Updates from: 10/21/2024 01:07:12
Service Microsoft Docs article Related commit history on GitHub Change details
api-center Set Up Notification Workflow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-center/set-up-notification-workflow.md
+
+ Title: Workflow automation after API registration - Azure API Center
+description: Learn how to set up a notification workflow to set API status in your organization's API center using Azure Logic Apps and Microsoft Teams.
++ Last updated : 10/18/2024+++
+# Customer intent: As an API program manager, I want to automate a workflow for an individual to receive a Microsoft Teams notification to set status for an API that is registered in my organization's API center.
++
+# Set up a notification workflow after an API is registered in Azure API Center
+
+This article shows how to set up an automated notification workflow for updating the status of an API after it's registered in your organization's [API center](overview.md). Adapt this example to automate workflows for other types of events in your API center.
+
+Setting up a notification workflow can be useful for several reasons:
+
+* **Real-time updates** - Receive alerts immediately when certain events occur, such as API registration or API definition updates. Quickly address issues or take further actions based on these events.
+* **Automation** - Save time and reduce manual monitoring. For example, set up alerts for when a new API is registered, an API definition changes, or API analysis reports are generated.
+* **Improved user experience** - By integrating notifications, keep users informed about the status of their requests or actions. This can include approval processes for your APIs, changing custom metadata based on criteria.
+* **Collaboration** - Send notifications to different team members based on their roles (for example, API administrator, API developer), ensuring that the right people are informed and can take appropriate actions.
+
+In this simplified example:
+
+* Registering an API in your API center triggers an event that runs an [Azure Logic Apps](../logic-apps/logic-apps-overview.md) workflow.
+* The workflow sends a notification in Microsoft Teams to a designated individual.
+* The individual decides the status of the API registration directly from the notification in Microsoft Teams.
+* The workflow updates the API status metadata in the API registration based on the individual's decision. API status is a custom metadata property which you set up in your API center.
+
+You can adapt this example to meet your organization's notification and governance requirements for your API center. You can also trigger a similar automated cloud workflow in [Power Automate](https://make.powerautomate.com ).
+
+## Prerequisites
+
+* An API center in your Azure subscription. If you haven't created one already, see [Quickstart: Create your API center](set-up-api-center.md).
+* A logic app in your Azure subscription. For demonstration purposes, you can use a Consumption logic app. For steps to create one, see [Quickstart: Create an example Consumption logic app workflow using the Azure portal](../logic-apps/quickstart-create-example-consumption-workflow.md).
+* Permissions to assign RBAC roles in your API center.
+* The Event Grid resource provider registered in your subscription. If you need to register the Event Grid resource provider, see [Subscribe to events published by a partner with Azure Event Grid](../event-grid/subscribe-to-partner-events.md#register-the-event-grid-resource-provider).
+
+## Step 1. Add a custom metadata property in your API center
+
+The example workflow in this article sets the value of an example [custom metadata property](metadata.md) in your API center for the status of an API registration.
+
+To create a custom *api-status* property in your API center:
+
+1. In the [Azure portal](https://portal.azure.com), navigate to your API center.
+1. In the left menu, under **Assets**, select **Metadata** > **+ New metadata**.
+1. In the **Details** tab, enter the following details:
+ 1. In **Title**, enter *api-status*.
+ 1. In **Type**, select **Predefined choices**.
+ 1. Add the following predefined choices: *new*, *pending*, *approved*. Select **Next**.
+1. In the **Assignments** tab, next to **APIs**, select **Optional**.
+1. Optionally make assignments to **Deployments** and **Environments**. Select **Next**.
+1. Review the configuration and select **Create**.
+
+## Step 2. Enable a managed identity in your logic app
+
+For this scenario, the logic app uses a managed identity to access the Azure API center. Depending on your needs, enable either a system-assigned or user-assigned managed identity. For configuration steps, see [Authenticate access and connections to Azure resources with managed identities in Azure Logic Apps](../logic-apps/authenticate-with-managed-identity.md).
+++
+## Step 3. Assign permissions to the managed identity
+
+Assign the logic app managed identity the necessary permissions to access the API center. For this scenario, assign the **Contributor** role to the managed identity.
+
+1. In the [Azure portal](https://portal.azure.com), navigate to your API center and select **Access control (IAM)**.
+1. Select **+ Add > Add role assignment**.
+1. Select **Privileged administrator roles** and then select **Contributor**. Select **Next**.
+1. On the **Members** page, in **Assign access to**, select **Managed identity > + Select members**.
+1. On the **Select managed identities** page, search for and select the managed identity of the logic app. Click **Select** and then **Next**.
+1. Review the role assignment, and select **Review + assign**.
+
+## Step 4. Configure logic app workflow
+
+This section provides the manual steps to configure an event subscription that triggers a logic app workflow when an API is registered in your API center.
