The ASEv3 is available in the following regions.

-|Normal and dedicated host ASEv3 regions|AZ ASEv3 regions|

-App Service Environment has three versions: ASEv1, ASEv2, and ASEv3. The preceding information was based on ASEv3. To learn more about ASEv2, see [App Service Environment v2 introduction](./intro.md).

-The feature supports only one virtual interface per worker. One virtual interface per worker means one regional virtual network integration per App Service plan. All the apps in the same App Service plan can use the same virtual network integration. If you need an app to connect to another virtual network, you need to create another App Service plan. The virtual interface used isn't a resource that customers have direct access to.

-Because subnet size can't be changed after assignment, use a subnet that's large enough to accommodate whatever scale your app might reach. To avoid any issues with subnet capacity, use a `/26` with 64 addresses.

-description: This article introduces the Azure Application Standard_v2 and WAF_v2 SKU, which includes Autoscaling and Zone-redundant features.

-# Autoscaling and Zone-redundant Application Gateway v2

-Application Gateway is available under a Standard_v2 SKU. Web Application Firewall (WAF) is available under a WAF_v2 SKU. The v2 SKU offers performance enhancements and adds support for critical new features like autoscaling, zone redundancy, and support for static VIPs. Existing features under the Standard and WAF SKU continue to be supported in the new v2 SKU, with a few exceptions listed in [comparison](#differences-from-v1-sku) section.

-The new v2 SKU includes the following enhancements:

- Zone redundancy is available only where Azure Zones are available. In other regions, all other features are supported. For more information, see [Regions and Availability Zones in Azure](../availability-zones/az-overview.md)

-

-## Supported regions

-The Standard_v2 and WAF_v2 SKU is available in the following regions: North Central US, South Central US, West US, West US 2, East US, East US 2, Central US, North Europe, West Europe, Southeast Asia, France Central, UK West, Japan East, Japan West, Australia East, Australia Southeast, Brazil South, Canada Central, Canada East, East Asia, Korea Central, Korea South, UK South, Central India, West India, South India,Jio India West,Norway East,Switzerland North,UAE North,South Arica North,Germany West Central.

-## Pricing

-With the v2 SKU, the pricing model is driven by consumption and is no longer attached to instance counts or sizes. The v2 SKU pricing has two components:

-Each capacity unit is composed of at most: 1 compute unit, 2500 persistent connections, and 2.22-Mbps throughput.

-To learn more, see [Understanding pricing](understanding-pricing.md).

-## Scaling Application Gateway and WAF v2

-Azure Application Gateways are always deployed in a highly available fashion. The service is made out of multiple instances that are created as configured (if autoscaling is disabled) or required by the application load (if autoscaling is enabled). Note that from the user's perspective you do not necessarily have visibility into the individual instances, but just into the Application Gateway service as a whole. If a certain instance has a problem and stops being functional, Azure Application Gateway will transparently create a new instance.

-Please note that even if you configure autoscaling with zero minimum instances the service will still be highly available, which is always included with the fixed price.

-However, creating a new instance can take some time (around six or seven minutes). Hence, if you do not want to cope with this downtime you can configure a minimum instance count of 2, ideally with Availability Zone support. This way you will have at least two instances inside of your Azure Application Gateway under normal circumstances, so if one of them had a problem the other will try to cope with the traffic, during the time a new instance is being created. Note that an Azure Application Gateway instance can support around 10 Capacity Units, so depending on how much traffic you typically have you might want to configure your minimum instance autoscaling setting to a value higher than 2.

-## Feature comparison between v1 SKU and v2 SKU

-The following table compares the features available with each SKU.

-| Feature | v1 SKU | v2 SKU |

-| - | -- | -- |

-| Autoscaling | | &#x2713; |

-| Zone redundancy | | &#x2713; |

-| Static VIP | | &#x2713; |

-| Azure Kubernetes Service (AKS) Ingress controller | | &#x2713; |

-| Azure Key Vault integration | | &#x2713; |

-| Rewrite HTTP(S) headers | | &#x2713; |

-| URL-based routing | &#x2713; | &#x2713; |

-| Multiple-site hosting | &#x2713; | &#x2713; |

-| Traffic redirection | &#x2713; | &#x2713; |

-| Web Application Firewall (WAF) | &#x2713; | &#x2713; |

-| WAF custom rules | | &#x2713; |

-| WAF policy associations | | &#x2713; |

-| Transport Layer Security (TLS)/Secure Sockets Layer (SSL) termination | &#x2713; | &#x2713; |

-| End-to-end TLS encryption | &#x2713; | &#x2713; |

-| Session affinity | &#x2713; | &#x2713; |

-| Custom error pages | &#x2713; | &#x2713; |

-| WebSocket support | &#x2713; | &#x2713; |

-| HTTP/2 support | &#x2713; | &#x2713; |

-| Connection draining | &#x2713; | &#x2713; |

-> [!NOTE]

-> The autoscaling v2 SKU now supports [default health probes](application-gateway-probe-overview.md#default-health-probe) to automatically monitor the health of all resources in its back-end pool and highlight those backend members that are considered unhealthy. The default health probe is automatically configured for backends that don't have any custom probe configuration. To learn more, see [health probes in application gateway](application-gateway-probe-overview.md).

-## Differences from v1 SKU

-This section describes features and limitations of the v2 SKU that differ from the v1 SKU.

-|Difference|Details|

-|--|--|

-|Authentication certificate|Not supported.<br>For more information, see [Overview of end to end TLS with Application Gateway](ssl-overview.md#end-to-end-tls-with-the-v2-sku).|

-|Mixing Standard_v2 and Standard Application Gateway on the same subnet|Not supported|

-|User-Defined Route (UDR) on Application Gateway subnet|Supported (specific scenarios). In preview.<br> For more information about supported scenarios, see [Application Gateway configuration overview](configuration-infrastructure.md#supported-user-defined-routes).|

-|NSG for Inbound port range| - 65200 to 65535 for Standard_v2 SKU<br>- 65503 to 65534 for Standard SKU.<br>For more information, see the [FAQ](application-gateway-faq.yml#are-network-security-groups-supported-on-the-application-gateway-subnet).|

-|Performance logs in Azure diagnostics|Not supported.<br>Azure metrics should be used.|

-|Billing|Billing scheduled to start on July 1, 2019.|

-|FIPS mode|These are currently not supported.|

-|ILB only mode|This is currently not supported. Public and ILB mode together is supported.|

-|Net watcher integration|Not supported.|

-|Microsoft Defender for Cloud integration|Not yet available.

-## Migrate from v1 to v2

-An Azure PowerShell script is available in the PowerShell gallery to help you migrate from your v1 Application Gateway/WAF to the v2 Autoscaling SKU. This script helps you copy the configuration from your v1 gateway. Traffic migration is still your responsibility. For more information, see [Migrate Azure Application Gateway from v1 to v2](migrate-v1-v2.md).

-For more information about the Application Gateway Standard_v2 features, see [Autoscaling v2 SKU](application-gateway-autoscaling-zone-redundant.md).

-For an Application Gateway v1-v2 feature comparison, see [Autoscaling and Zone-redundant Application Gateway v2](application-gateway-autoscaling-zone-redundant.md#feature-comparison-between-v1-sku-and-v2-sku)

-> The HTTP header rewrite support is only available for the [Standard_v2 and WAF_v2 SKU](./application-gateway-autoscaling-zone-redundant.md) of Application Gateway. We recommend [migrating to v2](./migrate-v1-v2.md) for Header Rewrite and other [advanced capabilities](./application-gateway-autoscaling-zone-redundant.md#feature-comparison-between-v1-sku-and-v2-sku) that are available with v2 SKU.

-If it is your first time enabling Automanage for your VM, you can search in the Azure portal for **Automanage ΓÇô Azure machine best practices**. Click **Enable on existing VM**, select the [configuration profile](#configuration-profile) you wish to use and then select the machines you would like to onboard. Click **Enable**, and you're done.

-If you see the **Status** as *Not conformant*, you can troubleshoot by clicking on the status in the portal and using the troubleshooting links provided

-|Agent service |`https://<workspaceId>.agentsvc.azure-automation.net`|

-az sql mi-arc upgrade --name instance1 --target v1.0.0.20211028 --k8s-namespace arc1 --use-k8s

- * **OrchestrationStarted**: The orchestrator function resumed from an await or is running for the first time. The `Timestamp` column is used to populate the deterministic value for the `CurrentUtcDateTime` (.NET), `currentUtcDateTime` (JavaScript), and `current_utc_datetime` (Python) APIs.

-* Make sure that you have version 3.6, 3.7, or 3.8 of [Python](https://www.python.org/) installed.

-Deploys a function app in a custom Linux container to a Kubernetes cluster without KEDA.

-```command

-func deploy --name <FUNCTION_APP> --platform kubernetes --registry <DOCKER_USER>

-```

-This command builds your project as a custom container and publishes it to a Kubernetes cluster using a default scaler or using KNative. To publish to a cluster using KEDA for dynamic scale, instead use the [`func kubernetes deploy` command](#func-kubernetes-deploy). Custom containers must have a Dockerfile. To create an app with a Dockerfile, use the `--dockerfile` option with the [`func init` command](#func-init).

-The `deploy` action supports the following options:

-| Option | Description |

-| | -- |

-| **`--config`** | Sets an optional deployment configuration file. |

-| **`--max`** | Optionally, sets the maximum number of function app instances to deploy to. |

-| **`--min`** | Optionally, sets the minimum number of function app instances to deploy to. |

-| **`--name`** | Function app name (required). |

-| **`--platform`** | Hosting platform for the function app (required). Valid options are: `kubernetes` and `knative`.|

-| **`--registry`** | The name of a Docker Registry the current user signed-in to (required). |

-Core Tools uses the local Docker CLI to build and publish the image.

-Make sure your Docker is already installed locally. Run the `docker login` command to connect to your account.

-Deploys a Functions project as a custom docker container to a Kubernetes cluster using KEDA.

-This command builds your project as a custom container and publishes it to a Kubernetes cluster using KEDA for dynamic scale. To publish to a cluster using a default scaler or using KNative, instead use the [`func deploy` command](#func-deploy). Custom containers must have a Dockerfile. To create an app with a Dockerfile, use the `--dockerfile` option with the [`func init` command](#func-init).

-Since subnet size can't be changed after assignment, use a subnet that's large enough to accommodate whatever scale your app might reach. To avoid any issues with subnet capacity for Functions Premium plans, you should use a /24 with 256 addresses for Windows and a /26 with 64 addresses for Linux.

-The Azure Functions Core Tools supports three types of deployment:

-| Custom container | `func deploy` | Deploys your project to a Linux function app as a custom Docker container. |

-Using the Azure CLI, view the current runtime version with the [az functionapp config appsettings set](/cli/azure/functionapp/config/appsettings) command.

- > Typescript definitions can be imported into your application by adding the following code:

-| Country/region | Satellite Tiles | Minute Forecast, Radar Tiles | Severe Weather Alerts | Other* |

-|--|:-:|:--:|:--:|:--:|

-| Anguilla | Γ£ô | | | Γ£ô|

-| Antarctica | Γ£ô | | |Γ£ô|

-| Antigua and Barbuda | Γ£ô | | |Γ£ô|

-| Argentina | Γ£ô | | |Γ£ô|

-| Aruba | Γ£ô | | |Γ£ô|

-| Bahamas | Γ£ô | | |Γ£ô|

-| Barbados | Γ£ô | | |Γ£ô|

-| Belize | Γ£ô | | |Γ£ô|

-| Bermuda | Γ£ô | | |Γ£ô|

-| Bolivia | Γ£ô | | |Γ£ô|

-| Bonaire | Γ£ô | | |Γ£ô|

-| Brazil | Γ£ô | | Γ£ô |Γ£ô|

-| British Virgin Islands | Γ£ô | | |Γ£ô|

-| Canada | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Cayman Islands | Γ£ô | | |Γ£ô|

-| Chile | Γ£ô | | |Γ£ô|

-| Colombia | Γ£ô | | |Γ£ô|

-| Costa Rica | Γ£ô | | |Γ£ô|

-| Cuba | Γ£ô | | |Γ£ô|

-| Curaçao | ✓ | | |✓|

-| Dominica | Γ£ô | | |Γ£ô|

-| Dominican Republic | Γ£ô | | |Γ£ô|

-| Ecuador | Γ£ô | | |Γ£ô|

-| El Salvador | Γ£ô | | |Γ£ô|

-| Falkland Islands | Γ£ô | | |Γ£ô|

-| French Guiana | Γ£ô | | |Γ£ô|

-| Greenland | Γ£ô | | |Γ£ô|

-| Grenada | Γ£ô | | |Γ£ô|

-| Guadeloupe | Γ£ô | | |Γ£ô|

-| Guatemala | Γ£ô | | |Γ£ô|

-| Guyana | Γ£ô | | |Γ£ô|

-| Haiti | Γ£ô | | |Γ£ô|

-| Honduras | Γ£ô | | |Γ£ô|

-| Jamaica | Γ£ô | | |Γ£ô|

-| Martinique | Γ£ô | | |Γ£ô|

-| Mexico | Γ£ô | | |Γ£ô|

-| Montserrat | Γ£ô | | |Γ£ô|

-| Nicaragua | Γ£ô | | |Γ£ô|

-| Panama | Γ£ô | | |Γ£ô|

-| Paraguay | Γ£ô | | |Γ£ô|

-| Peru | Γ£ô | | |Γ£ô|

-| Puerto Rico | Γ£ô | | Γ£ô |Γ£ô|

-| Saint Barthélemy | ✓ | | |✓|

-| Saint Kitts and Nevis | Γ£ô | | |Γ£ô|

-| Saint Lucia | Γ£ô | | |Γ£ô|

-| Saint Martin | Γ£ô | | |Γ£ô|

-| Saint Pierre and Miquelon | Γ£ô | | |Γ£ô|

-| Saint Vincent and the Grenadines | Γ£ô | | |Γ£ô|

-| Sint Eustatius | Γ£ô | | |Γ£ô|

-| Sint Maarten | Γ£ô | | |Γ£ô|

-| South Georgia and South Sandwich Islands | Γ£ô | | |Γ£ô|

-| Suriname | Γ£ô | | |Γ£ô|

-| Trinidad and Tobago | Γ£ô | | |Γ£ô|

-| Turks and Caicos Islands | Γ£ô | | |Γ£ô|

-| U.S. Outlying Islands | Γ£ô | | |Γ£ô|

-| U.S. Virgin Islands | Γ£ô | | Γ£ô|Γ£ô|

-| United States | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Uruguay | Γ£ô | | |Γ£ô|

