Updates from: 01/08/2021 04:07:27
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c https://docs.microsoft.com/en-us/azure/active-directory-b2c/page-layout https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/page-layout.md
@@ -47,7 +47,7 @@ Page layout packages are periodically updated to include fixes and improvements
- Focus is now placed on the password field after the email is verified. - Removed `autofocus` from the checkbox control. - Added support for a display control for phone number verification.-- You can now add the `data-preload="true"` attribute [in your HTML tags](customize-ui-with-html.md#guidelines-for
+- You can now add the `data-preload="true"` attribute [in your HTML tags](customize-ui-with-html.md#guidelines-for-using-custom-page-content)
- Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files. - Control the order in which your `script` tags are fetched and executed before the page load. - Email field is now `type=email` and mobile keyboards will provide the correct suggestions.
active-directory-domain-services https://docs.microsoft.com/en-us/azure/active-directory-domain-services/migrate-from-classic-vnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-domain-services/migrate-from-classic-vnet.md
@@ -152,8 +152,8 @@ The migration to the Resource Manager deployment model and virtual network is sp
|---------|--------------------|-----------------|-----------|-------------------| | [Step 1 - Update and locate the new virtual network](#update-and-verify-virtual-network-settings) | Azure portal | 15 minutes | No downtime required | N/A | | [Step 2 - Prepare the managed domain for migration](#prepare-the-managed-domain-for-migration) | PowerShell | 15 ΓÇô 30 minutes on average | Downtime of Azure AD DS starts after this command is completed. | Roll back and restore available. |
-| [Step 3 - Move the managed domain to an existing virtual network](#migrate-the-managed-domain) | PowerShell | 1 ΓÇô 3 hours on average | One domain controller is available once this command is completed, downtime ends. | On failure, both rollback (self-service) and restore are available. |
-| [Step 4 - Test and wait for the replica domain controller](#test-and-verify-connectivity-after-the-migration)| PowerShell and Azure portal | 1 hour or more, depending on the number of tests | Both domain controllers are available and should function normally. | N/A. Once the first VM is successfully migrated, there's no option for rollback or restore. |
+| [Step 3 - Move the managed domain to an existing virtual network](#migrate-the-managed-domain) | PowerShell | 1 ΓÇô 3 hours on average | One domain controller is available once this command is completed. | On failure, both rollback (self-service) and restore are available. |
+| [Step 4 - Test and wait for the replica domain controller](#test-and-verify-connectivity-after-the-migration)| PowerShell and Azure portal | 1 hour or more, depending on the number of tests | Both domain controllers are available and should function normally, downtime ends. | N/A. Once the first VM is successfully migrated, there's no option for rollback or restore. |
| [Step 5 - Optional configuration steps](#optional-post-migration-configuration-steps) | Azure portal and VMs | N/A | No downtime required | N/A | > [!IMPORTANT]
@@ -259,16 +259,14 @@ At this stage, you can optionally move other existing resources from the Classic
## Test and verify connectivity after the migration
-It can take some time for the second domain controller to successfully deploy and be available for use in the managed domain.
+It can take some time for the second domain controller to successfully deploy and be available for use in the managed domain. The second domain controller should be available 1-2 hours after the migration cmdlet finishes. With the Resource Manager deployment model, the network resources for the managed domain are shown in the Azure portal or Azure PowerShell. To check if the second domain controller is available, look at the **Properties** page for the managed domain in the Azure portal. If two IP addresses shown, the second domain controller is ready.
-With the Resource Manager deployment model, the network resources for the managed domain are shown in the Azure portal or Azure PowerShell. To learn more about what these network resources are and do, see [Network resources used by Azure AD DS][network-resources].
-
-When at least one domain controller is available, complete the following configuration steps for network connectivity with VMs:
+After the second domain controller is available, complete the following configuration steps for network connectivity with VMs:
* **Update DNS server settings** To let other resources on the Resource Manager virtual network resolve and use the managed domain, update the DNS settings with the IP addresses of the new domain controllers. The Azure portal can automatically configure these settings for you. To learn more about how to configure the Resource Manager virtual network, see [Update DNS settings for the Azure virtual network][update-dns].
-* **Restart domain-joined VMs** - As the DNS server IP addresses for the Azure AD DS domain controllers change, restart any domain-joined VMs so they then use the new DNS server settings. If applications or VMs have manually configured DNS settings, manually update them with the new DNS server IP addresses of the domain controllers that are shown in the Azure portal.
+* **Restart domain-joined VMs (optional)** As the DNS server IP addresses for the Azure AD DS domain controllers change, you can restart any domain-joined VMs so they then use the new DNS server settings. If applications or VMs have manually configured DNS settings, manually update them with the new DNS server IP addresses of the domain controllers that are shown in the Azure portal. Rebooting domain-joined VMs prevents connectivity issues caused by IP addresses that donΓÇÖt refresh.
Now test the virtual network connection and name resolution. On a VM that's connected to the Resource Manager virtual network, or peered to it, try the following network communication tests:
@@ -277,7 +275,7 @@ Now test the virtual network connection and name resolution. On a VM that's conn
1. Verify name resolution of the managed domain, such as `nslookup aaddscontoso.com` * Specify the DNS name for your own managed domain to verify that the DNS settings are correct and resolves.
-The second domain controller should be available 1-2 hours after the migration cmdlet finishes. To check if the second domain controller is available, look at the **Properties** page for the managed domain in the Azure portal. If two IP addresses shown, the second domain controller is ready.
+To learn more about other network resources, see [Network resources used by Azure AD DS][network-resources].
## Optional post-migration configuration steps
active-directory https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/functions-for-customizing-application-data.md
@@ -357,7 +357,7 @@ The Item function returns one item from a multi-valued string/attribute.
| **index** |Required |Integer | Index to an item in the multi-valued string| **Example:**
-`Item([proxyAddresses], 1)`
+`Item([proxyAddresses], 1)` returns the second item in the multi-valued attribute.
--- ### Join
active-directory https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md
@@ -1215,7 +1215,7 @@ Steps in the OAuth code grant flow:
> [!NOTE] > While it is not possible to setup OAuth on the non-gallery application today, you can manually generate an access token from your authorization server and input that in the secret token field of the non-gallery application. This allows you to verify compatibility of your SCIM server with the Azure AD SCIM client before onboarding to the app gallery, which does support the OAuth code grant.
-**Long-lived OAuth bearer tokens:** If your application does not support the OAuth authorization code grant flow, you can also generate a long lived OAuth bearer token than that an administrator can use to setup the provisioning integration. The token should be perpetual, or else the provisioning job will be [quarantined](application-provisioning-quarantine-status.md) when the token expires. This token must be below 1KB in size.
+**Long-lived OAuth bearer tokens:** If your application does not support the OAuth authorization code grant flow, you can also generate a long lived OAuth bearer token than that an administrator can use to setup the provisioning integration. The token should be perpetual, or else the provisioning job will be [quarantined](application-provisioning-quarantine-status.md) when the token expires.
For additional authentication and authorization methods, let us know on [UserVoice](https://aka.ms/appprovisioningfeaturerequest).
active-directory https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/concept-authentication-passwordless.md
@@ -137,6 +137,7 @@ The following providers offer FIDO2 security keys of different form factors that
| VinCSS | [https://passwordless.vincss.net](https://passwordless.vincss.net) | | KONA I | [https://konai.com/business/security/fido](https://konai.com/business/security/fido) | | Excelsecu | [https://www.excelsecu.com/productdetail/esecufido2secu.html](https://www.excelsecu.com/productdetail/esecufido2secu.html) |
+| Token2 Switzerland | [https://www.token2.swiss/shop/product/token2-t2f2-alu-fido2-u2f-and-totp-security-key](https://www.token2.swiss/shop/product/token2-t2f2-alu-fido2-u2f-and-totp-security-key) |
> [!NOTE] > If you purchase and plan to use NFC-based security keys, you need a supported NFC reader for the security key. The NFC reader isn't an Azure requirement or limitation. Check with the vendor for your NFC-based security key for a list of supported NFC readers.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-phone-options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/concept-authentication-phone-options.md
@@ -57,6 +57,8 @@ If you have problems with phone authentication for Azure AD, review the followin
* ΓÇ£You've hit our limit on verification callsΓÇ¥ or ΓÇ£YouΓÇÖve hit our limit on text verification codesΓÇ¥ error messages during sign-in * Microsoft may limit repeated authentication attempts that are perform by the same user in a short period of time. This limitation does not apply to the Microsoft Authenticator or verification code. If you have hit these limits, you can use the Authenticator App, verification code or try to sign in again in a few minutes.
+* "Sorry, we're having trouble verifying your account" error message during sign-in
+ * Microsoft may limit or block voice or SMS authentication attempts that are performed by the same user, phone number, or organization due to high number of failed voice or SMS authentication attempts. If you are experiencing this error, you can try another method, such as Authenticator App or verification code, or reach out to your admin for support.
* Blocked caller ID on a single device. * Review any blocked numbers configured on the device. * Wrong phone number or incorrect country/region code, or confusion between personal phone number versus work phone number.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-enterprise-app-role-management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/active-directory-enterprise-app-role-management.md
@@ -30,7 +30,7 @@ If your application expects custom roles to be passed in a SAML response, you ne
## Create roles for an application
-1. In the [Azure portal](https://portal.azure.com), in the left pane, select the **Azure Active Directory** icon.
+1. In the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>, in the left pane, select the **Azure Active Directory** icon.
![Azure Active Directory icon][1]
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/active-directory-optional-claims.md
@@ -132,7 +132,7 @@ This OptionalClaims object causes the ID token returned to the client to include
You can configure optional claims for your application through the UI or application manifest.
-1. Go to the [Azure portal](https://portal.azure.com).
+1. Go to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations**. 1. Select the application you want to configure optional claims for in the list.
@@ -241,7 +241,7 @@ This section covers the configuration options under optional claims for changing
**Configuring groups optional claims through the UI:**
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. After you've authenticated, choose your Azure AD tenant by selecting it from the top-right corner of the page. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations**.
@@ -254,7 +254,7 @@ This section covers the configuration options under optional claims for changing
**Configuring groups optional claims through the application manifest:**
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. After you've authenticated, choose your Azure AD tenant by selecting it from the top-right corner of the page. 1. Search for and select **Azure Active Directory**. 1. Select the application you want to configure optional claims for in the list.
@@ -385,7 +385,7 @@ In the example below, you will use the **Token configuration** UI and **Manifest
**UI configuration:**
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. After you've authenticated, choose your Azure AD tenant by selecting it from the top-right corner of the page. 1. Search for and select **Azure Active Directory**.
@@ -408,7 +408,7 @@ In the example below, you will use the **Token configuration** UI and **Manifest
**Manifest configuration:**
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. After you've authenticated, choose your Azure AD tenant by selecting it from the top-right corner of the page. 1. Search for and select **Azure Active Directory**. 1. Find the application you want to configure optional claims for in the list and select it.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/active-directory-saml-claims-customization.md
@@ -76,7 +76,7 @@ For more info, see [Table 3: Valid ID values per source](active-directory-claims
You can also assign any constant (static) value to any claims which you define in Azure AD. Please follow the below steps to assign a constant value:
-1. In the [Azure portal](https://portal.azure.com/), on the **User Attributes & Claims** section, click on the **Edit** icon to edit the claims.
+1. In the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>, on the **User Attributes & Claims** section, click on the **Edit** icon to edit the claims.
1. Click on the required claim which you want to modify.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md
@@ -45,7 +45,7 @@ The number of roles you add counts toward application manifest limits enforced b
To create an app role by using the Azure portal's user interface:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. Select the **Directory + subscription** filter in top menu, and then choose the Azure Active Directory tenant that contains the app registration to which you want to add an app role. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations**, and then select the application you want to define app roles in.
@@ -70,7 +70,7 @@ To create an app role by using the Azure portal's user interface:
To add roles by editing the manifest directly:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. Select the **Directory + subscription** filter in top menu, and then choose the Azure Active Directory tenant that contains the app registration to which you want to add an app role. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations**, and then select the application you want to define app roles in.
@@ -132,7 +132,7 @@ Once you've added app roles in your application, you can assign users and groups
To assign users and groups to roles by using the Azure portal:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. In **Azure Active Directory**, select **Enterprise applications** in the left-hand navigation menu. 1. Select **All applications** to view a list of all your applications. If your application doesn't appear in the list, use the filters at the top of the **All applications** list to restrict the list, or scroll down the list to locate your application. 1. Select the application in which you want to assign users or security group to roles.
@@ -154,7 +154,7 @@ When you assign app roles to an application, you create *application permissions
To assign app roles to an application by using the Azure portal:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. In **Azure Active Directory**, select **App registrations** in the left-hand navigation menu. 1. Select **All applications** to view a list of all your applications. If your application doesn't appear in the list, use the filters at the top of the **All applications** list to restrict the list, or scroll down the list to locate your application. 1. Select the application to which you want to assign an app role.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-terms-of-service-privacy-statement https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/howto-add-terms-of-service-privacy-statement.md
@@ -54,7 +54,7 @@ When the terms of service and privacy statement are ready, you can add links to
### <a name="azure-portal"></a>Using the Azure portal Follow these steps in the Azure portal.
-1. Sign in to the [Azure portal](https://portal.azure.com/), select the correct AzureAD tenant(not B2C).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>, select the correct AzureAD tenant(not B2C).
2. Navigate to the **App Registrations** section and select your app. 3. Open the **Branding** pane. 4. Fill out the **Terms of Service URL** and **Privacy Statement URL** fields.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-configure-publisher-domain https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/howto-configure-publisher-domain.md
@@ -44,7 +44,7 @@ If your app was registered before May 21, 2019, your application's consent promp
To set your app's publisher domain, follow these steps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a> using either a work or school account, or a personal Microsoft account.
1. If your account is present in more than one Azure AD tenant: 1. Select your profile from the menu on the top-right corner of the page, and then **Switch directory**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/howto-create-service-principal-portal.md
@@ -71,7 +71,7 @@ To check your subscription permissions:
Let's jump straight into creating the identity. If you run into a problem, check the [required permissions](#permissions-required-for-registering-an-app) to make sure your account can create the identity.
-1. Sign in to your Azure Account through the [Azure portal](https://portal.azure.com).
+1. Sign in to your Azure Account through the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. Select **Azure Active Directory**. 1. Select **App registrations**. 1. Select **New registration**.
@@ -177,7 +177,7 @@ If you choose not to use a certificate, you can create a new application secret.
## Configure access policies on resources Keep in mind, you might need to configure additional permissions on resources that your application needs to access. For example, you must also [update a key vault's access policies](../../key-vault/general/secure-your-key-vault.md#data-plane-and-access-policies) to give your application access to keys, secrets, or certificates.
-1. In the [Azure portal](https://portal.azure.com), navigate to your key vault and select **Access policies**.
+1. In the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>, navigate to your key vault and select **Access policies**.
1. Select **Add access policy**, then select the key, secret, and certificate permissions you want to grant your application. Select the service principal you created previously. 1. Select **Add** to add the access policy, then **Save** to commit your changes. ![Add access policy](./media/howto-create-service-principal-portal/add-access-policy.png)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/migrate-spa-implicit-to-auth-code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/migrate-spa-implicit-to-auth-code.md
@@ -36,7 +36,7 @@ If you'd like to continue using your existing app registration for your applicat
Follow these steps for app registrations that are currently configured with **Web** platform redirect URIs:
-1. Sign in to the [Azure portal](https://portal.azure.com) and select your **Azure Active Directory** tenant.
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a> and select your **Azure Active Directory** tenant.
1. In **App registrations**, select your application, and then **Authentication**. 1. In the **Web** platform tile under **Redirect URIs**, select the warning banner indicating that you should migrate your URIs.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-android-single-sign-on https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-android-single-sign-on.md
@@ -115,7 +115,7 @@ keytool -exportcert -alias androiddebugkey -keystore %HOMEPATH%\.android\debug.k
Once you've generated a signature hash with *keytool*, use the Azure portal to generate the redirect URI:
-1. Sign in to the [Azure portal](https://portal.azure.com) and select your Android app in **App registrations**.
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a> and select your Android app in **App registrations**.
1. Select **Authentication** > **Add a platform** > **Android**. 1. In the **Configure your Android app** pane that opens, enter the **Signature hash** that you generated earlier and a **Package name**. 1. Select the **Configure** button.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-use-brokers-with-xamarin-apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-use-brokers-with-xamarin-apps.md
@@ -180,7 +180,7 @@ Add the redirect URI to the app's registration in the [Azure portal](https://por
**To generate the redirect URI:**
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. Select **Azure Active Directory** > **App registrations** > your registered app 1. Select **Authentication** > **Add a platform** > **iOS / macOS** 1. Enter your bundle ID, and then select **Configure**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-configure-app-access-web-apis.md
@@ -39,7 +39,7 @@ This diagram shows how the two app registrations relate to one another. In this
Once you've registered both your client app and web API and you've exposed the API by creating scopes, you can configure the client's permissions to the API by following these steps:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/quickstart-configure-app-access-web-apis/portal-01-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant containing your client app's registration. 1. Select **Azure Active Directory** > **App registrations**, and then select your client application (*not* your web API). 1. Select **API permissions** > **Add a permission** > **My APIs**.
@@ -68,7 +68,7 @@ In addition to accessing your own web API on behalf of the signed-in user, your
Configure delegated permission to Microsoft Graph to enable your client application to perform operations on behalf of the logged-in user, for example reading their email or modifying their profile. By default, users of your client app are asked when they sign in to consent to the delegated permissions you've configured for it.
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/quickstart-configure-app-access-web-apis/portal-01-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant containing your client app's registration. 1. Select **Azure Active Directory** > **App registrations**, and then select your client application. 1. Select **API permissions** > **Add a permission** > **Microsoft Graph**
@@ -93,7 +93,7 @@ Configure application permissions for an application that needs to authenticate
In the following steps, you grant permission to Microsoft Graph's *Files.Read.All* permission as an example.
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/quickstart-configure-app-access-web-apis/portal-01-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant containing your client app's registration. 1. Select **Azure Active Directory** > **App registrations**, and then select your client application. 1. Select **API permissions** > **Add a permission** > **Microsoft Graph** > **Application permissions**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-expose-web-apis https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-configure-app-expose-web-apis.md
@@ -42,7 +42,7 @@ The code in a client application requests permission to perform operations defin
First, follow these steps to create an example scope named `Employees.Read.All`:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/quickstart-configure-app-expose-web-apis/portal-01-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant containing your client app's registration. 1. Select **Azure Active Directory** > **App registrations**, and then select your API's app registration. 1. Select **Expose an API** > **Add a scope**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-create-new-tenant.md
@@ -44,7 +44,7 @@ The quickstart is broken into two scenarios depending on the type of app you wan
Many developers already have tenants through services or subscriptions that are tied to Azure AD tenants such as Microsoft 365 or Azure subscriptions.
-1. To check the tenant, sign in to the [Azure portal](https://portal.azure.com) with the account you want to use to manage your application.
+1. To check the tenant, sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a> with the account you want to use to manage your application.
1. Check the upper right corner. If you have a tenant, you'll automatically be logged in and can see the tenant name directly under your account name. * Hover over your account name on the upper right-hand side of the Azure portal to see your name, email, directory / tenant ID (a GUID), and your domain. * If your account is associated with multiple tenants, you can select your account name to open a menu where you can switch between tenants. Each tenant has its own tenant ID.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-modify-supported-accounts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-modify-supported-accounts.md
@@ -31,7 +31,7 @@ In the following sections, you learn how to modify your app's registration in th
To specify a different setting for the account types supported by an existing app registration:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations**, then select your application.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-register-app.md
@@ -35,7 +35,7 @@ Registering your application establishes a trust relationship between your app a
Follow these steps to create the app registration:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-remove-app https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-remove-app.md
@@ -36,7 +36,7 @@ Applications that you or your organization have registered are represented by bo
To delete an application, you need to be listed as an owner of the application or have admin privileges.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account or a personal Microsoft account.
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a> using either a work or school account or a personal Microsoft account.
1. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant. 1. In the left-hand navigation pane, select the **Azure Active Directory** service, then select **App registrations**. Find and select the application that you want to configure. Once you've selected the app, you'll see the application's **Overview** page. 1. From the **Overview** page, select **Delete**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-angular https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-angular.md
@@ -33,7 +33,7 @@ In this quickstart, you download and run a code sample that demonstrates how an
> > ### Option 1 (express): Register and automatically configure the app, and then download the code sample >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If your account has access to more than one tenant, select the account at the upper right, and then set your portal session to the Azure Active Directory (Azure AD) tenant that you want to use. > 1. Open the new [App registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade/quickStartType/JavascriptSpaQuickstartPage/sourceType/docs) pane in the Azure portal. > 1. Enter a name for your application, and then select **Register**.
@@ -43,7 +43,7 @@ In this quickstart, you download and run a code sample that demonstrates how an
> > #### Step 1: Register the application >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If your account has access to more than one tenant, select your account at the upper right, and set your portal session to the Azure AD tenant that you want to use. > 1. Follow the instructions to [register a single-page application](./scenario-spa-app-registration.md) in the Azure portal. > 1. Add a new platform on the **Authentication** pane of your app registration and register the redirect URI: `http://localhost:4200/`.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-web-api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-aspnet-core-web-api.md
@@ -32,7 +32,7 @@ In this quickstart, you download an ASP.NET Core web API code sample and review
> > First, register the web API in your Azure AD tenant and add a scope by following these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp-calls-graph https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-aspnet-core-webapp-calls-graph.md
@@ -44,7 +44,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> #### Step 1: Register your application > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-aspnet-core-webapp.md
@@ -44,7 +44,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> #### Step 1: Register your application > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-webapp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-aspnet-webapp.md
@@ -44,7 +44,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> #### Step 1: Register your application > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-dotnet-native-aspnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-dotnet-native-aspnet.md
@@ -45,13 +45,13 @@ In this section, you register your web API in **App registrations** in the Azure
To register your apps manually, choose the Azure Active Directory (Azure AD) tenant where you want to create your apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) with either a work or school account or a personal Microsoft account.
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a> with either a work or school account or a personal Microsoft account.
1. If your account is present in more than one Azure AD tenant, select your profile at the upper right, and then select **Switch directory**. 1. Change your portal session to the Azure AD tenant you want to use. ### Register the TodoListService app
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-ios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-ios.md
@@ -52,7 +52,7 @@ The quickstart applies to both iOS and macOS apps. Some steps are needed only fo
> #### Step 1: Register your application > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-java-webapp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-java-webapp.md
@@ -44,7 +44,7 @@ To run this sample, you need:
> > To register your application and manually add the app's registration information to it, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register the application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-javascript-auth-code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-javascript-auth-code.md
@@ -36,7 +36,7 @@ This quickstart uses MSAL.js 2.0 with the authorization code flow. For a similar
> > ### Option 1 (Express): Register and auto configure your app and then download your code sample >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If your account gives you access to more than one tenant, select the account at the top right, and then set your portal session to the Azure Active Directory (Azure AD) tenant you want to use. > 1. Select [App registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade/quickStartType/JavascriptSpaQuickstartPage/sourceType/docs). > 1. Enter a name for your application.
@@ -48,7 +48,7 @@ This quickstart uses MSAL.js 2.0 with the authorization code flow. For a similar
> > #### Step 1: Register your application >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-javascript https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-javascript.md
@@ -35,7 +35,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> > ### Option 1 (Express): Register and auto configure your app and then download your code sample >
-> 1. Sign in to the [Azure portal](https://portal.azure.com) by using either a work or school account, or a personal Microsoft account.
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a> by using either a work or school account, or a personal Microsoft account.
> 1. If your account gives you access to more than one tenant, select the account at the top right, and then set your portal session to the Azure Active Directory (Azure AD) tenant you want to use. > 1. Go to the new [Azure portal - App registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade/quickStartType/JavascriptSpaQuickstartPage/sourceType/docs) pane. > 1. Enter a name for your application.
@@ -47,7 +47,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> > #### Step 1: Register your application >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-netcore-daemon https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-netcore-daemon.md
@@ -46,7 +46,7 @@ This quickstart requires [.NET Core 3.1](https://www.microsoft.com/net/download/
> #### Step 1: Register your application > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-nodejs-webapp-msal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-nodejs-webapp-msal.md
@@ -38,7 +38,7 @@ This quickstart uses the Microsoft Authentication Library for Node.js (MSAL Node
> > #### Step 1: Register your application >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Under **Manage**, select **App registrations** > **New registration**. > 1. Enter a **Name** for your application. Users of your app might see this name, and you can change it later.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-nodejs-webapp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-nodejs-webapp.md
@@ -26,39 +26,29 @@ In this quickstart, you download and run a code sample that demonstrates how to
- [Node.js](https://nodejs.org/en/download/). ## Register your application
-1. Sign in to the [Azure portal](https://portal.azure.com/) using either a work or school account, or a personal Microsoft account.
-1. If your account is present in more than one Azure AD tenant:
- - Select your profile from the menu on the top-right corner of the page, and then **Switch directory**.
- - Change your session to the Azure AD tenant where you want to create your application.
-1. Navigate to [Azure Active Directory > App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) to register your app.
-
-1. Select **New registration.**
-
-1. When the **Register an application** page appears, enter your app's registration information:
- - In the **Name** section, enter a meaningful name that will be displayed to users of the app. For example: MyWebApp
- - In the **Supported account types** section, select **Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com)**.
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application.
+1. Search for and select **Azure Active Directory**.
+1. Under **Manage**, select **App registrations** > **New registration**.
+1. Enter a **Name** for your application, for example `MyWebApp`. Users of your app might see this name, and you can change it later.
+1. In the **Supported account types** section, select **Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com)**.
If there are more than one redirect URIs, you'll need to add these from the **Authentication** tab later after the app has been successfully created. 1. Select **Register** to create the app.- 1. On the app's **Overview** page, find the **Application (client) ID** value and record it for later. You'll need this value to configure the application later in this project.
+1. Under **Manage**, select **Authentication**.
+1. Select **Add a platform** > **Web**
+1. In the **Redirect URIs** section, enter `http://localhost:3000/auth/openid/return`.
+1. Enter a **Logout URL** `https://localhost:3000`.
+1. In the Implicit grant section, check **ID tokens** as this sample requires the [Implicit grant flow](./v2-oauth2-implicit-grant-flow.md) to be enabled to sign-in the user.
+1. Select **Configure**.
+1. Under **Manage**, select **Certificates & secrets** > **New client secret**.
+1. Enter a key description (for instance app secret).
+1. Select a key duration of either **In 1 year, In 2 years,** or **Never Expires**.
+1. Select **Add**. The key value will be displayed. Copy the key value and save it in a safe location for later use.
-1. In the list of pages for the app, select **Authentication**.
- - In the **Redirect URIs** section, select **Web** in the combo-box and enter the following redirect URI:
- `http://localhost:3000/auth/openid/return`
- - In the **Advanced settings** section, set **Logout URL** to `https://localhost:3000`.
- - In the **Advanced settings > Implicit grant** section, check **ID tokens** as this sample requires the [Implicit grant flow](./v2-oauth2-implicit-grant-flow.md) to be enabled to sign-in the user.
-
-1. Select **Save**.
-
-1. From the **Certificates & secrets** page, in the **Client secrets** section, choose **New client secret**.
- - Enter a key description (for instance app secret).
- - Select a key duration of either **In 1 year, In 2 years,** or **Never Expires**.
- - When you click the **Add** button, the key value will be displayed. Copy the key value and save it in a safe location.
-
- You'll need this key later to configure the application. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.
## Download the sample application and modules
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-daemon https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-python-daemon.md
@@ -49,7 +49,7 @@ To run this sample, you need:
> #### Step 1: Register your application > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-webapp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-python-webapp.md
@@ -46,7 +46,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Under **Manage**, select **App registrations** > **New registration**. > 1. Enter a **Name** for your application, for example `python-webapp` . Users of your app might see this name, and you can change it later.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-uwp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-uwp.md
@@ -44,7 +44,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> [!div renderon="docs"] > #### Step 1: Register your application > To register your application and add the app's registration information to your solution, follow these steps:
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-windows-desktop https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-windows-desktop.md
@@ -42,7 +42,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
> #### Step 1: Register your application > To register your application and add the app's registration information to your solution manually, follow these steps: >
-> 1. Sign in to the [Azure portal](https://portal.azure.com).
+> 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
> 1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. > 1. Search for and select **Azure Active Directory**. > 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/reference-app-manifest.md
@@ -28,7 +28,7 @@ You can configure an app's attributes through the Azure portal or programmatical
To configure the application manifest:
-1. Go to the [Azure portal](https://portal.azure.com). Search for and select the **Azure Active Directory** service.
+1. Go to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>. Search for and select the **Azure Active Directory** service.
1. Select **App registrations**. 1. Select the app you want to configure. 1. From the app's **Overview** page, select the **Manifest** section. A web-based manifest editor opens, allowing you to edit the manifest within the portal. Optionally, you can select **Download** to edit the manifest locally, and then use **Upload** to reapply it to your application.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/registration-config-how-to https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/registration-config-how-to.md
@@ -19,7 +19,7 @@ ms.author: ryanwi
You can find the authentication endpoints for your application in the [Azure portal](https://portal.azure.com).
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. Select **Azure Active Directory**. 1. Under **Manage**, select **App registrations**, and then select **Endpoints** in the top menu.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/registration-config-specific-application-property-how-to https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/registration-config-specific-application-property-how-to.md
@@ -21,7 +21,7 @@ This article gives you a brief description of all the available fields in the ap
## Register a new application -- To register a new application, navigate to the [Azure portal](https://portal.azure.com).
+- To register a new application, navigate to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
- From the left navigation pane, click **Azure Active Directory.**
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-desktop-app-registration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-desktop-app-registration.md
@@ -45,7 +45,7 @@ The redirect URIs to use in a desktop application depend on the flow you want to
- If your app uses only Integrated Windows Authentication or a username and a password, you don't need to register a redirect URI for your application. These flows do a round trip to the Microsoft identity platform v2.0 endpoint. Your application won't be called back on any specific URI. - To distinguish [device code flow](scenario-desktop-acquire-token.md#device-code-flow), [Integrated Windows Authentication](scenario-desktop-acquire-token.md#integrated-windows-authentication), and a [username and a password](scenario-desktop-acquire-token.md#username-and-password) from a confidential client application using a client credential flow used in [daemon applications](scenario-daemon-overview.md), none of which requires a redirect URI, you need to configure it as a public client application. To achieve this configuration:
- 1. In the [Azure portal](https://portal.azure.com), select your app in **App registrations**, and then select **Authentication**.
+ 1. In the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>, select your app in **App registrations**, and then select **Authentication**.
1. In **Advanced settings** > **Allow public client flows** > **Enable the following mobile and desktop flows:**, select **Yes**. :::image type="content" source="media/scenarios/default-client-type.png" alt-text="Enable public client setting on Authentication pane in Azure portal":::
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-mobile-app-registration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-mobile-app-registration.md
@@ -80,7 +80,7 @@ If your app uses only username-password authentication, you don't need to regist
However, you need to identify your application as a public client application. To do so:
-1. Still in the [Azure portal](https://portal.azure.com), select your app in **App registrations**, and then select **Authentication**.
+1. Still in the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>, select your app in **App registrations**, and then select **Authentication**.
1. In **Advanced settings** > **Allow public client flows** > **Enable the following mobile and desktop flows:**, select **Yes**. :::image type="content" source="media/scenarios/default-client-type.png" alt-text="Enable public client setting on Authentication pane in Azure portal":::
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-spa-app-registration.md
@@ -23,7 +23,7 @@ To register a single-page application (SPA) in the Microsoft identity platform,
For both MSAL.js 1.0- and 2.0-based applications, start by completing the following steps to create the initial app registration.
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-sign-user-app-registration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-web-app-sign-user-app-registration.md
@@ -38,7 +38,7 @@ You can use these links to bootstrap the creation of your web application:
> The portal to use is different depending on whether your application runs in the Microsoft Azure public cloud or in a national or sovereign cloud. For more information, see [National clouds](./authentication-national-cloud.md#app-registration-endpoints).
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-android https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-android.md
@@ -71,7 +71,7 @@ If you do not already have an Android application, follow these steps to set up
### Register your application
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-asp-webapp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-asp-webapp.md
@@ -370,7 +370,8 @@ To register your application and add the app's registration information to your
1. Change SSL Enabled to `True`. 1. Right-click the project in Visual Studio, select **Properties**, and then select the **Web** tab. In the **Servers** section, change the **Project Url** setting to the **SSL URL**. 1. Copy the SSL URL. You'll add this URL to the list of Redirect URIs in the Registration portal's list of Redirect URIs in the next step.<br/><br/>![Project properties](media/active-directory-develop-guidedsetup-aspnetwebapp-configure/vsprojectproperties.png)<br />
-1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-aspnet-daemon-web-app https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-aspnet-daemon-web-app.md
@@ -90,7 +90,7 @@ If you don't want to use the automation, use the steps in the following sections
### Choose the Azure AD tenant
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application.
@@ -200,7 +200,7 @@ This project has web app and web API projects. To deploy them to Azure websites,
### Create and publish dotnet-web-daemon-v2 to an Azure website
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. In the upper-left corner, select **Create a resource**. 1. Select **Web** > **Web App**, and then give your website a name. For example, name it **dotnet-web-daemon-v2-contoso.azurewebsites.net**. 1. Select the information for **Subscription**, **Resource group**, and **App service plan and location**. **OS** is **Windows**, and **Publish** is **Code**.
@@ -221,7 +221,7 @@ Visual Studio will publish the project and automatically open a browser to the p
### Update the Azure AD tenant application registration for dotnet-web-daemon-v2
-1. Go back to the [Azure portal](https://portal.azure.com).
+1. Go back to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. In the left pane, select the **Azure Active Directory** service, and then select **App registrations**. 1. Select the **dotnet-web-daemon-v2** application. 1. On the **Authentication** page for your application, update the **Logout URL** fields with the address of your service. For example, use `https://dotnet-web-daemon-v2-contoso.azurewebsites.net`.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-ios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-ios.md
@@ -67,7 +67,7 @@ If you'd like to download a completed version of the app you build in this tutor
## Register your application
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-spa https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-javascript-spa.md
@@ -261,7 +261,7 @@ You now have a simple server to serve your SPA. The intended folder structure at
Before proceeding further with authentication, register your application on **Azure Active Directory**.
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-windows-desktop https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-windows-desktop.md
@@ -100,7 +100,7 @@ You can quickly register your application by doing the following:
### Option 2: Advanced mode To register your application and add your application registration information to your solution, do the following:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-windows-uwp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-windows-uwp.md
@@ -342,7 +342,7 @@ private async Task DisplayMessageAsync(string message)
Now you need to register your application:
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
1. If you have access to multiple tenants, use the **Directory + subscription** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register an application. 1. Search for and select **Azure Active Directory**. 1. Under **Manage**, select **App registrations** > **New registration**.
@@ -353,7 +353,7 @@ Now you need to register your application:
Configure authentication for your application:
-1. Back in the [Azure portal](https://portal.azure.com), under **Manage**, select **Authentication** > **Add a platform**, and then select **Mobile and desktop applications**.
+1. Back in the <a href="https://portal.azure.com/" target="_blank">Azure portal<span class="docon docon-navigate-external x-hidden-focus"></span></a>, under **Manage**, select **Authentication** > **Add a platform**, and then select **Mobile and desktop applications**.
1. In the **Redirect URIs** section, check **https://login.microsoftonline.com/common/oauth2/nativeclient**. 1. Select **Configure**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/external-identities/invite-internal-users https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/invite-internal-users.md
@@ -42,8 +42,7 @@ In these instances, if the internal user must be changed to a B2B user, you shou
You can use PowerShell or the invitation API to send a B2B invitation to the internal user. Make sure the email address you want to use for the invitation is set as the external email address on the internal user object. -- For a cloud-only user, use the email address in the User.OtherMails property for the invitation.-- For an on-premises synced user, you must use the value in the User.Mail property for the invitation.
+- You must use the the email address in the User.Mail property for the invitation.
- The domain in the userΓÇÖs Mail property must match the account theyΓÇÖre using to sign in. Otherwise, some services such as Teams won't be able to authenticate the user. By default, the invitation will send the user an email letting them know theyΓÇÖve been invited, but you can suppress this email and send your own instead.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adds https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-health-adds.md
@@ -3,7 +3,7 @@ title: Using Azure AD Connect Health with AD DS | Microsoft Docs
description: This is the Azure AD Connect Health page that will discuss how to monitor AD DS. services: active-directory documentationcenter: ''
-author: zhiweiwangmsft
+author: billmath
manager: daveba editor: curtand
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-health-agent-install.md
@@ -3,7 +3,7 @@ title: Install the Connect Health agents in Azure Active Directory
description: This Azure AD Connect Health article describes agent installation for Active Directory Federation Services (AD FS) and for Sync. services: active-directory documentationcenter: ''
-author: zhiweiwangmsft
+author: billmath
manager: daveba editor: curtand ms.assetid: 1cc8ae90-607d-4925-9c30-6770a4bd1b4e
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-alert-catalog https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-health-alert-catalog.md
@@ -3,7 +3,7 @@ title: Azure AD Connect Health - Alert Catalog | Microsoft Docs
description: This document shows the catalog of all alerts in Azure AD Connect Health. services: active-directory documentationcenter: ''
-author: zhiweiwangmsft
+author: billmath
manager: maheshu editor: '' ms.service: active-directory
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-data-freshness https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-health-data-freshness.md
@@ -3,8 +3,8 @@ title: Azure AD Connect Health - Health service data is not up to date alert | M
description: This document describes the cause of "Health service data is not up to date" alert and how to troubleshoot it. services: active-directory documentationcenter: ''
-author: zhiweiwangmsft
-manager: SamuelD
+author: billmath
+manager: daveba
editor: '' ms.service: active-directory ms.subservice: hybrid
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-diagnose-sync-errors https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-health-diagnose-sync-errors.md
@@ -3,7 +3,7 @@ title: Azure AD Connect Health - Diagnose duplicated attribute synchronization e
description: This document describes the diagnosis process of duplicated attribute synchronization errors and a potential fix of the orphaned object scenarios directly from the Azure portal. services: active-directory documentationcenter: ''
-author: zhiweiwangmsft
+author: billmath
manager: maheshu editor: billmath ms.service: active-directory
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-health-operations.md
@@ -3,7 +3,7 @@ title: Azure Active Directory Connect Health operations
description: This article describes additional operations that can be performed after you have deployed Azure AD Connect Health. services: active-directory documentationcenter: ''
-author: zhiweiwangmsft
+author: billmath
manager: daveba ms.assetid: 86cc3840-60fb-43f9-8b2a-8598a9df5c94 ms.service: active-directory
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-sync https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-health-sync.md
@@ -3,7 +3,7 @@ title: Using Azure AD Connect Health with sync | Microsoft Docs
description: This is the Azure AD Connect Health page that will discuss how to monitor Azure AD Connect sync. services: active-directory documentationcenter: ''
-author: zhiweiwangmsft
+author: billmath
manager: daveba ms.assetid: 1dfbeaba-bda2-4f68-ac89-1dbfaf5b4015 ms.service: active-directory
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions.md
@@ -42,7 +42,7 @@ The installation shows the following attributes, which are valid candidates:
>[!NOTE]
-> Although Azure AD Connect supports synchronizing multi-valued Active Directory attributes to Azure AD as multi-valued directory extensions, there is currently no way to retrieve/consume the data uploaded in multi-valued directory extension attributes.
+> After Azure AD Connect synchronized multi-valued Active Directory attribute to Azure AD as a multi-valued attribute extension, it is possible to include attribute to the SAML claim. But, it is not possible to consume this data through API call.
The list of attributes is read from the schema cache that's created during installation of Azure AD Connect. If you have extended the Active Directory schema with additional attributes, you must [refresh the schema](how-to-connect-installation-wizard.md#refresh-directory-schema) before these new attributes are visible.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-types https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-types.md
@@ -7,8 +7,8 @@ manager: celestedg
ms.service: active-directory ms.subservice: app-mgmt ms.workload: identity
-ms.topic: conceptual
-ms.date: 07/11/2017
+ms.topic: reference
+ms.date: 01/07/2021
ms.author: kenwith ---
active-directory https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/ways-users-get-assigned-to-applications https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/ways-users-get-assigned-to-applications.md
@@ -7,8 +7,8 @@ manager: celestedg
ms.service: active-directory ms.subservice: app-mgmt ms.workload: identity
-ms.topic: conceptual
-ms.date: 07/11/2017
+ms.topic: reference
+ms.date: 01/07/2021
ms.author: kenwith ---
active-directory https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/roles/permissions-reference.md
@@ -83,6 +83,14 @@ The [Privileged authentication administrator](#privileged-authentication-adminis
>* Administrators in other services outside of Azure AD like Exchange Online, Office Security and Compliance Center, and human resources systems. >* Non-administrators like executives, legal counsel, and human resources employees who may have access to sensitive or private information.
+### [Attack Payload Author](#attack-payload-author-permissions)
+
+Users in this role can create attack payloads but not actually launch or schedule them. Attack payloads are then available to all administrators in the tenant who can use them to create a simulation.
+
+### [Attack Simulation Administrator](#attack-simulation-administrator-permissions)
+
+Users in this role can create and manage all aspects of attack simulation creation, launch/scheduling of a simulation, and the review of simulation results. Members of this role have this access for all simulations in the tenant.
+ ### [Azure DevOps Administrator](#azure-devops-administrator-permissions) Users with this role can manage the Azure DevOps policy to restrict new Azure DevOps organization creation to a set of configurable users or groups. Users in this role can manage this policy through any Azure DevOps organization that is backed by the company's Azure AD organization. This role grants no other Azure DevOps-specific permissions (for example, Project Collection Administrators) inside any of the Azure DevOps organizations backed by the company's Azure AD organization.
@@ -484,6 +492,10 @@ Users with this role can manage [Teams-certified devices](https://www.microsoft.
Users in this role can manage all aspects of the Microsoft Teams workload via the Microsoft Teams & Skype for Business admin center and the respective PowerShell modules. This includes, among other areas, all management tools related to telephony, messaging, meetings, and the teams themselves. This role additionally grants the ability to create and manage all Microsoft 365 groups, manage support tickets, and monitor service health.
+### [Usage Summary Reports Reader](#usage-summary-reports-reader-permissions)
+
+Users with this role can access tenant level aggregated data and associated insights in Microsoft 365 Admin Center for Usage and Productivity Score but cannot access any user level details or insights. In Microsoft 365 Admin Center for the two reports, we differentiate between tenant level aggregated data and user level details. This role gives an extra layer of protection on individual user identifiable data, which was requested by both customers and legal teams.
+ ### [User Administrator](#user-administrator-permissions) Users with this role can create users, and manage all aspects of users with some restrictions (see the table), and can update password expiration policies. Additionally, users with this role can create and manage all groups. This role also includes the ability to create and manage user views, manage support tickets, and monitor service health. User administrators don't have permission to manage some user properties for users in most administrator roles. User with this role do not have permissions to manage MFA. The roles that are exceptions to this restriction are listed in the following table.
@@ -587,6 +599,25 @@ Allowed to view, set and reset authentication method information for any non-adm
| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. | | microsoft.directory/users/password/update | Update passwords for all users in the Microsoft 365 organization. See online documentation for more detail. |
+### Attack Payload Author permissions
+
+Can create attack payloads that can be deployed by an administrator later.
+
+| **Actions** | **Description** |
+| --- | --- |
+| microsoft.office365.protectionCenter/attackSimulator/payload/allProperties/allTasks | Create and manage attack payloads in Attack Simulator. |
+| microsoft.office365.protectionCenter/attackSimulator/reports/allProperties/read | Read reports of attack simulation, responses, and associated training. |
+
+### Attack Simulation Administrator permissions
+
+Can create and manage all aspects of attack simulation campaigns.
+
+| **Actions** | **Description** |
+| --- | --- |
+| microsoft.office365.protectionCenter/attackSimulator/payload/allProperties/allTasks | Create and manage attack payloads in Attack Simulator. |
+| microsoft.office365.protectionCenter/attackSimulator/reports/allProperties/read | Read reports of attack simulation, responses, and associated training. |
+| microsoft.office365.protectionCenter/attackSimulator/simulation/allProperties/allTasks | Create and manage attack simulation templates in Attack Simulator. |
+ ### Azure DevOps Administrator permissions Can manage Azure DevOps organization policy and settings.
@@ -1429,6 +1460,14 @@ Do not use - not intended for general use.
| **Actions** | **Description** | | --- | --- |
+| microsoft.directory/applications/appRoles/update | Manage app roles and request delegated permissions for applications. |
+| microsoft.directory/applications/audience/update | Update audience on all types of applications. |
+| microsoft.directory/applications/authentication/update | Update authentication on all types of applications. |
+| microsoft.directory/applications/basic/update | Update basic properties on all types of applications. |
+| microsoft.directory/applications/credentials/update | Update credentials on all types of applications. |
+| microsoft.directory/applications/owners/update | Update owners on all types of applications. |
+| microsoft.directory/applications/permissions/update | Update exposed permissions and required permissions on all types of applications. |
+| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
| microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. | | microsoft.directory/contacts/create | Create contacts in Azure Active Directory. | | microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
@@ -1462,6 +1501,14 @@ Do not use - not intended for general use.
| **Actions** | **Description** | | --- | --- |
+| microsoft.directory/applications/appRoles/update | Manage app roles and request delegated permissions for applications. |
+| microsoft.directory/applications/audience/update | Update audience on all types of applications. |
+| microsoft.directory/applications/authentication/update | Update authentication on all types of applications. |
+| microsoft.directory/applications/basic/update | Update basic properties on all types of applications. |
+| microsoft.directory/applications/credentials/update | Update credentials on all types of applications. |
+| microsoft.directory/applications/owners/update | Update owners on all types of applications. |
+| microsoft.directory/applications/permissions/update | Update exposed permissions and required permissions on all types of applications. |
+| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
| microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. | | microsoft.directory/contacts/create | Create contacts in Azure Active Directory. | | microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
@@ -1855,6 +1902,14 @@ Can manage the Microsoft Teams service.
| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. | | microsoft.teams/allEntities/allProperties/allTasks | Manage all resources in Teams. |
+### Usage Summary Reports Reader permissions
+Can see only tenant level aggregates in M365 Usage Analytics and Productivity Score.
+
+| **Actions** | **Description** |
+| --- | --- |
+| microsoft.office365.usageReports/allEntities/standard/read | Read tenant-level aggregated Office 365 usage reports. |
+| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal.|
+ ### User Administrator permissions Can manage all aspects of users and groups, including resetting passwords for limited admins.
@@ -1901,6 +1956,8 @@ Graph displayName | Azure portal display name | directoryRoleTemplateId
Application Administrator | Application administrator | 9B895D92-2CD3-44C7-9D02-A6AC2D5EA5C3 Application Developer | Application developer | CF1C38E5-3621-4004-A7CB-879624DCED7C Authentication Administrator | Authentication administrator | c4e39bd9-1100-46d3-8c65-fb160da0071f
+Attack Payload Author | Attack payload author | 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f
+Attack Simulation Administrator | Attack simulation administrator | c430b396-e693-46cc-96f3-db01bf8bb62a
Azure DevOps Administrator | Azure DevOps administrator | e3973bdf-4987-49ae-837a-ba8e231c7286 Azure Information Protection Administrator | Azure Information Protection administrator | 7495fdc4-34c4-4d15-a289-98788ce399fd B2C IEF Keyset Administrator | B2C IEF Keyset Administrator | aaf43236-0c0d-4d5f-883a-6955382ac081
@@ -1964,6 +2021,7 @@ Teams Communications Support Engineer | Teams Communications Support Engineer |
Teams Communications Support Specialist | Teams Communications Support Specialist | fcf91098-03e3-41a9-b5ba-6f0ec8188a12 Teams Devices Administrator | Teams Devices Administrator | 3d762c5a-1b6c-493f-843e-55a3b42923d4 Teams Service Administrator | Teams Service Administrator | 69091246-20e8-4a56-aa4d-066075b2a7a8
+Usage Summary Reports Reader | Usage summary reports reader | 75934031-6c7e-415a-99d7-48dbd49e875e
User | Not shown because it can't be used | a0b1b346-4d3e-4e8b-98f8-753987be4970 User Account Administrator | User administrator | fe930be7-5e62-47db-91af-98c3a49a38b1 Workplace Device Join | Deprecated | c34f683f-4d5a-4403-affd-6615e00e3a7f
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/aws-multi-accounts-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/aws-multi-accounts-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 09/30/2020
+ms.date: 12/24/2020
ms.author: jeedes ---
@@ -84,11 +84,11 @@ In Amazon Web Services (AWS), assign the value of the **user name** in Azure AD
To configure and test Azure AD single sign-on with Amazon Web Services (AWS), perform the following steps:
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Amazon Web Services (AWS) Single Sign-On](#configure-amazon-web-services-aws-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+2. **[Configure Amazon Web Services (AWS) SSO](#configure-amazon-web-services-aws-sso)** - to configure the Single Sign-On settings on application side.
+3. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-### Configure Azure AD single sign-on
+### Configure Azure AD SSO
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Amazon Web Services (AWS) application.
@@ -102,7 +102,7 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
![Single sign-on select mode](common/select-saml-option.png)
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+3. On the **Set up Single Sign-On with SAML** page, click **pencil** icon to open **Basic SAML Configuration** dialog.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -138,11 +138,14 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
g. Click **Save**.
+ >[!NOTE]
+ >For more information about roles in Azure AD, see [here](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps#app-roles-ui).
+ 7. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** and save it on your computer. ![The Certificate download link](common/metadataxml.png)
-### Configure Amazon Web Services (AWS) Single Sign-On
+### Configure Amazon Web Services (AWS) SSO
1. In a different browser window, sign-on to your Amazon Web Services (AWS) company site as administrator.
@@ -226,7 +229,7 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
![Screenshot shows where the account I D appears in the A W S window.](./media/aws-multi-accounts-tutorial/aws-accountid.png)
-1. Now sign into [Azure portal](https://portal.azure.com/) and navigate to **Groups**.
+1. Now sign into Azure portal and navigate to **Groups**.
1. Create new groups with the same name as that of IAM Roles created earlier and note down the **Object IDs** of these new groups.
@@ -342,11 +345,11 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
> [!Note] > Please note that you need to refresh your session in Azure portal to see new roles.
-### Test single sign-on
+### Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration using the My Apps.
-When you click the Amazon Web Services (AWS) tile in the Access Panel, you should get Amazon Web Services (AWS) application page with option to select the role.
+When you click the Amazon Web Services (AWS) tile in the My Apps, you should get Amazon Web Services (AWS) application page with option to select the role.
![Test single sign-on1](./media/aws-multi-accounts-tutorial/tutorial-amazonwebservices-test-screen.png)
@@ -354,7 +357,7 @@ You can also verify the SAML response to see the roles being passed as claims.
![Test single sign-on2](./media/aws-multi-accounts-tutorial/tutorial-amazonwebservices-test-saml.png)
-For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/concur-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/concur-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 08/24/2020
+ms.date: 12/26/2020
ms.author: jeedes ---
@@ -21,8 +21,6 @@ In this tutorial, you'll learn how to integrate Concur with Azure Active Directo
* Enable your users to be automatically signed-in to Concur with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
@@ -36,13 +34,12 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
* Concur supports **SP** initiated SSO * Concur supports **Just In Time** user provisioning
-* Once you configure Concur you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
## Adding Concur from the gallery To configure the integration of Concur into Azure AD, you need to add Concur from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
@@ -53,7 +50,7 @@ To configure the integration of Concur into Azure AD, you need to add Concur fro
Configure and test Azure AD SSO with Concur using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Concur.
-To configure and test Azure AD SSO with Concur, complete the following building blocks:
+To configure and test Azure AD SSO with Concur, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -66,9 +63,9 @@ To configure and test Azure AD SSO with Concur, complete the following building
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Concur** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Concur** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -119,15 +116,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Concur**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Concur SSO
@@ -143,18 +134,15 @@ In this section, a user called B.Simon is created in Concur. Concur supports jus
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Concur tile in the Access Panel, you should be automatically signed in to the Concur for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Concur Sign-on URL where you can initiate the login flow.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* Go to Concur Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the Concur tile in the My Apps, this will redirect to Concur Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md) -- [Try Concur with Azure AD](https://aad.portal.azure.com)
+## Next steps
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)\ No newline at end of file
+Once you configure Concur you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
\ No newline at end of file
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/confluencemicrosoft-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/confluencemicrosoft-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 09/05/2019
+ms.date: 12/25/2020
ms.author: jeedes ---
@@ -21,7 +21,6 @@ In this tutorial, you'll learn how to integrate Confluence SAML SSO by Microsoft
* Enable your users to be automatically signed-in to Confluence SAML SSO by Microsoft with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
## Description:
@@ -73,18 +72,18 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
To configure the integration of Confluence SAML SSO by Microsoft into Azure AD, you need to add Confluence SAML SSO by Microsoft from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Confluence SAML SSO by Microsoft** in the search box. 1. Select **Confluence SAML SSO by Microsoft** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Confluence SAML SSO by Microsoft
+## Configure and test Azure AD SSO for Confluence SAML SSO by Microsoft
Configure and test Azure AD SSO with Confluence SAML SSO by Microsoft using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Confluence SAML SSO by Microsoft.
-To configure and test Azure AD SSO with Confluence SAML SSO by Microsoft, complete the following building blocks:
+To configure and test Azure AD SSO with Confluence SAML SSO by Microsoft, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -97,9 +96,9 @@ To configure and test Azure AD SSO with Confluence SAML SSO by Microsoft, comple
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Confluence SAML SSO by Microsoft** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Confluence SAML SSO by Microsoft** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -140,15 +139,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Confluence SAML SSO by Microsoft**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Confluence SAML SSO by Microsoft SSO
@@ -249,18 +242,17 @@ To enable Azure AD users to sign in to Confluence on-premises server, they must
f. Click **Add** button.
-## Test SSO
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Confluence SAML SSO by Microsoft tile in the Access Panel, you should be automatically signed in to the Confluence SAML SSO by Microsoft for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Confluence SAML SSO by Microsoft Sign-on URL where you can initiate the login flow.
-## Additional resources
+* Go to Confluence SAML SSO by Microsoft Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Confluence SAML SSO by Microsoft tile in the My Apps, this will redirect to Confluence SAML SSO by Microsoft Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) -- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try Confluence SAML SSO by Microsoft with Azure AD](https://aad.portal.azure.com/)
+Once you configure Confluence SAML SSO by Microsoft you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cornerstone-ondemand-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/cornerstone-ondemand-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 01/31/2020
+ms.date: 12/24/2020
ms.author: jeedes ---
@@ -21,8 +21,6 @@ In this tutorial, you'll learn how to integrate Cornerstone OnDemand with Azure
* Enable your users to be automatically signed-in to Cornerstone OnDemand with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
@@ -39,24 +37,24 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
* Cornerstone OnDemand supports **SP** initiated SSO * Cornerstone OnDemand supports [Automated user provisioning](cornerstone-ondemand-provisioning-tutorial.md)
-* Once you configure Cornerstone OnDemand you can enforce Session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
+ ## Adding Cornerstone OnDemand from the gallery To configure the integration of Cornerstone OnDemand into Azure AD, you need to add Cornerstone OnDemand from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Cornerstone OnDemand** in the search box. 1. Select **Cornerstone OnDemand** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Cornerstone OnDemand
+## Configure and test Azure AD SSO for Cornerstone OnDemand
Configure and test Azure AD SSO with Cornerstone OnDemand using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Cornerstone OnDemand.