+
+### Step 4.1. When a resource event occurs
+
+Configure a workflow step to trigger the logic app workflow when an event occurs in the API center.
+
+1. In the [portal](https://portal.azure.com), navigate to your logic app.
+1. In the left menu, under **Development tools**, select **Logic app designer**.
+1. Select **Add a trigger**.
+1. Search for **Azure Event Grid**, and select the **When a resource event occurs** trigger.
+1. In the **When a resource event occurs** pane:
+
+ 1. In **Resource type**, select **Microsoft.ApiCenter.Services**.
+ 1. In **Subscription**, select your subscription.
+ 1. In **Resource Name**, enter the full resource name of your API center, in the following form:
+ `/subscriptions/<subscription ID>/resourceGroups/<resource group nam>/providers/Microsoft.ApiCenter/services/<API Center name>`.
+ 1. In **Event Type Item - 1**, enter or select **Microsoft.ApiCenter.ApiAdded**.
++
+### Step 4.2. Initialize variable - subjectvar
+
+Add a workflow step to initialize a variable that stores the ID of the API that's registered.
+
+1. Select **Add an action**.
+1. In the search box, enter *Variables*.
+1. Under **Variables**, select **Initialize variable**.
+1. In the **Initialize variable** pane:
+ 1. In **Name**, enter *subjectvar*.
+ 1. In **Type**, select **String**.
+ 1. In **Value**, enter `/` and select **Insert dynamic content**.
+ 1. Under **When a resource event occurs**, select **Subject**.
++
+
+### Step 4.3. Initialize variable - versionvar
+
+Add a workflow step to initialize a variable to store the version of the API Center management API. This version is needed for the HTTP requests in the workflow.
+
+> [!TIP]
+> Initializing a variable for the version makes it easy to change the value later, as the management API gets updated.
+
+1. Select **Add an action**.
+1. In the search box, enter *Variables*.
+1. Under **Variables**, select **Initialize variable**.
+1. In the **Initialize variable** pane:
+ 1. In **Name**, enter *versionvar*.
+ 1. In **Type**, select **String**.
+ 1. In **Value**, enter `?api-version=2024-03-01`.
+
+
+### Step 4.4. HTTP action to get API details
+
+Add a workflow step to make an HTTP GET request to get API details from the API center.
+
+1. Select **Add an action**.
+1. In the search box, enter *HTTP*.
+1. Under **HTTP**, select **HTTP**.
+1. In the **HTTP** pane:
+ 1. In **URI**, enter `https://management.azure.com/` (including the trailing forward slash). After the forward slash, enter `/`, select **Insert dynamic content**, and then select the variables *subjectvar* and *versionvar*, in that order.
+ 1. In **Method**, select **GET**.
+ 1. Under **Advanced parameters**, select **Authentication**.
+ 1. In **Authentication type**, select **Managed Identity**.
+ 1. In **Managed identity**, select **System-assigned managed identity**.
+ 1. In **Audience**, enter `https://management.azure.com/`.
++
+### Step 4.5. Parse JSON action
+
+Add a workflow step to parse the JSON output of the preceding HTTP request.
+
+1. Select **Add an action**.
+1. In the search box, enter *Parse JSON*.
+1. Under **Data operations**, select **Parse JSON**.
+1. In the **Parse JSON** pane:
+ 1. In **Content**, enter `/` and select **Insert dynamic content**.
+ 1. Under **HTTP**, select **Body**.
+ 1. In **Schema**, enter the following:
+ ```json
+ {
+ "type": "object",
+ "properties": {
+ "type": {
+ "type": "string"
+ },
+ "properties": {
+ "type": "object",
+ "properties": {
+ "title": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "lifecycleStage": {
+ "type": "string"
+ },
+ "externalDocumentation": {
+ "type": "array"
+ },
+ "contacts": {
+ "type": "array"
+ },
+ "customProperties": {
+ "type": "object",
+ "properties": {}
+ }
+ }
+ },
+ "id": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "systemData": {
+ "type": "object",
+ "properties": {
+ "createdAt": {
+ "type": "string"
+ },
+ "lastModifiedAt": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ ```
+++
+### Step 4.6. Post adaptive card to Teams
+
+Add a workflow step to post the notification as an adaptive card in Microsoft Teams.
+
+1. Select **Add an action**.
+1. In the search box, enter *Teams*.
+1. Under **Microsoft Teams**, select **Post adaptive card and wait for a response**. If prompted, sign in to your Microsoft Teams account.
+1. In the **Post adaptive card and wait for a response** pane:
+ 1. In **Post as**, select **Flow bot**.
+ 1. In **Post in**, select an appropriate option for your Teams setup. For testing, you can select **Chat with Flow bot**.
+ 1. In **Message**, enter the following text for an adaptive card. Modify the text as needed.