-| Venezuela | Γ£ô | | |Γ£ô|

-## Middle East and Africa

-| Country/region | Satellite Tiles | Minute Forecast, Radar Tiles | Severe Weather Alerts | Other* |

-|--|:-:|:--:|:--:|:--:|

-| Algeria | Γ£ô | | | Γ£ô|

-| Angola | Γ£ô | | | Γ£ô|

-| Bahrain | Γ£ô | | | Γ£ô|

-| Benin | Γ£ô | | | Γ£ô|

-| Botswana | Γ£ô | | | Γ£ô|

-| Bouvet Island | Γ£ô | | | Γ£ô|

-| Burkina Faso | Γ£ô | | | Γ£ô|

-| Burundi | Γ£ô | | | Γ£ô|

-| Cameroon | Γ£ô | | | Γ£ô|

-| Cabo Verde | Γ£ô | | | Γ£ô|

-| Central African Republic | Γ£ô | | | Γ£ô|

-| Chad | Γ£ô | | | Γ£ô|

-| Comoros | Γ£ô | | | Γ£ô|

-| Congo (DRC) | Γ£ô | | | Γ£ô|

-| C├┤te d'Ivoire | Γ£ô | | | Γ£ô|

-| Djibouti | Γ£ô | | | Γ£ô|

-| Egypt | Γ£ô | | | Γ£ô|

-| Equatorial Guinea | Γ£ô | | | Γ£ô|

-| Eritrea | Γ£ô | | | Γ£ô|

-| eSwatini | Γ£ô | | | Γ£ô|

-| Ethiopia | Γ£ô | | | Γ£ô|

-| French Southern Territories | Γ£ô | | | Γ£ô|

-| Gabon | Γ£ô | | | Γ£ô|

-| Gambia | Γ£ô | | | Γ£ô|

-| Ghana | Γ£ô | | | Γ£ô|

-| Guinea | Γ£ô | | | Γ£ô|

-| Guinea-Bissau | Γ£ô | | | Γ£ô|

-| Iran | Γ£ô | | | Γ£ô|

-| Iraq | Γ£ô | | | Γ£ô|

-| Israel | Γ£ô | | Γ£ô | Γ£ô|

-| Jordan | Γ£ô | | | Γ£ô|

-| Kenya | Γ£ô | | | Γ£ô|

-| Kuwait | Γ£ô | | | Γ£ô|

-| Lebanon | Γ£ô | | | Γ£ô|

-| Lesotho | Γ£ô | | | Γ£ô|

-| Liberia | Γ£ô | | | Γ£ô|

-| Libya | Γ£ô | | | Γ£ô|

-| Madagascar | Γ£ô | | | Γ£ô|

-| Malawi | Γ£ô | | | Γ£ô|

-| Mali | Γ£ô | | | Γ£ô|

-| Mauritania | Γ£ô | | | Γ£ô|

-| Mauritius | Γ£ô | | | Γ£ô|

-| Mayotte | Γ£ô | | | Γ£ô|

-| Morocco | Γ£ô | | | Γ£ô|

-| Mozambique | Γ£ô | | | Γ£ô|

-| Namibia | Γ£ô | | | Γ£ô|

-| Niger | Γ£ô | | | Γ£ô|

-| Nigeria | Γ£ô | | | Γ£ô|

-| Oman | Γ£ô | | | Γ£ô|

-| Palestinian Authority | Γ£ô | | | Γ£ô|

-| Qatar | Γ£ô | | | Γ£ô|

-| Réunion | ✓ | | | ✓|

-| Rwanda | Γ£ô | | | Γ£ô|

-| St Helena, Ascension, Tristan da Cunha | Γ£ô | | | Γ£ô|

-| São Tomé and Príncipe | ✓ | | | ✓|

-| Saudi Arabia | Γ£ô | | | Γ£ô|

-| Senegal | Γ£ô | | | Γ£ô|

-| Seychelles | Γ£ô | | | Γ£ô|

-| Sierra Leone | Γ£ô | | | Γ£ô|

-| Somalia | Γ£ô | | | Γ£ô|

-| South Africa | Γ£ô | | | Γ£ô|

-| South Sudan | Γ£ô | | | Γ£ô|

-| Sudan | Γ£ô | | | Γ£ô|

-| Syria | Γ£ô | | | Γ£ô|

-| Tanzania | Γ£ô | | | Γ£ô|

-| Togo | Γ£ô | | | Γ£ô|

-| Tunisia | Γ£ô | | | Γ£ô|

-| Uganda | Γ£ô | | | Γ£ô|

-| United Arab Emirates | Γ£ô | | | Γ£ô|

-| Yemen | Γ£ô | | | Γ£ô|

-| Zambia | Γ£ô | | | Γ£ô|

-| Zimbabwe | Γ£ô | | | Γ£ô|

-| Country/region | Satellite Tiles | Minute Forecast, Radar Tiles | Severe Weather Alerts | Other* |

-|--|:-:|:--:|:--:| :--:|

-| Afghanistan | Γ£ô | | | Γ£ô|

-| American Samoa | Γ£ô | | Γ£ô| Γ£ô|

-| Australia | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Bangladesh | Γ£ô | | | Γ£ô|

-| Bhutan | Γ£ô | | | Γ£ô|

-| British Indian Ocean Territory | Γ£ô | | | Γ£ô|

-| Brunei | Γ£ô | | | Γ£ô|

-| Cambodia | Γ£ô | | | Γ£ô|

-| China | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Christmas Island | Γ£ô | | | Γ£ô|

-| Cocos (Keeling) Islands | Γ£ô | | | Γ£ô|

-| Cook Islands | Γ£ô | | | Γ£ô|

-| Fiji | Γ£ô | | | Γ£ô|

-| French Polynesia | Γ£ô | | | Γ£ô|

-| Guam | Γ£ô | | Γ£ô| Γ£ô|

-| Heard Island and McDonald Islands | Γ£ô | | | Γ£ô|

-| Hong Kong SAR | Γ£ô | | | Γ£ô|

-| India | Γ£ô | | | Γ£ô|

-| Indonesia | Γ£ô | | | Γ£ô|

-| Japan | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Kazakhstan | Γ£ô | | | Γ£ô|

-| Kiribati | Γ£ô | | | Γ£ô|

-| Korea | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Kyrgyzstan | Γ£ô | | | Γ£ô|

-| Laos | Γ£ô | | | Γ£ô|

-| Macao SAR | Γ£ô | | | Γ£ô|

-| Malaysia | Γ£ô | | | Γ£ô|

-| Maldives | Γ£ô | | | Γ£ô|

-| Marshall Islands | Γ£ô | | Γ£ô | Γ£ô|

-| Micronesia | Γ£ô | | Γ£ô | Γ£ô|

-| Mongolia | Γ£ô | | | Γ£ô|

-| Myanmar | Γ£ô | | | Γ£ô|

-| Nauru | Γ£ô | | | Γ£ô|

-| Nepal | Γ£ô | | | Γ£ô|

-| New Caledonia | Γ£ô | | | Γ£ô|

-| New Zealand | Γ£ô | | Γ£ô | Γ£ô|

-| Niue | Γ£ô | | | Γ£ô|

-| Norfolk Island | Γ£ô | | | Γ£ô|

-| North Korea | Γ£ô | | | Γ£ô|

-| Northern Mariana Islands | Γ£ô | | Γ£ô | Γ£ô|

-| Pakistan | Γ£ô | | | Γ£ô|

-| Palau | Γ£ô | | Γ£ô | Γ£ô|

-| Papua New Guinea | Γ£ô | | | Γ£ô|

-| Philippines | Γ£ô | | Γ£ô | Γ£ô|

-| Pitcairn Islands | Γ£ô | | | Γ£ô|

-| Samoa | Γ£ô | | | Γ£ô|

-| Singapore | Γ£ô | | | Γ£ô|

-| Solomon Islands | Γ£ô | | | Γ£ô|

-| Sri Lanka | Γ£ô | | | Γ£ô|

-| Taiwan | Γ£ô | | | Γ£ô|

-| Tajikistan | Γ£ô | | | Γ£ô|

-| Thailand | Γ£ô | | | Γ£ô|

-| Timor-Leste | Γ£ô | | | Γ£ô|

-| Tokelau | Γ£ô | | | Γ£ô|

-| Tonga | Γ£ô | | | Γ£ô|

-| Turkmenistan | Γ£ô | | | Γ£ô|

-| Tuvalu | Γ£ô | | | Γ£ô|

-| Uzbekistan | Γ£ô | | | Γ£ô|

-| Vanuatu | Γ£ô | | | Γ£ô|

-| Vietnam | Γ£ô | | | Γ£ô|

-| Wallis and Futuna | Γ£ô | | | Γ£ô|

-| Country/region | Satellite Tiles | Minute Forecast, Radar Tiles | Severe Weather Alerts | Other* |

-|--|:-:|:--:|:--:|:--:|

-| Albania | Γ£ô | | | Γ£ô|

-| Andorra | Γ£ô | | Γ£ô | Γ£ô|

-| Armenia | Γ£ô | | | Γ£ô|

-| Austria | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Azerbaijan | Γ£ô | | | Γ£ô|

-| Belarus | Γ£ô | | | Γ£ô|

-| Belgium | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Bosnia and Herzegovina | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Bulgaria | Γ£ô | | Γ£ô| Γ£ô|

-| Croatia | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Cyprus | Γ£ô | | Γ£ô | Γ£ô|

-| Czechia | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Denmark | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Estonia | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Faroe Islands | Γ£ô | | | Γ£ô|

-| Finland | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| France | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Georgia | Γ£ô | | | Γ£ô|

-| Germany | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Gibraltar | Γ£ô | Γ£ô | | Γ£ô|

-| Greece | Γ£ô | | Γ£ô| Γ£ô|

-| Guernsey | Γ£ô | | | Γ£ô|

-| Hungary | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Iceland | Γ£ô | | Γ£ô | Γ£ô|

-| Ireland | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Italy | Γ£ô | | Γ£ô| Γ£ô|

-| Isle of Man | Γ£ô | | | Γ£ô|

-| Jan Mayen | Γ£ô | | | Γ£ô|

-| Jersey | Γ£ô | | | Γ£ô|

-| Kosovo | Γ£ô | | Γ£ô| Γ£ô|

-| Latvia | Γ£ô | | Γ£ô | Γ£ô|

-| Liechtenstein | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Lithuania | Γ£ô | | Γ£ô | Γ£ô|

-| Luxembourg | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| North Macedonia | Γ£ô | | Γ£ô | Γ£ô|

-| Malta | Γ£ô | | Γ£ô | Γ£ô|

-| Moldova | Γ£ô | Γ£ô | Γ£ô | Γ£ô|

-| Monaco | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Montenegro | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Netherlands | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Norway | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Poland | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Portugal | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Romania | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Russia | Γ£ô | | Γ£ô| Γ£ô|

-| San Marino | Γ£ô | | Γ£ô| Γ£ô|

-| Serbia | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Slovakia | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Slovenia | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Spain | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Svalbard | Γ£ô | | | Γ£ô|

-| Sweden | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Switzerland | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Turkey | Γ£ô | | | Γ£ô|

-| Ukraine | Γ£ô | | | Γ£ô|

-| United Kingdom | Γ£ô | Γ£ô | Γ£ô| Γ£ô|

-| Vatican City | Γ£ô | |Γ£ô | Γ£ô|

-### Event Hub (Preview)

-> The Event Hub action type is currently in *Preview*. During the preview there may be bugs and disruptions in availability of the functionality.

-An Event Hub action publishes notifications to an [Azure Event Hub](~/articles/event-hubs/event-hubs-about.md). You may then subscribe to the alert notification stream from your event receiver.

-The rate limit thresholds are:

-* Learn how to [configure alerts whenever a service health notification is posted](../../service-health/alerts-activity-log-service-notifications-portal.md).

-In Azure Monitor, there is a standalone pane for Change Analysis to view all changes with insights into application dependencies and resources.

-Search for Change Analysis in the search bar on Azure portal to launch the experience.

-

-All resources under a selected subscription are displayed with changes from the past 24 hours. All changes are displayed with old value and new value to provide insights at one glance.

-

-Clicking into a change to view full Resource Manager snippet and other properties.

-

-For any feedback, use the send feedback button or email changeanalysisteam@microsoft.com.

-

-

-Application Change Analysis is a standalone detector in the Web App diagnose and solve problems tools. It is also aggregated in **Application Crashes** and **Web App Down detectors**. As you enter the Diagnose and Solve Problems tool, the **Microsoft.ChangeAnalysis** resource provider will automatically be registered. Follow these instructions to enable web app in-guest change tracking.

- 

-2. Select **Application Changes**. The feature is also available in **Application Crashes**.

- 

-3. The link leads to Application Change Analysis UI scoped to the web app. If web app in-guest change tracking is not enabled, follow the banner to get file and app settings changes.