-To configure and test Azure AD SSO with Cornerstone OnDemand, complete the following building blocks:
+To configure and test Azure AD SSO with Cornerstone OnDemand, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -69,9 +67,9 @@ To configure and test Azure AD SSO with Cornerstone OnDemand, complete the follo
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Cornerstone OnDemand** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Cornerstone OnDemand** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -113,15 +111,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Cornerstone OnDemand**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Cornerstone OnDemand SSO
@@ -141,18 +133,14 @@ To configure user provisioning, send the information (e.g.: Name, Email) about t
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Cornerstone OnDemand tile in the Access Panel, you should be automatically signed in to the Cornerstone OnDemand for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional Resources
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* Click on **Test this application** in Azure portal. This will redirect to Cornerstone OnDemand Sign-on URL where you can initiate the login flow.
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+* Go to Cornerstone OnDemand Sign-on URL directly and initiate the login flow from there.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* You can use Microsoft My Apps. When you click the Cornerstone OnDemand tile in the My Apps, this will redirect to Cornerstone OnDemand Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [Try Cornerstone OnDemand with Azure AD](https://aad.portal.azure.com)
+## Next steps
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+Once you configure Cornerstone OnDemand you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/ephoto-dam-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/ephoto-dam-tutorial.md new file mode 100644
@@ -0,0 +1,149 @@
+---
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with EPHOTO DAM | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and EPHOTO DAM.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 01/07/2021
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with EPHOTO DAM
+
+In this tutorial, you'll learn how to integrate EPHOTO DAM with Azure Active Directory (Azure AD). When you integrate EPHOTO DAM with Azure AD, you can:
+
+* Control in Azure AD who has access to EPHOTO DAM.
+* Enable your users to be automatically signed-in to EPHOTO DAM with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* EPHOTO DAM single sign-on (SSO) enabled subscription.
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* EPHOTO DAM supports **SP and IDP** initiated SSO
+
+## Adding EPHOTO DAM from the gallery
+
+To configure the integration of EPHOTO DAM into Azure AD, you need to add EPHOTO DAM from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **EPHOTO DAM** in the search box.
+1. Select **EPHOTO DAM** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
++
+## Configure and test Azure AD SSO for EPHOTO DAM
+
+Configure and test Azure AD SSO with EPHOTO DAM using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in EPHOTO DAM.
+
+To configure and test Azure AD SSO with EPHOTO DAM, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure EPHOTO DAM SSO](#configure-ephoto-dam-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create EPHOTO DAM test user](#create-ephoto-dam-test-user)** - to have a counterpart of B.Simon in EPHOTO DAM that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **EPHOTO DAM** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
+
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+
+ a. In the **Identifier** text box, type a URL using the following pattern:
+ `https://<SUBDOMAIN>.ephoto.fr/simplesaml/module.php/saml/sp/metadata.php/<CUSTOMER_NAME>`
+
+ b. In the **Reply URL** text box, type a URL using the following pattern:
+ `https://<SUBDOMAIN>.ephoto.fr/simplesaml/module.php/saml/sp/saml2-acs.php/<CUSTOMER_NAME>`
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+ In the **Sign-on URL** text box, type a URL using the following pattern:
+ `https://<SUBDOMAIN>.ephoto.fr`
+
+ > [!NOTE]
+ > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [EPHOTO DAM Client support team](mailto:support-systeme@einden.fr) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
+
+ ![The Certificate download link](common/metadataxml.png)
+
+1. On the **Set up EPHOTO DAM** section, copy the appropriate URL(s) based on your requirement.
+
+ ![Copy configuration URLs](common/copy-configuration-urls.png)
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to EPHOTO DAM.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **EPHOTO DAM**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure EPHOTO DAM SSO
+
+To configure single sign-on on **EPHOTO DAM** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [EPHOTO DAM support team](mailto:support-systeme@einden.fr). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create EPHOTO DAM test user
+
+In this section, you create a user called Britta Simon in EPHOTO DAM. Work with [EPHOTO DAM support team](mailto:support-systeme@einden.fr) to add the users in the EPHOTO DAM platform. Users must be created and activated before you use single sign-on.
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to EPHOTO DAM Sign on URL where you can initiate the login flow.
+
+* Go to EPHOTO DAM Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the EPHOTO DAM for which you set up the SSO
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the EPHOTO DAM tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the EPHOTO DAM for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
++
+## Next steps
+
+Once you configure EPHOTO DAM you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
++
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/fortigate-ssl-vpn-tutorial.md
@@ -2,21 +2,15 @@
title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with FortiGate SSL VPN | Microsoft Docs' description: Learn the steps you need to perform to integrate FortiGate SSL VPN with Azure Active Directory (Azure AD). services: active-directory
-documentationCenter: na
author: jeevansd
-manager: mtillman
-ms.reviewer: barbkess
-
-ms.assetid: 18a3d9d5-d81c-478c-be7e-ef38b574cb88
+manager: CelesteDG
+ms.reviewer: celested
ms.service: active-directory ms.subservice: saas-app-tutorial ms.workload: identity
-ms.tgt_pltfrm: na
ms.topic: tutorial
-ms.date: 08/11/2020
+ms.date: 12/26/2020
ms.author: jeedes-
-ms.collection: M365-identity-device-management
--- # Tutorial: Azure Active Directory single sign-on (SSO) integration with FortiGate SSL VPN
@@ -27,8 +21,6 @@ In this tutorial, you'll learn how to integrate FortiGate SSL VPN with Azure Act
* Enable your users to be automatically signed in to FortiGate SSL VPN with their Azure AD accounts. * Manage your accounts in one central location: the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
@@ -42,13 +34,12 @@ In this tutorial, you'll configure and test Azure AD SSO in a test environment.
FortiGate SSL VPN supports SP-initiated SSO.
-After you configure FortiGate SSL VPN, you can enforce session control, which protects exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
## Add FortiGate SSL VPN from the gallery To configure the integration of FortiGate SSL VPN into Azure AD, you need to add FortiGate SSL VPN from the gallery to your list of managed SaaS apps:
-1. Sign in to the [Azure portal](https://portal.azure.com) with a work or school account or with a personal Microsoft account.
+1. Sign in to the Azure portal with a work or school account or with a personal Microsoft account.
1. In the left pane, select **Azure Active Directory**. 1. Go to **Enterprise applications** and then select **All Applications**. 1. To add an application, select **New application**.
@@ -66,13 +57,13 @@ To configure and test Azure AD SSO with FortiGate SSL VPN, you'll complete these
1. **[Grant access to the test user](#grant-access-to-the-test-user)** to enable Azure AD single sign-on for that user. 1. **[Configure FortiGate SSL VPN SSO](#configure-fortigate-ssl-vpn-sso)** on the application side. 1. **Create a FortiGate SSL VPN test user** as a counterpart to the Azure AD representation of the user.
-1. **[Test SSO](#test-single-sign-on)** to verify that the configuration works.
+1. **[Test SSO](#test-sso)** to verify that the configuration works.
### Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal:
-1. In the [Azure portal](https://portal.azure.com/), on the **FortiGate SSL VPN** application integration page, in the **Manage** section, select **single sign-on**.
+1. In the Azure portal, on the **FortiGate SSL VPN** application integration page, in the **Manage** section, select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**. 1. On the **Set up Single Sign-On with SAML** page, select the pencil button for **Basic SAML Configuration** to edit the settings:
@@ -107,17 +98,26 @@ Follow these steps to enable Azure AD SSO in the Azure portal:
| group | user.groups | To create these additional claims:+
+ a. Next to **User Attributes & Claims**, select **Edit**.
+
+ b. Select **Add new claim**.
+
+ c. For **Name**, enter **username**.
+
+ d. For **Source attribute**, select **user.userprincipalname**.
+
+ e. Select **Save**.
+
+ f. Select **Add a group claim**.
+
+ g. Select **All groups**.
+
+ h. Select the **Customize the name of the group claim** check box.
+
+ i. For **Name**, enter **group**.
- 1. Next to **User Attributes & Claims**, select **Edit**.
- 1. Select **Add new claim**.
- 1. For **Name**, enter **username**.
- 1. For **Source attribute**, select **user.userprincipalname**.
- 1. Select **Save**.
- 1. Select **Add a group claim**.
- 1. Select **All groups**.
- 1. Seect the **Customize the name of the group claim** check box.
- 1. For **Name**, enter **group**.
- 1. Select **Save**.
+ j. Select **Save**.
1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select the **Download** link next to **Certificate (Base64)** to download the certificate and save it on your computer:
@@ -145,14 +145,8 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting t
1. In the Azure portal, select **Enterprise applications**, and then select **All applications**. 1. In the applications list, select **FortiGate SSL VPN**.
-1. On the app's overview page, in the **Manage** section, select **Users and groups**:
-
- ![Screenshot that shows the Users and groups option.](common/users-groups-blade.png)
-
-1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog box:
-
- ![Screenshot that shows the Add user button.](common/add-assign-user.png)
-
+1. On the app's overview page, in the **Manage** section, select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
1. In the **Users and groups** dialog box, select **B.Simon** in the **Users** list, and then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog box, select the appropriate role for the user from the list. Click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog box, select **Assign**.
@@ -230,9 +224,9 @@ To complete these steps, you'll need the values you recorded earlier:
#### Configure FortiGate for group matching
-In this section, you'll configure FortiGate to recognize the Object Id of the security group that includes the test user. This configuration will allow FortiGate to make access decisions based on the group membership.
+In this section, you'll configure FortiGate to recognize the Object ID of the security group that includes the test user. This configuration will allow FortiGate to make access decisions based on the group membership.
-To complete these steps, you'll need the Object Id of the FortiGateAccess security group that you created earlier in this tutorial.
+To complete these steps, you'll need the Object ID of the FortiGateAccess security group that you created earlier in this tutorial.
1. Establish an SSH session to your FortiGate appliance, and sign in with a FortiGate Administrator account. 1. Run these commands:
@@ -257,22 +251,17 @@ In this section, you'll configure a FortiGate VPN Portals and Firewall Policy th
Work with the [FortiGate support team](mailto:tac_amer@fortinet.com) to add the VPN Portals and Firewall Policy to the FortiGate VPN platform. You need to complete this step before you use single sign-on.
-### Test single sign-on
-
-In this section, you'll test your Azure AD single sign-on configuration by using Access Panel.
-
-When you select the FortiGate SSL VPN tile in Access Panel, you should be automatically signed in to the FortiGate SSL VPN for which you set up SSO. For more information about Access Panel, see [Introduction to Access Panel](../user-help/my-apps-portal-end-user-access.md).
+## Test SSO
-Microsoft and FortiGate recommend that you use the Fortinet VPN client, FortiClient, for the best end-user experience.
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to FortiGate VPN Sign-on URL where you can initiate the login flow.
-- [Tutorials on how to integrate SaaS apps with Azure Active Directory](./tutorial-list.md)
+* Go to FortiGate VPN Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the FortiGate VPN tile in the My Apps, this will redirect to FortiGate VPN Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md) -- [Try FortiGate SSL VPN with Azure AD](https://aad.portal.azure.com/)
+## Next steps
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+Once you configure FortiGate VPN you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/google-apps-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 05/06/2020
+ms.date: 12/27/2020
ms.author: jeedes ---
@@ -21,8 +21,6 @@ In this tutorial, you'll learn how to integrate Google Cloud (G Suite) Connector
* Enable your users to be automatically signed-in to Google Cloud (G Suite) Connector with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
@@ -77,14 +75,13 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
* Google Cloud (G Suite) Connector supports **SP** initiated SSO
-* Google Cloud (G Suite) Connector supports [**Automated** user provisioning](g-suite-provisioning-tutorial.md)
-* Once you configure Google Cloud (G Suite) Connector you can enforce Session Control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session Control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
+* Google Cloud (G Suite) Connector supports [**Automated** user provisioning](./g-suite-provisioning-tutorial.md)
## Adding Google Cloud (G Suite) Connector from the gallery To configure the integration of Google Cloud (G Suite) Connector into Azure AD, you need to add Google Cloud (G Suite) Connector from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
@@ -95,7 +92,7 @@ To configure the integration of Google Cloud (G Suite) Connector into Azure AD,
Configure and test Azure AD SSO with Google Cloud (G Suite) Connector using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Google Cloud (G Suite) Connector.
-To configure and test Azure AD SSO with Google Cloud (G Suite) Connector, complete the following building blocks:
+To configure and test Azure AD SSO with Google Cloud (G Suite) Connector, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -108,9 +105,9 @@ To configure and test Azure AD SSO with Google Cloud (G Suite) Connector, comple
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Google Cloud (G Suite) Connector** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Google Cloud (G Suite) Connector** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -189,15 +186,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Google Cloud (G Suite) Connector**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Google Cloud (G Suite) Connector SSO
@@ -237,7 +228,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
The objective of this section is to [create a user in Google Cloud (G Suite) Connector](https://support.google.com/a/answer/33310?hl=en) called B.Simon. After the user has manually been created in Google Cloud (G Suite) Connector, the user will now be able to sign in using their Microsoft 365 login credentials.
-Google Cloud (G Suite) Connector also supports automatic user provisioning. To configure automatic user provisioning, you must first [configure Google Cloud (G Suite) Connector for automatic user provisioning](g-suite-provisioning-tutorial.md).
+Google Cloud (G Suite) Connector also supports automatic user provisioning. To configure automatic user provisioning, you must first [configure Google Cloud (G Suite) Connector for automatic user provisioning](./g-suite-provisioning-tutorial.md).
> [!NOTE] > Make sure that your user already exists in Google Cloud (G Suite) Connector if provisioning in Azure AD has not been turned on before testing Single Sign-on.
@@ -247,25 +238,18 @@ Google Cloud (G Suite) Connector also supports automatic user provisioning. To c
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Google Cloud (G Suite) Connector tile in the Access Panel, you should be automatically signed in to the Google Cloud (G Suite) Connector for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
+* Click on **Test this application** in Azure portal. This will redirect to Google Cloud (G Suite) Connector Sign-on URL where you can initiate the login flow.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Go to Google Cloud (G Suite) Connector Sign-on URL directly and initiate the login flow from there.
-- [Configure User Provisioning](g-suite-provisioning-tutorial.md)
+* You can use Microsoft My Apps. When you click the Google Cloud (G Suite) Connector tile in the My Apps, this will redirect to Google Cloud (G Suite) Connector Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [Try Google Cloud (G Suite) Connector with Azure AD](https://aad.portal.azure.com/) -- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Google Cloud (G Suite) Connector with advanced visibility and controls](/cloud-app-security/protect-gsuite)
+Once you configure Google Cloud (G Suite) Connector you can enforce Session Control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session Control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
<!--Image references-->
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/hubspot-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/hubspot-tutorial.md
@@ -9,20 +9,16 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 04/14/2019
+ms.date: 12/27/2020
ms.author: jeedes --- # Tutorial: Azure Active Directory integration with HubSpot
-In this tutorial, you learn how to integrate HubSpot with Azure Active Directory (Azure AD).
+In this tutorial, you'll learn how to integrate HubSpot with Azure Active Directory (Azure AD). When you integrate HubSpot with Azure AD, you can:
-Integrating HubSpot with Azure AD gives you the following benefits:
-
-* You can use Azure AD to control who has access to HubSpot.
-* Users can be automatically signed in to HubSpot with their Azure AD accounts (single sign-on).
-* You can manage your accounts in one central location, the Azure portal.
-
-For more information about software as a service (SaaS) app integration with Azure AD, see [Single sign-on to applications in Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
+* Control in Azure AD who has access to HubSpot.
+* Enable your users to be automatically signed-in to HubSpot with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
@@ -40,29 +36,18 @@ HubSpot supports the following features:
* **SP-initiated single sign-on** * **IDP-initiated single sign-on**
-## Add HubSpot in the Azure portal
-
-To integrate HubSpot with Azure AD, you must add HubSpot to your list of managed SaaS apps.
-
-1. Sign in to the [Azure portal](https://portal.azure.com).
-
-1. In the left menu, select **Azure Active Directory**.
-
- ![The Azure Active Directory option](common/select-azuread.png)
-
-1. Select **Enterprise applications** > **All applications**.
-
- ![The Enterprise applications pane](common/enterprise-applications.png)
-
-1. To add an application, select **New application**.
-
- ![The New application option](common/add-new-app.png)
+## Adding HubSpot from the gallery
-1. In the search box, enter **HubSpot**. In the search results, select **HubSpot**, and then select **Add**.
+To configure the integration of HubSpot into Azure AD, you need to add HubSpot from the gallery to your list of managed SaaS apps.
- ![HubSpot in the results list](common/search-new-app.png)
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **HubSpot** in the search box.
+1. Select **HubSpot** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on
+## Configure and test Azure AD SSO for HubSpot
In this section, you configure and test Azure AD single sign-on with HubSpot based on a test user named **Britta Simon**. For single sign-on to work, you must establish a linked relationship between an Azure AD user and the related user in HubSpot.
@@ -79,19 +64,11 @@ To configure and test Azure AD single sign-on with HubSpot, you must complete th
### Configure Azure AD single sign-on
-In this section, you configure Azure AD single sign-on with HubSpot in the Azure portal.
+1. In the Azure portal, on the **HubSpot** application integration page, find the **Manage** section and select **Single sign-on**.
+1. On the **Select a Single sign-on method** page, select **SAML**.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-1. In the [Azure portal](https://portal.azure.com/), in the **HubSpot** application integration pane, select **Single sign-on**.
-
- ![Configure single sign-on option](common/select-sso.png)
-
-1. In the **Select a single sign-on method** pane, select **SAML** or **SAML/WS-Fed** mode to enable single sign-on.
-
- ![Single sign-on select mode](common/select-saml-option.png)
-
-1. In the **Set up Single Sign-On with SAML** pane, select **Edit** (the pencil icon) to open the **Basic SAML Configuration** pane.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
1. In the **Basic SAML Configuration** pane, to configure *IDP-initiated mode*, complete the following steps:
@@ -158,53 +135,27 @@ In this section, you configure Azure AD single sign-on with HubSpot in the Azure
### Create an Azure AD test user
-In this section, you create a test user named Britta Simon in the Azure portal.
-
-1. In the Azure portal, select **Azure Active Directory** > **Users** > **All users**.
-
- ![The Users and All users options](common/users.png)
-
-1. Select **New user**.
-
- ![The New user option](common/new-user.png)
-
-1. In the **User** pane, complete the following steps:
+In this section, you'll create a test user in the Azure portal called B.Simon.
- 1. In the **Name** box, enter **BrittaSimon**.
-
- 1. In the **User name** box, enter **brittasimon\@\<your-company-domain>.\<extension\>**. For example, **brittasimon\@contoso.com**.
-
- 1. Select the **Show password** check box. Write down the value that's displayed in the **Password** box.
-
- 1. Select **Create**.
-
- ![The User pane](common/user-properties.png)
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you grant Britta Simon access to HubSpot so she can use Azure single sign-on.
-
-1. In the Azure portal, select **Enterprise applications** > **All applications** > **HubSpot**.
-
- ![The Enterprise applications pane](common/enterprise-applications.png)
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to HubSpot.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
1. In the applications list, select **HubSpot**.-
- ![HubSpot in the applications list](common/all-applications.png)
-
-1. In the menu, select **Users and groups**.
-
- ![The Users and groups option](common/users-groups-blade.png)
-
-1. Select **Add user**. Then, in the **Add assignment** pane, select **Users and groups**.
-
- ![The Add assignment pane](common/add-assign-user.png)
-
-1. In the **Users and groups** pane, select **Britta Simon** in the list of users. Choose **Select**.
-
-1. If you are expecting a role value in the SAML assertion, in the **Select role** pane, select the relevant role for the user from the list. Choose **Select**.
-
-1. In the **Add Assignment** pane, select **Assign**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
### Create a HubSpot test user
@@ -243,14 +194,21 @@ To provision a user account in HubSpot:
### Test single sign-on
-In this section, you test your Azure AD single sign-on configuration by using the My Apps portal.
+In this section, you test your Azure AD single sign-on configuration with following options.
-After you set up single sign-on, when you select **HubSpot** in the My Apps portal, you are automatically signed in to HubSpot. For more information about the My Apps portal, see [Access and use apps in the My Apps portal](../user-help/my-apps-portal-end-user-access.md).
+#### SP initiated:
-## Next steps
+* Click on **Test this application** in Azure portal. This will redirect to HubSpot Sign on URL where you can initiate the login flow.
+
+* Go to HubSpot Sign-on URL directly and initiate the login flow from there.
-To learn more, review these articles:
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the HubSpot for which you set up the SSO
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the HubSpot tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the HubSpot for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
++
+## Next steps
-- [List of tutorials for integrating SaaS apps with Azure Active Directory](./tutorial-list.md)-- [Single sign-on to applications in Azure Active Directory](../manage-apps/what-is-single-sign-on.md)-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)\ No newline at end of file
+Once you configure HubSpot you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
\ No newline at end of file
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/kronos-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/kronos-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 08/13/2019
+ms.date: 12/28/2020
ms.author: jeedes ---
@@ -21,7 +21,6 @@ In this tutorial, you'll learn how to integrate Kronos with Azure Active Directo
* Enable your users to be automatically signed-in to Kronos with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
## Prerequisites
@@ -40,18 +39,18 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
To configure the integration of Kronos into Azure AD, you need to add Kronos from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Kronos** in the search box. 1. Select **Kronos** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Kronos
+## Configure and test Azure AD SSO for Kronos
Configure and test Azure AD SSO with Kronos using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Kronos.
-To configure and test Azure AD SSO with Kronos, complete the following building blocks:
+To configure and test Azure AD SSO with Kronos, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -64,9 +63,9 @@ To configure and test Azure AD SSO with Kronos, complete the following building
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Kronos** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Kronos** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -126,15 +125,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Kronos**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Kronos SSO
@@ -147,16 +140,13 @@ In this section, you create a user called Britta Simon in Kronos. Work with [Kr
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Kronos tile in the Access Panel, you should be automatically signed in to the Kronos for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional resources
+* Click on Test this application in Azure portal and you should be automatically signed in to the Kronos for which you set up the SSO
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Kronos tile in the My Apps, you should be automatically signed in to the Kronos for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md) -- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try Kronos with Azure AD](https://aad.portal.azure.com/)\ No newline at end of file
+Once you configure Kronos you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
\ No newline at end of file
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/lablog-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/lablog-tutorial.md new file mode 100644
@@ -0,0 +1,154 @@
+---
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with LabLog | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and LabLog.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 01/05/2021
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with LabLog
+
+In this tutorial, you'll learn how to integrate LabLog with Azure Active Directory (Azure AD). When you integrate LabLog with Azure AD, you can:
+
+* Control in Azure AD who has access to LabLog.
+* Enable your users to be automatically signed-in to LabLog with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* LabLog single sign-on (SSO) enabled subscription.
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* LabLog supports **SP** initiated SSO
+
+* LabLog supports **Just In Time** user provisioning
++
+## Adding LabLog from the gallery
+
+To configure the integration of LabLog into Azure AD, you need to add LabLog from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **LabLog** in the search box.
+1. Select **LabLog** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
++
+## Configure and test Azure AD SSO for LabLog
+
+Configure and test Azure AD SSO with LabLog using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in LabLog.
+
+To configure and test Azure AD SSO with LabLog, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure LabLog SSO](#configure-lablog-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create LabLog test user](#create-lablog-test-user)** - to have a counterpart of B.Simon in LabLog that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **LabLog** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
+
+1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+
+ In the **Sign-on URL** text box, type a URL using the following pattern:
+ `https://<CUSTOMER_SUBDOMAIN>.labnotebook.app/lablog/login/sso/`
+
+ > [!NOTE]
+ > The value is not real. Update the value with the actual Sign-On URL. Contact [LabLog Client support team](mailto:support@labnotebook.app) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
+
+ ![The Certificate download link](common/certificatebase64.png)
+
+1. On the **Set up LabLog** section, copy the appropriate URL(s) based on your requirement.
+
+ ![Copy configuration URLs](common/copy-configuration-urls.png)
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to LabLog.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **LabLog**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure LabLog SSO
+
+1. Login to the LabLog website as an administrator.
+
+1. Click on **Single Sign-On** icon in the left menu.
+
+1. Perform the below steps in the following page.
+
+ ![LabLog Configuration](./media/lablog-tutorial/single-sign-on.png)
+
+ a. In the **Entity ID** textbox, paste the **Azure AD Identifier** value which you have copied from the Azure portal.
+
+ b. In the **SAML SSO Login URL** textbox, paste the **Login URL** value which you have copied from the Azure portal.
+
+ c. Open the downloaded **Certificate (Base64)** from the Azure portal into Notepad and paste the content into the **Public Certificate** textbox.
+
+ d. Click on **SAVE**.
++
+### Create LabLog test user
+
+In this section, a user called Britta Simon is created in LabLog. LabLog supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in LabLog, a new one is created after authentication.
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+* Click on **Test this application** in Azure portal. This will redirect to LabLog Sign-on URL where you can initiate the login flow.
+
+* Go to LabLog Sign-on URL directly and initiate the login flow from there.
+
+* You can use Microsoft My Apps. When you click the LabLog tile in the My Apps, this will redirect to LabLog Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
++
+## Next steps
+
+Once you configure LabLog you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
++
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/notion-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/notion-tutorial.md new file mode 100644
@@ -0,0 +1,160 @@
+---
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Notion | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Notion.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 01/05/2021
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Notion
+
+In this tutorial, you'll learn how to integrate Notion with Azure Active Directory (Azure AD). When you integrate Notion with Azure AD, you can:
+
+* Control in Azure AD who has access to Notion.
+* Enable your users to be automatically signed-in to Notion with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Notion single sign-on (SSO) enabled subscription.
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Notion supports **SP and IDP** initiated SSO
+* Notion supports **Just In Time** user provisioning
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
++
+## Adding Notion from the gallery
+
+To configure the integration of Notion into Azure AD, you need to add Notion from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Notion** in the search box.
+1. Select **Notion** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
++
+## Configure and test Azure AD SSO for Notion
+
+Configure and test Azure AD SSO with Notion using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Notion.
+
+To configure and test Azure AD SSO with Notion, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Notion SSO](#configure-notion-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Notion test user](#create-notion-test-user)** - to have a counterpart of B.Simon in Notion that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **Notion** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
+
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+
+ In the **Reply URL** text box, type a URL using the following pattern:
+ `https://www.notion.so/sso/saml/<CUSTOM_ID>`
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+ In the **Sign-on URL** text box, type a URL using the following pattern:
+ `https://www.notion.so/sso/saml/<CUSTOM_ID>`
+
+ > [!NOTE]
+ > These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact [Notion Client support team](mailto:team@makenotion.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. Notion application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
+
+ ![image](common/default-attributes.png)
+
+1. In addition to above, Notion application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
+
+ | Name | Source Attribute|
+ | ----------- | --------- |
+ | email | user.mail |
+ | firstName | user.givenname |
+ | lastName | user.surname |
++
+1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
+
+ ![The Certificate download link](common/copy-metadataurl.png)
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Notion.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Notion**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Notion SSO
+
+To configure single sign-on on **Notion** side, you need to send the **App Federation Metadata Url** to [Notion support team](mailto:team@makenotion.com). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create Notion test user
+
+In this section, a user called Britta Simon is created in Notion. Notion supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Notion, a new one is created after authentication.
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Notion Sign on URL where you can initiate the login flow.
+
+* Go to Notion Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Notion for which you set up the SSO
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the Notion tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Notion for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
++
+## Next steps
+
+Once you configure Notion you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
++
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/oktopost-saml-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/oktopost-saml-tutorial.md new file mode 100644
@@ -0,0 +1,178 @@
+---
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Oktopost SAML | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Oktopost SAML.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 01/05/2021
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Oktopost SAML
+
+In this tutorial, you'll learn how to integrate Oktopost SAML with Azure Active Directory (Azure AD). When you integrate Oktopost SAML with Azure AD, you can:
+
+* Control in Azure AD who has access to Oktopost SAML.
+* Enable your users to be automatically signed-in to Oktopost SAML with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Oktopost SAML single sign-on (SSO) enabled subscription.
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Oktopost SAML supports **SP and IDP** initiated SSO
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
++
+## Adding Oktopost SAML from the gallery
+
+To configure the integration of Oktopost SAML into Azure AD, you need to add Oktopost SAML from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Oktopost SAML** in the search box.
+1. Select **Oktopost SAML** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
++
+## Configure and test Azure AD SSO for Oktopost SAML
+
+Configure and test Azure AD SSO with Oktopost SAML using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Oktopost SAML.
+
+To configure and test Azure AD SSO with Oktopost SAML, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Oktopost SAML SSO](#configure-oktopost-saml-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Oktopost SAML test user](#create-oktopost-saml-test-user)** - to have a counterpart of B.Simon in Oktopost SAML that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **Oktopost SAML** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
+
+1. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+ In the **Sign-on URL** text box, type the URL:
+ `https://app.oktopost.com/auth/login`
++
+1. Click **Save**.
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
+
+ ![The Certificate download link](common/certificatebase64.png)
+
+1. On the **Set up Oktopost SAML** section, copy the appropriate URL(s) based on your requirement.
+
+ ![Copy configuration URLs](common/copy-configuration-urls.png)
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Oktopost SAML.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Oktopost SAML**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Oktopost SAML SSO
+
+1. Log in to the Oktopost SAML as an administrator.
+
+1. Click on the **User Icon > Settings**.
+
+ ![Oktopost SAML Settings](./media/oktopost-saml-tutorial/settings.png)
+
+1. In the **Settings**, go to the **Security > Single Sign-on** page and perform the following steps.
+
+ ![Oktopost SAML configuration](./media/oktopost-saml-tutorial/configure-sso.png)
+
+ a. Select **Enable Single Sign-on** to **Yes**.
+
+ b. In the **SAML Endpoint** textbox, paste the **Login URL** value which you have copied from the Azure portal.
+
+ c. In the **Issuer** textbox, paste the **Azure AD Identifier** value which you have copied from the Azure portal.
+
+ d. Open the downloaded **Certificate (Base64)** from the Azure portal into Notepad and paste the content into the **X.509 Certificate** textbox.
+
+ e. Click **Save**.
+
+### Create Oktopost SAML test user
+
+1. Log in to the Oktopost SAML as an administrator.
+
+1. Click on the **User Icon > Settings**.
+
+ ![Oktopost SAML test user1](./media/oktopost-saml-tutorial/settings.png)
+
+1. Go to the **User Management > Users > Add User**.
+
+ ![Oktopost SAML test user2](./media/oktopost-saml-tutorial/add-user-1.png)
+
+1. Fill the required fields in the pop up, and click on **Send**.
+
+ ![Oktopost SAML test user3](./media/oktopost-saml-tutorial/add-user-2.png)
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Oktopost SAML Sign on URL where you can initiate the login flow.
+
+* Go to Oktopost SAML Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Oktopost SAML for which you set up the SSO
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the Oktopost SAML tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Oktopost SAML for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
++
+## Next steps
+
+Once you configure Oktopost SAML you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
++
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/qliksense-enterprise-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/qliksense-enterprise-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 03/03/2020
+ms.date: 12/28/2020
ms.author: jeedes ---
@@ -21,7 +21,6 @@ In this tutorial, you'll learn how to integrate Qlik Sense Enterprise with Azure
* Enable your users to be automatically signed-in to Qlik Sense Enterprise with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
## Prerequisites
@@ -36,39 +35,37 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
* Qlik Sense Enterprise supports **SP** initiated SSO. * Qlik Sense Enterprise supports **just-in-time provisioning**
-* Once you configure Qlik Sense Enterprise you can enforce Session control, which protect exfiltration and infiltration of your organization's sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
- ## Adding Qlik Sense Enterprise from the gallery To configure the integration of Qlik Sense Enterprise into Azure AD, you need to add Qlik Sense Enterprise from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Qlik Sense Enterprise** in the search box. 1. Select **Qlik Sense Enterprise** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on
+## Configure and test Azure AD SSO for Qlik Sense Enterprise
Configure and test Azure AD SSO with Qlik Sense Enterprise using a test user called **Britta Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Qlik Sense Enterprise.
-To configure and test Azure AD SSO with Qlik Sense Enterprise, complete the following building blocks:
+To configure and test Azure AD SSO with Qlik Sense Enterprise, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
1. **[Configure Qlik Sense Enterprise SSO](#configure-qlik-sense-enterprise-sso)** - to configure the Single Sign-On settings on application side.
- * **[Create Qlik Sense Enterprise test user](#create-qlik-sense-enterprise-test-user)** - to have a counterpart of Britta Simon in Qlik Sense Enterprise that is linked to the Azure AD representation of user.
+ 1. **[Create Qlik Sense Enterprise test user](#create-qlik-sense-enterprise-test-user)** - to have a counterpart of Britta Simon in Qlik Sense Enterprise that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ### Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Qlik Sense Enterprise** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Qlik Sense Enterprise** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -78,10 +75,12 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
b. In the **Identifier** textbox, type a URL using one of the following pattern:
- ```http
- https://<Fully Qualified Domain Name>.qlikpoc.com
- https://<Fully Qualified Domain Name>.qliksense.com
- ```
+ | Identifier |
+ |-------------|
+ | `https://<Fully Qualified Domain Name>.qlikpoc.com` |
+ | `https://<Fully Qualified Domain Name>.qliksense.com` |
+ |
+
c. In the **Reply URL** textbox, type a URL using the following pattern:
@@ -113,15 +112,9 @@ In this section, you'll enable Britta Simon to use Azure single sign-on by grant
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Qlik Sense Enterprise**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **Britta Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Qlik Sense Enterprise SSO
@@ -247,17 +240,18 @@ Qlik Sense Enterprise supports **just-in-time provisioning**, Users automaticall
### Test SSO
-When you select the Qlik Sense Enterprise tile in the Access Panel, you should be automatically signed in to the Qlik Sense Enterprise for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+* Click on **Test this application** in Azure portal. This will redirect to Qlik Sense Enterprise Sign-on URL where you can initiate the login flow.
-## Additional resources
+* Go to Qlik Sense Enterprise Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Qlik Sense Enterprise tile in the My Apps, this will redirect to Qlik Sense Enterprise Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) -- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+Once you configure Qlik Sense Enterprise you can enforce Session control, which protects exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
<!--Image references-->
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/salesforce-sandbox-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/salesforce-sandbox-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 01/16/2020
+ms.date: 12/28/2020
ms.author: jeedes ---
@@ -21,8 +21,6 @@ In this tutorial, you'll learn how to integrate Salesforce Sandbox with Azure Ac
* Enable your users to be automatically signed-in to Salesforce Sandbox with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
@@ -37,13 +35,12 @@ In this tutorial, you configure and test Azure AD single sign-on in a test envir
* Salesforce Sandbox supports **SP and IDP** initiated SSO * Salesforce Sandbox supports **Just In Time** user provisioning * Salesforce Sandbox supports [**Automated** user provisioning](salesforce-sandbox-provisioning-tutorial.md)
-* Once you configure the Salesforce Sandbox you can enforce session controls, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
## Adding Salesforce Sandbox from the gallery To configure the integration of Salesforce Sandbox into Azure AD, you need to add Salesforce Sandbox from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
@@ -51,26 +48,26 @@ To configure the integration of Salesforce Sandbox into Azure AD, you need to ad
1. Select **Salesforce Sandbox** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Salesforce Sandbox
+## Configure and test Azure AD SSO for Salesforce Sandbox
Configure and test Azure AD SSO with Salesforce Sandbox using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Salesforce Sandbox.
-To configure and test Azure AD SSO with Salesforce Sandbox, complete the following building blocks:
+To configure and test Azure AD SSO with Salesforce Sandbox, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Salesforce Sandbox SSO](#configure-salesforce-sandbox-sso)** - to configure the single sign-on settings on application side.
- * **[Create Salesforce Sandbox test user](#create-salesforce-sandbox-test-user)** - to have a counterpart of B.Simon in Salesforce Sandbox that is linked to the Azure AD representation of user.
+ 1. **[Create Salesforce Sandbox test user](#create-salesforce-sandbox-test-user)** - to have a counterpart of B.Simon in Salesforce Sandbox that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Salesforce Sandbox** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Salesforce Sandbox** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -102,12 +99,6 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure AD Identifier
-
- c. Logout URL
- ### Create an Azure AD test user In this section, you'll create a test user in the Azure portal called B.Simon.
@@ -127,15 +118,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Salesforce Sandbox**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Salesforce Sandbox SSO
@@ -246,22 +231,21 @@ In this section, a user called Britta Simon is created in Salesforce Sandbox. Sa
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Salesforce Sandbox tile in the Access Panel, you should be automatically signed in to the Salesforce Sandbox for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### SP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Salesforce Sandbox Sign on URL where you can initiate the login flow.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to Salesforce Sandbox Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+#### IDP initiated:
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Salesforce Sandbox for which you set up the SSO
-- [Try Salesforce Sandbox with Azure AD](https://aad.portal.azure.com/)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Salesforce Sandbox tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Salesforce Sandbox for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/protect-salesforce) -- [Configure User Provisioning](salesforce-sandbox-provisioning-tutorial.md)
+## Next steps
-- [How to protect Salesforce Sandbox with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)\ No newline at end of file
+Once you configure the Salesforce Sandbox you can enforce session controls, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session controls extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sap-fiori-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/sap-fiori-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 09/05/2019
+ms.date: 12/28/2020
ms.author: jeedes ---
@@ -21,7 +21,6 @@ In this tutorial, you'll learn how to integrate SAP Fiori with Azure Active Dire
* Enable your users to be automatically signed-in to SAP Fiori with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
## Prerequisites
@@ -37,24 +36,24 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
* SAP Fiori supports **SP** initiated SSO > [!NOTE]
-> For SAP Fiori initiated iFrame Authentication, we recommend using the **IsPassive** parameter in the SAML AuthnRequest for silent authentication. For more details of the **IsPassive** parameter refer to [Azure AD SAML single sign-on](../develop/single-sign-on-saml-protocol.md) information
+> For SAP Fiori initiated iFrame Authentication, we recommend using the **IsPassive** parameter in the SAML AuthnRequest for silent authentication. For more details of the **IsPassive** parameter refer to [Azure AD SAML single sign-on](../develop/single-sign-on-saml-protocol.md) information.
## Adding SAP Fiori from the gallery To configure the integration of SAP Fiori into Azure AD, you need to add SAP Fiori from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **SAP Fiori** in the search box. 1. Select **SAP Fiori** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for SAP Fiori
+## Configure and test Azure AD SSO for SAP Fiori
Configure and test Azure AD SSO with SAP Fiori using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in SAP Fiori.
-To configure and test Azure AD SSO with SAP Fiori, complete the following building blocks:
+To configure and test Azure AD SSO with SAP Fiori, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -126,9 +125,9 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
![The Download Metadata link in the SAP SAML 2.0 Metadata dialog box](./media/sapfiori-tutorial/tutorial-sapnetweaver-generatesp.png)
-1. In the [Azure portal](https://portal.azure.com/), on the **SAP Fiori** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **SAP Fiori** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -198,15 +197,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **SAP Fiori**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure SAP Fiori SSO
@@ -311,12 +304,6 @@ In this section, you create a user named Britta Simon in SAP Fiori. Work with yo
1. If you are prompted for a username and password, enable trace to help diagnose the issue. Use the following URL for the trace: https:\//\<sapurl\>/sap/bc/webdynpro/sap/sec_diag_tool?sap-client=122&sap-language=EN#.
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)--- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)--- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try SAP Fiori with Azure AD](https://aad.portal.azure.com/)\ No newline at end of file
+Once you configure SAP Fiori you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
\ No newline at end of file
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/skedda-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/skedda-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 10/30/2020
+ms.date: 01/06/2021
ms.author: jeedes ---
@@ -68,23 +68,18 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Skedda** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
- In the **Reply URL** text box, enter one of the following URL:
-
- | Reply URL|
- |----------|
- | `https://www.skedda.com/saml2/acs` |
- | `https://app.skedda.com/saml2/acs` |
+ In the **Reply URL** text box, type the URL: `https://app.skedda.com/saml2/acs`
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode: In the **Sign-on URL** text box, type a URL using the following pattern:
- `https://www.skedda.com/account/externallogin?returnUrl=<CUSTOM_URL>`
+ `https://app.skedda.com/account/externallogin?returnUrl=<CUSTOM_URL>`
> [!NOTE] > The value is not real. Update the value with the actual Sign-on URL. Contact [Skedda Client support team](mailto:info@skedda.com) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
@@ -144,7 +139,7 @@ In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Skedda for which you set up the SSO
-You can also use Microsoft Access Panel to test the application in any mode. When you click the Skedda tile in the Access Panel, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Skedda for which you set up the SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+You can also use Microsoft My Apps to test the application in any mode. When you click the Skedda tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Skedda for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/snowflake-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/snowflake-tutorial.md
@@ -9,20 +9,16 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 12/27/2018
+ms.date: 12/27/2020
ms.author: jeedes --- # Tutorial: Azure Active Directory integration with Snowflake
-In this tutorial, you learn how to integrate Snowflake with Azure Active Directory (Azure AD).
-Integrating Snowflake with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Snowflake with Azure Active Directory (Azure AD). When you integrate Snowflake with Azure AD, you can:
-* You can control in Azure AD who has access to Snowflake.
-* You can enable your users to be automatically signed-in to Snowflake (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Snowflake.
+* Enable your users to be automatically signed-in to Snowflake with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
@@ -42,74 +38,50 @@ In this tutorial, you will configure and test Azure AD single sign-on in a test
To configure the integration of Snowflake into Azure AD, you need to add Snowflake from the gallery to your list of managed SaaS apps.
-**Add Snowflake from the gallery:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Snowflake**, select **Snowflake** from result panel then click **Add** button to add the application.
-
- ![Snowflake in the results list](common/search-new-app-snowflake.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you will configure and test Azure AD single sign-on with Snowflake based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Snowflake needs to be established.
-
-To configure and test Azure AD single sign-on with Snowflake, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Snowflake Single Sign-On](#configure-snowflake-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Snowflake test user](#create-snowflake-test-user)** - to have a counterpart of Britta Simon in Snowflake that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Snowflake** in the search box.
+1. Select **Snowflake** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-### Configure Azure AD single sign-on
+## Configure and test Azure AD SSO for Snowflake
-In this section, you enable Azure AD single sign-on in the Azure portal.
+Configure and test Azure AD SSO with Snowflake using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Snowflake.
-To configure Azure AD single sign-on with Snowflake, perform the following steps:
+To configure and test Azure AD SSO with Snowflake, complete the following building blocks:
-1. In the [Azure portal](https://portal.azure.com/), on the **Snowflake** application integration page, select **Single sign-on**.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Snowflake SSO](#configure-snowflake-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Snowflake test user](#create-snowflake-test-user)** - to have a counterpart of B.Simon in Snowflake that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
- ![Configure single sign-on link](common/select-sso.png)
+### Configure Azure AD SSO
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![Single sign-on select mode](common/select-saml-option.png)
+1. In the Azure portal, on the **Snowflake** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. In the **Basic SAML Configuration** section, perform the following steps, if you wish to configure the application in **IDP** initiated mode:
- ![Screenshot shows the Basic SAML Configuration, where you can enter Identifier, Reply U R L, and select Save.](common/idp-intiated.png)
- a. In the **Identifier** text box, type a URL using the following pattern: `https://<SNOWFLAKE-URL>.snowflakecomputing.com` b. In the **Reply URL** text box, type a URL using the following pattern: `https://<SNOWFLAKE-URL>.snowflakecomputing.com/fed/login`
- c. Click **Set additional URLs** and perform the following step if you wish to configure the application in SP initiated mode:
-
- ![Screenshot shows Set additional U R Ls where you can enter a Sign on U R L.](common/metadata-upload-additional-signon.png)
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in SP initiated mode:
- In the **Sign-on URL** text box, type a URL using the following pattern:
+ a. In the **Sign-on URL** text box, type a URL using the following pattern:
`https://<SNOWFLAKE-URL>.snowflakecomputing.com`
- In the **Logout URL** text box, type a URL using the following pattern:
+ b. In the **Logout URL** text box, type a URL using the following pattern:
`https://<SNOWFLAKE-URL>.snowflakecomputing.com/fed/logout` > [!NOTE]
@@ -123,20 +95,39 @@ To configure Azure AD single sign-on with Snowflake, perform the following steps
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
- b. Azure Ad Identifier
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Snowflake.
- c. Logout URL
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Snowflake**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-### Configure Snowflake Single Sign-On
+## Configure Snowflake SSO
1. In a different web browser window, login to Snowflake as a Security Administrator. 1. **Switch Role** to **ACCOUNTADMIN**, by clicking on **profile** on the top right side of page. > [!NOTE]
- > This is separate from the context you have selected in the top-right corner under your User Name
+ > This is separate from the context you have selected in the top-right corner under your User Name.
![The Snowflake admin](./media/snowflake-tutorial/tutorial_snowflake_accountadmin.png)
@@ -155,56 +146,6 @@ To configure Azure AD single sign-on with Snowflake, perform the following steps
alter account set sso_login_page = TRUE; ```
-### Create an Azure AD test user
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Snowflake.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Snowflake**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, type and select **Snowflake**.
-
- ![The Snowflake link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
### Create Snowflake test user
@@ -227,16 +168,23 @@ To enable Azure AD users to log in to Snowflake, they must be provisioned into S
CREATE USER britta_simon PASSWORD = '' LOGIN_NAME = 'BrittaSimon@contoso.com' DISPLAY_NAME = 'Britta Simon'; ```
-### Test single sign-on
+### Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Snowflake Sign on URL where you can initiate the login flow.
+
+* Go to Snowflake Sign-on URL directly and initiate the login flow from there.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+#### IDP initiated:
-When you click the Snowflake tile in the Access Panel, you should be automatically signed in to the Snowflake for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Snowflake for which you set up the SSO
-## Additional Resources
+You can also use Microsoft My Apps to test the application in any mode. When you click the Snowflake tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Snowflake for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md) -- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)\ No newline at end of file
+Once you configure Snowflake you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
\ No newline at end of file
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/successfactors-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/successfactors-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 01/16/2020
+ms.date: 12/26/2020
ms.author: jeedes ---
@@ -21,7 +21,6 @@ In this tutorial, you'll learn how to integrate SuccessFactors with Azure Active
* Enable your users to be automatically signed-in to SuccessFactors with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
## Prerequisites
@@ -35,13 +34,12 @@ To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment. * SuccessFactors supports **SP** initiated SSO.
-* Once you configure the SuccessFactors you can enforce session controls, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
## Adding SuccessFactors from the gallery To configure the integration of SuccessFactors into Azure AD, you need to add SuccessFactors from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
@@ -53,7 +51,7 @@ To configure the integration of SuccessFactors into Azure AD, you need to add Su
Configure and test Azure AD SSO with SuccessFactors using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in SuccessFactors.
-To configure and test Azure AD SSO with SuccessFactors, complete the following building blocks:
+To configure and test Azure AD SSO with SuccessFactors, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -66,22 +64,22 @@ To configure and test Azure AD SSO with SuccessFactors, complete the following b
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **SuccessFactors** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **SuccessFactors** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Basic SAML Configuration** section, perform the following steps:
- a. In the **Sign-on URL** textbox, type a URL using the following pattern:
+ a. In the **Sign-on URL** textbox, type a URL using one of the following patterns:
- `https://<companyname>.successfactors.com/<companyname>` - `https://<companyname>.sapsf.com/<companyname>` - `https://<companyname>.successfactors.eu/<companyname>` - `https://<companyname>.sapsf.eu`
- b. In the **Identifier** textbox, type a URL using the following pattern:
+ b. In the **Identifier** textbox, type a URL using one of the following patterns:
- `https://www.successfactors.com/<companyname>` - `https://www.successfactors.com`
@@ -93,7 +91,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
- `https://www.successfactors.cn` - `https://www.successfactors.cn/<companyname>`
- c. In the **Reply URL** textbox, type a URL using the following pattern:
+ c. In the **Reply URL** textbox, type a URL using one of the following patterns:
- `https://<companyname>.successfactors.com/<companyname>` - `https://<companyname>.successfactors.com`
@@ -136,15 +134,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **SuccessFactors**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure SuccessFactors SSO
@@ -222,23 +214,18 @@ To get users created in SuccessFactors, you need to contact the [SuccessFactors
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the SuccessFactors tile in the Access Panel, you should be automatically signed in to the SuccessFactors for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Click on **Test this application** in Azure portal. This will redirect to SuccessFactors Sign-on URL where you can initiate the login flow.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Go to SuccessFactors Sign-on URL directly and initiate the login flow from there.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* You can use Microsoft My Apps. When you click the SuccessFactors tile in the My Apps, this will redirect to SuccessFactors Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [Try SuccessFactors with Azure AD](https://aad.portal.azure.com) -- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect SuccessFactors with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure the SuccessFactors you can enforce session controls, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session controls extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
<!--Image references-->
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/syndio-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/syndio-tutorial.md new file mode 100644
@@ -0,0 +1,144 @@
+---
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Syndio | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Syndio.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 01/05/2021
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Syndio
+
+In this tutorial, you'll learn how to integrate Syndio with Azure Active Directory (Azure AD). When you integrate Syndio with Azure AD, you can:
+
+* Control in Azure AD who has access to Syndio.
+* Enable your users to be automatically signed-in to Syndio with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Syndio single sign-on (SSO) enabled subscription.
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Syndio supports **SP** initiated SSO
+
+* Syndio supports **Just In Time** user provisioning
+
+## Adding Syndio from the gallery
+
+To configure the integration of Syndio into Azure AD, you need to add Syndio from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Syndio** in the search box.
+1. Select **Syndio** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
++
+## Configure and test Azure AD SSO for Syndio
+
+Configure and test Azure AD SSO with Syndio using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Syndio.
+
+To configure and test Azure AD SSO with Syndio, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Syndio SSO](#configure-syndio-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Syndio test user](#create-syndio-test-user)** - to have a counterpart of B.Simon in Syndio that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **Syndio** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
+
+1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+
+ a. In the **Sign on URL** text box, type a URL using the following pattern:
+ `https://payeq<SyndioEnv>.synd.io`
+
+ b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
+ `urn:auth0:syndio-payeq<SyndioEnv>:<OrganizationID>`
+
+ c. In the **Reply URL** text box, type a URL using the following pattern:
+ `https://auth<SyndioEnv>.synd.io/login/callback?connection=<OrganizationID>`
+
+ > [!NOTE]
+ > These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact [Syndio Client support team](mailto:support@synd.io) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
+
+ ![The Certificate download link](common/certificatebase64.png)
+
+1. On the **Set up Syndio** section, copy the appropriate URL(s) based on your requirement.
+
+ ![Copy configuration URLs](common/copy-configuration-urls.png)
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Syndio.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Syndio**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Syndio SSO
+
+To configure single sign-on on **Syndio** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Syndio support team](mailto:support@synd.io). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create Syndio test user
+
+In this section, a user called Britta Simon is created in Syndio. Syndio supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Syndio, a new one is created after authentication.
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+* Click on **Test this application** in Azure portal. This will redirect to Syndio Sign-on URL where you can initiate the login flow.
+
+* Go to Syndio Sign-on URL directly and initiate the login flow from there.
+
+* You can use Microsoft My Apps. When you click the Syndio tile in the My Apps, this will redirect to Syndio Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
++
+## Next steps
+
+Once you configure Syndio you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
++
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/synerise-ai-growth-ecosystem-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/synerise-ai-growth-ecosystem-tutorial.md
@@ -1,6 +1,6 @@
---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Synerise AI Growth Ecosystem | Microsoft Docs'
-description: Learn how to configure single sign-on between Azure Active Directory and Synerise AI Growth Ecosystem.
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Synerise AI Growth Operating System | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Synerise AI Growth Operating System.
services: active-directory author: jeevansd manager: CelesteDG
@@ -9,17 +9,17 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 12/15/2020
+ms.date: 01/06/2021
ms.author: jeedes ---
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Synerise AI Growth Ecosystem
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Synerise AI Growth Operating System
-In this tutorial, you'll learn how to integrate Synerise AI Growth Ecosystem with Azure Active Directory (Azure AD). When you integrate Synerise AI Growth Ecosystem with Azure AD, you can:
+In this tutorial, you'll learn how to integrate Synerise with Azure Active Directory (Azure AD). When you integrate Synerise with Azure AD, you can:
-* Control in Azure AD who has access to Synerise AI Growth Ecosystem.
-* Enable your users to be automatically signed-in to Synerise AI Growth Ecosystem with their Azure AD accounts.
+* Control in Azure AD who has access to Synerise.
+* Enable your users to be automatically signed-in to Synerise with their Azure AD accounts.
* Manage your accounts in one central location - the Azure portal. ## Prerequisites
@@ -27,72 +27,72 @@ In this tutorial, you'll learn how to integrate Synerise AI Growth Ecosystem wit
To get started, you need the following items: * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Synerise AI Growth Ecosystem single sign-on (SSO) enabled subscription.
+* Synerise single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Synerise AI Growth Ecosystem supports **SP and IDP** initiated SSO
-* Synerise AI Growth Ecosystem supports **Just In Time** user provisioning
+* Synerise supports **SP and IDP** initiated SSO
+* Synerise supports **Just In Time** user provisioning
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding Synerise AI Growth Ecosystem from the gallery
+## Adding Synerise AI Growth Operating System from the gallery
-To configure the integration of Synerise AI Growth Ecosystem into Azure AD, you need to add Synerise AI Growth Ecosystem from the gallery to your list of managed SaaS apps.
+To configure the integration of Synerise into Azure AD, you need to add Synerise from the gallery to your list of managed SaaS apps.
1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account. 1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **Synerise AI Growth Ecosystem** in the search box.
-1. Select **Synerise AI Growth Ecosystem** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+1. In the **Add from the gallery** section, type **Synerise AI Growth Operating System** in the search box.
+1. Select **Synerise AI Growth Operating System** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD SSO for Synerise AI Growth Ecosystem
+## Configure and test Azure AD SSO for Synerise AI Growth Operating System
-Configure and test Azure AD SSO with Synerise AI Growth Ecosystem using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Synerise AI Growth Ecosystem.
+Configure and test Azure AD SSO with Synerise using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Synerise.
-To configure and test Azure AD SSO with Synerise AI Growth Ecosystem, perform the following steps:
+To configure and test Azure AD SSO with Synerise, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon. 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure Synerise AI Growth Ecosystem SSO](#configure-synerise-ai-growth-ecosystem-sso)** - to configure the single sign-on settings on application side.
- 1. **[Create Synerise AI Growth Ecosystem test user](#create-synerise-ai-growth-ecosystem-test-user)** - to have a counterpart of B.Simon in Synerise AI Growth Ecosystem that is linked to the Azure AD representation of user.
+1. **[Configure Synerise AI Growth Operating System SSO](#configure-synerise-ai-growth-operating-system-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Synerise AI Growth Operating System test user](#create-synerise-ai-growth-operating-system-test-user)** - to have a counterpart of B.Simon in Synerise that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the Azure portal, on the **Synerise AI Growth Ecosystem** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Synerise AI Growth Operating System** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields: In the **Reply URL** text box, type a URL using the following pattern:
- `https://app.synerise.com/api-portal/uauth/saml/auth/<CUSTOMER_PROFILE_HASH>`
+ `https://app.synerise.com/api-portal/uauth/saml/auth/<PROFILE_HASH>`
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode: In the **Sign-on URL** text box, type a URL using the following pattern:
- `https://app.synerise.com/api-portal/uauth/saml/auth/<CUSTOMER_PROFILE_HASH>`
+ `https://app.synerise.com/api-portal/uauth/saml/auth/<PROFILE_HASH>`
> [!NOTE]
- > These values are not real. Update these values with the actual Reply URL and Sign-on URL. Contact [Synerise AI Growth Ecosystem Client support team](mailto:support@synerise.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Reply URL and Sign-on URL. Contact [Synerise support team](mailto:support@synerise.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer. ![The Certificate download link](common/certificatebase64.png)
-1. On the **Set up Synerise AI Growth Ecosystem** section, copy the appropriate URL(s) based on your requirement.
