+ * **API-driven Inbound User Provisioning to On-Premises AD**: Select this app if you're provisioning hybrid identities (identities that need both on-premises AD and Microsoft Entra account) from your system of record. Once these accounts are provisioned in on-premises AD, they are automatically synchronized to your Microsoft Entra tenant using Microsoft Entra Connect Sync or Microsoft Entra Connect cloud sync.

+- Using the same agent for the on-premises provisioning feature along with Workday / SuccessFactors / Microsoft Entra Connect cloud sync is currently unsupported. We are actively working to support on-premises provisioning on the same agent as the other provisioning scenarios.

+This article lists the versions and features of Microsoft Entra Connect Provisioning Agent that have been released. The Microsoft Entra team regularly updates the Provisioning Agent with new features and functionality. Please ensure that you do not use the same agent for on-premises provisioning and cloud sync / HR-driven provisioning.

+1. Browse to **Identity** > **Hybrid management** > **Microsoft Entra Connect** > **Cloud sync** > **Agents**.

+ > Please use different provisioning agents for on-premises application provisioning and Microsoft Entra Connect cloud sync / HR-driven provisioning. All three scenarios should not be managed on the same agent.

+1. Browse to **Identity** > **Hybrid management** > **Microsoft Entra Connect** > **Cloud sync** > **Agents**.

+ >Please use different provisioning agents for on-premises application provisioning and Microsoft Entra Connect cloud sync / HR-driven provisioning. All three scenarios should not be managed on the same agent.

+1. Browse to **Identity** > **Hybrid management** > **Microsoft Entra Connect** > **Cloud sync**.

+For more information, see [Custom attribute mapping in Microsoft Entra Connect cloud sync](../hybrid/cloud-sync/custom-attribute-mapping.md)

+Identify the accounts to be migrated to Microsoft Entra B2B. External identities in Active Directory are identifiable with an attribute-value pair. For example, making ExtensionAttribute15 = `External` for external users. If these users are set up with Microsoft Entra Connect Sync or Microsoft Entra Connect cloud sync, configure synced external users to have the `UserType` attributes set to `Guest`. If the users are set up as cloud-only accounts, you can modify user attributes. Primarily, identify users to convert to B2B.

+2. Microsoft Entra Connect cloud sync provisions the user into Microsoft Entra ID, which enables the user to access SharePoint Online and their OneDrive files.

+| 1 |Users, groups| AD DS| Microsoft Entra ID| [Microsoft Entra Connect cloud sync](../hybrid/cloud-sync/what-is-cloud-sync.md) |

+2. Evaluate [Microsoft Entra Connect cloud sync](../hybrid/cloud-sync/what-is-cloud-sync.md) for synchronization between AD DS and Microsoft Entra ID

+* The Microsoft Entra Connect wizard logs data to `\ProgramData\AADConnect`. Each time the wizard is invoked, a timestamped trace log file is created. The trace log can be imported into Sentinel or other 3<sup data-htmlnode="">rd</sup> party security information and event management (SIEM) tools for analysis.

+The Multi-Factor Auth ADSync service is a Windows service that performs the periodic polling of Active Directory. This is not to be confused with Azure AD Sync or Microsoft Entra Connect. The Multi-Factor Auth ADSync, although built on a similar code base, is specific to the Azure Multi-Factor Authentication Server. It is installed in a Stopped state and is started by the Multi-Factor Auth Server service when configured to run. If you have a multi-server Multi-Factor Auth Server configuration, the Multi-Factor Auth ADSync may only be run on a single server.

+ - *Success*: Indicates that a user was throttled from performing any additional resets, attempting any additional authentication methods, or validating any additional phone numbers for the next 24 hours.

+ - *Success*: Indicates that a user successfully changed their password.

+ - *Failure*: Indicates that a user failed to change their password. You can select the row to see the **Activity status reason** category to learn more about why the failure occurred.

+ - *FuzzyPolicyViolationInvalidPassword*: The user selected a password that was automatically banned because the Microsoft Banned Password Detection capabilities found it to be too common or especially weak.

+ - *Success*: Indicates that an admin successfully reset a user's password.

+ - *Failure*: Indicates that an admin failed to change a user's password. You can select the row to see the **Activity status reason** category to learn more about why the failure occurred.

+* **Activity additional details OnPremisesAgent**:

+ - *None*: Indicates cloud-only reset.

+ - *Microsoft Entra Connect*: Indicates password was reset on-premises via Microsoft Entra Connect writeback agent.

+ - *CloudSync*: Indicates password was reset on-premises via Microsoft Entra CloudSync writeback agent.

+ - *Success*: Indicates that a user successfully reset their own password.

+ - *Failure*: Indicates that a user failed to reset their own password. You can select the row to see the **Activity status reason** category to learn more about why the failure occurred.

+ - *FuzzyPolicyViolationInvalidPassword*: The admin selected a password that was automatically banned because the Microsoft Banned Password Detection capabilities found it to be too common or especially weak.

+ - *Success*: Indicates that a user successfully completed a specific step of the password reset flow.

+ - *Failure*: Indicates that a specific step of the password reset flow failed. You can select the row to see the **Activity status reason** category to learn more about why the failure occurred.

+ - *Success*: Indicates that a user successfully unlocked their own account.

+ - *Failure*: Indicates that a user failed to unlock their account. You can select the row to see the **Activity status reason** category to learn more about why the failure occurred.

+ - *Success*: Indicates that a user successfully registered for password reset in accordance with the current policy.

+ - *Failure*: Indicates that a user failed to register for password reset. You can select the row to see the **Activity status reason** category to learn more about why the failure occurred.

+For Azure AD Connect version *1.1.443.0* and above, *outbound HTTPS* access is required to the following addresses:

+> The Microsoft Azure Management application applies to [Azure PowerShell](/powershell/azure/what-is-azure-powershell), which calls the [Azure Resource Manager API](../../azure-resource-manager/management/overview.md). It does not apply to [Microsoft Graph PowerShell](/powershell/microsoftgraph/overview), which calls the [Microsoft Graph API](/graph/overview).

+### Public Preview - Azure AD Connect cloud sync new user experience

+**Type:** Changed feature

+**Service category:** Azure AD Connect cloud sync

+**Product capability:** Identity Governance

+Try out the new guided experience for syncing objects from AD to Azure AD using Azure AD Connect cloud sync in Azure portal. With this new experience, Hybrid Identity Administrators can easily determine which sync engine to use for their scenarios and learn more about the various options they have with our sync solutions. With a rich set of tutorials and videos, customers are able to learn everything about Azure AD Connect cloud sync in one single place.

+- [Azure AD Connect cloud sync insights workbook](../hybrid/cloud-sync/how-to-cloud-sync-workbook.md)

+### Public Preview - Support for Directory Extensions using Azure AD Connect cloud sync

+**Product capability:** Azure AD Connect cloud sync

+Hybrid IT Admins now can sync both Active Directory and Azure AD Directory Extensions using Azure AD cloud sync. This new capability adds the ability to dynamically discover the schema for both Active Directory and Azure AD, allowing customers to map the needed attributes using the attribute mapping experience of Azure AD Connect cloud sync.

+For more information on how to enable this feature, see [Directory extensions and custom attribute mapping in Azure AD Connect cloud sync](../hybrid/cloud-sync/custom-attribute-mapping.md)

+**Type:** Plan for change

+**Service category:** Provisioning

+**Product capability:** Azure AD Connect cloud sync

+Microsoft stops support for Azure AD provisioning agent with versions 1.1.818.0 and below starting Feb 1,2023. If you're using Azure AD Connect cloud sync, make sure you have the latest version of the agent. You can view info about the agent release history [here](../app-provisioning/provisioning-agent-release-version-history.md). You can download the latest version [here](https://download.msappproxy.net/Subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/Connector/provisioningAgentInstaller)

+> Azure Active Directory Connect follows the [Modern Lifecycle Policy](/lifecycle/policies/modern). Changes for products and services under the Modern Lifecycle Policy may be more frequent and require customers to be alert for forthcoming modifications to their product or service.

+**Type:** New feature

+**Service category:** Azure AD Connect cloud sync

+**Product capability:** Identity Lifecycle Management

+Password writeback in Azure AD Connect cloud sync now provides customers the ability to synchronize Azure AD password changes made in the cloud to an on-premises directory in real time. This can be accomplished using the lightweight Azure AD cloud provisioning agent. For more information, see: [Tutorial: Enable cloud sync self-service password reset writeback to an on-premises environment](../authentication/tutorial-enable-cloud-sync-sspr-writeback.md).