+ ```json
+ {
+ "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
+ "type": "AdaptiveCard",
+ "version": "1.4",
+ "body": [
+ {
+ "type": "TextBlock",
+ "text": "Hi API Admin,",
+ "weight": "Bolder",
+ "size": "Medium"
+ },
+ {
+ "type": "TextBlock",
+ "text": "A new API has been registered.",
+ "wrap": true
+ },
+ {
+ "type": "TextBlock",
+ "text": "API Title: **{{apiTitle}}**",
+ "wrap": true
+ },
+ {
+ "type": "TextBlock",
+ "text": "Please provide the status for this API:",
+ "wrap": true
+ },
+ {
+ "type": "Input.ChoiceSet",
+ "id": "apiStatus",
+ "style": "expanded",
+ "choices": [
+ {
+ "title": "New",
+ "value": "new"
+ },
+ {
+ "title": "Pending",
+ "value": "pending"
+ },
+ {
+ "title": "Approved",
+ "value": "approved"
+ }
+ ],
+ "isRequired": true,
+ "errorMessage": "Please select a status."
+ }
+ ],
+ "actions": [
+ {
+ "type": "Action.Submit",
+ "title": "Submit"
+ }
+ ]
+ }
+
+ ```
+
+1. Select the text `{{apiTitle}}` in the message and delete it. Enter `/` and select **Insert dynamic content**.
+ Under **Parse JSON**, select **Body title** to replace the selected text with the dynamic content.
+1. In **Recipient**, enter the email address of the individual who receives notifications.
+++
+### Step 4.7. Initialize variable - statusvar
+
+Add a workflow step to initialize the value of a variable that stores the API status value returned from the Teams adaptive card.
+
+1. Select **Add an action**.
+1. In the search box, enter *Variables*.
+1. Under **Variables**, select **Initialize variable**.
+1. In the **Initialize variable** pane:
+ 1. In **Name**, enter *statusvar*.
+ 1. In **Type**, select **String**.
+ 1. In **Value**, enter `@body('Post_adaptive_card_and_wait_for_a_response')?['data']?['apiStatus']`.
+++
+### Step 4.8. HTTP action - update API properties in Azure API Center
+
+Add a workflow step to make an HTTP PUT request to update the API properties in your API center.
+
+1. Select **Add an action**.
+1. In the search box, enter *HTTP*.
+1. Under **HTTP**, select **HTTP**.
+1. In the **HTTP** pane:
+ 1. In **URI**, enter `https://management.azure.com/` (including the trailing forward slash). After the forward slash, enter `/`, select **Insert dynamic content**, and then select the variables *subjectvar* and *versionvar*, in that order.
+ 1. In **Method**, select **PUT**.
+ 1. In **Body**, enter the following:
+ ```json
+ {
+ "properties": {
+ "customProperties": {
+ "api-status": "@variables('statusvar')"
+ },
+ "title": "@body('Parse_JSON')?['properties']?['title']",
+ "description": "@body('Parse_JSON')?['properties']?['description']",
+ "lifecycleStage": "@body('Parse_JSON')?['properties']?['lifecycleStage']",
+ "kind": "@body('Parse_JSON')?['properties']?['kind']"
+ }
+ }
+ ```
+ 1. Under **Advanced parameters**, select **Authentication**.
+ 1. In **Authentication type**, select **Managed Identity**.
+ 1. In **Managed identity**, select **System-assigned managed identity**.
+ 1. In **Audience**, enter `https://management.azure.com/`.
+++
+### Step 4.9. Save the workflow
+
+**Save** the workflow in the **Logic app designer**. When the workflow is complete, it should look similar to the following image:
++
+Confirm that the event subscription is provisioned successfully in your API center. It might take a few minutes for the event subscription to be provisioned.
+
+1. In the [Azure portal](https://portal.azure.com), navigate to your API center.
+1. In the left menu, select **Events** > **Event Subscriptions**.
+1. Check that the logic app is listed under **Name**, and the **Endpoint** is **Webhook**.
+
+
+## Step 5. Test the event subscription
+
+Test the event subscription by registering an API in your API center:
+
+1. In the [Azure portal](https://portal.azure.com), navigate to your API center.
+1. [Register an API](register-apis.md) in your API center. After the API is registered:
+ * The event subscription triggers the logic app workflow.
+ * The logic app workflow runs and sends a notification to the individual in Microsoft Teams.
+1. In Microsoft Teams, view the adaptive card, make an API status selection, and select **Submit**.
+ :::image type="content" source="media/set-up-notification-workflow/teams-adaptive-card.png" alt-text="Screenshot of adaptive card in Microsoft Teams.":::
+
+ The logic app workflow updates the *api-status* property in the API registration in your API center.
+1. In your API center, view the API details to see the updated value for the custom *api-status* property.
