Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
active-directory | Concept Certificate Based Authentication Certificateuserids | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md | -You can add certificate user IDs to users in Azure AD can have certificate user IDs. a multivalued attribute named **certificateUserIds**. The attribute allows up to four values, and each value can be of 120-character length. It can store any value, and doesn't require email ID format. It can store non-routable User Principal Names (UPNs) like _bob@woodgrove_ or _bob@local_. +Users in Azure AD can have a multivalued attribute named **certificateUserIds**. The attribute allows up to four values, and each value can be of 120-character length. It can store any value, and doesn't require email ID format. It can store non-routable User Principal Names (UPNs) like _bob@woodgrove_ or _bob@local_. ## Supported patterns for certificate user IDs |
active-directory | User Properties | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/user-properties.md | Microsoft account | This user is homed in a Microsoft account and authenticates {hostΓÇÖs domain} | This user authenticates by using an Azure AD account that belongs to this organization. google.com | This user has a Gmail account and has signed up by using self-service to the other organization. facebook.com | This user has a Facebook account and has signed up by using self-service to the other organization.-mail | This user has an email address that doesn't match with verified Azure AD or SAML/WS-Fed domains, and isn't a Gmail address or a Microsoft account. +mail | This user has signed up by using Azure AD Email one-time passcode (OTP). phone | This user has an email address that doesn't match a verified Azure AD domain or a SAML/WS-Fed domain, and isn't a Gmail address or Microsoft account. {issuer URI} | This user is homed in an external organization that doesn't use Azure Active Directory as their identity provider, but instead uses a SAML/WS-Fed-based identity provider. The issuer URI is shown when the Identities field is clicked. |
active-directory | Migrate From Federation To Cloud Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/migrate-from-federation-to-cloud-authentication.md | -# Migrate from federation to cloud authentication +# Migrate from federation to cloud authentication In this article, you learn how to deploy cloud user authentication with either Azure Active Directory [Password hash synchronization (PHS)](whatis-phs.md) or [Pass-through authentication (PTA)](how-to-connect-pta.md). While we present the use case for moving from [Active Directory Federation Services (AD FS)](whatis-fed.md) to cloud authentication methods, the guidance substantially applies to other on premises systems as well. Although this deployment changes no other relying parties in your AD FS farm, yo ## Plan the project -When technology projects fail, it's typically because of mismatched expectations on impact, outcomes, and responsibilities. To avoid these pitfalls, [ensure that you're engaging the right stakeholders](../fundamentals/active-directory-deployment-plans.md#include-the-right-stakeholders) and that stakeholder roles in the project are well understood. +When technology projects fail, it's typically because of mismatched expectations on impact, outcomes, and responsibilities. To avoid these pitfalls, [ensure that you're engaging the right stakeholders](../fundamentals/active-directory-deployment-plans.md) and that stakeholder roles in the project are well understood. ### Plan communications |
active-directory | Protect Against Consent Phishing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/protect-against-consent-phishing.md | Administrators should be in control of application use by providing the right in - Investigate and hunt for consent phishing attacks by following the guidance on [advanced hunting with Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-overview). - Allow access to trusted applications and protect against those applications that aren't: - Use applications that have been publisher verified. [Publisher verification](../develop/publisher-verification-overview.md) helps administrators and users understand the authenticity of application developers through a Microsoft supported vetting process.- - [Configure user consent settings](./configure-user-consent.md?tabs=azure-portal) to allow users to only consent to specific trusted applications, such as applications developed by the organization or from verified publishers. + - [Configure user consent settings](./configure-user-consent.md?tabs=azure-portal) to allow users to only consent to specific trusted applications, such as applications developed by the organization or from verified publishers and only for low risk permissions you select. - Create proactive [application governance](/microsoft-365/compliance/app-governance-manage-app-governance) policies to monitor third-party application behavior on the Microsoft 365 platform to address common suspicious application behaviors. ## Next steps |