- 

-4. Turn on **Change Analysis** and select **Save**. The tool displays all web apps under an App Service plan. You can use the plan level switch to turn on Change Analysis for all web apps under a plan.

- 

-5. Change data is also available in select **Web App Down** and **Application Crashes** detectors. You'll see a graph that summarizes the type of changes over time along with details on those changes. By default, changes in the past 24 hours are displayed to help with immediate problems.

- 

-## Diagnose and Solve Problems tool

-Change Analysis is available as an insight card in Diagnose and Solve Problem tool. If a resource experiences issues and there are changes discovered in the past 72 hours, the insights card will display the number of changes. Clicking on view change details link will lead to the filtered view from Change Analysis standalone UI.

-

-Go to Diagnose and Solve Problems tool for a Virtual Machine. Go to **Troubleshooting Tools**, browse down the page and select **Analyze recent changes** to view changes on the Virtual Machine.

-

-

-## Activity Log Change History

-The [View change history](../essentials/activity-log.md#view-change-history) feature in Activity Log calls Application Change Analysis service backend to get changes associated with an operation. **Change history** used to call [Azure Resource Graph](../../governance/resource-graph/overview.md) directly, but swapped the backend to call Application Change Analysis so changes returned will include resource level changes from [Azure Resource Graph](../../governance/resource-graph/overview.md), resource properties from [Azure Resource Manager](../../azure-resource-manager/management/overview.md), and in-guest changes from PaaS services such as App Services web app.

-In order for the Application Change Analysis service to be able to scan for changes in users' subscriptions, a resource provider needs to be registered. The first time entering **Change History** tab, the tool will automatically start to register **Microsoft.ChangeAnalysis** resource provider. After registered, changes from **Azure Resource Graph** will be available immediately and cover the past 14 days. Changes from other sources will be available after ~4 hours after subscription is onboard.

-

-Users having [VM Insights](../vm/vminsights-overview.md) enabled can view what changed in their virtual machines that might of caused any spikes in a metrics chart such as CPU or Memory. Change data is integrated in the VM Insights side navigation bar. User can view if any changes happened in the VM and select **Investigate Changes** to view change details in Application Change Analysis standalone UI.

-[](./media/change-analysis/vm-insights.png#lightbox)

-# Use Application Change Analysis (preview) in Azure Monitor

-When a live site issue or outage occurs, quickly determining the root cause is critical. Standard monitoring solutions might alert you to a problem. They might even indicate which component is failing. But this alert won't always immediately explain the failure's cause. You know your site worked five minutes ago, and now it's broken. What changed in the last five minutes? This is the question that Application Change Analysis is designed to answer in Azure Monitor.

-Building on the power of [Azure Resource Graph](../../governance/resource-graph/overview.md), Change Analysis provides insights into your Azure application changes to increase observability and reduce MTTR (mean time to repair).

-> Change Analysis is currently in preview. This preview version is provided without a service-level agreement. This version is not recommended for production workloads. Some features might not be supported or might have constrained capabilities. For more information, see [Supplemental terms of use for Microsoft Azure previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).

-Change Analysis detects various types of changes, from the infrastructure layer all the way to application deployment. It's a subscription-level Azure resource provider that checks resource changes in the subscription. Change Analysis provides data for various diagnostic tools to help users understand what changes might have caused issues.

-Application change analysis queries for Azure Resource Manager tracked properties, proxied configurations, and web app in-guest changes. In addition, the service tracks resource dependency changes to diagnose and monitor an application end-to-end.

-Using [Azure Resource Graph](../../governance/resource-graph/overview.md), Change Analysis provides a historical record of how the Azure resources that host your application have changed over time. Tracked settings such as managed identities, Platform OS upgrade, and hostnames can be detected.

-Settings such as IP Configuration rule, TLS settings, and extension versions are not yet available in Azure Resource Graph, so Change Analysis queries and computes these changes securely to provide more details in what changed in the app.

-Change Analysis captures the deployment and configuration state of an application every 4 hours. It can detect, for example, changes in the application environment variables. The tool computes the differences and presents what has changed. Unlike Resource Manager changes, code deployment change information might not be available immediately in the tool. To view the latest changes in Change Analysis, select **Refresh**.

-

-Changes to resource dependencies can also cause issues in a resource. For example, if a web app calls into a Redis cache, the Redis cache SKU could affect the web app performance. Another example is if port 22 was closed in a Virtual Machine's Network Security Group, it will cause connectivity errors.

-Application Change Analysis detects related resources. Common examples are Network Security Group, Virtual Network, Application Gateway, and Load Balancer related to a Virtual Machine.

-The network resources are usually automatically provisioned in the same resource group as the resources using it, so filtering the changes by resource group will show all changes for the Virtual Machine and related networking resources.

-

-The Application Change Analysis service computes and aggregates change data from the data sources mentioned above. It provides a set of analytics for users to easily navigate through all resource changes and to identify which change is relevant in the troubleshooting or monitoring context.

-"Microsoft.ChangeAnalysis" resource provider needs to be registered with a subscription for the Azure Resource Manager tracked properties and proxied settings change data to be available. As you enter the Web App diagnose and solve problems tool or bring up the Change Analysis standalone tab, this resource provider is automatically registered.

-For web app in-guest changes, separate enablement is required for scanning code files within a web app. For more information, see [Change Analysis in the Diagnose and solve problems tool](change-analysis-visualizations.md#application-change-analysis-in-the-diagnose-and-solve-problems-tool) section later in this article for more details.

-## Cost

-Application Change Analysis is a free service - it does not incur any billing cost to subscriptions with it enabled. The service also does not have any performance impact for scanning Azure Resource properties changes. When you enable Change Analysis for web apps in-guest file changes (or enable the Diagnose and Solve problems tool), it will have negligible performance impact on the web app and no billing cost.

-If your subscription includes numerous web apps, enabling the service at the level of the web app would be inefficient. Run the following script to enable all web apps in your subscription.

-Pre-requisites:

-Run the following script:

-|Azure App Service on Linux | N/A | Not supported | GA | GA | Not supported |

-|Azure VMs Windows | Public Preview | Not supported | Through agent | Not supported | Not supported |

-|On-Premises VMs Windows | GA, opt-in | Not supported | Through agent | Not supported | Not supported |

-* [Node.js](../app/nodejs-quick-start.md)

-To apply additional filters, select **Add filters**. The options you'll see will vary depending on the tiles in your dashboard. For example, you may be able to show only data for a specific subscription or location. Select the filter you'd like to use and make your selections. The filter will then be applied to your data. To remove a filter, select the **X** in its button.

-> Backup storage redundancy for Hyperscale and SQL Managed Instance can only be set during database creation. This setting cannot be modified once the resource is provisioned. [Database copy](database-copy.md) process can be used to update the backup storage redundancy settings for an existing Hyperscale database.

-Configurable storage redundancy for SQL Databases can be configured at the time of database creation or can be updated for an existing database; the changes made to an existing database apply to future backups only. For SQL Managed Instance and HyperScale backup storage redundancy can only be specified during the create process. Once the resource is provisioned, you can't change the backup storage redundancy option. The default value is geo-redundant storage. For differences in pricing between locally redundant, zone-redundant and geo-redundant backup storage visit [managed instance pricing page](https://azure.microsoft.com/pricing/details/azure-sql/sql-managed-instance/single/).

-In the Azure portal, the option to change backup storage redundancy is located on the **Compute + storage** pane accessible from the **Configure Managed Instance** option on the **Basics** tab when you are creating your SQL Managed Instance.

-

-

-> Authentication using Azure Active Directory with elastic queries is not currently supported.

-| Max concurrent workers (requests) per pool ² | 100 | 200 | 400 | 600 | 800 | 1600 | 2400 | 3200 |

-² For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-| Max concurrent workers (requests) per pool ³ | 100 | 200 | 400 | 600 | 800 | 1600 |

-³ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-| Max concurrent workers (requests) per pool ³ | 2400 | 3200 | 4000 | 5000 | 6000 |

-³ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-³ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-| Max concurrent workers (requests) per pool ³ | 3200 | 4000 | 4800 | 5600 | 6400 |

-³ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-| Max concurrent workers (requests) | 30 |

-| Max concurrent workers (requests)| 60 | 90 | 120 | 200 |

-| Max concurrent workers (requests)| 400 | 800 | 1600 | 3200 |6000 |

-| Max concurrent workers (requests)| 200 | 400 | 800 | 1600 | 2800 | 6400 |

-description: This article provides an overview of the resource management in Azure SQL Database. It also provides information regarding what happens when those resource limits are reached.

-This article provides an overview of resource management in Azure SQL Database. It provides information on what happens when resource limits are reached, and describes resource governance mechanisms that are used to enforce these limits.

-### Sessions and workers (requests)

-When encountering high session or worker utilization, mitigation options include:

-|Max concurrent workers per pool (requests) ⁴ |210|420|630|840|1050|1260|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|1470|1680|1890|2100|3360|5040|

-|Max concurrent logins pool (requests) ⁴|1470|1680|1890|2100|3360|5040|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|210|420|630|840|1050|1260|1470|

-|Max concurrent logins per pool (requests) ⁴|210|420|630|840|1050|1260|1470|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|1680|1890|2100|2520|3360|4200|8400|

-|Max concurrent logins per pool (requests) ⁴|1680|1890|2100|2520|3360|4200|8400|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|400|500|600|700|800|

-|Max concurrent logins per pool (requests) ⁴|800|1000|1200|1400|1600|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|900|1000|1200|1600|1800|3600|

-|Max concurrent logins per pool (requests) ⁴|1800|2000|2400|3200|3600|7200|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|168|336|504|672|

-|Max concurrent logins per pool (requests) ⁴|168|336|504|672|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|420|630|840|1050|1260|

-|Max concurrent logins per pool (requests) ⁴|420|630|840|1050|1260|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|1470|1680|1890|2100|3360|5040|

-|Max concurrent logins per pool (requests) ⁴|1470|1680|1890|2100|3360|5040|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|420|630|840|1050|1260|1470|

-|Max concurrent logins per pool (requests) ⁴|420|630|840|1050|1260|1470|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|1680|1890|2100|2520|3360|4200|8400|

-|Max concurrent logins per pool (requests) ⁴|1680|1890|2100|2520|3360|4200|8400|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|800|1,000|1,200|1,400|1,600|1,800|

-|Max concurrent logins per pool (requests) ⁴|800|1,000|1,200|1,400|1,600|1,800|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|2,000|2,400|3,200|6,400|12,800|

-|Max concurrent logins per pool (requests) ⁴|2,000|2,400|3,200|6,400|12,800|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers per pool (requests) ⁴|168|336|504|672|

-|Max concurrent logins per pool (requests) ⁴|168|336|504|672|

-⁴ For the max concurrent workers (requests) for any individual database, see [Single database resource limits](resource-limits-vcore-single-databases.md). For example, if the elastic pool is using Gen5 and the max vCore per database is set at 2, then the max concurrent workers value is 200. If max vCore per database is set to 0.5, then the max concurrent workers value is 50 since on Gen5 there are a max of 100 concurrent workers per vCore. For other max vCore settings per database that are less 1 vCore or less, the number of max concurrent workers is similarly rescaled.

-|Max concurrent workers (requests)|75|150|300|450|600|

-|Max concurrent workers (requests)|750|900|1050|1200|

-|Max concurrent workers (requests)|1350|1500|1800|2400|3000|

-|Max concurrent workers (requests)|200|400|600|800|1000|1200|

-|Max concurrent workers (requests)|1400|1600|1800|2000|3200|4800|

-|Max concurrent workers (requests)|200|400|600|800|1000|1200|1400|

-|Max concurrent workers (requests)|1600|1800|2000|2400|3200|4000|8000|

-|Max concurrent workers (requests)|160|320|480|640|

-|Max concurrent workers (requests)|200|400|600|800|1000|1200|

-|Max concurrent workers (requests)|1400|1600|1800|2000|3200|4800|

-|Max concurrent workers (requests)|200|400|600|800|1000|1200|1400|

-|Max concurrent workers (requests)|1600|1800|2000|2400|3200|4000|8000|

-|Max concurrent workers (requests)|400|500|600|700|800|

-|Max concurrent workers (requests)|900|1000|1200|1600|1800|3600|

-|Max concurrent workers (requests)|160|320|480|640|

-|Max concurrent workers (requests)|200|400|600|800|1000|1200|

-|Max concurrent workers (requests)|1400|1600|1800|2000|3200|4800|

-|Max concurrent logins (requests)|1400|1600|1800|2000|3200|4800|

-|Max concurrent workers (requests)|200|400|600|800|1000|1200|1400|

-|Max concurrent workers (requests)|1600|1800|2000|2400|3200|4000|8000|

-|Max concurrent workers (requests)|800|1,000|1,200|1,400|1,600|1,800|

-|Max concurrent workers (requests)|2,000|2,400|3,200|6,400|12,800|

-|Max concurrent workers (requests)|200|400|600|800|

-The Azure infrastructure has the ability to dynamically reconfigure servers when heavy workloads arise in the SQL Database service. This dynamic behavior might cause your client program to lose its connection to the database or instance. This kind of error condition is called a *transient fault*. Database reconfiguration events occur because of a planned event (for example, a software upgrade) or an unplanned event (for example, a process crash, or load balancing). Most reconfiguration events are generally short-lived and should be completed in less than 60 seconds at most. However, these events can occasionally take longer to finish, such as when a large transaction causes a long-running recovery. The following table lists various transient errors that applications can receive when connecting to SQL Database

-### Error 10928: Resource ID: %d

-`10928: Resource ID: %d. The %s limit for the database is %d and has been reached. See http://go.microsoft.com/fwlink/?LinkId=267637 for assistance. The Resource ID value in error message indicates the resource for which limit has been reached. For sessions, Resource ID = 2.`

-To work around this issue, try one of the following methods:

- > [!NOTE]

- > This is a minimalist approach that might not resolve the issue. For more thorough information on troubleshooting long running or blocking queries, see [Understand and resolve Azure SQL Database blocking problems](understand-resolve-blocking.md).