+Accidental deletion of users in any system could be disastrous. WeΓÇÖre excited to announce the general availability of the accidental deletions prevention capability as part of the Azure AD provisioning service. When the number of deletions to be processed in a single provisioning cycle spikes above a customer defined threshold the following will happen. The Azure AD provisioning service pauses, provide you with visibility into the potential deletions, and allow you to accept or reject the deletions. This functionality has historically been available for Azure AD Connect, and Azure AD Connect cloud sync. It's now available across the various provisioning flows, including both HR-driven provisioning and application provisioning.

+### General Availability - SSPR writeback is now available for disconnected forests using Azure AD Connect cloud sync

+**Type:** New feature

+**Service category:** Azure AD Connect cloud sync

+**Product capability:** Identity Lifecycle Management

+Password writeback in Azure AD Connect cloud sync now provides customers the ability to synchronize Azure AD password changes made in the cloud to an on-premises directory in real time. This can be accomplished using the lightweight Azure AD cloud provisioning agent. For more information, see: [Tutorial: Enable cloud sync self-service password reset writeback to an on-premises environment](../authentication/tutorial-enable-cloud-sync-sspr-writeback.md).

+Accidental deletion of users in any system could be disastrous. WeΓÇÖre excited to announce the general availability of the accidental deletions prevention capability as part of the Azure AD provisioning service. When the number of deletions to be processed in a single provisioning cycle spikes above a customer defined threshold, the Azure AD provisioning service pauses, provide you with visibility into the potential deletions, and allow you to accept or reject the deletions. This functionality has historically been available for Azure AD Connect, and Azure AD Connect cloud sync. It's now available across the various provisioning flows, including both HR-driven provisioning and application provisioning.

+**Type:** New feature

+**Service category:** Provisioning

+**Product capability:** Azure AD Connect cloud sync

+Hybrid IT Admins now can sync both Active Directory and Azure AD Directory Extensions using Azure AD Connect cloud sync. This new capability adds the ability to dynamically discover the schema for both Active Directory and Azure AD, allowing customers to map the needed attributes using the attribute mapping experience of cloud sync.

+For more information on how to enable this feature, see [Directory extensions and custom attribute mapping in cloud sync](../hybrid/cloud-sync/custom-attribute-mapping.md)

+### General Availability - Support for Directory Extensions using Azure AD cloud sync

+**Type:** New feature

+**Service category:** Provisioning

+**Product capability:** Azure AD Connect cloud sync

+Hybrid IT Admins can now sync both Active Directory and Azure AD Directory Extensions using Azure AD Connect cloud sync. This new capability adds the ability to dynamically discover the schema for both Active Directory and Azure Active Directory, thereby, allowing customers to map the needed attributes using the attribute mapping experience of cloud sync. For more information, see [Directory extensions and custom attribute mapping in cloud sync](../hybrid/cloud-sync/custom-attribute-mapping.md).

+|Attribute|Type|Supported in HR Inbound Provisioning|Support in Microsoft Entra Connect cloud sync|Support in Microsoft Entra Connect Sync|

+ 1. Select **Manage Microsoft Entra Connect cloud sync**.

+# Cloud sync directory extensions and custom attribute mapping

+Using cloud sync and Microsoft Entra Connect|Create extensions using Microsoft Entra Connect|[Create an extension attribute using Microsoft Entra Connect](../../app-provisioning/user-provisioning-sync-attributes-for-mapping.md#create-an-extension-attribute-using-azure-ad-connect)|

+ Title: 'Microsoft Entra Connect cloud sync insights workbook'

+# Microsoft Entra Connect cloud sync insights workbook

+- [Synchronization API](/graph/api/resources/synchronization-overview?view=graph-rest-beta&preserve-view=true)

+- Domain Administrator or Enterprise Administrator credentials to create the Microsoft Entra Connect cloud sync gMSA (group managed service account) to run the agent service.

+This error isn't related to the [accidental deletions prevention feature](../cloud-sync/how-to-accidental-deletes.md) of Microsoft Entra Connect cloud sync. It's triggered by the [accidental deletion prevention feature](../connect/how-to-connect-sync-feature-prevent-accidental-deletes.md) set in the Microsoft Entra directory from Microsoft Entra Connect.

+If you don't have a Microsoft Entra Connect server installed from which you could toggle the feature, you can use the ["AADCloudSyncTools"](../cloud-sync/reference-powershell.md) PowerShell module installed with the Microsoft Entra Connect cloud sync agent to disable the setting on the tenant and allow the blocked deletions to export after confirming they are expected and should be allowed. Use the following command:

+ Since the second forest doesn't have network connectivity to the Microsoft Entra Connect server, the object can't be merged through Microsoft Entra Connect. Cloud sync in the second forest allows the attribute value to be retrieved from the second forest. The value can then be merged with the object in Microsoft Entra ID that is synced by Microsoft Entra Connect.

+ 1. You must use `msdsConsistencyGuid` as the source anchor in the cloud sync configuration.

+ 4. You must remove all attributes from the attribute mapping in the cloud sync configuration that don't have a value or may have a different value in the second forest ΓÇô you can't have overlapping attribute mappings between the first forest and the second one.

+ 5. If there's no matching object in the first forest, for an object that is synced from the second forest, then cloud sync will still create the object in Microsoft Entra ID. The object will only have the attributes that are defined in the mapping configuration of cloud sync for the second forest.

+|HybridIdentityServiceNoActiveAgents|Error Message: We're unable to find an active agent for the domain you're trying to sync. Please check to see if the agent is running by going to the server, where the agent is installed, and check to see if **Microsoft Entra Connect cloud sync agent** under Services is running.|"Agents aren't listening to the ServiceBus endpoint. [The agent is behind a firewall that doesn't allow connections to service bus](../../app-proxy/application-proxy-configure-connectors-with-proxy-servers.md#use-the-outbound-proxy-server)|

+This cmdlet requires `TenantId` of the Microsoft Entra tenant. It will verify if Accidental Deletion Prevention feature, set on the tenant with Microsoft Entra Connect (ADSync, not cloud sync), is enabled and disables it.

+- You can sync users & groups from the same domain using Connect Sync and cloud sync if:

+- You can sync users & groups using Connect Sync while using cloud syncΓÇÖs net new capabilities (*called out in Roadmap)

+ 1. Verify which version you should install. Most customers no longer need Microsoft Entra Connect and can now use [Microsoft Entra Connect cloud sync](../cloud-sync/what-is-cloud-sync.md). Cloud sync is the next generation of sync tools to provision users and groups from AD into Microsoft Entra ID. It features a lightweight agent and is fully managed from the cloud ΓÇô and it upgrades to newer versions automatically, so you never have to worry about upgrading again!

+ 2. If you're not yet eligible for Microsoft Entra Connect cloud sync, please follow this [link to download](https://www.microsoft.com/download/details.aspx?id=47594) and install the latest version of Microsoft Entra Connect. In most cases, upgrading to the latest version will only take a few moments. For more information, see [Upgrading Microsoft Entra Connect from a previous version.](how-to-upgrade-previous-version.md).

+- [Microsoft Entra Connect cloud sync](../cloud-sync/what-is-cloud-sync.md)

+> The group writeback functionality is currently in Public Preview as we are collecting customer feedback and telemetry. Please refer to [the limitations](#understand-limitations-of-public-preview) before you enable this functionality. You should not deploy the functionality to write back security groups in your production environment. We are planning to replace the AADConnect security group writeback functionality with the new cloud sync group writeback feature, and when this releases we will remove the AADConnect Group Writeback functionality. This does not impact M365 group writeback functionality, which will remain unchanged.

+ Title: Connectors in the Microsoft Entra Connect Sync Service Manager UI'

+description: Understand the Connectors tab in the Service Manager for Microsoft Entra Connect Sync.