+
+ :::image type="content" source="media/set-up-notification-workflow/view-api-custom-property.png" alt-text="Screenshot of updated API registration in the portal.":::
+
+## View the logic app run history
+
+To get details about the logic app run and troubleshoot any issues:
+
+1. In the [Azure portal](https://portal.azure.com), navigate to your logic app.
+1. In the left menu, under **Development Tools**, select **Run History**.
+1. Select the run to see the details of each step.
+
+## Related content
+
+* [Event Grid schema for Azure API Center](../event-grid/event-schema-api-center.md)
+* [Webhooks, Automation runbooks, Logic Apps as event handlers for Azure Event Grid events](../event-grid/handler-webhooks.md)
expressroute Design Architecture For Resiliency https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/expressroute/design-architecture-for-resiliency.md
Users of ExpressRoute rely on the availability and performance of edge sites, WA
There are three ExpressRoute resiliency architectures that can be utilized to ensure high availability and resiliency in your network connections between on-premises and Azure. These architecture designs include: * [Maximum resiliency](#maximum-resiliency)
-* [High resiliency](#high-resiliencyin-preview)
+* [High resiliency](#high-resiliency)
* [Standard resiliency](#standard-resiliency) ### Maximum resiliency
The Maximum resiliency architecture in ExpressRoute is structured to eliminate a
:::image type="content" source="./media/design-architecture-for-resiliency/maximum-resiliency.png" alt-text="Diagram illustrating a pair of ExpressRoute circuits, configured at two distinct peering locations, between an on-premises network and Microsoft.":::
-### High resiliency - In Preview
+### High resiliency
High resiliency, also referred to as ExpressRoute Metro, enables the use of multiple sites within the same metropolitan (Metro) area to connect your on-premises network through ExpressRoute to Azure. High resiliency offers site diversity by splitting a single circuit across two sites. The first connection is established at one site and the second connection at a different site. The objective of ExpressRoute Metro is to mitigate the effect of edge-sites isolation and failures by introducing capabilities to enable site diversity. Site diversity is achieved by using a single circuit across paired sites within a metropolitan city, which offers resiliency to failures between edge and region. ExpressRoute Metro provides a higher level of site resiliency than Standard resiliency, but not as much as Maximum resiliency. ExpressRoute Metro architecture can be used for business and mission-critical workloads within a region. For more information, see [ExpressRoute Metro](metro.md)
extended-zones Request Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/extended-zones/request-access.md
Title: Request access to Azure Extended Zones
-description: Learn how to request and gain access to Azure Extended Zone using PowerShell or Azure CLI.
+description: Learn how to request and gain access to an Azure Extended Zone by using Azure PowerShell or Azure CLI.
Previously updated : 08/02/2024 Last updated : 10/18/2024 # Request access to an Azure Extended Zone
In this article, you learn how to request and gain access to an Azure Extended Z
# [**PowerShell**](#tab/powershell) -- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- A billable Azure account.
- Azure Cloud Shell or Azure PowerShell.
In this article, you learn how to request and gain access to an Azure Extended Z
# [**Azure CLI**](#tab/cli) -- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- A billable Azure account.
- Azure Cloud Shell or Azure CLI.
In this section, you register resource provider **Microsoft.EdgeZones** to your
To register for an Azure Extended Zone, you must select the subscription that you wish to register Azure Extended Zones for and specify the Extended Zone name.
+> [!NOTE]
+> The Azure account that you're using to register for Azure Extended Zones must be a billable account. To share your feedback or ask questions about Azure Extended Zones, contact [Azure Extended Zones support](mailto:aez-support@microsoft.com).
+ # [**PowerShell**](#tab/powershell) 1. Use [Get-AzEdgeZonesExtendedZone](/powershell/module/az.edgezones/get-azedgezonesextendedzone) cmdlet to list all Azure Extended Zones available to your subscription.
firewall Firewall Copilot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/firewall/firewall-copilot.md
For more information about writing effective Copilot for Security prompts, see [
:::image type="content" source="media/firewall-copilot/copilot-prompts-bar-sources.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.":::
- In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window. No additional configuration is necessary, as long as structured logs are being sent to a Log Analytics workspace and you have the right RBAC permissions, Copilot will find the data it needs to answer your questions.
+ In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window. No additional configuration is necessary, as long as structured logs are being sent to a Log Analytics workspace and you have the right RBAC permissions, Copilot will find the data it needs to answer your questions while respecting permissions.
:::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::
healthcare-apis Availability Zones https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/healthcare-apis/availability-zones.md
Here's a list of the availability zones for Azure Health Data Services.
- UK South - Sweden Central - Germany West Central*-- Qatar Central* - East US* - East US 2 - South Central US*
Here's a list of the availability zones for Azure Health Data Services.