-1. Run the following SQL query to check the [sys.dm_exec_requests](/sql/relational-databases/system-dynamic-management-views/sys-dm-exec-requests-transact-sql) view to see any blocking requests:

- ```sql

- SELECT * FROM sys.dm_exec_requests;

- ```

-1. Determine the **input buffer** for the head blocker using the [sys.dm_exec_input_buffer](/sql/relational-databases/system-dynamic-management-views/sys-dm-exec-input-buffer-transact-sql) dynamic management function, and the session_id of the offending query, for example:

- ```sql

- SELECT * FROM sys.dm_exec_input_buffer (100,0);

- ```

-1. Tune the head blocker query.

-If the database consistently reaches its limit despite addressing blocking and long-running queries, consider upgrading to an edition with more resources [Editions](https://azure.microsoft.com/pricing/details/sql-database/).

-For more information about database limits, see [SQL Database resource limits for servers](./resource-limits-logical-server.md).

-The following steps can either help you work around the problem or provide you with additional options:

-1. Check the `sys.dm_exec_requests` view to see any open sessions that have a high value for the `total_elapsed_time` column. Perform this check by running the following SQL script:

- ```sql

- SELECT * FROM sys.dm_exec_requests;

- ```

-2. Determine the input buffer for the head blocker using the [sys.dm_exec_input_buffer](/sql/relational-databases/system-dynamic-management-views/sys-dm-exec-input-buffer-transact-sql) dynamic management function, and the `session_id` of the offending query, for example:

- ```sql

- SELECT * FROM sys.dm_exec_input_buffer (100,0);

- ```

-3. Tune the query.

-Also consider batching your queries. For information on batching, see [How to use batching to improve SQL Database application performance](../performance-improve-use-batching.md).

-### Table of additional resource governance error messages

-| 10928 |20 |Resource ID: %d. The %s limit for the database is %d and has been reached. For more information, see [SQL Database resource limits for single and pooled databases](resource-limits-logical-server.md).<br/><br/>The Resource ID indicates the resource that has reached the limit. For worker threads, the Resource ID = 1. For sessions, the Resource ID = 2.<br/><br/>For more information about this error and how to resolve it, see: <br/>&bull; &nbsp;[Logical SQL server resource limits](resource-limits-logical-server.md)<br/>&bull; &nbsp;[DTU-based limits for single databases](service-tiers-dtu.md)<br/>&bull; &nbsp;[DTU-based limits for elastic pools](resource-limits-dtu-elastic-pools.md)<br/>&bull; &nbsp;[vCore-based limits for single databases](resource-limits-vcore-single-databases.md)<br/>&bull; &nbsp;[vCore-based limits for elastic pools](resource-limits-vcore-elastic-pools.md)<br/>&bull; &nbsp;[Azure SQL Managed Instance resource limits](../managed-instance/resource-limits.md). |

-| 10929 | 16 |The %s minimum guarantee is %d, maximum limit is %d, and the current usage for the database is %d. However, the server is currently too busy to support requests greater than %d for this database. For information on resource limits, see: <br/>&bull; &nbsp;[DTU-based limits for elastic pools](resource-limits-dtu-elastic-pools.md)<br/>&bull; &nbsp;[vCore-based limits for elastic pools](resource-limits-vcore-elastic-pools.md). <br/> Otherwise, try again later. DTU / vCore min per database; DTU / vCore max per database. The total number of concurrent workers (requests) across all databases in the elastic pool attempted to exceed the pool limit. |Consider increasing the DTUs or vCores of the elastic pool if possible in order to increase its worker limit, or remove databases from the elastic pool. |

-4. Test the connectivity between the application server and the Azure SQL Database by using [SQL Server management Studio (SSMS)](./connect-query-ssms.md), a UDL file, ping, or telnet. For more information, see [Troubleshooting connectivity issues](https://support.microsoft.com/help/4009936/solving-connectivity-errors-to-sql-server) and [Diagnostics for connectivity issues](./troubleshoot-common-connectivity-issues.md#diagnostics).

-| Max concurrent workers (requests) | 105 * number of vCores + 800 | 105 * vCore count + 800 |

-| Max concurrent workers (requests) | Gen4: 210 * number of vCores + 800 | Gen4: 210 * vCore count + 800 |

-| [Get-AzSqlInstanceDatabaseGeoBackup](/powershell/module/az.sql/Get-AzSqlInstanceDatabaseGeoBackup) | Creates a geo-redundant backup of a SQL Managed Instance database. |

-1. **Select Azure Postgres databases to back up**: Choose one of the Azure PostgreSQL servers across subscriptions if they're in the same region as that of the vault. Expand the arrow to see the list of databases within a server.

-[Troubleshoot PostgreSQL database backup by using Azure Backup](backup-azure-database-postgresql-troubleshoot.md)

-Once backup has been enabled for a DB, you can also trigger an on-demand backup for the DB using [Backup-AzRecoveryServicesBackupItem](/powershell/module/az.recoveryservices/backup-azrecoveryservicesbackupitem) PowerShell cmdlet. The following example triggers a full backup on a SQL DB with compression enabled and the full backup should be retained for 60 days.

-Backup-AzRecoveryServicesBackupItem -Item $bkpItem -BackupType Full -EnableCompression -VaultId $testVault.ID -ExpiryDateTimeUTC $endDate

-| Client computers (64-bit) | Windows 10 | Physical server <br><br> Hyper-V virtual machine <br><br> VMware virtual machine | V3 UR1 and V3 UR2 | Volume, share, folder, files, deduped volumes <br><br> Protected volumes must be NTFS. FAT and FAT32 aren't supported. <br><br> Volumes must be at least 1 GB. Azure Backup Server uses Volume Shadow Copy Service (VSS) to take the data snapshot and the snapshot only works if the volume is at least 1 GB. |

-[4578950]: https://support.microsoft.com/kb/4578950  

-[4578954]: https://support.microsoft.com/kb/4578954 

-[5004335]: https://support.microsoft.com/kb/5004335 

-[5001401]: https://support.microsoft.com/kb/5001401 

-[5001403]: https://support.microsoft.com/kb/5001403 

-[5008287]: https://support.microsoft.com/kb/5008287 

-[4494175 ]: https://support.microsoft.com/kb/4494175 

-## Notebook

-To learn how to call the Anomaly Detector API (multivariate), try this [Notebook](https://github.com/Azure-Samples/AnomalyDetector/blob/master/ipython-notebook/API%20Sample/Multivariate%20API%20Demo%20Notebook.ipynb). This Jupyter Notebook shows you how to send an API request and visualize the result.

-To run the Notebook, you should get a valid Anomaly Detector API **subscription key** and an **API endpoint**. In the notebook, add your valid Anomaly Detector API subscription key to the `subscription_key` variable, and change the `endpoint` variable to your endpoint.

-> Chinese, Japanese, and Korean characters count as two characters for billing. For more information, see [Pricing](https://azure.microsoft.com/pricing/details/cognitive-services/speech-services/).

-> Each Chinese, Japanese, and Korean language character is counted as two characters for billing.

-| [Language service][ta-containers-keyphrase] | **Key Phrase Extraction** ([image](https://go.microsoft.com/fwlink/?linkid=2018757&clcid=0x409)) | Extracts key phrases to identify the main points. For example, for the input text "The food was delicious and there were wonderful staff", the API returns the main talking points: "food" and "wonderful staff". | Generally available |

-| [Language service][ta-containers-language] | **Text Language Detection** ([image](https://go.microsoft.com/fwlink/?linkid=2018759&clcid=0x409)) | For up to 120 languages, detects which language the input text is written in and report a single language code for every document submitted on the request. The language code is paired with a score indicating the strength of the score. | Generally available |

-| [Language service][ta-containers-sentiment] | **Sentiment Analysis** ([image](https://go.microsoft.com/fwlink/?linkid=2018654&clcid=0x409)) | Analyzes raw text for clues about positive or negative sentiment. This version of sentiment analysis returns sentiment labels (for example *positive* or *negative*) for each document and sentence within it. | Generally available |

-| [Translator][tr-containers] | **Translator** | Translate text in several languages and dialects. | Gated preview. [Request access](https://aka.ms/csgate-translator). |

-| [Speech Service API][sp-containers-stt] | **Speech-to-text** ([image](https://hub.docker.com/_/microsoft-azure-cognitive-services-speechservices-custom-speech-to-text)) | Transcribes continuous real-time speech into text. | Generally available |

-| [Speech Service API][sp-containers-ntts] | **Neural Text-to-speech** ([image](https://hub.docker.com/_/microsoft-azure-cognitive-services-speechservices-neural-text-to-speech)) | Converts text to natural-sounding speech using deep neural network technology, allowing for more natural synthesized speech. | Generally available |

-| [Computer Vision][cv-containers] | **Read OCR** ([image](https://hub.docker.com/_/microsoft-azure-cognitive-services-vision-read)) | The Read OCR container allows you to extract printed and handwritten text from images and documents with support for JPEG, PNG, BMP, PDF, and TIFF file formats. For more information, see the [Read API documentation](./computer-vision/overview-ocr.md). | Generally Available. |

-1. Select **Change** to view the available commitments for hosted API and container usage.

-3. Select the model you want to deploy, then select **Deploy model**.

-3. Select the model you want to deploy, then select **Deploy model**.

-## Send a text classification request to your model

- "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#",

-* Update to Typescript 3.5 (#327)

-You can save and share customized views with others by pinning cost analysis to the Azure portal dashboard or by copying a link to cost analysis. You can also download a snapshot of the data or views and manually share it with others.

-Watch the video [Sharing and saving views in Cost Management](https://www.youtube.com/watch?v=kQkXXj-SmvQ) to learn more about how to use the portal to share cost knowledge around your organization. To watch other videos, visit the [Cost Management YouTube channel](https://www.youtube.com/c/AzureCostManagement).

-## Save and share a view

-When you save a view, all settings in cost analysis are saved, including filters, grouping, granularity, the main chart type, and donut charts. Underlying data isn't saved.

-After you save a view, you can share the URL to it with others using the **Share** command. The URL is specific to your current scope. Sharing only shares the view configuration and doesn't grant others access to the underlying data. If you don't have access to the scope, you'll see an `access denied` message.

-You can also pin the current view to an Azure portal dashboard. The pinned view is a condensed view of the main chart or table and doesn't update when the view is updated. A pinned dashboard isn't the same thing as a saved view.

-1. In Cost analysis, make sure that the settings for your current view are the ones that you want saved.

-2. Under your billing scope or subscription name, select **Save** to update your current view or **Save as** to save a new view.

-1. After you save a view, it's available to select from the **View** list.

- :::image type="content" source="./media/save-share-views/view-list.png" alt-text="Screen shot showing the View list." lightbox="./media/save-share-views/view-list.png" :::

-1. In Cost analysis, ensure that the currently selected view is the one that you want to share.

-2. Under your billing scope or subscription name, select **Share**.

-3. In the **Share** box, select **Copy to clipboard** to copy the URL and then select **OK**.

- :::image type="content" source="./media/save-share-views/share.png" alt-text="Screen shot showing the Share box." lightbox="./media/save-share-views/share.png" :::

-1. Paste the URL using any application that you like to send to others.

-## Pin to dashboard

-As mentioned previously, a pinned dashboard is only a saved main chart or table view. It's essentially a thumbnail view of the main chart you can select to get back to the view where the dashboard was originally pinned from.

-To pin cost analysis to a dashboard

-1. In Cost analysis, ensure that the currently selected view is the one that you want to pin.

-2. To the right of your billing scope or subscription name, select the **Pin** symbol.

-3. In the Pin to dashboard window, choose **Existing** to pin the current view to the existing dashboard or choose **Create new** to pin the current view to a new dashboard.

- :::image type="content" source="./media/save-share-views/pin-dashboard.png" alt-text="Screen shot showing the Pin to dashboard page." lightbox="./media/save-share-views/pin-dashboard.png" :::

-1. Select **Private** to if you don't want to share the dashboard and then select Pin or select **Shared to share** the dashboard with multiple subscriptions and then select **Pin**.

-1. To view the dashboard after you've pinned it, from the Azure portal menu, select **Dashboard**.

- :::image type="content" source="./media/save-share-views/saved-dashboard.png" alt-text="Screen shot showing the saved Dashboard page." lightbox="./media/save-share-views/saved-dashboard.png" :::

-## Download data

-When you want to share information with others that don't have access to Cost analysis, you can **Download** the current view in PNG, Excel, and CSV formats. Then you can share it with them by email or other means. The downloaded data is a snapshot, so it isn't automatically updated.

-On 1 January 2022, Microsoft and other online merchants will no longer be storing credit card information. To comply with this regulation Microsoft will be removing all stored card details from Microsoft Azure. To avoid service interruption, you will need to add a payment method and make a one-time payment for all invoices.

-[Learn about the Reserve Bank of India regulation for card storage](https://rbi.org.in/scripts/NotificationUser.aspx?Mode=0&Id=12159)

-| Firewall logs (Resource specific tables - Preview) | Resource specific log queries are in preview mode and aren't currently supported. | A fix is being investigated. |

-Register the service principal for Azure Front Door as an app in your Azure Active Directory via PowerShell.

- `New-AzADServicePrincipal -ApplicationId "ad0e1c7e-6d38-4ba4-9efd-0bc77ba9f037" -Role Contributor`

-**Field count** expressions can enumerate the same field array up to three times in a single

-**policyRule** definition.

-The following limits are enforced:

- of iterations performed by any parent **value count** expressions.