+

+> [!IMPORTANT]

+> Microsoft Entra Connect cloud sync is a new offering from Microsoft designed to meet and accomplish your hybrid identity goals for synchronization of users, groups, and contacts to Microsoft Entra ID. It accomplishes this by using the Microsoft Entra cloud provisioning agent instead of the Microsoft Entra Connect application. Microsoft Entra Connect cloud sync is replacing Microsoft Entra Connect Sync, which will be retired after cloud sync has full functional parity with Microsoft Entra Connect Sync. The remainder of this article is about Microsoft Entra Connect Sync, but we encourage customers to review the features and advantages of cloud sync before deploying AADConnect sync.

+> To find out if you are already eligible for cloud sync, please verify your requirements in [this wizard](https://admin.microsoft.com/adminportal/home?Q=setupguidance#/modernonboarding/identitywizard).

+> To learn more about cloud sync, please read [this article](../cloud-sync/what-is-cloud-sync.md), or watch this [short video](https://www.microsoft.com/videoplayer/embed/RWJ8l5).

+> It's important that you keep your servers current with the latest releases of Microsoft Entra Connect. We are constantly making upgrades to Microsoft Entra Connect, and these upgrades include fixes to security issues and bugs, as well as serviceability, performance, and scalability improvements.

+Any versions older than Microsoft Entra Connect V2 are currently deprecated, see [Introduction to Microsoft Entra Connect V2](whatis-azure-ad-connect-v2.md) for more information. It's currently supported to upgrade from any version of Microsoft Entra Connect to the current version. In-place upgrades of DirSync or ADSync aren't supported, and a swing migration is required. If you want to upgrade from DirSync, see [Upgrade from Azure AD Sync tool (DirSync)](how-to-dirsync-upgrade-get-started.md) or the [Swing migration](#swing-migration) section.

+- Adding support for permission granting on Group Writeback in the Microsoft Entra Connect installation wizard

+* Fixed an issue that causes Device writeback feature to automatically be disabled when an administrator is updating Microsoft Entra Connect Sync configuration using Microsoft Entra Connect wizard. This issue is caused by the wizard performing a pre-requisite check for the existing Device writeback configuration in on-premises AD and the check fails. The fix is to skip the check if Device writeback is already enabled previously.

+* Destination folder for storing Microsoft Entra Connect installation and setup logs has been moved from `%localappdata%\AADConnect` to `%programdata%\AADConnect` to improve accessibility to the log files.

+> Azure AD Connect v1.6.xx.x uses the Active Directory Authentication Library (ADAL). The ADAL is being deprecated and support will end in June 2022. We recommend that you upgrade to the latest version of [Microsoft Entra Connect v2](whatis-azure-ad-connect-v2.md).

+For errors related to installation, check the Microsoft Entra Connect logs at `%ProgramData%\AADConnect\trace-*.log`.

+ Title: 'Introduction to Microsoft Entra Connect V2'

+# Introduction to Microsoft Entra Connect V2

+Azure AD Connect V1 was released several years ago. Since this time, several of the components used have been scheduled for deprecation and updated to newer versions. Attempting to update all of these components individually would take time and planning.

+To address this issue, we've bundled as many of these newer components into a new single release, so you only have to update once. This release is Microsoft Entra Connect V2. This release is a new version of the same software used to accomplish your hybrid identity goals, built using the latest foundational components.

+ >Microsoft Entra Connect V1 has been retired as of August 31, 2022 and is no longer supported. Microsoft Entra Connect V1 installations may **stop working unexpectedly**. If you are still using Azure AD Connect V1, you need to upgrade to Microsoft Entra Connect V2 immediately.

+## Consider moving to Microsoft Entra Connect cloud sync

+Microsoft Entra Connect cloud sync is the future of synchronization for Microsoft. It replaces Microsoft Entra Connect.

+Before moving to Microsoft Entra Connect V2, you should consider moving to Microsoft Entra Connect cloud sync. You can see if cloud sync is right for you by accessing the [Check sync tool](https://aka.ms/EvaluateSyncOptions) from the portal or via the link provided.

+Support for TLS 1.0/1.1 is deprecated in 2022, and you need to make sure you aren't using these protocols by that date as your service may stop working unexpectedly. You can manually configure your server for TLS 1.2 though, and that doesn't require an update of Microsoft Entra Connect to V2.

+Microsoft Entra Connect Health may stop working after March 2023. We will auto upgrade all Health agents to a new version before that, but we cannot auto upgrade if you are running Azure AD Connect V1 due to compatibility issues with V versions.

+**After upgrading to V2 the ADSync PowerShell cmdlets don't work?** </br>

+This is a known issue. Restart your PowerShell session after installing or upgrading to V2 and then reimport the module. Use the following instructions to import the module.

+>Azure AD Connect V1 will stop working on October 1st 2023. You need to migrate to Microsoft Entra Connect cloud sync or Microsoft Entra Connect Sync.

+Before moving to Microsoft Entra Connect Sync, you should see if cloud sync is right for you instead. Cloud sync uses a light-weight provisioning agent and is fully configurable through the portal. To choose the best sync tool for your situation, use the [Wizard to evaluate sync options.](https://aka.ms/EvaluateSyncOptions)

+## Migrating to Microsoft Entra Connect V2

+|[What is Microsoft Entra Connect V2?](connect/whatis-azure-ad-connect-v2.md)|Information on the latest version of Microsoft Entra Connect|

+|[Upgrading from a previous version](connect/how-to-upgrade-previous-version.md)|Information on moving from one version of Microsoft Entra Connect to another

+- [Azure AD cloud sync](./cloud-sync/what-is-cloud-sync.md)

+ 9. On the **Select Extension** screen, select **HR-driven provisioning (Workday and SuccessFactors) / Microsoft Entra Connect cloud sync** and click **Next**.

+The following document provides the prerequisites for integrating with Active Directory.

+## Cloud sync

+After installing the Microsoft Entra Connect provisioning agent, you will need to configure single sign-on for cloud sync. The following table provides a list of steps required for using single sign-on.

+## Install Microsoft Entra Connect cloud sync agents

+After you prepare your list of source and destination targets, install and configure Microsoft Entra Connect cloud sync agents. See, [Tutorial: Integrate a single forest with a single Microsoft Entra tenant](../hybrid/cloud-sync/tutorial-single-forest.md).

+ >If you use Microsoft Entra Connect cloud sync agents, skip this section.

+After you disable Okta provisioning, the Microsoft Entra Connect cloud sync agent can synchronize objects.

+ > Please use different provisioning agents for on-premises application provisioning and Microsoft Entra Connect cloud sync / HR-driven provisioning. All three scenarios should not be managed on the same agent.

+ Title: Azure OpenAI Service model versions

+description: Learn about model versions in Azure OpenAI.

+recommendations: false

+keywords:

+# Azure OpenAI Service model versions

+Azure OpenAI Service is committed to providing the best generative AI models for customers. As part of this commitment, Azure OpenAI Service regularly releases new model versions to incorporate the latest features and improvements from OpenAI.

+In particular, the GPT-3.5 Turbo and GPT-4 models see regular updates with new features. For example, versions 0613 of GPT-3.5 Turbo and GPT-4 introduced function calling. Function calling is a popular feature that allows the model to create structured outputs that can be used to call external tools.

+## How model versions work

+We want to make it easy for customers to stay up to date as models improve. Customers can choose to start with a particular version and to automatically update as new versions are released.

+When a customer deploys GPT-3.5-Turbo and GPT-4 on Azure OpenAI Service, the standard behavior is to deploy the current default version ΓÇô for example, GPT-4 version 0314. When the default version changes to say GPT-4 version 0613, the deployment is automatically updated to version 0613 so that customer deployments feature the latest capabilities of the model.

+Customers can also deploy a specific version like GPT-4 0314 or GPT-4 0613 and choose an update policy, which can include the following options:

+* Deployments set to **Auto-update to default** automatically update to use the new default version.

+* Deployments set to **Upgrade when expired** automatically update when its current version is retired.

+* Deployments that are set to **No Auto Upgrade** stop working when the model is retired.

+## How Azure updates OpenAI models

+Azure works closely with OpenAI to release new model versions. When a new version of a model is released, a customer can immediately test it in new deployments. Azure publishes when new versions of models are released, and notifies customers at least two weeks before a new version becomes the default version of the model. Azure also maintains the previous major version of the model until its retirement date, so customers can switch back to it if desired.