- West US 3* - Canada Central
-Zones marked with a star ("*") have quota issues due to high demand. Enabling AZ features in these zones may take longer.
+Regions marked with a star ("*") have quota issues due to high demand. Enabling AZ features in these regions may take longer.
### Limitations
To enable the availability zone on a specific instance, customers need to submit
More information can be found atΓÇ»[Create an Azure support request](/azure/azure-portal/supportability/how-to-create-azure-support-request).
iot-operations Howto Configure Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-operations/manage-mqtt-broker/howto-configure-authentication.md
To link a BrokerListener to a *BrokerAuthentication* resource, specify the `auth
## Default BrokerAuthentication resource
-Azure IoT Operations Preview deploys a default *BrokerAuthentication* resource named `default` linked with the *default* listener in the `azure-iot-operations` namespace. It's configured to only use Kubernetes Service Account Tokens (SATs) for authentication. To inspect it, run:
+Azure IoT Operations Preview deploys a default *BrokerAuthentication* resource named `authn` linked with the *default* listener named `listener` in the `azure-iot-operations` namespace. It's configured to only use Kubernetes Service Account Tokens (SATs) for authentication. To inspect it, run:
```bash
-kubectl get brokerauthentication default -n azure-iot-operations -o yaml
+kubectl get brokerauthentication authn -n azure-iot-operations -o yaml
``` The output shows the default *BrokerAuthentication* resource, with metadata removed for brevity:
The output shows the default *BrokerAuthentication* resource, with metadata remo
apiVersion: mqttbroker.iotoperations.azure.com/v1beta1 kind: BrokerAuthentication metadata:
- name: default
+ name: authn
namespace: azure-iot-operations spec: authenticationMethods:
With multiple authentication methods, MQTT broker has a fallback mechanism. For
apiVersion: mqttbroker.iotoperations.azure.com/v1beta1 kind: BrokerAuthentication metadata:
- name: default
+ name: authn
namespace: azure-iot-operations spec: authenticationMethods:
iot-operations Howto Configure Brokerlistener https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener.md
Each listener port can have its own authentication and authorization rules that
Listeners have the following characteristics: -- You can have up to three listeners. One listener per service type of `loadBalancer`, `clusterIp`, or `nodePort`. The default *BrokerListener* named *default* is service type `clusterIp`.
+- You can have up to three listeners. One listener per service type of `loadBalancer`, `clusterIp`, or `nodePort`. The default *BrokerListener* named *listener* is service type `clusterIp`.
- Each listener supports multiple ports - BrokerAuthentication and BrokerAuthorization references are per port - TLS configuration is per port
To view or edit the listener:
To view the default *BrokerListener* resource, use the following command: ```bash
-kubectl get brokerlistener default -n azure-iot-operations -o yaml
+kubectl get brokerlistener listener -n azure-iot-operations -o yaml
``` The output should look similar to this, with most metadata removed for brevity:
The output should look similar to this, with most metadata removed for brevity:
apiVersion: mqttbroker.iotoperations.azure.com/v1beta1 kind: BrokerListener metadata:
- name: default
+ name: listener
namespace: azure-iot-operations spec: brokerRef: default serviceName: aio-broker serviceType: ClusterIp ports:
- - authenticationRef: default
+ - authenticationRef: authn
port: 18883 protocol: Mqtt tls:
To learn more about the default BrokerAuthentication resource linked to this lis
The default *BrokerListener* uses the service type *ClusterIp*. You can have only one listener per service type. If you want to add more ports to service type *ClusterIp*, you can update the default listener to add more ports. For example, you could add a new port 1883 with no TLS and authentication off with the following kubectl patch command: ```bash
-kubectl patch brokerlistener default -n azure-iot-operations --type='json' -p='[{"op": "add", "path": "/spec/ports/", "value": {"port": 1883, "protocol": "Mqtt"}}]'
+kubectl patch brokerlistener listener -n azure-iot-operations --type='json' -p='[{"op": "add", "path": "/spec/ports/", "value": {"port": 1883, "protocol": "Mqtt"}}]'
```
spec:
- port: 1883 protocol: Mqtt - port: 18883
- authenticationRef: default
+ authenticationRef: authn
protocol: Mqtt tls: mode: Automatic
modeling-simulation-workbench Disaster Recovery https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/modeling-simulation-workbench/disaster-recovery.md
Title: "Disaster recovery: Azure Modeling and Simulation Workbench"
description: This article provides an overview of disaster recovery for Azure Modeling and Simulation Workbench. -+ Last updated 08/21/2024
modeling-simulation-workbench Refresh Remote Connection Keys https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/modeling-simulation-workbench/refresh-remote-connection-keys.md
Title: Refresh remote connection keys in Azure Modeling and Simulation Workbench
description: Learn how to refresh remote connection keys in Azure Modeling and Simulation Workbench. -+ Last updated 09/05/2024 # Customer intent: As a Chamber User in Azure Modeling and Simulation Workbench, I want to refresh remote connection keys.
modeling-simulation-workbench Shared Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/modeling-simulation-workbench/shared-storage.md
Title: "Shared storage: Azure Modeling and Simulation Workbench"
description: This article provides an overview of shared storage for Azure Modeling and Simulation Workbench workbench component. -+ Last updated 08/21/2024
network-watcher Vnet Flow Logs Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/network-watcher/vnet-flow-logs-overview.md
Previously updated : 08/29/2024 Last updated : 10/20/2024 #CustomerIntent: As an Azure administrator, I want to learn about virtual network flow logs so that I can log my network traffic to analyze and optimize network performance.
Virtual network flow logs also avoid the need to enable multiple-level flow logg
In addition to existing support to identify traffic that [network security group rules](../virtual-network/network-security-groups-overview.md) allow or deny, Virtual network flow logs support identification of traffic that [Azure Virtual Network Manager security admin rules](../virtual-network-manager/concept-security-admins.md) allow or deny. Virtual network flow logs also support evaluating the encryption status of your network traffic in scenarios where you're using [virtual network encryption](../virtual-network/virtual-network-encryption-overview.md?toc=/azure/network-watcher/toc.json). > [!IMPORTANT]
-> We recommend disabling network security group flow logs before enabling virtual network flow logs on the same underlying workloads to avoid duplicate traffic recording and additional costs. If you enable network security group flow logs on the network security group of a subnet, then you enable virtual network flow logs on the same subnet or parent virtual network, you might get duplicate logging (both network security group flow logs and virtual network flow logs generated for all supported workloads in that particular subnet).
+> We recommend disabling network security group flow logs before enabling virtual network flow logs on the same underlying workloads to avoid duplicate traffic recording and additional costs.
+>
+> If you enable network security group flow logs on the network security group of a subnet, then you enable virtual network flow logs on the same subnet or parent virtual network, you might get duplicate logging or only virtual network flow logs.
## How logging works
In the following example of virtual network flow logs, multiple records follow t
"time": "2022-09-14T09:00:52.5625085Z", "flowLogVersion": 4, "flowLogGUID": "66aa66aa-bb77-cc88-dd99-00ee00ee00ee",
- "macAddress": "00224871C205",
+ "macAddress": "112233445566",
"category": "FlowLogFlowEvent",
- "flowLogResourceID": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/NETWORKWATCHERRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKWATCHERS/NETWORKWATCHER_EASTUS2EUAP/FLOWLOGS/VNETFLOWLOG",
- "targetResourceID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet",
+ "flowLogResourceID": "/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/RESOURCEGROUPS/NETWORKWATCHERRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKWATCHERS/NETWORKWATCHER_EASTUS2EUAP/FLOWLOGS/VNETFLOWLOG",
+ "targetResourceID": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet",
"operationName": "FlowLogFlowEvent", "flowRecords": { "flows": [ {
- "aclID": "00000000-1234-abcd-ef00-c1c2c3c4c5c6",
+ "aclID": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee",
"flowGroups": [ { "rule": "DefaultRule_AllowInternetOutBound",
In the following example of virtual network flow logs, multiple records follow t
] }, {
- "aclID": "01020304-abcd-ef00-1234-102030405060",
+ "aclID": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee",
"flowGroups": [ { "rule": "BlockHighRiskTCPPortsFromInternet",
In the following example of virtual network flow logs, multiple records follow t
:::image type="content" source="media/vnet-flow-logs-overview/vnet-flow-log-format.png" alt-text="Table that shows the format of a virtual network flow log."lightbox="media/vnet-flow-logs-overview/vnet-flow-log-format.png"
-Here's an example bandwidth calculation for flow tuples from a TCP conversation between `203.0.113.105:35370` and `10.2.0.4:23`:
+Here's an example bandwidth calculation for flow tuples from a TCP conversation between `203.0.113.105:35370` and `10.0.0.5:23`:
-`1493763938,203.0.113.105,10.2.0.4,35370,23,6,I,B,NX,,,,`
-`1493695838,203.0.113.105,10.2.0.4,35370,23,6,I,C,NX,1021,588096,8005,4610880`
-`1493696138,203.0.113.105,10.2.0.4,35370,23,6,I,E,NX,52,29952,47,27072`
+`1708978215,203.0.113.105,10.0.0.5,35370,23,6,I,B,NX,,,,`
+`1708978215,203.0.113.105,10.0.0.5,35370,23,6,I,C,NX,1021,588096,8005,4610880`
+`1708978215,203.0.113.105,10.0.0.5,35370,23,6,I,E,NX,52,29952,47,27072`
For continuation (`C`) and end (`E`) flow states, byte and packet counts are aggregate counts from the time of the previous flow's tuple record. In the example conversation, the total number of packets transferred is 1,021 + 52 + 8,005 + 47 = 9,125. The total number of bytes transferred is 588,096 + 29,952 + 4,610,880 + 27,072 = 5,256,000.