- - **Resource Count** - Determines how many non-compliant resources to remediate in a given remediation task. The default value is 500 (the previous limit). The maximum number of is 10,000 resources.

- - **Parallel Deployments** - Determines how many resources to remediate at the same time. The allowed values are 1 to 15 resources at a time. The default value is 10.

-While you can use the full url in the request, it is recommended that you store the url and other data in variables and use them.

-Enter `{{fhirurl}}/metadata` in the `GET`request, and hit `Send`. You should see the capability statement of the FHIR service.

-3. Select the **Test** tab and enter in the text section: `pm.environment.set("bearerToken", pm.response.json().access_token);`

-5. Hit **Send**. You should see a response with the Azure AD access token, which is saved to the variable `bearerToken` automatically. You can then use it in all FHIR service API requests.

-Hit **Send**. You should notice a `202 Accepted` response. Select the **Headers** tab of the response and make a note of the value in the **Content-Location**. You can use the value to query the export job status.

-sudo apt-get remove aziot-edge

-AKV supports 2 PEM based formats. You can either merge a single PKCS#8 encoded certificate or a base64 encoded P7B (chain of certificates signed by CA)

- "value": "${{ secrets.MY_SECRET }}",

- "value": "$(mySecret)",

- "value": "myapplication.contoso.com",

- "value": "myapplication.contoso.com",

-* `<instance-name>.<region>.instances.ml.azure.cn`

-* `<instance-name>.<region>.instances.ml.azure.us`

- - ```instances.ml.azure.ms```

- - ```instances.ml.azure.cn```

- - ```instances.ml.azure.us```

- - ```instances.ml.azure.us```

- - ```instances.ml.azure.cn```

- - ```instances.ml.azure.us```

- - ```instances.ml.azure.us```

- - ```instances.ml.azure.cn```

- - ```instances.ml.azure.us```

-# Tutorial: Forecast demand with automated machine learning

- 1. Select **Browse**.

- Virtual&nbsp;machine&nbsp;priority |Select what priority your experiment should have| Dedicated

-1. The **forecast horizon** is the length of time into the future you want to predict. Deselect Autodetect and type 14 in the field.

- Validation | Choose a cross-validation type and number of tests.|Validation type:<br>&nbsp;k-fold&nbsp;cross-validation <br> <br> Number of validations: 5

- 1. Select **Browse**.

- 1. Give your dataset a unique name and provide an optional description.

- Virtual&nbsp;machine&nbsp;priority |Select what priority your experiment should have| Dedicated

- Validation | Choose a cross-validation type and number of tests.|Validation type:<br>&nbsp;k-fold&nbsp;cross-validation <br> <br> Number of validations: 2

-The [az network vnet](/cli/azure/network/vnet) commands are used to configure Virtual Networks.

-If you have multiple subscriptions, choose the appropriate subscription in which the resource should be billed. Select the specific subscription ID under your account using [az account set](/cli/azure/account#az_account_set) command. Substitute the **id** property from the **az login** output for your subscription into the subscription id placeholder.

-Service endpoints can be configured on virtual networks independently, by a user with write access to the virtual network.

-### Sample script

-This sample script is used to create an Azure Database for MariaDB server, create a VNet, VNet service endpoint and secure the server to the subnet with a VNet rule. In this sample script, change the admin username and password. Replace the SubscriptionID used in the `az account set --subscription` command with your own subscription identifier.

-```azurecli-interactive

-# To find the name of an Azure region in the CLI run this command: az account list-locations

-# Substitute <subscription id> with your identifier

-az account set --subscription <subscription id>

-# Create a resource group

-az group create \

-# Create a MariaDB server in the resource group

-# Name of a server maps to DNS name and is thus required to be globally unique in Azure.

-# Substitute the <server_admin_password> with your own value.

-az mariadb server create \

-# Get available service endpoints for Azure region output is JSON

-# Use the command below to get the list of services supported for endpoints, for an Azure region, say "westus".

-az network vnet list-endpoint-services \

-# Add Azure SQL service endpoint to a subnet *mySubnet* while creating the virtual network *myVNet* output is JSON

-az network vnet create \

-# Creates the service endpoint

-az network vnet subnet create \

-# View service endpoints configured on a subnet

-az network vnet subnet show \

-# Create a VNet rule on the sever to secure it to the subnet Note: resource group (-g) parameter is where the database exists. VNet resource group if different should be specified using subnet id (URI) instead of subnet, VNet pair.

-az mariadb server vnet-rule create \

-```

-<!--

-In this sample script, change the highlighted lines to customize the admin username and password. Replace the SubscriptionID used in the `az account set --subscription` command with your own subscription identifier.

-[!code-azurecli-interactive[main](../../cli_scripts/mariadb/create-mysql-server-vnet/create-mysql-server.sh?highlight=5,20 "Create an Azure Database for MariaDB, VNet, VNet service endpoint, and VNet rule.")]

-After the script sample has been run, the following command can be used to remove the resource group and all resources associated with it.

-```azurecli-interactive

-az group delete --name myresourcegroup

-```

-<!--

-[!code-azurecli-interactive[main](../../cli_scripts/mysql/create-mysql-server-vnet/delete-mysql.sh "Delete the resource group.")]

-<!-- Link references, to text, Within this same GitHub repo. -->

-# Azure CLI samples for Azure Database for MariaDB

-| Sample link | Description |

-|**Create a server**||

-| [Create a server and firewall rule](./scripts/sample-create-server-and-firewall-rule.md?toc=%2fcli%2fazure%2ftoc.json) | Azure CLI script that creates a single Azure Database for MariaDB server and configures a server-level firewall rule. |

-| [Scale a server](./scripts/sample-scale-server.md?toc=%2fcli%2fazure%2ftoc.json) | Azure CLI script that scales a single Azure Database for MariaDB server up or down to allow for changing performance needs. |

-| [Change server configurations](./scripts/sample-change-server-configuration.md?toc=%2fcli%2fazure%2ftoc.json) | Azure CLI script that change configurations of a single Azure Database for MariaDB server. |

-| [Restore a server](./scripts/sample-point-in-time-restore.md?toc=%2fcli%2fazure%2ftoc.json) | Azure CLI script that restores a single Azure Database for MariaDB server to a previous point in time. |

-| [Enable and download server logs](./scripts/sample-server-logs.md?toc=%2fcli%2fazure%2ftoc.json) | Azure CLI script that enables and downloads server logs of a single Azure Database for MariaDB server. |

-In this sample script, edit the highlighted lines to update the admin username and password to your own.

-[!code-azurecli-interactive[main](../../../cli_scripts/mariadb/change-server-configurations/change-server-configurations.sh?highlight=15-16 "List and update configurations of Azure Database for MariaDB.")]

-## Script explanation

-In this sample script, edit the highlighted lines to update the admin username and password to your own.

-[!code-azurecli-interactive[main](../../../cli_scripts/mariadb/create-mariadb-server-and-firewall-rule/create-mariadb-server-and-firewall-rule.sh?highlight=15-16 "Create an Azure Database for mariadb, and server-level firewall rule.")]

-## Script explanation

-In this sample script, edit the highlighted lines to update the admin username and password to your own. Replace the subscription ID used in the `az monitor` commands with your own subscription ID.

-[!code-azurecli-interactive[main](../../../cli_scripts/mariadb/backup-restore-pitr/backup-restore.sh?highlight=15-16 "Restore Azure Database for MariaDB.")]

-## Script explanation

-Update the script with your subscription ID.

-[!code-azurecli-interactive[main](../../../cli_scripts/mariadb/scale-mariadb-server/scale-mariadb-server.sh "Create and scale Azure Database for MariaDB.")]

-## Script explanation

-In this sample script, edit the highlighted lines to update the admin username and password to your own. Replace the &lt;log_file_name&gt; in the `az monitor` commands with your own server log file name.

-[!code-azurecli-interactive[main](../../../cli_scripts/mariadb/server-logs/server-logs.sh?highlight=15-16 "Manipulate with server logs.")]

-## Script explanation

-&nbsp;&nbsp;&nbsp;⁽¹⁾ Contact [Microsoft Office Hours](https://microsoftcloudpartner.eventbuilder.com/MarketplaceDeveloperOfficeHours) or [support](./support.md).<br>

-| Added a [Revenue Dashboard](revenue-dashboard.md) to Partner Center, including a revenue report, [sample queries](analytics-sample-queries.md#revenue-report-queries), and [FAQs](/analytics-faq#revenue) page. | 2021-12-08 |

-> If you are looking to modify a server parameter which is non-modifiable but you would like to see as a modifiable for your environment, please open a [UserVoice](https://feedback.azure.com/d365community/forum/47b1e71d-ee24-ec11-b6e6-000d3a4f0da0) item or vote if the feedback already exist which can help us prioritize.

-> This feature is currently in preview and still being tested for stability.

- | Polarization | Select RHCP, LHCP, Dual, or Linear Vertical |

-If you want to rely only on private endpoints for accessing their Azure Database for PostgreSQL Single server, you can disable setting all public endpoints([firewall rules](concepts-firewall-rules.md) and [VNet service endpoints](concepts-data-access-and-security-vnet.md)) by setting the **Deny Public Network Access** configuration on the database server.

-[Azure Cognitive Search](search-what-is-azure-search.md) is an Azure resource used for adding a full text search experience to custom apps. You can integrate it easily with other Azure services that provide data or additional processing, with apps on network servers, or with software running on other cloud platforms.

-> Azure Files is currently in public preview under [Supplemental Terms of Use](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). Use a [preview REST API (2021-04-30-preview or later)](search-api-preview.md) to index your content. There is currently limited portal support and no .NET SDK support.

-In this article, review the basic workflow for extracting content and metadata from Azure file shares and sending it to a search index in Azure Cognitive Search. The resulting index can be queried using full text search.

-> [!NOTE]

-> Already familiar with the workflow and composition? [How to configure a file indexer](#configure) is your next step.

-## Functionality

-An indexer in Azure Cognitive Search is a crawler that extracts searchable data and metadata from a data source. The Azure Files indexer will connect to your Azure file share and index files. The indexer provides the following functionality:

-+ Index content from an Azure file share.

-+ The indexer will support incremental indexing meaning that it will identify which content in the Azure file share has changed and only index the updated content on future indexing runs. For example, if 5 PDFs are originally indexed by the indexer, then 1 is updated, then the indexer runs again, the indexer will only index the 1 PDF that was updated.

-+ Text and normalized images will be extracted by default from the files that are indexed. Optionally a skillset can be added to the pipeline for further content enrichment. More information on skillsets can be found in the article [Skillset concepts in Azure Cognitive Search](cognitive-search-working-with-skillsets.md).

-The Azure Cognitive Search Azure Files indexer can extract text from the following document formats:

-## Required resources

-You need both Azure Cognitive Search and [Azure Files](https://azure.microsoft.com/services/storage/files/). Within Azure Files, you need a file share that provides source content.

-> [!NOTE]

-> To index a file share, it must support access through the [file data plane REST API](/rest/api/storageservices/file-service-rest-api). [NFS shares](../storage/files/files-nfs-protocol.md#support-for-azure-storage-features) do not support the file data plane REST API and cannot be used with Azure Cognitive Search indexers.[SMB shares](../storage/files/files-smb-protocol.md) support the file data plane REST API and can be used with Azure Cognitive Search indexers.

-<a name="configure"></a>

-## Configuring a file indexer

-Azure File indexers share many common configuration options with [Azure Blob indexers](search-howto-indexing-azure-blob-storage.md). For example, Azure File indexers support [producing multiple search documents from a single file](search-howto-index-one-to-many-blobs.md), [plain text files](search-howto-index-plaintext-blobs.md), [JSON files](search-howto-index-json-blobs.md), and [encrypted files](search-howto-index-encrypted-blobs.md). Many of the same [configuration options](search-howto-indexing-azure-blob-storage.md) also apply. Important differences are highlighted below.

-## Data source definitions

-The primary difference between a file indexer and any other indexer is the data source definition that's assigned to the indexer. The data source definition specifies the data source type ("type": "azurefile"), and other properties for authentication and connection to the content to be indexed.

-A file data source definition looks similar to the example below:

-```http

-{

- "name" : "my-file-datasource",

- "type" : "azurefile",

- "credentials" : { "connectionString" : "DefaultEndpointsProtocol=https;AccountName=<account name>;AccountKey=<account key>;" },

- "container" : { "name" : "my-file", "query" : "<optional-directory-name>" }

-}

-```

-The `"credentials"` property can be a connection string, as shown in the above example, or one of the alternative approaches described in the next section. The `"container"` property provides the file share within Azure Storage, and `"query"` is used to specify a subfolder in the share. For more information about data source definitions, see [Create Data Source (REST)](/rest/api/searchservice/create-data-source).

-<a name="Credentials"></a>

-## Credentials

-You can provide the credentials for the file share in one of these ways:

-This connection string does not require an account key, but you must follow the instructions for [Setting up a connection to an Azure Storage account using a managed identity](search-howto-managed-identities-storage.md).

-**Full access storage account connection string**:

-`{ "connectionString" : "DefaultEndpointsProtocol=https;AccountName=<your storage account>;AccountKey=<your account key>;" }`

-You can get the connection string from the Azure portal by navigating to the storage account blade > Settings > Keys (for Classic storage accounts) or Security + networking > Access keys (for Azure Resource Manager storage accounts).

-## Indexing file metadata

-A common scenario that makes it easy to sort through files of any content type is to index both custom metadata and system properties for each file. In this way, information for all files is indexed regardless of document type, stored in an index in your search service. Using your new index, you can then proceed to sort, filter, and facet across all File storage content.

-Standard file metadata properties can be extracted into the fields listed below. The file indexer automatically creates internal field mappings for these file metadata properties. You still have to add the fields you want to use the index definition, but you can omit creating field mappings in the indexer.