+## What you need to know about Azure OpenAI model version upgrades

+As a customer of Azure OpenAI models, you might notice some changes in the model behavior and compatibility after a version upgrade. These changes might affect your applications and workflows that rely on the models. Here are some tips to help you prepare for version upgrades and minimize the impact:

+* Read [whatΓÇÖs new](../whats-new.md) and [models](../concepts/models.md) to understand the changes and new features.

+* Read the documentation on [model deployments](../how-to/create-resource.md) and [version upgrades](../concepts/model-versions.md) to understand how to work with model versions.

+* Test your applications and workflows with the new model version after release.

+* Update your code and configuration to use the new features and capabilities of the new model version.

+## Next Steps

+- [Learn more about working with Azure OpenAI models](../how-to/working-with-models.md)

+- [Learn more about Azure OpenAI model regional availability](../concepts/models.md)

+- [Learn more about Azure OpenAI](../overview.md)

+Azure OpenAI Service is powered by a diverse set of models with different capabilities and price points. [Model availability varies by region](../concepts/models.md).

+You can learn more about Azure OpenAI model versions and how they work in the [Azure OpenAI model versions](../concepts/model-versions.md) article.

+As your use of Azure OpenAI evolves, and you start to build and integrate with applications you might want to manually control model updates so that you can first test and validate that model performance is remaining consistent for your use case prior to upgrade.

+|`OnceCurrentVersionExpired` | Once the retirement date is reached the model deployment will automatically upgrade to the current default version. |

+|`NoAutoUpgrade` | The model deployment will never automatically upgrade. Once the retirement date is reached the model deployment will stop working. You will need to update your code referencing that deployment to point to a non-expired model deployment. |

+|TKGs 2.2|1.25.7|1.23.0_2023-09-12|16.0.5100.7246|14.5 (Ubuntu 20.04)|

+Windows Server machines can be onboarded directly to [Azure Arc](https://azure.microsoft.com/products/azure-arc/) through a graphical wizard included in Windows Server. The wizard automates the onboarding process by checking the necessary prerequisites for successful Azure Arc onboarding and fetching and installing the latest version of the Azure Connected Machine (AzCM) agent. Once the wizard process completes, you're directed to your Window Server machine in the Azure portal, where it can be viewed and managed like any other Azure Arc-enabled resource.

+Onboarding to Azure Arc is not needed if the Windows Server machine is already running in Azure.

+* Modern browser (Microsoft Edge) for authentication to Microsoft Azure. Configuration of the Azure Connected Machine agent requires authentication to your Azure account, either through interactive authentication on a modern browser or device code login on a separate device (if the machine doesn't have a modern browser).

+To uninstall Azure Arc Setup through PowerShell, run the following command:

+```powershell

+Disable-WindowsOptionalFeature -Online -FeatureName AzureArcSetup

+```

+|Azure App Service on Windows - Publish as Code | [ :white_check_mark: :link: ](azure-web-apps-net.md) ┬╣ | [ :white_check_mark: :link: ](azure-web-apps-net-core.md) ┬╣ | [ :white_check_mark: :link: ](azure-web-apps-java.md) ┬╣ | [ :white_check_mark: :link: ](azure-web-apps-nodejs.md) ┬╣ | :x: |

+|Azure App Service on Windows - Publish as Docker | [ :white_check_mark: :link: ](https://azure.github.io/AppService/2022/04/11/windows-containers-app-insights-preview.html) ┬▓ | [ :white_check_mark: :link: ](https://azure.github.io/AppService/2022/04/11/windows-containers-app-insights-preview.html) ┬▓ | [ :white_check_mark: :link: ](https://azure.github.io/AppService/2022/04/11/windows-containers-app-insights-preview.html) ┬▓ | [ :white_check_mark: :link: ](https://techcommunity.microsoft.com/t5/apps-on-azure-blog/public-preview-application-insights-auto-instrumentation-for/ba-p/3947971) ┬▓ | :x: |

+|Azure App Service on Linux - Publish as Code | :x: | [ :white_check_mark: :link: ](azure-web-apps-net-core.md?tabs=linux) ┬╣ | [ :white_check_mark: :link: ](azure-web-apps-java.md) ┬╣ | [ :white_check_mark: :link: ](azure-web-apps-nodejs.md?tabs=linux) | :x: |

+|Azure App Service on Linux - Publish as Docker | :x: | [ :white_check_mark: :link: ](azure-web-apps-net-core.md?tabs=linux) | [ :white_check_mark: :link: ](azure-web-apps-java.md) | [ :white_check_mark: :link: ](azure-web-apps-nodejs.md?tabs=linux) | :x: |

+|Azure Functions - basic | [ :white_check_mark: :link: ](monitor-functions.md) ┬╣ | [ :white_check_mark: :link: ](monitor-functions.md) ┬╣ | [ :white_check_mark: :link: ](monitor-functions.md) ┬╣ | [ :white_check_mark: :link: ](monitor-functions.md) ┬╣ | [ :white_check_mark: :link: ](monitor-functions.md) ┬╣ |

+|Azure VMs Windows | [ :white_check_mark: :link: ](azure-vm-vmss-apps.md) ┬▓ ┬│ | [ :white_check_mark: :link: ](azure-vm-vmss-apps.md) ┬▓ ┬│ | [ :white_check_mark: :link: ](opentelemetry-enable.md?tabs=java) | :x: | :x: |

+|On-premises VMs Windows | [ :white_check_mark: :link: ](application-insights-asp-net-agent.md) ┬│ | [ :white_check_mark: :link: ](application-insights-asp-net-agent.md) ┬▓ ┬│ | [ :white_check_mark: :link: ](opentelemetry-enable.md?tabs=java) | :x: | :x: |

+- ┬╣: Application Insights is on by default and enabled automatically.

+- ┬▓: This feature is in public preview. See [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).

+- ┬│: An agent must be deployed and configured.

+ Title: Distributed tracing and telemetry correlation in Azure Application Insights

+description: This article provides information about distributed tracing and telemetry correlation

+ms.devlang: csharp, java, javascript, python

+# What is distributed tracing and telemetry correlation?

+Modern cloud and [microservices](https://azure.com/microservices) architectures have enabled simple, independently deployable services that reduce costs while increasing availability and throughput. However, it has made overall systems more difficult to reason about and debug. Distributed tracing solves this problem by providing a performance profiler that works like call stacks for cloud and microservices architectures.

+Azure Monitor provides two experiences for consuming distributed trace data: the [transaction diagnostics](./search-and-transaction-diagnostics.md?tabs=transaction-diagnostics) view for a single transaction/request and the [application map](./app-map.md) view to show how systems interact.

+[Application Insights](app-insights-overview.md#application-insights-overview) can monitor each component separately and detect which component is responsible for failures or performance degradation by using distributed telemetry correlation. This article explains the data model, context-propagation techniques, protocols, and implementation of correlation tactics on different languages and platforms used by Application Insights.

+## Enable distributed tracing

+To enable distributed tracing for an application, add the right agent, SDK, or library to each service based on its programming language.

+### Enable via Application Insights through autoinstrumentation or SDKs

+The Application Insights agents and SDKs for .NET, .NET Core, Java, Node.js, and JavaScript all support distributed tracing natively. Instructions for installing and configuring each Application Insights SDK are available for:

+* [.NET](asp-net.md)

+* [.NET Core](asp-net-core.md)

+* [Java](./opentelemetry-enable.md?tabs=java)

+* [Node.js](../app/nodejs.md)

+* [JavaScript](./javascript.md#enable-distributed-tracing)

+* [Python](/previous-versions/azure/azure-monitor/app/opencensus-python)

+With the proper Application Insights SDK installed and configured, tracing information is automatically collected for popular frameworks, libraries, and technologies by SDK dependency autocollectors. The full list of supported technologies is available in the [Dependency autocollection documentation](asp-net-dependencies.md#dependency-auto-collection).

+ Any technology also can be tracked manually with a call to [TrackDependency](./api-custom-events-metrics.md) on the [TelemetryClient](./api-custom-events-metrics.md).

+### Enable via OpenTelemetry

+Application Insights now supports distributed tracing through [OpenTelemetry](https://opentelemetry.io/). OpenTelemetry provides a vendor-neutral instrumentation to send traces, metrics, and logs to Application Insights. Initially, the OpenTelemetry community took on distributed tracing. Metrics and logs are still in progress.

+A complete observability story includes all three pillars. Check the status of our [Azure Monitor OpenTelemetry-based offerings](opentelemetry-enable.md) to see the latest status on what's included, which offerings are generally available, and support options.