api-management | Virtual Network Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/virtual-network-reference.md | When an API Management service instance is hosted in a VNet, the ports in the fo | * / 3443 | Inbound | TCP | ApiManagement / VirtualNetwork | **Management endpoint for Azure portal and PowerShell** | External & Internal | | * / 443 | Outbound | TCP | VirtualNetwork / Storage | **Dependency on Azure Storage** | External & Internal | | * / 443 | Outbound | TCP | VirtualNetwork / AzureActiveDirectory | [Azure Active Directory](api-management-howto-aad.md) and Azure Key Vault dependency (optional) | External & Internal |-| * / 1433 | Outbound | TCP | VirtualNetwork / SQL | **Access to Azure SQL endpoints** | External & Internal | +| * / 1433 | Outbound | TCP | VirtualNetwork / Sql | **Access to Azure SQL endpoints** | External & Internal | | * / 443 | Outbound | TCP | VirtualNetwork / AzureKeyVault | **Access to Azure Key Vault** | External & Internal | | * / 5671, 5672, 443 | Outbound | TCP | VirtualNetwork / EventHub | Dependency for [Log to Azure Event Hubs policy](api-management-howto-log-event-hubs.md) and monitoring agent (optional) | External & Internal | | * / 445 | Outbound | TCP | VirtualNetwork / Storage | Dependency on Azure File Share for [GIT](api-management-configuration-repository-git.md) (optional) | External & Internal | When an API Management service instance is hosted in a VNet, the ports in the fo | * / 443 | Outbound | TCP | VirtualNetwork / Storage | **Dependency on Azure Storage** | External & Internal | | * / 443 | Outbound | TCP | VirtualNetwork / AzureActiveDirectory | [Azure Active Directory](api-management-howto-aad.md) and Azure Key Vault dependency (optional) | External & Internal | | * / 443 | Outbound | TCP | VirtualNetwork / AzureKeyVault | Access to Azure Key Vault for [named values](api-management-howto-properties.md) integration (optional) | External & Internal |-| * / 1433 | Outbound | TCP | VirtualNetwork / SQL | **Access to Azure SQL endpoints** | External & Internal | +| * / 1433 | Outbound | TCP | VirtualNetwork / Sql | **Access to Azure SQL endpoints** | External & Internal | | * / 5671, 5672, 443 | Outbound | TCP | VirtualNetwork / Azure Event Hubs | Dependency for [Log to Azure Event Hubs policy](api-management-howto-log-event-hubs.md) and monitoring agent (optional)| External & Internal | | * / 445 | Outbound | TCP | VirtualNetwork / Storage | Dependency on Azure File Share for [GIT](api-management-configuration-repository-git.md) (optional) | External & Internal | | * / 443, 12000 | Outbound | TCP | VirtualNetwork / AzureCloud | Health and Monitoring Extension & Dependency on Event Grid (if events notification activated) (optional) | External & Internal | |
automation | Enable Managed Identity For Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/enable-managed-identity-for-automation.md | Disable-AzContextAutosave -Scope Process # Connect to Azure with system-assigned managed identity $AzureContext = (Connect-AzAccount -Identity).context -# set and store context +# Set and store context $AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext ``` Azure Automation provided authentication for managing Azure Resource Manager res - If you need to disable a managed identity, see [Disable your Azure Automation account managed identity](disable-managed-identity-for-automation.md). -- For an overview of Azure Automation account security, see [Automation account authentication overview](automation-security-overview.md).+- For an overview of Azure Automation account security, see [Automation account authentication overview](automation-security-overview.md). |
automation | Update Agent Issues Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/troubleshoot/update-agent-issues-linux.md | Curl on provided OMS endpoint ### Software repositories -Fix this issue by allowing the prerequisite Repo URL. For RHEL, see [here](https://learn.microsoft.com/azure/virtual-machines/workloads/redhat/redhat-rhui#troubleshoot-connection-problems-to-azure-rhui). +Fix this issue by allowing the prerequisite Repo URL. For RHEL, see [here](../../virtual-machines/workloads/redhat/redhat-rhui.md#troubleshoot-connection-problems-to-azure-rhui). Post making Network changes you can either rerun the Troubleshooter or |
azure-maps | How To Use Ios Map Control Library | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/how-to-use-ios-map-control-library.md | The Azure Maps iOS SDK provides three ways of setting the language and regional ```swift MapControl(options: [- StyleOptions.language("fr-FR"), - StyleOptions.view("Auto") + StyleOption.language("fr-FR"), + StyleOption.view("Auto") ]) ``` The Azure Maps iOS SDK provides three ways of setting the language and regional ```swift mapControl.getMapAsync { map in- map.setStyle([ - StyleOptions.language("fr-FR"), - StyleOptions.view("Auto") + map.setStyleOptions([ + StyleOption.language("fr-FR"), + StyleOption.view("Auto") ]) } ``` |
azure-monitor | Prometheus Remote Write Active Directory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/prometheus-remote-write-active-directory.md | This step is only required if you didn't enable Azure Key Vault Provider for Sec | Value | Description | |:|:| | `<CLUSTER-NAME>` | Name of your AKS cluster |- | `<CONTAINER-IMAGE-VERSION>` | `mcr.microsoft.com/azuremonitor/prometheus/promdev/prom-remotewrite:prom-remotewrite-20221102.1`<br>This is the remote write container image version. | + | `<CONTAINER-IMAGE-VERSION>` | `mcr.microsoft.com/azuremonitor/prometheus/promdev/prom-remotewrite:prom-remotewrite-20221103.1`<br>This is the remote write container image version. | | `<INGESTION-URL>` | **Metrics ingestion endpoint** from the **Overview** page for the Azure Monitor workspace | | `<APP-REGISTRATION -CLIENT-ID> ` | Client ID of your application | | `<TENANT-ID> ` | Tenant ID of the Azure Active Directory application | |
azure-monitor | Prometheus Remote Write Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/prometheus-remote-write-managed-identity.md | This step isn't required if you're using an AKS identity since it will already h | Value | Description | |:|:| | `<AKS-CLUSTER-NAME>` | Name of your AKS cluster |- | `<CONTAINER-IMAGE-VERSION>` | `mcr.microsoft.com/azuremonitor/prometheus/promdev/prom-remotewrite:prom-remotewrite-20221102.1`<br>This is the remote write container image version. | + | `<CONTAINER-IMAGE-VERSION>` | `mcr.microsoft.com/azuremonitor/prometheus/promdev/prom-remotewrite:prom-remotewrite-20221103.1`<br>This is the remote write container image version. | | `<INGESTION-URL>` | **Metrics ingestion endpoint** from the **Overview** page for the Azure Monitor workspace | | `<MANAGED-IDENTITY-CLIENT-ID>` | **Client ID** from the **Overview** page for the managed identity | | `<CLUSTER-NAME>` | Name of the cluster Prometheus is running on | |
machine-learning | How To Use Pipeline Ui | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-use-pipeline-ui.md | Along with the profiling, you can also use the *Output + logs* (on the details p - In this view, you'll see more nodes than in critical path. - Compact view - You'll only see step jobs that are longer than 30 seconds.-- Structured view.+- Hierarchical view. - You'll see all jobs including pipeline component jobs and step jobs. ### Download the duration table |
sentinel | Normalization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/normalization.md | On the other hand, while ASIM parsers are optimized, query time parsing can slow Currently, ASIM supports the following normalized tables as a destination for ingest time normalization: - [**ASimDnsActivityLogs**](/azure/azure-monitor/reference/tables/asimdnsactivitylogs) for the [DNS](normalization-schema-dns.md) schema.-- [**ASimNetworkSessionLogs**](/azire/azure-monitor/reference/tables/asimnetworksessionlogs) for the [NetworkS Session](network-normalization-schema.md) schema +- [**ASimNetworkSessionLogs**](/azure/azure-monitor/reference/tables/asimnetworksessionlogs) for the [Network Session](network-normalization-schema.md) schema For more information, see [Ingest Time Normalization](normalization-ingest-time.md). |
synapse-analytics | Get Started Create Workspace | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/synapse-analytics/get-started-create-workspace.md | After your Azure Synapse workspace is created, you have two ways to open Synapse > To sign into your workspace, there are two **Account selection methods**. One is from **Azure subscription**, the other is from **Enter manually**. If you have the Synapse Azure role or higher level Azure roles, you can use both methods to log into the workspace. If you don't have the related Azure roles, and you were granted as the Synapse RBAC role, **Enter manually** is the only way to log into the workspace. To learn more about the Synapse RBAC, refer to [What is Synapse role-based access control (RBAC)](./security/synapse-workspace-synapse-rbac.md). ## Place sample data into the primary storage account-We are going to use a small 100K row sample dataset of NYX Taxi Cab data for many examples in this getting started guide. We begin by placing it in the primary storage account you created for the workspace. +We are going to use a small 100K row sample dataset of NYC Taxi Cab data for many examples in this getting started guide. We begin by placing it in the primary storage account you created for the workspace. * Download the [NYC Taxi - green trip dataset](../open-datasets/dataset-taxi-green.md?tabs=azureml-opendatasets#additional-information) to your computer. Navigate to the [original dataset location](https://www.nyc.gov/site/tlc/about/tlc-trip-record-data.page) from the above link, choose a specific year and download the Green taxi trip records in Parquet format. * Rename the downloaded file to *NYCTripSmall.parquet*. |
virtual-machines | Spot Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/spot-vms.md | With variable pricing, you have option to set a max price, in US dollars (USD), ### Portal -You can see historical pricing and eviction rates per size in a region in the portal. Select **View pricing history and compare prices in nearby regions** to see a table or graph of pricing for a specific size. The pricing and eviction rates in the following images are only examples. +You can see historical pricing and eviction rates per size in a region in the portal while you are creating the VM. After selecting the checkbox to **Run with Azure Spot discount**, a link will appear under the size selection of the VM titled **View pricing history and compare prices in nearby regions**. By selecting that link you will be able to see a table or graph of spot pricing for the specified VM size. The pricing and eviction rates in the following images are only examples. **Chart**: Use the [CLI](./linux/spot-cli.md), [portal](spot-portal.md), [ARM template](./l You can also deploy a [scale set with Azure Spot Virtual Machine instances](../virtual-machine-scale-sets/use-spot.md). -If you encounter an error, see [Error codes](./error-codes-spot.md). +If you encounter an error, see [Error codes](./error-codes-spot.md). |