-+ **metadata_storage_name** (`Edm.String`) - the file name. For example, if you have a file /my-share/my-folder/subfolder/resume.pdf, the value of this field is `resume.pdf`.

-+ **metadata_storage_path** (`Edm.String`) - the full URI of the file, including the storage account. For example, `https://myaccount.file.core.windows.net/my-share/my-folder/subfolder/resume.pdf`

-+ **metadata_storage_content_type** (`Edm.String`) - content type as specified by the code you used to upload the file. For example, `application/octet-stream`.

-+ **metadata_storage_last_modified** (`Edm.DateTimeOffset`) - last modified timestamp for the file. Azure Cognitive Search uses this timestamp to identify changed files, to avoid reindexing everything after the initial indexing.

-+ **metadata_storage_size** (`Edm.Int64`) - file size in bytes.

-+ **metadata_storage_content_md5** (`Edm.String`) - MD5 hash of the file content, if available.

-+ **metadata_storage_sas_token** (`Edm.String`) - A temporary SAS token that can be used by [custom skills](cognitive-search-custom-skill-interface.md) to get access to the file. This token shouldn't stored for later use as it might expire.

-## Index by file type

-You can control which documents are indexed and which are skipped.

-### Include documents having specific file extensions

-You can index only the documents with the file name extensions you specify by using the `indexedFileNameExtensions` indexer configuration parameter. The value is a string containing a comma-separated list of file extensions (with a leading dot). For example, to index only the .PDF and .DOCX documents, do this:

-```http

-PUT https://[service name].search.windows.net/indexers/[indexer name]?api-version=2020-06-30-Preview

-Content-Type: application/json

-api-key: [admin key]

-{

- ... other parts of indexer definition

- "parameters" : { "configuration" : { "indexedFileNameExtensions" : ".pdf,.docx" } }

-}

-```

-### Exclude documents having specific file extensions

-You can exclude documents with specific file name extensions from indexing by using the `excludedFileNameExtensions` configuration parameter. The value is a string containing a comma-separated list of file extensions (with a leading dot). For example, to index all content except those with the .PNG and .JPEG extensions, do this:

-```http

-PUT https://[service name].search.windows.net/indexers/[indexer name]?api-version=2020-06-30-Preview

-Content-Type: application/json

-api-key: [admin key]

-{

- ... other parts of indexer definition

- "parameters" : { "configuration" : { "excludedFileNameExtensions" : ".png,.jpeg" } }

-}

-```

-If both `indexedFileNameExtensions` and `excludedFileNameExtensions` parameters are present, Azure Cognitive Search first looks at `indexedFileNameExtensions`, then at `excludedFileNameExtensions`. This means that if the same file extension is present in both lists, it will be excluded from indexing.

-<a name="deleted-files"></a>

-## Detecting deleted files

-After an initial search index is created, you might want subsequent indexer jobs to only pick up new and changed documents. For search content that originates from Azure File Storage, change detection occurs automatically when you use a schedule to trigger indexing. By default, the service reindexes only the changed files, as determined by the file's `LastModified` timestamp. In contrast with other data sources supported by search indexers, files always have a timestamp, which eliminates the need to set up a change detection policy manually.

-Although change detection is a given, deletion detection is not. If you want to detect deleted files, make sure to use a "soft delete" approach. If you delete the files outright, corresponding documents will not be removed from the search index.

-There are steps to follow in both File storage and Cognitive Search, but there are no other feature dependencies. This capability is supported in generally available APIs.

-1. Add a custom metadata key-value pair to the file to indicate to Azure Cognitive Search that it is logically deleted.

-1. Once the indexer has processed the blob and deleted the document from the index, you can delete the blob in Azure Blob Storage.

-After an indexer processes a deleted file and removes the corresponding search document from the index, it won't revisit that file if you restore it later if the blob's `LastModified` timestamp is older than the last indexer run.

-This article shows you how to configure an Azure Data Lake Storage Gen2 indexer to extract content and make it searchable in Azure Cognitive Search. This workflow creates a search index on Azure Cognitive Search and loads it with existing content extracted from Azure Data Lake Storage Gen2.

-Azure Data Lake Storage Gen2 is available through Azure Storage. When setting up an Azure storage account, you have the option to enable [hierarchical namespace](../storage/blobs/data-lake-storage-namespace.md). This allows the collection of content in an account to be organized into a hierarchy of directories and nested subdirectories. By enabling hierarchical namespace, you enable [Azure Data Lake Storage Gen2](../storage/blobs/data-lake-storage-introduction.md).

-## Supported access tiers

-Data Lake Storage Gen2 [access tiers](../storage/blobs/access-tiers-overview.md) include hot, cool, and archive. Only hot and cool can be accessed by indexers.

-## Access control

-Data Lake Storage Gen2 implements an [access control model](../storage/blobs/data-lake-storage-access-control.md) that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs). Access control lists are partially supported in Azure Cognitive Search scenarios:

-+ Support for access control is enabled on indexer access to content in Data Lake Storage Gen2. For a search service that has a system or user-assigned managed identity, you can define role assignments that determine indexer access to specific files and folders in Azure Storage.

-+ Support for document-level permissions on an index is not available. If your access controls vary the level of access on a per user basis, those permissions cannot be carried forward into a search index on your search service. All users have the same level of access to all searchable and retrievable content in the index.

-If maintaining access control on each document in the index is important, it is up to the application developer to implement [security trimming](./search-security-trimming-for-azure-search.md).

-The Azure Cognitive Search blob indexer can extract text from the following document formats:

-## Indexing through the Azure portal

-The Azure portal supports importing data from Azure Data Lake Storage Gen2. To import data from Data Lake Storage Gen2, navigate to your Azure Cognitive Search service page in the Azure portal, select **Import data**, select **Azure Data Lake Storage Gen2**, then continue to follow the Import data flow to create your data source, skillset, index, and indexer.

-## Indexing with the REST API

-The Data Lake Storage Gen2 indexer is supported by the REST API. Follow the instructions below to set up a data source, index, and indexer.

-### Step 1 - Create the data source

-#### Credentials

-The indexer configuration parameters apply to all blobs in the container or folder. Sometimes, you want to control how *individual blobs* are indexed. You can do this by adding the following metadata properties and values to blobs in Blob storage. When the indexer encounters this properties, it will skip the blob or its content in the indexing run.

-# How to index CSV blobs using delimitedText parsing mode and Blob indexers in Azure Cognitive Search

-The Azure Cognitive Search [blob indexer](search-howto-indexing-azure-blob-storage.md) provides a `delimitedText` parsing mode for CSV files that treats each line in the CSV as a separate search document. For example, given the following comma-delimited text, `delimitedText` would result in two documents in the search index:

-# How to index JSON blobs using a Blob indexer in Azure Cognitive Search

-This article shows you how to [configure a blob indexer](search-howto-indexing-azure-blob-storage.md) for blobs that consist of JSON documents. JSON blobs in Azure Blob Storage commonly assume any of these forms:

-# Indexing blobs to produce multiple search documents

-By default, a blob indexer will treat the contents of a blob as a single search document. If you want a more granular representation of the blob in a search index, you can set **parsingMode** values to create multiple search documents from one blob. The **parsingMode** values that result in many search documents include `delimitedText` (for [CSV](search-howto-index-csv-blobs.md)), and `jsonArray` or `jsonLines` (for [JSON](search-howto-index-json-blobs.md)).

-# How to index plain text blobs in Azure Cognitive Search

-When using a [blob indexer](search-howto-indexing-azure-blob-storage.md) to extract searchable blob text for full text search, you can assign a parsing mode to get better indexing outcomes. By default, the indexer parses blob content as a single chunk of text. However, if all blobs contain plain text in the same encoding, you can significantly improve indexing performance by using the `text` parsing mode.

-# Configure a Blob indexer to import data from Azure Blob Storage

-+ Blob content cannot exceed the [indexer limits](search-limits-quotas-capacity.md#indexer-limits) for your search service tier.

-A primary difference between a blob indexer and other indexers is the data source assignment. The data source definition specifies the type ("type": `"azureblob"`) and how to connect.

-1. Set "credentials" to the connection string, as shown in the above example, or one of the alternative approaches described in the next section.

-1. Set "container" to the blob container within Azure Storage. If the container uses folders to organize content, set "query" to specify a subfolder.

-You can provide the credentials for the blob container in one of these ways:

-| You can get the connection string from the Azure portal by navigating to the Storage Account > Settings > Keys (for Classic storage accounts) or Security + networking > Access keys (for Azure Resource Manager storage accounts). |

-## Define search fields for blob data

-A [search index](search-what-is-an-index.md) specifies the fields in a search document, attributes, and other constructs that shape the search experience. All indexers require that you specify a search index definition as the destination.

- PUT /indexes?api-version=2020-06-30

- "name" : "my-target-index",

- { "name": "content", "type": "Edm.String", "searchable": true, "filterable": false }

-1. <a name="DocumentKeys"></a> Designate one string field as the document key that uniquely identifies each document. For blob content, the best candidates for a document key are metadata properties on the blob:

-## Set field mappings

-PUT /indexers/my-blob-indexer?api-version=2020-06-30

- "targetIndexName" : "my-target-index",

-## Set parameters

-## How blobs are indexed

-By default, most blobs are indexed as a single search document in the index, including blobs with structured content, such as JSON or CSV, which are indexed as a single chunk of text. However, for JSON or CSV documents that have an internal structure (delimiters), you can assign parsing modes to generate individual search documents for each line or element. For more information, see [Indexing JSON blobs](search-howto-index-json-blobs.md) and [Indexing CSV blobs](search-howto-index-csv-blobs.md).

-A compound or embedded document (such as a ZIP archive, a Word document with embedded Outlook email containing attachments, or a .MSG file with attachments) is also indexed as a single document. For example, all images extracted from the attachments of an .MSG file will be returned in the normalized_images field within the same search document.

-<a name="WhichBlobsAreIndexed"></a>

-### Include specific file extensions

-Use "indexedFileNameExtensions" to provide a comma-separated list of file extensions to index (with a leading dot). For example, to index only the .PDF and .DOCX blobs, do this:

- "indexedFileNameExtensions" : ".pdf, .docx"

-### Exclude specific file extensions

-Use "excludedFileNameExtensions" to provide a comma-separated list of file extensions to skip (again, with a leading dot). For example, to index all blobs except those with the .PNG and .JPEG extensions, do this:

-```http

-PUT /indexers/[indexer name]?api-version=2020-06-30

-{

- "parameters" : {

- "configuration" : {

- "excludedFileNameExtensions" : ".png, .jpeg"

- }

- }

-}

-```

-If both "indexedFileNameExtensions" and "excludedFileNameExtensions" parameters are present, the indexer first looks at "indexedFileNameExtensions", then at "excludedFileNameExtensions". If the same file extension is in both lists, it will be excluded from indexing.

-+ Tables with entities containing non-binary data for text-based indexing

-A primary difference between a table indexer and other indexers is the data source assignment. The data source definition specifies the type ("type": `"azuretable"`) and how to connect.

-1. Set "credentials" to the connection string. The following examples show commonly used connection strings for connections using shared access keys or a [system-managed identity](search-howto-managed-identities-storage.md). Additional examples are in the next section.

- + `"connectionString" : "DefaultEndpointsProtocol=https;AccountName=<account name>;AccountKey=<account key>;"`

- + `"connectionString" : "ResourceId=/subscriptions/[your subscription ID]/[your resource ID]/providers/Microsoft.Storage/storageAccounts/[your storage account];"`

-> [!TIP]

-> The Import data wizard will build a data source for you, including a valid connection string for system-assigned and shared key credentials. If you have trouble setting up the connection programmatically, [use the wizard](search-get-started-portal.md) as a syntax check.

-### Credentials for Table Storage

-You can provide the credentials for the connection in one of these ways:

-+ **Full access storage account connection string**: `DefaultEndpointsProtocol=https;AccountName=<your storage account>;AccountKey=<your account key>` You can get the connection string from the Azure portal by going to the **Storage account blade** > **Settings** > **Keys** (for classic storage accounts) or **Settings** > **Access keys** (for Azure Resource Manager storage accounts).

-## Define fields in a search index

- POST https://[service name].search.windows.net/indexes?api-version=2020-06-30

- Content-Type: application/json

- api-key: [admin key]

-

- "name" : "my-target-index",

- "fields": [

- { "name": "key", "type": "Edm.String", "key": true, "searchable": false },

- ]

-1. Check for field correspondence between entity fields and search fields. If names and types don't match, [add field mappings](search-indexer-field-mappings.md) to the indexer definition to ensure the source-to-destination path is clear.

-## Set properties on the indexer

-[Create Indexer](/rest/api/searchservice/create-indexer) connects a data source with a target search index and provides a schedule to automate the data refresh.

-An indexer definition for Table Storage uses the global properties for data source, index, [schedule](search-howto-schedule-indexers.md), mapping functions for base-64 encoding, and any field mappings.

-```http

-POST https://[service name].search.windows.net/indexers?api-version=2020-06-30

-Content-Type: application/json

-api-key: [admin key]

-{

- "name" : "table-indexer",

- "dataSourceName" : "table-datasource",

- "targetIndexName" : "my-target-index",

- "schedule" : { "interval" : "PT2H" }

-}

-```

-When you set up a table indexer to run on a schedule, it reindexes only new or updated rows, as determined by a row's `Timestamp` value. When indexing out of Azure Table Storage, you donΓÇÖt have to specify a change detection policy. Incremental indexing is enabled for you automatically.