-## Storage account considerations for virtual network flow logs
+## Storage account considerations for virtual network flow logs
- **Location**: The storage account must be in the same region as the virtual network. - **Subscription**: The storage account must be in the same subscription of the virtual network or in a subscription associated with the same Microsoft Entra tenant of the virtual network's subscription.
orbital About Ground Stations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/about-ground-stations.md
Title: About Microsoft and partner ground stations description: Offers specifications and definitions for Microsoft ground stations and partner ground station network. -+ Last updated 10/20/2023
orbital Concepts Contact Profile https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/concepts-contact-profile.md
Title: Azure Orbital Ground Station - Contact profile resource description: Learn more about the contact profile resource, including how to create, modify, and delete the profile. -+ Last updated 07/13/2022
orbital Concepts Contact https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/concepts-contact.md
Title: Contact resource - Azure Orbital Ground Station description: Learn more about a contacting your spacecraft and resource and how to schedule and execute a contact on a ground station. -+ Last updated 07/13/2022
orbital Contact Profile https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/contact-profile.md
Title: Azure Orbital Ground Station - Configure a contact profile description: Learn how to configure a contact profile with Azure Orbital Ground Station to save and reuse contact configurations. -+ Last updated 12/06/2022
orbital Downlink Aqua https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/downlink-aqua.md
Title: Downlink data from public satellites description: Learn how to schedule a contact with public satellites by using the Azure Orbital Ground Station service. -+ Last updated 07/12/2022
orbital Geospatial Reference Architecture https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/geospatial-reference-architecture.md
Title: Geospatial reference architecture - Azure Orbital description: A high-level approach to using cloud-native capabilities, open-source and commercial software options to architect end-to-end geospatial data on Azure. -+ Last updated 06/13/2022
orbital Get Started https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/get-started.md
Title: Azure Orbital Ground Station - Get started description: How to get started with Azure Orbital Ground Station, used to communicate with a private satellite or a selection of public satellites. -+ Last updated 8/4/2023
orbital Initiate Licensing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/initiate-licensing.md
Title: Initiate ground station licensing description: How to initiate ground station licensing. Satellites and ground stations require authorizations from federal regulators and other government agencies. -+ Last updated 10/12/2023
orbital Mission Phases https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/mission-phases.md
Title: Azure Orbital Ground Station - Mission Phases description: Points users to relevant resources, like secure access to communication products and services, depending on the phase of their mission. -+ Last updated 10/12/2023
orbital Modem Chain https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/modem-chain.md
Title: Configure the RF chain - Azure Orbital description: Learn more about how to configure modems, either managed modems or virtual RF functionality using the Azure Orbital Ground Station service. -+ Last updated 08/30/2022
orbital Organize Stac Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/organize-stac-data.md
Title: Organize spaceborne geospatial data with STAC description: Create an implementation of SpatioTemporal Asset Catalog (STAC) creation to structure geospatial data. -+ Last updated 09/29/2022
orbital Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/overview.md
Title: Azure Orbital Ground Station - Overview description: Azure Orbital Ground Station is a cloud-based ground station as a service. Use the service to streamline operations by ingesting space data directly into Azure. -+ Last updated 12/06/2022
orbital Prepare For Launch https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/prepare-for-launch.md
Title: Prepare for launch and early operations description: Steps to prepare for an upcoming satellite launch and acquire your satellite with Azure Orbital Ground Station. -+ Last updated 10/12/2023
orbital Prepare Network https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/prepare-network.md
Title: Prepare network to send and receive data - Azure Orbital description: Learn how to deliver and receive data from Azure Orbital. Ensure your subnet and Azure Orbital Ground Station resources are configured correctly -+ Last updated 07/12/2022
orbital Receive Real Time Telemetry https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/receive-real-time-telemetry.md
Title: Receive real-time telemetry - Azure Orbital description: Learn how to receive real-time telemetry during contacts. Configure your contact profile to send telemetry events to Azure Event Hubs. -+ Last updated 07/12/2022
orbital Register Spacecraft https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/register-spacecraft.md
Title: Azure Orbital Ground Station - register spacecraft description: Learn how to register a spacecraft. To contact a satellite, it must be registered and authorized as a spacecraft resource with Azure Orbital Ground Station -+ Last updated 07/13/2022
orbital Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/resource-graph-samples.md
Title: Sample Queries for Azure Orbital Ground Station description: Provides a sample collection of Azure Resource Graph queries to be used for Azure Orbital Ground Station. -+ Last updated 09/08/2023
orbital Sar Reference Architecture https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/sar-reference-architecture.md
Title: Process Synthetic Aperture Radar (SAR) data description: View a reference architecture that enables processing SAR/Remote Sensing data on Azure by using Apache Spark on Azure Synapse. -+ Last updated 10/20/2022
orbital Schedule Contact https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/schedule-contact.md
Title: Azure Orbital Ground Station - schedule a contact description: Learn how to schedule a contact with your satellite for data retrieval and delivery on Azure Orbital Ground Station. -+ Last updated 12/06/2022
orbital Spacecraft Object https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/spacecraft-object.md
Title: Spacecraft resource - Azure Orbital Ground Station description: Learn about how you can represent your spacecraft details--Ephemeris, Links, and Authorizations--in Azure Orbital Ground Station. -+ Last updated 07/13/2022
orbital Update Tle https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/update-tle.md
Title: Azure Orbital Ground Station - update spacecraft TLE description: Update the spacecraft Two-Line Element (TLE) of an existing spacecraft resource before you schedule a contact. -+ Last updated 12/06/2022
orbital Virtual Rf Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/orbital/virtual-rf-tutorial.md
Title: Virtual RF via demodulation of Aqua using GNU Radio description: Learn how to use virtual RF (vRF) instead of a managed modem. Receive a raw RF signal from NASA's Aqua public satellite and process it in GNU Radio. -+ Last updated 04/21/2023
storage Smb Performance https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/files/smb-performance.md
Register-AzProviderFeature -FeatureName AzurePremiumFilesMetadataCacheFeature -P
Currently the metadata caching preview is only available in the following Azure regions. To request additional region support, [sign up for the public preview](https://aka.ms/PremiumFilesMetadataCachingPreview).
+- Asia East
- Australia Central
+- Brazil South
+- Canada Central
+- France Central
+- Germany West Central
+- Japan East
+- Japan West
- Jio India West
+- India Central
- India South
+- Korea Central
- Mexico Central - Norway East - Poland Central
+- Qatar Central
- Spain Central - Sweden Central - Switzerland North - UAE North
+- UK West
+- UK South Central
+- US West Central
- US West 3 > [!TIP]
update-manager Update Manager Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/update-manager-faq.md
Title: Azure Update Manager FAQ
description: This article gives answers to frequently asked questions about Azure Update Manager Previously updated : 09/06/2024 Last updated : 10/10/2024 #Customer intent: As an implementer, I want answers to various questions.
Yes, you can, as Azure Update Manager is available in sovereign clouds.
### What is the pricing for Azure Update Manager?
-Azure Update Manager is available at no extra charge for managing Azure VMs and Arc-enabled Azure Stack HCI VMs (for which Azure Benefits are enabled). For Arc-enabled Servers, the price is $5 per server per month (assuming 31 days of usage).
+Azure Update Manager is available at no extra charge for managing Azure VMs and [Arc-enabled Azure Stack HCI VMs](https://learn.microsoft.com/azure-stack/hci/manage/azure-arc-vm-management-overview) (must be created through Arc Resource Bridge on Azure Stack HCI). For all other Arc-enabled Servers, the price is $5 per server per month (assuming 31 days of usage).
### How is Azure Update Manager price calculated for Arc-enabled servers?
Customers will not be charged for already existing Arc-enabled servers which wer
If you have purchased a Defender for Servers Plan 2, then you won't have to pay to remediate the unhealthy resources for the above two recommendations. But if you're using any other Defender for server plan for your Arc machines, then you would be charged for those machines at the daily prorated $0.16/server by Azure Update Manager. ### Is Azure Update Manager chargeable on Azure Stack HCI?
-Azure Update Manager is not charged for machines hosted Azure Stack HCI clusters that have been enabled for Azure benefits and Azure Arc VM management. [Learn more](/azure-stack/hci/manage/azure-benefits?tabs=wac#azure-benefits-available-on-azure-stack-hci).
+Azure Update Manager is not charged for:
+ - Management of Azure Stack HCI cluster via **Azure Stack HCI** and [Azure Update Manager on Azure Stack HCI](https://learn.microsoft.com/azure-stack/hci/update/azure-update-manager-23h2)
+ - [Arc-enabled Azure Stack HCI VMs](https://learn.microsoft.com/azure-stack/hci/manage/azure-arc-vm-management-overview) created via the Arc Resource Bridge. For example *Machine-Azure Arc (Azure Stack HCI)* resource.
+
+All other resources including, but not limited to the following will be charged.
+ - Management of individual Azure Stack HCI servers. For example, *Machine - Azure Arc* resource or *Azure Update Manager - Machines*.
+ - All VMs on Azure Stack HCI that are not created by Arc resource bridge - VMs projected as Arc-enabled servers and/or VMs on Azure Stack HCI managed by Azure Arc-enabled SCVMM.
## Update Manager support and integration