+1. On the **Set up Synerise** section, copy the appropriate URL(s) based on your requirement.
![Copy configuration URLs](common/copy-configuration-urls.png) ### Create an Azure AD test user
@@ -109,23 +109,51 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
### Assign the Azure AD test user
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Synerise AI Growth Ecosystem.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Synerise.
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **Synerise AI Growth Ecosystem**.
+1. In the applications list, select **Synerise AI Growth Operating System**.
1. In the app's overview page, find the **Manage** section and select **Users and groups**. 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog. 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected. 1. In the **Add Assignment** dialog, click the **Assign** button.
-## Configure Synerise AI Growth Ecosystem SSO
+## Configure Synerise AI Growth Operating System SSO
-To configure single sign-on on **Synerise AI Growth Ecosystem** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Synerise AI Growth Ecosystem support team](mailto:support@synerise.com). They set this setting to have the SAML SSO connection set properly on both sides.
+1. Log in to the Synerise as an administrator.
-### Create Synerise AI Growth Ecosystem test user
+1. Go to the **Settings > Access Control**.
-In this section, a user called Britta Simon is created in Synerise AI Growth Ecosystem. Synerise AI Growth Ecosystem supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Synerise AI Growth Ecosystem, a new one is created after authentication.
+ ![Synerise settings](./media/synerise-ai-growth-ecosystem-tutorial/settings.png)
+
+1. In the **Access Control** page, click on **Show** button in the **Single Sign-On** tab.
+
+ ![Synerise Access Control](./media/synerise-ai-growth-ecosystem-tutorial/single-sign-on.png)
+
+1. Perform the following steps in the below page.
+
+ ![Synerise configuration](./media/synerise-ai-growth-ecosystem-tutorial/configuration.png)
+
+ a. In the **Identifier Provider Entity ID** textbox, paste the **Azure AD Identifier** value which you have copied from the Azure portal.
+
+ b. In the **SSO endpoint(https)** textbox, paste the **Login URL** value which you have copied from the Azure portal.
+
+ c. In the **Identity Provider application ID** textbox, paste the **application ID** value.
+
+ d. Copy **Service Provider redirect URI** value, paste this value into the **Reply URL** text box in the Basic SAML Configuration section in the Azure portal.
+
+ e. Select **HTTP REDIRECT** in the **Request binding**.
+
+ f. Switch on the **Request signature**.
+
+ g. Upload the downloaded **Certificate(Base64)** file in to the **Identity Provider Signature Certificate**.
+
+ i. Click on **Apply**.
+
+### Create Synerise AI Growth Operating System test user
+
+In this section, a user called Britta Simon is created in Synerise. Synerise supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Synerise, a new one is created after authentication.
## Test SSO
@@ -133,19 +161,19 @@ In this section, you test your Azure AD single sign-on configuration with follow
#### SP initiated:
-* Click on **Test this application** in Azure portal. This will redirect to Synerise AI Growth Ecosystem Sign on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Synerise Sign on URL where you can initiate the login flow.
-* Go to Synerise AI Growth Ecosystem Sign-on URL directly and initiate the login flow from there.
+* Go to Synerise Sign-on URL directly and initiate the login flow from there.
#### IDP initiated:
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the Synerise AI Growth Ecosystem for which you set up the SSO
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Synerise for which you set up the SSO
-You can also use Microsoft My Apps to test the application in any mode. When you click the Synerise AI Growth Ecosystem tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Synerise AI Growth Ecosystem for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the Synerise tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Synerise for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
## Next steps
-Once you configure Synerise AI Growth Ecosystem you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Synerise you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/ultipro-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/ultipro-tutorial.md
@@ -9,109 +9,91 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 12/24/2018
+ms.date: 12/24/2020
ms.author: jeedes --- # Tutorial: Azure Active Directory integration with UltiPro
-In this tutorial, you learn how to integrate UltiPro with Azure Active Directory (Azure AD).
-Integrating UltiPro with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate UltiPro with Azure Active Directory (Azure AD). When you integrate UltiPro with Azure AD, you can:
-* You can control in Azure AD who has access to UltiPro.
-* You can enable your users to be automatically signed-in to UltiPro (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
+* Control in Azure AD who has access to UltiPro.
+* Enable your users to be automatically signed-in to UltiPro with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
## Prerequisites
-To configure Azure AD integration with UltiPro, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* UltiPro single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* UltiPro single sign-on (SSO) enabled subscription.
## Scenario description
-In this tutorial, you configure and test Azure AD single sign-on in a test environment.
+In this tutorial, you configure and test Azure AD SSO in a test environment.
-* UltiPro supports **SP** initiated SSO
+* UltiPro supports **SP** initiated SSO.
## Adding UltiPro from the gallery To configure the integration of UltiPro into Azure AD, you need to add UltiPro from the gallery to your list of managed SaaS apps.
-**To add UltiPro from the gallery, perform the following steps:**
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **UltiPro** in the search box.
+1. Select **UltiPro** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
- ![The Azure Active Directory button](common/select-azuread.png)
+## Configure and test Azure AD SSO for UltiPro
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
+Configure and test Azure AD SSO with UltiPro using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in UltiPro.
- ![The Enterprise applications blade](common/enterprise-applications.png)
+To configure and test Azure AD SSO with UltiPro, perform the following steps:
-3. To add new application, click **New application** button on the top of dialog.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+2. **[Configure UltiPro SSO](#configure-ultipro-sso)** - to configure the Single Sign-On settings on application side.
+ 1. **[Create UltiPro test user](#create-ultipro-test-user)** - to have a counterpart of B.Simon in UltiPro that is linked to the Azure AD representation of user.
+3. **[Test SSO](#test-sso)** - to verify whether the configuration works.
- ![The New application button](common/add-new-app.png)
+## Configure Azure AD SSO
-4. In the search box, type **UltiPro**, select **UltiPro** from result panel then click **Add** button to add the application.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![UltiPro in the results list](common/search-new-app.png)
+1. In the Azure portal, on the **UltiPro** application integration page, find the **Manage** section and select **Single sign-on**.
+1. On the **Select a Single sign-on method** page, select **SAML**.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-## Configure and test Azure AD single sign-on
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
-In this section, you configure and test Azure AD single sign-on with UltiPro based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in UltiPro needs to be established.
+1. On the **Basic SAML Configuration** section, perform the following steps:
-To configure and test Azure AD single sign-on with UltiPro, you need to complete the following building blocks:
+ a. In the **Sign-on URL** textbox, type a URL using one of the following patterns:
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure UltiPro Single Sign-On](#configure-ultipro-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create UltiPro test user](#create-ultipro-test-user)** - to have a counterpart of Britta Simon in UltiPro that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
-
-### Configure Azure AD single sign-on
-
-In this section, you enable Azure AD single sign-on in the Azure portal.
-
-To configure Azure AD single sign-on with UltiPro, perform the following steps:
-
-1. In the [Azure portal](https://portal.azure.com/), on the **UltiPro** application integration page, select **Single sign-on**.
-
- ![Configure single sign-on link](common/select-sso.png)
-
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
-
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
-
-4. On the **Basic SAML Configuration** section, perform the following steps:
-
- ![UltiPro Domain and URLs single sign-on information](common/sp-identifier-reply.png)
-
- a. In the **Sign-on URL** textbox, type a URL using the following pattern:
-
- - `https://<companyname>.ultipro.com/`
- - `https://<companyname>.ultiproworkplace.com?cpi=AZUREADISSSUERURL`
- - `https://<companyname>.ultipro.ca`
+ | Sign-on URL |
+ |-------------|
+ | `https://<companyname>.ultipro.com/` |
+ | `https://<companyname>.ultiproworkplace.com?cpi=AZUREADISSSUERURL` |
+ | `https://<companyname>.ultipro.ca` |
- b. In the **Identifier** textbox, type a URL using the following pattern:
+ b. In the **Identifier** textbox, type a URL using one of the following patterns:
- - `https://<companyname>.ultipro.com/adfs/services/trust`
- - `https://<companyname>.ultiproworkplace.com/adfs/services/trust`
- - `https://<companyname>.ultipro.ca/adfs/services/trust`
+ | Identifier |
+ |-------------|
+ | `https://<companyname>.ultipro.com/adfs/services/trust` |
+ | `https://<companyname>.ultiproworkplace.com/adfs/services/trust` |
+ | `https://<companyname>.ultipro.ca/adfs/services/trust` |
- c. In the **Reply URL** textbox, type a URL using the following pattern:
-
- - `https://<companyname>.ultipro.com/<instancename>`
- - `https://<companyname>.ultiproworkplace.com/<instancename>`
- - `https://<companyname>.ultipro.ca/<instancename>`
+ c. In the **Reply URL** textbox, type a URL using one of the following patterns:
+
+ | Reply URL |
+ |-------------|
+ | `https://<companyname>.ultipro.com/<instancename>` |
+ | `https://<companyname>.ultiproworkplace.com/<instancename>` |
+ | `https://<companyname>.ultipro.ca/<instancename>` |
> [!NOTE] > These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact [UltiPro Client support team](https://www.ultimatesoftware.com/ContactUs) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
@@ -124,81 +106,50 @@ To configure Azure AD single sign-on with UltiPro, perform the following steps:
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure Ad Identifier
-
- c. Logout URL
-
-### Configure UltiPro Single Sign-On
-
-To configure single sign-on on **UltiPro** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [UltiPro support team](https://www.ultimatesoftware.com/ContactUs). They set this setting to have the SAML SSO connection set properly on both sides.
-
-### Create an Azure AD test user
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
+### Create an Azure AD test user
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to UltiPro.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to UltiPro.
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **UltiPro**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **UltiPro**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![Enterprise applications blade](common/enterprise-applications.png)
-2. In the applications list, type and select **UltiPro**.
+## Configure UltiPro SSO
- ![The UltiPro link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **UltiPro** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [UltiPro support team](https://www.ultimatesoftware.com/ContactUs). They set this setting to have the SAML SSO connection set properly on both sides.
### Create UltiPro test user In this section, you create a user called Britta Simon in UltiPro. Work with [UltiPro support team](https://www.ultimatesoftware.com/ContactUs) to add the users in the UltiPro platform. Users must be created and activated before you use single sign-on.
-### Test single sign-on
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Click on **Test this application** in Azure portal. This will redirect to UltiPro Sign-on URL where you can initiate the login flow.
-When you click the UltiPro tile in the Access Panel, you should be automatically signed in to the UltiPro for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Go to UltiPro Sign-on URL directly and initiate the login flow from there.
-## Additional Resources
+* You can use Microsoft My Apps. When you click the UltiPro tile in the My Apps, this will redirect to UltiPro Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md) -- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)\ No newline at end of file
+Once you configure the UltiPro you can enforce session controls, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session controls extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
\ No newline at end of file
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workplacebyfacebook-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/workplacebyfacebook-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 03/03/2020
+ms.date: 12/28/2020
ms.author: jeedes ---
@@ -21,7 +21,6 @@ In this tutorial, you'll learn how to integrate Workplace by Facebook with Azure
* Enable your users to be automatically signed-in to Workplace by Facebook with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
## Prerequisites
@@ -41,13 +40,13 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
* Workplace by Facebook supports **just-in-time provisioning** * Workplace by Facebook supports **[automatic User Provisioning](workplacebyfacebook-provisioning-tutorial.md)** * Workplace by Facebook Mobile application can now be configured with Azure AD for enabling SSO. In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Once you configure Workplace by Facebook you can enforce Session control, which protect exfiltration and infiltration of your organization's sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
+ ## Adding Workplace by Facebook from the gallery To configure the integration of Workplace by Facebook into Azure AD, you need to add Workplace by Facebook from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
@@ -58,22 +57,22 @@ To configure the integration of Workplace by Facebook into Azure AD, you need to
Configure and test Azure AD SSO with Workplace by Facebook using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Workplace by Facebook.
-To configure and test Azure AD SSO with Workplace by Facebook, complete the following building blocks:
+To configure and test Azure AD SSO with Workplace by Facebook, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
2. **[Configure Workplace by Facebook SSO](#configure-workplace-by-facebook-sso)** - to configure the Single Sign-On settings on application side.
- * **[Create Workplace by Facebook test user](#create-workplace-by-facebook-test-user)** - to have a counterpart of B.Simon in Workplace by Facebook that is linked to the Azure AD representation of user.
+ 1. **[Create Workplace by Facebook test user](#create-workplace-by-facebook-test-user)** - to have a counterpart of B.Simon in Workplace by Facebook that is linked to the Azure AD representation of user.
3. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Workplace by Facebook** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Workplace by Facebook** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -118,15 +117,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Workplace by Facebook**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Workplace by Facebook SSO
@@ -200,13 +193,17 @@ In this section, a user called B.Simon is created in Workplace by Facebook. Work
There is no action for you in this section. If a user doesn't exist in Workplace by Facebook, a new one is created when you attempt to access Workplace by Facebook. >[!Note]
->If you need to create a user manually, Contact [Workplace by Facebook Client support team](https://www.workplace.com/help/work/)
+>If you need to create a user manually, Contact [Workplace by Facebook Client support team](https://www.workplace.com/help/work/).
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+* Click on **Test this application** in Azure portal. This will redirect to Workplace by Facebook Sign-on URL where you can initiate the login flow.
-When you click the Workplace by Facebook tile in the Access Panel, you should be automatically signed in to the Workplace by Facebook for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Go to Workplace by Facebook Sign-on URL directly and initiate the login flow from there.
+
+* You can use Microsoft My Apps. When you click the Workplace by Facebook tile in the My Apps, this will redirect to Workplace by Facebook Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
## Test SSO for Workplace by Facebook (mobile)
@@ -230,16 +227,6 @@ When you click the Workplace by Facebook tile in the Access Panel, you should be
![The Home page](./media/workplacebyfacebook-tutorial/test01.png)
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)--- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)--- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)--- [Configure User Provisioning](workplacebyfacebook-provisioning-tutorial.md)--- [Try Workplace by Facebook with Azure AD](https://aad.portal.azure.com)
+## Next steps
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)\ No newline at end of file
+Once you configure Workplace by Facebook you can enforce Session control, which protects exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
\ No newline at end of file
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/zendesk-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/zendesk-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
ms.subservice: saas-app-tutorial ms.workload: identity ms.topic: tutorial
-ms.date: 08/20/2020
+ms.date: 12/28/2020
ms.author: jeedes ---
@@ -21,7 +21,6 @@ In this tutorial, you'll learn how to integrate Zendesk with Azure Active Direct
* Enable your users to be automatically signed-in to Zendesk with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
## Prerequisites
@@ -36,13 +35,13 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
* Zendesk supports **SP** initiated SSO * Zendesk supports [**Automated** user provisioning](zendesk-provisioning-tutorial.md)
-* Once you configure Zendesk you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+ ## Adding Zendesk from the gallery To configure the integration of Zendesk into Azure AD, you need to add Zendesk from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
@@ -53,7 +52,7 @@ To configure the integration of Zendesk into Azure AD, you need to add Zendesk f
Configure and test Azure AD SSO with Zendesk using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Zendesk.
-To configure and test Azure AD SSO with Zendesk, complete the following building blocks:
+To configure and test Azure AD SSO with Zendesk, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -66,9 +65,9 @@ To configure and test Azure AD SSO with Zendesk, complete the following building
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Zendesk** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Zendesk** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
@@ -122,15 +121,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Zendesk**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Zendesk SSO
@@ -171,22 +164,14 @@ The objective of this section is to create a user called Britta Simon in Zendesk
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Zendesk tile in the Access Panel, you should be automatically signed in to the Zendesk for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)--- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal. This will redirect to Zendesk Sign-on URL where you can initiate the login flow.
-- [Try Zendesk with Azure AD](https://aad.portal.azure.com/)
+* Go to Zendesk Sign-on URL directly and initiate the login flow from there.
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+* You can use Microsoft My Apps. When you click the Zendesk tile in the My Apps, this will redirect to Zendesk Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [How to protect Zendesk with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [Configure User Provisioning](zendesk-provisioning-tutorial.md)\ No newline at end of file
+Once you configure Zendesk you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
\ No newline at end of file
aks https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-multi-region https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/operator-best-practices-multi-region.md
@@ -115,10 +115,7 @@ The typical strategy is to provide a common storage point where applications can
![Infrastructure-based asynchronous replication](media/operator-best-practices-bc-dr/aks-infra-based-async-repl.png)
-If you use Azure Managed Disks, you can choose replication and DR solutions such as these:
-
-* [Velero on Azure](https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/master/README.md)
-* [Azure Backup](../backup/backup-overview.md)
+If you use Azure Managed Disks, there are a few options you can use to handle replication and disaster recovery. [Velero on Azure][velero] and [Kasten][kasten] are back up solutions native to Kubernetes but are not supported.
### Application-based asynchronous replication
@@ -136,3 +133,6 @@ This article focuses on business continuity and disaster recovery considerations
<!-- INTERNAL LINKS --> [aks-best-practices-scheduler]: operator-best-practices-scheduler.md [aks-best-practices-cluster-isolation]: operator-best-practices-cluster-isolation.md+
+[velero]: https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/master/README.md
+[kasten]: https://www.kasten.io/
\ No newline at end of file
analysis-services https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/analysis-services/analysis-services-overview.md
@@ -4,7 +4,7 @@ description: Learn about Azure Analysis Services, a fully managed platform as a
author: minewiskan ms.service: azure-analysis-services ms.topic: overview
-ms.date: 12/01/2020
+ms.date: 01/07/2021
ms.author: owend ms.reviewer: minewiskan #Customer intent: As a BI developer, I want to determine if Azure Analysis Services is the best data modeling platform for our organization.
@@ -86,6 +86,7 @@ Azure Analysis Services is supported in regions throughout the world. Supported
|Central US | B1, B2, S0, S1, S2, S4, D1 | 1 | |Central US | S8v2, S9v2 | 1 | |South Central US | B1, B2, S0, S1, S2, S4, D1 | 1 |
+|South Central US | S8v2, S9v2 | 1 |
|West Central US | B1, B2, S0, S1, S2, S4, D1 | 3 | |West US | B1, B2, S0, S1, S2, S4, D1 | 7 | |West US | S8v2, S9v2 | 2 |
@@ -110,6 +111,7 @@ Azure Analysis Services is supported in regions throughout the world. Supported
|Australia East | S8v2, S9v2 | 1 | |Australia Southeast | B1, B2, S0, S1, S2, S4, D1 | 1 | |Japan East | B1, B2, S0, S1, S2, S4, D1 | 1 |
+|Japan East | S8v2, S9v2 | 1 |
|Southeast Asia | B1, B2, S0, S1, S2, S4, D1 | 1 | |Southeast Asia | S8v2, S9v2 | 1 | |West India | B1, B2, S0, S1, S2, S4, D1 | 1 |
app-service https://docs.microsoft.com/en-us/azure/app-service/environment/creation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/creation.md
@@ -15,10 +15,9 @@ ms.custom: seodec18
> This article is about the App Service Environment v3 (preview) >
-The [App Service Environment (ASE)][Intro] is a single tenant deployment of the App Service that injects into your Azure Virtual Network (VNet). ASEv3 only supports exposing apps on a private address in your Vnet. When an ASEv3 is created during preview, three resources are added to your subscription.
+The [App Service Environment (ASE)][Intro] is a single tenant deployment of the App Service that injects into your Azure Virtual Network (VNet). ASEv3 only supports exposing apps on a private address in your Vnet. When an ASEv3 is created during preview, these resources are added to your subscription.
- App Service Environment-- Azure DNS private zone - Private endpoint A deployment of an ASE will require use of two subnets. One subnet will hold the private endpoint. This subnet can be used for other things such as VMs. The other subnet is used for outbound calls made from the ASE. This subnet can't be used for anything else other than the ASE.
app-service https://docs.microsoft.com/en-us/azure/app-service/environment/networking https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/networking.md
@@ -29,7 +29,11 @@ The ASE has the following addresses at creation:
| Windows outbound address | The Windows apps in this ASE will use this address, by default, when making outbound calls to the internet. | | Linux outbound address | The Linux apps in this ASE will use this address, by default, when making outbound calls to the internet. |
-If you delete the private endpoint used by the ASE, you can't reach the apps in your ASE. Don't delete the Azure DNS private zone associated with your ASE.
+The ASEv3 has details on the addresses used by the ASE in the **IP Addresses** portion of the ASE portal.
+
+![ASE addresses UI](./media/networking/networking-ip-addresses.png)
+
+If you delete the private endpoint used by the ASE, you can't reach the apps in your ASE.
The ASE uses addresses in the outbound subnet to support the infrastructure used by the ASE. As you scale your App Service plans in your ASE, you'll use more addresses. Apps in the ASE don't have dedicated addresses in the outbound subnet. The addresses used by an app in the outbound subnet by an app will change over time.
@@ -43,7 +47,7 @@ Unlike the ASEv2, with ASEv3 you can set Network Security Groups (NSGs) and Rout
## DNS
-The apps in your ASE will use the DNS that your VNet is configured with. If you want some apps to use a different DNS server, you can manually set it on a per app basis with the app settings WEBSITE_DNS_SERVER and WEBSITE_DNS_ALT_SERVER. The app setting WEBSITE_DNS_ALT_SERVER configures the secondary DNS server. The secondary DNS server is only used when there is no response from the primary DNS server.
+The apps in your ASE will use the DNS that your VNet is configured with. Follow the instructions in [Using an App Service Environment](https://docs.microsoft.com/azure/app-service/environment/using#dns-configuration) to configure your DNS server to point to your ASE. If you want some apps to use a different DNS server than what your VNet is configured with, you can manually set it on a per app basis with the app settings WEBSITE_DNS_SERVER and WEBSITE_DNS_ALT_SERVER. The app setting WEBSITE_DNS_ALT_SERVER configures the secondary DNS server. The secondary DNS server is only used when there is no response from the primary DNS server.
## Preview limitation
app-service https://docs.microsoft.com/en-us/azure/app-service/environment/using https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/using.md
@@ -73,7 +73,7 @@ The SCM URL is used to access the Kudu console or for publishing your app by usi
### DNS configuration
-The ASE uses private endpoints for inbound traffic and is automatically configured with Azure DNS private zones. If you want to use your own DNS server, you need to add the following records:
+The ASE uses private endpoints for inbound traffic. It is not automatically configured with Azure DNS private zones. If you want to use your own DNS server, you need to add the following records:
1. create a zone for &lt;ASE name&gt;.appserviceenvironment.net 1. create an A record in that zone that points * to the inbound IP address used by your ASE private endpoint
@@ -81,6 +81,13 @@ The ASE uses private endpoints for inbound traffic and is automatically configur
1. create a zone in &lt;ASE name&gt;.appserviceenvironment.net named scm 1. create an A record in the scm zone that points * to the IP address used by your ASE private endpoint
+To configure DNS in Azure DNS Private zones:
+
+1. create an Azure DNS private zone named <ASE name>.appserviceenvironment.net
+1. create an A record in that zone that points * to the ILB IP address
+1. create an A record in that zone that points @ to the ILB IP address
+1. create an A record in that zone that points *.scm to the ILB IP address
+ The DNS settings for your ASE default domain suffix don't restrict your apps to only being accessible by those names. You can set a custom domain name without any validation on your apps in an ASE. If you then want to create a zone named *contoso.net*, you could do so and point it to the inbound IP address. The custom domain name works for app requests but doesn't for the scm site. The scm site is only available at *&lt;appname&gt;.scm.&lt;asename&gt;.appserviceenvironment.net*. ## Publishing
app-service https://docs.microsoft.com/en-us/azure/app-service/tutorial-ruby-postgres-app https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/tutorial-ruby-postgres-app.md
@@ -33,6 +33,7 @@ To complete this tutorial:
- [Install Ruby 2.6](https://www.ruby-lang.org/en/documentation/installation/) - [Install Ruby on Rails 5.1](https://guides.rubyonrails.org/v5.1/getting_started.html) - [Install and run PostgreSQL](https://www.postgresql.org/download/)+ [!INCLUDE [azure-cli-prepare-your-environment-no-header.md](../../includes/azure-cli-prepare-your-environment-no-header.md)] ## Prepare local Postgres
azure-arc https://docs.microsoft.com/en-us/azure/azure-arc/servers/manage-vm-extensions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/manage-vm-extensions.md
@@ -1,7 +1,7 @@
--- title: VM extension management with Azure Arc enabled servers description: Azure Arc enabled servers can manage deployment of virtual machine extensions that provide post-deployment configuration and automation tasks with non-Azure VMs.
-ms.date: 12/14/2020
+ms.date: 01/07/2021
ms.topic: conceptual ---
@@ -38,21 +38,32 @@ VM extension functionality is available only in the list of [supported regions](
In this release, we support the following VM extensions on Windows and Linux machines.
-|Extension |OS |Publisher |Additional information |
-|----------|---|----------|-----------------------|
-|CustomScriptExtension |Windows |Microsoft.Compute |[Windows Custom Script Extension](../../virtual-machines/extensions/custom-script-windows.md)|
-|DSC |Windows |Microsoft.PowerShell|[Windows PowerShell DSC Extension](../../virtual-machines/extensions/dsc-windows.md)|
-|Log Analytics agent |Windows |Microsoft.EnterpriseCloud.Monitoring |[Log Analytics VM extension for Windows](../../virtual-machines/extensions/oms-windows.md)|
-|Microsoft Dependency agent | Windows |Microsoft.Compute | [Dependency agent virtual machine extension for Windows](../../virtual-machines/extensions/agent-dependency-windows.md)|
-|Key Vault | Windows | Microsoft.Compute | [Key Vault virtual machine extension for Windows](../../virtual-machines/extensions/key-vault-windows.md) |
-|CustomScript|Linux |Microsoft.Azure.Extension |[Linux Custom Script Extension Version 2](../../virtual-machines/extensions/custom-script-linux.md) |
-|DSC |Linux |Microsoft.OSTCExtensions |[PowerShell DSC Extension for Linux](../../virtual-machines/extensions/dsc-linux.md) |
-|Log Analytics agent |Linux |Microsoft.EnterpriseCloud.Monitoring |[Log Analytics VM extension for Linux](../../virtual-machines/extensions/oms-linux.md) |
-|Microsoft Dependency agent | Linux |Microsoft.Compute | [Dependency agent virtual machine extension for Linux](../../virtual-machines/extensions/agent-dependency-linux.md) |
-|Key Vault | Linux | Microsoft.Compute | [Key Vault virtual machine extension for Linux](../../virtual-machines/extensions/key-vault-linux.md) |
- To learn about the Azure Connected Machine agent package and details about the Extension agent component, see [Agent overview](agent-overview.md#agent-component-details).
+### Windows extensions
+
+|Extension |Publisher |Type |Additional information |
+|----------|----------|-----|-----------------------|
+|Azure Defender integrated vulnerability scanner |Qualys |WindowsAgent.AzureSecurityCenter |[Azure DefenderΓÇÖs integrated vulnerability assessment solution for Azure and hybrid machines](../../security-center/deploy-vulnerability-assessment-vm.md)|
+|Custom Script extension |Microsoft.Compute | CustomScriptExtension |[Windows Custom Script Extension](../../virtual-machines/extensions/custom-script-windows.md)|
+|PowerShell DSC |Microsoft.PowerShell |DSC |[Windows PowerShell DSC Extension](../../virtual-machines/extensions/dsc-windows.md)|
+|Log Analytics agent |Microsoft.EnterpriseCloud.Monitoring |MicrosoftMonitoringAgent |[Log Analytics VM extension for Windows](../../virtual-machines/extensions/oms-windows.md)|
+|Azure Monitor for VMs (insights) |Microsoft.Azure.Monitoring.DependencyAgent |DependencyAgentWindows | [Dependency agent virtual machine extension for Windows](../../virtual-machines/extensions/agent-dependency-windows.md)|
+|Azure Key Vault Certificate Sync | Microsoft.Azure.Key.Vault |KeyVaultForWindows | [Key Vault virtual machine extension for Windows](../../virtual-machines/extensions/key-vault-windows.md) |
+|Azure Monitor Agent |Microsoft.Azure.Monitor |AzureMonitorWindowsAgent |[Install the Azure Monitor agent (preview)](../../azure-monitor/platform/azure-monitor-agent-install.md) |
+
+### Linux extensions
+
+|Extension |Publisher |Type |Additional information |
+|----------|----------|-----|-----------------------|
+|Azure Defender integrated vulnerability scanner |Qualys |LinuxAgent.AzureSecurityCenter |[Azure DefenderΓÇÖs integrated vulnerability assessment solution for Azure and hybrid machines](../../security-center/deploy-vulnerability-assessment-vm.md)|
+|Custom Script extension |Microsoft.Azure.Extensions |CustomScript |[Linux Custom Script Extension Version 2](../../virtual-machines/extensions/custom-script-linux.md) |
+|PowerShell DSC |Microsoft.OSTCExtensions |DSCForLinux |[PowerShell DSC Extension for Linux](../../virtual-machines/extensions/dsc-linux.md) |
+|Log Analytics agent |Microsoft.EnterpriseCloud.Monitoring |OmsAgentForLinux |[Log Analytics VM extension for Linux](../../virtual-machines/extensions/oms-linux.md) |
+|Azure Monitor for VMs (insights) |Microsoft.Azure.Monitoring.DependencyAgent |DependencyAgentLinux |[Dependency agent virtual machine extension for Linux](../../virtual-machines/extensions/agent-dependency-linux.md) |
+|Azure Key Vault Certificate Sync | Microsoft.Azure.Key.Vault |KeyVaultForLinux | [Key Vault virtual machine extension for Linux](../../virtual-machines/extensions/key-vault-linux.md) |
+|Azure Monitor Agent |Microsoft.Azure.Monitor |AzureMonitorLinuxAgent |[Install the Azure Monitor agent (preview)](../../azure-monitor/platform/azure-monitor-agent-install.md) |
+ ## Prerequisites This feature depends on the following Azure resource providers in your subscription:
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-csharp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/create-first-function-vs-code-csharp.md
@@ -22,8 +22,7 @@ Before you get started, make sure you have the following requirements in place:
+ An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio).
-+ [Node.js](https://nodejs.org/), required by Windows for npm. Only [Active LTS and Maintenance LTS versions](https://nodejs.org/about/releases/). Use the `node --version` command to check your version.
- Not required for local development on macOS and Linux.
++ The [Azure Functions Core Tools](functions-run-local.md#install-the-azure-functions-core-tools) version 3.x. + [Visual Studio Code](https://code.visualstudio.com/) on one of the [supported platforms](https://code.visualstudio.com/docs/supporting/requirements#_platforms).
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/create-first-function-vs-code-powershell.md
@@ -21,8 +21,7 @@ Before you get started, make sure you have the following requirements in place:
+ An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio).
-+ [Node.js](https://nodejs.org/), required by Windows for npm. Only [Active LTS and Maintenance LTS versions](https://nodejs.org/about/releases/). Use the `node --version` command to check your version.
- Not required for local development on macOS and Linux.
++ The [Azure Functions Core Tools](functions-run-local.md#install-the-azure-functions-core-tools) version 3.x. + [PowerShell 7](/powershell/scripting/install/installing-powershell-core-on-windows)
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/create-first-function-vs-code-python.md
@@ -22,8 +22,7 @@ Before you get started, make sure you have the following requirements in place:
+ An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio).
-+ [Node.js](https://nodejs.org/), required by Windows for npm. Only [Active LTS and Maintenance LTS versions](https://nodejs.org/about/releases/). Use the `node --version` command to check your version.
- Not required for local development on macOS and Linux.
++ The [Azure Functions Core Tools](functions-run-local.md#install-the-azure-functions-core-tools) version 3.x. + [Python 3.8](https://www.python.org/downloads/release/python-381/), [Python 3.7](https://www.python.org/downloads/release/python-375/), [Python 3.6](https://www.python.org/downloads/release/python-368/) are supported by Azure Functions (x64).
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-create-first-azure-function.md
@@ -56,13 +56,13 @@ Next, create a function in the new function app.
![Copy the function URL from the Azure portal](./media/functions-create-first-azure-function/function-app-develop-tab-testing.png)
-1. Paste the function URL into your browser's address bar. Add the query string value `&name=<your_name>` to the end of this URL and press Enter to run the request.
+1. Paste the function URL into your browser's address bar. Add the query string value `?name=<your_name>` to the end of this URL and press Enter to run the request.
The following example shows the response in the browser: ![Function response in the browser.](./media/functions-create-first-azure-function/function-app-browser-testing.png)
- The request URL includes a key that is required, by default, to access your function over HTTP.
+ If the request URL included an [access key](functions-bindings-http-webhook-trigger.md#authorization-keys) (`?code=...`), it means you choose **Function** instead of **Anonymous** access level when creating the function. In this case, you should instead append `&name=<your_name>`.
1. When your function runs, trace information is written to the logs. To see the trace output, return to the **Code + Test** page in the portal and expand the **Logs** arrow at the bottom of the page.
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/platform/action-groups.md
@@ -312,7 +312,11 @@ Pricing for supported countries/regions is listed in the [Azure Monitor pricing
### Webhook > [!NOTE]
-> Using the webhook action requires that the target webhook endpoint either doesn't require details of the alert to function successfully or it's capable of parsing the alert context information that's provided as part of the POST operation. If the webhook endpoint can't handle the alert context information on its own, you can use a solution like a [Logic App action](./action-groups-logic-app.md) for a custom manipulation of the alert context information to match the webhook's expected data format.
+> Using the webhook action requires that the target webhook endpoint either doesn't require details of the alert to function successfully or it's capable of parsing the alert context information that's provided as part of the POST operation.
+
+> User should be the **owner** of webhook service principal in order to make sure security is not violated. As any azure customer can access all object Ids through portal, without checking the owner, anyone can add the secure webhook to their own action group for azure monitor alert notification which violate security.
+
+> If the webhook endpoint can't handle the alert context information on its own, you can use a solution like a [Logic App action](./action-groups-logic-app.md) for a custom manipulation of the alert context information to match the webhook's expected data format.
Webhooks are processed using the following rules - A webhook call is attempted a maximum of 3 times.
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-connections-servicenow https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/platform/itsmc-connections-servicenow.md
@@ -1,6 +1,6 @@
--- title: Connect ServiceNow with IT Service Management Connector
-description: This article provides information about how to ServiceNow with the IT Service Management Connector (ITSMC) in Azure Monitor to centrally monitor and manage the ITSM work items.
+description: Learn how to connect ServiceNow with the IT Service Management Connector (ITSMC) in Azure Monitor to centrally monitor and manage ITSM work items.
ms.subservice: logs ms.topic: conceptual author: nolavime
@@ -11,132 +11,135 @@ ms.date: 12/21/2020
# Connect ServiceNow with IT Service Management Connector
-This article provides information about how to configure the connection between your ServiceNow instance and the IT Service Management Connector (ITSMC) in Log Analytics to centrally manage your work items.
-
-The following sections provide details about how to connect your ServiceNow product to ITSMC in Azure.
+This article shows you how to configure the connection between a ServiceNow instance and the IT Service Management Connector (ITSMC) in Log Analytics, so you can centrally manage your IT Service Management (ITSM) work items.
## Prerequisites
-Ensure the following prerequisites are met:
-- ITSMC installed. More information: [Adding the IT Service Management Connector Solution](./itsmc-definition.md#add-it-service-management-connector).-- ServiceNow supported versions: Orlando, New York, Madrid, London, Kingston, Jakarta, Istanbul, Helsinki, Geneva.-- Today the alerts that are sent from Azure Monitor can create in ServiceNow one of the following elements: Events, Incidents or Alerts.
-> [!NOTE]
-> ITSMC supports only the official SaaS offering from Service Now. Private deployments of Service Now are not supported.
-
-**ServiceNow Admins must do the following in their ServiceNow instance**:
-- Generate client ID and client secret for the ServiceNow product. For information on how to generate client ID and secret, see the following information as required:-
- - [Set up OAuth for Orlando](https://docs.servicenow.com/bundle/orlando-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for New York](https://docs.servicenow.com/bundle/newyork-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for Madrid](https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for London](https://docs.servicenow.com/bundle/london-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for Kingston](https://docs.servicenow.com/bundle/kingston-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for Jakarta](https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for Istanbul](https://docs.servicenow.com/bundle/istanbul-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for Helsinki](https://docs.servicenow.com/bundle/helsinki-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
- - [Set up OAuth for Geneva](https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/administer/security/task/t_SettingUpOAuth.html)
-> [!NOTE]
-> As a part of the definition of the ΓÇ£Set up OAuthΓÇ¥ we would recommend:
->
-> 1) **Update the refresh token lifespan to 90 days (7,776,000 seconds):**
-> As a part of the [Set up OAuth](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.servicenow.com%2Fbundle%2Fnewyork-platform-administration%2Fpage%2Fadminister%2Fsecurity%2Ftask%2Ft_SettingUpOAuth.html&data=02%7C01%7CNoga.Lavi%40microsoft.com%7C2c6812e429a549e71cdd08d7d1b148d8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637208431696739125&sdata=Q7mF6Ej8MCupKaEJpabTM56EDZ1T8vFVyihhoM594aA%3D&reserved=0) in phase 2: [Create an endpoint for clients to access the instance](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.servicenow.com%2Fbundle%2Fnewyork-platform-administration%2Fpage%2Fadminister%2Fsecurity%2Ftask%2Ft_CreateEndpointforExternalClients.html&data=02%7C01%7CNoga.Lavi%40microsoft.com%7C2c6812e429a549e71cdd08d7d1b148d8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637208431696749123&sdata=hoAJHJAFgUeszYCX1Q%2FXr4N%2FAKiFcm5WV7mwR2UqeWA%3D&reserved=0)
-> After the definition of the endpoint, In ServiceNow blade search for System OAuth than select Application Registry. Pick the name of the OAuth that was defined and update the field of Refresh token Lifespan to 7,776,000 (90 days in seconds).
-> At the end click update.
-> 2) **We recommend to establish an internal procedure to ensure the connection remains alive:**
-> According to the Refresh Token Lifespan to refresh the token. Please make sure to perform the following operations prior refresh token expected expiration time (Couple of days before the Refresh Token Lifespan expires we recommend):
->
-> 1. [Complete a manual sync process for ITSM connector configuration](./itsmc-resync-servicenow.md)
-> 2. Revoke to the old refresh token as it is not recommended to keep old keys from for security reasons. In ServiceNow blade search for System OAuth than select Manage Tokens. Pick the old token from the list according to the OAuth name and expiration date.
-> ![SNOW system OAuth definition](media/itsmc-connections/snow-system-oauth.png)
-> 3. Click on Revoke Access and than on Revoke.
--- Install the User App for Microsoft Log Analytics integration (ServiceNow app). [Learn more](https://store.servicenow.com/sn_appstore_store.do#!/store/application/ab0265b2dbd53200d36cdc50cf961980/1.0.1 ).
-> [!NOTE]
-> ITSMC supports only the official User App for Microsoft Log Analytics integration that is downloaded from ServiceNow store. ITSMC do not support any code ingestion in ServiceNow side or the application that is not part of the official ServiceNow solution.
-- Create integration user role for the user app installed. Information on how to create the integration user role is [here](#create-integration-user-role-in-servicenow-app).
+Ensure that you meet the following prerequisites for the connection.
-## **Connection procedure**
-Use the following procedure to create a ServiceNow connection:
+### ITSMC installation
+For information about installing ITSMC, see [Add the IT Service Management Connector solution](./itsmc-definition.md#add-it-service-management-connector).
-1. In Azure portal, go to **All Resources** and look for **ServiceDesk(YourWorkspaceName)**
+> [!NOTE]
+> ITSMC supports only the official software as a service (SaaS) offering from ServiceNow. Private deployments of ServiceNow are not supported.
-2. Under **WORKSPACE DATA SOURCES** click **ITSM Connections**.
- ![New connection](media/itsmc-connections/add-new-itsm-connection.png)
+### OAuth setup
-3. At the top of the right pane, click **Add**.
+ServiceNow supported versions include Orlando, New York, Madrid, London, Kingston, Jakarta, Istanbul, Helsinki, and Geneva.
-4. Provide the information as described in the following table, and click **OK** to create the connection.
+ServiceNow admins must generate a client ID and client secret for their ServiceNow instance. See the following information as required:
+- [Set up OAuth for Orlando](https://docs.servicenow.com/bundle/orlando-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for New York](https://docs.servicenow.com/bundle/newyork-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for Madrid](https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for London](https://docs.servicenow.com/bundle/london-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for Kingston](https://docs.servicenow.com/bundle/kingston-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for Jakarta](https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for Istanbul](https://docs.servicenow.com/bundle/istanbul-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for Helsinki](https://docs.servicenow.com/bundle/helsinki-platform-administration/page/administer/security/task/t_SettingUpOAuth.html)
+- [Set up OAuth for Geneva](https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/administer/security/task/t_SettingUpOAuth.html)
-> [!NOTE]
-> All these parameters are mandatory.
+As a part of setting up OAuth, we recommend:
-| **Field** | **Description** |
-| --- | --- |
-| **Connection Name** | Type a name for the ServiceNow instance that you want to connect with ITSMC. You use this name later in Log Analytics when you configure work items in this ITSM/ view detailed log analytics. |
-| **Partner type** | Select **ServiceNow**. |
-| **Username** | Type the integration user name that you created in the ServiceNow app to support the connection to ITSMC. More information: [Create ServiceNow app user role](#create-integration-user-role-in-servicenow-app).|
-| **Password** | Type the password associated with this user name. **Note**: User name and password are used for generating authentication tokens only, and are not stored anywhere within the ITSMC service. |
-| **Server URL** | Type the URL of the ServiceNow instance that you want to connect to ITSMC. The URL should point to a supported SaaS version with suffix ".servicenow.com".|
-| **Client ID** | Type the client ID that you want to use for OAuth2 Authentication, which you generated earlier. More information on generating client ID and secret: [OAuth Setup](https://wiki.servicenow.com/index.php?title=OAuth_Setup). |
-| **Client Secret** | Type the client secret, generated for this ID. |
-| **Data Sync Scope** | Select the ServiceNow work items that you want to sync to Azure Log Analytics, through the ITSMC. The selected values are imported into log analytics. **Options:** Incidents and Change Requests.|
-| **Sync Data** | Type the number of past days that you want the data from. **Maximum limit**: 120 days. |
-| **Create new configuration item in ITSM solution** | Select this option if you want to create the configuration items in the ITSM product. When selected, ITSMC creates the affected CIs as configuration items (in case of non-existing CIs) in the supported ITSM system. **Default**: disabled. |
+1. [Create an endpoint for clients to access the instance](https://docs.servicenow.com/bundle/newyork-platform-administration/page/administer/security/task/t_CreateEndpointforExternalClients.html).
-![ServiceNow connection](media/itsmc-connections/itsm-connection-servicenow-connection-latest.png)
+1. Update the lifespan of the refresh token:
-**When successfully connected, and synced**:
+ 1. On the **ServiceNow** pane, search for **System OAuth**, and then select **Application Registry**.
+ 1. Select the name of the OAuth that was defined, and change **Refresh Token Lifespan** to **7,776,000 seconds** (90 days).
+ 1. Select **Update**.
-- Selected work items from ServiceNow instance are imported into Azure **Log Analytics.** You can view the summary of these work items on the IT Service Management Connector tile.
+1. Establish an internal procedure to ensure that the connection remains alive. A couple of days before the expected expiration of the refresh token lifespan, perform the following operations:
-- You can create incidents from Log Analytics alerts or from log records, or from Azure alerts in this ServiceNow instance.
+ 1. [Complete a manual sync process for ITSM connector configuration](./itsmc-resync-servicenow.md).
-> [!NOTE]
-> In ServiceNow there is a rate limit for requests per hour.
-> In order to configure the limit use this by defining "Inbound REST API rate limiting" in the ServiceNow instance.
+ 1. Revoke to the old refresh token. We don't recommend keeping old keys for security reasons.
+
+ 1. On the **ServiceNow** pane, search for **System OAuth**, and then select **Manage Tokens**.
+
+ 1. Select the old token from the list according to the OAuth name and expiration date.
+
+ ![Screenshot that shows a list of tokens for OAuth.](media/itsmc-connections/snow-system-oauth.png)
+ 1. Select **Revoke Access** > **Revoke**.
-## Create integration user role in ServiceNow app
+## Install the user app and create the user role
-User the following procedure:
+Use the following procedure to install the Service Now user app and create the integration user role for it. You'll use these credentials to make the ServiceNow connection in Azure.
+
+> [!NOTE]
+> ITSMC supports only the official user app for Microsoft Log Analytics integration that's downloaded from the ServiceNow store. ITSMC does not support any code ingestion on the ServiceNow side or any application that's not part of the official ServiceNow solution.
-1. Visit the [ServiceNow store](https://store.servicenow.com/sn_appstore_store.do#!/store/application/ab0265b2dbd53200d36cdc50cf961980/1.0.1) and install the **User App for ServiceNow and Microsoft OMS Integration** into your ServiceNow Instance.
+1. Visit the [ServiceNow store](https://store.servicenow.com/sn_appstore_store.do#!/store/application/ab0265b2dbd53200d36cdc50cf961980/1.0.1) and install **User App for ServiceNow and Microsoft OMS Integration** in your ServiceNow instance.
>[!NOTE]
- >As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, OMS is now referred to as Log Analytics.
-2. After installation, visit the left navigation bar of the ServiceNow instance, search, and select Microsoft OMS integrator.
-3. Click **Installation Checklist**.
+ >As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, OMS is now called Log Analytics.
+2. After installation, go to the left navigation bar of the ServiceNow instance, and then search for and select **Microsoft OMS integrator**.
+3. Select **Installation Checklist**.
- The status is displayed as **Not complete** if the user role is yet to be created.
+ The status is displayed as **Not complete** because the user role is not yet created.
-4. In the text boxes, next to **Create integration user**, enter the user name for the user that can connect to ITSMC in Azure.
-5. Enter the password for this user, and click **OK**.
+4. In the text box next to **Create integration user**, enter the name for the user who can connect to ITSMC in Azure.
+5. Enter the password for this user, and then select **OK**.
-> [!NOTE]
-> You use these credentials to make the ServiceNow connection in Azure.
-
-The newly created user is displayed with the default roles assigned.
+The newly created user is displayed with the default roles assigned:
-**Default roles**:
- personalize_choices - import_transformer-- x_mioms_microsoft.user-- itil-- template_editor-- view_changer
+- x_mioms_microsoft.user
+- itil
+- template_editor
+- view_changer
-Once the user is successfully created, the status of **Check Installation Checklist** moves to Completed, listing the details of the user role created for the app.
+After you successfully create the user, the status of **Check Installation Checklist** moves to **Completed** and lists the details of the user role created for the app.
> [!NOTE]
-> ITSM Connector can send incidents to ServiceNow without any other modules installed on your ServiceNow instance. If you are using EventManagement module in your ServiceNow instance and wish to create Events or Alerts in ServiceNow using the connector, add the following roles to the integration user:
+> ITSMC can send incidents to ServiceNow without any other modules installed on your ServiceNow instance. If you're using the EventManagement module in your ServiceNow instance and want to create events or alerts in ServiceNow by using the connector, add the following roles to the integration user:
>
-> - evt_mgmt_integration
-> - evt_mgmt_operator
+> - evt_mgmt_integration
+> - evt_mgmt_operator
+
+## Create a connection
+Use the following procedure to create a ServiceNow connection.
+> [!NOTE]
+> The alerts that are sent from Azure Monitor can create one of the following elements in ServiceNow: events, incidents, or alerts.
+
+1. In Azure portal, go to **All Resources** and look for **ServiceDesk(YourWorkspaceName)**.
+
+2. Under **Workspace Data Sources**, select **ITSM Connections**.
+
+ ![Screenshot that shows selection of a data source.](media/itsmc-connections/add-new-itsm-connection.png)
+
+3. At the top of the right pane, select **Add**.
+
+4. Provide the information as described in the following table, and then select **OK**.
+
+ | **Field** | **Description** |
+ | --- | --- |
+ | **Connection Name** | Enter a name for the ServiceNow instance that you want to connect with ITSMC. You use this name later in Log Analytics when you configure ITSM work items and view detailed analytics. |
+ | **Partner Type** | Select **ServiceNow**. |
+ | **Server Url** | Enter the URL of the ServiceNow instance that you want to connect to ITSMC. The URL should point to a supported SaaS version with the suffix *.servicenow.com*.|
+ | **Username** | Enter the integration username that you created in the ServiceNow app to support the connection to ITSMC.|
+ | **Password** | Enter the password associated with this username. **Note**: The username and password are used for generating authentication tokens only. They're not stored anywhere within the ITSMC service. |
+ | **Client Id** | Enter the client ID that you want to use for OAuth2 authentication, which you generated earlier. For more information on generating a client ID and a secret, see [Set up OAuth](https://wiki.servicenow.com/index.php?title=OAuth_Setup). |
+ | **Client Secret** | Enter the client secret generated for this ID. |
+ | **Data Sync Scope (in Days)** | Enter the number of past days that you want the data from. The limit is 120 days. |
+ | **Work Items To Sync** | Select the ServiceNow work items that you want to sync to Azure Log Analytics, through ITSMC. The selected values are imported into Log Analytics. Options are incidents and change requests.|
+ | **Create New Configuration Item in ITSM Product** | Select this option if you want to create the configuration items in the ITSM product. When it's selected, ITSMC creates configuration items (if none exist) in the supported ITSM system. It's disabled by default. |
+
+![Screenshot of boxes and options for adding a ServiceNow connection.](media/itsmc-connections/itsm-connection-servicenow-connection-latest.png)
+
+When you're successfully connected and synced:
+
+- Selected work items from the ServiceNow instance are imported into Log Analytics. You can view the summary of these work items on the **IT Service Management Connector** tile.
+
+- You can create incidents from Log Analytics alerts or log records, or from Azure alerts in this ServiceNow instance.
+
+> [!NOTE]
+> ServiceNow has a rate limit for requests per hour. To configure the limit, define **Inbound REST API rate limiting** in the ServiceNow instance.
## Next steps
-* [ITSM Connector Overview](itsmc-overview.md)
+* [ITSM Connector overview](itsmc-overview.md)
* [Create ITSM work items from Azure alerts](./itsmc-definition.md#create-itsm-work-items-from-azure-alerts)
-* [Troubleshooting problems in ITSM Connector](./itsmc-resync-servicenow.md)
\ No newline at end of file
+* [Troubleshooting problems in the ITSM Connector](./itsmc-resync-servicenow.md)
\ No newline at end of file
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-definition https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/platform/itsmc-definition.md
@@ -133,24 +133,25 @@ Use the following procedure to create action groups:
* In a case you select in the work item dropdown "Incident" or "Alert": * If you check the **"Create individual work items for each Configuration Item"** check box, every configuration item in every alert will create a new work item. There can be more than one work item per configuration item in the ITSM system.
- For example:
- 1) Alert 1 with 3 Configuration Items: A, B, C - will create 3 work items.
- 2) Alert 2 with 1 Configuration Item: A - will create 1 work item.
- >[!NOTE]
- > In this case some of the fired alert will not generate new work items in the ITSM tool.
+ For example:
+ 1) Alert 1 with 3 Configuration Items: A, B, C - will create 3 work items.
+ 2) Alert 2 with 1 Configuration Item: A - will create 1 work item.
* If you clear the **"Create individual work items for each Configuration Item"** check box, ITSM connector will create a single work item for each alert rule and append to it all impacted configuration items. A new work item will be created if the previous one is closed.
- For example:
- 1) Alert 1 with 3 Configuration Items: A, B, C - will create 1 work item.
- 2) Alert 2 for the same alert rule as phase 1 with 1 Configuration Item: D - will be merged to the work item in phase 1.
- 3) Alert 3 for a different alert rule with 1 Configuration Item: E - will create 1 work item.
+ >[!NOTE]
+ > In this case some of the fired alert will not generate new work items in the ITSM tool.
+
+ For example:
+ 1) Alert 1 with 3 Configuration Items: A, B, C - will create 1 work item.
+ 2) Alert 2 for the same alert rule as phase 1 with 1 Configuration Item: D - will be merged to the work item in phase 1.
+ 3) Alert 3 for a different alert rule with 1 Configuration Item: E - will create 1 work item.
![Screenshot that shows the ITSM Incident window.](media/itsmc-overview/itsm-action-configuration.png) * In a case you select in the work item dropdown "Event":
- * If you select **"Create individual work items for each Log Entry (Configuration item field is not filled. Can result in large number of work items.)"** in the radio buttons selection, an alert will be created per each row in the search results of the log search alert query. In the payload of the alert the description property will have the row from the search results.
+ * If you select **"Create individual work items for each Log Entry (Configuration item field is not filled. Can result in large number of work items.)"** in the radio buttons selection, a work item will be created per each row in the search results of the log search alert query. In the payload of the work item the description property will have the row from the search results.
* If you select **"Create individual work items for each Configuration Item"** in the radio buttons selection, every configuration item in every alert will create a new work item. There can be more than one work item per configuration item in the ITSM system. This will be the same as the checking the checkbox in Incident/Alert section. ![Screenshot that shows the ITSM Event window.](media/itsmc-overview/itsm-action-configuration-event.png)
azure-relay https://docs.microsoft.com/en-us/azure/azure-relay/relay-hybrid-connections-protocol https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-relay/relay-hybrid-connections-protocol.md
@@ -14,9 +14,9 @@ equally named _BizTalk Services_ feature that was built on a proprietary
protocol foundation. The integration of Hybrid Connections into Azure App Services will continue to function as-is.
-Hybrid Connections enables bi-directional, binary stream communication and
+Hybrid Connections enables bi-directional, request-response, and binary stream communication, and
simple datagram flow between two networked applications. Either or
-both parties can reside behind NATs or firewalls.
+both parties can be behind NATs or firewalls.
This article describes the client-side interactions with the Hybrid Connections relay for connecting clients in listener and sender roles. It also describes how
@@ -35,7 +35,7 @@ The service allows for relaying Web Socket connections and HTTP(S)
requests and responses. The interaction model leans on the nomenclature established by many other
-networking APIs. There is a listener that first indicates readiness to handle
+networking APIs. There's a listener that first indicates readiness to handle
incoming connections, and subsequently accepts them as they arrive. On the other side, a client connects towards the listener, expecting that connection to be accepted for establishing a bi-directional communication path. "Connect,"
@@ -46,7 +46,7 @@ towards a service endpoint. This makes the "listener" also a "client" in
colloquial use, and may also cause other terminology overloads. The precise terminology therefore used for Hybrid Connections is as follows:
-The programs on both sides of a connection are called "clients," since they are
+The programs on both sides of a connection are called "clients," since they're
clients to the service. The client that waits for and accepts connections is the "listener," or is said to be in the "listener role." The client that initiates a new connection towards a listener via the service is called the
@@ -90,7 +90,7 @@ for as long as the sender is willing to wait for the connection to be
established end-to-end. The maximum to assume is 30 seconds. The URL can only be used for one successful connection attempt. As soon as the WebSocket connection with the rendezvous URL is established, all further activity on this
-WebSocket is relayed from and to the sender. This happens without any
+WebSocket is relayed from and to the sender. This behavior happens without any
intervention or interpretation by the service. ### Request message
@@ -107,8 +107,7 @@ service in the future.
HTTP frame header metadata is translated into JSON for simpler handling by the listener framework, also because HTTP header parsing libraries are rarer than JSON parsers. HTTP metadata that is only relevant for the relationship between
-the sender and the Relay HTTP gateway, including authorization information, is
-not forwarded. HTTP request bodies are transparently transferred as binary
+the sender and the Relay HTTP gateway, including authorization information, isn't forwarded. HTTP request bodies are transparently transferred as binary
WebSocket frames. The listener can respond to HTTP requests using an equivalent response gesture.
@@ -129,8 +128,8 @@ For requests, the service decides whether to route requests over the control
channel. This includes, but may not be limited to cases where a request exceeds 64 kB (headers plus body) outright, or if the request is sent with ["chunked" transfer-encoding](https://tools.ietf.org/html/rfc7230#section-4.1) and the
-service has reason to expect for the request to exceed 64kB or reading the
-request is not instantaneous. If the service chooses to deliver the request
+service has reason to expect for the request to exceed 64 kB or reading the
+request isn't instantaneous. If the service chooses to deliver the request
over rendezvous, it only passes the rendezvous address to the listener. The listener then MUST establish the rendezvous WebSocket and the service promptly delivers the full request including bodies over the rendezvous
@@ -288,7 +287,7 @@ Azure support personnel:
| ---- | -------------- | ------------------------------------------------------------------- | 404 | Not Found | The Hybrid Connection path is invalid or the base URL is malformed. | 401 | Unauthorized | The security token is missing or malformed or invalid.
-| 403 | Forbidden | The security token is not valid for this path for this action.
+| 403 | Forbidden | The security token isn't valid for this path for this action.
| 500 | Internal Error | Something went wrong in the service. If the WebSocket connection is intentionally shut down by the service after it
@@ -316,8 +315,7 @@ properties at this time:
* **address** ΓÇô the URL string to be used for establishing the WebSocket to the service to accept an incoming connection. * **id** ΓÇô the unique identifier for this connection. If the ID was supplied by
- the sender client, it is the sender supplied value, otherwise it is a system
- generated value.
+ the sender client, it is the sender supplied value, otherwise it is a system-generated value.
* **connectHeaders** ΓÇô all HTTP headers that have been supplied to the Relay endpoint by the sender, which also includes the Sec-WebSocket-Protocol and the Sec-WebSocket-Extensions headers.
@@ -367,8 +365,8 @@ fixed `$hc/` path portion.
The `path` expression may be extended with a suffix and a query string expression that follows the registered name after a separating forward slash.
-This enables the sender client to pass dispatch arguments to the accepting
-listener when it is not possible to include HTTP headers. The expectation is
+This parameter enables the sender client to pass dispatch arguments to the accepting
+listener when it isn't possible to include HTTP headers. The expectation is
that the listener framework parses out the fixed path portion and the registered name from the path and makes the remainder, possibly without any query string arguments prefixed by `sb-`, available to the application for
@@ -380,7 +378,7 @@ If there is an error, the service can reply as follows:
| Code | Error | Description | ---- | -------------- | -----------------------------------
-| 403 | Forbidden | The URL is not valid.
+| 403 | Forbidden | The URL isn't valid.
| 500 | Internal Error | Something went wrong in the service After the connection has been established, the server shuts down the WebSocket
@@ -420,7 +418,7 @@ the following codes describe the error:
| Code | Error | Description | | ---- | -------------- | ------------------------------------ |
-| 403 | Forbidden | The URL is not valid. |
+| 403 | Forbidden | The URL isn't valid. |
| 500 | Internal Error | Something went wrong in the service. | #### Request message
@@ -430,8 +428,7 @@ the control channel. The same message is also sent over the rendezvous
WebSocket once established. The `request` consists of two parts: a header and binary body frame(s).
-If there is no body, the body frames are omitted. The indicator for
-whether a body is present is the boolean `body` property in the request
+If there is no body, the body frames are omitted. The boolean `body` property indicates whether a body is present in the request
message. For a request with a request body, the structure may look like this:
@@ -474,7 +471,7 @@ For a request without a body, there's only one text frame.
The JSON content for `request` is as follows:
-* **address** - URI string. This is the rendezvous address to use for this request. If the
+* **address** - URI string. It's the rendezvous address to use for this request. If the
incoming request is larger than 64 kB, the remainder of this message is left empty, and the client MUST initiate a rendezvous handshake equivalent to the `accept` operation described below. The service will then put the complete
@@ -498,11 +495,11 @@ The JSON content for `request` is as follows:
* `Upgrade` (RFC7230, Section 6.7) * `Close` (RFC7230, Section 8.1)
-* **requestTarget** ΓÇô string. This property holds the ["Request Target" (RFC7230, Section 5.3)](https://tools.ietf.org/html/rfc7230#section-5.3) of the request. This includes
+* **requestTarget** ΓÇô string. This property holds the ["Request Target" (RFC7230, Section 5.3)](https://tools.ietf.org/html/rfc7230#section-5.3) of the request. It includes
the query string portion, which is stripped of ALL `sb-hc-` prefixed parameters. * **method** - string. This is the method of the request, per [RFC7231, Section 4](https://tools.ietf.org/html/rfc7231#section-4). The `CONNECT` method MUST NOT be used.
-* **body** ΓÇô boolean. Indicates whether one or more binary body frame follows.
+* **body** ΓÇô boolean. Indicates whether one or more binary body frames follows.
``` JSON {
@@ -680,7 +677,7 @@ Azure support personnel:
| ---- | -------------- | ------------------------------------------------------------------- | 404 | Not Found | The Hybrid Connection path is invalid or the base URL is malformed. | 401 | Unauthorized | The security token is missing or malformed or invalid.
-| 403 | Forbidden | The security token is not valid for this path and for this action.
+| 403 | Forbidden | The security token isn't valid for this path and for this action.
| 500 | Internal Error | Something went wrong in the service. If the WebSocket connection is intentionally shut down by the service after it
@@ -690,9 +687,9 @@ message that also includes a tracking ID.
| WS Status | Description | --------- | -------------------------------------------------------------------------------
-| 1000 | The listener shut down the socket.
+| 1000 | The listener shutdown the socket.
| 1001 | The Hybrid Connection path has been deleted or disabled.
-| 1008 | The security token has expired, therefore the authorization policy is violated.
+| 1008 | The security token has expired, so the authorization policy is violated.
| 1011 | Something went wrong in the service. ### HTTP request protocol
@@ -710,7 +707,7 @@ namespace that hosts the Hybrid Connection, typically of the form
`{myname}.servicebus.windows.net`. The request can contain arbitrary extra HTTP headers, including
-application-defined ones. All supplied headers, except those directly defined
+application-defined ones. All supplied headers, except the ones directly defined
in RFC7230 (see [Request message](#request-message)) flow to the listener and can be found on the `requestHeader` object of the **request** message.
@@ -734,7 +731,7 @@ The service adds the Relay namespace hostname to `Via`.
| 200 | OK | The request has been handled by at least one listener. | | 202 | Accepted | The request has been accepted by at least one listener. |
-If there is an error, the service can reply as follows. Whether the response originates
+If there's an error, the service can reply as follows. Whether the response originates
from the service or from the listener can be identified through presence of the `Via` header. If the header is present, the response is from the listener.
@@ -742,10 +739,10 @@ header. If the header is present, the response is from the listener.
| ---- | --------------- |--------- | | 404 | Not Found | The Hybrid Connection path is invalid or the base URL is malformed. | 401 | Unauthorized | The security token is missing or malformed or invalid.
-| 403 | Forbidden | The security token is not valid for this path and for this action.
+| 403 | Forbidden | The security token isn't valid for this path and for this action.
| 500 | Internal Error | Something went wrong in the service.
-| 503 | Bad Gateway | The request could not be routed to any listener.
-| 504 | Gateway Timeout | The request was routed to a listener, but the listener did not acknowledge receipt in the required time.
+| 503 | Bad Gateway | The request couldn't be routed to any listener.
+| 504 | Gateway Timeout | The request was routed to a listener, but the listener didn't acknowledge receipt in the required time.
## Next steps
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/quota-increase-request https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/quota-increase-request.md
@@ -104,6 +104,7 @@ If your subscription needs access in a particular region, select the **Region ac
![Request region access](./media/quota-increase-request/quota-request.png)
+<!--
### <a id="mseries"></a> Enable M-series access to a region To enable M-series hardware for a subscription and region, a support request must be opened.
@@ -114,6 +115,7 @@ To enable M-series hardware for a subscription and region, a support request mus
![Request M-series region access](./media/quota-increase-request/quota-m-series.png)
+-->
## <a id="sqlmiquota"></a> SQL Managed Instance quota type
backup https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-vms-introduction.md
@@ -116,6 +116,7 @@ When you're configuring VM backups, we suggest following these practices:
- If you're restoring VMs from a single vault, we highly recommend that you use different [general-purpose v2 storage accounts](../storage/common/storage-account-upgrade.md) to ensure that the target storage account doesn't get throttled. For example, each VM must have a different storage account. For example, if 10 VMs are restored, use 10 different storage accounts. - For backup of VMs that are using premium storage with Instant Restore, we recommend allocating *50%* free space of the total allocated storage space, which is required **only** for the first backup. The 50% free space isn't a requirement for backups after the first backup is complete - The limit on the number of disks per storage account is relative to how heavily the disks are being accessed by applications that are running on an infrastructure as a service (IaaS) VM. As a general practice, if 5 to 10 disks or more are present on a single storage account, balance the load by moving some disks to separate storage accounts.
+- To restore VMs with managed disks using PowerShell, provide the additional parameter ***TargetResourceGroupName*** to specify the resource group to which managed disks will be restored, [Learn more here](https://docs.microsoft.com/azure/backup/backup-azure-vms-automation#restore-managed-disks).
## Backup costs
@@ -142,4 +143,4 @@ The actual size of the VM in this case is 17 GB + 30 GB + 0 GB = 47 GB. This pro
## Next steps -- [Prepare for Azure VM backup](backup-azure-arm-vms-prepare.md).\ No newline at end of file
+- [Prepare for Azure VM backup](backup-azure-arm-vms-prepare.md).
backup https://docs.microsoft.com/en-us/azure/backup/scripts/backup-powershell-sample-backup-encrypted-vm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/scripts/backup-powershell-sample-backup-encrypted-vm.md
@@ -8,7 +8,7 @@ ms.custom: mvc, devx-track-azurepowershell
# Back up an encrypted Azure virtual machine with PowerShell
-This script creates a Recovery Services vault with geo-redundant storage (GRS) for an encrypted Azure virtual machine. The default protection policy is applied to the vault. The policy generates a daily backup for the virtual machine, and retains each backup for 30 days. The script also triggers the initial recovery point for the virtual machine and retains that recovery point for 365 days.
+This script creates a Recovery Services vault with geo-redundant storage (GRS) for an encrypted Azure virtual machine. The default protection policy is applied to the vault. The policy generates a daily backup for the virtual machine, and retains each backup for 365 days. The script also triggers the initial recovery point for the virtual machine and retains that recovery point for 30 days.
[!INCLUDE [sample-powershell-install](../../../includes/sample-powershell-install-no-ssh.md)]
batch https://docs.microsoft.com/en-us/azure/batch/batch-pool-cloud-service-to-virtual-machine-configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/batch-pool-cloud-service-to-virtual-machine-configuration.md
@@ -2,14 +2,16 @@
title: Migrate Batch pool configuration from Cloud Services to Virtual Machines description: Learn how to update your pool configuration to the latest and recommended configuration ms.topic: how-to
-ms.date: 1/4/2021
+ms.date: 1/6/2021
--- # Migrate Batch pool configuration from Cloud Services to Virtual Machines Batch pools can be created using either [cloudServiceConfiguration](https://docs.microsoft.com/rest/api/batchservice/pool/add#cloudserviceconfiguration) or [virtualMachineConfiguration](https://docs.microsoft.com/rest/api/batchservice/pool/add#virtualmachineconfiguration). 'virtualMachineConfiguration' is the recommended configuration as it supports all Batch capabilities. 'cloudServiceConfiguration' pools do not support all features and no new features are planned.
-If you use 'cloudServiceConfiguration' pools, it is highly recommended that you move to use 'virtualMachineConfiguration' pools. This article describes how to migrate to the recommended 'virtualMachineConfiguration' configuration.
+If you use 'cloudServiceConfiguration' pools, it is highly recommended that you move to use 'virtualMachineConfiguration' pools. This will enable you to benefit from all Batch capabilities, such as an expanded [selection of VM series](batch-pool-vm-sizes.md), Linux VMs, [containers](batch-docker-container-workloads.md), [Azure Resource Manager virtual networks](batch-virtual-network.md), and [node disk encryption](disk-encryption.md).
+
+This article describes how to migrate to 'virtualMachineConfiguration'.
## New pools are required
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Computer-vision/intro-to-spatial-analysis-public-preview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/intro-to-spatial-analysis-public-preview.md
@@ -14,7 +14,7 @@ ms.date: 12/14/2020
# Introduction to Computer Vision spatial analysis
-Computer Vision spatial analysis is a new feature of Azure Cognitive Services Computer Vision that helps organizations maximize the value of their physical spaces by understanding people's movements and presence within a given area. It allows you to ingest video from CCTV or surveillance cameras, run AI operations to extract insights from the video streams, and generate events to be used by other systems. With input from a camera stream, an AI operation can do things like count the number of people entering a space or measure compliance with face mask and social distancing guidelines.
+Computer Vision spatial analysis is a new feature of Azure Cognitive Services Computer Vision that helps organizations maximize the value of their physical spaces by understanding people's movements and presence within a given area. It allows you to ingest video from CCTV or surveillance cameras, run AI skills to extract insights from the video streams, and generate events to be used by other systems. With input from a camera stream, an AI skill can do things like count the number of people entering a space or measure compliance with social distancing guidelines.
## The basics of spatial analysis
@@ -25,10 +25,9 @@ Today the core operations of spatial analysis are all built on a pipeline that i
| Term | Definition | |------|------------| | People Detection | This component answers the question "where are the people in this image"? It finds humans in an image and passes a bounding box indicating the location of each person to the people tracking component. |
-| People Tracking | This component connects the people detections over time as the people move around in front of a camera. It uses temporal logic about how people typically move and basic information about the overall appearance of the people to do this. It does not track people across multiple cameras. If a person exists the field of view from a camera for longer than approximately a minute and then re-enters the camera view, the system will perceive this as a new person. People Tracking does not uniquely identify individuals across cameras. It does not use facial recognition or gait tracking. |
-| Face Mask Detection | This component detects the location of a personΓÇÖs face in the cameraΓÇÖs field of view and identifies the presence of a face mask. To do so, the AI operation scans images from video; where a face is detected the service provides a bounding box around the face. Using object detection capabilities, it identifies the presence of face masks within the bounding box. Face Mask detection does not involve distinguishing one face from another face, predicting or classifying facial attributes or performing facial recognition. |
-| Region of Interest | This is a zone or line defined in the input video as part of configuration. When a person interacts with the region of the video the system generates an event. For example, for the PersonCrossingLine operation, a line is defined in the video. When a person crosses that line an event is generated. |
-| Event | An event is the primary output of spatial analysis. Each operation emits a specific event either periodically (ex. once per minute) or when a specific trigger occurs. The event includes information about what occurred in the input video but does not include any images or video. For example, the PeopleCount operation can emit an event containing the updated count every time the count of people changes (trigger) or once every minute (periodically). |
+| People Tracking | This component connects the people detections over time as the people move around in front of a camera. It uses temporal logic about how people typically move and basic information about the overall appearance of the people to do this. It cannot track people across multiple cameras or reidentify someone who has disappeared for more than approximately one minute. People Tracking does not use any biometric markers like face recognition or gait tracking. |
+| Region of Interest | This is a zone or line defined in the input video as part of configuration. When a person interacts with the region of the video the system generates an event. For example, for the PersonCrossingLine skill, a line is defined in the video. When a person crosses that line an event is generated. |
+| Event | An event is the primary output of spatial analysis. Each skill emits a specific event either periodically (ex. once per minute) or when a specific trigger occurs. The event includes information about what occurred in the input video but does not include any images or video. For example, the PeopleCount skill can emit an event containing the updated count every time the count of people changes (trigger) or once every minute (periodically). |
## Example use cases for spatial analysis
@@ -40,8 +39,6 @@ The following are example use cases that we had in mind as we designed and teste
**Queue Management** - Cameras pointed at checkout queues provide alerts to managers when wait time gets too long, allowing them to open more lines. Historical data on queue abandonment gives insights into consumer behavior.
-**Face Mask Compliance** ΓÇô Retail stores can use cameras pointing at the store fronts to check if customers walking into the store are wearing face masks to maintain safety compliance and analyze aggregate statistics to gain insights on mask usage trends.
- **Building Occupancy & Analysis** - An office building uses cameras focused on entrances to key spaces to measure footfall and how people use the workplace. Insights allow the building manager to adjust service and layout to better serve occupants. **Minimum Staff Detection** - In a data center, cameras monitor activity around servers. When employees are physically fixing sensitive equipment two people are always required to be present during the repair for security reasons. Cameras are used to verify that this guideline is followed.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/LUIS/luis-how-to-devops-with-github https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/LUIS/luis-how-to-devops-with-github.md
@@ -24,7 +24,7 @@ The [LUIS DevOps template repo](https://github.com/Azure-Samples/LUIS-DevOps-Tem
* **Clone the template repo** - Copy the template to your own GitHub repository. * **Configure LUIS resources** - Create the [LUIS authoring and prediction resources in Azure](./luis-how-to-azure-subscription.md) that will be used by the continuous integration workflows. * **Configure the CI/CD workflows** - Configure parameters for the CI/CD workflows and store them in [GitHub Secrets](https://help.github.com/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets).
-* **Walks through the ["dev inner loop"](https://mitchdenny.com/the-inner-loop/)** - The developer makes updates to a sample LUIS app while working in a development branch, tests the updates and then raises a pull request to propose changes and to seek review approval.
+* **Walks through the ["dev inner loop"](/dotnet/architecture/containerized-lifecycle/design-develop-containerized-apps/docker-apps-inner-loop-workflow)** - The developer makes updates to a sample LUIS app while working in a development branch, tests the updates and then raises a pull request to propose changes and to seek review approval.
* **Execute CI/CD workflows** - Execute [continuous integration workflows to build and test a LUIS app](luis-concept-devops-automation.md) using GitHub Actions. * **Perform automated testing** - Perform [automated batch testing for a LUIS app](luis-concept-devops-testing.md) to evaluate the quality of the app. * **Deploy the LUIS app** - Execute a [continuous delivery (CD) job](luis-concept-devops-automation.md#continuous-delivery-cd) to publish the LUIS app.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/LUIS/luis-limits https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/LUIS/luis-limits.md
@@ -24,7 +24,7 @@ If your app exceeds the LUIS model limits, consider using a [LUIS dispatch](luis
| External entities | no limits | | [Intents][intents]|500 per application: 499 custom intents, and the required _None_ intent.<br>[Dispatch-based](https://aka.ms/dispatch-tool) application has corresponding 500 dispatch sources.| | [List entities](./luis-concept-entity-types.md) | Parent: 50, child: 20,000 items. Canonical name is *default character max. Synonym values have no length restriction. |
-| [machine-learning entities + roles](./luis-concept-entity-types.md):<br> composite,<br>simple,<br>entity role|A limit of either 100 parent entities or 330 entities, whichever limit the user hits first. A role counts as an entity for the purpose of this limit. An example is a composite with a simple entity, which has 2 roles is: 1 composite + 1 simple + 2 roles = 4 of the 330 entities.<br>Subentities can be nested up to 5 levels.|
+| [machine-learning entities + roles](./luis-concept-entity-types.md):<br> composite,<br>simple,<br>entity role|A limit of either 100 parent entities or 330 entities, whichever limit the user hits first. A role counts as an entity for the purpose of this limit. An example is a composite with a simple entity, which has 2 roles is: 1 composite + 1 simple + 2 roles = 4 of the 330 entities.<br>Subentities can be nested up to 5 levels, with a maximum of 10 children per level.|
|Model as a feature| Maximum number of models that can be used as a feature to a specific model to be 10 models. The maximum number of phrase lists used as a feature for a specific model to be 10 phrase lists.| | [Preview - Dynamic list entities](./luis-migration-api-v3.md)|2 lists of ~1k per query prediction endpoint request| | [Patterns](luis-concept-patterns.md)|500 patterns per application.<br>Maximum length of pattern is 400 characters.<br>3 Pattern.any entities per pattern<br>Maximum of 2 nested optional texts in pattern|
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/LUIS/luis-reference-regions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/LUIS/luis-reference-regions.md
@@ -79,6 +79,7 @@ To publish to the other regions, you create LUIS apps at [https://www.luis.ai](h
| Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Japan West<br>`japanwest` | `https://japanwest.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` | | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Korea Central<br>`koreacentral` | `https://koreacentral.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` | | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Southeast Asia<br>`southeastasia` | `https://southeastasia.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
+| Asia | `westus`<br>[www.luis.ai][www.luis.ai]| North UAE<br>`northuae` | `https://northuae.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
| North America |`westus`<br>[www.luis.ai][www.luis.ai] | Canada Central<br>`canadacentral` | `https://canadacentral.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` | | North America |`westus`<br>[www.luis.ai][www.luis.ai] | Central US<br>`centralus` | `https://centralus.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` | | North America |`westus`<br>[www.luis.ai][www.luis.ai] | East US<br>`eastus` | `https://eastus.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
@@ -107,4 +108,4 @@ Authoring regions have [paired fail-over regions](../../best-practices-availabil
[www.luis.ai]: https://www.luis.ai [au.luis.ai]: https://au.luis.ai
- [eu.luis.ai]: https://eu.luis.ai
\ No newline at end of file
+ [eu.luis.ai]: https://eu.luis.ai
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/how-to-custom-speech-continuous-integration-continuous-deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-continuous-integration-continuous-deployment.md
@@ -78,7 +78,7 @@ For an already-implemented DevOps solution for Custom Speech, go to the [Speech
The [Speech DevOps template repo](https://github.com/Azure-Samples/Speech-Service-DevOps-Template) provides the infrastructure and detailed guidance to: - Copy the template repository to your GitHub account, then create Azure resources and a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) for the GitHub Actions CI/CD workflows.-- Walk through the "[dev inner loop](https://mitchdenny.com/the-inner-loop/)." Update training and testing data from a feature branch, test the changes with a temporary development model, and raise a pull request to propose and review the changes.
+- Walk through the "[dev inner loop](/dotnet/architecture/containerized-lifecycle/design-develop-containerized-apps/docker-apps-inner-loop-workflow)." Update training and testing data from a feature branch, test the changes with a temporary development model, and raise a pull request to propose and review the changes.
- When training data is updated in a pull request to *main*, train models with the GitHub Actions CI workflow. - Perform automated accuracy testing to establish a model's [Word Error Rate](how-to-custom-speech-evaluate-data.md#evaluate-custom-speech-accuracy) (WER). Store the test results in Azure Blob. - Execute the CD workflow to create an endpoint when the WER improves.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/how-to-custom-speech-train-model https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-train-model.md
@@ -30,12 +30,12 @@ If you're encountering recognition problems with a base model, you can use human
The first step to train a model is to upload training data. See [Prepare and test your data](./how-to-custom-speech-test-and-train.md) for step-by-step instructions to prepare human-labeled transcriptions and related text (utterances and pronunciations). After you upload training data, follow these instructions to start training your model:
-1. Sign in to the [Custom Speech portal](https://speech.microsoft.com/customspeech).
+1. Sign in to the [Custom Speech portal](https://speech.microsoft.com/customspeech). If you plan to train a model with audio + human-labeled transcription datasets, pick a Speech subscription in a [region with dedicated hardware](custom-speech-overview.md#set-up-your-azure-account) for training.
2. Go to **Speech-to-text** > **Custom Speech** > **[name of project]** > **Training**. 3. Select **Train model**. 4. Give your training a **Name** and **Description**. 5. In the **Scenario and Baseline model** list, select the scenario that best fits your domain. If you're not sure which scenario to choose, select **General**. The baseline model is the starting point for training. The latest model is usually the best choice.
-6. On the **Select training data** page, choose one or more audio + human-labeled transcription datasets that you want to use for training.
+6. On the **Select training data** page, choose one or more related text datasets or audio + human-labeled transcription datasets that you want to use for training. When you train a new model, start with related text; training with audio + human-labeled transcription might take much longer (up to [several days](how-to-custom-speech-evaluate-data.md#improve-model-recognition)).
7. After training is complete, you can do accuracy testing on the newly trained model. This step is optional. 8. Select **Create** to build your custom model.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/cpp/examples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/cpp/examples.md
@@ -6,7 +6,7 @@ ms.date: 03/09/2020
ms.author: trbye ---
-To stream in a compressed audio format to the Speech service, create `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
+To configure Speech SDK to accept compressed audio input, create `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
Let's assume that you have an input stream class called `pushStream` and are using OPUS/OGG. Your code may look like this:
@@ -36,4 +36,4 @@ auto recognizer = SpeechRecognizer::FromConfig(config, audioConfig);
auto result = recognizer->RecognizeOnceAsync().get(); auto text = result->Text;
-```
\ No newline at end of file
+```
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/csharp/examples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/csharp/examples.md
@@ -7,7 +7,7 @@ ms.author: trbye
ms.custom: devx-track-csharp ---
-To stream in a compressed audio format to the Speech service, create `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
+To configure Speech SDK to accept compressed audio input, create `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
Let's assume that you have an input stream class called `pushStream` and are using OPUS/OGG. Your code may look like this:
@@ -36,4 +36,4 @@ using var recognizer = new SpeechRecognizer(speechConfig, audioConfig);
var result = await recognizer.RecognizeOnceAsync(); var text = result.Text;
-```
\ No newline at end of file
+```
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/java/examples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/java/examples.md
@@ -6,7 +6,7 @@ ms.date: 03/09/2020
ms.author: trbye ---
-To stream in a compressed audio format to the Speech service, create a `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
+To configure Speech SDK to accept compressed audio input, create a `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
Let's assume that you have an input stream class called `pullStream` and are using OPUS/OGG. Your code may look like this:
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/objectivec/examples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/objectivec/examples.md
@@ -6,7 +6,7 @@ ms.date: 03/09/2020
ms.author: trbye ---
-To stream in a compressed audio format to the Speech service, create a `SPXPullAudioInputStream` or `SPXPushAudioInputStream`.
+To configure Speech SDK to accept compressed audio input, create a `SPXPullAudioInputStream` or `SPXPushAudioInputStream`.
The following snippet shows how to create a `SPXAudioConfiguration` from an instance of a `SPXPushAudioInputStream`, specifying an MP3 as the compression format of the stream.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/python/examples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/includes/how-to/compressed-audio-input/python/examples.md
@@ -6,7 +6,7 @@ ms.date: 03/09/2020
ms.author: amishu ---
-To stream in a compressed audio format to the Speech service, create `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
+To configure Speech SDK to accept compressed audio input, create `PullAudioInputStream` or `PushAudioInputStream`. Then, create an `AudioConfig` from an instance of your stream class, specifying the compression format of the stream.
Let's assume that your use case is to use `PullStream` for an `MP3` file. Your code may look like this:
@@ -84,4 +84,4 @@ def pull_audio_input_stream_compressed_mp3(mp3_file_path: str,
compressed_format = speechsdk.audio.AudioStreamFormat(compressed_stream_format=speechsdk.AudioStreamContainerFormat.MP3) compressed_stream_helper(compressed_format, mp3_file_path, default_speech_auth)
-```
\ No newline at end of file
+```
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/language-support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/language-support.md
@@ -8,7 +8,7 @@ manager: nitinme
ms.service: cognitive-services ms.subservice: speech-service ms.topic: conceptual
-ms.date: 03/26/2020
+ms.date: 01/07/2021
ms.author: trbye ms.custom: references_regions ---
@@ -48,9 +48,9 @@ https://cris.ai -> Click on Adaptation Data -> scroll down to section "Pronuncia
| Arabic (United Arab Emirates) | `ar-AE` | Language model | | Bulgarian (Bulgaria) | `bg-BG` | Language model | | Catalan (Spain) | `ca-ES` | Language model |
-| Chinese (Cantonese, Traditional) | `zh-HK` | Language model |
+| Chinese (Cantonese, Traditional) | `zh-HK` | Acoustic model<br>Language model |
| Chinese (Mandarin, Simplified) | `zh-CN` | Acoustic model<br>Language model |
-| Chinese (Taiwanese Mandarin) | `zh-TW` | Language model |
+| Chinese (Taiwanese Mandarin) | `zh-TW` | Acoustic model<br>Language model |
| Croatian (Croatia) | `hr-HR` | Language model | | Czech (Czech Republic) | `cs-CZ` | Language Model | | Danish (Denmark) | `da-DK` | Language model |
@@ -78,8 +78,8 @@ https://cris.ai -> Click on Adaptation Data -> scroll down to section "Pronuncia
| Hungarian (Hungary) | `hu-HU` | Language Model | | Irish(Ireland) | `ga-IE` | Language model | | Italian (Italy) | `it-IT` | Acoustic model<br>Language model<br>Pronunciation|
-| Japanese (Japan) | `ja-JP` | Language model |
-| Korean (Korea) | `ko-KR` | Language model |
+| Japanese (Japan) | `ja-JP` | Acoustic model<br>Language model |
+| Korean (Korea) | `ko-KR` | Acoustic model<br>Language model |
| Latvian (Latvia) | `lv-LV` | Language model | | Lithuanian (Lithuania) | `lt-LT` | Language model | | Maltese(Malta) | `mt-MT` | Language model |
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/sovereign-clouds https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/sovereign-clouds.md
@@ -9,7 +9,7 @@ ms.service: cognitive-services
ms.subservice: speech-service ms.topic: conceptual ms.custom: references_regions
-ms.date: 12/26/2020
+ms.date: 01/07/2021
ms.author: alexeyo ---
@@ -36,15 +36,7 @@ Available to US government entities and their partners only. See more informatio
- Neural voice - Custom Voice - **Supported languages:**
- - Arabic (ar-*)
- - Chinese (zh-*)
- - English (en-*)
- - French (fr-*)
- - German (de-*)
- - Hindi (hi-IN)
- - Korean (ko-KR)
- - Russian (ru-RU)
- - Spanish (es-*)
+ - See the list of supported languages [here](language-support.md)
### Endpoint information
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/speech-services-private-link https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-services-private-link.md
@@ -35,7 +35,7 @@ To remove private endpoints later, but still use the Speech resource, you will p
Private endpoints require a [Cognitive Services custom subdomain name](../cognitive-services-custom-subdomains.md). Follow the instructions below to create one for your Speech resource.
-> [!CAUTION]
+> [!WARNING]
> A Speech resource with custom domain name enabled uses a different way to interact with the Speech service. > You probably must adjust your application code for both [private endpoint enabled](#use-speech-resource-with-custom-domain-name-and-private-endpoint-enabled) and [**not** private endpoint enabled](#use-speech-resource-with-custom-domain-name-without-private-endpoints) scenarios. >
@@ -53,7 +53,7 @@ To create a custom domain name using Azure portal, follow these steps:
1. In **Firewalls and virtual networks** tab, click **Generate Custom Domain Name**. A new right panel appears with instructions to create a unique custom subdomain for your resource. 1. In the Generate Custom Domain Name panel, enter a custom domain name portion. Your full custom domain will look like: `https://{your custom name}.cognitiveservices.azure.com`.
- **After you create a custom domain name, it _cannot_ be changed! Re-read the caution alert above.** After you've entered your custom domain name, click **Save**.
+ **After you create a custom domain name, it _cannot_ be changed! Re-read the warning alert above.** After you've entered your custom domain name, click **Save**.
1. After the operation completes, in the **Resource management** group, click **Keys and Endpoint**. Confirm the new endpoint name of your resource starts this way: `https://{your custom name}.cognitiveservices.azure.com`
@@ -79,7 +79,7 @@ Before proceeding, run `Connect-AzAccount` to create a connection with Azure.
## Verify custom domain name is available
-You need to check whether the custom domain you would like to use is available.
+Check whether the custom domain you would like to use is available.
Follow these steps to confirm the domain is available using the [Check Domain Availability](/rest/api/cognitiveservices/accountmanagement/checkdomainavailability/checkdomainavailability) operation in the Cognitive Services REST API. > [!TIP]
@@ -127,9 +127,9 @@ subdomainName : my-custom-name
To enable custom domain name for the selected Speech Resource, we use [Set-AzCognitiveServicesAccount](/powershell/module/az.cognitiveservices/set-azcognitiveservicesaccount) cmdlet.
-> [!CAUTION]
+> [!WARNING]
> After the code below runs successfully, you will create a custom domain name for your Speech resource.
-> This name **cannot** be changed. See more information in the **Caution** alert above.
+> This name **cannot** be changed. See more information in the **Warning** alert above.
```azurepowershell $resourceGroup = "Resource group name where Speech resource is located"
@@ -142,7 +142,7 @@ $subId = "Your Azure subscription Id"
Set-AzContext -SubscriptionId $subId # Set the custom domain name to the selected resource.
-# CAUTION: THIS CANNOT BE CHANGED OR UNDONE!
+# WARNING: THIS CANNOT BE CHANGED OR UNDONE!
Set-AzCognitiveServicesAccount -ResourceGroupName $resourceGroup ` -Name $speechResourceName -CustomSubdomainName $subdomainName ```
@@ -155,7 +155,7 @@ Set-AzCognitiveServicesAccount -ResourceGroupName $resourceGroup `
## Verify the custom domain name is available
-You need to check whether the custom domain you would like to use is free. We will use [Check Domain Availability](/rest/api/cognitiveservices/accountmanagement/checkdomainavailability/checkdomainavailability) method from Cognitive Services REST API.
+Check whether the custom domain you would like to use is free. We will use [Check Domain Availability](/rest/api/cognitiveservices/accountmanagement/checkdomainavailability/checkdomainavailability) method from Cognitive Services REST API.
Copy the code block below, insert your preferred custom domain name, and save to the file `subdomain.json`.
@@ -200,7 +200,7 @@ az account set --subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
``` Set the custom domain name to the selected resource. Replace the sample parameter values with the actual ones and run the command below.
-> [!CAUTION]
+> [!WARNING]
> After successful execution of the command below you will create a custom domain name for your Speech resource. This name **cannot** be changed. See more information in the caution alert above. ```azurecli
@@ -211,11 +211,9 @@ az cognitiveservices account update --name my-speech-resource-name --resource-gr
## Enable private endpoints
-Enable private endpoint using Azure portal, Azure PowerShell, or Azure CLI.
+We recommend using the [private DNS zone](../../dns/private-dns-overview.md) attached to the virtual network with the necessary updates for the private endpoints, which we create by default during the provisioning process. However, if you are using your own DNS server, you may also need to change your DNS configuration, as shown in _DNS for private endpoints_, below. Decide on DNS strategy **before** provisioning private endpoint(s) for a production Speech resource, and test your DNS changes, especially if you use your own DNS server.
-We recommend using the [private DNS zone](../../dns/private-dns-overview.md) attached to the Virtual Network with the necessary updates for the private endpoints, which we create by default during the provisioning process. However, if you are using your own DNS server, you may need to make additional changes to your DNS configuration. See [DNS for private endpoints](#dns-for-private-endpoints) section. The best is to decide on DNS strategy **before** provisioning private endpoint(s) for a production Speech resource. We also recommend preliminary testing, especially if you are using your own DNS server.
-
-Use the following articles to create private endpoint(s). The articles are using a Web app as a sample resource to enable with private endpoints. Use instead the following parameters:
+Use one of the following articles to create private endpoint(s). The articles use a Web app as a sample resource to enable with private endpoints. You will use these parameters instead of those in the article:
| Setting | Value | |---------------------|------------------------------------------|
@@ -227,15 +225,17 @@ Use the following articles to create private endpoint(s). The articles are using
- [Create a Private Endpoint using Azure PowerShell](../../private-link/create-private-endpoint-powershell.md) - [Create a Private Endpoint using Azure CLI](../../private-link/create-private-endpoint-cli.md)
-### DNS for private endpoints
+**DNS for private endpoints:** Review the general principles of [DNS for private endpoints in Cognitive Services resources](../cognitive-services-virtual-networks.md#dns-changes-for-private-endpoints). Then confirm that your DNS configuration is working correctly by performing these checks:
+
+### Resolve DNS from the virtual network
-Get familiar with the general principles of [DNS for private endpoints in Cognitive Services resources](../cognitive-services-virtual-networks.md#dns-changes-for-private-endpoints). Then check that your DNS configuration is working correctly (see next subsections).
+This check is **required**.
-#### (Mandatory check). DNS resolution from the Virtual Network
+Follow these steps to test the custom DNS entry from your virtual network.
-We will use `my-private-link-speech.cognitiveservices.azure.com` as a sample Speech resource DNS name for this section.
+1. Log in to a virtual machine located in the virtual network to which you have attached your private endpoint.
+1. Open Windows Command Prompt or Bash shell, run `nslookup` and confirm it successfully resolves your resource custom domain name.
-Log on to a virtual machine located in the virtual network to which you have attached your private endpoint. Open Windows Command Prompt or Bash shell, run `nslookup` and confirm it successfully resolves your resource custom domain name:
```dos C:\>nslookup my-private-link-speech.cognitiveservices.azure.com Server: UnKnown
@@ -246,15 +246,16 @@ Name: my-private-link-speech.privatelink.cognitiveservices.azure.com
Address: 172.28.0.10 Aliases: my-private-link-speech.cognitiveservices.azure.com ```
-Check that the IP address resolved corresponds to the address of your private endpoint.
-#### (Optional check). DNS resolution from other networks
+3. Confirm that the IP address matches the IP address of your private endpoint.
+
+### Resolve DNS from other networks
-This check is necessary if you plan to use your private endpoint enabled Speech resource in "hybrid" mode, where you have enabled either *All networks* or *Selected Networks and Private Endpoints* access option in the *Networking* section of your resource. If you plan to access the resource using only a private endpoint, you can skip this section.
+Only perform this check if you plan to use your private endpoint enabled Speech resource in "hybrid" mode, where you have enabled either **All networks** or **Selected Networks and Private Endpoints** access option in the **Networking** section of your resource. If you plan to access the resource using only a private endpoint, you can skip this section.
-We use `my-private-link-speech.cognitiveservices.azure.com` as a sample Speech resource DNS name for this section.
+1. Log in to a computer attached to a network allowed to access the resource.
+2. Open Windows Command Prompt or Bash shell, run `nslookup` and confirm it successfully resolves your resource custom domain name.
-On any computer attached to a network from which you allow access to the resource, open Windows Command Prompt or Bash shell, run the `nslookup` command and confirm it successfully resolves your resource custom domain name:
```dos C:\>nslookup my-private-link-speech.cognitiveservices.azure.com Server: UnKnown
@@ -268,11 +269,17 @@ Aliases: my-private-link-speech.cognitiveservices.azure.com
westeurope.prod.vnet.cog.trafficmanager.net ```
-Note that the resolved IP address points to a virtual network proxy endpoint, which dispatches the network traffic to the private endpoint for the Cognitive Services resource. The behavior will be different for a resource with a custom domain name but *without* private endpoints. See [this section](#dns-configuration) for details.
+3. Confirm that the IP address matches the IP address of your private endpoint.
+
+> [!NOTE]
+> The resolved IP address points to a virtual network proxy endpoint,
+> which dispatches the network traffic to the private endpoint for the Cognitive Services resource.
+> The behavior will be different for a resource with a custom domain name but *without* private endpoints.
+> See [this section](#dns-configuration) for details.
## Adjust existing applications and solutions
-A Speech resource with a custom domain enabled uses a different way to interact with Speech Services. This is true for a custom domain enabled Speech resource both [with](#use-speech-resource-with-custom-domain-name-and-private-endpoint-enabled) and [without](#use-speech-resource-with-custom-domain-name-without-private-endpoints) private endpoints. The current section provides the necessary information for both cases.
+A Speech resource with a custom domain enabled uses a different way to interact with Speech Services. This is true for a custom domain enabled Speech resource both with and without private endpoints. Information in this section applies to both scenarios.
### Use Speech resource with custom domain name and private endpoint enabled
@@ -319,9 +326,9 @@ And the sample request URL above needs to be converted to:
```http https://my-private-link-speech.cognitiveservices.azure.com/speechtotext/v3.0/transcriptions ```
-This URL should be reachable from the Virtual Network with the private endpoint attached (provided the [correct DNS resolution](#mandatory-check-dns-resolution-from-the-virtual-network)).
+This URL should be reachable from the virtual network with the private endpoint attached (provided the [correct DNS resolution](#resolve-dns-from-the virtual-network)).
-So generally speaking after enabling custom domain name for a Speech resource you need to replace hostname in all request URLs with the new custom domain hostname. All other parts of the request (like the path `/speechtotext/v3.0/transcriptions` in the example above) remain the same.
+Typically after enabling custom domain name for a Speech resource, you will replace hostname in all request URLs with the new custom domain hostname. All other parts of the request (like the path `/speechtotext/v3.0/transcriptions` in the example above) remain the same.
> [!TIP] > Some customers developed applications that use the region part of the regional endpoint DNS name (for example to send the request to the Speech resource deployed in the particular Azure Region).
@@ -339,7 +346,7 @@ The detailed description of the special endpoints and how their URL should be tr
Get familiar with the material in the subsection mentioned in the previous paragraph and see the following example. (The example describes Text-to-speech REST API; usage of Speech-to-text REST API for short audio is fully equivalent) > [!NOTE]
-> When using **Speech-to-text REST API for short audio** in private endpoint scenarios you need to use Authorization token [passed through](rest-speech-to-text.md#request-headers) `Authorization` [header](rest-speech-to-text.md#request-headers); passing Speech subscription key to the special endpoint via `Ocp-Apim-Subscription-Key` header will **not** work and will generate Error 401.
+> When using **Speech-to-text REST API for short audio** in private endpoint scenarios, use an Authorization token [passed through](rest-speech-to-text.md#request-headers) `Authorization` [header](rest-speech-to-text.md#request-headers). Passing Speech subscription key to the special endpoint via `Ocp-Apim-Subscription-Key` header will **not** work and will generate Error 401.
**Text-to-speech REST API usage example.**
@@ -371,13 +378,13 @@ https://my-private-link-speech.cognitiveservices.azure.com/tts/cognitiveservices
#### Speech resource with custom domain name and private endpoint. Usage with Speech SDK
-Using Speech SDK with custom domain name and private endpoint enabled Speech resources requires the review and likely changes of your application code. We are working on more seamless support of private endpoint scenario.
+Using Speech SDK with custom domain name and private endpoint enabled Speech resources requires the review and likely changes of your application code.
We will use `my-private-link-speech.cognitiveservices.azure.com` as a sample Speech resource DNS name (custom domain) for this section. ##### General principle
-Usually in SDK scenarios (as well as in the Text-to-speech REST API scenarios) Speech resources use the special regional endpoints for different service offerings. The DNS name format for these endpoints is: </p>`{region}.{speech service offering}.speech.microsoft.com`
+Usually in SDK scenarios (as well as in the Text-to-speech REST API scenarios) Speech resources use the dedicated regional endpoints for different service offerings. The DNS name format for these endpoints is: </p>`{region}.{speech service offering}.speech.microsoft.com`
Example: </p>`westeurope.stt.speech.microsoft.com`
@@ -392,74 +399,83 @@ All possible values for the region (first element of the DNS name) are listed [h
| `tts` | [Text-to-speech](text-to-speech.md) | | `voice` | [Custom Voice](how-to-custom-voice.md) |
-Thus the example above (`westeurope.stt.speech.microsoft.com`) stands for Speech-to-text endpoint in West Europe.
+So the example above (`westeurope.stt.speech.microsoft.com`) stands for Speech-to-text endpoint in West Europe.
-Private endpoint enabled endpoints communicate with Speech Services via a special proxy and because of that **the endpoint connection URLs need to be changed**. The following principle is applied: a "standard" endpoint URL follows the pattern of <p/>`{region}.{speech service offering}.speech.microsoft.com/{URL path}`
+Private endpoint enabled endpoints communicate with Speech Services via a special proxy and because of that **you must change the endpoint connection URLs**.
-It should be changed to: <p/>`{your custom name}.cognitiveservices.azure.com/{speech service offering}/{URL path}`
+A "standard" endpoint URL looks like: <p/>`{region}.{speech service offering}.speech.microsoft.com/{URL path}`
+
+A private endpoint URL looks like: <p/>`{your custom name}.cognitiveservices.azure.com/{speech service offering}/{URL path}`
+
+**Example 1.** Application is communicating using the following URL (speech recognition using base model for US English in West Europe):
-**Example 1.** Application is communicating using the following URL (speech recognition using base model for US English in West Europe):
``` wss://westeurope.stt.speech.microsoft.com/speech/recognition/conversation/cognitiveservices/v1?language=en-US ```
-To use it in the private endpoint enabled scenario when custom domain name of the Speech resource is `my-private-link-speech.cognitiveservices.azure.com` this URL needs to be modified like this:
+To use it in the private endpoint enabled scenario when custom domain name of the Speech resource is `my-private-link-speech.cognitiveservices.azure.com` you must modify the URL like this:
+ ``` wss://my-private-link-speech.cognitiveservices.azure.com/stt/speech/recognition/conversation/cognitiveservices/v1?language=en-US ```
-Let's look closer:
-- Hostname `westeurope.stt.speech.microsoft.com` is replaced by the custom domain hostname `my-private-link-speech.cognitiveservices.azure.com`-- Second element of the original DNS name (`stt`) becomes the first element of the URL path and precedes the original path, that is the original URL `/speech/recognition/conversation/cognitiveservices/v1?language=en-US` becomes `/stt/speech/recognition/conversation/cognitiveservices/v1?language=en-US`
-
-**Example 2.** Application is communicating using the following URL (speech synthesizing using custom voice model in West Europe):
+Notice the details:
+
+- Hostname `westeurope.stt.speech.microsoft.com` is replaced by the custom domain hostname `my-private-link-speech.cognitiveservices.azure.com`.
+- Second element of the original DNS name (`stt`) becomes the first element of the URL path and precedes the original path. So the original URL `/speech/recognition/conversation/cognitiveservices/v1?language=en-US` becomes `/stt/speech/recognition/conversation/cognitiveservices/v1?language=en-US`.
+
+**Example 2.** Application uses the following URL to synthesize speech in West Europe using a custom voice model):
```http https://westeurope.voice.speech.microsoft.com/cognitiveservices/v1?deploymentId=974481cc-b769-4b29-af70-2fb557b897c4 ```
-To use it in the private endpoint enabled scenario when custom domain name of the Speech resource is `my-private-link-speech.cognitiveservices.azure.com` this URL needs to be modified like this:
+
+Following is an equivalent URL that uses a private endpoint enabled where the custom domain name of the Speech resource is `my-private-link-speech.cognitiveservices.azure.com`:
+ ```http https://my-private-link-speech.cognitiveservices.azure.com/voice/cognitiveservices/v1?deploymentId=974481cc-b769-4b29-af70-2fb557b897c4 ``` The same principle as in Example 1 is applied, but the key element this time is `voice`.
-##### Modifying applications
+##### Modify applications
-To apply the principle described in the previous section to your application code, you need to do two major things:
+Follow these steps to modify your code:
-- Determine endpoint URL your application is using-- Modify your endpoint URL as described in the previous section and create your `SpeechConfig` class instance using this modified URL explicitly
+**1. Determine application endpoint URL**
-###### Determine application endpoint URL
+- [Enable logging for your application](how-to-use-logging.md) and run it to log activity.
+- In the log file, search for `SPEECH-ConnectionUrl`. In matching lines, the `value` parameter contains the full URL your application used to reach the Speech service.
-- [Enable logging for your application](how-to-use-logging.md) and run it to generate the log-- In the log file search for `SPEECH-ConnectionUrl`. The string will contain `value` parameter, which in turn will contain the full URL your application was using
+Example:
-Example of a log file line with the endpoint URL:
``` (114917): 41ms SPX_DBG_TRACE_VERBOSE: property_bag_impl.cpp:138 ISpxPropertyBagImpl::LogPropertyAndValue: this=0x0000028FE4809D78; name='SPEECH-ConnectionUrl'; value='wss://westeurope.stt.speech.microsoft.com/speech/recognition/conversation/cognitiveservices/v1?traffictype=spx&language=en-US' ```
-Thus the URL used by the application in this example is:
+
+So the URL used by the application in this example is:
+ ``` wss://westeurope.stt.speech.microsoft.com/speech/recognition/conversation/cognitiveservices/v1?language=en-US ```
-###### Create `SpeechConfig` instance using full endpoint URL
+
+**2. Create `SpeechConfig` instance using full endpoint URL**
Modify the endpoint you determined in the previous section as described in [General principle](#general-principle) above.
-Now you need to modify how you create the instance of `SpeechConfig`. Most likely your today's application is using something like this:
+Now modify how you create the instance of `SpeechConfig`. Most likely your today's application is using something like this:
```csharp var config = SpeechConfig.FromSubscription(subscriptionKey, azureRegion); ``` This will not work for private endpoint enabled Speech resource because of the hostname and URL changes we described in the previous sections. If you try to run your existing application without any modifications using the Key of a private endpoint enabled resource, you will get Authentication error (401).
-To make it work, you need to modify how you instantiate `SpeechConfig` class and use "from endpoint" / "with endpoint" initialization. Suppose we have the following two variables defined:
+To make it work, modify how you instantiate `SpeechConfig` class and use "from endpoint" / "with endpoint" initialization. Suppose we have the following two variables defined:
- `subscriptionKey` containing the Key of the private endpoint enabled Speech resource - `endPoint` containing the full **modified** endpoint URL (using the type required by the correspondent programming language). In our example this variable should contain ``` wss://my-private-link-speech.cognitiveservices.azure.com/stt/speech/recognition/conversation/cognitiveservices/v1?language=en-US ```
-Then we need to instantiate `SpeechConfig` class like this:
+
+Next, create a `SpeechConfig` instance:
```csharp var config = SpeechConfig.FromEndpoint(endPoint, subscriptionKey); ```
@@ -476,8 +492,12 @@ speech_config = speechsdk.SpeechConfig(endpoint=endPoint, subscription=subscript
```objectivec SPXSpeechConfiguration *speechConfig = [[SPXSpeechConfiguration alloc] initWithEndpoint:endPoint subscription:subscriptionKey]; ```+ > [!TIP]
-> The query parameters specified in the endpoint URI are not changed, even if they are set by any other APIs. For example, if the recognition language is defined in the URI as query parameter "language=en-US", and is also set to "ru-RU" via the correspondent property, the language setting in the URI takes precedence, and the effective language is "en-US". Only the parameters that are not specified in the endpoint URI can be set by other APIs.
+> The query parameters specified in the endpoint URI are not changed, even if they are set by any other APIs. For example, if the
+> recognition language is defined in the URI as query parameter "language=en-US", and is also set to "ru-RU" via the correspondent
+> property, the language setting in the URI is used, and the effective language is "en-US". Parameters set in the endpoint URI always
+> take precidence. Only parameters that are not specified in the endpoint URI can be overridden by other APIs.
After this modification your application should work with the private enabled Speech resources. We are working on more seamless support of private endpoint scenario.
@@ -489,7 +509,7 @@ This section explains how to use a Speech resource with enabled custom domain na
#### DNS configuration
-Remember how a custom domain DNS name of the private endpoint enabled Speech resource is [resolved from public networks](#optional-check-dns-resolution-from-other-networks). In this case IP address resolved points to a VNet Proxy endpoint, which is used for dispatching the network traffic to the private endpoint enabled Cognitive Services resource.
+Remember how a custom domain DNS name of the private endpoint enabled Speech resource is [resolved from public networks](#resolve-dns-from-other-networks). In this case IP address resolved points to a VNet Proxy endpoint, which is used for dispatching the network traffic to the private endpoint enabled Cognitive Services resource.
However when **all** resource private endpoints are removed (or right after the enabling of the custom domain name) CNAME record of the Speech resource is reprovisioned and now points to the IP address of the correspondent [Cognitive Services regional endpoint](../cognitive-services-custom-subdomains.md#is-there-a-list-of-regional-endpoints).
@@ -509,7 +529,7 @@ Aliases: my-private-link-speech.cognitiveservices.azure.com
apimgmttmdjylckcx6clmh2isu2wr38uqzm63s8n4ub2y3e6xs.trafficmanager.net cognitiveweprod-westeurope-01.regional.azure-api.net ```
-Compare it with the output from [this section](#optional-check-dns-resolution-from-other-networks).
+Compare it with the output from [this section](#resolve-dns-from-other-networks).
#### Speech resource with custom domain name without private endpoints. Usage with REST API
@@ -522,7 +542,7 @@ Speech-to-text REST API v3.0 usage is fully equivalent to the case of [private e
In this case Speech-to-text REST API for short audio and Text-to-speech REST API usage has no differences to the general case with one exception for Speech-to-text REST API for short audio (see Note below). Both APIs should be used as described in [Speech-to-text REST API for short audio](rest-speech-to-text.md#speech-to-text-rest-api-for-short-audio) and [Text-to-speech REST API](rest-text-to-speech.md) documentation. > [!NOTE]
-> When using **Speech-to-text REST API for short audio** in custom domain scenarios you need to use Authorization token [passed through](rest-speech-to-text.md#request-headers) `Authorization` [header](rest-speech-to-text.md#request-headers); passing Speech subscription key to the special endpoint via `Ocp-Apim-Subscription-Key` header will **not** work and will generate Error 401.
+> When using **Speech-to-text REST API for short audio** in custom domain scenarios, use an Authorization token [passed through](rest-speech-to-text.md#request-headers) `Authorization` [header](rest-speech-to-text.md#request-headers). Passing Speech subscription key to the special endpoint via `Ocp-Apim-Subscription-Key` header will **not** work and will generate Error 401.
#### Speech resource with custom domain name without private endpoints. Usage with Speech SDK
@@ -542,30 +562,29 @@ your application will terminate with the Authentication error (401).
##### Modifying applications
-To enable your application for the scenario of Speech resource with custom domain name without private endpoints, you need to do the following:
-- Request Authorization Token via Cognitive Services REST API-- Instantiate `SpeechConfig` class using "from authorization token" / "with authorization token" method
+To let your application use a Speech resource with a custom domain name and without private endpoints, follow these steps:
-###### Request Authorization Token
+**1. Request Authorization Token from the Cognitive Services REST API**
-See [this article](../authentication.md#authenticate-with-an-authentication-token) on how to get the token via the Cognitive Services REST API.
+[This article](../authentication.md#authenticate-with-an-authentication-token) shows how to get the token using the Cognitive Services REST API.
Use your custom domain name in the endpoint URL, that is in our example this URL is: ```http https://my-private-link-speech.cognitiveservices.azure.com/sts/v1.0/issueToken ``` > [!TIP]
-> You may find this URL in *Keys and Endpoint* (*Resource management* group) section of your Speech resource in Azure portal.
+> You can find this URL in Azure portal. On your Speech resource page, under the under the **Resource management** group, select **Keys and Endpoint**.
+
+**2. Create a `SpeechConfig` instance using "from authorization token" / "with authorization token" method.**
-###### Create `SpeechConfig` instance using authorization token
+Create a `SpeechConfig` instance using the authorization token you obtained in the previous section. Suppose we have the following variables defined:
-You need to instantiate `SpeechConfig` class using the authorization token you obtained in the previous section. Suppose we have the following variables defined:
+- `token`: the authorization token obtained in the previous section
+- `azureRegion`: the name of the Speech resource [region](regions.md) (example: `westeurope`)
+- `outError`: (only for [Objective C](/objectivec/cognitive-services/speech/spxspeechconfiguration#initwithauthorizationtokenregionerror) case)
-- `token` containing the authorization token obtained in the previous section-- `azureRegion` containing the name of the Speech resource [region](regions.md) (example: `westeurope`)-- `outError` (only for [Objective C](/objectivec/cognitive-services/speech/spxspeechconfiguration#initwithauthorizationtokenregionerror) case)
+Next, create a `SpeechConfig` instance:
-Then we need to instantiate `SpeechConfig` class like this:
```csharp var config = SpeechConfig.FromAuthorizationToken(token, azureRegion); ```
@@ -583,17 +602,21 @@ speech_config = speechsdk.SpeechConfig(auth_token=token, region=azureRegion)
SPXSpeechConfiguration *speechConfig = [[SPXSpeechConfiguration alloc] initWithAuthorizationToken:token region:azureRegion error:outError]; ``` > [!NOTE]
-> The caller needs to ensure that the authorization token is valid. Before the authorization token expires, the caller needs to refresh it by calling this setter with a new valid token. As configuration values are copied when creating a new recognizer / synthesizer, the new token value will not apply to recognizers that have already been created. For recognizers / synthesizers that have been created before, you need to set authorization token of the corresponding recognizer / synthesizer to refresh the token. Otherwise, the recognizers / synthesizers will encounter errors during recognition / synthesis.
+> The caller needs to ensure that the authorization token is valid.
+> Before the authorization token expires, the caller needs to refresh it by calling this setter with a new valid token.
+> As configuration values are copied when creating a new recognizer or synthesizer, the new token value will not apply to recognizers or synthesizers that have already been created.
+> For these, set the authorization token of the corresponding recognizer or synthesizer to refresh the token.
+> If you don't refresh the token, the the recognizer or synthesizer will encounter errors while operating.
-After this modification your application should work with custom domain name enabled Speech resources without private endpoints. We are working on more seamless support of custom domain / private endpoint scenario.
+After this modification your application should work with Speech resources that use a custom domain name without private endpoints.
## Pricing For pricing details, see [Azure Private Link pricing](https://azure.microsoft.com/pricing/details/private-link).
-## Next steps
+## Learn more
-* Learn more about [Azure Private Link](../../private-link/private-link-overview.md)
-* Learn more about [Speech SDK](speech-sdk.md)
-* Learn more about [Speech-to-text REST API](rest-speech-to-text.md)
-* Learn more about [Text-to-speech REST API](rest-text-to-speech.md)
+* [Azure Private Link](../../private-link/private-link-overview.md)
+* [Speech SDK](speech-sdk.md)
+* [Speech-to-text REST API](rest-speech-to-text.md)
+* [Text-to-speech REST API](rest-text-to-speech.md)
communication-services https://docs.microsoft.com/en-us/azure/communication-services/quickstarts/voice-video-calling/includes/get-started-javascript-setup https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/quickstarts/voice-video-calling/includes/get-started-javascript-setup.md new file mode 100644
@@ -0,0 +1,52 @@
+---
+author: mikben
+ms.service: azure-communication-services
+ms.topic: include
+ms.date: 9/11/2020
+ms.author: mikben
+---
+
+## Setting up
+
+### Create a new Node.js application
+
+Open your terminal or command window create a new directory for your app, and navigate to it.
+
+```console
+mkdir calling-quickstart && cd calling-quickstart
+```
+
+Run `npm init -y` to create a **package.json** file with default settings.
+
+```console
+npm init -y
+```
+
+### Install the package
+
+Use the `npm install` command to install the Azure Communication Services Calling client library for JavaScript.
+
+```console
+npm install @azure/communication-common --save
+npm install @azure/communication-calling --save
+```
+
+The following versions of webpack are recommended for this quickstart:
+
+```console
+"webpack": "^4.42.0",
+"webpack-cli": "^3.3.11",
+"webpack-dev-server": "^3.10.3"
+```
+
+The `--save` option lists the library as a dependency in your **package.json** file.
+
+### Set up the app framework
+
+This quickstart uses webpack to bundle the application assets. Run the following command to install the webpack, webpack-cli and webpack-dev-server npm packages and list them as development dependencies in your **package.json**:
+
+```console
+npm install webpack@4.42.0 webpack-cli@3.3.11 webpack-dev-server@3.10.3 --save-dev
+```
+
+Create an **https://docsupdatetracker.net/index.html** file in the root directory of your project. We'll use this file to configure a basic layout that will allow the user to place a call.
communication-services https://docs.microsoft.com/en-us/azure/communication-services/quickstarts/voice-video-calling/includes/get-started-javascript https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/quickstarts/voice-video-calling/includes/get-started-javascript.md
@@ -17,52 +17,10 @@ In this quickstart, you'll learn how start a call using the Azure Communication
- An active Communication Services resource. [Create a Communication Services resource](../../create-communication-resource.md). - A User Access Token to instantiate the call client. Learn how to [create and manage user access tokens](../../access-tokens.md).
-## Setting up
-### Create a new Node.js application
+[!INCLUDE [Calling with JavaScript](./get-started-javascript-setup.md)]
-Open your terminal or command window create a new directory for your app, and navigate to it.
-
-```console
-mkdir calling-quickstart && cd calling-quickstart
-```
-
-Run `npm init -y` to create a **package.json** file with default settings.
-
-```console
-npm init -y
-```
-
-### Install the package
-
-Use the `npm install` command to install the Azure Communication Services Calling client library for JavaScript.
-
-```console
-npm install @azure/communication-common --save
-npm install @azure/communication-calling --save
-```
-
-The following versions of webpack are recommended for this quickstart:
-
-```console
-"webpack": "^4.42.0",
-"webpack-cli": "^3.3.11",
-"webpack-dev-server": "^3.10.3"
-```
-
-The `--save` option lists the library as a dependency in your **package.json** file.
-
-### Set up the app framework
-
-This quickstart uses webpack to bundle the application assets. Run the following command to install the webpack, webpack-cli and webpack-dev-server npm packages and list them as development dependencies in your **package.json**:
-
-```console
-npm install webpack@4.42.0 webpack-cli@3.3.11 webpack-dev-server@3.10.3 --save-dev
-```
-
-Create an **https://docsupdatetracker.net/index.html** file in the root directory of your project. We'll use this file to configure a basic layout that will allow the user to place a call to an Azure Communications Bot.
-
-Here is the code:
+Here's the code:
```html <!DOCTYPE html>
communication-services https://docs.microsoft.com/en-us/azure/communication-services/quickstarts/voice-video-calling/includes/pstn-call-js https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/quickstarts/voice-video-calling/includes/pstn-call-js.md
@@ -10,60 +10,72 @@ ms.author: nikuklic
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). - A deployed Communication Services resource. [Create a Communication Services resource](../../create-communication-resource.md).-- A phone number acquired in Communication Services resource. [how to get a phone number](../../telephony-sms/get-phone-number.md).
+- A phone number acquired in your Communication Services resource. [how to get a phone number](../../telephony-sms/get-phone-number.md).
- A `User Access Token` to enable the call client. For more information on [how to get a `User Access Token`](../../access-tokens.md)-- Complete the quickstart for [getting started with adding calling to your application](../getting-started-with-calling.md)
-### Prerequisite check
-- To view the phone numbers associated with your Communication Services resource, sign in to the [Azure portal](https://portal.azure.com/), locate your Communication Services resource and open the **phone numbers** tab from the left navigation pane.-- You can build and run your app with Azure Communication Services Calling client library for JavaScript:
+[!INCLUDE [Calling with JavaScript](./get-started-javascript-setup.md)]
-```console
-npx webpack-dev-server --entry ./client.js --output bundle.js
-```
-
-## Setting up
-
-### Add PSTN functionality to your app
-
-Extend your layout with phone dialing controls.
-
-Place this code to the end of `<body />` section of **https://docsupdatetracker.net/index.html**, before `<script />` tags:
+Here's the code:
```html
-<input
- id="callee-phone-input"
- type="text"
- placeholder="Phone number you would like to dial"
- style="margin-bottom:1em; width: 230px;"
-/>
-<div>
- <button id="call-phone-button" type="button">
- Start Phone Call
- </button>
- &nbsp;
- <button id="hang-up-phone-button" type="button" disabled="true">
- Hang Up Phone Call
- </button>
-</div>
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>Communication Client - Calling Sample</title>
+ </head>
+ <body>
+ <h4>Azure Communication Services</h4>
+ <h1>Calling Quickstart</h1>
+ <input
+ id="callee-phone-input"
+ type="text"
+ placeholder="Who would you like to call?"
+ style="margin-bottom:1em; width: 230px;"
+ />
+ <div>
+ <button id="call-phone-button" type="button">
+ Start Call
+ </button>
+ &nbsp;
+ <button id="hang-up-phone-button" type="button" disabled="true">
+ Hang Up
+ </button>
+ </div>
+ <script src="./bundle.js"></script>
+ </body>
+</html>
```
-Extend your application logic with telephony functionality.
-
-Add this code to **client.js**:
+Create a file in the root directory of your project called **client.js** to contain the application logic for this quickstart. Add the following code to import the calling client and get references to the DOM elements so we can attach our business logic.
```javascript
+import { CallClient, CallAgent } from "@azure/communication-calling";
+import { AzureCommunicationUserCredential } from '@azure/communication-common';
+
+let call;
+let callAgent;
+ const calleePhoneInput = document.getElementById("callee-phone-input"); const callPhoneButton = document.getElementById("call-phone-button"); const hangUpPhoneButton = document.getElementById("hang-up-phone-button");+
+async function init() {
+ const callClient = new CallClient();
+ const tokenCredential = new AzureCommunicationUserCredential('your-token-here');
+ callAgent = await callClient.createCallAgent(tokenCredential);
+ // callButton.disabled = false;
+}
+
+init();
+ ``` ## Start a call to phone Specify phone number you acquired in Communication Services resource, that will be used to start the call: > [!WARNING]
-> Note that phone numbers shold be provided in E.164 international standard format. (e.g.: +12223334444)
+> Note that phone numbers should be provided in E.164 international standard format. (e.g.: +12223334444)
Add an event handler to initiate a call to the phone number you provided when the `callPhoneButton` is clicked:
@@ -73,9 +85,8 @@ callPhoneButton.addEventListener("click", () => {
// start a call to phone const phoneToCall = calleePhoneInput.value; call = callAgent.call(
- [{phoneNumber: phoneToCall}], { alternateCallerId: {phoneNumber: '+18336528005'}
+ [{phoneNumber: phoneToCall}], { alternateCallerId: {phoneNumber: 'YOUR AZURE REGISTERED PHONE NUMBER HERE: +12223334444'}
});- // toggle button states hangUpPhoneButton.disabled = false; callPhoneButton.disabled = true;
@@ -112,10 +123,9 @@ npx webpack-dev-server --entry ./client.js --output bundle.js
Open your browser and navigate to `http://localhost:8080/`. You should see the following: -
-![Screenshot of the completed JavaScript Application.](../media/javascript/pstn-calling-javascript-app.png)
+:::image type="content" source="../media/javascript/pstn-calling-javascript-app.png" alt-text="Screenshot of the completed JavaScript Application.":::
You can place a call to a real phone number by providing a phone number in the added text field and clicking the **Start Phone Call** button. > [!WARNING]
-> Note that phone numbers shold be provided in E.164 international standard format. (e.g.: +12223334444)
+> Note that phone numbers should be provided in E.164 international standard format. (e.g.: +12223334444)
communication-services https://docs.microsoft.com/en-us/azure/communication-services/tutorials/includes/trusted-service-js https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/tutorials/includes/trusted-service-js.md
@@ -107,14 +107,8 @@ module.exports = async function (context, req) {
const userToken = await tokenClient.issueToken(user, ["voip"]);
- const response = {
- "User" : userToken.user,
- "Token": userToken.token,
- "ExpiresOn": userToken.expiresOn
- }
- context.res = {
- body: response
+ body: userToken
}; } ```
@@ -125,7 +119,7 @@ For existing Communication Services `CommunicationUser`, you can skip the creati
Run the Azure Function locally using `F5`. This will initialize the Azure Function locally and make it accessible through: `http://localhost:7071/api/FUNCTION_NAME`. Check out additional documentation on [running locally](../../../azure-functions/create-first-function-vs-code-csharp.md?pivots=programming-language-javascript#run-the-function-locally)
-Open the URL on your browser and you should see a response body with the Communication User Id, token and expiration for the token.
+Open the URL on your browser and you should see a response body with the Communication User ID, token and expiration for the token.
:::image type="content" source="../media/trusted-service-sample-response.png" alt-text="Screenshot showing a Response example for the created Azure Function.":::
@@ -146,4 +140,4 @@ Run the Azure function using the url `http://<function-appn-ame>.azurewebsites.n
You can find the URL by right clicking the function on Visual Studio Code and copying the Function URL.
-For more information on [running your Azure function](../../../azure-functions/create-first-function-vs-code-csharp.md?pivots=programming-language-javascript#run-the-function-in-azure)
\ No newline at end of file
+For more information on [running your Azure function](../../../azure-functions/create-first-function-vs-code-csharp.md?pivots=programming-language-javascript#run-the-function-in-azure)
connectors https://docs.microsoft.com/en-us/azure/connectors/apis-list https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/apis-list.md
@@ -3,9 +3,9 @@ title: Connectors for Azure Logic Apps
description: Automate workflows with connectors for Azure Logic Apps, such as built-in, managed, on-premises, integration account, ISE, and enterprise connectors services: logic-apps ms.suite: integration
-ms.reviewer: jonfan, logicappspm
+ms.reviewer: estfan, logicappspm, azla
ms.topic: article
-ms.date: 06/11/2020
+ms.date: 01/07/2021
--- # Connectors for Azure Logic Apps
@@ -24,7 +24,7 @@ Connectors are available as built-in triggers and actions or as managed connecto
<a name="built-in"></a>
-* [**Built-in**](#built-ins): Built-in triggers and actions are "native" to Azure Logic Apps and help you perform these tasks for your logic apps:
+* [**Built-in**](#built-ins): Built-in triggers and actions run natively in Azure Logic Apps so they don't require creating a connection before you use them and help you perform these tasks for your logic apps:
* Run on custom and advanced schedules.
@@ -390,6 +390,54 @@ For connectors that use Azure Active Directory (Azure AD) OAuth, creating a conn
Connections can access the target service or system for as long as that service or system allows. For services that use Azure AD OAuth connections, such as Office 365 and Dynamics, Azure Logic Apps refreshes access tokens indefinitely. Other services might have limits on how long Azure Logic Apps can use a token without refreshing. Generally, some actions invalidate all access tokens, such as changing your password.
+<a name="recurrence-behavior"></a>
+
+## Recurrence behavior
+
+The behavior for recurring built-in triggers that run natively in Azure Logic Apps, such as the [Recurrence trigger](../connectors/connectors-native-recurrence.md), differs from the behavior for recurring connection-based triggers where you need to create a connection first, such as the SQL connector trigger.
+
+However, for both kinds of triggers, if a recurrence doesn't specify a specific start date and time, the first recurrence runs immediately when you save or deploy the logic app, despite your trigger's recurrence setup. To avoid this behavior, provide a start date and time for when you want the first recurrence to run.
+
+<a name="recurrence-built-in"></a>
+
+### Recurrence for built-in triggers
+
+Recurring built-in triggers honor the schedule that you set, including any time zone that you specify. However, if a recurrence doesn't specify any other advanced scheduling options such as specific times to run future recurrences, those recurrences are based on the last trigger execution. As a result, the start times for those recurrences might drift due to factors such as latency during storage calls. Also, if you don't select a time zone, daylight saving time (DST) might affect when triggers run, for example, shifting the start time one hour forward when DST starts and one hour backward when DST ends.
+
+To make sure that your logic app runs at your specified start time and doesn't miss a recurrence, especially when the frequency is in days or longer, try these solutions:
+
+* Make sure that you select a time zone so that your logic app runs at your specified start time. Otherwise, DST might affect when triggers run, for example, shifting the start time one hour forward when DST starts and one hour backward when DST ends.
+
+ When scheduling jobs, Logic Apps puts the message for processing into the queue and specifies when that message becomes available, based on the UTC time when the last job ran and the UTC time when the next job is scheduled to run. By specifying a time zone, the UTC time for your logic app also shifts to counter the seasonal time change. However, some time windows might cause problems when the time shifts. For more information and examples, see [Recurrence for daylight saving time and standard time](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#daylight-saving-standard-time).
+
+* Use the Recurrence trigger and provide a start date and time for the recurrence plus the specific times for when to run subsequent recurrences by using the properties named **At these hours** and **At these minutes**, which are available only for the **Day** and **Week** frequencies.
+
+* Use the [Sliding Window trigger](../connectors/connectors-native-sliding-window.md), rather than the Recurrence trigger.
+
+<a name="recurrence-connection-based"></a>
+
+### Recurrence for connection-based triggers
+
+In recurring connection-based triggers, such as SQL or SFTP-SSH, the schedule isn't the only driver that controls execution, and the time zone only determines the initial start time. Subsequent runs depend on the recurrence schedule, the last trigger execution, *and* other factors that might cause run times to drift or produce unexpected behavior, for example:
+
+* Whether the trigger accesses a server that has more data, which the trigger immediately tries to fetch.
+
+* Any failures or retries that the trigger incurs.
+
+* Latency during storage calls.
+
+* Not maintaining the specified schedule when daylight saving time (DST) starts and ends.
+
+* Other factors that can affect when the next run time happens.
+
+To resolve or work around these problems, try these solutions:
+
+* To make sure that the recurrence time doesn't shift when DST takes effect, manually adjust the recurrence so that your logic app continues to run at the expected time. Otherwise, the start time shifts one hour forward when DST starts and one hour backward when DST ends.
+
+* Use the Recurrence trigger so that you can specify a time zone, a start date and time, *plus* the specific times when to run subsequent recurrences by using the properties named **At these hours** and **At these minutes**, which are available only for the **Day** and **Week** frequencies. However, some time windows might still cause problems when the time shifts. For more information and examples, see [Recurrence for daylight saving time and standard time](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#daylight-saving-standard-time).
+
+* To avoid missed recurrences, use the [Sliding Window trigger](../connectors/connectors-native-sliding-window.md), rather than the Recurrence trigger.
+ <a name="custom"></a> ## Custom APIs and connectors
connectors https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/connectors-create-api-sqlazure.md
@@ -3,9 +3,9 @@ title: Connect to SQL Server, Azure SQL Database, or Azure SQL Managed Instance
description: Automate tasks for SQL databases on premises or in the cloud by using Azure Logic Apps services: logic-apps ms.suite: integration
-ms.reviewer: estfan, jonfan, logicappspm
+ms.reviewer: estfan, logicappspm, azla
ms.topic: conceptual
-ms.date: 10/22/2020
+ms.date: 01/07/2021
tags: connectors ---
@@ -173,13 +173,19 @@ The first time that you add either a [SQL trigger](#add-sql-trigger) or [SQL act
1. To add other available properties for this trigger, open the **Add new parameter** list. This trigger returns only one row from the selected table, and nothing else. To perform other tasks, continue by adding either a [SQL connector action](#add-sql-action) or [another action](../connectors/apis-list.md) that performs the next task that you want in your logic app workflow.
-
+ For example, to view the data in this row, you can add other actions that create a file that includes the fields from the returned row, and then send email alerts. To learn about other available actions for this connector, see the [connector's reference page](/connectors/sql/). 1. On the designer toolbar, select **Save**. Although this step automatically enables and publishes your logic app live in Azure, the only action that your logic app currently takes is to check your database based on your specified interval and frequency.
+<a name="trigger-recurrence-shift-drift"></a>
+
+### Trigger recurrence shift and drift
+
+Connection-based triggers where you need to create a connection first, such as the SQL trigger, differ from built-in triggers that run natively in Azure Logic Apps, such as the [Recurrence trigger](../connectors/connectors-native-recurrence.md). In recurring connection-based triggers, the recurrence schedule isn't the only driver that controls execution, and the time zone only determines the initial start time. Subsequent runs depend on the recurrence schedule, the last trigger execution, *and* other factors that might cause run times to drift or produce unexpected behavior, for example, not maintaining the specified schedule when daylight saving time (DST) starts and ends. To make sure that the recurrence time doesn't shift when DST takes effect, manually adjust the recurrence so that your logic app continues to run at the expected time. Otherwise, the start time shifts one hour forward when DST starts and one hour backward when DST ends. For more information, see [Recurrence for connection-based triggers](../connectors/apis-list.md#recurrence-connection-based).
+ <a name="add-sql-action"></a> ## Add a SQL action
@@ -262,13 +268,17 @@ When you call a stored procedure by using the SQL Server connector, the returned
## Troubleshoot problems
-* Connection problems can commonly happen, so to troubleshoot and resolve these kinds of issues, review [Solving connectivity errors to SQL Server](https://support.microsoft.com/help/4009936/solving-connectivity-errors-to-sql-server). Here are some examples:
+<a name="connection-problems"></a>
+
+### Connection problems
+
+Connection problems can commonly happen, so to troubleshoot and resolve these kinds of issues, review [Solving connectivity errors to SQL Server](https://support.microsoft.com/help/4009936/solving-connectivity-errors-to-sql-server). Here are some examples:
- * `A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.`
+* `A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.`
- * `(provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)`
+* `(provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)`
- * `(provider: TCP Provider, error: 0 - No such host is known.) (Microsoft SQL Server, Error: 11001)`
+* `(provider: TCP Provider, error: 0 - No such host is known.) (Microsoft SQL Server, Error: 11001)`
## Connector-specific details
connectors https://docs.microsoft.com/en-us/azure/connectors/connectors-native-recurrence https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/connectors-native-recurrence.md
@@ -3,14 +3,14 @@ title: Schedule recurring tasks and workflows
description: Schedule and run recurring automated tasks and workflows with the Recurrence trigger in Azure Logic Apps services: logic-apps ms.suite: integration
-ms.reviewer: deli, logicappspm
+ms.reviewer: estfan, logicappspm, azla
ms.topic: conceptual
-ms.date: 11/03/2020
+ms.date: 12/18/2020
--- # Create, schedule, and run recurring tasks and workflows with the Recurrence trigger in Azure Logic Apps
-To regularly run tasks, processes, or jobs on specific schedule, you can start your logic app workflow with the built-in **Recurrence - Schedule** trigger. You can set a date and time as well as a time zone for starting the workflow and a recurrence for repeating that workflow. If recurrences are missed for any reason, for example, due to disruptions or disabled workflows, this trigger doesn't process the missed recurrences but restarts recurrences at the next scheduled interval. For more information about the built-in Schedule triggers and actions, see [Schedule and run recurring automated, tasks, and workflows with Azure Logic Apps](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md).
+To regularly run tasks, processes, or jobs on specific schedule, you can start your logic app workflow with the built-in **Recurrence** trigger, which runs natively in Azure Logic Apps. You can set a date and time as well as a time zone for starting the workflow and a recurrence for repeating that workflow. If the trigger misses recurrences for any reason, for example, due to disruptions or disabled workflows, this trigger doesn't process the missed recurrences but restarts recurrences at the next scheduled interval. For more information about the built-in Schedule triggers and actions, see [Schedule and run recurring automated, tasks, and workflows with Azure Logic Apps](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md).
Here are some patterns that this trigger supports along with more advanced recurrences and complex schedules:
@@ -36,7 +36,7 @@ For differences between this trigger and the Sliding Window trigger or for more
* Basic knowledge about [logic apps](../logic-apps/logic-apps-overview.md). If you're new to logic apps, learn [how to create your first logic app](../logic-apps/quickstart-create-first-logic-app-workflow.md).
-## Add Recurrence trigger
+## Add the Recurrence trigger
1. Sign in to the [Azure portal](https://portal.azure.com). Create a blank logic app.
@@ -62,8 +62,8 @@ For differences between this trigger and the Sliding Window trigger or for more
> > * Provide a start time for the recurrence. >
- > * Specify the hours and minutes for when to run the recurrence by using the
- > **At these hours** and **At these minutes** properties.
+ > * Specify the hours and minutes for when to run the recurrence by using the properties named
+ > **At these hours** and **At these minutes**.
> > * Use the [Sliding Window trigger](../connectors/connectors-native-sliding-window.md), > rather than the Recurrence trigger.
@@ -77,7 +77,7 @@ For differences between this trigger and the Sliding Window trigger or for more
| **Time zone** | `timeZone` | No | String | Applies only when you specify a start time because this trigger doesn't accept [UTC offset](https://en.wikipedia.org/wiki/UTC_offset). Select the time zone that you want to apply. | | **Start time** | `startTime` | No | String | Provide a start date and time, which has a maximum of 49 years in the future and must follow the [ISO 8601 date time specification](https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations) in [UTC date time format](https://en.wikipedia.org/wiki/Coordinated_Universal_Time), but without a [UTC offset](https://en.wikipedia.org/wiki/UTC_offset): <p><p>YYYY-MM-DDThh:mm:ss if you select a time zone <p>-or- <p>YYYY-MM-DDThh:mm:ssZ if you don't select a time zone <p>So for example, if you want September 18, 2020 at 2:00 PM, then specify "2020-09-18T14:00:00" and select a time zone such as Pacific Standard Time. Or, specify "2020-09-18T14:00:00Z" without a time zone. <p><p>**Important:** If you don't select a time zone, you must add the letter "Z" at the end without any spaces. This "Z" refers to the equivalent [nautical time](https://en.wikipedia.org/wiki/Nautical_time). If you select a time zone value, you don't need to add a "Z" to the end of your **Start time** value. If you do, Logic Apps ignores the time zone value because the "Z" signifies a UTC time format. <p><p>For simple schedules, the start time is the first occurrence, while for complex schedules, the trigger doesn't fire any sooner than the start time. [*What are the ways that I can use the start date and time?*](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#start-time) | | **On these days** | `weekDays` | No | String or string array | If you select "Week", you can select one or more days when you want to run the workflow: **Monday**, **Tuesday**, **Wednesday**, **Thursday**, **Friday**, **Saturday**, and **Sunday** |
- | **At these hours** | `hours` | No | Integer or integer array | If you select "Day" or "Week", you can select one or more integers from 0 to 23 as the hours of the day for when you want to run the workflow. <p><p>For example, if you specify "10", "12" and "14", you get 10 AM, 12 PM, and 2 PM for the hours of the day, but the minutes of the day are calculated based on when the recurrence starts. To set specific minutes of the day, for example, 10:00 AM, 12:00 PM, and 2:00 PM, specify those values by using the **At these minutes** property. |
+ | **At these hours** | `hours` | No | Integer or integer array | If you select "Day" or "Week", you can select one or more integers from 0 to 23 as the hours of the day for when you want to run the workflow. <p><p>For example, if you specify "10", "12" and "14", you get 10 AM, 12 PM, and 2 PM for the hours of the day, but the minutes of the day are calculated based on when the recurrence starts. To set specific minutes of the day, for example, 10:00 AM, 12:00 PM, and 2:00 PM, specify those values by using the property named **At these minutes**. |
| **At these minutes** | `minutes` | No | Integer or integer array | If you select "Day" or "Week", you can select one or more integers from 0 to 59 as the minutes of the hour when you want to run the workflow. <p>For example, you can specify "30" as the minute mark and using the previous example for hours of the day, you get 10:30 AM, 12:30 PM, and 2:30 PM. <p>**Note**: Sometimes, the timestamp for the triggered run might vary up to 1 minute from the scheduled time. If you need to pass the timestamp exactly as scheduled to subsequent actions, you can use template expressions to change the timestamp accordingly. For more information, see [Date and time functions for expressions](../logic-apps/workflow-definition-language-functions-reference.md#date-time-functions). | |||||
@@ -125,6 +125,14 @@ This example shows how a Recurrence trigger definition might look in an underlyi
} ```
+<a name="daylight-saving-standard-time"></a>
+
+## Trigger recurrence shift between daylight saving time and standard time
+
+Recurring built-in triggers honor the schedule that you set, including any time zone that you specify. If you don't select a time zone, daylight saving time (DST) might affect when triggers run, for example, shifting the start time one hour forward when DST starts and one hour backward when DST ends.
+
+To avoid this shift so that your logic app runs at your specified start time, make sure that you select a time zone. That way, the UTC time for your logic app also shifts to counter the seasonal time change. However, some time windows might cause problems when the time shifts. For more information and examples, see [Recurrence for daylight saving time and standard time](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#daylight-saving-standard-time).
+ ## Next steps * [Pause workflows with delay actions](../connectors/connectors-native-delay.md)
connectors https://docs.microsoft.com/en-us/azure/connectors/connectors-sftp-ssh https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/connectors-sftp-ssh.md
@@ -4,9 +4,9 @@ description: Automate tasks that monitor, create, manage, send, and receive file
services: logic-apps ms.suite: integration author: divyaswarnkar
-ms.reviewer: estfan, logicappspm
+ms.reviewer: estfan, logicappspm, azla
ms.topic: article
-ms.date: 11/03/2020
+ms.date: 01/07/2021
tags: connectors ---
@@ -14,14 +14,6 @@ tags: connectors
To automate tasks that monitor, create, send, and receive files on a [Secure File Transfer Protocol (SFTP)](https://www.ssh.com/ssh/sftp/) server by using the [Secure Shell (SSH)](https://www.ssh.com/ssh/protocol/) protocol, you can build and automate integration workflows by using Azure Logic Apps and the SFTP-SSH connector. SFTP is a network protocol that provides file access, file transfer, and file management over any reliable data stream.
-> [!NOTE]
-> The SFTP-SSH connector currently doesn't support these SFTP servers:
->
-> * IBM DataPower
-> * MessageWay
-> * OpenText Secure MFT
-> * OpenText GXS
- Here are some example tasks you can automate: * Monitor when files are added or changed.
@@ -36,15 +28,22 @@ For differences between the SFTP-SSH connector and the SFTP connector, review th
## Limits
+* The SFTP-SSH connector currently doesn't support these SFTP servers:
+
+ * IBM DataPower
+ * MessageWay
+ * OpenText Secure MFT
+ * OpenText GXS
+ * The SFTP-SSH connector supports either private key authentication or password authentication, not both.
-* SFTP-SSH actions that support [chunking](../logic-apps/logic-apps-handle-large-messages.md) can handle files up to 1 GB, while SFTP-SSH actions that don't support chunking can handle files up to 50 MB. Although the default chunk size is 15 MB, this size can dynamically change, starting from 5 MB and gradually increasing to the 50 MB maximum, based on factors such as network latency, server response time, and so on.
+* SFTP-SSH actions that support [chunking](../logic-apps/logic-apps-handle-large-messages.md) can handle files up to 1 GB, while SFTP-SSH actions that don't support chunking can handle files up to 50 MB. Although the default chunk size is 15 MB, this size can dynamically change, starting from 5 MB and gradually increasing to the 50-MB maximum, based on factors such as network latency, server response time, and so on.
> [!NOTE] > For logic apps in an [integration service environment (ISE)](../logic-apps/connect-virtual-network-vnet-isolated-environment-overview.md), > this connector's ISE-labeled version requires chunking to use the [ISE message limits](../logic-apps/logic-apps-limits-and-config.md#message-size-limits) instead.
- You can override this adaptive behavior when you [specify a constant chunk size](#change-chunk-size) to use instead. This size can range from 5 MB to 50 MB. For example, suppose you have a 45 MB file and a network that can that support that file size without latency. Adaptive chunking results in several calls, rather that one call. To reduce the number of calls, you can try setting a 50 MB chunk size. In different scenario, if your logic app is timing out, for example, when using 15 MB chunks, you can try reducing the size to 5 MB.
+ You can override this adaptive behavior when you [specify a constant chunk size](#change-chunk-size) to use instead. This size can range from 5 MB to 50 MB. For example, suppose you have a 45-MB file and a network that can that support that file size without latency. Adaptive chunking results in several calls, rather that one call. To reduce the number of calls, you can try setting a 50-MB chunk size. In different scenario, if your logic app is timing out, for example, when using 15-MB chunks, you can try reducing the size to 5 MB.
Chunk size is associated with a connection, which means that you can use the same connection for actions that support chunking and then for actions that don't support chunking. In this case, the chunk size for actions that don't support chunking ranges from 5 MB to 50 MB. This table shows which SFTP-SSH actions support chunking:
@@ -113,7 +112,11 @@ Here are other key differences between the SFTP-SSH connector and the SFTP conne
## How SFTP-SSH triggers work
-SFTP-SSH triggers work by polling the SFTP file system and looking for any file that was changed since the last poll. Some tools let you preserve the timestamp when the files change. In these cases, you have to disable this feature so your trigger can work. Here are some common settings:
+<a name="polling-behavior"></a>
+
+### Polling behavior
+
+SFTP-SSH triggers poll the SFTP file system and look for any file that changed since the last poll. Some tools let you preserve the timestamp when the files change. In these cases, you have to disable this feature so your trigger can work. Here are some common settings:
| SFTP client | Action | |-------------|--------|
@@ -123,6 +126,12 @@ SFTP-SSH triggers work by polling the SFTP file system and looking for any file
When a trigger finds a new file, the trigger checks that the new file is complete, and not partially written. For example, a file might have changes in progress when the trigger checks the file server. To avoid returning a partially written file, the trigger notes the timestamp for the file that has recent changes, but doesn't immediately return that file. The trigger returns the file only when polling the server again. Sometimes, this behavior might cause a delay that is up to twice the trigger's polling interval.
+<a name="trigger-recurrence-shift-drift"></a>
+
+### Trigger recurrence shift and drift
+
+Connection-based triggers where you need to create a connection first, such as the SFTP-SSH trigger, differ from built-in triggers that run natively in Azure Logic Apps, such as the [Recurrence trigger](../connectors/connectors-native-recurrence.md). In recurring connection-based triggers, the recurrence schedule isn't the only driver that controls execution, and the time zone only determines the initial start time. Subsequent runs depend on the recurrence schedule, the last trigger execution, *and* other factors that might cause run times to drift or produce unexpected behavior, for example, not maintaining the specified schedule when daylight saving time (DST) starts and ends. To make sure that the recurrence time doesn't shift when DST takes effect, manually adjust the recurrence so that your logic app continues to run at the expected time. Otherwise, the start time shifts one hour forward when DST starts and one hour backward when DST ends. For more information, see [Recurrence for connection-based triggers](../connectors/apis-list.md#recurrence-connection-based).
+ <a name="convert-to-openssh"></a> ## Convert PuTTY-based key to OpenSSH
@@ -131,7 +140,7 @@ If your private key is in PuTTY format, which uses the .ppk (PuTTY Private Key)
### Unix-based OS
-1. If the PuTTY tools aren't already installed on your system, do that now, for example:
+1. If you don't have the PuTTY tools installed on your system, do that now, for example:
`sudo apt-get install -y putty`
@@ -203,7 +212,7 @@ To create a file on your SFTP server, you can use the SFTP-SSH **Create file** a
1. In the SFTP-SSH trigger or action you added, paste the *complete* key you copied into the **SSH private key** property, which supports multiple lines. ***Make sure you paste*** the key. ***Don't manually enter or edit the key***.
-1. When you're done entering the connection details, select **Create**.
+1. After you finish entering the connection details, select **Create**.
1. Now provide the necessary details for your selected trigger or action and continue building your logic app's workflow.
@@ -221,7 +230,7 @@ To override the default adaptive behavior that chunking uses, you can specify a
![Specify chunk size to use instead](./media/connectors-sftp-ssh/specify-chunk-size-override-default.png)
-1. When you're finished, select **Done**.
+1. After you finish, select **Done**.
## Examples
@@ -241,22 +250,10 @@ This action gets the content from a file on an SFTP server by specifying the fil
<a name="troubleshooting-errors"></a>
-## Troubleshoot errors
+## Troubleshoot problems
This section describes possible solutions to common errors or problems.
-<a name="file-does-not-exist"></a>
-
-### 404 error: "A reference was made to a file or folder which does not exist"
-
-This error can happen when your logic app creates a new file on your SFTP server through the SFTP-SSH **Create file** action, but the newly created file is then immediately moved before the Logic Apps service can get the file's metadata. When your logic app runs the **Create file** action, the Logic Apps service also automatically calls your SFTP server to get the file's metadata. However, if the file is moved, the Logic Apps service can no longer find the file so you get the `404` error message.
-
-If you can't avoid or delay moving the file, you can skip reading the file's metadata after file creation instead by following these steps:
-
-1. In the **Create file** action, open the **Add new parameter** list, select the **Get all file metadata** property, and set the value to **No**.
-
-1. If you need this file metadata later, you can use the **Get file metadata** action.
- <a name="connection-attempt-failed"></a> ### 504 error: "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond" or "Request to the SFTP server has taken more than '00:00:30' seconds"
@@ -275,6 +272,18 @@ This error can happen when your logic app can't successfully establish a connect
* Review the SFTP server log to check whether the request from logic app reached the SFTP server. To get more information about the connectivity problem, you can also run a network trace on your firewall and your SFTP server.
+<a name="file-does-not-exist"></a>
+
+### 404 error: "A reference was made to a file or folder which does not exist"
+
+This error can happen when your logic app creates a new file on your SFTP server through the SFTP-SSH **Create file** action, but immediately moves the newly created file before the Logic Apps service can get the file's metadata. When your logic app runs the **Create file** action, the Logic Apps service also automatically calls your SFTP server to get the file's metadata. However, if your logic app moves the file, the Logic Apps service can no longer find the file so you get the `404` error message.
+
+If you can't avoid or delay moving the file, you can skip reading the file's metadata after file creation instead by following these steps:
+
+1. In the **Create file** action, open the **Add new parameter** list, select the **Get all file metadata** property, and set the value to **No**.
+
+1. If you need this file metadata later, you can use the **Get file metadata** action.
+ ## Connector reference For more technical details about this connector, such as triggers, actions, and limits as described by the connector's Swagger file, see the [connector's reference page](/connectors/sftpwithssh/).
container-registry https://docs.microsoft.com/en-us/azure/container-registry/container-registry-skus https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/container-registry-skus.md
@@ -1,6 +1,6 @@
--- title: Registry service tiers and features
-description: Learn about the features and limits in the Basic, Standard, and Premium service tiers (SKUs) of Azure Container Registry.
+description: Learn about the features and limits (quotas) in the Basic, Standard, and Premium service tiers (SKUs) of Azure Container Registry.
ms.topic: article ms.date: 05/18/2020 ---
@@ -25,7 +25,9 @@ The following table details the features and registry limits of the Basic, Stand
## Changing tiers
-You can change a registry's service tier with the Azure CLI or in the Azure portal. You can move freely between tier as long as the tier you're switching to has the required maximum storage capacity.
+You can change a registry's service tier with the Azure CLI or in the Azure portal. You can move freely between tiers as long as the tier you're switching to has the required maximum storage capacity.
+
+There is no registry downtime or impact on registry operations when you move between service tiers.
### Azure CLI
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/database-transactions-optimistic-concurrency https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/database-transactions-optimistic-concurrency.md
@@ -48,7 +48,9 @@ The ability to execute JavaScript directly within the database engine provides p
Optimistic concurrency control allows you to prevent lost updates and deletes. Concurrent, conflicting operations are subjected to the regular pessimistic locking of the database engine hosted by the logical partition that owns the item. When two concurrent operations attempt to update the latest version of an item within a logical partition, one of them will win and the other will fail. However, if one or two operations attempting to concurrently update the same item had previously read an older value of the item, the database doesnΓÇÖt know if the previously read value by either or both the conflicting operations was indeed the latest value of the item. Fortunately, this situation can be detected with the **Optimistic Concurrency Control (OCC)** before letting the two operations enter the transaction boundary inside the database engine. OCC protects your data from accidentally overwriting changes that were made by others. It also prevents others from accidentally overwriting your own changes.
-The concurrent updates of an item are subjected to the OCC by Azure Cosmos DBΓÇÖs communication protocol layer. Azure Cosmos database ensures that the client-side version of the item that you are updating (or deleting) is the same as the version of the item in the Azure Cosmos container. This ensures that your writes are protected from being overwritten accidentally by the writes of others and vice versa. In a multi-user environment, the optimistic concurrency control protects you from accidentally deleting or updating wrong version of an item. As such, items are protected against the infamous ΓÇ£lost updateΓÇ¥ or ΓÇ£lost deleteΓÇ¥ problems.
+The concurrent updates of an item are subjected to the OCC by Azure Cosmos DBΓÇÖs communication protocol layer. For Azure Cosmos accounts configured for **single-region writes**, Azure Cosmos DB ensures that the client-side version of the item that you are updating (or deleting) is the same as the version of the item in the Azure Cosmos container. This ensures that your writes are protected from being overwritten accidentally by the writes of others and vice versa. In a multi-user environment, the optimistic concurrency control protects you from accidentally deleting or updating wrong version of an item. As such, items are protected against the infamous "lost update" or "lost delete" problems.
+
+In an Azure Cosmos account configured with **multi-region writes**, data can be committed independently into secondary regions if its `_etag` matches that of the data in the local region. Once new data is committed locally in a secondary region, it is then merged in the hub or primary region. If the conflict resolution policy merges the new data into the hub region, this data will then be replicated globally with the new `_etag`. If the conflict resolution policy rejects the new data, the secondary region will be rolled back to the original data and `_etag`.
Every item stored in an Azure Cosmos container has a system defined `_etag` property. The value of the `_etag` is automatically generated and updated by the server every time the item is updated. `_etag` can be used with the client supplied `if-match` request header to allow the server to decide whether an item can be conditionally updated. The value of the `if-match` header matches the value of the `_etag` at the server, the item is then updated. If the value of the `if-match` request header is no longer current, the server rejects the operation with an "HTTP 412 Precondition failure" response message. The client then can re-fetch the item to acquire the current version of the item on the server or override the version of item in the server with its own `_etag` value for the item. In addition, `_etag` can be used with the `if-none-match` header to determine whether a refetch of a resource is needed.
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-manage-indexing-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/how-to-manage-indexing-policy.md
@@ -22,7 +22,7 @@ In Azure Cosmos DB, data is indexed following [indexing policies](index-policy.m
Here are some examples of indexing policies shown in [their JSON format](index-policy.md#include-exclude-paths), which is how they are exposed on the Azure portal. The same parameters can be set through the Azure CLI or any SDK.
-### Opt-out policy to selectively exclude some property paths
+### <a id="range-index"></a>Opt-out policy to selectively exclude some property paths
```json {
@@ -141,7 +141,7 @@ This indexing policy is equivalent to the one below which manually sets ```kind`
> [!NOTE] > It is generally recommended to use an **opt-out** indexing policy to let Azure Cosmos DB proactively index any new property that may be added to your data model.
-### Using a spatial index on a specific property path only
+### <a id="spatial-index"></a>Using a spatial index on a specific property path only
```json {
@@ -171,7 +171,7 @@ This indexing policy is equivalent to the one below which manually sets ```kind`
} ```
-## Composite indexing policy examples
+## <a id="composite-index"></a>Composite indexing policy examples
In addition to including or excluding paths for individual properties, you can also specify a composite index. If you would like to perform a query that has an `ORDER BY` clause for multiple properties, a [composite index](index-policy.md#composite-indexes) on those properties is required. Additionally, composite indexes will have a performance benefit for queries that have a multiple filters or both a filter and an ORDER BY clause.
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-write-stored-procedures-triggers-udfs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/how-to-write-stored-procedures-triggers-udfs.md
@@ -279,7 +279,7 @@ function async_sample() {
## <a id="triggers"></a>How to write triggers
-Azure Cosmos DB supports pre-triggers and post-triggers. Pre-triggers are executed before modifying a database item and post-triggers are executed after modifying a database item.
+Azure Cosmos DB supports pre-triggers and post-triggers. Pre-triggers are executed before modifying a database item and post-triggers are executed after modifying a database item.Triggers are not automatic. They must be specified for each database operation where you want them executed.
### <a id="pre-triggers"></a>Pre-triggers
@@ -404,4 +404,4 @@ Learn more concepts and how-to write or use stored procedures, triggers, and use
* [Working with Azure Cosmos DB stored procedures, triggers, and user-defined functions in Azure Cosmos DB](stored-procedures-triggers-udfs.md)
-* [Working with JavaScript language integrated query API in Azure Cosmos DB](javascript-query-api.md)
\ No newline at end of file
+* [Working with JavaScript language integrated query API in Azure Cosmos DB](javascript-query-api.md)
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/index-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/index-overview.md
@@ -1,6 +1,6 @@
--- title: Indexing in Azure Cosmos DB
-description: Understand how indexing works in Azure Cosmos DB, different kinds of indexes such as Range, Spatial, composite indexes supported.
+description: Understand how indexing works in Azure Cosmos DB, different types of indexes such as Range, Spatial, composite indexes supported.
author: timsander1 ms.service: cosmos-db ms.subservice: cosmosdb-sql
@@ -59,13 +59,13 @@ Here are the paths for each property from the example item described above:
When an item is written, Azure Cosmos DB effectively indexes each property's path and its corresponding value.
-## Index kinds
+## <a id="index-types"></a>Types of indexes
-Azure Cosmos DB currently supports three kinds of indexes.
+Azure Cosmos DB currently supports three types of indexes. You can configure these index types when defining the indexing policy.
### Range Index
-**Range** index is based on an ordered tree-like structure. The range index kind is used for:
+**Range** index is based on an ordered tree-like structure. The range index type is used for:
- Equality queries:
@@ -117,11 +117,11 @@ Azure Cosmos DB currently supports three kinds of indexes.
SELECT child FROM container c JOIN child IN c.properties WHERE child = 'value' ```
-Range indexes can be used on scalar values (string or number).
+Range indexes can be used on scalar values (string or number). The default indexing policy for newly created containers enforces range indexes for any string or number. To learn how to configure range indexes, see [Range indexing policy examples](how-to-manage-indexing-policy.md#range-index)
### Spatial index
-**Spatial** indices enable efficient queries on geospatial objects such as - points, lines, polygons, and multipolygon. These queries use ST_DISTANCE, ST_WITHIN, ST_INTERSECTS keywords. The following are some examples that use spatial index kind:
+**Spatial** indices enable efficient queries on geospatial objects such as - points, lines, polygons, and multipolygon. These queries use ST_DISTANCE, ST_WITHIN, ST_INTERSECTS keywords. The following are some examples that use spatial index type:
- Geospatial distance queries:
@@ -141,11 +141,11 @@ Range indexes can be used on scalar values (string or number).
SELECT * FROM c WHERE ST_INTERSECTS(c.property, { 'type':'Polygon', 'coordinates': [[ [31.8, -5], [32, -5], [31.8, -5] ]] }) ```
-Spatial indexes can be used on correctly formatted [GeoJSON](./sql-query-geospatial-intro.md) objects. Points, LineStrings, Polygons, and MultiPolygons are currently supported.
+Spatial indexes can be used on correctly formatted [GeoJSON](./sql-query-geospatial-intro.md) objects. Points, LineStrings, Polygons, and MultiPolygons are currently supported. To use this index type, set by using the `"kind": "Range"` property when configuring the indexing policy. To learn how to configure spatial indexes, see [Spatial indexing policy examples](how-to-manage-indexing-policy.md#spatial-index)
### Composite indexes
-**Composite** indices increase the efficiency when you are performing operations on multiple fields. The composite index kind is used for:
+**Composite** indices increase the efficiency when you are performing operations on multiple fields. The composite index type is used for:
- `ORDER BY` queries on multiple properties:
@@ -165,12 +165,14 @@ Spatial indexes can be used on correctly formatted [GeoJSON](./sql-query-geospat
SELECT * FROM container c WHERE c.property1 = 'value' AND c.property2 > 'value' ```
-As long as one filter predicate uses one of the index kind, the query engine will evaluate that first before scanning the rest. For example, if you have a SQL query such as `SELECT * FROM c WHERE c.firstName = "Andrew" and CONTAINS(c.lastName, "Liu")`
+As long as one filter predicate uses one of the index type, the query engine will evaluate that first before scanning the rest. For example, if you have a SQL query such as `SELECT * FROM c WHERE c.firstName = "Andrew" and CONTAINS(c.lastName, "Liu")`
* The above query will first filter for entries where firstName = "Andrew" by using the index. It then pass all of the firstName = "Andrew" entries through a subsequent pipeline to evaluate the CONTAINS filter predicate. * You can speed up queries and avoid full container scans when using functions that don't use the index (e.g. CONTAINS) by adding additional filter predicates that do use the index. The order of filter clauses isn't important. The query engine is will figure out which predicates are more selective and run the query accordingly.
+To learn how to configure composite indexes, see [Composite indexing policy examples](how-to-manage-indexing-policy.md#composite-index)
+ ## Querying with indexes The paths extracted when indexing data make it easy to lookup the index when processing a query. By matching the `WHERE` clause of a query with the list of indexed paths, it is possible to identify the items that match the query predicate very quickly.
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/index-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/index-policy.md
@@ -130,7 +130,7 @@ Azure Cosmos DB, by default, will not create any spatial indexes. If you would l
## Composite indexes
-Queries that have an `ORDER BY` clause with two or more properties require a composite index. You can also define a composite index to improve the performance of many equality and range queries. By default, no composite indexes are defined so you should [add composite indexes](how-to-manage-indexing-policy.md#composite-indexing-policy-examples) as needed.
+Queries that have an `ORDER BY` clause with two or more properties require a composite index. You can also define a composite index to improve the performance of many equality and range queries. By default, no composite indexes are defined so you should [add composite indexes](how-to-manage-indexing-policy.md#composite-index) as needed.
Unlike with included or excluded paths, you can't create a path with the `/*` wildcard. Every composite path has an implicit `/?` at the end of the path that you don't need to specify. Composite paths lead to a scalar value and this is the only value that is included in the composite index.
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/migrate-cosmosdb-data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/migrate-cosmosdb-data.md
@@ -39,7 +39,7 @@ The challenges described in the above section, can be solved by using a custom t
The custom tool uses the bulk executor library and supports scaling out across multiple clients and to track errors during the ingestion process. To use this tool, the source data should be partitioned into distinct files in Azure Data Lake Storage (ADLS) so that different migration workers can pick up each file and ingest them into Azure Cosmos DB. The custom tool makes use of a separate collection, which stores metadata about the migration progress for each individual source file in ADLS and tracks any errors associated with them.
-The following image describes the migration process using this custom tool. The tool is running on a set of virtual machines, and each virtual machine queries the tracking collection in Azure Cosmos DB to acquire a lease on one of the source data partitions. Once this is done, the source data partition is read by the tool and ingested into Azure Cosmos DB by using the bulk executor library. Next, the tracking collection is updated to record the progress of data ingestion and any errors encountered. After a data partition is processed, the tool attempts to query for the next available source partition. It continues to process the next source partition until all the data is migrated. The source code for the tool is available [here](https://github.com/Azure-Samples/azure-cosmosdb-bulkingestion).
+The following image describes the migration process using this custom tool. The tool is running on a set of virtual machines, and each virtual machine queries the tracking collection in Azure Cosmos DB to acquire a lease on one of the source data partitions. Once this is done, the source data partition is read by the tool and ingested into Azure Cosmos DB by using the bulk executor library. Next, the tracking collection is updated to record the progress of data ingestion and any errors encountered. After a data partition is processed, the tool attempts to query for the next available source partition. It continues to process the next source partition until all the data is migrated. The source code for the tool is available at the [Azure Cosmos DB bulk ingestion](https://github.com/Azure-Samples/azure-cosmosdb-bulkingestion) repo.
:::image type="content" source="./media/migrate-cosmosdb-data/migrationsetup.png" alt-text="Migration Tool Setup" border="false":::
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-api-faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/mongodb-api-faq.md
@@ -24,12 +24,7 @@ For more information, see [Connect to your Cosmos database with Azure Cosmos DB'
## Error codes while using Azure Cosmos DB's API for MongoDB?
-Along with the common MongoDB error codes, the Azure Cosmos DB's API for MongoDB has its own specific error codes:
-
-| Error | Code | Description | Solution |
-|---------------------|-------|--------------|-----------|
-| TooManyRequests | 16500 | The total number of request units consumed is more than the provisioned request-unit rate for the container and has been throttled. | Consider scaling the throughput assigned to a container or a set of containers from the Azure portal or retrying again. |
-| ExceededMemoryLimit | 16501 | As a multi-tenant service, the operation has gone over the client's memory allotment. | Reduce the scope of the operation through more restrictive query criteria or contact support from the [Azure portal](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade). <br><br> Example: `db.getCollection('users').aggregate([{$match: {name: "Andy"}}, {$sort: {age: -1}}]))` |
+Along with the common MongoDB error codes, the Azure Cosmos DB's API for MongoDB has its own specific error codes. These can be found in the [Troubleshooting Guide](mongodb-troubleshoot.md).
## Supported drivers
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/mongodb-troubleshoot.md
@@ -13,24 +13,32 @@ ms.author: chrande
# Troubleshoot common issues in Azure Cosmos DB's API for MongoDB [!INCLUDE[appliesto-mongodb-api](includes/appliesto-mongodb-api.md)]
-The following article describes common errors and solutions for databases using the Azure Cosmos DB API for MongoDB.
+The following article describes common errors and solutions for deployments using the Azure Cosmos DB API for MongoDB.
>[!Note]
-> Azure Cosmos DB does not host the MongoDB engine. It provides an implementation of the MongoDB [wire protocol version 3.6](mongodb-feature-support-36.md) and legacy support for [wire protocol version 3.2](mongodb-feature-support.md), therefore some of these errors are only found in Azure Cosmos DB's API for MongoDB.
+> Azure Cosmos DB does not host the MongoDB engine. It provides an implementation of the MongoDB wire protocol. Therefore, some of these errors are only found in Azure Cosmos DB's API for MongoDB.
## Common errors and solutions
-| Error | Code | Description | Solution |
-|---------------------|-------|--------------|-----------|
-| ExceededTimeLimit | 50 | The request has exceeded the timeout of 60 seconds of execution. | There can be many causes for this error. One of the causes is when the current allocated request units capacity is not sufficient to complete the request. This can be solved by increasing the request units of that collection or database. In other cases, this error can be worked-around by splitting a large request into smaller ones. |
-| TooManyRequests | 16500 | The total number of request units consumed is more than the provisioned request-unit rate for the collection and has been throttled. | Consider scaling the throughput assigned to a container or a set of containers from the Azure portal or you can retry the operation. |
-| ExceededMemoryLimit | 16501 | As a multi-tenant service, the operation has gone over the client's memory allotment. | Reduce the scope of the operation through more restrictive query criteria or contact support from the [Azure portal](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade). Example: `db.getCollection('users').aggregate([{$match: {name: "Andy"}}, {$sort: {age: -1}}]))` |
-| The index path corresponding to the specified order-by item is excluded / The order by query does not have a corresponding composite index that it can be served from. | 2 | The query requests a sort on a field that is not indexed. | Create a matching index (or composite index) for the sort query being attempted. |
-| MongoDB wire version issues | - | The older versions of MongoDB drivers are unable to detect the Azure Cosmos account's name in the connection strings. | Append *appName=@**accountName**@* at the end of your Cosmos DB's API for MongoDB connection string, where ***accountName*** is your Cosmos DB account name. |
+| Code | Error | Description | Solution |
+|------------|----------------------|--------------|-----------|
+| 2 | The index path corresponding to the specified order-by item is excluded or the order by query does not have a corresponding composite index that it can be served from. | The query requests a sort on a field that is not indexed. | Create a matching index (or composite index) for the sort query being attempted. |
+| 13 | Unauthorized | The request lacks the permissions to complete. | Ensure that you set proper permissions for your database and collection. |
+| 16 | InvalidLength | The request specified has an invalid length. | If you are using the explain() function, ensure that you supply only one operation. |
+| 26 | NamespaceNotFound | The database or collection being referenced in the query cannot be found. | Ensure your database/collection name precisely matches the name in your query.|
+| 50 | ExceededTimeLimit | The request has exceeded the timeout of 60 seconds of execution. | There can be many causes for this error. One of the causes is when the currently allocated request units capacity is not sufficient to complete the request. This can be solved by increasing the request units of that collection or database. In other cases, this error can be worked-around by splitting a large request into smaller ones.|
+| 61 | ShardKeyNotFound | The document in your request did not contain the collection's shard key (Azure Cosmos DB partition key). | Ensure the collection's shard key is being used in the request.|
+| 66 | ImmutableField | The request is attempting to change an immutable field | "id" fields are immutable. Ensure that your request does not attempt to update that field. |
+| 67 | CannotCreateIndex | The request to create an index cannot be completed. | Up to 500 single field indexes can be created in a container. Up to eight fields can be included in a compound index (compound indexes are supported in version 3.6+). |
+| 115 | CommandNotSupported | The request attempted is not supported. | Additional details should be provided in the error. If this functionality is important for your deployments, please let us know by creating a support ticket in the [Azure portal](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade). |
+| 11000 | DuplicateKey | The shard key (Azure Cosmos DB partition key) of the document you're inserting already exists in the collection or a unique index field constraint has been violated. | Use the update() function to update an existing document. If the unique index field constraint has been violated, insert or update the document with a field value that does not exist in the shard/partition yet. |
+| 16500 | TooManyRequests | The total number of request units consumed is more than the provisioned request-unit rate for the collection and has been throttled. | Consider scaling the throughput assigned to a container or a set of containers from the Azure portal or you can retry the operation. If you enable SSR (server-side retry), Azure Cosmos DB automatically retries the requests that fail due to this error. |
+| 16501 | ExceededMemoryLimit | As a multi-tenant service, the operation has gone over the client's memory allotment. | Reduce the scope of the operation through more restrictive query criteria or contact support from the [Azure portal](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade). Example: `db.getCollection('users').aggregate([{$match: {name: "Andy"}}, {$sort: {age: -1}}]))` |
+| 40324 | Unrecognized pipeline stage name. | The stage name in your aggregation pipeline request was not recognized. | Ensure that all aggregation pipeline names are valid in your request. |
+| - | MongoDB wire version issues | The older versions of MongoDB drivers are unable to detect the Azure Cosmos account's name in the connection strings. | Append *appName=@**accountName**@* at the end of your Cosmos DB's API for MongoDB connection string, where ***accountName*** is your Cosmos DB account name. |
## Next steps - Learn how to [use Studio 3T](mongodb-mongochef.md) with Azure Cosmos DB's API for MongoDB. - Learn how to [use Robo 3T](mongodb-robomongo.md) with Azure Cosmos DB's API for MongoDB. - Explore MongoDB [samples](mongodb-samples.md) with Azure Cosmos DB's API for MongoDB.-
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/sql-api-dotnet-samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-dotnet-samples.md
@@ -86,7 +86,7 @@ The [RunDocumentsDemo](https://github.com/Azure/azure-cosmos-dotnet-v2/tree/mast
| [Read document only if document has changed](https://github.com/Azure/azure-cosmos-dotnet-v2/tree/master/samples/code-samples/DocumentManagement/Program.cs#L454-L500) |[DocumentClient.AccessCondition](/dotnet/api/microsoft.azure.documents.client.accesscondition)<br>[Documents.Client.AccessConditionType](/dotnet/api/microsoft.azure.documents.client.accessconditiontype) | ## Indexing examples
-The [RunIndexDemo](https://github.com/Azure/azure-cosmos-dotnet-v2/tree/master/samples/code-samples/IndexManagement/Program.cs#L93-L115) method of the sample *IndexManagement* project shows how to do the following tasks. To learn about indexing in Azure Cosmos DB before you run the following samples, see [index policies](index-policy.md), [index types](index-overview.md#index-kinds), and [index paths](index-policy.md#include-exclude-paths).
+The [RunIndexDemo](https://github.com/Azure/azure-cosmos-dotnet-v2/tree/master/samples/code-samples/IndexManagement/Program.cs#L93-L115) method of the sample *IndexManagement* project shows how to do the following tasks. To learn about indexing in Azure Cosmos DB before you run the following samples, see [index policies](index-policy.md), [index types](index-overview.md#index-types), and [index paths](index-policy.md#include-exclude-paths).
| Task | API reference | | --- | --- |
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/sql-api-dotnet-v3sdk-samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-dotnet-v3sdk-samples.md
@@ -88,7 +88,7 @@ The [RunItemsDemo](https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/M
## Indexing examples
-The [RunIndexDemo](https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos.Samples/Usage/IndexManagement/Program.cs#L108-L122) method of the sample *IndexManagement* project shows how to do the following tasks. To learn about indexing in Azure Cosmos DB before you run the following samples, see [index policies](index-policy.md), [index types](index-overview.md#index-kinds), and [index paths](index-policy.md#include-exclude-paths).
+The [RunIndexDemo](https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos.Samples/Usage/IndexManagement/Program.cs#L108-L122) method of the sample *IndexManagement* project shows how to do the following tasks. To learn about indexing in Azure Cosmos DB before you run the following samples, see [index policies](index-policy.md), [index types](index-overview.md#index-types), and [index paths](index-policy.md#include-exclude-paths).
| Task | API reference | | --- | --- |
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/sql-api-java-sdk-samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-java-sdk-samples.md
@@ -161,7 +161,7 @@ The [Document CRUD Samples](https://github.com/Azure/azure-documentdb-java/blob/
| [Read document only if document has changed](https://github.com/Azure-Samples/azure-cosmos-java-sql-api-samples/blob/main/src/main/java/com/azure/cosmos/examples/documentcrud/sync/DocumentCRUDQuickstart.java#L266-L300) | AccessCondition.setType<br>AccessCondition.setCondition | ## Indexing examples
-The [Collection CRUD Samples](https://github.com/Azure/azure-documentdb-java/blob/master/documentdb-examples/src/test/java/com/microsoft/azure/documentdb/examples/CollectionCrudSamples.java) file shows how to perform the following tasks. To learn about indexing in Azure Cosmos DB before running the following samples, see [indexing policies](index-policy.md), [indexing types](index-overview.md#index-kinds), and [indexing paths](index-policy.md#include-exclude-paths) conceptual articles.
+The [Collection CRUD Samples](https://github.com/Azure/azure-documentdb-java/blob/master/documentdb-examples/src/test/java/com/microsoft/azure/documentdb/examples/CollectionCrudSamples.java) file shows how to perform the following tasks. To learn about indexing in Azure Cosmos DB before running the following samples, see [indexing policies](index-policy.md), [indexing types](index-overview.md#index-types), and [indexing paths](index-policy.md#include-exclude-paths) conceptual articles.
| Task | API reference | | --- | --- |
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/sql-api-nodejs-samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-nodejs-samples.md
@@ -82,7 +82,7 @@ The [ItemManagement](https://github.com/Azure/azure-cosmos-js/blob/master/sample
## Indexing examples
-The [IndexManagement](https://github.com/Azure/azure-cosmos-js/blob/master/samples/IndexManagement.ts) file shows how to manage indexing. To learn about indexing in Azure Cosmos DB before running the following samples, see [indexing policies](index-policy.md), [indexing types](index-overview.md#index-kinds), and [indexing paths](index-policy.md#include-exclude-paths) conceptual articles.
+The [IndexManagement](https://github.com/Azure/azure-cosmos-js/blob/master/samples/IndexManagement.ts) file shows how to manage indexing. To learn about indexing in Azure Cosmos DB before running the following samples, see [indexing policies](index-policy.md), [indexing types](index-overview.md#index-types), and [indexing paths](index-policy.md#include-exclude-paths) conceptual articles.
| Task | API reference | | --- | --- |
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/sql-api-python-samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-python-samples.md
@@ -86,7 +86,7 @@ The [item_management.py](https://github.com/Azure/azure-sdk-for-python/blob/mast
## Indexing examples
-The [index_management.py](https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/cosmos/azure-cosmos/samples/index_management.py) Python sample shows how to do the following tasks. To learn about indexing in Azure Cosmos DB before running the following samples, see [indexing policies](index-policy.md), [indexing types](index-overview.md#index-kinds), and [indexing paths](index-policy.md#include-exclude-paths) conceptual articles.
+The [index_management.py](https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/cosmos/azure-cosmos/samples/index_management.py) Python sample shows how to do the following tasks. To learn about indexing in Azure Cosmos DB before running the following samples, see [indexing policies](index-policy.md), [indexing types](index-overview.md#index-types), and [indexing paths](index-policy.md#include-exclude-paths) conceptual articles.
| Task | API reference | | --- | --- |
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/sql-query-join https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-query-join.md
@@ -1,12 +1,12 @@
--- title: SQL JOIN queries for Azure Cosmos DB description: Learn how to JOIN multiple tables in Azure Cosmos DB to query the data
-author: markjbrown
+author: timsander1
ms.service: cosmos-db ms.subservice: cosmosdb-sql ms.topic: conceptual
-ms.date: 05/17/2019
-ms.author: mjbrown
+ms.date: 01/07/2021
+ms.author: tisande
--- # Joins in Azure Cosmos DB
@@ -14,7 +14,7 @@ ms.author: mjbrown
In a relational database, joins across tables are the logical corollary to designing normalized schemas. In contrast, the SQL API uses the denormalized data model of schema-free items, which is the logical equivalent of a *self-join*.
-Inner joins result in a complete cross product of the sets participating in the join. The result of an N-way join is a set of N-element tuples, where each value in the tuple is associated with the aliased set participating in the join and can be accessed by referencing that alias in other clauses.
+Joins result in a complete cross product of the sets participating in the join. The result of an N-way join is a set of N-element tuples, where each value in the tuple is associated with the aliased set participating in the join and can be accessed by referencing that alias in other clauses.
## Syntax
@@ -249,6 +249,8 @@ The results are:
] ```
+If your query has a JOIN and filters, you can rewrite part of the query as a [subquery](sql-query-subquery.md#optimize-join-expressions) to improve performance.
+ ## Next steps - [Getting started](sql-query-getting-started.md)
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/sql-query-object-array https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-query-object-array.md
@@ -5,7 +5,7 @@ author: timsander1
ms.service: cosmos-db ms.subservice: cosmosdb-sql ms.topic: conceptual
-ms.date: 12/08/2020
+ms.date: 01/07/2021
ms.author: tisande ---
@@ -49,9 +49,27 @@ SELECT f.id, ARRAY(SELECT DISTINCT VALUE c.givenName FROM c IN f.children) as Ch
FROM f ```
+The results are:
+
+```json
+[
+ {
+ "id": "AndersenFamily",
+ "ChildNames": []
+ },
+ {
+ "id": "WakefieldFamily",
+ "ChildNames": [
+ "Jesse",
+ "Lisa"
+ ]
+ }
+]
+```
+ ## <a id="Iteration"></a>Iteration
-The SQL API provides support for iterating over JSON arrays, with a new construct added via the [IN keyword](sql-query-keywords.md#in) in the FROM source. In the following example:
+The SQL API provides support for iterating over JSON arrays, with the [IN keyword](sql-query-keywords.md#in) in the FROM source. In the following example:
```sql SELECT *
@@ -152,6 +170,9 @@ The results are:
] ```
+> [!NOTE]
+> When using the IN keyword for iteration, you cannot filter or project any properties outside of the array. Instead, you should use [JOINs](sql-query-join.md).
+ ## Next steps - [Getting started](sql-query-getting-started.md)
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/ea-pricing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/manage/ea-pricing.md
@@ -7,7 +7,7 @@ tags: billing
ms.service: cost-management-billing ms.subservice: enterprise ms.topic: conceptual
-ms.date: 08/20/2020
+ms.date: 01/07/2021
ms.author: banders ms.custom: seodec18 ---
@@ -21,19 +21,13 @@ Azure customers with an Azure Enterprise Agreement (EA), Microsoft Customer Agre
Depending on the policies set for your organization by the Enterprise Admin, only certain administrative roles provide access to your organization's EA pricing information. For more information, see [Understand Azure Enterprise Agreement administrative roles in Azure](understand-ea-roles.md). 1. As an Enterprise Admin, sign-in to the [Azure portal](https://portal.azure.com/).
-1. Search for *Cost Management + Billing*.
-
+1. Search for *Cost Management + Billing*.
![Screenshot that shows Azure portal search.](./media/ea-pricing/portal-cm-billing-search.png)-
-1. Under the billing account, select **Usage + charges**.
-
+1. Under the billing account, select **Usage + charges**.
![Screenshot that shows usage and charges under Billing](./media/ea-pricing/ea-pricing-usage-charges-nav.png)- 1. Select ![Download icon.](./media/ea-pricing/download-icon.png) **Download** for the month.-
-1. Under **Price Sheet**, select **Download csv**.
-
- ![Screenshot shows the Download Usage + Charges options.](./media/ea-pricing/download-ea-price-sheet.png)
+1. Under **Price Sheet**, select **Download csv**.
+ :::image type="content" source="./media/ea-pricing/download-enterprise-agreement-price-sheet-01.png" alt-text="Screenshot shows the Download Usage + Charges options." :::
## Download pricing for an MCA or MPA account
@@ -46,13 +40,11 @@ If you have an MCA, you must be the billing profile owner, contributor, reader,
1. Select a billing profile. Depending on your access, you might need to select a billing account first. 1. Select **Invoices**. 1. In the invoice grid, find the row of the invoice corresponding to the price sheet you want to download.
-1. Click the ellipsis (`...`) at the end of the row.
-![Screenshot that shows the ellipsis selected](./media/ea-pricing/billingprofile-invoicegrid-new.png)
-
+1. Click the ellipsis (`...`) at the end of the row.
+ ![Screenshot that shows the ellipsis selected](./media/ea-pricing/billingprofile-invoicegrid-new.png)
1. If you want to see prices for the services in the selected invoice, select **Invoice price sheet**.
-1. If you want to see prices for all Azure services for the given billing period, select **Azure price sheet**.
-
-![Screenshot that shows context menu with price sheets](./media/ea-pricing/contextmenu-pricesheet01.png)
+1. If you want to see prices for all Azure services for the given billing period, select **Azure price sheet**.
+ ![Screenshot that shows context menu with price sheets](./media/ea-pricing/contextmenu-pricesheet01.png)
### Download price sheets for the current billing period
@@ -62,8 +54,8 @@ If you have an MCA, you can download pricing for the current billing period.
1. Search for *Cost Management + Billing*. 1. Select a billing profile. Depending on your access, you might need to select a billing account first. 1. In the **Overview** area, find the download links beneath the month-to-date charges.
-1. Select **Azure price sheet**.
-![Screenshot that shows download from Overview](./media/ea-pricing/open-pricing01.png)
+1. Select **Azure price sheet**.
+ ![Screenshot that shows download from Overview](./media/ea-pricing/open-pricing01.png)
## Estimate costs with the Azure pricing calculator
@@ -72,10 +64,8 @@ You may also use your organizationΓÇÖs pricing to estimate costs with the Azure
1. Go to the [Azure pricing calculator](https://azure.microsoft.com/pricing/calculator). 1. On the top right, select **Sign in**. 1. Under **Programs and Offer** > **Licensing Program**, select **Enterprise Agreement (EA)**.
-1. Under **Programs and Offer** > **Selected agreement**, select **None selected**.
-
+1. Under **Programs and Offer** > **Selected agreement**, select **None selected**.
![Screenshot shows the Programs and Offers available.](./media/ea-pricing/ea-pricing-calculator-estimate.png)- 1. Choose the organization. 1. Select **Apply**. 1. Search for and then add products to your estimate.
data-factory https://docs.microsoft.com/en-us/azure/data-factory/connector-troubleshoot-guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/connector-troubleshoot-guide.md
@@ -5,7 +5,7 @@ services: data-factory
author: linda33wj ms.service: data-factory ms.topic: troubleshooting
-ms.date: 12/30/2020
+ms.date: 01/07/2021
ms.author: jingwang ms.reviewer: craigg ms.custom: has-adal-ref
@@ -455,34 +455,15 @@ busy to handle requests, it returns an HTTP error 503.
- **Cause**: Azure Synapse Analytics hit issue querying the external table in Azure Storage. - **Resolution**: Run the same query in SSMS and check if you see the same result. If yes, open a support ticket to Azure Synapse Analytics and provide your Azure Synapse Analytics server and database name to further troubleshoot.
-
-
-### Low performance when load data into Azure SQL
--- **Symptoms**: Copying data in to Azure SQL turns to be slow.--- **Cause**: The root cause of the issue is mostly triggered by the bottleneck of Azure SQL side. Following are some possible causes:-
- - Azure DB tier is not high enough.
-
- - Azure DB DTU usage is close to 100%. You can [monitor the performance](https://docs.microsoft.com/azure/azure-sql/database/monitor-tune-overview) and consider to upgrade the DB tier.
-
- - Indexes are not set properly. Remove all the indexes before data load and recreate them after load complete.
-
- - WriteBatchSize is not large enough to fit schema row size. Try to enlarge the property for the issue.
-
- - Instead of bulk inset, stored procedure is being used, which is expected to have worse performance.
--- **Resolution**: Refer to the TSG for [copy activity performance](https://docs.microsoft.com/azure/data-factory/copy-activity-performance-troubleshooting) ### Performance tier is low and leads to copy failure -- **Symptoms**: Below error message occurred when copying data into Azure SQL: `Database operation failed. Error message from database execution : ExecuteNonQuery requires an open and available Connection. The connection's current state is closed.`
+- **Symptoms**: Below error message occurred when copying data into Azure SQL Database: `Database operation failed. Error message from database execution : ExecuteNonQuery requires an open and available Connection. The connection's current state is closed.`
-- **Cause**: Azure SQL s1 is being used, which hit IO limits in such case.
+- **Cause**: Azure SQL Database s1 is being used, which hit IO limits in such case.
-- **Resolution**: Upgrade the Azure SQL performance tier to fix the issue.
+- **Resolution**: Upgrade the Azure SQL Database performance tier to fix the issue.
### SQL Table cannot be found
@@ -616,31 +597,6 @@ busy to handle requests, it returns an HTTP error 503.
- **Cause**: The dynamics server is instable or inaccessible or the network is experiencing issues. - **Recommendation**: Check network connectivity or check dynamics server log for more details. Contact dynamics support for further help.--
-## Excel Format
-
-### Timeout or slow performance when parsing large Excel file
--- **Symptoms**:-
- - When you create Excel dataset and import schema from connection/store, preview data, list, or refresh worksheets, you may hit timeout error if the excel file is large in size.
-
- - When you use copy activity to copy data from large Excel file (>= 100 MB) into other data store, you may experience slow performance or OOM issue.
--- **Cause**: -
- - For operations like importing schema, previewing data, and listing worksheets on excel dataset, the timeout is 100 s and static. For large Excel file, these operations may not finish within the timeout value.
-
- - ADF copy activity reads the whole Excel file into memory then locate the specified worksheet and cells to read data. This behavior is due to the underlying SDK ADF uses.
--- **Resolution**: -
- - For importing schema, you can generate a smaller sample file, which is a subset of original file, and choose "import schema from sample file" instead of "import schema from connection/store".
-
- - For listing worksheet, in the worksheet dropdown, you can click "Edit" and input the sheet name/index instead.
-
- - To copy large excel file (>100 MB) into other store, you can use Data Flow Excel source which sport streaming read and perform better.
## FTP
data-factory https://docs.microsoft.com/en-us/azure/data-factory/control-flow-expression-language-functions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/control-flow-expression-language-functions.md
@@ -969,7 +969,7 @@ And returns this result: `"2018-01-01T00:00:00.0000000"`
This example converts a time zone to the specified time zone and format: ```
-convertTimeZone('2018-01-01T80:00:00.0000000Z', 'UTC', 'Pacific Standard Time', 'D')
+convertTimeZone('2018-01-01T08:00:00.0000000Z', 'UTC', 'Pacific Standard Time', 'D')
``` And returns this result: `"Monday, January 1, 2018"`
@@ -3401,4 +3401,4 @@ Following on Example 3, this example finds the value in the
And returns this result: `"Paris"` ## Next steps
-For a list of system variables you can use in expressions, see [System variables](control-flow-system-variables.md).
\ No newline at end of file
+For a list of system variables you can use in expressions, see [System variables](control-flow-system-variables.md).
data-factory https://docs.microsoft.com/en-us/azure/data-factory/copy-activity-performance-troubleshooting https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/copy-activity-performance-troubleshooting.md
@@ -11,7 +11,7 @@ ms.service: data-factory
ms.workload: data-services ms.topic: conceptual ms.custom: seo-lt-2019
-ms.date: 12/09/2020
+ms.date: 01/07/2021
--- # Troubleshoot copy activity performance
@@ -167,6 +167,60 @@ When the copy performance doesn't meet your expectation, to troubleshoot single
- Consider to gradually tune the [parallel copies](copy-activity-performance-features.md), note that too many parallel copies may even hurt the performance. +
+## Connector and IR performance
+
+This section explores some performance troubleshooting guides for particular connector type or integration runtime.
+
+### Activity execution time varies using Azure IR vs Azure VNet IR
+
+Activity execution time varies when the dataset is based on different Integration Runtime.
+
+- **Symptoms**: Simply toggling the Linked Service dropdown in the dataset performs the same pipeline activities, but has drastically different run-times. When the dataset is based on the Managed Virtual Network Integration Runtime, it takes more than 2 minutes on average to complete the run, but it takes approximately 20 seconds to complete when based on the Default Integration Runtime.
+
+- **Cause**: Checking the details of pipeline runs, you can see that the slow pipeline is running on Managed VNet (Virtual Network) IR while the normal one is running on Azure IR. By design, Managed VNet IR takes longer queue time than Azure IR as we are not reserving one compute node per data factory, so there is a warm up around 2 minutes for each copy activity to start, and it occurs primarily on VNet join rather than Azure IR.
+
+
+### Low performance when loading data into Azure SQL Database
+
+- **Symptoms**: Copying data in to Azure SQL Database turns to be slow.
+
+- **Cause**: The root cause of the issue is mostly triggered by the bottleneck of Azure SQL Database side. Following are some possible causes:
+
+ - Azure SQL Database tier is not high enough.
+
+ - Azure SQL Database DTU usage is close to 100%. You can [monitor the performance](https://docs.microsoft.com/azure/azure-sql/database/monitor-tune-overview) and consider to upgrade the Azure SQL Database tier.
+
+ - Indexes are not set properly. Remove all the indexes before data load and recreate them after load complete.
+
+ - WriteBatchSize is not large enough to fit schema row size. Try to enlarge the property for the issue.
+
+ - Instead of bulk inset, stored procedure is being used, which is expected to have worse performance.
+
+- **Resolution**: Refer to [Troubleshoot copy activity performance](https://docs.microsoft.com/azure/data-factory/copy-activity-performance-troubleshooting).
+
+### Timeout or slow performance when parsing large Excel file
+
+- **Symptoms**:
+
+ - When you create Excel dataset and import schema from connection/store, preview data, list, or refresh worksheets, you may hit timeout error if the excel file is large in size.
+
+ - When you use copy activity to copy data from large Excel file (>= 100 MB) into other data store, you may experience slow performance or OOM issue.
+
+- **Cause**:
+
+ - For operations like importing schema, previewing data, and listing worksheets on excel dataset, the timeout is 100 s and static. For large Excel file, these operations may not finish within the timeout value.
+
+ - ADF copy activity reads the whole Excel file into memory then locate the specified worksheet and cells to read data. This behavior is due to the underlying SDK ADF uses.
+
+- **Resolution**:
+
+ - For importing schema, you can generate a smaller sample file, which is a subset of original file, and choose "import schema from sample file" instead of "import schema from connection/store".
+
+ - For listing worksheet, in the worksheet dropdown, you can click "Edit" and input the sheet name/index instead.
+
+ - To copy large excel file (>100 MB) into other store, you can use Data Flow Excel source which sport streaming read and perform better.
+
## Other references Here is performance monitoring and tuning references for some of the supported data stores:
data-factory https://docs.microsoft.com/en-us/azure/data-factory/copy-activity-schema-and-type-mapping https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/copy-activity-schema-and-type-mapping.md
@@ -62,7 +62,7 @@ The following properties are supported under `translator` in addition to `mappin
For example, to copy data from Salesforce to Azure SQL Database and explicitly map three columns:
-1. On copy activity -> mapping tab, click **Import schema** button to import both source and sink schemas.
+1. On copy activity -> mapping tab, click **Import schemas** button to import both source and sink schemas.
2. Map the needed fields and exclude/delete the rest.
@@ -176,7 +176,7 @@ And you want to copy it into a text file in the following format with header lin
You can define such mapping on Data Factory authoring UI:
-1. On copy activity -> mapping tab, click **Import schema** button to import both source and sink schemas. As Data Factory samples the top few objects when importing schema, if any field doesn't show up, you can add it to the correct layer in the hierarchy - hover on an existing field name and choose to add a node, an object, or an array.
+1. On copy activity -> mapping tab, click **Import schemas** button to import both source and sink schemas. As Data Factory samples the top few objects when importing schema, if any field doesn't show up, you can add it to the correct layer in the hierarchy - hover on an existing field name and choose to add a node, an object, or an array.
2. Select the array from which you want to iterate and extract data. It will be auto populated as **Collection reference**. Note only single array is supported for such operation.
@@ -522,4 +522,4 @@ Configure the schema-mapping rule as the following copy activity JSON sample:
## Next steps See the other Copy Activity articles: -- [Copy activity overview](copy-activity-overview.md)\ No newline at end of file
+- [Copy activity overview](copy-activity-overview.md)
data-factory https://docs.microsoft.com/en-us/azure/data-factory/security-and-access-control-troubleshoot-guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/security-and-access-control-troubleshoot-guide.md
@@ -147,16 +147,6 @@ Try to enable public network access on the user interface, as shown in the follo
![Screenshot of the "Enabled" control for "Allow public network access" on the Networking pane.](media/self-hosted-integration-runtime-troubleshoot-guide/enable-public-network-access.png)
-### Pipeline runtime varies when basing on different IR
-
-#### Symptoms
-
-Simply toggling the Linked Service dropdown in the dataset performs the same pipeline activities, but has drastically different run-times. When the dataset is based on the Managed Virtual Network Integration Runtime, it takes more than 2 minutes on average to complete the run, but it takes approximately 20 seconds to complete when based on the Default Integration Runtime.
-
-#### Cause
-
-Checking the details of pipeline runs, you can see that the slow pipeline is running on Managed VNet (Virtual Network) IR while the normal one is running on Azure IR. By design, Managed VNet IR takes longer queue time than Azure IR as we are not reserving one compute node per data factory, so there is a warm up around 2 minutes for each copy activity to start, and it occurs primarily on VNet join rather than Azure IR.
- ## Next steps For more help with troubleshooting, try the following resources:
data-lake-analytics https://docs.microsoft.com/en-us/azure/data-lake-analytics/data-lake-tools-for-vscode-local-run-and-debug https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-analytics/data-lake-tools-for-vscode-local-run-and-debug.md
@@ -62,7 +62,7 @@ For the first-time user:
![reminder installs Dotnet](./media/data-lake-analytics-data-lake-tools-for-vscode-local-run-and-debug/remind-install-dotnet.png) 3. Install C# for Visual Studio Code as suggested in the message box if not installed. Click **Install** to continue, and then restart VSCode.
- ![Reminder to install C#](./media/data-lake-analytics-data-lake-tools-for-vscode-local-run-and-debug/install-csharp.png)
+![Reminder to install C#](./media/data-lake-analytics-data-lake-tools-for-vscode-local-run-and-debug/install-csharp.png)
Follow steps below to perform local debug:
@@ -79,4 +79,4 @@ Follow steps below to perform local debug:
* [Get started with Data Lake Analytics using PowerShell](data-lake-analytics-get-started-powershell.md) * [Get started with Data Lake Analytics using the Azure portal](data-lake-analytics-get-started-portal.md) * [Use Data Lake Tools for Visual Studio for developing U-SQL applications](data-lake-analytics-data-lake-tools-get-started.md)
-* [Use Data Lake Analytics(U-SQL) catalog](./data-lake-analytics-u-sql-get-started.md)
\ No newline at end of file
+* [Use Data Lake Analytics(U-SQL) catalog](./data-lake-analytics-u-sql-get-started.md)
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-deploy-configure-compute-advanced https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-deploy-configure-compute-advanced.md
@@ -7,7 +7,7 @@ author: alkohli
ms.service: databox ms.subservice: edge ms.topic: tutorial
-ms.date: 05/20/2019
+ms.date: 01/06/2021
ms.author: alkohli Customer intent: As an IT admin, I need to understand how to configure compute on Azure Stack Edge Pro for advanced deployment flow so I can use it to transform the data before sending it to Azure. ---
@@ -48,32 +48,34 @@ Before you set up a compute role on your Azure Stack Edge Pro device, make sure
To configure compute on your Azure Stack Edge Pro, you'll create an IoT Hub resource.
-1. In the Azure portal of your Azure Stack Edge resource, go to **Overview**. In the right-pane, on the **Compute** tile, select **Get started**.
+1. In the Azure portal of your Azure Stack Edge resource, go to **Overview**. In the right-pane, select the **IoT Edge** tile.
![Get started with compute](./media/azure-stack-edge-deploy-configure-compute-advanced/configure-compute-1.png)
-2. On the **Configure Edge compute** tile, select **Configure compute**.
+2. On the **Enable IoT Edge service** tile, select **Add**. This action enables IoT Edge service that lets you deploy IoT Edge modules locally on your device.
![Get started with compute 2](./media/azure-stack-edge-deploy-configure-compute-advanced/configure-compute-2.png)
-3. On the **Configure Edge compute** blade, input the following:
+3. On the **Create IoT Edge service**, input the following:
|Field |Value | |---------|---------|
- |IoT Hub | Choose from **New** or **Existing**. <br> By default, a Standard tier (S1) is used to create an IoT resource. To use a free tier IoT resource, create one and then select the existing resource. <br> In each case, the IoT Hub resource uses the same subscription and resource group that is used by the Azure Stack Edge resource. |
- |Name |Enter a name for your IoT Hub resource. |
+ |Subscription |Select a subscription for your IoT Hub resource. You can select the same subscription as that used by the Azure Stack Edge resource. |
+ |Resource group |Enter a name for the resource group for your IoT Hub resource. You can select the same resource group as that used by the Azure Stack Edge resource. |
+ |IoT Hub | Choose from **New** or **Existing**. <br> By default, a Standard tier (S1) is used to create an IoT resource. To use a free tier IoT resource, create one and then select the existing resource. |
+ |Name |Accept the default or enter a name for your IoT Hub resource. |
![Get started with compute 3](./media/azure-stack-edge-deploy-configure-compute-advanced/configure-compute-3.png)
-4. Select **Create**. The IoT Hub resource creation takes a couple minutes. After the IoT Hub resource is created, the **Configure Edge compute** tile updates to show the compute configuration. To confirm that the Edge compute role has been configured, select **View config** on the **Configure compute** tile.
-
- ![Get started with compute 4](./media/azure-stack-edge-deploy-configure-compute-advanced/configure-compute-4.png)
+4. Select **Review + Create**. The IoT Hub resource creation takes a couple minutes. After the IoT Hub resource is created, the **Overview** updates to indicate that the IoT Edge service is running.
- When the Edge compute role is set up on the Edge device, it creates two devices: an IoT device and an IoT Edge device. Both devices can be viewed in the IoT Hub resource. An IoT Edge Runtime is also running on this IoT Edge device.
+ When the IoT Edge service is configured on the Edge device, it creates two devices: an IoT device and an IoT Edge device. Both devices can be viewed in the IoT Hub resource. An IoT Edge Runtime is also running on this IoT Edge device. At this point, only the Linux platform is available for your IoT Edge device.
- At this point, only the Linux platform is available for your IoT Edge device.
+ To confirm that the Edge compute role has been configured, select **IoT Edge service > Properties** and view the IoT device and the IoT Edge device.
+ ![Get started with compute 4](./media/azure-stack-edge-deploy-configure-compute-advanced/configure-compute-4.png)
+
## Add shares
@@ -81,20 +83,14 @@ For the advanced deployment in this tutorial, you'll need two shares: one Edge s
1. Add an Edge share on the device by doing the following steps:
- 1. In your Azure Stack Edge resource, go to **Edge compute > Get started**.
- 2. On the **Add share(s)** tile, select **Add**.
+ 1. In your Azure Stack Edge resource, go to **IoT Edge > Shares**.
+ 2. On the **Shares** page, from the command bar, select **+ Add share**.
3. On the **Add share** blade, provide the share name and select the share type. 4. To mount the Edge share, select the check box for **Use the share with Edge compute**. 5. Select the **Storage account**, **Storage service**, an existing user, and then select **Create**. ![Add an Edge share](./media/azure-stack-edge-deploy-configure-compute-advanced/add-edge-share-1.png)
- <!--If you created a local NFS share, use the following remote sync (rsync) command option to copy files onto the share:
-
- `rsync <source file path> < destination file path>`
-
- For more information about the rsync command, go to [Rsync documentation](https://www.computerhope.com/unix/rsync.htm).-->
- After the Edge share is created, you'll receive a successful creation notification. The share list is updated to reflect the new share. 2. Add an Edge local share on the Edge device by repeating all the steps in the preceding step and selecting the check box for **Configure as Edge local share**. The data in the local share stays on the device.
@@ -120,7 +116,7 @@ For the advanced deployment in this tutorial, you'll need two shares: one Edge s
## Add a trigger
-1. Go to **Edge compute > Triggers**. Select **+ Add trigger**.
+1. Go to your Azure Stack Edge resource and then go to **IoT Edge > Triggers**. Select **+ Add trigger**.
![Add trigger](./media/azure-stack-edge-deploy-configure-compute-advanced/add-trigger-1.png)
@@ -150,7 +146,7 @@ There are no custom modules on this Edge device. You could add a custom or a pre
In this section, you add a custom module to the IoT Edge device that you created in [Develop a C# module for your Azure Stack Edge Pro](azure-stack-edge-create-iot-edge-module.md). This custom module takes files from an Edge local share on the Edge device and moves them to an Edge (cloud) share on the device. The cloud share then pushes the files to the Azure storage account that's associated with the cloud share.
-1. Go to **Edge compute > Get started**. On the **Add modules** tile, select the scenario type as **advanced**. Select **Go to IoT Hub**.
+1. Go to your Azure Stack Edge resource and then go to **IoT Edge > Overview**. On the **Modules** tile, select **Go to Azure IoT Hub**.
![Select advanced deployment](./media/azure-stack-edge-deploy-configure-compute-advanced/add-module-1.png)
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-deploy-configure-compute https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-deploy-configure-compute.md
@@ -7,7 +7,7 @@ author: alkohli
ms.service: databox ms.subservice: edge ms.topic: tutorial
-ms.date: 09/03/2019
+ms.date: 01/06/2021
ms.author: alkohli Customer intent: As an IT admin, I need to understand how to configure compute on Azure Stack Edge Pro so I can use it to transform the data before sending it to Azure. ---
@@ -38,30 +38,35 @@ Before you set up a compute role on your Azure Stack Edge Pro device, make sure
To configure compute on your Azure Stack Edge Pro, you'll create an IoT Hub resource.
-1. In the Azure portal of your Azure Stack Edge resource, go to Overview. In the right-pane, on the **Compute** tile, select **Get started**.
+1. In the Azure portal of your Azure Stack Edge resource, go to **Overview**. In the right-pane, select **IoT Edge**.
![Get started with compute](./media/azure-stack-edge-deploy-configure-compute/configure-compute-1.png)
-2. On the **Configure Edge compute** tile, select **Configure compute**.
-3. On the **Configure Edge compute** blade, input the following:
+1. On the **Enable IoT Edge** tile, select **Add**. This enables the IoT Edge service that lets you deploy IoT Edge modules locally on your device.
+
+ ![Get started with compute 2](./media/azure-stack-edge-deploy-configure-compute/configure-compute-2.png)
+
+1. On the **Create IoT Edge service** blade, input the following:
|Field |Value | |---------|---------|
+ |Subscription |Select a subscription for your IoT Hub resource. You can use the same subscription as that used by the Azure Stack Edge resource. |
+ |Resource group |Select a resource group for your IoT Hub resource. You can use the same resource group as that used by the Azure Stack Edge resource. |
|IoT Hub | Choose from **New** or **Existing**. <br> By default, a Standard tier (S1) is used to create an IoT resource. To use a free tier IoT resource, create one and then select the existing resource. <br> In each case, the IoT Hub resource uses the same subscription and resource group that is used by the Azure Stack Edge resource. | |Name |Enter a name for your IoT Hub resource. |
- ![Get started with compute 2](./media/azure-stack-edge-deploy-configure-compute/configure-compute-2.png)
-
-4. Select **Create**. The IoT Hub resource creation takes a couple minutes. After the IoT Hub resource is created, the **Configure compute** tile updates to show the compute configuration. To confirm that the Edge compute role has been configured, select **View Compute** on the **Configure compute** tile.
-
![Get started with compute 3](./media/azure-stack-edge-deploy-configure-compute/configure-compute-3.png)
- > [!NOTE]
- > If the **Configure Compute** dialog is closed before the IoT Hub is associated with the Azure Stack Edge Pro device, the IoT Hub gets created but is not shown in the compute configuration.
+4. Select **Review + Create**. The IoT Hub resource creation takes a couple minutes. After the IoT Hub resource is created, the **Overview** updates to indicate that the IoT Edge service is running.
+
+ ![Get started with compute 4](./media/azure-stack-edge-deploy-configure-compute/configure-compute-4.png)
- When the Edge compute role is set up on the Edge device, it creates two devices: an IoT device and an IoT Edge device. Both devices can be viewed in the IoT Hub resource. An IoT Edge Runtime is also running on this IoT Edge device. At this point, only the Linux platform is available for your IoT Edge device.
+ When the IoT Edge service is configured on the Edge device, it creates two devices: an IoT device and an IoT Edge device. Both devices can be viewed in the IoT Hub resource. An IoT Edge Runtime is also running on this IoT Edge device. At this point, only the Linux platform is available for your IoT Edge device.
+
+ To confirm that the Edge compute role has been configured, select **IoT Edge service > Properties** and view the IoT device and the IoT Edge device.
+ ![Get started with compute 5](./media/azure-stack-edge-deploy-configure-compute/configure-compute-5.png)
## Add shares
@@ -69,8 +74,8 @@ For the simple deployment in this tutorial, you'll need two shares: one Edge sha
1. Add an Edge share on the device by doing the following steps:
- 1. In your Azure Stack Edge resource, go to **Edge compute > Get started**.
- 2. On the **Add share(s)** tile, select **Add**.
+ 1. In your Azure Stack Edge resource, go to **IoT Edge > Shares**.
+ 2. From the command bar, select **+ Add share**.
3. On the **Add share** blade, provide the share name and select the share type. 4. To mount the Edge share, select the check box for **Use the share with Edge compute**. 5. Select the **Storage account**, **Storage service**, an existing user, and then select **Create**.
@@ -90,7 +95,7 @@ For the simple deployment in this tutorial, you'll need two shares: one Edge sha
![Add an Edge local share](./media/azure-stack-edge-deploy-configure-compute/add-edge-share-2.png)
-3. Select **Add share(s)** to see the updated list of shares.
+3. Go to the **IoT Edge > Shares** to see the updated list of shares.
![Updated list of shares](./media/azure-stack-edge-deploy-configure-compute/add-edge-share-3.png)
@@ -101,7 +106,7 @@ You could add a custom or a pre-built module. There are no custom modules on thi
In this section, you add a custom module to the IoT Edge device that you created in [Develop a C# module for your Azure Stack Edge Pro](azure-stack-edge-create-iot-edge-module.md). This custom module takes files from an Edge local share on the Edge device and moves them to an Edge (cloud) share on the device. The cloud share then pushes the files to the Azure storage account that's associated with the cloud share.
-1. Go to **Edge compute > Get started**. On the **Add modules** tile, select the scenario type as **simple**. Select **Add**.
+1. Go to **IoT Edge > Modules**. From the device command bar, select **+ Add module**.
2. In the **Configure and add module** blade, input the following values:
@@ -118,7 +123,7 @@ In this section, you add a custom module to the IoT Edge device that you created
![Add and configure module](./media/azure-stack-edge-deploy-configure-compute/add-module-1.png)
-3. Select **Add**. The module gets added. The **Add module** tile updates to indicate that the module is deployed.
+3. Select **Add**. The module gets added. The **IoT Edge > Overview** page updates to indicate that the module is deployed.
![Module deployed](./media/azure-stack-edge-deploy-configure-compute/add-module-2.png)
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-deploy-prep https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-deploy-prep.md
@@ -7,7 +7,7 @@ author: alkohli
ms.service: databox ms.subservice: edge ms.topic: tutorial
-ms.date: 11/11/2020
+ms.date: 01/06/2021
ms.author: alkohli Customer intent: As an IT admin, I need to understand how to prepare the portal to deploy Azure Stack Edge Pro so I can use it to transfer data to Azure. ---
@@ -145,11 +145,11 @@ After the order is placed, Microsoft reviews the order and reaches out to you (v
After the Azure Stack Edge resource is up and running, you'll need to get the activation key. This key is used to activate and connect your Azure Stack Edge Pro device with the resource. You can get this key now while you are in the Azure portal.
-1. Select the resource that you created. Select **Overview** and then select **Device setup**.
+1. Go to the resource that you created and select **Overview**. You'll see a notification to the effect that your order is being processed.
- ![Select Device setup](media/azure-stack-edge-deploy-prep/data-box-edge-select-devicesetup.png)
+ ![Select Overview](media/azure-stack-edge-deploy-prep/data-box-edge-select-devicesetup.png)
-2. On the **Activate** tile, select **Generate key** to create an activation key. Select the copy icon to copy the key and save it for later use.
+2. After the order is processed and the device is on your way, the **Overview** updates. Accept the default **Azure Key Vault name** or enter a new one. Select **Generate activation key**. Select the copy icon to copy the key and save it for later use.
![Get activation key](media/azure-stack-edge-deploy-prep/get-activation-key.png)
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-manage-compute https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-manage-compute.md
@@ -7,7 +7,7 @@ author: alkohli
ms.service: databox ms.subservice: edge ms.topic: how-to
-ms.date: 05/20/2019
+ms.date: 01/06/2021
ms.author: alkohli --- # Manage compute on your Azure Stack Edge Pro
@@ -33,7 +33,7 @@ Events are things that happen within your cloud environment or on your device th
Take the following steps in the Azure portal to create a trigger.
-1. In the Azure portal, go to your Azure Stack Edge resource and then go to **Edge compute > Trigger**. Select **+ Add trigger** on the command bar.
+1. In the Azure portal, go to your Azure Stack Edge resource and then go to **IoT Edge > Triggers**. Select **+ Add trigger** on the command bar.
![Select add trigger](media/azure-stack-edge-manage-compute/add-trigger-1.png)
@@ -63,15 +63,15 @@ Take the following steps in the Azure portal to delete a trigger.
1. From the list of triggers, select the trigger that you want to delete.
- ![Select trigger](media/azure-stack-edge-manage-compute/add-trigger-1.png)
+ ![Select trigger](media/azure-stack-edge-manage-compute/delete-trigger-1.png)
2. Right-click and then select **Delete**.
- ![Select delete](media/azure-stack-edge-manage-compute/add-trigger-1.png)
+ ![Select delete](media/azure-stack-edge-manage-compute/delete-trigger-2.png)
3. When prompted for confirmation, click **Yes**.
- ![Confirm delete](media/azure-stack-edge-manage-compute/add-trigger-1.png)
+ ![Confirm delete](media/azure-stack-edge-manage-compute/delete-trigger-3.png)
The list of triggers updates to reflect the deletion.
@@ -83,11 +83,11 @@ Use the Azure portal to view the compute configuration, remove an existing compu
Take the following steps in the Azure portal to view the compute configuration for your device.
-1. In the Azure portal, go to your Azure Stack Edge resource and then go to **Edge compute > Modules**. Select **View compute** on the command bar.
+1. In the Azure portal, go to your Azure Stack Edge resource and then go to **IoT Edge > Overview**.
![Select View compute](media/azure-stack-edge-manage-compute/view-compute-1.png)
-2. Make a note of the compute configuration on your device. When you configured compute, you created an IoT Hub resource. Under that IoT Hub resource, an IoT device and an IoT Edge device are configured. Only the Linux modules are supported to run on the IoT Edge device.
+2. Go to **Properties** page. Make a note of the compute configuration on your device. When you configured compute, you created an IoT Hub resource. Under that IoT Hub resource, an IoT device and an IoT Edge device are configured. Only the Linux modules are supported to run on the IoT Edge device.
![View configuration](media/azure-stack-edge-manage-compute/view-compute-2.png)
@@ -96,7 +96,7 @@ Take the following steps in the Azure portal to view the compute configuration f
Take the following steps in the Azure portal to remove the existing Edge compute configuration for your device.
-1. In the Azure portal, go to your Azure Stack Edge resource and then go to **Edge compute > Get started**. Select **Remove compute** on the command bar.
+1. In the Azure portal, go to your Azure Stack Edge resource and then go to **IoT Edge > Overview**. Select **Remove** on the command bar.
![Select Remove compute](media/azure-stack-edge-manage-compute/remove-compute-1.png)
@@ -114,7 +114,7 @@ If your IoT device and IoT Edge device keys have been rotated, then you need to
Take the following steps in the Azure portal to sync the access keys for your device.
-1. In the Azure portal, go to your Azure Stack Edge resource and then go to **Edge compute > Get started**. Select **Refresh configuration** on the command bar.
+1. In the Azure portal, go to your Azure Stack Edge resource and then go to **IoT Edge > Overview**. Select **Refresh configuration** on the command bar.
![Select Refresh configuration](media/azure-stack-edge-manage-compute/refresh-configuration-1.png)
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-replace-device https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-replace-device.md
@@ -7,7 +7,7 @@ author: alkohli
ms.service: databox ms.subservice: edge ms.topic: how-to
-ms.date: 07/20/2020
+ms.date: 01/07/2021
ms.author: alkohli ---
@@ -39,6 +39,9 @@ If your existing device has a hardware failure, open a Support ticket. Microsoft
## Create a resource for replacement device
+> [!NOTE]
+> Create a new resource for the activation of your replacement device. Activation of replacement device against an existing resource is not supported.
+ Follow these steps to create a resource. 1. Follow the steps in [Create a new resource](azure-stack-edge-deploy-prep.md#create-a-new-resource) to create a resource for the replacement device.
ddos-protection https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-partner-onboarding https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/ddos-protection/ddos-protection-partner-onboarding.md
@@ -89,4 +89,3 @@ The following steps are required for partners to configure integration with Azur
View existing partner integrations: - [Barracuda WAF-as-a-service](https://www.barracuda.com/waf-as-a-service)-- [Azure Cloud WAF from Radware](https://www.radware.com/resources/microsoft-azure/)\ No newline at end of file
dedicated-hsm https://docs.microsoft.com/en-us/azure/dedicated-hsm/quickstart-hsm-azure-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dedicated-hsm/quickstart-hsm-azure-cli.md new file mode 100644
@@ -0,0 +1,101 @@
+---
+title: 'Quickstart: Create Azure Dedicated HSM with the Azure CLI'
+description: Create, show, list, update, and delete Azure Dedicated HSMs by using the Azure CLI.
+services: dedicated-hsm
+author: msmbaldwin
+ms.author: mbaldwin
+ms.topic: quickstart
+ms.service: key-vault
+ms.devlang: azurecli
+ms.date: 01/06/2021
+ms.custom: devx-track-azurecli
+---
+
+# Quickstart: Create an Azure Dedicated HSM by using the Azure CLI
+
+This article describes how to create and manage an Azure Dedicated HSM by using the [az dedicated-hsm](/cli/azure/ext/hardware-security-modules/dedicated-hsm) Azure CLI extension.
+
+## Prerequisites
+
+- An Azure subscription. You can [create a free account](https://azure.microsoft.com/free/) if you don't have one.
+
+ If you have more than one Azure subscription, set the subscription to use for billing with the Azure CLI [az account set](/cli/azure/account#az_account_set) command.
+
+ ```azurecli-interactive
+ az account set --subscription 00000000-0000-0000-0000-000000000000
+ ```
+[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](../../includes/azure-cli-prepare-your-environment-no-header.md)]
+
+- All requirements met for a dedicated HSM, including registration, approval, and a virtual network and virtual machine to use for provisioning. For more information about dedicated HSM requirements and prerequisites, see [Tutorial: Deploying HSMs into an existing virtual network using the Azure CLI](tutorial-deploy-hsm-cli.md).
+
+
+## Create a resource group
+
+An [Azure resource group](../azure-resource-manager/management/overview.md) is a logical container for deploying and managing Azure resources as a group. If you don't already have a resource group for the dedicated HSM, create one by using the [az group create](/cli/azure/group#az_group_create) command. The following example creates a resource group named `myRG` in the `westus` Azure region:
+
+```azurecli-interactive
+az group create --name myRG --location westus
+```
+
+## Create a dedicated HSM
+
+To create a dedicated HSM, use the [az dedicated-hsm create](/cli/azure/ext/hardware-security-modules/dedicated-hsm#ext_hardware_security_modules_az_dedicated_hsm_create) command. The following example provisions a dedicated HSM named `hsm1` in the `westus` region, `myRG` resource group, and specified subscription, virtual network, and subnet. The required parameters are `name`, `location`, and `resource group`.
+
+```azurecli-interactive
+az dedicated-hsm create \
+ --resource-group myRG \
+ --name "hsm1" \
+ --location "westus" \
+ --network-profile-network-interfaces private-ip-address="1.0.0.1" \
+ --subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/MyHSM-vnet/subnets/MyHSM-vnet" \
+ --stamp-id "stamp1" \
+ --sku name="SafeNet Luna Network HSM A790" \
+ --tags resourceType="hsm" Environment="test" \
+ --zones "AZ1"
+```
+
+The deployment takes approximately 25 to 30 minutes to complete.
+
+## Get a dedicated HSM
+
+To get a current dedicated HSM, run the [az dedicated-hsm show](/cli/azure/ext/hardware-security-modules/dedicated-hsm#ext_hardware_security_modules_az_dedicated_hsm_show) command. The following example gets the `hsm1` dedicated HSM in the `myRG` resource group.
+
+```azurecli-interactive
+az dedicated-hsm show --resource-group myRG --name hsm1
+```
+
+## Update a dedicated HSM
+
+Use the [az dedicated-hsm update](/cli/azure/ext/hardware-security-modules/dedicated-hsm#ext_hardware_security_modules_az_dedicated_hsm_update) command to update a dedicated HSM. The following example updates the `hsm1` dedicated HSM in the `myRG` resource group, and its tags:
+
+```azurecli-interactive
+az dedicated-hsm update --resource-group myRG ΓÇô-name hsm1 --tags resourceType="hsm" Environment="prod" Slice="A"
+```
+
+## List dedicated HSMs
+
+Run the [az dedicated-hsm list](/cli/azure/ext/hardware-security-modules/dedicated-hsm#ext_hardware_security_modules_az_dedicated_hsm_list) command to get information about current dedicated HSMs. The following example lists the dedicated HSMs in the `myRG` resource group:
+
+```azurecli-interactive
+az dedicated-hsm list --resource-group myRG
+```
+
+## Remove a dedicated HSM
+
+To remove a dedicated HSM, use the [az dedicated-hsm delete](/cli/azure/ext/hardware-security-modules/dedicated-hsm#ext_hardware_security_modules_az_dedicated_hsm_delete) command. The following example deletes the `hsm1` dedicated HSM from the `myRG` resource group:
+
+```azurecli-interactive
+az dedicated-hsm delete --resource-group myRG ΓÇô-name hsm1
+```
+
+## Delete the resource group
+
+If you no longer need the resource group you created for dedicated HSM, you can delete it by running the [az group delete](/cli/azure/group#az_group_delete) command. This command deletes the group and all resources in it, including any that are unrelated to dedicated HSM. The following example deletes the `myRG` resource group and everything in it:
+
+```azurecli-interactive
+az group delete --name myRG
+```
+
+## Next steps
+
+To learn more about Azure Dedicated HSM, see [Azure Dedicated HSM](overview.md).
defender-for-iot https://docs.microsoft.com/en-us/azure/defender-for-iot/how-to-control-what-traffic-is-monitored https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/how-to-control-what-traffic-is-monitored.md
@@ -228,7 +228,7 @@ By using a test asset, verify that the settings you defined work properly:
3. Enter an address in **Lookup Address** for the **DNS reverse lookup test for server** dialog box.
- :::image type="content" source="media/how-to-enrich-asset-information/dns-reverse-looup-test-screen.png" alt-text="Screenshot that shows the Lookup Address area.":::
+ :::image type="content" source="media/how-to-enrich-asset-information/dns-reverse-lookup-test-screen.png" alt-text="Screenshot that shows the Lookup Address area.":::
4. Select **Test**.
defender-for-iot https://docs.microsoft.com/en-us/azure/defender-for-iot/how-to-create-and-manage-users https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/how-to-create-and-manage-users.md
@@ -219,8 +219,6 @@ To reset the password for a CyberX or Support user:
1. On the **Password recovery** screen, select **Upload**. **The Upload Password Recovery File** window will open.
- :::image type="content" source="media/password-recovery-images/upload.png" alt-text="Upload your recovery file to get a new password.":::
- 1. Select **Browse** to locate your `password_recovery.zip` file, or drag the `password_recovery.zip` to the window. > [!NOTE]
defender-for-iot https://docs.microsoft.com/en-us/azure/defender-for-iot/how-to-manage-individual-sensors https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/how-to-manage-individual-sensors.md
@@ -423,8 +423,6 @@ You can forward alerts to third parties to provide details about:
- Remote backup failures
-:::image type="content" source="media/how-to-work-with-system-notifications/image81.png" alt-text="Screenshot of the Management System Status Mail view.](media/image80.png) ![Screenshot of Management System Status Mail view":::
- This information is sent when you create a forwarding rule for system notifications. > [!NOTE]
defender-for-iot https://docs.microsoft.com/en-us/azure/defender-for-iot/how-to-set-up-high-availability https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/how-to-set-up-high-availability.md
@@ -46,7 +46,7 @@ The installation and configuration procedures are performed in four main stages:
3. Install a on-premises management console secondary appliance. For more information see, [About the Defender for IoT Installation](how-to-install-software.md).
-4. Pair the primary and secondary on-premises management console appliances as described [here](/create-the-primary-and-secondary-pair.md). The primary on-premises management console must manage at least two sensors in order to carry out the setup.
+4. Pair the primary and secondary on-premises management console appliances as described [here](https://infrascale.secure.force.com/pkb/articles/Support_Article/How-to-access-your-Appliance-Management-Console). The primary on-premises management console must manage at least two sensors in order to carry out the setup.
## High availability requirements
defender-for-iot https://docs.microsoft.com/en-us/azure/defender-for-iot/how-to-work-with-the-sensor-device-map https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/how-to-work-with-the-sensor-device-map.md
@@ -4,7 +4,7 @@ description: The Device Map provides a graphical representation of network devic
author: shhazam-ms manager: rkarlin ms.author: shhazam
-ms.date: 12/07/2020
+ms.date: 1/7/2021
ms.topic: how-to ms.service: azure ---
@@ -54,7 +54,7 @@ Each subnet is presented as a single entity on the device map, including an inte
The figure below shows a collapsed IT subnet with 27 IT network elements.
-:::image type="content" source="media/how-to-work-with-maps/shrunk-it-subnet.png" alt-text="collapsed IT subnet with 27 IT network elements":::
+:::image type="content" source="media/how-to-work-with-maps/shrunk-it-subnet-v2.png" alt-text="collapsed IT subnet with 27 IT network elements":::
To enable the IT networks collapsing capability:
@@ -115,7 +115,7 @@ The following predefined groups are available:
| Group name | Description | |--|--|
-| **Known applications or non-standrad ports (default)** | Devices that use reserved ports, such as TCP. Devices that use non-standard ports or ports that have not been assigned an alias. |
+| **Known applications or non-standard ports (default)** | Devices that use reserved ports, such as TCP. Devices that use non-standard ports or ports that have not been assigned an alias. |
| **OT protocols (default)** | Devices that handle the OT traffic. | | **Authorization (default)** | Devices that were discovered in the network during the learning process or were officially added to the network | | **Device inventory filters** | Devices grouped according to the filters save in the Device Inventory table. |
@@ -221,7 +221,7 @@ The device type icon is shown with connected devices.
The detailed view presents devices and device labels and indicators with the following information:
-:::image type="content" source="media/how-to-work-with-maps/device-map.png" alt-text="Detailed view":::
+:::image type="content" source="media/how-to-work-with-maps/device-map-v2.png" alt-text="Detailed view":::
### Control the zoom view
@@ -231,7 +231,7 @@ The map view displayed depends on the map zoom-level. Switching between the map
### Enable simplified zoom views
-Administrators who want security analysts and RO users to access BridΓÇÖs-eye and device and type connection views, should enable the simplified view option.
+Administrators who want security analysts and RO users to access BirdΓÇÖs-eye and device and type connection views, should enable the simplified view option.
To enable simplified map views:
defender-for-iot https://docs.microsoft.com/en-us/azure/defender-for-iot/references-horizon-api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/references-horizon-api.md
@@ -4,7 +4,7 @@ description: This guide describes commonly used Horizon methods.
author: shhazam-ms manager: rkarlin ms.author: shhazam
-ms.date: 11/19/2020
+ms.date: 1/7/2020
ms.topic: article ms.service: azure ---
@@ -19,7 +19,7 @@ For more information about working with Horizon and the CyberX Platform, refer t
- For the Horizon Open Development Environment (ODE) SDK, contact your CyberX representative. - For support and troubleshooting information, contact <support@cyberx-labs.com>.-- To access the Cyberx User Guide from CyberX Console, select :::image type="icon" source="media/references-horizon-api//image3.png"::: and then select **Download User Guide**.
+- To access the Cyberx User Guide from CyberX Console, select :::image type="icon" source="media/references-horizon-api/profile-icon.png"::: and then select **Download User Guide**.
## `horizon::protocol::BaseParser`
dms https://docs.microsoft.com/en-us/azure/dms/faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dms/faq.md
@@ -46,6 +46,9 @@ Azure Database Migration Service is the preferred method for database migration
**Q. How does Azure Database Migration Service compare to the Azure Migrate offering?** Azure Migrate assists with migration of on-premises virtual machines to Azure IaaS. The service assesses migration suitability and performance-based sizing, and it provides cost estimates for running your on-premises virtual machines in Azure. Azure Migrate is useful for lift-and-shift migrations of on-premises VM-based workloads to Azure IaaS VMs. However, unlike Azure Database Migration Service, Azure Migrate isnΓÇÖt a specialized database migration service offering for Azure PaaS relational database platforms such as Azure SQL Database or Azure SQL Managed Instance.
+**Q. Does Database Migration Service store customer data?**
+No. Database Migration Service does not store customer data.
+ ## Setup **Q. What are the prerequisites for using Azure Database Migration Service?**
@@ -114,4 +117,4 @@ You can do a few things to speed up your database migration using the service:
## Next steps
-For an overview of the Azure Database Migration Service and regional availability, see the article [What is the Azure Database Migration Service](dms-overview.md).
\ No newline at end of file
+For an overview of the Azure Database Migration Service and regional availability, see the article [What is the Azure Database Migration Service](dms-overview.md).
event-grid https://docs.microsoft.com/en-us/azure/event-grid/security-authentication https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/security-authentication.md
@@ -2,7 +2,7 @@
title: Authenticate event delivery to event handlers (Azure Event Grid) description: This article describes different ways of authenticating delivery to event handlers in Azure Event Grid. ms.topic: conceptual
-ms.date: 07/07/2020
+ms.date: 01/07/2021
--- # Authenticate event delivery to event handlers (Azure Event Grid)
@@ -37,6 +37,9 @@ For more information on delivering events to webhooks, see [Webhook event delive
> [!IMPORTANT] Azure Event Grid only supports **HTTPS** webhook endpoints.
+## Endpoint validation with CloudEvents v1.0
+If you're already familiar with Event Grid, you might be aware of the endpoint validation handshake for preventing abuse. CloudEvents v1.0 implements its own [abuse protection semantics](webhook-event-delivery.md) by using the **HTTP OPTIONS** method. To read more about it, see [HTTP 1.1 Web Hooks for event delivery - Version 1.0](https://github.com/cloudevents/spec/blob/v1.0/http-webhook.md#4-abuse-protection). When you use the CloudEvents schema for output, Event Grid uses the CloudEvents v1.0 abuse protection in place of the Event Grid validation event mechanism. For more information, see [Use CloudEvents v1.0 schema with Event Grid](cloudevents-schema.md).
+ ## Next steps See [Authenticate publishing clients](security-authenticate-publishing-clients.md) to learn about authenticating clients publishing events to topics or domains.
expressroute https://docs.microsoft.com/en-us/azure/expressroute/expressroute-config-samples-nat https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-config-samples-nat.md
@@ -6,20 +6,20 @@ author: duongau
ms.service: expressroute ms.topic: article
-ms.date: 12/06/2018
+ms.date: 01/07/2021
ms.author: duau --- # Router configuration samples to set up and manage NAT
-This page provides NAT configuration samples for Cisco ASA and Juniper SRX series routers when working with ExpressRoute. These are intended to be samples for guidance only and must not be used as is. You can work with your vendor to come up with appropriate configurations for your network.
+This article provides NAT configuration samples for Cisco ASA and Juniper SRX series routers when working with ExpressRoute. These router configurations are intended to be samples for guidance only and must not be used as is. You'll need to work with your vendor to come up with appropriate configurations for your network.
> [!IMPORTANT] > Samples in this page are intended to be purely for guidance. You must work with your vendor's sales / technical team and your networking team to come up with appropriate configurations to meet your needs. Microsoft will not support issues related to configurations listed in this page. You must contact your device vendor for support issues. > >
-* Router configuration samples below apply to Azure Public and Microsoft peerings. You must not configure NAT for Azure private peering. Review [ExpressRoute peerings](expressroute-circuit-peerings.md) and [ExpressRoute NAT requirements](expressroute-nat.md) for more details.
+* Router configuration samples below apply to Azure Public and Microsoft peerings. You don't configure NAT for Azure private peering. Review [ExpressRoute peerings](expressroute-circuit-peerings.md) and [ExpressRoute NAT requirements](expressroute-nat.md) for more details.
* You MUST use separate NAT IP pools for connectivity to the internet and ExpressRoute. Using the same NAT IP pool across the internet and ExpressRoute will result in asymmetric routing and loss of connectivity.
@@ -358,5 +358,5 @@ Refer to samples in [Routing configuration samples](expressroute-config-samples-
``` ## Next steps
-See the [ExpressRoute FAQ](expressroute-faqs.md) for more details.
+For more information, see [ExpressRoute FAQ](expressroute-faqs.md).
expressroute https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-howto-erdirect.md
@@ -6,7 +6,7 @@ author: duongau
ms.service: expressroute ms.topic: how-to
-ms.date: 09/28/2020
+ms.date: 12/14/2020
ms.author: duau ---
@@ -15,6 +15,15 @@ ms.author: duau
ExpressRoute Direct gives you the ability to directly connect to Microsoft's global network through peering locations strategically distributed across the world. For more information, see [About ExpressRoute Direct](expressroute-erdirect-about.md).
+## Before you begin
+
+Before using ExpressRoute Direct, you must first enroll your subscription. To enroll, send an Email to <ExpressRouteDirect@microsoft.com> with your subscription ID, including the following details:
+
+* Scenarios you're looking to accomplish with **ExpressRoute Direct**
+* Location preferences - see [Partners and peering locations](expressroute-locations-providers.md) for a complete list of all locations
+* Timeline for implementation
+* Any other questions
+ ## <a name="resources"></a>Create the resource 1. Sign in to Azure and select the subscription. The ExpressRoute Direct resource and ExpressRoute circuits must be in the same subscription.
expressroute https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-expressroute-direct-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-howto-expressroute-direct-cli.md
@@ -7,7 +7,7 @@ author: duongau
ms.service: expressroute ms.topic: how-to
-ms.date: 09/28/2020
+ms.date: 12/14/2020
ms.author: duau ms.custom: devx-track-azurecli
@@ -17,6 +17,15 @@ ms.custom: devx-track-azurecli
ExpressRoute Direct gives you the ability to directly connect to Microsoft's global network through peering locations strategically distributed across the world. For more information, see [About ExpressRoute Direct Connect](expressroute-erdirect-about.md).
+## Before you begin
+
+Before using ExpressRoute Direct, you must first enroll your subscription. To enroll, send an Email to <ExpressRouteDirect@microsoft.com> with your subscription ID, including the following details:
+
+* Scenarios you're looking to accomplish with **ExpressRoute Direct**
+* Location preferences - see [Partners and peering locations](expressroute-locations-providers.md) for a complete list of all locations
+* Timeline for implementation
+* Any other questions
+ ## <a name="resources"></a>Create the resource 1. Sign in to Azure and select the subscription that contains ExpressRoute. The ExpressRoute Direct resource and your ExpressRoute circuits must be in the same subscription. In the Azure CLI, run the following commands:
expressroute https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-ipsec-transport-private-windows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-howto-ipsec-transport-private-windows.md
@@ -6,18 +6,18 @@ author: duongau
ms.service: expressroute ms.topic: how-to
-ms.date: 10/17/2018
+ms.date: 01/07/2021
ms.author: duau ms.custom: seodec18 --- # Configure IPsec transport mode for ExpressRoute private peering
-This article helps you create IPsec tunnels in transport mode over ExpressRoute private peering between Azure VMs running Windows, and on-premises Windows hosts. The steps in this article create this configuration using group policy objects. While it is possible to create this configuration without using organizational units (OUs) and group policy objects (GPOs), the combination of OUs and GPOs will help simplify the control of your security policies and allows you to quickly scale up. The steps in this article assume that you already have an Active Directory configuration and that you are familiar with using OUs and GPOs.
+This article helps you create IPsec tunnels in transport mode over ExpressRoute private peering. The tunnel is created between Azure VMs running Windows and on-premises Windows hosts. The steps in this article for this configuration use group policy objects. While it's possible to create this configuration without using organizational units (OUs) and group policy objects (GPOs). The combination of OUs and GPOs will help simplify the control of your security policies and allows you to quickly scale up. The steps in this article assume you already have an Active Directory configuration and you're familiar with using OUs and GPOs.
## About this configuration
-The configuration in the following steps use a single Azure virtual network (VNet) with ExpressRoute private peering. However, this configuration can span more Azure VNets and on-premises networks. This article will help you define an IPsec encryption policy, and apply it to a group of Azure VMs and hosts on-premises that are part of the same OU. You configure encryption between the Azure VMs (vm1 and vm2), and the on-premises host1 only for HTTP traffic with destination port 8080. Different types of IPsec policy can be created based on your requirements.
+The configuration in the following steps uses a single Azure virtual network (VNet) with ExpressRoute private peering. However, this configuration can span over other Azure VNets and on-premises networks. This article will help you define an IPsec encryption policy that you can apply to a group of Azure VMs or on-premises hosts. These Azure VMs or on-premises hosts are part of the same OU. You configure encryption between the Azure VMs (vm1 and vm2), and the on-premises host1 only for HTTP traffic with destination port 8080. Different types of IPsec policy can be created based on your requirements.
### Working with OUs
@@ -45,7 +45,7 @@ When configuring IPsec policy, it's important to understand the following IPsec
* **IPsec policy:** A collection of rules. Only one policy can be active ("assigned") at any particular time. Each policy can have one or more rules, all of which can be active simultaneously. A computer can be assigned only one active IPsec policy at given time. However, within the IPsec policy, you can define multiple actions that may be taken in different situations. Each set of IPsec rules is associated with a filter list that affects the type of network traffic to which the rule applies.
-* **Filter lists:** Filter lists are bundle of one or more filters. One list can contain multiple filters. Filter defines if the communication is allowed, secured, or blocked, according to the IP address ranges, protocols, or even specific protocol ports. Each filter matches a particular set of conditions; for example, packets sent from a particular subnet to a particular computer on a specific destination port. When network conditions match one or more of those filters, the filter list is activated. Each filter is defined inside a specific filter list. Filters can't be shared between filter lists. However, a given filter list can be incorporated into several IPsec policies.
+* **Filter lists:** Filter lists are bundle of one or more filters. One list can contain multiple filters. A filter defines if the communication gets blocked, allowed, or secured based on the following criteria: IP address ranges, protocols, or even specific ports. Each filter matches a particular set of conditions; for example, packets sent from a particular subnet to a particular computer on a specific destination port. When network conditions match one or more of those filters, the filter list is activated. Each filter is defined inside a specific filter list. Filters can't be shared between filter lists. However, a given filter list can be incorporated into several IPsec policies.
* **Filter actions:** A security method defines a set of security algorithms, protocols, and key a computer offers during IKE negotiations. Filter actions are lists of security methods, ranked in order of preference. When a computer negotiates an IPsec session, it accepts or sends proposals based on the security setting stored in filter actions list.
@@ -73,9 +73,9 @@ Ensure that you meet the following prerequisites:
* Verify that the Azure Windows VMs are deployed to the VNet.
-* Verify that there is connectivity between the on-premises hosts and the Azure VMs.
+* Verify that there's connectivity between the on-premises hosts and the Azure VMs.
-* Verify that the Azure Windows VMs and the on-premises hosts are able to use DNS to properly resolve names.
+* Verify that the Azure Windows VMs and the on-premises hosts can use DNS to properly resolve names.
### Workflow
@@ -97,13 +97,13 @@ Ensure that you meet the following prerequisites:
## <a name="creategpo"></a>1. Create a GPO
-1. To create a new GPO linked to an OU, open the Group Policy Management snap-in and locate the OU to which the GPO will be linked. In the example, the OU is named **IPSecOU**.
+1. Create a new GPO linked to an OU by opening the Group Policy Management snap-in. Then locate the OU to which the GPO will be linked. In the example, the OU is named **IPSecOU**.
[![9]][9]
-2. In the Group Policy Management snap-in, select the OU, and right-click. In the dropdown, click "**Create a GPO in this domain, and Link it here…**".
+2. In the Group Policy Management snap-in, select the OU, and right-click. In the dropdown, select "**Create a GPO in this domain, and Link it here…**".
[![10]][10]
-3. Name the GPO an intuitive name so that you can easily locate it later. Click **OK** to create and link the GPO.
+3. Name the GPO an intuitive name so that you can easily locate it later. Select **OK** to create and link the GPO.
[![11]][11]
@@ -118,32 +118,32 @@ To apply the GPO to the OU, the GPO must not only be linked to the OU, but the l
## <a name="filteraction"></a>3. Define the IP filter action
-1. From the drop-down, right-click **IP Security Policy on Active Directory**, and then click **Manage IP filter lists and filter actions...**.
+1. From the drop-down, right-click **IP Security Policy on Active Directory**, and then select **Manage IP filter lists and filter actions...**.
[![15]][15]
-2. On the "**Manage filter Actions**" tab, click **Add**.
+2. On the "**Manage filter Actions**" tab, select **Add**.
[![16]][16]
-3. On the **IP Security Filter Action wizard**, click **Next**.
+3. On the **IP Security Filter Action wizard**, select **Next**.
[![17]][17]
-4. Name the filter action an intuitive name so that you can find it later. In this example, the filter action is named **myEncryption**. You can also add a description. Then, click **Next**.
+4. Name the filter action an intuitive name so that you can find it later. In this example, the filter action is named **myEncryption**. You can also add a description. Then, select **Next**.
[![18]][18]
-5. **Negotiate security** lets you define the behavior if IPsec can't be established with another computer. Select **Negotiate security**, then click **Next**.
+5. **Negotiate security** lets you define the behavior if IPsec can't be established with another computer. Select **Negotiate security**, then select **Next**.
[![19]][19]
-6. On the **Communicating with computers that do not support IPsec** page, select **Do not allow unsecured communication**, then click **Next**.
+6. On the **Communicating with computers that do not support IPsec** page, select **Do not allow unsecured communication**, then select **Next**.
[![20]][20]
-7. On the **IP Traffic and Security** page, select **Custom**, then click **Settings...**.
+7. On the **IP Traffic and Security** page, select **Custom**, then select **Settings...**.
[![21]][21]
-8. On the **Custom Security Method Settings** page, select **Data integrity and encryption (ESP): SHA1, 3DES**. Then, click **OK**.
+8. On the **Custom Security Method Settings** page, select **Data integrity and encryption (ESP): SHA1, 3DES**. Then, select **OK**.
[![22]][22]
-9. On the **Manage Filter Actions** page, you can see that the **myEncryption** filter was successfully added. Click **Close**.
+9. On the **Manage Filter Actions** page, you can see that the **myEncryption** filter was successfully added. Select **Close**.
[![23]][23]
@@ -151,28 +151,28 @@ To apply the GPO to the OU, the GPO must not only be linked to the OU, but the l
Create a filter list that specifies encrypted HTTP traffic with destination port 8080.
-1. To qualify which types of traffic must be encrypted, use an **IP filter list**. In the **Manage IP Filter Lists** tab, click **Add** to add a new IP filter list.
+1. To qualify which types of traffic must be encrypted, use an **IP filter list**. In the **Manage IP Filter Lists** tab, select **Add** to add a new IP filter list.
[![24]][24]
-2. In the **Name:** field, type a name for your IP filter list. For example, **azure-onpremises-HTTP8080**. Then, click **Add**.
+2. In the **Name:** field, type a name for your IP filter list. For example, **azure-onpremises-HTTP8080**. Then, select **Add**.
[![25]][25]
-3. On the **IP Filter Description and Mirrored property** page, select **Mirrored**. The mirrored setting matches packets going in both directions, which allows for two-way communication. Then click **Next**.
+3. On the **IP Filter Description and Mirrored property** page, select **Mirrored**. The mirrored setting matches packets going in both directions, which allows for two-way communication. Then select **Next**.
[![26]][26] 4. On the **IP Traffic Source** page, from the **Source address:** dropdown, choose **A specific IP Address or Subnet**. [![27]][27]
-5. Specify the source address **IP Address or Subnet:** of the IP traffic, then click **Next**.
+5. Specify the source address **IP Address or Subnet:** of the IP traffic, then select **Next**.
[![28]][28]
-6. Specify the **Destination address:** IP Address or Subnet. Then, click **Next**.
+6. Specify the **Destination address:** IP Address or Subnet. Then, select **Next**.
[![29]][29]
-7. On the **IP Protocol Type** page, select **TCP**. Then, click **Next**.
+7. On the **IP Protocol Type** page, select **TCP**. Then, select **Next**.
[![30]][30]
-8. On the **IP Protocol Port** page, select **From any port** and **To this port:**. Type **8080** in the text box. These settings specify only the HTTP traffic on destination port 8080 will be encrypted. Then, click **Next**.
+8. On the **IP Protocol Port** page, select **From any port** and **To this port:**. Type **8080** in the text box. These settings specify only the HTTP traffic on destination port 8080 will be encrypted. Then, select **Next**.
[![31]][31] 9. View the IP filter list. The configuration of the IP Filter List **azure-onpremises-HTTP8080** triggers encryption for all traffic that matches the following criteria:
@@ -186,12 +186,12 @@ Create a filter list that specifies encrypted HTTP traffic with destination port
## <a name="filterlist2"></a>5. Edit the IP filter list
-To encrypt the same type of traffic in opposite direction (from the on-premises host to the Azure VM) you need a second IP filter. The process of setting up of the new filter is the same process you used to set up the first IP filter. The only differences are the source subnet and destination subnet.
+To encrypt the same type of traffic from the on-premises host to the Azure VM, you need a second IP filter. Follow the same steps you used for setting up the first IP filter and create a new IP filter. The only differences are the source subnet and destination subnet.
1. To add a new IP filter to the IP Filter List, select **Edit**. [![33]][33]
-2. On the **IP Filter List** page, click **Add**.
+2. On the **IP Filter List** page, select **Add**.
[![34]][34] 3. Create a second IP filter using the settings in the following example:
@@ -201,7 +201,7 @@ To encrypt the same type of traffic in opposite direction (from the on-premises
[![36]][36]
-If encryption is required between an on-premises location and an Azure subnet to protect an application, instead of modifying the existing IP filter list, you can add a new IP filter list instead. Associating 2 IP filter lists to the same IPsec policy provides better flexibility because a specific IP filter list can be modified or removed at any time without impacting the other IP filter lists.
+If encryption is required between an on-premises location and an Azure subnet to protect an application. Instead of modifying the existing IP filter list, you can add a new IP filter list. Associating two or more IP filters lists to the same IPsec policy will provide you with more flexibility. You can modify or remove an IP filter list without affecting the other IP filter lists.
## <a name="ipsecpolicy"></a>6. Create an IPsec security policy
@@ -210,13 +210,13 @@ Create an IPsec policy with security rules.
1. Select the **IPSecurity Policies on Active directory** that is associated with the OU. Right-click, and select **Create IP Security Policy**. [![37]][37]
-2. Name the security policy. For example, **policy-azure-onpremises**. Then, click **Next**.
+2. Name the security policy. For example, **policy-azure-onpremises**. Then, select **Next**.
[![38]][38]
-3. Click **Next** without selecting the checkbox.
+3. Select **Next** without selecting the checkbox.
[![39]][39]
-4. Verify that the **Edit properties** checkbox is selected, and then click **Finish**.
+4. Verify that the **Edit properties** checkbox is selected, and then select **Finish**.
[![40]][40]
@@ -224,10 +224,10 @@ Create an IPsec policy with security rules.
Add to the IPsec policy the **IP Filter List** and **Filter Action** that you previously configured.
-1. On the HTTP policy Properties **Rules** tab, click **Add**.
+1. On the HTTP policy Properties **Rules** tab, select **Add**.
[![41]][41]
-2. On the Welcome page, click **Next**.
+2. On the Welcome page, select **Next**.
[![42]][42] 3. A rule provides the option to define the IPsec mode: tunnel mode or transport mode.
@@ -236,26 +236,26 @@ Add to the IPsec policy the **IP Filter List** and **Filter Action** that you pr
* Transport mode encrypts only the payload and ESP trailer; the IP header of the original packet isn't encrypted. In transport mode, the IP source and IP destination of the packets are unchanged.
- Select **This rule does not specify a tunnel**, and then click **Next**.
+ Select **This rule does not specify a tunnel**, and then select **Next**.
[![43]][43]
-4. **Network Type** defines which network connection associates with the security policy. Select **All network connections**, and then click **Next**.
+4. **Network Type** defines which network connection associates with the security policy. Select **All network connections**, and then select **Next**.
[![44]][44]
-5. Select the IP filter list that you created previously, **azure-onpremises-HTTP8080**, and then click **Next**.
+5. Select the IP filter list that you created previously, **azure-onpremises-HTTP8080**, and then select **Next**.
[![45]][45] 6. Select the existing Filter Action **myEncryption** that you created previously. [![46]][46]
-7. Windows supports four distinct types of authentications: Kerberos, certificates, NTLMv2, and pre-shared key. Because we are working with domain-joined hosts, select **Active Directory default (Kerberos V5 protocol)**, and then click **Next**.
+7. Windows supports four distinct types of authentications: Kerberos, certificates, NTLMv2, and pre-shared key. Since we're working with domain-joined hosts, select **Active Directory default (Kerberos V5 protocol)**, and then select **Next**.
[![47]][47]
-8. The new policy creates the security rule: **azure-onpremises-HTTP8080**. Click **OK**.
+8. The new policy creates the security rule: **azure-onpremises-HTTP8080**. Select **OK**.
[![48]][48]
-The IPsec policy requires all HTTP connections on the destination port 8080 to use IPsec transport mode. Because HTTP is a clear text protocol, having the security policy enabled ensures data is encrypted when is transferred through the ExpressRoute private peering. IP Security policy for Active Directory is more complex to configure than Windows Firewall with Advanced Security, but it does allow for more customization of the IPsec connection.
+The IPsec policy requires all HTTP connections on the destination port 8080 to use IPsec transport mode. Since HTTP is a clear text protocol, having the security policy enabled, ensures data is encrypted when being transferred through the ExpressRoute private peering. IPsec policy for Active Directory is more complex to configure than Windows Firewall with Advanced Security. However, it allows for more customization of the IPsec connection.
## <a name="assigngpo"></a>8. Assign the IPsec GPO to the OU
@@ -271,7 +271,7 @@ The IPsec policy requires all HTTP connections on the destination port 8080 to u
To check out the encryption GPO applied on the OU, install IIS on all Azure VMs and in the host1. Every IIS is customized to answer to HTTP requests on port 8080. To verify encryption, you can install a network sniffer (like Wireshark) in all computers in the OU.
-A powershell script works as an HTTP client to generate HTTP requests on port 8080:
+A PowerShell script works as an HTTP client to generate HTTP requests on port 8080:
```powershell $url = "http://10.0.1.20:8080"
@@ -306,7 +306,7 @@ The following network capture shows the results for on-premises host1 with displ
[![51]][51]
-If you run the powershell script on-premisies (HTTP client), the network capture in the Azure VM shows a similar trace.
+If you run the PowerShell script on-premises (HTTP client), the network capture in the Azure VM shows a similar trace.
## Next steps
expressroute https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-routing-portal-resource-manager https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-howto-routing-portal-resource-manager.md
@@ -6,7 +6,7 @@ author: duongau
ms.service: expressroute ms.topic: tutorial
-ms.date: 10/26/2020
+ms.date: 01/07/2021
ms.author: duau
expressroute https://docs.microsoft.com/en-us/azure/expressroute/expressroute-locations-providers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-locations-providers.md
@@ -119,7 +119,7 @@ The following table shows connectivity locations and the service providers for e
| **Oslo** | [DigiPlex Ulven](https://www.digiplex.com/locations/oslo-datacentre) | 1 | Norway East | 10G, 100G | GlobalConnect, Megaport, Telenor, Telia Carrier | | **Paris** | [Interxion PAR5](https://www.interxion.com/Locations/paris/) | 1 | France Central | 10G, 100G | British Telecom, CenturyLink Cloud Connect, Colt, Equinix, Intercloud, Interxion, Jaguar Network, Orange, Telia Carrier, Zayo | | **Perth** | [NextDC P1](https://www.nextdc.com/data-centres/p1-perth-data-centre) | 2 | n/a | 10G | Megaport, NextDC |
-| **Phoenix** | [EdgeConneX PHX01](https://www.edgeconnex.com/locations/north-america/phoenix-az/) | 1 | n/a | 10G | |
+| **Phoenix** | [EdgeConneX PHX01](https://www.edgeconnex.com/locations/north-america/phoenix-az/) | 1 | n/a | 10G, 100G | |
| **Quebec City** | [Vantage](https://vantage-dc.com/data_centers/quebec-city-data-center-campus/) | 1 | Canada East | n/a | Bell Canada, Megaport | | **Queretaro (Mexico)** | [KIO Networks QR01](https://www.kionetworks.com/es-mx/) | 4 | n/a | 10G | Transtelco| | **Quincy** | [Sabey Datacenter - Building A](https://sabeydatacenters.com/data-center-locations/central-washington-data-centers/quincy-data-center) | 1 | West US 2 | 10G, 100G | |
expressroute https://docs.microsoft.com/en-us/azure/expressroute/how-to-expressroute-direct-portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/how-to-expressroute-direct-portal.md
@@ -6,7 +6,7 @@ author: duongau
ms.service: expressroute ms.topic: how-to
-ms.date: 09/29/2020
+ms.date: 12/14/2020
ms.author: duau ---
@@ -18,7 +18,14 @@ ExpressRoute Direct lets you connect directly into MicrosoftΓÇÖs global network
## <a name="before"></a>Before you begin
-Verify that the **Microsoft.Network** resource provider is registered to your subscription. Registering a resource provider configures your subscription to work with the resource provider.
+Before using ExpressRoute Direct, you must first enroll your subscription. To enroll, send an Email to <ExpressRouteDirect@microsoft.com> with your subscription ID, including the following details:
+
+* Scenarios you're looking to accomplish with **ExpressRoute Direct**
+* Location preferences - see [Partners and peering locations](expressroute-locations-providers.md) for a complete list of all locations
+* Timeline for implementation
+* Any other questions
+
+Once enrolled, verify that the **Microsoft.Network** resource provider is registered to your subscription. Registering a resource provider configures your subscription to work with the resource provider.
1. Access your subscription settings as described in [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md). 1. In your subscription, for **Resource Providers**, verify that the **Microsoft.Network** provider shows a **Registered** status. If the Microsoft.Network resource provider is not present in the list of registered providers, add it.
expressroute https://docs.microsoft.com/en-us/azure/expressroute/reset-circuit https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/reset-circuit.md
@@ -6,14 +6,14 @@ author: duongau
ms.service: expressroute ms.topic: how-to
-ms.date: 11/28/2018
+ms.date: 01/07/2021
ms.author: duau ms.custom: seodec18 --- # Reset a failed ExpressRoute circuit
-When an operation on an ExpressRoute circuit does not complete successfully, the circuit may go into a 'failed' state. This article helps you reset a failed Azure ExpressRoute circuit.
+When an operation on an ExpressRoute circuit doesn't complete successfully, the circuit may go into a 'failed' state. This article will help you reset a failed Azure ExpressRoute circuit.
[!INCLUDE [updated-for-az](../../includes/hybrid-az-ps.md)]
@@ -48,4 +48,4 @@ The circuit should now be healthy. Open a support ticket with [Microsoft support
## Next steps
-Open a support ticket with [Microsoft support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade) if you are still experiencing issues.
+Open a support ticket with [Microsoft support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade) if you're still experiencing issues.
hdinsight https://docs.microsoft.com/en-us/azure/hdinsight/hdinsight-for-vscode https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/hdinsight/hdinsight-for-vscode.md
@@ -264,7 +264,7 @@ The tool also supports the **Spark SQL** query:
> [!NOTE] >
-> ["Ms-python >=2020.5.78807 version is not supported on this extention"](#issues-changed) has been resolved. The latest ms-python version can be used for now.
+> ["Ms-python >=2020.5.78807 version is not supported on this extension"](#issues-changed) has been resolved. Please update the **ms-python** to the **latest version** now.
## Submit PySpark batch job
@@ -487,7 +487,7 @@ From the menu bar, go to **View** > **Command Palette**, and then enter **Azure:
## Issues Changed
-For this issue "ms-python >=2020.5.78807 version is not supported on this extention" has been resolved, the **latest ms-python version** can be used for now.
+For this issue "ms-python >=2020.5.78807 version is not supported on this extension" has been resolved, please update the **ms-python** to the **latest version** now.
## Next steps
iot-central https://docs.microsoft.com/en-us/azure/iot-central/core/concepts-telemetry-properties-commands https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-central/core/concepts-telemetry-properties-commands.md
@@ -716,7 +716,7 @@ IoT Central expects a response from the device to writeable property updates. Th
| ----- | ----- | ----------- | | `'ac': 200` | Completed | The property change operation was successfully completed. | | `'ac': 202` or `'ac': 201` | Pending | The property change operation is pending or in progress |
-| `'ac': 4xx` | Error | The requested property change was not valid or had an error |
+| `'ac': 4xx` | Error | The requested property change wasn't valid or had an error |
| `'ac': 5xx` | Error | The device experienced an unexpected error when processing the requested change. | `av` is the version number sent to the device.
@@ -824,9 +824,6 @@ The device should send the following JSON payload to IoT Central after it proces
## Commands
-> [!NOTE]
-> In the IoT Central web UI, you can select the **Queue if offline** option for a command. This setting isn't included if you export a model or interface from the device template.
- The following snippet from a device model shows the definition of a command that has no parameters and that doesn't expect the device to return anything: ```json
@@ -995,6 +992,91 @@ When the device has finished processing the request, it should send a property t
} ```
+### Offline commands
+
+In the IoT Central web UI, you can select the **Queue if offline** option for a command. Offline commands are one-way notifications to the device from your solution that are delivered as soon as a device connects. Offline commands can have request parameters but don't return a response.
+
+The **Queue if offline** setting isn't included if you export a model or interface from the device template. You can't tell by looking at an exported model or interface JSON that a command is an offline command.
+
+Offline commands use [IoT Hub cloud-to-device messages](../../iot-hub/iot-hub-devguide-messages-c2d.md) to send the command and payload to the device.
+
+The following snippet from a device model shows the definition of a command. The command has an object parameter with a datetime field and an enumeration:
+
+```json
+{
+ "@type": "Command",
+ "displayName": {
+ "en": "Generate Diagnostics"
+ },
+ "name": "GenerateDiagnostics",
+ "request": {
+ "@type": "CommandPayload",
+ "displayName": {
+ "en": "Payload"
+ },
+ "name": "Payload",
+ "schema": {
+ "@type": "Object",
+ "displayName": {
+ "en": "Object"
+ },
+ "fields": [
+ {
+ "displayName": {
+ "en": "StartTime"
+ },
+ "name": "StartTime",
+ "schema": "dateTime"
+ },
+ {
+ "displayName": {
+ "en": "Bank"
+ },
+ "name": "Bank",
+ "schema": {
+ "@type": "Enum",
+ "displayName": {
+ "en": "Enum"
+ },
+ "enumValues": [
+ {
+ "displayName": {
+ "en": "Bank 1"
+ },
+ "enumValue": 1,
+ "name": "Bank1"
+ },
+ {
+ "displayName": {
+ "en": "Bank2"
+ },
+ "enumValue": 2,
+ "name": "Bank2"
+ },
+ {
+ "displayName": {
+ "en": "Bank3"
+ },
+ "enumValue": 2,
+ "name": "Bank3"
+ }
+ ],
+ "valueSchema": "integer"
+ }
+ }
+ ]
+ }
+ }
+}
+```
+
+If you enable the **Queue if offline** option in the device template UI for the command in the previous snippet, then the message the device receives includes the following properties:
+
+| Property name | Example value |
+| ---------- | ----- |
+| `custom_properties` | `{'method-name': 'GenerateDiagnostics'}` |
+| `data` | `{"StartTime":"2021-01-05T08:00:00.000Z","Bank":2}` |
+ ## Next steps
-As a device developer, now that you"ve learned about device templates, a suggested next steps is to read [Get connected to Azure IoT Central](./concepts-get-connected.md) to learn more about how to register devices with IoT Central and how IoT Central secures device connections.
+As a device developer, now that you've learned about device templates, a suggested next steps is to read [Get connected to Azure IoT Central](./concepts-get-connected.md) to learn more about how to register devices with IoT Central and how IoT Central secures device connections.
key-vault https://docs.microsoft.com/en-us/azure/key-vault/keys/quick-create-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/key-vault/keys/quick-create-cli.md
@@ -55,7 +55,7 @@ At this point, your Azure account is the only one authorized to perform any oper
To add a key to the vault, you just need to take a couple of additional steps. This key could be used by an application.
-Type the commands below to create a called **ExampleKey** :
+Type the commands below to create a key called **ExampleKey** :
```azurecli az keyvault key create --vault-name "Contoso-Vault2" -n ExampleKey --protection software
key-vault https://docs.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/key-vault/secrets/tutorial-rotation.md
@@ -241,7 +241,7 @@ The web app requires these components:
Go to the deployed application URL:
-https://akvrotation-app.azurewebsites.net/
+'https://akvrotation-app.azurewebsites.net/'
When the application opens in the browser, you will see the **Generated Secret Value** and a **Database Connected** value of *true*.
logic-apps https://docs.microsoft.com/en-us/azure/logic-apps/concepts-schedule-automated-recurring-tasks-workflows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md
@@ -3,9 +3,9 @@ title: Scheduling recurring tasks and workflows in Azure Logic Apps
description: An overview about scheduling recurring automated tasks, processes, and workflows with Azure Logic Apps services: logic-apps ms.suite: integration
-ms.reviewer: deli, jonfan, logicappspm
+ms.reviewer: estfan, logicappspm, azla
ms.topic: conceptual
-ms.date: 03/25/2020
+ms.date: 01/07/2021
--- # Schedule and run recurring automated tasks, processes, and workflows with Azure Logic Apps
@@ -43,13 +43,34 @@ This article describes the capabilities for the Schedule built-in triggers and a
## Schedule triggers
-You can start your logic app workflow by using the Recurrence trigger or Sliding Window trigger, which isn't associated with any specific service or system. These triggers start and run your workflow based on your specified recurrence where you select the interval and frequency, such as the number of seconds, minutes, hours, days, weeks, or months. You can also set the start date and time as well as the time zone. Each time that a trigger fires, Logic Apps creates and runs a new workflow instance for your logic app.
+You can start your logic app workflow by using the Recurrence trigger or Sliding Window trigger, which isn't associated with any specific service or system. These triggers start and run your workflow based on your specified recurrence where you select the interval and frequency, such as the number of seconds, minutes, hours, days, weeks, or months. You can also set the start date and time along with the time zone. Each time that a trigger fires, Logic Apps creates and runs a new workflow instance for your logic app.
Here are the differences between these triggers:
-* **Recurrence**: Runs your workflow at regular time intervals based on your specified schedule. If recurrences are missed, for example, due to disruptions or disabled workflows, the Recurrence trigger doesn't process the missed recurrences but restarts recurrences with the next scheduled interval. You can specify a start date and time as well as the time zone. If you select "Day", you can specify hours of the day and minutes of the hour, for example, every day at 2:30. If you select "Week", you can also select days of the week, such as Wednesday and Saturday. For more information, see [Create, schedule, and run recurring tasks and workflows with the Recurrence trigger](../connectors/connectors-native-recurrence.md).
+* **Recurrence**: Runs your workflow at regular time intervals based on your specified schedule. If the trigger misses recurrences, for example, due to disruptions or disabled workflows, the Recurrence trigger doesn't process the missed recurrences but restarts recurrences with the next scheduled interval.
-* **Sliding Window**: Runs your workflow at regular time intervals that handle data in continuous chunks. If recurrences are missed, for example, due to disruptions or disabled workflows, the Sliding Window trigger goes back and processes the missed recurrences. You can specify a start date and time, time zone, and a duration to delay each recurrence in your workflow. This trigger doesn't support advanced schedules, for example, specific hours of the day, minutes of the hour, and days of the week. For more information, see [Create, schedule, and run recurring tasks and workflows with the Sliding Window trigger](../connectors/connectors-native-sliding-window.md).
+ If you select **Day** as the frequency, you can specify the hours of the day and minutes of the hour, for example, every day at 2:30. If you select **Week** as the frequency, you can also select days of the week, such as Wednesday and Saturday. You can also specify a start date and time along with a time zone for your recurrence schedule.
+
+ > [!TIP]
+ > If a recurrence doesn't specify a specific [start date and time](#start-time), the first recurrence runs immediately
+ > when you save or deploy the logic app, despite your trigger's recurrence setup. To avoid this behavior, provide a start
+ > date and time for when you want the first recurrence to run.
+ >
+ > If a recurrence doesn't specify any other advanced scheduling options such as specific times to run future recurrences,
+ > those recurrences are based on the last run time. As a result, the start times for those recurrences might drift due to
+ > factors such as latency during storage calls. To make sure that your logic app doesn't miss a recurrence, especially when
+ > the frequency is in days or longer, try these options:
+ >
+ > * Provide a start date and time for the recurrence plus the specific times when to run subsequent recurrences by using the properties
+ > named **At these hours** and **At these minutes**, which are available only for the **Day** and **Week** frequencies.
+ >
+ > * Use the [Sliding Window trigger](../connectors/connectors-native-sliding-window.md), rather than the Recurrence trigger.
+
+ For more information, see [Create, schedule, and run recurring tasks and workflows with the Recurrence trigger](../connectors/connectors-native-recurrence.md).
+
+* **Sliding Window**: Runs your workflow at regular time intervals that handle data in continuous chunks. If the trigger misses recurrences, for example, due to disruptions or disabled workflows, the Sliding Window trigger goes back and processes the missed recurrences.
+
+ You can specify a start date and time, time zone, and a duration to delay each recurrence in your workflow. This trigger doesn't support advanced schedules, for example, specific hours of the day, minutes of the hour, and days of the week. For more information, see [Create, schedule, and run recurring tasks and workflows with the Sliding Window trigger](../connectors/connectors-native-sliding-window.md).
<a name="schedule-actions"></a>
@@ -61,33 +82,19 @@ After any action in your logic app workflow, you can use the Delay and Delay Unt
* **Delay until**: Wait to run the next action until the specified date and time. For more information, see [Delay the next action in workflows](../connectors/connectors-native-delay.md).
-## Patterns for start date and time
- <a name="start-time"></a>
+## Patterns for start date and time
+ Here are some patterns that show how you can control recurrence with the start date and time, and how the Logic Apps service runs these recurrences: | Start time | Recurrence without schedule | Recurrence with schedule (Recurrence trigger only) | |------------|-----------------------------|----------------------------------------------------| | {none} | Runs the first workload instantly. <p>Runs future workloads based on the last run time. | Runs the first workload instantly. <p>Runs future workloads based on the specified schedule. |
-| Start time in the past | **Recurrence** trigger: Calculates run times based on the specified start time and discards past run times. Runs the first workload at the next future run time. <p>Runs future workloads based on calculations from the last run time. <p><p>**Sliding Window** trigger: Calculates run times based on the specified start time and honors past run times. <p>Runs future workloads based on calculations from the specified start time. <p><p>For more explanation, see the example following this table. | Runs the first workload *no sooner* than the start time, based on the schedule calculated from the start time. <p>Runs future workloads based on the specified schedule. <p>**Note:** If you specify a recurrence with a schedule, but don't specify hours or minutes for the schedule, then future run times are calculated using the hours or minutes, respectively, from the first run time. |
-| Start time at present or in the future | Runs the first workload at the specified start time. <p>Runs future workloads based on calculations from the last run time. | Runs the first workload *no sooner* than the start time, based on the schedule calculated from the start time. <p>Runs future workloads based on the specified schedule. <p>**Note:** If you specify a recurrence with a schedule, but don't specify hours or minutes for the schedule, then future run times are calculated using the hours or minutes, respectively, from the first run time. |
+| Start time in the past | **Recurrence** trigger: Calculates run times based on the specified start time and discards past run times. Runs the first workload at the next future run time. <p>Runs future workloads based on calculations from the last run time. <p><p>**Sliding Window** trigger: Calculates run times based on the specified start time and honors past run times. <p>Runs future workloads based on calculations from the specified start time. <p><p>For more explanation, see the example following this table. | Runs the first workload *no sooner* than the start time, based on the schedule calculated from the start time. <p>Runs future workloads based on the specified schedule. <p>**Note:** If you specify a recurrence with a schedule, but don't specify hours or minutes for the schedule, Logic Apps calculates future run times by using the hours or minutes, respectively, from the first run time. |
+| Start time now or in the future | Runs the first workload at the specified start time. <p>Runs future workloads based on calculations from the last run time. | Runs the first workload *no sooner* than the start time, based on the schedule calculated from the start time. <p>Runs future workloads based on the specified schedule. <p>**Note:** If you specify a recurrence with a schedule, but don't specify hours or minutes for the schedule, Logic Apps calculates future run times by using the hours or minutes, respectively, from the first run time. |
||||
-> [!IMPORTANT]
-> When recurrences don't specify advanced scheduling options, future recurrences are based on the last run time.
-> The start times for these recurrences might drift due to factors such as latency during storage calls.
-> To make sure that your logic app doesn't miss a recurrence, especially when the frequency is in days or longer,
-> use one of these options:
->
-> * Provide a start time for the recurrence.
->
-> * Specify the hours and minutes for when to run the recurrence by using the
-> **At these hours** and **At these minutes** properties.
->
-> * Use the [Sliding Window trigger](../connectors/connectors-native-sliding-window.md),
-> rather than the Recurrence trigger.
- *Example for past start time and recurrence but no schedule* Suppose the current date and time is September 8, 2017 at 1:00 PM. You specify the start date and time as September 7, 2017 at 2:00 PM, which is in the past, and a recurrence that runs every two days.
@@ -119,6 +126,83 @@ Here's how this recurrence looks:
So, no matter how far in the past you specify the start time, for example, 2017-09-**05** at 2:00 PM or 2017-09-**01** at 2:00 PM, your first run always uses the specified start time.
+<a name="daylight-saving-standard-time"></a>
+
+## Recurrence for daylight saving time and standard time
+
+Recurring built-in triggers honor the schedule that you set, including any time zone that you specify. If you don't select a time zone, daylight saving time (DST) might affect when triggers run, for example, shifting the start time one hour forward when DST starts and one hour backward when DST ends. When scheduling jobs, Logic Apps puts the message for processing into the queue and specifies when that message becomes available, based on the UTC time when the last job ran and the UTC time when the next job is scheduled to run.
+
+To avoid this shift so that your logic app runs at your specified start time, make sure that you select a time zone. That way, the UTC time for your logic app also shifts to counter the seasonal time change.
+
+<a name="dst-window"></a>
+
+> [!NOTE]
+> Triggers that start between 2:00 AM - 3:00 AM might have problems because DST changes happen at 2:00 AM, which might
+> cause the start time to become invalid or ambiguous. If you have multiple logic apps within the same ambiguous interval,
+> they might overlap. For this reason, you might want to avoid start times between 2:00 AM - 3:00 AM.
+
+For example, suppose that you have two logic apps that run daily. One logic app runs at 1:30 AM local time, while the other runs an hour later at 2:30 AM local time. What happens to the starting times for these apps when DST starts and ends?
+
+* Do the triggers run at all when the time shifts one hour forward?
+
+* Do the triggers run twice when the time shifts one hour backward?
+
+If these logic apps use the UTC-6:00 Central Time (US & Canada) zone, this simulation shows how the UTC times shifted in 2019 to counter the DST changes, moving one hour backward or forward as necessary so that the apps continued running at the expected local times without skipped or duplicate runs.
+
+* **03/10/2019: DST starts at 2:00 AM, shifting time one hour forward**
+
+ To compensate after DST starts, UTC time shifts one hour backward so that your logic app continues running at the same local time:
+
+ * Logic app #1
+
+ | Date | Time (local) | Time (UTC) | Notes |
+ |------|--------------|------------|-------|
+ | 03/09/2019 | 1:30:00 AM | 7:30:00 AM | UTC before the day that DST takes effect. |
+ | 03/10/2019 | 1:30:00 AM | 7:30:00 AM | UTC is the same because DST hasn't taken effect. |
+ | 03/11/2019 | 1:30:00 AM | 6:30:00 AM | UTC shifted one hour backward after DST took effect. |
+ |||||
+
+ * Logic app #2
+
+ | Date | Time (local) | Time (UTC) | Notes |
+ |------|--------------|------------|-------|
+ | 03/09/2019 | 2:30:00 AM | 8:30:00 AM | UTC before the day that DST takes effect. |
+ | 03/10/2019 | 3:30:00 AM* | 8:30:00 AM | DST is already in effect, so local time has moved one hour forward because the UTC-6:00 time zone changes to UTC-5:00. For more information, see [Triggers that start between 2:00 AM - 3:00 AM](#dst-window). |
+ | 03/11/2019 | 2:30:00 AM | 7:30:00 AM | UTC shifted one hour backward after DST took effect. |
+ |||||
+
+* **11/03/2019: DST ends at 2:00 AM and shifts time one hour backward**
+
+ To compensate, UTC time shifts one hour forward so that your logic app continues running at the same local time:
+
+ * Logic app #1
+
+ | Date | Time (local) | Time (UTC) | Notes |
+ |------|--------------|------------|-------|
+ | 11/02/2019 | 1:30:00 AM | 6:30:00 AM ||
+ | 11/03/2019 | 1:30:00 AM | 6:30:00 AM ||
+ | 11/04/2019 | 1:30:00 AM | 7:30:00 AM ||
+ |||||
+
+ * Logic app #2
+
+ | Date | Time (local) | Time (UTC) | Notes |
+ |------|--------------|------------|-------|
+ | 11/02/2019 | 2:30:00 AM | 7:30:00 AM ||
+ | 11/03/2019 | 2:30:00 AM | 8:30:00 AM ||
+ | 11/04/2019 | 2:30:00 AM | 8:30:00 AM ||
+ |||||
+
+<a name="run-once"></a>
+
+## Run one time only
+
+If you want to run your logic app only at one time in the future, you can use the **Scheduler: Run once jobs** template. After you create a new logic app but before opening the Logic Apps Designer, under the **Templates** section, from the **Category** list, select **Schedule**, and then select this template:
+
+![Select "Scheduler: Run once jobs" template](./media/concepts-schedule-automated-recurring-tasks-workflows/choose-run-once-template.png)
+
+Or, if you can start your logic app with the **When a HTTP request is received - Request** trigger, and pass the start time as a parameter for the trigger. For the first action, use the **Delay until - Schedule** action, and provide the time for when the next action starts running.
+ <a name="example-recurrences"></a> ## Example recurrences
@@ -129,10 +213,10 @@ Here are various example recurrences that you can set up for the triggers that s
|---------|------------|----------|-----------|------------|---------------|----------------|------------------|------| | Recurrence, <br>Sliding Window | Run every 15 minutes (no start date and time) | 15 | Minute | {none} | {unavailable} | {none} | {none} | This schedule starts immediately, then calculates future recurrences based on the last run time. | | Recurrence, <br>Sliding Window | Run every 15 minutes (with start date and time) | 15 | Minute | *startDate*T*startTime*Z | {unavailable} | {none} | {none} | This schedule doesn't start *any sooner* than the specified start date and time, then calculates future recurrences based on the last run time. |
-| Recurrence, <br>Sliding Window | Run every hour, on the hour (with start date and time) | 1 | Hour | *startDate*Thh:00:00Z | {unavailable} | {none} | {none} | This schedule doesn't start *any sooner* than the specified start date and time. Future recurrences run every hour at the "00" minute mark, which is calculated from the start time. <p>If the frequency is "Week" or "Month", this schedule respectively runs only one day per week or one day per month. |
+| Recurrence, <br>Sliding Window | Run every hour, on the hour (with start date and time) | 1 | Hour | *startDate*Thh:00:00Z | {unavailable} | {none} | {none} | This schedule doesn't start *any sooner* than the specified start date and time. Future recurrences run every hour at the "00" minute mark, which Logic Apps calculates from the start time. <p>If the frequency is "Week" or "Month", this schedule respectively runs only one day per week or one day per month. |
| Recurrence, <br>Sliding Window | Run every hour, every day (no start date and time) | 1 | Hour | {none} | {unavailable} | {none} | {none} | This schedule starts immediately and calculates future recurrences based on the last run time. <p>If the frequency is "Week" or "Month", this schedule respectively runs only one day per week or one day per month. | | Recurrence, <br>Sliding Window | Run every hour, every day (with start date and time) | 1 | Hour | *startDate*T*startTime*Z | {unavailable} | {none} | {none} | This schedule doesn't start *any sooner* than the specified start date and time, then calculates future recurrences based on the last run time. <p>If the frequency is "Week" or "Month", this schedule respectively runs only one day per week or one day per month. |
-| Recurrence, <br>Sliding Window | Run every 15 minutes past the hour, every hour (with start date and time) | 1 | Hour | *startDate*T00:15:00Z | {unavailable} | {none} | {none} | This schedule doesn't start *any sooner* than the specified start date and time. Future recurrences run at the "15" minute mark, which is calculated from the start time, so at 00:15 AM, 1:15 AM, 2:15 AM, and so on. |
+| Recurrence, <br>Sliding Window | Run every 15 minutes past the hour, every hour (with start date and time) | 1 | Hour | *startDate*T00:15:00Z | {unavailable} | {none} | {none} | This schedule doesn't start *any sooner* than the specified start date and time. Future recurrences run at the "15" minute mark, which Logic Apps calculates from the start time, so at 00:15 AM, 1:15 AM, 2:15 AM, and so on. |
| Recurrence | Run every 15 minutes past the hour, every hour (no start date and time) | 1 | Day | {none} | {unavailable} | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 | 15 | This schedule runs at 00:15 AM, 1:15 AM, 2:15 AM, and so on. Also, this schedule is equivalent to a frequency of "Hour" and a start time with "15" minutes. | | Recurrence | Run every 15 minutes at the specified minute marks (no start date and time). | 1 | Day | {none} | {unavailable} | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 | 0, 15, 30, 45 | This schedule doesn't start until the next specified 15-minute mark. | | Recurrence | Run daily at 8 AM *plus* the minute-mark from when you save your logic app | 1 | Day | {none} | {unavailable} | 8 | {none} | Without a start date and time, this schedule runs based on the time when you save the logic app (PUT operation). |
@@ -150,16 +234,6 @@ Here are various example recurrences that you can set up for the triggers that s
| Recurrence | Run every hour for one day per month | 1 | Month | {see note} | {unavailable} | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 | {see note} | If you don't specify a start date and time, this schedule uses the creation date and time. To control the minutes for the recurrence schedule, specify the minutes of the hour, a start time, or use the creation time. For example, if the start time or creation time is 8:25 AM, this schedule runs at 8:25 AM, 9:25 AM, 10:25 AM, and so on. | |||||||||
-<a name="run-once"></a>
-
-## Run one time only
-
-If you want to run your logic app only at one time in the future, you can use the **Scheduler: Run once jobs** template. After you create a new logic app but before opening the Logic Apps Designer, under the **Templates** section, from the **Category** list, select **Schedule**, and then select this template:
-
-![Select "Scheduler: Run once jobs" template](./media/concepts-schedule-automated-recurring-tasks-workflows/choose-run-once-template.png)
-
-Or, if you can start your logic app with the **When a HTTP request is received - Request** trigger, and pass the start time as a parameter for the trigger. For the first action, use the **Delay until - Schedule** action, and provide the time for when the next action starts running.
- ## Next steps * [Create, schedule, and run recurring tasks and workflows with the Recurrence trigger](../connectors/connectors-native-recurrence.md)
logic-apps https://docs.microsoft.com/en-us/azure/logic-apps/create-integration-service-environment-rest-api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/logic-apps/create-integration-service-environment-rest-api.md
@@ -5,7 +5,7 @@ services: logic-apps
ms.suite: integration ms.reviewer: rarayudu, logicappspm ms.topic: conceptual
-ms.date: 12/29/2020
+ms.date: 12/30/2020
--- # Create an integration service environment (ISE) by using the Logic Apps REST API
@@ -118,7 +118,7 @@ Here is the request body syntax, which describes the properties to use when you
} ] },
- // Include `certificates` object to enable self-signed certiificate and certificate issued by Enterprise Certificate Authority
+ // Include `certificates` object to enable self-signed certificate and the certificate issued by Enterprise Certificate Authority
"certificates": { "testCertificate": { "publicCertificate": "{base64-encoded-certificate}",
@@ -182,6 +182,7 @@ This example request body shows the sample values:
} } ```+ ## Add custom root certificates You often use an ISE to connect to custom services on your virtual network or on premises. These custom services are often protected by a certificate that's issued by custom root certificate authority, such as an Enterprise Certificate Authority or a self-signed certificate. For more information about using self-signed certificates, see [Secure access and data - Access for outbound calls to other services and systems](../logic-apps/logic-apps-securing-a-logic-app.md#secure-outbound-requests). For your ISE to successfully connect to these services through Transport Layer Security (TLS), your ISE needs access to these root certificates. To update your ISE with a custom trusted root certificate, make this HTTPS `PATCH` request:
machine-learning https://docs.microsoft.com/en-us/azure/machine-learning/how-to-create-labeling-projects https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/how-to-create-labeling-projects.md
@@ -49,7 +49,7 @@ Labeling projects are administered from Azure Machine Learning. You use the **La
If your data is already in Azure Blob storage, you should make it available as a datastore before you create the labeling project. For an example of using a datastore, see [Tutorial: Create your first image classification labeling project](tutorial-labeling.md).
-To create a project, select **Add project**. Give the project an appropriate name and select **Labeling task type**.
+To create a project, select **Add project**. Give the project an appropriate name and select **Labeling task type**. Project name cannot be reused, even if the project is deleted in future.
:::image type="content" source="media/how-to-create-labeling-projects/labeling-creation-wizard.png" alt-text="Labeling project creation wizard":::
marketplace https://docs.microsoft.com/en-us/azure/marketplace/azure-vm-create-using-approved-base https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/azure-vm-create-using-approved-base.md
@@ -6,7 +6,7 @@ ms.subservice: partnercenter-marketplace-publisher
ms.topic: how-to author: emuench ms.author: krsh
-ms.date: 10/20/2020
+ms.date: 01/06/2021
--- # How to create a virtual machine using an approved base
@@ -35,15 +35,11 @@ Azure offers a range of approved Linux distributions. For a current list, see [L
2. Select **Virtual machines**. 3. Select **+ Add** to open the **Create a virtual machine** screen. 4. Select the image from the dropdown list or select **Browse all public and private images** to search or browse all available virtual machine images.
-5. If you want to create **Gen 1** VM, go to the **Disks** tab and set the **Use Managed Disk** option to **NO** so that you will be able to get the VHD of your VM in specified storage account
-
- :::image type="content" source="media/create-vm/create-virtual-machine-sizes-2.png" alt-text="Select Unmanaged disk.":::
-
-6. To create a **Gen 2** VM, go to the **Advanced** tab and select the **Gen 2** option.
+5. To create a **Gen 2** VM, go to the **Advanced** tab and select the **Gen 2** option.
:::image type="content" source="media/create-vm/vm-gen-option.png" alt-text="Select Gen 1 or Gen 2.":::
-7. Select the size of the VM to deploy.
+6. Select the size of the VM to deploy.
:::image type="content" source="media/create-vm/create-virtual-machine-sizes.png" alt-text="Select a recommended VM size for the selected image.":::
@@ -52,7 +48,6 @@ Azure offers a range of approved Linux distributions. For a current list, see [L
Azure begins provisioning the virtual machine you specified. Track its progress by selecting the **Virtual Machines** tab in the left menu. After it's created, the status of Virtual Machine changes to **Running**. - ## Configure the VM This section describes how to size, update, and generalize an Azure VM. These steps are necessary to prepare your VM to be deployed on Azure Marketplace.
marketplace https://docs.microsoft.com/en-us/azure/marketplace/azure-vm-image-test https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/azure-vm-image-test.md
@@ -211,28 +211,6 @@ This section describes how to create and deploy a user-provided virtual machine
] } }
- },
- {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2015-06-15",
- "name": "[concat(parameters('vmName'),'/WinRMCustomScriptExtension')]",
- "location": "[parameters('location')]",
- "dependsOn": [
- "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
- ],
- "properties": {
- "publisher": "Microsoft.Compute",
- "type": "CustomScriptExtension",
- "typeHandlerVersion": "1.4",
- "settings": {
- "fileUris": [
- "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-vm-winrm-windows/ConfigureWinRM.ps1",
- "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-vm-winrm-windows/makecert.exe",
- "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-vm-winrm-windows/winrmconf.cmd"
- ],
- "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -file ConfigureWinRM.ps1 ',variables('hostDNSNameScriptArgument'))]"
- }
- }
} ] }
media-services https://docs.microsoft.com/en-us/azure/media-services/previous/media-services-face-redaction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/media-services/previous/media-services-face-redaction.md
@@ -33,6 +33,9 @@ Facial redaction works by detecting faces in every frame of video and tracking t
In addition to a fully automatic mode, there is a two-pass workflow, which allows the selection/de-selection of found faces via a list of IDs. Also, to make arbitrary per frame adjustments the MP uses a metadata file in JSON format. This workflow is split into **Analyze** and **Redact** modes. You can combine the two modes in a single pass that runs both tasks in one job; this mode is called **Combined**.
+ > [!NOTE]
+ > Face Detector Media Processor has been deprecated as of June 2020, [Azure Media Services legacy components](./legacy-components.md). Consider using Azure Media Services v3 API.
+ ### Combined mode This produces a redacted mp4 automatically without any manual input.
media-services https://docs.microsoft.com/en-us/azure/media-services/video-indexer/multi-language-identification-transcription https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/media-services/video-indexer/multi-language-identification-transcription.md
@@ -13,7 +13,7 @@ ms.date: 09/01/2019
ms.author: juliako ---
-# Automatically identify and transcribe multi-language content (preview)
+# Automatically identify and transcribe multi-language content
Video Indexer supports automatic language identification and transcription in multi-language content. This process involves automatically identifying the spoken language in different segments from audio, sending each segment of the media file to be transcribed and combine the transcription back to one unified transcription.
media-services https://docs.microsoft.com/en-us/azure/media-services/video-indexer/video-indexer-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/media-services/video-indexer/video-indexer-overview.md
@@ -72,7 +72,7 @@ The following list shows the insights you can retrieve from your videos using Vi
* **Audio transcription**: Converts speech to text in 12 languages and allows extensions. Supported languages include English, Spanish, French, German, Italian, Mandarin Chinese, Japanese, Arabic, Russian, Portuguese, Hindi, and Korean. * **Automatic language detection**: Automatically identifies the dominant spoken language. Supported languages include English, Spanish, French, German, Italian, Mandarin Chinese, Japanese, Russian, and Portuguese. If the language can't be identified with confidence, Video Indexer assumes the spoken language is English. For more information, see [Language identification model](language-identification-model.md).
-* **Multi-language speech identification and transcription** (preview): Automatically identifies the spoken language in different segments from audio. It sends each segment of the media file to be transcribed and then combines the transcription back to one unified transcription. For more information, see [Automatically identify and transcribe multi-language content](multi-language-identification-transcription.md).
+* **Multi-language speech identification and transcription**: Automatically identifies the spoken language in different segments from audio. It sends each segment of the media file to be transcribed and then combines the transcription back to one unified transcription. For more information, see [Automatically identify and transcribe multi-language content](multi-language-identification-transcription.md).
* **Closed captioning**: Creates closed captioning in three formats: VTT, TTML, SRT. * **Two channel processing**: Auto detects separate transcript and merges to single timeline. * **Noise reduction**: Clears up telephony audio or noisy recordings (based on Skype filters).
migrate https://docs.microsoft.com/en-us/azure/migrate/migrate-support-matrix-physical-migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/migrate/migrate-support-matrix-physical-migration.md
@@ -43,7 +43,7 @@ The table summarizes support for physical servers you want to migrate using agen
**UEFI boot** | Supported. UEFI-based machines will be migrated to Azure generation 2 VMs. <br/><br/> The OS disk should have up to four partitions, and volumes should be formatted with NTFS. **UEFI - Secure boot** | Not supported for migration. **Target disk** | Machines can only be migrated to managed disks (standard HDD, standard SSD, premium SSD) in Azure.
-**Disk size** | 2 TB OS disk (BIOS boot); 4 TB OS disk (UEFI boot); 8 TB for data disks.
+**Disk size** | 2 TB OS disk; 32 TB for data disks.
**Disk limits** | Up to 63 disks per machine. **Encrypted disks/volumes** | Machines with encrypted disks/volumes aren't supported for migration. **Shared disk cluster** | Not supported.
migrate https://docs.microsoft.com/en-us/azure/migrate/migrate-support-matrix-vmware-migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/migrate/migrate-support-matrix-vmware-migration.md
@@ -39,7 +39,7 @@ The table summarizes VMware hypervisor requirements.
--- | --- **VMware vCenter Server** | Version 5.5, 6.0, 6.5, 6.7, 7.0. **VMware vSphere ESXI host** | Version 5.5, 6.0, 6.5, 6.7, 7.0.
-**vCenter Server permissions** | Agentless migration uses the [Migrate Appliance](migrate-appliance.md). The appliance needs these permissions in vCenter Server:<br/><br/> - **Datastore.Browse** (Datastore -> Browse datastore): Allow browsing of VM log files to troubleshoot snapshot creation and deletion.<br/><br/> - **Datastore.FileManagement** (Datastore -> Low level file operations): Allow read/write/delete/rename operations in the datastore browser, to troubleshoot snapshot creation and deletion.<br/><br/> - **VirtualMachine.Config.ChangeTracking** (Virtual machine -> Disk change tracking): Allow enable or disable change tracking of VM disks, to pull changed blocks of data between snapshots.<br/><br/> - **VirtualMachine.Config.DiskLease** (Virtual machine -> Disk lease): Allow disk lease operations for a VM, to read the disk using the VMware vSphere Virtual Disk Development Kit (VDDK).<br/><br/> - **VirtualMachine.Provisioning.DiskAccess**: (specifically for vSphere 6.0 and above) Allow opening a disk on a VM for random read access on the disk using the VDDK.<br/><br/> - **VirtualMachine.Provisioning.DiskRandomRead** (Virtual machine -> Provisioning -> Allow read-only disk access): Allow opening a disk on a VM, to read the disk using the VDDK.<br/><br/> - **VirtualMachine.Provisioning.DiskRandomAccess** (Virtual machine -> Provisioning -> Allow disk access): Allow opening a disk on a VM, to read the disk using the VDDK.<br/><br/> - **VirtualMachine.Provisioning.GetVmFiles** (Virtual machine -> Provisioning -> Allow virtual machine download): Allows read operations on files associated with a VM, to download the logs and troubleshoot if failure occurs.<br/><br/> - **VirtualMachine.State.\*** (Virtual machine -> Snapshot management): Allow creation and management of VM snapshots for replication.<br/><br/> - **VirtualMachine.Interact.PowerOff** (Virtual machine -> Interaction -> Power off): Allow the VM to be powered off during migration to Azure.
+**vCenter Server permissions** | Agentless migration uses the [Migrate Appliance](migrate-appliance.md). The appliance needs these permissions in vCenter Server:<br/><br/> - **Datastore.Browse** (Datastore -> Browse datastore): Allow browsing of VM log files to troubleshoot snapshot creation and deletion.<br/><br/> - **Datastore.FileManagement** (Datastore -> Low level file operations): Allow read/write/delete/rename operations in the datastore browser, to troubleshoot snapshot creation and deletion.<br/><br/> - **VirtualMachine.Config.ChangeTracking** (Virtual machine -> Disk change tracking): Allow enable or disable change tracking of VM disks, to pull changed blocks of data between snapshots.<br/><br/> - **VirtualMachine.Config.DiskLease** (Virtual machine -> Disk lease): Allow disk lease operations for a VM, to read the disk using the VMware vSphere Virtual Disk Development Kit (VDDK).<br/><br/> - **VirtualMachine.Provisioning.DiskRandomRead** (Virtual machine -> Provisioning -> Allow read-only disk access): Allow opening a disk on a VM, to read the disk using the VDDK.<br/><br/> - **VirtualMachine.Provisioning.DiskRandomAccess** (Virtual machine -> Provisioning -> Allow disk access): Allow opening a disk on a VM, to read the disk using the VDDK.<br/><br/> - **VirtualMachine.Provisioning.GetVmFiles** (Virtual machine -> Provisioning -> Allow virtual machine download): Allows read operations on files associated with a VM, to download the logs and troubleshoot if failure occurs.<br/><br/> - **VirtualMachine.State.\*** (Virtual machine -> Snapshot management): Allow creation and management of VM snapshots for replication.<br/><br/> - **VirtualMachine.Interact.PowerOff** (Virtual machine -> Interaction -> Power off): Allow the VM to be powered off during migration to Azure.
mysql https://docs.microsoft.com/en-us/azure/mysql/flexible-server/tutorial-deploy-wordpress-on-aks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md
@@ -58,7 +58,7 @@ The following example output shows the resource group created successfully:
Use the [az aks create](/cli/azure/aks?view=azure-cli-latest&preserve-view=true#az-aks-create) command to create an AKS cluster. The following example creates a cluster named *myAKSCluster* with one node. This will take several minutes to complete. ```azurecli-interactive
-az aks create --resource-group wordpress-project --name wordpresscluster--node-count 1 --generate-ssh-keys
+az aks create --resource-group wordpress-project --name myAKSCluster --node-count 1 --generate-ssh-keys
``` After a few minutes, the command completes and returns JSON-formatted information about the cluster.
@@ -77,7 +77,7 @@ az aks install-cli
To configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials](/cli/azure/aks?view=azure-cli-latest&preserve-view=true#az-aks-get-credentials) command. This command downloads credentials and configures the Kubernetes CLI to use them. ```azurecli-interactive
-az aks get-credentials --resource-group wordpress-project --name wordpresscluster
+az aks get-credentials --resource-group wordpress-project --name myAKSCluster
``` > [!NOTE]
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor-create-using-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/connection-monitor-create-using-powershell.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 11/23/2020
+ms.date: 01/07/2021
ms.author: vinigam #Customer intent: I need to create a connection monitor by using PowerShell to monitor communication between one VM and another. ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor-create-using-template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/connection-monitor-create-using-template.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 11/23/2020
+ms.date: 01/07/2021
ms.author: vinigam #Customer intent: I need to create a connection monitor to monitor communication between one VM and another. ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/data-residency https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/data-residency.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 07/20/2020
+ms.date: 01/07/2021
ms.author: damendo
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-communication-problem-between-networks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/diagnose-communication-problem-between-networks.md
@@ -13,7 +13,7 @@ ms.devlang: na
ms.topic: tutorial ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 04/27/2018
+ms.date: 01/07/2021
ms.author: damendo ms.custom: mvc ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-routing-problem-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/diagnose-vm-network-routing-problem-cli.md
@@ -14,7 +14,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: network-watcher ms.workload: infrastructure
-ms.date: 04/20/2018
+ms.date: 01/07/2021
ms.author: damendo ms.custom: ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-routing-problem-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/diagnose-vm-network-routing-problem-powershell.md
@@ -15,7 +15,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: network-watcher ms.workload: infrastructure
-ms.date: 04/20/2018
+ms.date: 01/07/2021
ms.author: damendo ms.custom:
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-routing-problem https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/diagnose-vm-network-routing-problem.md
@@ -15,7 +15,7 @@ ms.devlang: na
ms.topic: tutorial ms.tgt_pltfrm: network-watcher ms.workload: infrastructure
-ms.date: 04/20/2018
+ms.date: 01/07/2021
ms.author: damendo ms.custom: mvc
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-traffic-filtering-problem-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/diagnose-vm-network-traffic-filtering-problem-cli.md
@@ -15,7 +15,7 @@ ms.devlang: na
ms.topic: quickstart ms.tgt_pltfrm: network-watcher ms.workload: infrastructure
-ms.date: 04/20/2018
+ms.date: 01/07/2021
ms.author: kumud ms.custom: mvc, devx-track-azurecli ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-traffic-filtering-problem-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/diagnose-vm-network-traffic-filtering-problem-powershell.md
@@ -15,7 +15,7 @@ ms.devlang: na
ms.topic: quickstart ms.tgt_pltfrm: network-watcher ms.workload: infrastructure
-ms.date: 04/20/2018
+ms.date: 01/07/2021
ms.author: damendo ms.custom: mvc, devx-track-azurepowershell
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/frequently-asked-questions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/frequently-asked-questions.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 10/10/2019
+ms.date: 01/07/2021
ms.author: damendo
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/migrate-to-connection-monitor-from-connection-monitor-classic https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/migrate-to-connection-monitor-from-connection-monitor-classic.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 11/23/2020
+ms.date: 01/07/2021
ms.author: vinigam #Customer intent: I need to migrate from Connection Monitor to Connection Monitor. ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/migrate-to-connection-monitor-from-network-performance-monitor https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/migrate-to-connection-monitor-from-network-performance-monitor.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 11/23/2020
+ms.date: 01/07/2021
ms.author: vinigam #Customer intent: I need to migrate from Network Performance Monitor to Connection Monitor. ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-connectivity-cli.md
@@ -13,7 +13,7 @@ ms.devlang: na
ms.topic: troubleshooting ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 07/11/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-connectivity-powershell.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: troubleshooting ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 07/11/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-rest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-connectivity-rest.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 08/02/2017
+ms.date: 01/07/2021
ms.author: kumud ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-deep-packet-inspection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-deep-packet-inspection.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-delete-nsg-flow-log-blobs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-delete-nsg-flow-log-blobs.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 08/16/2019
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-diagnose-on-premises-connectivity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-diagnose-on-premises-connectivity.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-intrusion-detection-open-source-tools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-intrusion-detection-open-source-tools.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-azure-resource-manager https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-nsg-flow-logging-azure-resource-manager.md
@@ -13,7 +13,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 01/26/2020
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-nsg-flow-logging-cli.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-nsg-flow-logging-powershell.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-rest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-nsg-flow-logging-rest.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-packet-capture-manage-cli.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-packet-capture-manage-portal.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 09/10/2018
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-packet-capture-manage-powershell.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-rest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-packet-capture-manage-rest.md
@@ -9,7 +9,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-troubleshoot-manage-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-troubleshoot-manage-cli.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: troubleshooting ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 06/19/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-troubleshoot-manage-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-troubleshoot-manage-powershell.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: troubleshooting ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 06/19/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-troubleshoot-manage-rest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-troubleshoot-manage-rest.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: troubleshooting ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 06/19/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-visualize-nsg-flow-logs-power-bi https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/network-watcher-visualize-nsg-flow-logs-power-bi.md
@@ -10,7 +10,7 @@ ms.devlang: na
ms.topic: how-to ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/22/2017
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-policy-portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/nsg-flow-logs-policy-portal.md
@@ -12,7 +12,7 @@ ms.devlang: na
ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 10/01/2020
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/quickstart-configure-network-security-group-flow-logs-from-arm-template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/quickstart-configure-network-security-group-flow-logs-from-arm-template.md
@@ -7,7 +7,7 @@ Customer intent: I need to enable the network security group flow logs by using
ms.service: network-watcher ms.topic: quickstart
-ms.date: 07/22/2020
+ms.date: 01/07/2021
ms.author: damendo ms.custom: subject-armqs
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/required-rbac-permissions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/required-rbac-permissions.md
@@ -10,7 +10,7 @@ ms.workload:
ms.tgt_pltfrm: na ms.devlang: na ms.topic: article
-ms.date: 05/10/2018
+ms.date: 01/07/2021
ms.author: damendo ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/resource-move https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/resource-move.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 07/27/2020
+ms.date: 01/07/2021
ms.author: damendo
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-schema-update https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/traffic-analytics-schema-update.md
@@ -12,7 +12,7 @@ ms.devlang: na
ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 03/06/2020
+ms.date: 01/07/2021
ms.author: vinigam ---
network-watcher https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-schema https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/traffic-analytics-schema.md
@@ -12,7 +12,7 @@ ms.devlang: na
ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services
-ms.date: 02/26/2019
+ms.date: 01/07/2021
ms.author: vinigam ---
postgresql https://docs.microsoft.com/en-us/azure/postgresql/connect-php https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/connect-php.md
@@ -83,7 +83,7 @@ Replace the `$host`, `$database`, `$user`, and `$password` parameters with your
// Insert some data into table. $name = '\'banana\''; $quantity = 150;
- $query = "INSERT INTO inventory (name, quantity) VALUES ($1, $2);";
+ $query = "INSERT INTO inventory (name, quantity) VALUES ($name, $quantity);";
pg_query($connection, $query) or die("Encountered an error when executing given sql statement: ". pg_last_error(). "<br/>");
security-center https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/deploy-vulnerability-assessment-vm.md
@@ -113,7 +113,7 @@ The vulnerability scanner extension works as follows:
> - If you haven't got a third-party vulnerability scanner configured, you won't be offered the opportunity to deploy it. > - If your selected machines aren't protected by Azure Defender, the ASC integrated vulnerability scanner option won't be available.
- :::image type="content" source="./media/deploy-vulnerability-assessment-vm/recommendation-remediation-options.png" alt-text="The options for which type of remediation flow you want to choose when responding to the recommendation **A vulnerability assessment solution should be enabled on your virtual machines** recommendation page":::
+ :::image type="content" source="./media/deploy-vulnerability-assessment-vm/recommendation-remediation-options-builtin.png" alt-text="The options for which type of remediation flow you want to choose when responding to the recommendation **A vulnerability assessment solution should be enabled on your virtual machines** recommendation page":::
1. Choose the recommended option, **Deploy ASC integrated vulnerability scanner**, and **Proceed**.
security https://docs.microsoft.com/en-us/azure/security/fundamentals/pen-testing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security/fundamentals/pen-testing.md
@@ -42,8 +42,8 @@ Standard tests you can perform include:
One type of pen test that you canΓÇÖt perform is any kind of [Denial of Service (DoS)](https://en.wikipedia.org/wiki/Denial-of-service_attack) attack. This test includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate, or simulate any type of DoS attack. >[!Note]
->Microsoft has partnered with BreakingPoint Cloud to build an interface where you can generate traffic against DDoS Protection-enabled public IP addresses for simulations. To learn more about the BreakPoint Cloud simulation, see [validate DDoS detection](../../ddos-protection/manage-ddos-protection.md#validate-and-test).
+>Microsoft has partnered with BreakingPoint Cloud to build an interface where you can generate traffic against DDoS Protection-enabled public IP addresses for simulations. To learn more about the BreakingPoint Cloud simulation, see [testing through simulations](../../ddos-protection/test-through-simulations.md).
## Next steps
-* Learn more about the [Penetration Testing Rules of Engagement](https://www.microsoft.com/msrc/pentest-rules-of-engagement?rtc=2).
\ No newline at end of file
+* Learn more about the [Penetration Testing Rules of Engagement](https://www.microsoft.com/msrc/pentest-rules-of-engagement?rtc=2).
site-recovery https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-support-matrix https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/site-recovery/azure-to-azure-support-matrix.md
@@ -193,6 +193,7 @@ VMs migrated using Site Recovery | Supported | If a VMware VM or physical machin
Azure RBAC policies | Not supported | Azure role-based access control (Azure RBAC) policies on VMs are not replicated to the failover VM in target region. Extensions | Not supported | Extensions are not replicated to the failover VM in target region. It needs to be installed manually after failover. Proximity Placement Groups | Supported | Virtual machines located inside a Proximity Placement Group can be protected using Site Recovery.
+Tags | Supported | User generated tags applied on source virtual machines are carried over to target virtual machines post test failover or failover.
## Replicated machines - disk actions
@@ -251,6 +252,7 @@ NVMe disks | Not supported
Azure shared disks | Not supported Secure transfer option | Supported Write accelerator enabled disks | Not supported
+Tags | User generated tags are replicated every 24 hours.
>[!IMPORTANT] > To avoid performance issues, make sure that you follow VM disk scalability and performance targets for [Linux](../virtual-machines/linux/disk-scalability-targets.md) or [Windows](../virtual-machines/windows/disk-scalability-targets.md) VMs. If you use default settings, Site Recovery creates the required disks and storage accounts, based on the source configuration. If you customize and select your own settings,follow the disk scalability and performance targets for your source VMs.
@@ -297,6 +299,7 @@ Accelerated networking | Supported | Accelerated networking must be enabled on s
Palo Alto Network Appliance | Not supported | With third party appliances, there are often restrictions imposed by the provider inside the Virtual Machine. Azure Site Recovery needs agent, extensions and outbound connectivity to be available. But the appliance does not let any outbound activity to be configured inside the Virtual Machine. IPv6 | Not supported | Mixed configurations that include both IPv4 and IPv6 are also not supported. Please free up the subnet of the IPv6 range before any Site Recovery operation. Private link access to Site Recovery service | Supported | [Learn more](azure-to-azure-how-to-enable-replication-private-endpoints.md)
+Tags | Supported | User generated tags on NICs are replicated every 24 hours.
storage https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-directory-file-acl-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/blobs/data-lake-storage-directory-file-acl-powershell.md
@@ -73,8 +73,7 @@ $ctx = New-AzStorageContext -StorageAccountName '<storage-account-name>' -UseCon
With this approach, the system doesn't check Azure RBAC or ACL permissions. ```powershell
-$storageAccount = Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -AccountName "<storage-account-name>"
-$ctx = $storageAccount.Context
+$ctx = New-AzStorageContext -StorageAccountName "<storage-account-name>" -StorageAccountKey "<storage-account-key>"
``` ## Create a container
@@ -418,4 +417,4 @@ The following table shows how the cmdlets used for Data Lake Storage Gen1 map to
## See also * [Known issues](data-lake-storage-known-issues.md#api-scope-data-lake-client-library)
-* [Storage PowerShell cmdlets](/powershell/module/az.storage)
\ No newline at end of file
+* [Storage PowerShell cmdlets](/powershell/module/az.storage)
storage https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-query-acceleration-how-to https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/blobs/data-lake-storage-query-acceleration-how-to.md
@@ -5,7 +5,7 @@ author: normesta
ms.subservice: data-lake-storage-gen2 ms.service: storage ms.topic: how-to
-ms.date: 09/09/2020
+ms.date: 01/06/2021
ms.author: normesta ms.reviewer: jamsbak ms.custom: devx-track-csharp, devx-track-azurecli
@@ -432,7 +432,7 @@ def dump_query_csv(blob: BlobClient, query: str, headers: bool):
### [Node.js](#tab/nodejs)
-This example sends the query to the query acceleration API, and then streams the results back.
+This example sends the query to the query acceleration API, and then streams the results back. The `blob` object passed into the `queryHemingway` helper function is of type [BlockBlobClient](https://docs.microsoft.com/javascript/api/@azure/storage-blob/blockblobclient). To learn more about how to get a [BlockBlobClient](https://docs.microsoft.com/javascript/api/@azure/storage-blob/blockblobclient) object, see [Quickstart: Manage blobs with JavaScript v12 SDK in Node.js](storage-quickstart-blobs-nodejs.md).
```javascript async function queryHemingway(blob)
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/azure-cosmos-db-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/azure-cosmos-db-output.md
@@ -1,9 +1,8 @@
--- title: Azure Cosmos DB output from Azure Stream Analytics description: This article describes how to output data from Azure Stream Analytics to Azure Cosmos DB.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 08/25/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/azure-data-lake-storage-gen1-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/azure-data-lake-storage-gen1-output.md
@@ -1,9 +1,8 @@
--- title: Azure Data Lake Storage Gen 1 output from Azure Stream Analytics description: This article describes Azure Data Lake Storage Gen 1 as an output option for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 08/25/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/azure-functions-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/azure-functions-output.md
@@ -1,9 +1,8 @@
--- title: Azure Functions output from Azure Stream Analytics description: This article describes Azure functions as output for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 08/25/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/azure-synapse-analytics-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/azure-synapse-analytics-output.md
@@ -1,9 +1,8 @@
--- title: Azure Synapse Analytics output from Azure Stream Analytics description: This article describes Azure Synapse Analytics as output for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 08/25/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/blob-storage-azure-data-lake-gen2-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/blob-storage-azure-data-lake-gen2-output.md
@@ -1,9 +1,8 @@
--- title: Blob storage and Azure Data Lake Gen2 output from Azure Stream Analytics description: This article describes blob storage and Azure Data Lake Gen 2 as output for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 08/25/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/cicd-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/cicd-overview.md
@@ -4,7 +4,6 @@ description: This article gives an overview of a continuous integration and depl
services: stream-analytics author: su-jie ms.author: sujie
-ms.reviewer: mamccrea
ms.service: stream-analytics ms.topic: how-to ms.date: 9/22/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/cicd-tools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/cicd-tools.md
@@ -4,7 +4,7 @@ description: This article describes how to use Azure Stream Analytics CI/CD tool
services: stream-analytics author: su-jie ms.author: sujie
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 09/10/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/cluster-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/cluster-overview.md
@@ -3,7 +3,6 @@ title: Overview of Azure Stream Analytics Clusters (Preview)
description: Learn about single tenant dedicated offering of Stream Analytics Cluster. author: sidramadoss ms.author: sidram
-ms.reviewer: mamccrea
ms.service: stream-analytics ms.topic: overview ms.custom: mvc
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/configuration-error-codes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/configuration-error-codes.md
@@ -1,8 +1,8 @@
--- title: Configuration error codes - Azure Stream Analytics description: Troubleshoot Azure Stream Analytics issues with configuration error codes.
-ms.author: mamccrea
-author: mamccrea
+ms.author: sidram
+author: sidramadoss
ms.topic: troubleshooting ms.date: 05/07/2020 ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/connect-job-to-vnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/connect-job-to-vnet.md
@@ -1,9 +1,9 @@
--- title: Connect Stream Analytics jobs to resources in an Azure Virtual Network (VNET) description: This article describes how to connect an Azure Stream Analytics job with resources that are in a VNET.
-author: sidram
+author: sidramadoss
ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: conceptual ms.date: 01/04/2021
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/copy-job https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/copy-job.md
@@ -3,7 +3,7 @@ title: Copy or back up Azure Stream Analytics jobs
description: This article describes how to copy or back up an Azure Stream Analytics job. author: su-jie ms.author: sujie
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 09/11/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/create-cluster https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/create-cluster.md
@@ -3,7 +3,7 @@ title: Create an Azure Stream Analytics Cluster quickstart
description: Learn how to create an Azure Stream Analytics cluster. author: sidramadoss ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: overview ms.custom: mvc
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/custom-deserializer-examples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/custom-deserializer-examples.md
@@ -1,9 +1,8 @@
--- title: Read input in any format using .NET custom deserializers in Azure Stream Analytics description: This article explains the serialization format and the interfaces that define custom .NET deserializers for Azure Stream Analytics cloud and edge jobs.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: conceptual ms.date: 1/28/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/custom-deserializer https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/custom-deserializer.md
@@ -1,9 +1,8 @@
--- title: Tutorial - Custom .NET deserializers for Azure Stream Analytics cloud jobs description: This tutorial demonstrates how to create a custom .NET deserializer for an Azure Stream Analytics cloud job using Visual Studio.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: tutorial ms.date: 12/17/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/data-error-codes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/data-error-codes.md
@@ -1,8 +1,8 @@
--- title: Data error codes - Azure Stream Analytics description: Troubleshoot Azure Stream Analytics issues with data error codes.
-ms.author: mamccrea
-author: mamccrea
+ms.author: sidram
+author: sidramadoss
ms.topic: troubleshooting ms.date: 05/07/2020 ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/data-errors https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/data-errors.md
@@ -1,8 +1,8 @@
--- title: Azure Stream Analytics resource log data errors description: This article explains the different input and output data errors that can occur when using Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: troubleshooting ms.date: 08/07/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/data-protection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/data-protection.md
@@ -1,8 +1,8 @@
--- title: Data protection in Azure Stream Analytics description: This article explains how to encrypt your private data used by an Azure Stream Analytics job.
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: how-to ms.date: 12/03/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/debug-locally-using-job-diagram-vs-code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/debug-locally-using-job-diagram-vs-code.md
@@ -3,7 +3,7 @@ title: Debug Azure Stream Analytics queries locally using job diagram in Visual
description: This article describes how to debug queries locally using job diagram in the Azure Stream Analytics extension for Visual Studio Code. author: su-jie ms.author: sujie
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 06/23/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/debug-locally-using-job-diagram https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/debug-locally-using-job-diagram.md
@@ -3,7 +3,7 @@ title: Debug Azure Stream Analytics queries locally using job diagram in Visual
description: This article describes how to debug queries locally using job diagram in Azure Stream Analytics Tools for Visual Studio. author: su-jie ms.author: sujie
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 01/23/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/debug-user-defined-functions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/debug-user-defined-functions.md
@@ -3,7 +3,7 @@ title: Debug user-defined functions in Azure Stream Analytics
description: This article describes how to debug user-defined functions in Azure Stream Analytics. author: jenssuessmeyer ms.author: jenss
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: conceptual ms.date: 06/24/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/develop-locally https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/develop-locally.md
@@ -1,8 +1,8 @@
--- title: Develop and debug Azure Stream Analytics jobs locally description: Learn how to develop and test Azure Stream Analytics jobs on your local computer before you run them in Azure portal.
-ms.author: mamccrea
-author: mamccrea
+ms.author: sujie
+author: su-jie
ms.topic: conceptual ms.date: 03/31/2020 ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/event-hubs-managed-identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/event-hubs-managed-identity.md
@@ -1,8 +1,8 @@
--- title: Use managed identities to access Event Hub from an Azure Stream Analytics job (Preview) description: This article describes how to use managed identities to authenticate your Azure Stream Analytics job to Azure Event Hubs input and output.
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: how-to ms.date: 01/04/2021
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/event-hubs-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/event-hubs-output.md
@@ -1,9 +1,8 @@
--- title: Event Hubs output from Azure Stream Analytics description: This article describes how to output data from Azure Stream Analytics to Azure Event Hubs.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 09/23/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/event-ordering https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/event-ordering.md
@@ -1,9 +1,9 @@
--- title: Configuring event ordering policies for Azure Stream Analytics description: This article describes how to go about configuring even ordering settings in Stream Analytics
-author: sidram
+author: sidramadoss
ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 08/06/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/external-availability-error-codes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/external-availability-error-codes.md
@@ -1,8 +1,8 @@
--- title: External availability error codes - Azure Stream Analytics description: Troubleshoot Azure Stream Analytics issues with external availability error codes.
-ms.author: mamccrea
-author: mamccrea
+ms.author: sidram
+author: sidramadoss
ms.topic: troubleshooting ms.date: 05/07/2020 ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/external-error-codes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/external-error-codes.md
@@ -1,8 +1,8 @@
--- title: External error codes - Azure Stream Analytics description: Troubleshoot Azure Stream Analytics issues with external error codes.
-ms.author: mamccrea
-author: mamccrea
+ms.author: sidram
+author: sidramadoss
ms.topic: troubleshooting ms.date: 05/07/2020 ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/feature-comparison https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/feature-comparison.md
@@ -1,8 +1,8 @@
--- title: Azure Stream Analytics feature comparison description: This article compares the features supported for Azure Stream Analytics cloud and IoT Edge jobs in the Azure portal, Visual Studio, and Visual Studio Code.
-author: mamccrea
-ms.author: mamccrea
+author: an-emma
+ms.author: raan
ms.service: stream-analytics ms.topic: conceptual ms.date: 06/27/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/functions-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/functions-overview.md
@@ -1,8 +1,8 @@
--- title: User-defined functions in Azure Stream Analytics description: This article is an overview of user-defined functions in Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: conceptual ms.date: 04/07/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/geo-redundancy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/geo-redundancy.md
@@ -1,8 +1,8 @@
--- title: Achieve geo-redundancy for Azure Stream Analytics jobs description: This article describes how-to achieve geo-redundancy of Azure Stream Analytics jobs instead of geo-failover.
-author: mamccrea
-ms.author: mamccrea
+author: an-emma
+ms.author: raan
ms.service: stream-analytics ms.topic: how-to ms.date: 08/26/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/geospatial-scenarios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/geospatial-scenarios.md
@@ -1,8 +1,8 @@
--- title: Geofencing and geospatial aggregation with Azure Stream Analytics description: This article describes how to use Azure Stream Analytics for geofencing and geospatial aggregation.
-author: mamccrea
-ms.author: mamccrea
+author: krishna0815
+ms.author: krishmam
ms.service: stream-analytics ms.topic: how-to ms.date: 04/02/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/internal-error-codes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/internal-error-codes.md
@@ -1,8 +1,8 @@
--- title: Troubleshoot with Azure Stream Analytics error codes description: Troubleshoot Azure Stream Analytics issues with internal error codes.
-ms.author: mamccrea
-author: mamccrea
+ms.author: sidram
+author: sidramadoss
ms.topic: troubleshooting ms.date: 05/07/2020 ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/job-config-json https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/job-config-json.md
@@ -1,8 +1,8 @@
--- title: Azure Stream Analytics JobConfig.json fields description: This article lists the supported fields for the Azure Stream Analytics JobConfig.json file used to create jobs in Visual Studio Code.
-author: mamccrea
-ms.author: mamccrea
+author: su-jie
+ms.author: sujie
ms.service: stream-analytics ms.topic: how-to ms.date: 02/14/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/job-states https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/job-states.md
@@ -1,9 +1,9 @@
--- title: Azure Stream Analytics job states description: This article describes the four different states of a Stream Analytics job; running, stopped, degraded, and failed.
-author: sidram
+author: sidramadoss
ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: conceptual ms.date: 06/21/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/machine-learning-udf https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/machine-learning-udf.md
@@ -1,9 +1,9 @@
--- title: Integrate Azure Stream Analytics with Azure Machine Learning description: This article describes how to integrate an Azure Stream Analytics job with Azure Machine Learning models.
-author: sidram
+author: sidramadoss
ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: conceptual ms.date: 12/21/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/manage-jobs-cluster https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/manage-jobs-cluster.md
@@ -3,7 +3,7 @@ title: Create and delete jobs in an Azure Stream Analytics cluster
description: Learn how to managed Stream Analytics jobs in an Azure Stream Analytics cluster author: sidramadoss ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: overview ms.custom: mvc
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/on-azure-stack https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/on-azure-stack.md
@@ -2,9 +2,9 @@
title: Run Azure Stream Analytics on Azure Stack (Preview) description: Create an Azure Stream Analytics edge job and deploy it to Azure Stack hub via the IoT Edge runtime. ms.service: stream-analytics
-author: raan
+author: an-emma
ms.author: raan
-ms.reviewer: mamccrea
+ ms.topic: how-to ms.date: 08/21/2020 ms.custom: seodec18
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/policy-reference.md
@@ -3,8 +3,8 @@ title: Built-in policy definitions for Azure Stream Analytics
description: Lists Azure Policy built-in policy definitions for Azure Stream Analytics. These built-in policy definitions provide common approaches to managing your Azure resources. ms.date: 11/20/2020 ms.topic: reference
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.custom: subject-policy-reference ---
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/power-bi-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/power-bi-output.md
@@ -1,9 +1,8 @@
--- title: Power BI output from Azure Stream Analytics description: This article describes how to output data from Azure Stream Analytics to Power BI.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 08/25/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/private-endpoints https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/private-endpoints.md
@@ -3,7 +3,7 @@ title: Create and delete private endpoints in an Azure Stream Analytics cluster
description: Learn how to managed private endpoints in an Azure Stream Analytics cluster. author: sidramadoss ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: overview ms.custom: mvc
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/quick-create-azure-cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/quick-create-azure-cli.md
@@ -3,8 +3,8 @@ title: Quickstart - Create an Azure Stream Analytics job using the Azure CLI
description: This quickstart shows how to use the Azure CLI to create an Azure Stream Analytics job. services: stream-analytics ms.service: stream-analytics
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.reviewer: jasonh ms.workload: big-data ms.topic: quickstart
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/quick-create-azure-resource-manager https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/quick-create-azure-resource-manager.md
@@ -3,9 +3,8 @@ title: Quickstart - Create an Azure Stream Analytics job by Azure Resource Manag
description: This quickstart shows how to use the Azure Resource Manager template to create an Azure Stream Analytics job. services: stream-analytics ms.service: stream-analytics
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: jasonh
+author: sidramadoss
+ms.author: sidram
ms.workload: big-data ms.topic: quickstart ms.custom: mvc, subject-armqs
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/quick-create-visual-studio-code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/quick-create-visual-studio-code.md
@@ -2,8 +2,8 @@
title: Quickstart - Create an Azure Stream Analytics job in Visual Studio Code description: This quickstart shows you how to get started by creating a Stream Analytics job, configuring inputs and outputs, and defining a query with Visual Studio Code. ms.service: stream-analytics
-author: mamccrea
-ms.author: mamccrea
+author: su-jie
+ms.author: sujie
ms.date: 01/18/2020 ms.topic: quickstart ms.custom: mvc
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/repartition https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/repartition.md
@@ -2,8 +2,8 @@
title: Use repartitioning to optimize Azure Stream Analytics jobs description: This article describes how to use repartitioning to optimize Azure Stream Analytics jobs that cannot be parallelized. ms.service: stream-analytics
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.date: 09/19/2019 ms.topic: conceptual ms.custom: mvc
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/resource-manager-export https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/resource-manager-export.md
@@ -2,8 +2,8 @@
title: Export an Azure Stream Analytics job Azure Resource Manager template description: This article describes how to export an Azure Resource Manager template for your Azure Stream Analytics job. services: stream-analytics
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: how-to ms.date: 03/10/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/scale-cluster https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/scale-cluster.md
@@ -3,7 +3,6 @@ title: Resize an Azure Stream Analytics cluster
description: Learn how to scale up and down the size of an Azure Stream Analytics cluster. author: sidramadoss ms.author: sidram
-ms.reviewer: mamccrea
ms.service: stream-analytics ms.topic: overview ms.custom: mvc
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/security-controls-policy.md
@@ -3,8 +3,8 @@ title: Azure Policy Regulatory Compliance controls for Azure Stream Analytics
description: Lists Azure Policy Regulatory Compliance controls available for Azure Stream Analytics. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. ms.date: 11/20/2020 ms.topic: sample
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.custom: subject-policy-compliancecontrols ---
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/service-bus-queues-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/service-bus-queues-output.md
@@ -1,9 +1,8 @@
--- title: Service Bus queues output from Azure Stream Analytics description: This article describes Service Bus queues as output for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 09/23/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/service-bus-topics-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/service-bus-topics-output.md
@@ -1,9 +1,8 @@
--- title: Service Bus topics output from Azure Stream Analytics description: This article describes Service Bus topics as output for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 09/23/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/set-up-cicd-pipeline https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/set-up-cicd-pipeline.md
@@ -4,7 +4,7 @@ description: This article describes how to set up a continuous integration and d
services: stream-analytics author: su-jie ms.author: sujie
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 09/10/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/sql-database-output-managed-identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/sql-database-output-managed-identity.md
@@ -1,8 +1,8 @@
--- title: Use managed identities to access Azure SQL Database or Azure Synapse Analytics - Azure Stream Analytics description: This article describes how to use managed identities to authenticate your Azure Stream Analytics job to Azure SQL Database or Azure Synapse Analytics output.
-author: mamccrea
-ms.author: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 11/30/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/sql-database-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/sql-database-output.md
@@ -1,9 +1,8 @@
--- title: Azure SQL Database output from Azure Stream Analytics description: This article describes Azure SQL Database as output for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 08/25/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/sql-reference-data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/sql-reference-data.md
@@ -1,9 +1,8 @@
--- title: Use SQL Database reference data in an Azure Stream Analytics job description: This article describes how to use a SQL Database as reference data input for an Azure Stream Analytics job in the Azure portal and in Visual Studio.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 01/29/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/start-job https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/start-job.md
@@ -1,9 +1,8 @@
--- title: How to start an Azure Stream Analytics job description: This article describes how to start a Stream Analytics job from Azure portal, PowerShell, and Visual Studio.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 04/03/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-add-inputs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-add-inputs.md
@@ -3,7 +3,6 @@ title: Understand inputs for Azure Stream Analytics
description: This article describe the concept of inputs in an Azure Stream Analytics job, comparing streaming input to reference data input. author: jseb225 ms.author: krishmam
-ms.reviewer: mamccrea
ms.service: stream-analytics ms.topic: conceptual ms.date: 10/29/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-autoscale https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-autoscale.md
@@ -3,7 +3,7 @@ title: Autoscale Stream Analytics jobs
description: This article describes how to autoscale Stream Analytics job based on a predefined schedule or values of job metrics author: sidramadoss ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 06/03/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-build-an-iot-solution-using-stream-analytics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-build-an-iot-solution-using-stream-analytics.md
@@ -1,9 +1,8 @@
--- title: Build an IoT solution by using Azure Stream Analytics description: Getting-started tutorial for the Stream Analytics IoT solution of a tollbooth scenario
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 12/06/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-cicd-api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-cicd-api.md
@@ -1,9 +1,8 @@
--- title: Use REST APIs to do CI/CD for Azure Stream Analytics on IoT Edge description: Learn how to implement a continuous integration and deployment pipeline for Azure Stream Analytics using REST APIs.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: su-jie
+ms.author: sujie
ms.service: stream-analytics ms.topic: how-to ms.date: 12/04/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-clean-up-your-job https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-clean-up-your-job.md
@@ -1,9 +1,8 @@
--- title: Clean up your Azure Stream Analytics job description: This article shows you different methods for deleting your Azure Stream Analytics jobs.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 06/21/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-compatibility-level https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-compatibility-level.md
@@ -1,8 +1,8 @@
--- title: Azure Stream Analytics compatibility levels description: Learn how to set a compatibility level for an Azure Stream Analytics job and major changes in the latest compatibility level
-author: mamccrea
-ms.author: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 03/10/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-concepts-checkpoint-replay https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-concepts-checkpoint-replay.md
@@ -1,9 +1,8 @@
--- title: Checkpoint and replay recovery concepts in Azure Stream Analytics description: This article describes checkpoint and replay job recovery concepts in Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: conceptual ms.date: 12/06/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-custom-path-patterns-blob-storage-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-custom-path-patterns-blob-storage-output.md
@@ -1,9 +1,8 @@
--- title: Azure Stream Analytics custom blob output partitioning description: This article describes the custom DateTime path patterns and the custom field or attributes features for blob storage output from Azure Stream Analytics jobs.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 12/15/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-define-inputs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-define-inputs.md
@@ -1,9 +1,8 @@
--- title: Stream data as input into Azure Stream Analytics description: Learn about setting up a data connection in Azure Stream Analytics. Inputs include a data stream from events, and also reference data.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 10/28/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-define-outputs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-define-outputs.md
@@ -1,9 +1,8 @@
--- title: Outputs from Azure Stream Analytics description: This article describes data output options available for Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.custom: contperf-fy21q1
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-documentdb-output https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-documentdb-output.md
@@ -1,9 +1,8 @@
--- title: Azure Stream Analytics output to Azure Cosmos DB description: This article describes how to use Azure Stream Analytics to save output to Azure Cosmos DB for JSON output, for data archiving and low-latency queries on unstructured JSON data.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 02/2/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-dotnet-management-sdk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-dotnet-management-sdk.md
@@ -3,7 +3,7 @@ title: Management .NET SDK for Azure Stream Analytics
description: Get started with Stream Analytics Management .NET SDK. Learn how to set up and run analytics jobs. Create a project, inputs, outputs, and transformations. author: jseb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 12/06/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-edge-csharp-udf-methods https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-edge-csharp-udf-methods.md
@@ -1,8 +1,8 @@
--- title: Develop .NET Standard functions for Azure Stream Analytics jobs (Preview) description: Learn how to write C# user-defined functions for Stream Analytics jobs.
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: conceptual ms.date: 09/10/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-edge-csharp-udf https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-edge-csharp-udf.md
@@ -1,9 +1,8 @@
--- title: Tutorial - Write C# user defined functions for Azure Stream Analytics jobs in Visual Studio (Preview) description: This tutorial shows how to write c# user defined functions for Stream Analytics jobs in Visual Studio.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: tutorial ms.date: 12/06/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-edge https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-edge.md
@@ -2,9 +2,8 @@
title: Azure Stream Analytics on IoT Edge description: Create edge jobs in Azure Stream Analytics and deploy them to devices running Azure IoT Edge. ms.service: stream-analytics
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: an-emma
+ms.author: raan
ms.topic: conceptual ms.date: 12/18/2020 ms.custom: contperf-fy21q2
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-geospatial-functions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-geospatial-functions.md
@@ -1,9 +1,8 @@
--- title: Introduction to Azure Stream Analytics geospatial functions description: This article describes geospatial functions that are used in Azure Stream Analytics jobs.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: krishna0815
+ms.author: krishmam
ms.service: stream-analytics ms.topic: conceptual ms.date: 12/06/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-get-started-with-azure-stream-analytics-to-process-data-from-iot-devices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-get-started-with-azure-stream-analytics-to-process-data-from-iot-devices.md
@@ -1,9 +1,8 @@
--- title: Process real-time IoT data streams with Azure Stream Analytics description: IoT sensor tags and data streams with stream analytics and real-time data processing
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 11/26/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-high-frequency-trading https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-high-frequency-trading.md
@@ -1,9 +1,8 @@
--- title: High-frequency trading using Azure Stream Analytics description: How to perform linear regression model training and scoring in an Azure Stream Analytics job.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 12/07/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-how-to-configure-azure-machine-learning-endpoints-in-stream-analytics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-how-to-configure-azure-machine-learning-endpoints-in-stream-analytics.md
@@ -3,7 +3,7 @@ title: Use Azure Machine Learning Studio (classic) endpoints in Azure Stream Ana
description: This article describes how to use Machine Language user defined functions in Azure Stream Analytics. author: jseb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 06/11/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-introduction.md
@@ -1,9 +1,8 @@
--- title: Introduction to Azure Stream Analytics description: Learn about Azure Stream Analytics, a managed service that helps you analyze streaming data from the Internet of Things (IoT) in real time.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: overview ms.custom: mvc, contperf-fy21q2
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-javascript-user-defined-aggregates https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-javascript-user-defined-aggregates.md
@@ -3,7 +3,7 @@ title: JavaScript user-defined aggregates in Azure Stream Analytics
description: This article describes how to perform advanced query mechanics with JavaScript user-defined aggregates in Azure Stream Analytics. author: rodrigoaatmicrosoft ms.author: rodrigoa
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: conceptual ms.date: 10/28/2017
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-javascript-user-defined-functions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-javascript-user-defined-functions.md
@@ -5,7 +5,7 @@ author: rodrigoaatmicrosoft
ms.author: rodrigoa ms.service: stream-analytics ms.topic: tutorial
-ms.reviewer: mamccrea
+ ms.custom: mvc, devx-track-js ms.date: 12/15/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-job-diagnostic-logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-job-diagnostic-logs.md
@@ -3,7 +3,7 @@ title: Troubleshoot Azure Stream Analytics using resource logs
description: This article describes how to analyze resource logs in Azure Stream Analytics. author: jseb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: troubleshooting ms.custom: contperf-fy21q1
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-job-diagram-with-metrics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-job-diagram-with-metrics.md
@@ -3,7 +3,7 @@ title: Data-driven debugging in Azure Stream Analytics
description: This article describes how to troubleshoot your Azure Stream Analytics job by using the job diagram and metrics in the Azure portal. author: jseb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 05/01/2017
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-job-reliability https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-job-reliability.md
@@ -3,7 +3,7 @@ title: Avoid service interruptions in Azure Stream Analytics jobs
description: This article describes guidance on making your Stream Analytics jobs upgrade resilient. author: jseb225 ms.author: sidram
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 06/21/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-live-data-local-testing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-live-data-local-testing.md
@@ -1,9 +1,8 @@
--- title: Test live data with Azure Stream Analytics for Visual Studio description: Learn how to test your Azure Stream Analytics job locally using live streaming data.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: ajetasin
+ms.author: ajetasi
ms.service: stream-analytics ms.topic: how-to ms.date: 12/07/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-login-credentials-inputs-outputs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-login-credentials-inputs-outputs.md
@@ -1,9 +1,8 @@
--- title: Rotate login credentials in Azure Stream Analytics jobs description: This article describes how to update the credentials of inputs and output sinks in Azure Stream Analytics jobs.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 06/21/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-machine-learning-anomaly-detection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-machine-learning-anomaly-detection.md
@@ -1,9 +1,8 @@
--- title: Anomaly detection in Azure Stream Analytics description: This article describes how to use Azure Stream Analytics and Azure Machine Learning together to detect anomalies.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: krishna0815
+ms.author: krishmam
ms.service: stream-analytics ms.topic: how-to ms.date: 06/21/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-machine-learning-integration-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-machine-learning-integration-tutorial.md
@@ -1,9 +1,8 @@
--- title: Azure Stream Analytics integration with Azure Machine Learning Studio (classic) description: This article describes how to quickly set up a simple Azure Stream Analytics job that integrates Azure Machine Learning Studio (classic), using a user-defined function.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: krishna0815
+ms.author: krishmam
ms.service: stream-analytics ms.topic: how-to ms.date: 08/12/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-managed-identities-adls https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-managed-identities-adls.md
@@ -1,8 +1,8 @@
--- title: Authenticate Azure Stream Analytics to Azure Data Lake Storage Gen1 description: This article describes how to use managed identities to authenticate your Azure Stream Analytics job to Azure Data Lake Storage Gen1 output.
-author: mamccrea
-ms.author: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: how-to ms.date: 04/08/2019
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-monitor-and-manage-jobs-use-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-monitor-and-manage-jobs-use-powershell.md
@@ -3,7 +3,7 @@ title: Monitor and manage Azure Stream Analytics jobs with PowerShell
description: This article describes how to use Azure PowerShell and cmdlets to monitor and manage Azure Stream Analytics jobs. author: jseb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 03/28/2017
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-monitor-jobs-use-vs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-monitor-jobs-use-vs.md
@@ -3,7 +3,7 @@ title: Monitor and manage Azure Stream Analytics with Visual Studio
description: This article describes how to use Visual Studio to monitor and manage Azure Stream Analytics jobs. author: su-jie ms.author: sujie
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 12/07/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-monitor-jobs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-monitor-jobs.md
@@ -3,7 +3,7 @@ title: Monitor and manage Azure Stream Analytics jobs programmatically
description: This article describes how to programmatically monitor Stream Analytics jobs created via REST APIs, Azure SDK, or PowerShell. author: jseb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 04/20/2017
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-monitoring https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-monitoring.md
@@ -1,9 +1,8 @@
--- title: Understand job monitoring in Azure Stream Analytics description: This article describes how to monitor Azure Stream Analytics jobs in the Azure portal.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.service: stream-analytics ms.topic: how-to ms.date: 06/21/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-output-error-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-output-error-policy.md
@@ -1,9 +1,8 @@
--- title: Output error policies in Azure Stream Analytics description: Learn about the output error handling policies available in Azure Stream Analytics.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 12/04/2018
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-parallelization https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-parallelization.md
@@ -3,7 +3,7 @@ title: Use query parallelization and scale in Azure Stream Analytics
description: This article describes how to scale Stream Analytics jobs by configuring input partitions, tuning the query definition, and setting job streaming units. author: JSeb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: conceptual ms.date: 05/04/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-parsing-json https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-parsing-json.md
@@ -2,8 +2,8 @@
title: Parsing JSON and AVRO in Azure Stream Analytics description: This article describes how to operate on complex data types like arrays, JSON, CSV formatted data. ms.service: stream-analytics
-author: mamccrea
-ms.author: mamccrea
+author: sidramadoss
+ms.author: sidram
ms.topic: conceptual ms.date: 01/29/2020 ms.custom: devx-track-js
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-power-bi-dashboard https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-power-bi-dashboard.md
@@ -3,7 +3,7 @@ title: Power BI dashboard integration with Azure Stream Analytics
description: This article describes how to use a real-time Power BI dashboard to visualize data out of an Azure Stream Analytics job. author: jseb225 ms.author: jeanb
-ms.reviewer: mamccrea
+ ms.service: stream-analytics ms.topic: how-to ms.date: 11/16/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-previews https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-previews.md
@@ -1,9 +1,8 @@
--- title: Azure Stream Analytics preview features description: This article lists the Azure Stream Analytics features that are currently in preview.
-author: mamccrea
-ms.author: mamccrea
-ms.reviewer: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.service: stream-analytics ms.topic: conceptual ms.date: 8/07/2020
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-quick-create-portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-quick-create-portal.md
@@ -1,8 +1,8 @@
--- title: Quickstart - Create a Stream Analytics job by using the Azure portal description: This quickstart shows you how to get started by creating a Stream Analytic job, configuring inputs, outputs, and defining a query.
-author: mamccrea
-ms.author: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.date: 06/21/2019 ms.topic: quickstart ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-quick-create-powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-quick-create-powershell.md
@@ -1,8 +1,8 @@
--- title: Quickstart - Create a Stream Analytics job using Azure PowerShell description: This quickstart demonstrates how to use the Azure PowerShell module to deploy and run an Azure Stream Analytics job.
-author: mamccrea
-ms.author: mamccrea
+author: enkrumah
+ms.author: ebnkruma
ms.date: 12/20/2018 ms.topic: quickstart ms.service: stream-analytics
stream-analytics https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-quick-create-vs