-To indicate that certain documents must be removed from the index, you can use a soft delete strategy. Instead of deleting a row, add a property to indicate that it's deleted, and set up a soft deletion detection policy on the data source. For example, the following policy considers that a row is deleted if the row has a property `IsDeleted` with the value `"true"`:

-| <a name="eventresultdetails"></a>**EventResultDetails** | Mandatory | Alias | Reason or details for the result reported in the [EventResult](#eventresult) field. Each schema documents the list of values valid for this field.<br><br>Example: `NXDOMAIN`|

- // complete the message. messages is deleted from the queue.

-> Github has removed support for password authentication, so you'll need to use a personal access token instead of password authentication for Github. For more information, see [Token authentication](https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/).

- > GitHub has removed support for password authentication, so you'll need to use a personal access token instead of password authentication for Github. For more information, see [Token authentication](https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/).

-Each time a user successfully authenticates with an identity provider, the specified function is called. The function is passed a JSON object in the request body that contains the user's information from the provider. For some identity providers, the user information also includes an `accessToken` that the function can use to make API calls using the user's identity.

-Visual Studio Code uses a file to enable debugging sessions in the editor. If Visual Studio Code doesn't generate a *launch.json* file for you, you can place the the following configuration in *.vscode/launch.json*.

- > You can't retrieve this password later, so make sure to copy the password, and then store it in a place where you can find it.

-3. Sync metadata occupies a cluster size per item. (1 million files + 100,000 directories) * 4 KiB cluster size = 4,400,000 KiB (4.4 GiB)

-* [Monitor Azure File Sync](file-sync-monitoring.md)

->Explore the [Azure Synapse Analytics documentation](../overview-what-is.md).

-# Enabling Synapse workspace features for a dedicated SQL pool (formerly SQL DW)

-All SQL data warehouse users can now access and use an existing dedicated SQL pool (formerly SQL DW) instance via the Synapse Studio and Workspace. Users can use the Synapse Studio and Workspace without impacting automation, connections, or tooling. This article explains how an existing Azure Synapse Analytics user can enable the Synapse workspace features for an existing dedicated SQL pool (formerly SQL DW). The user can expand their existing Analytics solution by taking advantage of the new feature-rich capabilities now available via the Synapse workspace and Studio.

-## Enabling Synapse workspace features for an existing dedicated SQL pool (formerly SQL DW)

-3. Open **Active Directory admin** and ensure that an AAD admin has been set on the logical server.

-description: Automate Linux VM configuration tasks by using the Custom Script Extension v2

-The Custom Script Extension Version 2 downloads and runs scripts on Azure virtual machines. This extension is useful for post-deployment configuration, software installation, or any other configuration/management task. You can download scripts from Azure Storage or another accessible internet location, or you can provide them to the extension runtime.

-The Custom Script Extension integrates with Azure Resource Manager templates. You can also run it by using Azure CLI, PowerShell, or the Azure Virtual Machines REST API.

-This article details how to use the Custom Script Extension from Azure CLI, and how to run the extension by using an Azure Resource Manager template. This article also provides troubleshooting steps for Linux systems.

-* Version 1 - Microsoft.OSTCExtensions.CustomScriptForLinux

-* Version 2 - Microsoft.Azure.Extensions.CustomScript

-Please switch new and existing deployments to use the new version 2 instead. The new version is intended to be a drop-in replacement. Therefore, the migration is as easy as changing the name and version, you do not need to change your extension configuration.

-### Operating System

-The Custom Script Extension for Linux will run on the extension supported extension OS's, for more information, see this [article](../linux/endorsed-distros.md).

-### Script Location

-You can use the extension to use your Azure Blob storage credentials, to access Azure Blob storage. Alternatively, the script location can be any where, as long as the VM can route to that end point, such as GitHub, internal file server etc.

-### Internet Connectivity

-If you need to download a script externally such as GitHub or Azure Storage, then additional firewall/Network Security Group ports need to be opened. For example if your script is located in Azure Storage, you can allow access using Azure NSG Service Tags for [Storage](../../virtual-network/network-security-groups-overview.md#service-tags).

-If your script is on a local server, then you may still need additional firewall/Network Security Group ports need to be opened.

-### Tips and Tricks

-* The highest failure rate for this extension is due to syntax errors in the script, test the script runs without error, and also put in additional logging into the script to make it easier to find where it failed.

-* Write scripts that are idempotent, so if they get run again more than once accidentally, it will not cause system changes.

-* Ensure the scripts do not require user input when they run.

-* There is 90 mins allowed for the script to run, anything longer will result in a failed provision of the extension.

-* Do not put reboots inside the script, this will cause issues with other extensions that are being installed, and post reboot, the extension will not continue after the restart.

-* It is not recommended to run a script that will cause a stop or update of the VM Agent. This might leave the extension in a Transitioning state and lead to a timeout.

-* If you have a script that will cause a reboot, then install applications and run scripts etc. You should schedule the reboot using a Cron job, or using tools such as DSC, or Chef, Puppet extensions.

-* The extension will only run a script once, if you want to run a script on every boot, then you can use [cloud-init image](../linux/using-cloud-init.md) and use a [Scripts Per Boot](https://cloudinit.readthedocs.io/en/latest/topics/modules.html#scripts-per-boot) module. Alternatively, you can use the script to create a SystemD service unit.

-* You can only have one version of an extension applied to the VM. In order to run a second custom script, you can update the existing extension with new configuration. Alternatively, you can remove the custom script extension and reapply it again with the updated script.

-* If you want to schedule when a script will run, you should use the extension to create a Cron job.

-* When the script is running, you will only see a 'transitioning' extension status from the Azure portal or CLI. If you want more frequent status updates of a running script, you will need to create your own solution.

-* Custom Script extension does not natively support proxy servers, however you can use a file transfer tool that supports proxy servers within your script, such as *Curl*.

-* Be aware of non default directory locations that your scripts or commands may rely on, have logic to handle this.

-## Extension schema

-The Custom Script Extension configuration specifies things like script location and the command to be run. You can store this configuration in configuration files, specify it on the command line, or specify it in an Azure Resource Manager template.

-You can store sensitive data in a protected configuration, which is encrypted and only decrypted inside the virtual machine. The protected configuration is useful when the execution command includes secrets such as a password.

-These items should be treated as sensitive data and specified in the extensions protected setting configuration. Azure VM extension protected setting data is encrypted, and only decrypted on the target virtual machine.

-> managedIdentity property **must not** be used in conjunction with storageAccountName or storageAccountKey properties

-| Name | Value / Example | Data Type |

-| apiVersion | 2019-03-01 | date |

-| publisher | Microsoft.Azure.Extensions | string |

-| type | CustomScript | string |

-| typeHandlerVersion | 2.1 | int |

-| fileUris (e.g) | `https://github.com/MyProject/Archive/MyPythonScript.py` | array |

-| commandToExecute (e.g) | python MyPythonScript.py \<my-param1> | string |

-| script | IyEvYmluL3NoCmVjaG8gIlVwZGF0aW5nIHBhY2thZ2VzIC4uLiIKYXB0IHVwZGF0ZQphcHQgdXBncmFkZSAteQo= | string |

-| skipDos2Unix (e.g) | false | boolean |

-| timestamp (e.g) | 123456789 | 32-bit integer |

-| storageAccountName (e.g) | examplestorageacct | string |

-| storageAccountKey (e.g) | TmJK/1N3AbAZ3q/+hOXoi/l73zOqsaxXDhqa9Y83/v5UpXQp2DQIBuv2Tifp60cE/OaHsJZmQZ7teQfczQj8hg== | string |

-| managedIdentity (e.g) | { } or { "clientId": "31b403aa-c364-4240-a7ff-d85fb6cd7232" } or { "objectId": "12dd289c-0583-46e5-b9b4-115d5c19ef4b" } | json object |

-* `apiVersion`: The most up to date apiVersion can be found using [Resource Explorer](https://resources.azure.com/) or from Azure CLI using the following command `az provider list -o json`

-* `skipDos2Unix`: (optional, boolean) skip dos2unix conversion of script-based file URLs or script.

-* `timestamp` (optional, 32-bit integer) use this field only to trigger a re-run of the

- script by changing value of this field. Any integer value is acceptable; it must only be different than the previous value.

-* `commandToExecute`: (**required** if script not set, string) the entry point script to execute. Use

- this field instead if your command contains secrets such as passwords.

-* `script`: (**required** if commandToExecute not set, string)a base64 encoded (and optionally gzip'ed) script executed by /bin/sh.

-* `fileUris`: (optional, string array) the URLs for file(s) to be downloaded.

-* `storageAccountName`: (optional, string) the name of storage account. If you

- specify storage credentials, all `fileUris` must be URLs for Azure Blobs.

-* `storageAccountKey`: (optional, string) the access key of storage account

-* `managedIdentity`: (optional, json object) the [managed identity](../../active-directory/managed-identities-azure-resources/overview.md) for downloading file(s)

- * `clientId`: (optional, string) the client ID of the managed identity

- * `objectId`: (optional, string) the object ID of the managed identity

-The following values can be set in either public or protected settings, the extension will reject any configuration where the values below are set in both public and protected settings.

-Using public settings maybe useful for debugging, but it is strongly recommended that you use protected settings.

-Public settings are sent in clear text to the VM where the script will be executed. Protected settings are encrypted using a key known only to the Azure and the VM. The settings are saved to the VM as they were sent, i.e. if the settings were encrypted they are saved encrypted on the VM. The certificate used to decrypt the encrypted values is stored on the VM, and used to decrypt settings (if necessary) at runtime.

-The default value is false, which means dos2unix conversion **is** executed.

-The previous version of CustomScript, Microsoft.OSTCExtensions.CustomScriptForLinux, would automatically convert DOS files to UNIX files by translating `\r\n` to `\n`. This translation still exists, and is on by default. This conversion is applied to all files downloaded from fileUris or the script setting based on any of the following criteria.

-* If the extension is one of `.sh`, `.txt`, `.py`, or `.pl` it will be converted. The script setting will always match this criteria because it is assumed to be a script executed with /bin/sh, and is saved as script.sh on the VM.

-* If the file starts with `#!`.

-The dos2unix conversion can be skipped by setting the skipDos2Unix to true.

-#### Property: script

-CustomScript supports execution of a user-defined script. The script settings to combine commandToExecute and fileUris into a single setting. Instead of the having to setup a file for download from Azure storage or GitHub gist, you can simply encode the script as a

-setting. Script can be used to replaced commandToExecute and fileUris.

-The script **must** be base64 encoded. The script can **optionally** be gzip'ed. The script setting can be used in public or protected settings. The maximum size of the script parameter's data is 256 KB. If the script exceeds this size it will not be executed.

-For example, given the following script saved to the file /script.sh/.

-The correct CustomScript script setting would be constructed by taking the output of the following command.

-The script can optionally be gzip'ed to further reduce size (in most cases). (CustomScript auto-detects the use of gzip compression.)

-CustomScript uses the following algorithm to execute a script.

- 1. assert the length of the script's value does not exceed 256 KB.

- 1. base64 decode the script's value

- 1. _attempt_ to gunzip the base64 decoded value

- 1. write the decoded (and optionally decompressed) value to disk (/var/lib/waagent/custom-script/#/script.sh)

- 1. execute the script using _/bin/sh -c /var/lib/waagent/custom-script/#/script.sh.

-#### Property: managedIdentity

-> This property **must** be specified in protected settings only.

-CustomScript (version 2.1 onwards) supports [managed identity](../../active-directory/managed-identities-azure-resources/overview.md) for downloading file(s) from URLs provided in the "fileUris" setting. It allows CustomScript to access Azure Storage private blobs or containers without the user having to pass secrets like SAS tokens or storage account keys.

-To use this feature, the user must add a [system-assigned](../../app-service/overview-managed-identity.md?tabs=dotnet#add-a-system-assigned-identity) or [user-assigned](../../app-service/overview-managed-identity.md?tabs=dotnet#add-a-user-assigned-identity) identity to the VM or VMSS where CustomScript is expected to run, and [grant the managed identity access to the Azure Storage container or blob](../../active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md#grant-access).

-To use the system-assigned identity on the target VM/VMSS, set "managedidentity" field to an empty json object.

-To use the user-assigned identity on the target VM/VMSS, configure "managedidentity" field with the client ID or the object ID of the managed identity.

-> managedIdentity property **must not** be used in conjunction with storageAccountName or storageAccountKey properties

-Azure VM extensions can be deployed with Azure Resource Manager templates. The JSON schema detailed in the previous section can be used in an Azure Resource Manager template to run the Custom Script Extension during an Azure Resource Manager template deployment. A sample template that includes the Custom Script Extension can be found here, [GitHub](https://github.com/Microsoft/dotnet-core-sample-templates/tree/master/dotnet-core-music-linux).

-When you're using Azure CLI to run the Custom Script Extension, create a configuration file or files. At a minimum, you must have 'commandToExecute'.

-Optionally, you can specify the settings in the command as a JSON formatted string. This allows the configuration to be specified during execution and without a separate configuration file.

-### Azure CLI examples

-#### Public configuration with script file

-#### Public configuration with no script file

-#### Public and protected configuration files

-You use a public configuration file to specify the script file URI. You use a protected configuration file to specify the command to be run.

-If you deploy the Custom Script Extension from the Azure portal, you don't have control over the expiration of the shared access signature token for accessing the script in your storage account. The result is that the initial deployment works, but when the storage account shared access signature token expires, any subsequent scaling operation fails because the Custom Script Extension can no longer access the storage account.

-We recommend that you use [PowerShell](/powershell/module/az.Compute/Add-azVmssExtension?view=azps-7.0.0), the [Azure CLI](/cli/azure/vmss/extension?view=azure-cli-latest), or an Azure Resource Manager template when you deploy the Custom Script Extension on a virtual machine scale set. This way, you can choose to use a managed identity or have direct control of the expiration of the shared access signature token for accessing the script in your storage account for as long as you need.