+The following pages consist of language-by-language guidance to enable and configure Microsoft's OpenTelemetry-based offerings. Importantly, we share the available functionality and limitations of each offering so you can determine whether OpenTelemetry is right for your project.

+* [.NET](opentelemetry-enable.md?tabs=net)

+* [Java](opentelemetry-enable.md?tabs=java)

+* [Node.js](opentelemetry-enable.md?tabs=nodejs)

+* [Python](opentelemetry-enable.md?tabs=python)

+### Enable via OpenCensus

+In addition to the Application Insights SDKs, Application Insights also supports distributed tracing through [OpenCensus](https://opencensus.io/). OpenCensus is an open-source, vendor-agnostic, single distribution of libraries to provide metrics collection and distributed tracing for services. It also enables the open-source community to enable distributed tracing with popular technologies like Redis, Memcached, or MongoDB. [Microsoft collaborates on OpenCensus with several other monitoring and cloud partners](https://open.microsoft.com/2018/06/13/microsoft-joins-the-opencensus-project/).

+For more information on OpenCensus for Python, see [Set up Azure Monitor for your Python application](/previous-versions/azure/azure-monitor/app/opencensus-python).

+The OpenCensus website maintains API reference documentation for [Python](https://opencensus.io/api/python/trace/usage.html), [Go](https://godoc.org/go.opencensus.io), and various guides for using OpenCensus.

+## Data model for telemetry correlation

+Application Insights defines a [data model](../../azure-monitor/app/data-model-complete.md) for distributed telemetry correlation. To associate telemetry with a logical operation, every telemetry item has a context field called `operation_Id`. Every telemetry item in the distributed trace shares this identifier. So even if you lose telemetry from a single layer, you can still associate telemetry reported by other components.

+A distributed logical operation typically consists of a set of smaller operations that are requests processed by one of the components. [Request telemetry](../../azure-monitor/app/data-model-complete.md#request) defines these operations. Every request telemetry item has its own `id` that identifies it uniquely and globally. And all telemetry items (such as traces and exceptions) that are associated with the request should set the `operation_parentId` to the value of the request `id`.

+[Dependency telemetry](../../azure-monitor/app/data-model-complete.md#dependency) represents every outgoing operation, such as an HTTP call to another component. It also defines its own `id` that's globally unique. Request telemetry, initiated by this dependency call, uses this `id` as its `operation_parentId`.

+You can build a view of the distributed logical operation by using `operation_Id`, `operation_parentId`, and `request.id` with `dependency.id`. These fields also define the causality order of telemetry calls.

+In a microservices environment, traces from components can go to different storage items. Every component can have its own connection string in Application Insights. To get telemetry for the logical operation, Application Insights queries data from every storage item.

+When the number of storage items is large, you need a hint about where to look next. The Application Insights data model defines two fields to solve this problem: `request.source` and `dependency.target`. The first field identifies the component that initiated the dependency request. The second field identifies which component returned the response of the dependency call.

+For information on querying from multiple disparate instances by using the `app` query expression, see [app() expression in Azure Monitor query](../logs/app-expression.md#app-expression-in-azure-monitor-query).

+## Example

+Let's look at an example. An application called Stock Prices shows the current market price of a stock by using an external API called Stock. The Stock Prices application has a page called Stock page that the client web browser opens by using `GET /Home/Stock`. The application queries the Stock API by using the HTTP call `GET /api/stock/value`.

+You can analyze the resulting telemetry by running a query:

+```kusto

+(requests | union dependencies | union pageViews)

+| where operation_Id == "STYz"

+| project timestamp, itemType, name, id, operation_ParentId, operation_Id

+```

+In the results, all telemetry items share the root `operation_Id`. When an Ajax call is made from the page, a new unique ID (`qJSXU`) is assigned to the dependency telemetry, and the ID of the pageView is used as `operation_ParentId`. The server request then uses the Ajax ID as `operation_ParentId`.

+| itemType | name | ID | operation_ParentId | operation_Id |

+|||-|-|-|

+| pageView | Stock page | `STYz` | | `STYz` |

+| dependency | GET /Home/Stock | `qJSXU` | `STYz` | `STYz` |

+| request | GET Home/Stock | `KqKwlrSt9PA=` | `qJSXU` | `STYz` |

+| dependency | GET /api/stock/value | `bBrf2L7mm2g=` | `KqKwlrSt9PA=` | `STYz` |

+When the call `GET /api/stock/value` is made to an external service, you need to know the identity of that server so you can set the `dependency.target` field appropriately. When the external service doesn't support monitoring, `target` is set to the host name of the service. An example is `stock-prices-api.com`. But if the service identifies itself by returning a predefined HTTP header, `target` contains the service identity that allows Application Insights to build a distributed trace by querying telemetry from that service.

+## Correlation headers using W3C TraceContext

+Application Insights is transitioning to [W3C Trace-Context](https://w3c.github.io/trace-context/), which defines:

+- `traceparent`: Carries the globally unique operation ID and unique identifier of the call.

+- `tracestate`: Carries system-specific tracing context.

+The latest version of the Application Insights SDK supports the Trace-Context protocol, but you might need to opt in to it. (Backward compatibility with the previous correlation protocol supported by the Application Insights SDK is maintained.)

+The [correlation HTTP protocol, also called Request-Id](https://github.com/dotnet/runtime/blob/master/src/libraries/System.Diagnostics.DiagnosticSource/src/HttpCorrelationProtocol.md), is being deprecated. This protocol defines two headers:

+- `Request-Id`: Carries the globally unique ID of the call.

+- `Correlation-Context`: Carries the name-value pairs collection of the distributed trace properties.

+Application Insights also defines the [extension](https://github.com/lmolkov) for the correlation HTTP protocol. It uses `Request-Context` name-value pairs to propagate the collection of properties used by the immediate caller or callee. The Application Insights SDK uses this header to set the `dependency.target` and `request.source` fields.

+The [W3C Trace-Context](https://w3c.github.io/trace-context/) and Application Insights data models map in the following way:

+| Application Insights | W3C TraceContext |

+| |-|

+| `Id` of `Request` and `Dependency` | [parent-id](https://w3c.github.io/trace-context/#parent-id) |

+| `Operation_Id` | [trace-id](https://w3c.github.io/trace-context/#trace-id) |

+| `Operation_ParentId` | [parent-id](https://w3c.github.io/trace-context/#parent-id) of this span's parent span. This field must be empty if it's a root span.|

+For more information, see [Application Insights telemetry data model](../../azure-monitor/app/data-model-complete.md).

+### Enable W3C distributed tracing support for .NET apps

+W3C TraceContext-based distributed tracing is enabled by default in all recent

+.NET Framework/.NET Core SDKs, along with backward compatibility with legacy Request-Id protocol.

+### Enable W3C distributed tracing support for Java apps

+#### Java 3.0 agent

+ Java 3.0 agent supports W3C out of the box, and no more configuration is needed.

+#### Java SDK

+- **Incoming configuration**

+ For Java EE apps, add the following code to the `<TelemetryModules>` tag in *ApplicationInsights.xml*:

+ ```xml

+ <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebRequestTrackingTelemetryModule>

+ <Param name = "W3CEnabled" value ="true"/>

+ <Param name ="enableW3CBackCompat" value = "true" />

+ </Add>

+ ```

+ For Spring Boot apps, add these properties:

+ - `azure.application-insights.web.enable-W3C=true`

+ - `azure.application-insights.web.enable-W3C-backcompat-mode=true`

+- **Outgoing configuration**

+ Add the following code to *AI-Agent.xml*:

+ ```xml

+ <Instrumentation>

+ <BuiltIn enabled="true">

+ <HTTP enabled="true" W3C="true" enableW3CBackCompat="true"/>

+ </BuiltIn>

+ </Instrumentation>

+ ```

+ > [!NOTE]

+ > Backward compatibility mode is enabled by default, and the `enableW3CBackCompat` parameter is optional. Use it only when you want to turn backward compatibility off.

+ >

+ > Ideally, you'll' turn off this mode when all your services are updated to newer versions of SDKs that support the W3C protocol. We highly recommend that you move to these newer SDKs as soon as possible.

+It's important to make sure the incoming and outgoing configurations are exactly the same.

+### Enable W3C distributed tracing support for web apps

+This feature is enabled by default for JavaScript and the headers are automatically included when the hosting page domain is the same as the domain the requests are sent to (for example, the hosting page is `example.com` and the Ajax requests are sent to `example.com`). To change the distributed tracing mode, use the [`distributedTracingMode` configuration field](./javascript-sdk-configuration.md#sdk-configuration). AI_AND_W3C is provided by default for backward compatibility with any legacy services instrumented by Application Insights.

+- **[npm-based setup](./javascript-sdk.md?tabs=npmpackage#get-started)**

+ Add the following configuration:

+ ```JavaScript

+ distributedTracingMode: DistributedTracingModes.W3C

+ ```

+- **[JavaScript (Web) SDK Loader Script-based setup](./javascript-sdk.md?tabs=javascriptwebsdkloaderscript#get-started)**

+ Add the following configuration:

+ ```

+ distributedTracingMode: 2 // DistributedTracingModes.W3C

+ ```

+If the XMLHttpRequest or Fetch Ajax requests are sent to a different domain host, including subdomains, the correlation headers aren't included by default. To enable this feature, set the [`enableCorsCorrelation` configuration field](./javascript-sdk-configuration.md#sdk-configuration) to `true`. If you set `enableCorsCorrelation` to `true`, all XMLHttpRequest and Fetch Ajax requests include the correlation headers. As a result, if the application on the server that is being called doesn't support the `traceparent` header, the request might fail, depending on whether the browser / version can validate the request based on which headers the server accepts.

+> [!IMPORTANT]

+> To see all configurations required to enable correlation, see the [JavaScript correlation documentation](./javascript.md#enable-distributed-tracing).

+## Telemetry correlation in OpenCensus Python

+OpenCensus Python supports [W3C Trace-Context](https://w3c.github.io/trace-context/) without requiring extra configuration.

+For a reference, you can find the OpenCensus data model on [this GitHub page](https://github.com/census-instrumentation/opencensus-specs/tree/master/trace).

+### Incoming request correlation

+OpenCensus Python correlates W3C Trace-Context headers from incoming requests to the spans that are generated from the requests themselves. OpenCensus correlates automatically with integrations for these popular web application frameworks: Flask, Django, and Pyramid. You just need to populate the W3C Trace-Context headers with the [correct format](https://www.w3.org/TR/trace-context/#trace-context-http-headers-format) and send them with the request.

+Explore this sample Flask application. Install Flask, OpenCensus, and the extensions for Flask and Azure.

+```shell

+pip install flask opencensus opencensus-ext-flask opencensus-ext-azure

+```

+You need to add your Application Insights connection string to the environment variable.

+```shell

+APPLICATIONINSIGHTS_CONNECTION_STRING=<appinsights-connection-string>

+```

+**Sample Flask Application**

+```python

+from flask import Flask

+from opencensus.ext.azure.trace_exporter import AzureExporter

+from opencensus.ext.flask.flask_middleware import FlaskMiddleware

+from opencensus.trace.samplers import ProbabilitySampler

+app = Flask(__name__)

+middleware = FlaskMiddleware(

+ app,

+ exporter=AzureExporter(

+ connection_string='<appinsights-connection-string>', # or set environment variable APPLICATION_INSIGHTS_CONNECTION_STRING

+ ),

+ sampler=ProbabilitySampler(rate=1.0),

+)

+@app.route('/')

+def hello():

+ return 'Hello World!'

+if __name__ == '__main__':

+ app.run(host='localhost', port=8080, threaded=True)

+```

+This code runs a sample Flask application on your local machine, listening to port `8080`. To correlate trace context, you send a request to the endpoint. In this example, you can use a `curl` command:

+```

+curl --header "traceparent: 00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01" localhost:8080

+```

+By looking at the [Trace-Context header format](https://www.w3.org/TR/trace-context/#trace-context-http-headers-format), you can derive the following information:

+`version`: `00`

+`trace-id`: `4bf92f3577b34da6a3ce929d0e0e4736`

+`parent-id/span-id`: `00f067aa0ba902b7`

+`trace-flags`: `01`

+If you look at the request entry that was sent to Azure Monitor, you can see fields populated with the trace header information. You can find the data under **Logs (Analytics)** in the Azure Monitor Application Insights resource.

+The `id` field is in the format `<trace-id>.<span-id>`, where `trace-id` is taken from the trace header that was passed in the request and `span-id` is a generated 8-byte array for this span.

+The `operation_ParentId` field is in the format `<trace-id>.<parent-id>`, where both `trace-id` and `parent-id` are taken from the trace header that was passed in the request.

+### Log correlation

+OpenCensus Python enables you to correlate logs by adding a trace ID, a span ID, and a sampling flag to log records. You add these attributes by installing OpenCensus [logging integration](https://pypi.org/project/opencensus-ext-logging/). The following attributes are added to Python `LogRecord` objects: `traceId`, `spanId`, and `traceSampled` (applicable only for loggers that are created after the integration).

+Install the OpenCensus logging integration:

+```console

+python -m pip install opencensus-ext-logging

+```

+**Sample application**

+```python

+import logging

+from opencensus.trace import config_integration

+from opencensus.trace.samplers import AlwaysOnSampler

+from opencensus.trace.tracer import Tracer

+config_integration.trace_integrations(['logging'])

+logging.basicConfig(format='%(asctime)s traceId=%(traceId)s spanId=%(spanId)s %(message)s')

+tracer = Tracer(sampler=AlwaysOnSampler())

+logger = logging.getLogger(__name__)

+logger.warning('Before the span')

+with tracer.span(name='hello'):

+ logger.warning('In the span')

+logger.warning('After the span')

+```

+When this code runs, the following prints in the console:

+```

+2019-10-17 11:25:59,382 traceId=c54cb1d4bbbec5864bf0917c64aeacdc spanId=0000000000000000 Before the span

+2019-10-17 11:25:59,384 traceId=c54cb1d4bbbec5864bf0917c64aeacdc spanId=70da28f5a4831014 In the span

+2019-10-17 11:25:59,385 traceId=c54cb1d4bbbec5864bf0917c64aeacdc spanId=0000000000000000 After the span

+```

+Notice that there's a `spanId` present for the log message that's within the span. The `spanId` is the same as that which belongs to the span named `hello`.

+You can export the log data by using `AzureLogHandler`. For more information, see [Set up Azure Monitor for your Python application](/previous-versions/azure/azure-monitor/app/opencensus-python#logs).

+We can also pass trace information from one component to another for proper correlation. For example, consider a scenario where there are two components, `module1` and `module2`. Module 1 calls functions in Module 2. To get logs from both `module1` and `module2` in a single trace, we can use the following approach:

+```python

+# module1.py

+import logging

+from opencensus.trace import config_integration

+from opencensus.trace.samplers import AlwaysOnSampler

+from opencensus.trace.tracer import Tracer

+from module_2 import function_1

+config_integration.trace_integrations(["logging"])

+logging.basicConfig(

+ format="%(asctime)s traceId=%(traceId)s spanId=%(spanId)s %(message)s"

+)

+tracer = Tracer(sampler=AlwaysOnSampler())

+logger = logging.getLogger(__name__)

+logger.warning("Before the span")

+with tracer.span(name="hello"):

+ logger.warning("In the span")

+ function_1(logger, tracer)

+logger.warning("After the span")

+```

+```python

+# module_2.py

+import logging

+from opencensus.trace import config_integration

+from opencensus.trace.samplers import AlwaysOnSampler

+from opencensus.trace.tracer import Tracer

+config_integration.trace_integrations(["logging"])

+logging.basicConfig(

+ format="%(asctime)s traceId=%(traceId)s spanId=%(spanId)s %(message)s"

+)

+logger = logging.getLogger(__name__)

+tracer = Tracer(sampler=AlwaysOnSampler())

+def function_1(logger=logger, parent_tracer=None):

+ if parent_tracer is not None:

+ tracer = Tracer(

+ span_context=parent_tracer.span_context,

+ sampler=AlwaysOnSampler(),

+ )

+ else:

+ tracer = Tracer(sampler=AlwaysOnSampler())

+ with tracer.span("function_1"):

+ logger.info("In function_1")

+```

+## Telemetry correlation in .NET

+Correlation is handled by default when onboarding an app. No special actions are required.

+* [Application Insights for ASP.NET Core applications](asp-net-core.md#application-insights-for-aspnet-core-applications)

+* [Configure Application Insights for your ASP.NET website](asp-net.md#configure-application-insights-for-your-aspnet-website)

+* [Application Insights for Worker Service applications (non-HTTP applications)](worker-service.md#application-insights-for-worker-service-applications-non-http-applications)

+.NET runtime supports distributed with the help of [Activity](https://github.com/dotnet/runtime/blob/master/src/libraries/System.Diagnostics.DiagnosticSource/src/ActivityUserGuide.md) and [DiagnosticSource](https://github.com/dotnet/runtime/blob/master/src/libraries/System.Diagnostics.DiagnosticSource/src/DiagnosticSourceUsersGuide.md)

+The Application Insights .NET SDK uses `DiagnosticSource` and `Activity` to collect and correlate telemetry.

+<a name="java-correlation"></a>

+## Telemetry correlation in Java

+[Java agent](./opentelemetry-enable.md?tabs=java) supports automatic correlation of telemetry. It automatically populates `operation_id` for all telemetry (like traces, exceptions, and custom events) issued within the scope of a request. It also propagates the correlation headers that were described earlier for service-to-service calls via HTTP, if the [Java SDK agent](deprecated-java-2x.md#monitor-dependencies-caught-exceptions-and-method-execution-times-in-java-web-apps) is configured.

+> [!NOTE]

+> Application Insights Java agent autocollects requests and dependencies for JMS, Kafka, Netty/Webflux, and more. For Java SDK, only calls made via Apache HttpClient are supported for the correlation feature. Automatic context propagation across messaging technologies like Kafka, RabbitMQ, and Azure Service Bus isn't supported in the SDK.

+To collect custom telemetry, you need to instrument the application with Java 2.6 SDK.

+### Role names

+You might want to customize the way component names are displayed in [Application Map](../../azure-monitor/app/app-map.md). To do so, you can manually set `cloud_RoleName` by taking one of the following actions:

+- For Application Insights Java, set the cloud role name as follows:

+ ```json

+ {

+ "role": {

+ "name": "my cloud role name"

+ }

+ }

+ ```

+ You can also set the cloud role name by using the environment variable `APPLICATIONINSIGHTS_ROLE_NAME`.

+- With Application Insights Java SDK 2.5.0 and later, you can specify `cloud_RoleName`

+ by adding `<RoleName>` to your *ApplicationInsights.xml* file:

+ :::image type="content" source="media/migrate-from-instrumentation-keys-to-connection-strings/migrate-from-instrumentation-keys-to-connection-strings.png" alt-text="Screenshot that shows Application Insights overview and connection string." lightbox="media/migrate-from-instrumentation-keys-to-connection-strings/migrate-from-instrumentation-keys-to-connection-strings.png":::

+ ```xml

+ <?xml version="1.0" encoding="utf-8"?>

+ <ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings" schemaVersion="2014-05-30">

+ <ConnectionString>InstrumentationKey=00000000-0000-0000-0000-000000000000</ConnectionString>

+ <RoleName>** Your role name **</RoleName>

+ ...

+ </ApplicationInsights>

+ ```

+- If you use Spring Boot with the Application Insights Spring Boot Starter, set your custom name for the application in the *application.properties* file:

+ `spring.application.name=<name-of-app>`

+You can also set the cloud role name via environment variable or system property. See [Configuring cloud role name](./java-standalone-config.md#cloud-role-name) for details.

+## Next steps

+- [Application map](./app-map.md)

+- Write [custom telemetry](../../azure-monitor/app/api-custom-events-metrics.md).

+- For advanced correlation scenarios in ASP.NET Core and ASP.NET, see [Track custom operations](custom-operations-tracking.md).

+- Learn more about [setting cloud_RoleName](./app-map.md#set-or-override-cloud-role-name) for other SDKs.

+- Onboard all components of your microservice on Application Insights. Check out the [supported platforms](./app-insights-overview.md#supported-languages).

+- See the [data model](./data-model-complete.md) for Application Insights types.

+- Learn how to [extend and filter telemetry](./api-filtering-sampling.md).

+- Review the [Application Insights config reference](configuration-with-applicationinsights-config.md).

+[FAQ]: ./app-insights-overview.md#frequently-asked-questions

+To learn more about OpenTelemetry concepts, see the [OpenTelemetry overview](opentelemetry-overview.md) or [OpenTelemetry FAQ](#frequently-asked-questions).

+However, you might want to manually report exceptions beyond what instrumentation libraries report.

+For instance, exceptions caught by your code aren't ordinarily reported. You might wish to report them

+You might want to add a custom span in two scenarios. First, when there's a dependency request not already collected by an instrumentation library. Second, when you wish to model an application process as a span on the end-to-end transaction view.

+We recommend you use the OpenTelemetry APIs whenever possible, but there might be some scenarios when you have to use the Application Insights [Classic API](api-custom-events-metrics.md)s.

+You might want to enable sampling to reduce your data ingestion volume, which reduces your cost. Azure Monitor provides a custom *fixed-rate* sampler that populates events with a sampling ratio, which Application Insights converts to `ItemCount`. The *fixed-rate* sampler ensures accurate experiences and event counts. The sampler is designed to preserve your traces across services, and it's interoperable with older Application Insights SDKs. For more information, see [Learn More about sampling](sampling.md#brief-summary).

+This article describes how to enable and configure OpenTelemetry-based data collection to power the experiences within [Azure Monitor Application Insights](app-insights-overview.md#application-insights-overview). We walk through how to install the "Azure Monitor OpenTelemetry Distro." The Distro [automatically collects](opentelemetry-add-modify.md#automatic-data-collection) traces, metrics, logs, and exceptions across your application and its dependencies. To learn more about collecting data using OpenTelemetry, see [Data Collection Basics](opentelemetry-overview.md) or [OpenTelemetry FAQ](#frequently-asked-questions).

+> For a feature-by-feature release status, see the [FAQ](#whats-the-current-release-state-of-features-within-the-azure-monitor-opentelemetry-distro).

+While we see OpenTelemetry as our future direction, we have no plans to stop collecting data from older SDKs. We still have a way to go before our Azure OpenTelemetry Distros [reach feature parity with our Application Insights SDKs](./opentelemetry-enable.md#whats-the-current-release-state-of-features-within-the-azure-monitor-opentelemetry-distro). In many cases, customers continue to choose to use Application Insights SDKs for quite some time.

+> For Azure Monitor's position on the [OpenTelemetry-Collector](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/design.md), see the [OpenTelemetry FAQ](./opentelemetry-enable.md#can-i-use-the-opentelemetry-collector).

+Check out the [Azure Monitor Application Insights FAQ](./app-insights-overview.md#frequently-asked-questions) and [OpenTelemetry FAQ](./opentelemetry-enable.md#frequently-asked-questions) for more information.

+- Azure VMware Solution Private Cloud: Offers compute, networking, and storage resources using VMware software, including vCenter Server, NSX-T Data Center software-defined networking, vSAN software-defined storage, and Azure bare-metal ESXi hosts. Azure NetApp Files and Pure Cloud Block Store are also supported.

+- Azure VMware Solution Resource Cluster: Provides compute, networking, and storage resources for customer workloads by scaling out the Azure VMware Solution private cloud using VMware software, including vSAN software-defined storage and Azure bare-metal ESXi hosts. Azure NetApp Files and Pure Cloud Block Store are also supported.

+1. Install the [Azure Batch .NET](https://www.nuget.org/packages/Microsoft.Azure.Batch/) and the [MSAL](https://www.nuget.org/packages/Microsoft.Identity.Client/) NuGet packages.

+r

+- **Query scan results via REST API** - Learn how to query scan results via [REST API](subassessment-rest-api.md).

+|**Security incident detected suspicious DNS activity (Preview)** | Scenario 1: This incident indicates that suspicious DNS activity has been detected. Multiple alerts from different Defender for Cloud plans have been triggered on the same resource, which increases the fidelity of malicious activity in your environment. Suspicious DNS activity might indicate that a threat actor gained unauthorized access to your environment and is attempting to compromise it. <br><br> Scenario 2: This incident indicates that suspicious DNS activity has been detected. Multiple alerts from different Defender for Cloud plans have been triggered from the same IP address, which increases the fidelity of malicious activity in your environment. Suspicious DNS activity might indicate that a threat actor gained unauthorized access to your environment and is attempting to compromise it. | Medium |

+### [Express configuration](#tab/express)

+## Deprecating two security incidents

+**Estimated date for change: November 2023**

+Following quality improvement process, the following security incidents are set to be deprecated: 'Security incident detected suspicious virtual machines activity' and 'Security incident detected on multiple machines'.

+When creating a virtual machine image, select an image from the marketplace that is Dev Box compatible, like the following examples:

+- [Visual Studio 2019](https://azuremarketplace.microsoft.com/marketplace/apps/microsoftvisualstudio.visualstudio2019plustools?tab=Overview)

+- [Visual Studio 2022](https://azuremarketplace.microsoft.com/marketplace/apps/microsoftvisualstudio.visualstudioplustools?tab=Overview)

+Dev box definitions define the configuration of the dev boxes that are available to users. You can use an image from Azure Marketplace, like the **Visual Studio 2022 Enterprise on Windows 11 Enterprise + Microsoft 365 Apps 22H2** image. Or you can create your own custom image and store it in [Azure Compute Gallery](how-to-configure-azure-compute-gallery.md). Specify a SKU with compute and storage to complete the dev box definition.

+When configuring Dev Box, you might see Deployment Environments resources and components. You might even see informational messages regarding Deployment Environments features. If you're not configuring any Deployment Environments features, you can safely ignore these messages.

+ You see the following information:

+A new tab opens with a Remote Desktop session through which you can use your dev box. Use a work or school account to log in to your dev box, not a personal Microsoft account.

+> [!NOTE]

+> In West US2 region, during provisioning new Azure API for FHIR instance errors are reported. FHIR service team is actively investigating the issue.

+Azure Machine Learning allows you to incorporate RAG in your AI using the Azure Machine Learning Studio or using code with Azure Machine Learning pipelines. It offers several value additions like the ability to measure and enhance RAG workflows, test data generation, automatic prompt creation, and visualize prompt evaluation metrics. It enables the integration of RAG workflows into MLOps workflows using pipelines. You can also use your data with open source offerings like LangChain.

+# Searching and relevance in vector search

+## Vector search supported algorithms

+Algorithm parameters that are used to initialize the index during index creation are *immutable* and cannot be changed after the index is built. Some parameters that affect the query-time characteristics may be modified.Some of these parameters can be modified in a [query request](vector-search-how-to-query.md).

+ Title: Auto-shutdown the VM

+description: Learn how to set up auto-shutdown for VMs in Azure.

+# Auto-shutdown the VM

+In this tutorial, you learn how to automatically shut-down virtual machines (VMs) in Azure. The auto-shutdown feature for Azure VMs can help reduce costs by shutting down the VMs during off hours when they aren't needed and automatically restarting them when they're needed again.

+## Configure auto-shutdown for a virtual machine

+### [Portal](#tab/portal)

+Sign in to the [Azure portal](https://portal.azure.com/).

+1. In the Azure portal, navigate to the virtual machine you want to configure auto-shutdown for.

+2. In the virtual machine's detail page, select "Auto-shutdown" under the **Operations** section.

+3. In the "Auto-shutdown" configuration screen, toggle the switch to "On."

+4. Set the time you want the virtual machine to shut down.

+5. Select "Save" to save the auto-shutdown configuration.

+### [Azure CLI](#tab/azure-cli)

+To configure auto-shutdown for a single virtual machine using the Azure CLI, you can use the following script:

+```azurecli-interactive

+# Set the resource group name, VM name, and shutdown time

+RESOURCE_GROUP_NAME="myResourceGroup"

+VM_NAME="myVM" # Add your VM's name here

+SHUTDOWN_TIME="18:00"

+# Prompt the user to choose whether to auto-restart or leave the machines off

+echo "Do you want to auto-restart the machine? (y/n)"

+read RESTART_OPTION

+# Set the auto-shutdown and auto-start properties based on the user's choice

+if [ "$RESTART_OPTION" == "y" ]; then

+ AUTO_SHUTDOWN="true"

+ AUTO_START="true"

+else

+ AUTO_SHUTDOWN="true"

+ AUTO_START="false"

+fi

+# Set the auto-shutdown and auto-start properties for the VM

+az vm auto-shutdown -g $RESOURCE_GROUP_NAME -n $VM_NAME --time $SHUTDOWN_TIME

+if [ "$AUTO_START" == "true" ]; then

+ az vm restart -g $RESOURCE_GROUP_NAME -n $VM_NAME --no-wait

+fi

+```

+To configure auto-shutdown for multiple virtual machines using the Azure CLI, you can use the following script:

+```azurecli-interactive

+# Set the resource group name and shutdown time

+RESOURCE_GROUP_NAME="myResourceGroup"

+SHUTDOWN_TIME="18:00"

+# Prompt the user to choose whether to auto-restart or leave the machines off

+echo "Do you want to auto-restart the machines? (y/n)"

+read RESTART_OPTION

+# Set the auto-shutdown and auto-start properties based on the user's choice

+if [ "$RESTART_OPTION" == "y" ]; then

+ AUTO_SHUTDOWN="true"

+ AUTO_START="true"

+else

+ AUTO_SHUTDOWN="true"

+ AUTO_START="false"

+fi

+# Loop through all VMs in the resource group and set the auto-shutdown and auto-start properties

+for VM_ID in $(az vm list -g $RESOURCE_GROUP_NAME --query "[].id" -o tsv); do

+ az vm auto-shutdown --ids $VM_ID --time $SHUTDOWN_TIME

+ az vm restart --ids $VM_ID --no-wait

+done

+```

+The above scripts use the `az vm auto-shutdown` and `az vm restart` commands to set the `auto-shutdown` and `restart` properties of all the VMs in the specified resource group. The `--ids` option is used to specify the VMs by their IDs, and the `--time` and `--auto-start-`enabled options are used to set the auto-shutdown and autostart properties, respectively.

+Both scripts also prompt to choose whether to auto restart the machines or leave them off until they're manually restarted. The choice is used to set the -`-auto-shutdown-enabled` property of the VMs.

+## Clean up resources

+If you no longer need the virtual machine, delete it with the following steps:

+1. Navigate to the virtual machine's **Overview** page on the left

+1. Select on "Delete" from the top middle option.

+1. Follow the prompts to delete the virtual machine.

+For more information on how to delete a virtual machine, see [delete a VM](./delete.md).

+## Next steps

+Learn about sizes and how to resize a VM:

+- Types of virtual machine [sizes.](./sizes.md)

+- Change the [size of a virtual machine](./resize-vm.md).

+This section covers some of Azure's options for backup and disaster recovery. You can refer to the following comparison table for a high level overview.

+- [About Site Recovery](../site-recovery/site-recovery-overview.md)

+### Delete resources

+When no longer needed, you can delete the resource group, virtual machine, and all related resources.

+1. On the Overview page for the VM, select the **Resource group** link.

+1. At the top of the page for the resource group, select **Delete resource group**.

+1. A page will open warning you that you are about to delete resources. Type the name of the resource group and select **Delete** to finish deleting the resources and the resource group.

+### Auto-shutdown

+If the VM is still needed, Azure provides an Auto-shutdown feature for virtual machines to help manage costs and ensure you are not billed for unused resources.

+1. On the **Operations** section for the VM, select the **Auto-shutdown** option.

+1. A page will open where you can configure the auto-shutdown time. Select the **On** option to enable and then set a time that works for you.

+1. Once you have set the time, select **Save** at the top to enable your Auto-shutdown configuration.

+> [!NOTE]

+> Remember to configure the time zone correctly to match your requirements, as (UTC) Coordinated Universal Time is the default setting in the Time zone dropdown.

+### Delete resources

+### Auto-shutdown

+If the VM is still needed, Azure provides an Auto-shutdown feature for virtual machines to help manage costs and ensure you are not billed for unused resources.

+1. On the **Operations** section for the VM, select the **Auto-shutdown** option.

+1. A page will open where you can configure the auto-shutdown time. Select the **On** option to enable and then set a time that works for you.

+1. Once you have set the time, select **Save** at the top to enable your Auto-shutdown configuration.

+> [!NOTE]

+> Remember to configure the time zone correctly to match your requirements, as (UTC) Coordinated Universal Time is the default setting in the Time zone dropdown.