-To troubleshoot, first check the Linux Agent Log, ensure the extension ran, check:

-You should look for the extension execution, it will look something like:

-Some points to note:

-1. Enable is when the command starts running.

-2. Download relates to the downloading of the CustomScript extension package from Azure, not the script files specified in fileUris.

-You should look for the individual execution, it will look something like:

-* The Enable command starting is this log

-* The settings passed to the extension

-* The extension downloading file and the result of that.

-You can also retrieve the execution state of the Custom Script Extension including the actual arguments passed as the `commandToExecute` by using Azure CLI:

-To see the code, current issues and versions, see [custom-script-extension-linux repo](https://github.com/Azure/custom-script-extension-linux).

-description: Automate Windows VM configuration tasks by using the Custom Script extension

-The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration or management tasks. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. The Custom Script Extension integrates with Azure Resource Manager templates, and can be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.

-This document details how to use the Custom Script Extension using the Azure PowerShell module, Azure Resource Manager templates, and details troubleshooting steps on Windows systems.

-> Do not use Custom Script Extension to run Update-AzVM with the same VM as its parameter, since it will wait on itself.

-### Operating System

-The Custom Script Extension for Windows will run on the extension supported extension OSs;

-### Windows

-### Script Location

-You can configure the extension to use your Azure Blob storage credentials to access Azure Blob storage. The script location can be anywhere, as long as the VM can route to that end point, such as GitHub or an internal file server.

-### Internet Connectivity

-If you need to download a script externally such as from GitHub or Azure Storage, then additional firewall and Network Security Group ports need to be opened. For example, if your script is located in Azure Storage, you can allow access using Azure NSG Service Tags for [Storage](../../virtual-network/network-security-groups-overview.md#service-tags).

-Note that CustomScript Extension does not have any way to bypass certificate validation. So if you're downloading from a secured location with eg. a self-signed certificate, you might end up with errors like *"The remote certificate is invalid according to the validation procedure"*. Please make sure the certificate is correctly installed in the *"Trusted Root Certification Authorities"* store on the Virtual Machine.

-If your script is on a local server, then you may still need additional firewall and Network Security Group ports need to be opened.

-### Tips and Tricks

-* The highest failure rate for this extension is because of syntax errors in the script, test the script runs without error, and also put in additional logging into the script to make it easier to find where it failed.

-* Write scripts that are idempotent. This ensures that if they run again accidentally, it will not cause system changes.

-* Ensure the scripts don't require user input when they run.

-* There's 90 minutes allowed for the script to run, anything longer will result in a failed provision of the extension.

-* Don't put reboots inside the script, this action will cause issues with other extensions that are being installed. Post reboot, the extension won't continue after the restart.

-* If you have a script that will cause a reboot, then install applications and run scripts, you can schedule the reboot using a Windows Scheduled Task, or use tools such as DSC, Chef, or Puppet extensions.

-* It is not recommended to run a script that will cause a stop or update of the VM Agent. This can leave the extension in a Transitioning state, leading to a timeout.

-* The extension will only run a script once, if you want to run a script on every boot, then you need to use the extension to create a Windows Scheduled Task.

-* If you want to schedule when a script will run, you should use the extension to create a Windows Scheduled Task.

-* When the script is running, you will only see a 'transitioning' extension status from the Azure portal or CLI. If you want more frequent status updates of a running script, you'll need to create your own solution.

-* Custom Script extension does not natively support proxy servers, however you can use a file transfer tool that supports proxy servers within your script, such as *Invoke-WebRequest*

-* Be aware of non-default directory locations that your scripts or commands may rely on, have logic to handle this situation.

-* Custom Script Extension will run under the LocalSystem Account

-* If you plan to use the *storageAccountName* and *storageAccountKey* properties, these properties must be collocated in *protectedSettings*.

-You can store sensitive data in a protected configuration, which is encrypted and only decrypted inside the virtual machine. The protected configuration is useful when the execution command includes secrets such as a password or a shared access signature (SAS) file reference, which should be protected.

-These items should be treated as sensitive data and specified in the extensions protected setting configuration. Azure VM extension protected setting data is encrypted, and only decrypted on the target virtual machine.

-> managedIdentity property **must not** be used in conjunction with storageAccountName or storageAccountKey properties

-> [!NOTE]

-> Only one version of an extension can be installed on a VM at a point in time, specifying custom script twice in the same Resource Manager template for the same VM will fail.

-> [!NOTE]

-> We can use this schema inside the VirtualMachine resource or as a standalone resource. The name of the resource has to be in this format "virtualMachineName/extensionName", if this extension is used as a standalone resource in the ARM template.

-| Name | Value / Example | Data Type |

-| apiVersion | 2015-06-15 | date |

-| publisher | Microsoft.Compute | string |

-| type | CustomScriptExtension | string |

-| typeHandlerVersion | 1.10 | int |

-| fileUris (e.g) | https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-windows/scripts/configure-music-app.ps1 | array |

-| timestamp (e.g) | 123456789 | 32-bit integer |

-| commandToExecute (e.g) | powershell -ExecutionPolicy Unrestricted -File configure-music-app.ps1 | string |

-| storageAccountName (e.g) | examplestorageacct | string |

-| storageAccountKey (e.g) | TmJK/1N3AbAZ3q/+hOXoi/l73zOqsaxXDhqa9Y83/v5UpXQp2DQIBuv2Tifp60cE/OaHsJZmQZ7teQfczQj8hg== | string |

-| managedIdentity (e.g) | { } or { "clientId": "31b403aa-c364-4240-a7ff-d85fb6cd7232" } or { "objectId": "12dd289c-0583-46e5-b9b4-115d5c19ef4b" } | json object |

-#### Property value details

-* `commandToExecute`: (**required**, string) the entry point script to execute. Use this field instead if your command contains secrets such as passwords, or your fileUris are sensitive.

-* `fileUris`: (optional, string array) the URLs for file(s) to be downloaded. If URLs are sensitive (such as URLs containing keys), this field should be specified in protectedSettings

-* `timestamp` (optional, 32-bit integer) use this field only to trigger a rerun of the

-script by changing value of this field. Any integer value is acceptable; it must only be different than the previous value.

-* `storageAccountName`: (optional, string) the name of storage account. If you specify storage credentials, all `fileUris` must be URLs for Azure Blobs.

-* `storageAccountKey`: (optional, string) the access key of storage account

-* `managedIdentity`: (optional, json object) the [managed identity](../../active-directory/managed-identities-azure-resources/overview.md) for downloading file(s)

- * `clientId`: (optional, string) the client ID of the managed identity

- * `objectId`: (optional, string) the object ID of the managed identity

-The following values can be set in either public or protected settings, the extension will reject any configuration where the values below are set in both public and protected settings.

-Using public settings maybe useful for debugging, but it's recommended that you use protected settings.

-Public settings are sent in clear text to the VM where the script will be executed. Protected settings are encrypted using a key known only to the Azure and the VM. The settings are saved to the VM as they were sent, that is, if the settings were encrypted they're saved encrypted on the VM. The certificate used to decrypt the encrypted values is stored on the VM, and used to decrypt settings (if necessary) at runtime.

-#### Property: managedIdentity

-> This property **must** be specified in protected settings only.

-CustomScript (version 1.10 onwards) supports [managed identity](../../active-directory/managed-identities-azure-resources/overview.md) for downloading file(s) from URLs provided in the "fileUris" setting. It allows CustomScript to access Azure Storage private blobs or containers without the user having to pass secrets like SAS tokens or storage account keys.

-To use this feature, the user must add a [system-assigned](../../app-service/overview-managed-identity.md?tabs=dotnet#add-a-system-assigned-identity) or [user-assigned](../../app-service/overview-managed-identity.md?tabs=dotnet#add-a-user-assigned-identity) identity to the VM or VMSS where CustomScript is expected to run, and [grant the managed identity access to the Azure Storage container or blob](../../active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md#grant-access).

-To use the system-assigned identity on the target VM/VMSS, set "managedidentity" field to an empty json object.

-To use the user-assigned identity on the target VM/VMSS, configure "managedidentity" field with the client ID or the object ID of the managed identity.

-> managedIdentity property **must not** be used in conjunction with storageAccountName or storageAccountKey properties

-Azure VM extensions can be deployed with Azure Resource Manager templates. The JSON schema, which is detailed in the previous section can be used in an Azure Resource Manager template to run the Custom Script Extension during deployment. The following samples show how to use the Custom Script extension:

-* [Deploy Two Tier Application on Windows and Azure SQL DB](https://github.com/Microsoft/dotnet-core-sample-templates/tree/master/dotnet-core-music-windows)

-The `Set-AzVMCustomScriptExtension` command can be used to add the Custom Script extension to an existing virtual machine. For more information, see [Set-AzVMCustomScriptExtension](/powershell/module/az.compute/set-azvmcustomscriptextension).

-In this example, you have three scripts that are used to build your server. The **commandToExecute** calls the first script, then you have options on how the others are called. For example, you can have a master script that controls the execution, with the right error handling, logging, and state management. The scripts are downloaded to the local machine for running. For example in `1_Add_Tools.ps1` you would call `2_Add_Features.ps1` by adding `.\2_Add_Features.ps1` to the script, and repeat this process for the other scripts you define in `$settings`.

-In this example, you may want to use a local SMB server for your script location. By doing this, you don't need to provide any other settings, except **commandToExecute**.

-### How to run custom script more than once with CLI

-The custom script extension handler will prevent re-executing a script if the *exact* same settings have been passed. This is to prevent accidental re-execution which might cause unexpected behaviors in case the script is not idempotent. You can confirm if the handler has blocked the re-execution by looking at the C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\<HandlerVersion>\CustomScriptHandler.log, and search for a warning like below:

-If you want to run the custom script extension more than once, you can only do this action under these conditions:

-* The extension **Name** parameter is the same as the previous deployment of the extension.

-* Update the configuration otherwise the command won't be re-executed. You can add in a dynamic property into the command, such as a timestamp. If the handler detects a change in the configuration settings, then it will consider it as an explicit desire to re-execute the script.

-Alternatively, you can set the [ForceUpdateTag](/dotnet/api/microsoft.azure.management.compute.models.virtualmachineextension.forceupdatetag) property to **true**.

-If you are using [Invoke-WebRequest](/powershell/module/microsoft.powershell.utility/invoke-webrequest) in your script, you must specify the parameter `-UseBasicParsing` or else you will receive the following error when checking the detailed status:

-If you deploy the Custom Script Extension from the Azure portal, you don't have control over the expiration of the shared access signature token for accessing the script in your storage account. The result is that the initial deployment works, but when the storage account shared access signature token expires, any subsequent scaling operation fails because the Custom Script Extension can no longer access the storage account.

-We recommend that you use [PowerShell](/powershell/module/az.Compute/Add-azVmssExtension?view=azps-7.0.0), the [Azure CLI](/cli/azure/vmss/extension?view=azure-cli-latest), or an Azure Resource Manager template when you deploy the Custom Script Extension on a virtual machine scale set. This way, you can choose to use a managed identity or have direct control of the expiration of the shared access signature token for accessing the script in your storage account for as long as you need.

-To deploy the Custom Script Extension on classic VMs, you can use the Azure portal or the Classic Azure PowerShell cmdlets.

-Navigate to your Classic VM resource. Select **Extensions** under **Settings**.

-Click **+ Add** and in the list of resources choose **Custom Script Extension**.

-On the **Install extension** page, select the local PowerShell file, and fill out any arguments and click **Ok**.

-Use the [Set-AzureVMCustomScriptExtension](/powershell/module/servicemanagement/azure.service/set-azurevmcustomscriptextension) cmdlet can be used to add the Custom Script extension to an existing virtual machine.

-### Troubleshoot

-Data about the state of extension deployments can be retrieved from the Azure portal, and by using the Azure PowerShell module. To see the deployment state of extensions for a given VM, run the following command:

-Extension output is logged to files found under the following folder on the target virtual machine.

-The specified files are downloaded into the following folder on the target virtual machine.

-where `<n>` is a decimal integer, which may change between executions of the extension. The `1.*` value matches the actual, current `typeHandlerVersion` value of the extension. For example, the actual directory could be `C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.8\Downloads\2`.

-When executing the `commandToExecute` command, the extension sets this directory (for example, `...\Downloads\2`) as the current working directory. This process enables the use of relative paths to locate the files downloaded via the `fileURIs` property. See the table below for examples.

-Since the absolute download path may vary over time, it's better to opt for relative script/file paths in the `commandToExecute` string, whenever possible. For example:

-Path information after the first URI segment is kept for files downloaded via the `fileUris` property list. As shown in the table below, downloaded files are mapped into download subdirectories to reflect the structure of the `fileUris` values.

-#### Examples of Downloaded Files

-| URI in fileUris | Relative downloaded location | Absolute downloaded location ¹ |

-| - | - |: |

-| `https://someAcct.blob.core.windows.net/aContainer/scripts/myscript.ps1` | `./scripts/myscript.ps1` |`C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.8\Downloads\2\scripts\myscript.ps1` |

-| `https://someAcct.blob.core.windows.net/aContainer/topLevel.ps1` | `./topLevel.ps1` | `C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.8\Downloads\2\topLevel.ps1` |

-¹ The absolute directory paths change over the lifetime of the VM, but not within a single execution of the CustomScript extension.

-### Support

-If you need more help at any point in this article, you can contact the Azure experts on the [MSDN Azure and Stack Overflow forums](https://azure.microsoft.com/support/forums/). You can also file an Azure support incident. Go to the [Azure support site](https://azure.microsoft.com/support/options/) and select Get support. For information about using Azure Support, read the [Microsoft Azure support FAQ](https://azure.microsoft.com/support/faq/).

-Start by preparing your environment for the Azure CLI: