+> [!NOTE]

+> It can take 30 to 40 minutes to create and activate an API Management service.

+ Title: '.NET Framework: dynamic configuration in App Configuration'

+description: Learn how to dynamically update configuration data for Spring Boot apps using Azure App Configuration.

+`spring-cloud-azure-appconfiguration-config-web`'s automated refresh is triggered based on activity, specifically Spring Web's `ServletRequestHandledEvent`. If a `ServletRequestHandledEvent` isn't triggered, `spring-cloud-azure-appconfiguration-config-web`'s automated refresh doesn't trigger a refresh even if the cache expiration time has expired.

+App Configuration exposes `AppConfigurationRefresh`, which can be used to check if the cache is expired. If it's expired, a refresh is triggered.

+1. To use `AppConfigurationRefresh`, update HelloController.

+1. Update `bootstrap.properties` to enable refresh:

+1. Open a browser window, and go to the URL: `http://localhost:8080`. You see the message associated with your key.

+> The library only checks for changes on the after the refresh interval has passed. If the period hasn't passed then no change is displayed. Wait for the period to pass, then trigger the refresh check.

+1. Open a browser window, and go to the URL: `http://localhost:8080`. You now see the message associated with your key.

+> The library only checks for changes on after the refresh interval has passed. If the refresh interval hasn't passed, then it doesn't check for changes. Wait for the interval to pass, then trigger the refresh check.

+ Title: "Use dynamic configuration using push refresh - Java Spring"

+1. Open the App Configuration resource in the Azure portal, then select `+ Event Subscription` in the `Events` pane.

+1. Select `Create` to create the event subscription. When `Create` is selected a registration request for the Web Hook will be sent to your application. This is received by the Azure App Configuration client library, verified, and returns a valid response.

+1. Select `Event Subscriptions` in the `Events` pane to validate that the subscription was created successfully.

+All of the group and artifact IDs in the Azure libraries for Spring Boot are updated to match a new format. The new package names are:

+[Spring Cloud Azure common configuration properties](/azure/developer/java/spring-framework/configuration) enable you to customize your connections to Azure services. The new App Configuration library picks up any global or App Configuration setting that's configured with Spring Cloud Azure common configuration properties. Your connection to App Configuration changes if the configurations are set for another Spring Cloud Azure library.

+ Title: Using Azure App Configuration in Python apps with the Azure SDK for Python

+- **Semantic Caching**. Reduce the cost and latency of LLMs by caching LLM completions. LLM queries are compared using vector similarity. If a new query is similar enough to a previously cached query, the cached query is returned. [Semantic Caching example using LangChain](https://python.langchain.com/docs/integrations/llm_caching/#redis-cache)

+- **Redis Modules**: Enterprise tiers support [RediSearch](https://redis.io/docs/latest/operate/oss_and_stack/stack-with-enterprise/search/), [RedisBloom](https://redis.io/docs/latest/operate/oss_and_stack/stack-with-enterprise/bloom/), [RedisTimeSeries](https://redis.io/docs/latest/develop/data-types/timeseries/), and [RedisJSON](https://redis.io/docs/latest/operate/oss_and_stack/stack-with-enterprise/json/). These modules add new data types and functionality to Redis.

+### Considerations when editing networking features

+* You should only use the edit network features option for an [application volume group for SAP HANA](application-volume-group-introduction.md) if you have enrolled in the [extension one preview](application-volume-group-introduction.md#extension-1-features), which adds support for Standard network features.

+* If you enabled both the `ANFStdToBasicNetworkFeaturesRevert` and `ANFBasicToStdNetworkFeaturesUpgrade` AFECs and are using 1 or 2-TiB capacity pools, see [Resize a capacity pool or a volume](azure-netapp-files-resize-capacity-pools-or-volumes.md) for information about sizing your capacity pools.

+* <a name="no-downtime"></a> Azure NetApp Files supports a non-disruptive upgrade to Standard network features and a revert to Basic network features. This operation is expected to take at least 25 minutes. You can't create a regular or data protection volume or application volume group while the edit network feature operation is underway. This feature is currently in **preview** in the Australia East, Central India, North Central US, and Switzerland North regions. In all other regions, updating network features can cause a network disruption on the volumes for up to 5 minutes.

+> You can also revert the option from *Standard* back to *Basic* network features. Before performing the revert operation, you must submit a waitlist request through the **[Azure NetApp Files standard networking features (edit volumes) Request Form](https://aka.ms/anfeditnetworkfeatures)**. The revert capability can take approximately one week to be enabled after you submit the waitlist request. You can check the status of the registration by using the following command:

+### Edit network features

+

+## October 2024

+* [Edit network features enhancement: no downtime](configure-network-features.md#no-downtime) (Preview)

+ Azure NetApp Files now supports the ability to edit network features (that is, upgrade from Basic to Standard network features) with no downtime for Azure NetApp Files volumes. Standard Network Features provide you with an enhanced virtual networking experience for a seamless and consistent experience along with security posture for Azure NetApp Files.

+ This feature is currently in preview in the Australia East, Central India, North Central US, and Switzerland North regions.

+If you see the following output in the pane, check whether you have added the `dotnetAcquisitionExtension.existingDotnetPath` setting to VS Code. If this setting is present, remove it and restart VS Code. See [User and Workspace Settings](https://code.visualstudio.com/docs/getstarted/settings) for configuring Visual Studio Code settings.

+> For the best and most secure experience, we strongly recommend updating your Visual Studio installation to the [latest Long-Term Support (LTS) version](/visualstudio/install/update-visual-studio). Upgrading will improve both the reliability and overall performance of your Visual Studio environment. If you choose not to upgrade, you may encounter the issues documented in [Issues when creating and deploying Azure resource groups through Visual Studio](https://learn.microsoft.com/troubleshoot/developer/visualstudio/ide/troubleshoot-create-deploy-resource-group).

+1. Search **resource group**, and then select the **Azure Resource Group (extended support)** project template and **Next**.

+ :::image type="content" source="./media/create-visual-studio-deployment-project/add-app.png" alt-text="Screenshot of Create a new project window highlighting Azure Resource Group and Next button.":::

+1. You can add a resource by right-clicking **resources** and selecting **Add New Resource**.

+ :::image type="content" source="./media/create-visual-studio-deployment-project/arm-vs-create-aspnet-core-web-app.png" alt-text="Screenshot of the New Project window with ASP.NET Core Web Application selected.":::

+1. There are some new parameters added in the previous step.

+ :::image type="content" source="./media/create-visual-studio-deployment-project/new-parameters.png" alt-text="Screenshot of the new parameters.":::

+ You don't need to provide values for **_artifactsLocation** or **_artifactsLocationSasToken** because those values are automatically generated. However, you have to set the folder and file name to the path that contains the deployment package. The names of these parameters end with **PackageFolder** and **PackageFileName**. The first part of the name is the name of the Web Deploy resource you added. In this article, they're named **ExampleAppPackageFolder** and **ExampleAppPackageFileName**.

+

+> For the best and most secure experience, we strongly recommend updating your Visual Studio installation to the [latest Long-Term Support (LTS) version](/visualstudio/install/update-visual-studio). Upgrading will improve both the reliability and overall performance of your Visual Studio environment. If you choose not to upgrade, you may encounter the issues documented in [Issues when creating and deploying Azure resource groups through Visual Studio](https://learn.microsoft.com/troubleshoot/developer/visualstudio/ide/troubleshoot-create-deploy-resource-group).

+ Title: Use Portable VMware Cloud Foundations (VCF) on Azure VMware Solution

+description: Bring your own portable VMware Cloud Foundations (VCF) on Azure VMware Solution

+# Use Portable VMware Cloud Foundations (VCF) on Azure VMware Solution

+This article discusses how to modernize your VMware workloads by bringing your portable VMware Cloud Foundations (VCF) to Azure VMware Solutions and take advantage of incredible cost savings as you modernize your VMware workloads. With Azure VMware Solution, you access both the physical infrastructure and the licensing entitlements for the entire VMware software-defined datacenter (SDDC) stack, including vSphere, ESXi, NSX networking, NSX Firewall, and HCX. With the new VCF subscription portability option, you can apply your on-premises VCF entitlements, purchased from Broadcom, directly to the Azure VMware Solution infrastructure. This flexibility means you can seamlessly integrate your VMware assets into a fully managed, state-of-the-art Azure environment, maximizing efficiency and cutting costs. Upgrade with confidence and experience the power and flexibility of Azure VMware Solution today!

+Private Cloud on the portable VCF offering, must have prepurchase Firewall add-on from Broadcom along with the VCF subscription to use the vDefend Firewall on Azure VMware Solution. Prior to using the vDefend Firewall software on Azure VMware Solution ensure you register your Firewall add-on with Microsoft. For detailed instructions on how to register your portable VCF, see "Register your portable VCF with Azure VMware Solution" later in this article.

+> Your portable VCF is applied at the host level and must cover all the physical cores on a host. For example, if each host in Azure VMware Solution has 36 cores and you intend to have a Private Cloud with 3 nodes, the portable VCF must cover 108 (3*36) cores.

+>In the current version, if you want to use your own portable VCF on your Azure subscription for the Azure VMware Solution workloads, all the nodes (cores) in that subscription including multiple Private Clouds need to be purchased through Broadcom and covered under your Broadcom portable VCF contract. At the moment, you're required to bring portable VCF entitlements that cover cores for all the nodes deployed within your Azure subscription.

+## Purchasing VCF subscription portability offering on Azure VMware Solution

+We offer three flexible commitments and pricing options for using your portable VCF on Azure VMware Solution. You can choose from pay-as-you-go, 1-year Reserved Instance (RI), and 3-year RI options. **NOTE:** 3-year RI option is discontinued for AV36 node type.

+To take advantage of the Reserved Instance (RI) pricing for the portable VCF offering on Azure VMware Solution, purchase an RI under the Product Name- VCF BYOL. For example, if your private cloud uses AV36P nodes, you must [purchase the Reserved Instance](/azure/azure-vmware/reserved-instance?toc=%2Fazure%2Fcost-management-billing%2Freservations%2Ftoc.json#buy-a-reservation) for the Product Name- AV36P VCF BYOL. To use the pay-as-you-go pricing for the portable VCF offering, you only need to register your VCF subscription.

+>[!IMPORTANT]

+> If you are converting your existing Azure VMware Solution private cloud to leverage the portable VCF pricing, you must ensure to exchange the existing Reserve Instance (RI) on your subscription to VCF BYOL RI. Unless you have RI under \<node-type\>-VCF BYOL, you will be charged the VCF BYOL pay-as-you-go pricing.

+## Request host quota with VCF subscription portability

+To request quota for portable VCF offering, provide the following additional information in the **Description** of the support ticket:

+- Add the following statement as is, by replacing "N" with the "Number of VCF BYOL cores" you purchased from Broadcom for VCF portability to Azure VMware Solutions:

+**"I acknowledge that I have procured portable VCF subscription from Broadcom for "N" cores to use with Azure VMware Solutions."**

+>Portable VCF is applied at the host level and must cover all the physical cores on a host.

+>Hence, quota will be approved only for the maximum number of nodes which the portable VCF covers. For example, if you have purchased 1000 cores for portability and requesting for AV36P, you can get a maximum of 27 nodes quota approved for your subscription.

+## Register your portable VCF with Azure VMware Solution

+To get your quota request approved, you must first register the portable VCF details with Microsoft. Quota will be approved only after the entitlements are provided. Expect to receive a response in 1 to 2 business days.

+### How to register the VCF subscription keys

+- Email your portable VCF entitlements (and VMware vDefender Firewall license entitlements if to enable vDefender Firewall on Azure VMware Solution) to the following email address: registeravsvcfbyol@microsoft.com.

+>The "Qty" represents the number of cores eligible for VCF portability. Your quota request should not surpass the number of nodes equivalent to your entitled cores from Broadcom. If your quota request exceeds the approved cores, the quota request will be granted only for the number of nodes that are fully covered by the entitled cores.

+> The portable VCF entitlements submitted to Microsoft will be securely retained for our reporting purpose. You can request the permanent deletion of this data from Microsoft's systems at any time. Once the automated validation process is in place, your data will be automatically deleted from all Microsoft systems, which may take up to 120 days. Additionally, all your VCF entitlement data will be permanently deleted within 120 days any time you migrate to an Azure VMware Solution-owned VCF solution.

+You can create your Azure VMware Solution private cloud the same way as today regardless of your licensing method, that is, whether you bring your own portable VCF or use the Azure VMware Solution-owned VCF subscription. [Learn more](/azure/azure-vmware/plan-private-cloud-deployment). Your decision of licensing is a cost optimization choice and doesn't affect your deployment workflow.

+"I want to purchase my VCF subscription from Broadcom and use the portable VCF offering on Azure VMware Solution."

+1. Create quota request for AV36P nodes. Declare your own VCF portable subscription intent and the number of cores you're entitled for portability.

+3. Optional- to use the Reserved Instance pricing purchase AV36P VCF BYOL Reserved Instance. You can skip this step to use the pay-as-you-go pricing for the portable VCF.

+"I want to let Azure VMware Solution manage my VCF subscription for all my Azure VMware Solution private cloud."

+If you're currently managing your own VCF subscription for Azure VMware Solution and wish to transition to Azure VMware Solution-owned VCF subscription, you can easily make the switch without any changes to your private cloud.

+If you're an existing Azure VMware Solution customer and wish to transition to the portable VCF (VCF BYOL) offering, you can also easily make the switch without any changes to your private cloud deployments by registering your portable VCF entitlements with Microsoft.

+2. Exchange RI- If you have any active RI with VCF BYOL, exchange them for non-VCF BYOL RI. For instance, you can [exchange your AV36P VCF BYOL RI for an AV36P or vice versa](/azure/cost-management-billing/reservations/exchange-and-refund-azure-reservations).

+**NOTE:** If you have RIs for your current deployments, ensure to exchange RI for the right Product Name to continue to get the discounted RI pricing. Without this step, you will incur the pay-as-you-go cost.

+>You need to purchase the portable VCF entitlements from Broadcom for all cores that match your current Azure VMware Solution deployment. For instance, if your Azure subscription has a private cloud with 100 AV36P nodes, you must purchase portable VCF for atleast 3600 cores from Broadcom to convert to VCF BYOL offering.

+## "Onboarding to portable VCF on Azure VMware Solution" Checklist

+**Scenario 1:**

+"I am converting existing AVS private cloud to VCF BYOL."

+1. Get your portable VCF subscription from Broadcom.

+2. If you have an RI purchased, exchange the RI to the corresponding VCF BYOL RI.

+3. Register your portable VCF with Azure VMware Solution.

+**Scenario 2:**

+"I am creating a new AVS private cloud with VCF BYOL."

+1. Get your portable VCF subscription from Broadcom.

+2. [Request host quota](/azure/azure-vmware/request-host-quota-azure-vmware-solution) for Azure VMware Solution.

+3. If you intend to leverage the RI pricing, purchase the RI under the "VCF BYOL" product name.

+**NOTE:** If you register your portable VCF without this step, you will be charged BYOL pay-as-you-go pricing by default for your usage. To leverage the RI pricing, ensure the RI purchase under the right region, host count, and product name (VCF BYOL in this case).

+NVMe/[ephemeral disks](/azure/virtual-machines/ephemeral-os-disks) | Supported.

+ Title: What's new in Azure Bastion?

+description: Learn what's new with Azure Bastion, such as the latest release notes, known issues, bug fixes, deprecated functionality, and upcoming changes.

+# What's new in Azure Bastion?

+Azure Bastion is updated regularly. Stay up to date with the latest announcements. This article provides you with information about:

+* Recent releases

+* Previews underway with known limitations (if applicable)

+* Deprecated functionality (if applicable)

+You can also find the latest Bastion updates and subscribe to the RSS feed [here](https://azure.microsoft.com/blog/product/azure-bastion/).

+## Recent releases and announcements

+| Type | Name | Description | Date added | Limitations |

+||||||

+| Feature | [Microsoft Entra ID support for portal (SSH)](bastion-connect-vm-ssh-linux.md#microsoft-entra-id-authentication) |Microsoft Entra ID support for SSH connections in portal is now GA. | July 2024 | N/A|

+|Feature | [Graphical session recording](session-recording.md) | Graphical session recording is now in public preview in all regions that Bastion is available in. | June 2024 | Can't currently be used with native client.

+| Feature | [Private Only Bastion](private-only-deployment.md)| Private Only Bastion is now in public preview in all regions that Bastion is available in.| June 2024 | N/A|

+| SKU | [Bastion Premium SKU](bastion-overview.md#sku)| Bastion Premium SKU is now in public preview in all regions that Bastion is available in. | June 2024 | N/A|

+|Feature | [Availability Zones for Bastion](../reliability/reliability-bastion.md?toc=/azure/bastion/TOC.json) |Availability Zones is now in public preview as a customer-enabled feature in select regions. | May 2024 | See available region list [here](../reliability/reliability-bastion.md?toc=%2Fazure%2Fbastion%2FTOC.json#prerequisites).

+|SKU | [Bastion Developer SKU](quickstart-developer-sku.md) | Bastion Developer SKU is now in GA for select regions. | May 2024 | See available region list [here](quickstart-developer-sku.md#about-the-developer-sku).

+## Next steps

+* [What is Azure Bastion?](bastion-overview.md)

+* [Bastion FAQ](bastion-faq.md)

+* [Bastion SKUs](bastion-overview.md#sku)

+ Title: 'Deploy an Azure Batch account and two pools with a start task - Terraform'

+description: In this article, you deploy an Azure Batch account and two pools with a start task using Terraform.

+#customer intent: As a Terraform user, I want to see how to create an Azure resource group, Storage account, Batch account, and two Batch pools with different scaling configurations.

+content_well_notification:

+ - AI-contribution

+ai-usage: ai-assisted

+# Deploy an Azure Batch account and two pools with a start task - Terraform

+In this quickstart, you create an Azure Batch account, an Azure Storage account, and two Batch pools using Terraform. Batch is a cloud-based job scheduling service that parallelizes and distributes the processing of large volumes of data across many computers. It's typically used for tasks like rendering 3D graphics, analyzing large datasets, or processing video. In this case, the resources created include a Batch account (which is the central organizing entity for distributed processing tasks), a Storage account for holding the data to be processed, and two Batch pools, which are groups of virtual machines that execute the tasks.

+> [!div class="checklist"]

+> * Specify the required version of Terraform and the required providers.

+> * Define the Azure provider with no additional features.

+> * Define variables for the resource group location and name prefix.

+> * Generate a random name for the Azure resource group.

+> * Create a resource group with the generated name at a specified location.

+> * Generate a random string for the Storage account name.

+> * Create a Storage account with the generated name in the created resource group.

+> * Generate a random string for the Batch account name.

+> * Create a Batch account with the generated name in the created resource group and linked to the created Storage account.

+> * Generate a random name for the Batch pool.

+> * Create a Batch pool with a fixed scale in the created resource group and linked to the created Batch account.

+> * Create a Batch pool with autoscale in the created resource group and linked to the created Batch account.

+> * Output the names of the created resource group, Storage account, Batch account, and both Batch pools.

+## Prerequisites

+- Create an Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

+- [Install and configure Terraform](/azure/developer/terraform/quickstart-configure).

+## Implement the Terraform code

+> [!NOTE]

+> The sample code for this article is located in the [Azure Terraform GitHub repo](https://github.com/Azure/terraform/tree/master/quickstart/101-batch-pools-with-start-task). You can view the log file containing the [test results from current and previous versions of Terraform](https://github.com/Azure/terraform/tree/master/quickstart/101-batch-pools-with-start-task/TestRecord.md).

+>

+> See more [articles and sample code showing how to use Terraform to manage Azure resources](/azure/terraform).

+1. Create a directory in which to test and run the sample Terraform code, and make it the current directory.

+1. Create a file named `main.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-start-task/main.tf":::

+1. Create a file named `outputs.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-start-task/outputs.tf":::

+1. Create a file named `providers.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-start-task/providers.tf":::

+1. Create a file named `variables.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-start-task/variables.tf":::

+## Initialize Terraform

+## Create a Terraform execution plan

+## Apply a Terraform execution plan

+## Verify the results

+### [Azure CLI](#tab/azure-cli)

+Run [`az batch account show`](/cli/azure/batch/account#az-batch-account-show) to view the Batch account.

+```azurecli

+az batch account show --name <batch_account_name> --resource-group <resource_group_name>

+```

+In the above command, replace `<batch_account_name>` with the name of your Batch account and `<resource_group_name>` with the name of your resource group.

+## Clean up resources

+## Troubleshoot Terraform on Azure

+[Troubleshoot common problems when using Terraform on Azure](/azure/developer/terraform/troubleshoot).

+## Next steps

+> [!div class="nextstepaction"]

+> [See more articles about Batch accounts](/search/?terms=Azure%20batch%20account%20and%20terraform).

+ Title: 'Deploy an Azure Batch account and two pools - Terraform'

+description: In this article, you deploy an Azure Batch account and two pools using Terraform.

+#customer intent: As a Terraform user, I want to see how to create an Azure resource group, Storage account, Batch account, and two Batch pools with different scaling configurations.

+content_well_notification:

+ - AI-contribution

+ai-usage: ai-assisted

+# Deploy an Azure Batch account and two pools - Terraform

+In this quickstart, you create an Azure Batch account, an Azure Storage account, and two Batch pools using Terraform. Batch is a cloud-based job scheduling service that parallelizes and distributes the processing of large volumes of data across many computers. It's typically used for parametric sweeps, Monte Carlo simulations, financial risk modeling, and other high-performance computing applications. A Batch account is the top-level resource in the Batch service that provides access to pools, jobs, and tasks. The Storage account is used to store and manage all the files that are used and generated by the Batch service, while the two Batch pools are collections of compute nodes that execute the tasks.

+> [!div class="checklist"]

+> * Specify the required version of Terraform and the required providers.

+> * Define the Azure provider with no additional features.

+> * Define variables for the location of the resource group and the prefix of the resource group name.

+> * Generate a random name for the resource group using the provided prefix.

+> * Create an Azure resource group with the generated name at the specified location.

+> * Generate a random string to be used as the name for the Storage account.

+> * Create a Storage account with the generated name in the created resource group, at the same location, and with a standard account tier and locally redundant Storage replication type.

+> * Generate another random string to be used as the name for the Batch account.

+> * Create a Batch account with the generated name in the created resource group, at the same location, and link it to the created Storage account with Storage keys authentication mode.

+> * Generate a random name for the Batch pool with a "pool" prefix.

+> * Create a Batch pool with a fixed scale using the generated name in the created resource group, linked to the created Batch account, with a standard A1 virtual machine (VM) size, Ubuntu 22.04 node agent SKU, and a start task that echoes 'Hello World from $env' with a maximum of one retry and waits for success.

+> * Create another Batch pool with auto scale, using the same generated name, in the created resource group, linked to the created Batch account, with a standard A1 VM size, Ubuntu 22.04 node agent SKU, and an autoscale formula.

+> * Output the names of the created resource group, Storage account, Batch account, and both Batch pools.

+## Prerequisites

+- Create an Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

+- [Install and configure Terraform](/azure/developer/terraform/quickstart-configure).

+## Implement the Terraform code

+> [!NOTE]

+> The sample code for this article is located in the [Azure Terraform GitHub repo](https://github.com/Azure/terraform/tree/master/quickstart/101-batch-pools-with-job). You can view the log file containing the [test results from current and previous versions of Terraform](https://github.com/Azure/terraform/tree/master/quickstart/101-batch-pools-with-job/TestRecord.md).

+>

+> See more [articles and sample code showing how to use Terraform to manage Azure resources](/azure/terraform).

+1. Create a directory in which to test and run the sample Terraform code, and make it the current directory.

+1. Create a file named `main.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-job/main.tf":::

+1. Create a file named `outputs.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-job/outputs.tf":::

+1. Create a file named `providers.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-job/providers.tf":::

+1. Create a file named `variables.tf`, and insert the following code:

+ :::code language="Terraform" source="~/terraform_samples/quickstart/101-batch-pools-with-job/variables.tf":::

+## Initialize Terraform

+## Create a Terraform execution plan

+## Apply a Terraform execution plan

+## Verify the results

+### [Azure CLI](#tab/azure-cli)

+Run [`az batch account show`](/cli/azure/batch/account#az-batch-account-show) to view the Batch account.

+```azurecli

+az batch account show --name <batch_account_name> --resource-group <resource_group_name>

+```

+Replace `<batch_account_name>` with the name of your Batch account and `<resource_group_name>` with the name of your resource group.

+## Clean up resources

+## Troubleshoot Terraform on Azure

+[Troubleshoot common problems when using Terraform on Azure](/azure/developer/terraform/troubleshoot).

+## Next steps

+> [!div class="nextstepaction"]

+> [See more articles about Batch accounts](/search/?terms=Azure%20batch%20account%20and%20terraform).

+| `CreateCallFailed` | Your application has failed to create the call. |

+| Start/Stop call captions and change captions language | ❌ | ✔️ | ❌ |

+| Manage call recording | ❌ | ❌ | ✔️ |

+| Virtual Rooms SDKs | 2023-03-31 | Public Preview - retired |

+| Virtual Rooms SDKs | 2021-04-07 | Public Preview - retired |

+| - Start call captions | ✔️ | ✔️ | ✔️ |

+| - Change captions language | ✔️ | ✔️ | ❌ |

+description: Use Azure Communication Services SDKs to retrieve Microsoft Teams Meeting Audio Conferencing Details.

+This article describes how to use Azure Communication Services Calling SDK to retrieve Microsoft Teams Meeting Audio Conferencing details. This function enables users who are already connected to a Microsoft Teams Meeting to be able to get the conference ID and dial-in phone number associated with the meeting. The Teams Meeting Audio Conferencing feature returns a collection of all toll and toll-free numbers. The collection includes concomitant country names and city names, giving users control of which Teams meeting dial-in details to use.

+- A user access token to enable the calling client. For more information. [Create and manage access tokens](../../quickstarts/identity/access-tokens.md).

+- Optional: Complete the quickstart to [add voice calling to your application](../../quickstarts/voice-video-calling/getting-started-with-calling.md).

+This section describes support for Audio Conferencing in Azure Communication Services.

+|Identities | Teams meeting | Room | 1:1 call | Group call | 1:1 Teams interop call | Group Teams interop call |

+| | | | | | | |

+|Communication Services user | ✔️ | | | | | |

+|Microsoft 365 user | ✔️ | | | | | |

+|Operations | Communication Services user | Microsoft 365 user |

+| | | |

+|Get audio conferencing details | ✔️ | ✔️ |

+| Platforms | Web | Web UI | iOS | iOS UI | Android | Android UI | Windows |

+| | | | | | | | |

+|Is Supported | ✔️ | | | | | | |

+ Title: Azure Data Factory known issues

+description: Learn about the currently known issues with Azure Data Factory and their possible workarounds or resolutions.

+# Azure Data Factory known issues

+This page lists the known issues in Azure Data factory. Before submitting [an Azure support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest), review this list to see if the issue that you're experiencing is already known and being addressed.

+## Active known issues

+|ADF Component|Known Issue |Status|

+|:|:|:|

+|Snow Flake Connector Issue|[Intermittent data retrieval issue with LookUp using the Snowflake Connector V2](#intermittent-data-retrieval-issue-with-lookup-using-the-snowflake-connector-v2)|Has workaround|

+## Recently ADF Closed known issues

+|ADF Component|Issue|Status|Date Resolved|

+|||||

+### Intermittent data retrieval issue with LookUp using the Snowflake Connector v2

+Intermittently, lookup queries against Snowflake return no values even when results are expected. No errors are generated, and the lookup activity completes successfully. This issue has been observed with Managed VNet IR and SHIR.

+**Workaround**: Add an If-condition activity after the Lookup to check its output. If the Lookup returns data, proceed without further action. If no data is returned, re-execute the Lookup activity.

+dataPathAssignments | Dictionary used for changing datapaths in Azure Machine Learning. Enables the switching of datapaths | Object with key value pairs | No

+> To populate the dropdown items in Machine Learning pipeline name and ID, the user needs to have permission to list ML pipelines. The UI calls AzureMLService APIs directly using the logged in user's credentials. The discovery time for the dropdown items would be much longer when using Private Endpoints.

+ "resourceId": "/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/RESOURCEGROUPS/MYRESOURCEGROUP/PROVIDERS/MICROSOFT.DIGITALTWINS/DIGITALTWINSINSTANCES/MYINSTANCENAME",

+ "correlationId": "aaaa0000-bb11-2222-33cc-444444dddddd",

+ "appId": "00001111-aaaa-2222-bbbb-3333cccc4444"

+ "resourceId": "/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/RESOURCEGROUPS/MYRESOURCEGROUP/PROVIDERS/MICROSOFT.DIGITALTWINS/DIGITALTWINSINSTANCES/MYINSTANCENAME",

+ "correlationId": "bbbb1111-cc22-3333-44dd-555555eeeeee",

+ "appId": "00001111-aaaa-2222-bbbb-3333cccc4444"

+ "resourceId": "/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/RESOURCEGROUPS/MYRESOURCEGROUP/PROVIDERS/MICROSOFT.DIGITALTWINS/DIGITALTWINSINSTANCES/MYINSTANCENAME",

+ "correlationId": "cccc2222-dd33-4444-55ee-666666ffffff",

+ "appId": "00001111-aaaa-2222-bbbb-3333cccc4444"

+ "resourceId": "/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/RESOURCEGROUPS/MYRESOURCEGROUP/PROVIDERS/MICROSOFT.DIGITALTWINS/DIGITALTWINSINSTANCES/MYINSTANCENAME",

+ "correlationId": "dddd3333-ee44-5555-66ff-777777aaaaaa",

+ "appId": "00001111-aaaa-2222-bbbb-3333cccc4444"

+ "resourceId": "/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/RESOURCEGROUPS/MYRESOURCEGROUP/PROVIDERS/MICROSOFT.DIGITALTWINS/DIGITALTWINSINSTANCES/MYINSTANCENAME",

+ "correlationId": "dddd3333-ee44-5555-66ff-777777aaaaaa",

+ "appId": "00001111-aaaa-2222-bbbb-3333cccc4444"

+MaxGatewayCountInVnetReached ΓÇô Reached maximum number of gateways that can be created in a Virtual Network.

+In this article, you learn how to enable Azure Peering Service for voice on a Direct peering using the Azure portal. For more information, see [Peering Service](../peering-service/about.md).

+- A Direct peering resource. If you don't have one, either [convert a legacy Direct peering](howto-legacy-direct-portal.md) or [create a new Direct peering](howto-direct-portal.md).

+ :::image type="content" source="./media/howto-peering-service-voice-portal/internet-peering-portal-search.png" alt-text="Screenshot shows how to search for Internet peering in the Azure portal." lightbox="./media/howto-peering-service-voice-portal/internet-peering-portal-search.png":::

+ :::image type="content" source="./media/howto-peering-service-voice-portal/peerings-filters.png" alt-text="Screenshot shows how to apply filters to find a peering the Azure portal." lightbox="./media/howto-peering-service-voice-portal/peerings-filters.png":::

+ :::image type="content" source="./media/howto-peering-service-voice-portal/peering-connections.png" alt-text="Screenshot shows the connection state of the peering resource in the Azure portal." lightbox="./media/howto-peering-service-voice-portal/peering-connections.png":::

+ :::image type="content" source="./media/howto-peering-service-voice-portal/peering-configuration.png" alt-text="Screenshot shows how to change Microsoft network from the Configuration page of the peering resource in the Azure portal." lightbox="./media/howto-peering-service-voice-portal/peering-configuration.png":::

+1. You'll receive an automatic email notification to let you know that your request to change peer type has been received. Once your request is reviewed and approved by the product team, you'll receive another notification. If you have preconfigured BGP and BFD prior to requesting the conversion, the configuration change will automatically run over the next 48 hours. A final notification is sent when the configuration is completed.

+## Related content

+description: Learn about the technical requirements to register your prefixes for Azure Peering Service and how to troubleshoot some possible validation errors.

+Prefixes can only be registered after all validation steps pass.

+Follow these troubleshooting steps when you have any of the following validation errors:

+For help with internal server errors, provide your Azure subscription and prefix to mailto:peeringservice@microsoft.com.

+## Related content

+* [Internet peering for Peering Service walkthrough](walkthrough-peering-service-all.md)

+- We recommend creating Peering Service peerings in multiple locations so geo-redundancy can be achieved.

+ :::image type="content" source="./media/walkthrough-exchange-route-server-partner/internet-peering-portal-search.png" alt-text="Screenshot shows how to search for Peering resources in the Azure portal." lightbox="./media/walkthrough-exchange-route-server-partner/internet-peering-portal-search.png":::

+ :::image type="content" source="./media/walkthrough-exchange-route-server-partner/create-peering.png" alt-text="Screenshot shows how to create a Peering resource in the Azure portal." lightbox="./media/walkthrough-exchange-route-server-partner/create-peering.png":::

+1. On the **Basics** tab, enter or select your Azure subscription, resource group, name, and ASN of the peering:

+ :::image type="content" source="./media/walkthrough-exchange-route-server-partner/create-peering-basics.png" alt-text="Screenshot of the Basics tab of creating a peering in the Azure portal." lightbox="./media/walkthrough-exchange-route-server-partner/create-peering-basics.png":::

+ > The details you select CAN'T be changed after the peering is created. confirm they are correct before creating the peering.

+ :::image type="content" source="./media/walkthrough-exchange-route-server-partner/create-peering-configuration.png" alt-text="Screenshot of the Configuration tab of creating a peering in the Azure portal." lightbox="./media/walkthrough-exchange-route-server-partner/create-peering-configuration.png":::

+ :::image type="content" source="./media/walkthrough-exchange-route-server-partner/direct-peering-connection.png" alt-text="Screenshot of creating a direct peering connection." lightbox="./media/walkthrough-exchange-route-server-partner/direct-peering-connection.png":::

+ :::image type="content" source="./media/walkthrough-exchange-route-server-partner/registered-asn.png" alt-text="Screenshot shows how to go to Registered ASNs from the Peering Overview page in the Azure portal." lightbox="./media/walkthrough-exchange-route-server-partner/registered-asn.png":::

+ :::image type="content" source="./media/walkthrough-exchange-route-server-partner/register-new-asn.png" alt-text="Screenshot shows how to register an ASN in the Azure portal." lightbox="./media/walkthrough-exchange-route-server-partner/register-new-asn.png":::

+**Q.** Will Microsoft readvertise the Peer prefixes to the Internet?

+**A.** Microsoft announces roughly 280 prefixes on internet, and it might increase by 10-15% in future. So, a safe limit of 400-500 can be good to set as ΓÇ£Max prefix countΓÇ¥

+**Q.** Will Microsoft readvertise the Peer prefixes to the Internet?

+ name: azure-iot-operations-aio-ca-trust-bundle # Default root CA cert

+- Admin state can't be configured during the creation of a NIC-based Load Balancer backend pool.

+- [**Networking foundation**](#foundation): [Azure networking foundation services](../foundations/index.yml) provide core connectivity for your resources in Azure - Virtual Network (VNet), Private Link, Azure DNS, Azure Bastion, Route Server, NAT Gateway, and Traffic Manager.

+- [**Load balancing and content delivery**](#delivery): [Azure load balancing and content delivery services](../load-balancer-content-delivery/index.yml)allow for management, distribution, and optimization of your applications and workloads - Load balancer, Application Gateway, and Azure Front Door.

+- [**Hybrid connectivity**](#hybrid): [Azure hybrid connectivity services](../hybrid-connectivity/index.yml) secure communication to and from your resources in Azure - VPN Gateway, ExpressRoute, Virtual WAN, and Peering Service.

+- [**Network security**](#security): [Azure network security services](../security/index.yml) protect your web applications and IaaS services from DDoS attacks and malicious actors - Firewall Manager, Firewall, Web Application Firewall, and DDoS Protection.

+- [**Network Management and monitoring**](#management): [Azure network management and monitoring services](../monitoring-management/index.yml) provide tools to manage and monitor your network resources - Network Watcher, Azure Monitor, and Azure Virtual Network Manager.

+This section describes services that provide the building blocks for designing and architecting a network environment in Azure - Virtual Network (VNet), Private Link, Azure DNS, Azure Bastion, Route Server, NAT Gateway, and Traffic Manager.

+## <a name="management"></a>Network Management and monitoring

+This section describes network management and monitoring services in Azure - Network Watcher, Azure Monitor, and Azure Virtual Network Manager.

+### <a name="networkwatcher"></a>Azure Network Watcher

+[Azure Network Watcher](../../network-watcher/network-watcher-monitoring-overview.md?toc=%2fazure%2fnetworking%2ftoc.json) provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.

+### <a name="azuremonitor"></a>Azure Monitor

+[Azure Monitor](/azure/azure-monitor/overview?toc=%2fazure%2fnetworking%2ftoc.json) maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

+### <a name="avnm"></a>Azure Virtual Network Manager

+[Azure Virtual Network Manager](../../virtual-network-manager/overview.md) is a management service that enables you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define [network groups](../../virtual-network-manager/concept-network-groups.md) to identify and logically segment your virtual networks. Then you can determine the [connectivity](../../virtual-network-manager/concept-connectivity-configuration.md) and [security configurations](../../virtual-network-manager/concept-security-admins.md) you want and apply them across all the selected virtual networks in network groups at once.

+### This example executes a 'kubectl get pods'

+```azurecli

+az networkcloud baremetalmachine run-read-command --name "<bareMetalMachineName>" \

+ --limit-time-seconds 60 \

+ --commands "[{command:'kubectl get',arguments:[pods,-n,nc-system]}]" \

+ --resource-group "<cluster_MRG>" \

+ --subscription "<subscription>"

+```

+* Install the latest version of the CLI commands. For information about installing the CLI commands, see [Install Azure CLI](./howto-install-cli-extensions.md)

+* Physical Operator-Nexus instance with cabling as per BoM version.

+* Supported SKU information is [inventoried here](./reference-operator-nexus-fabric-skus.md)

+| nf-sku |Fabric SKU ID is the SKU of the ordered BoM version. | M4-A400-A100-C16-ab |True | String|

+* Release Notes for Version 2.0.2847-158

+This release can be installed with as an update on top of release 2.0.2763-119. See [learn documentation](manage-network-function-operator.md) for more installation guidance.

+* NFO - Adding taint tolerations to all NFO pods and scheduling them on system nodes. Daemonset pods continue to run on all nodes of cluster).

+This mitigation release disables cluster registry and webhook high availability functionality, to restore ownership of cert-manager services to workload. Instead, NFO uses custom methods of certificate management. High availability, along with changes to rotate certs will be restored in a future release.

+This release can be installed with as an update on top of release 2.0.2783-134. See [learn documentation](manage-network-function-operator.md) for more installation guidance.

+This release extends cluster registry functionality enabling a manual trigger to identify and purging of unused images in the repository. For proper operation, the user must install both this latest version and a helper script, which is provided by request only.

+This release can be installed with as an update on top of release 2.0.2788-135. See [learn documentation](manage-network-function-operator.md) for more installation guidance.

+This version introduces new user options to control behavior when a failure occurs during an upgrade. While pause on failure remains the default, a user can now optionally enable rollback on failure. If a failure occurs, with rollback on failure any prior completed NfApps are reverted to prior state using helm rollback command. See [learn documentation](safe-upgrades-nf-level-rollback.md) for more details on usage.

+Azure Operator Service Manager is a cloud orchestration service that enables automation of operator network-intensive workloads, and mission critical applications hosted on Azure Operator Nexus. Azure Operator Service Manager unifies infrastructure, software, and configuration management with a common model into a single interface, both based on trusted Azure industry standards. This September 13, 2024 Azure Operator Service Manager release includes updating the NFO version to 2.0.2810-144, the details of which are further outlined in the remainder of this document.

+This release can be installed with as an update on top of release 2.0.2804-137. See [learn documentation](manage-network-function-operator.md) for more installation guidance.

+## Release 2.0.2847-158

+Document Revision 1.0

+### Release Summary

+Azure Operator Service Manager is a cloud orchestration service that enables automation of operator network-intensive workloads, and mission critical applications hosted on Azure Operator Nexus. Azure Operator Service Manager unifies infrastructure, software, and configuration management with a common model into a single interface, both based on trusted Azure industry standards. This October 18, 2024 Azure Operator Service Manager release includes updating the NFO version to 2.0.2847-158, the details of which are further outlined in the remainder of this document.

+### Release Details

+* Release Version: Version 2.0.2847-158

+* Release Date: October 18, 2024

+* Is NFO update required: YES, Update only

+* Dependency Versions: Go/1.22.4 - Helm/3.15.2

+### Release Installation

+This release can be installed with as an update on top of release 2.0.2804-137. See [learn documentation](manage-network-function-operator.md) for more installation guidance.

+

+#### Bugfix Related Updates

+The following bug fixes, or other defect resolutions, are delivered with this release, for either Network Function Operator (NFO) or resource provider (RP) components.

+* NFO - Fixes webhook and image secrets issues when trying to delete 2 network functions in same namespace.

+* NFO - Adds retries to fix intermittent image download failures from the cluster registry.

+#### Security Related Updates

+* CVE - A total of 19 CVEs Are addressed in this release.

+### Can a Cloud Service Provider (CSP) or an Outsourcer (OCA) avail the Oracle Database@Azure Service?

+No, Oracle Database@Azure does not support Cloud Service Providers, Outsourcer Channel Agreements, or Multi-party private offers (MPPO).

+ Title: Migrate App Configuration to availability zone support

+description: Learn how to migrate an Azure App Configuration store to an Azure region with availability zone support.

+Azure App Configuration supports Azure availability zones to protect your application and data from single data center failures. All availability zone-enabled regions have a minimum of three availability zones, and each availability zone is composed of one or more data centers equipped with independent power, cooling, and networking infrastructure. In regions where App Configuration supports availability zones, all stores have availability zones enabled by default.

+**To disable zone-redundancy with PowerShell:**

+```powershell

+Set-AzSqlElasticpool -ResourceGroupName "RSETLEM-AzureSQLDB" -ServerName "rs-az-testserver1" -ElasticPoolName "testep10" -ZoneRedundant:$false

+```

+**To disable zone-redundancy with Azure CLI:**

+```azurecli

+az sql elastic-pool update --resource-group "RSETLEM-AzureSQLDB" --server "rs-az-testserver1" --name "testep10" --zone-redundant false

+```

+**To disable zone-redundancy with PowerShell:**

+```powershell

+set-azsqlDatabase -ResourceGroupName "RSETLEM-AzureSQLDB" -DatabaseName "TestDB1" -ServerName "rs-az-testserver1" -ZoneRedundant:$false

+```

+**To disable zone-redundancy with Azure CLI:**

+```azurecli

+az sql db update --resource-group "RSETLEM-AzureSQLDB" --server "rs-az-testserver1" --name "TestDB1" --zone-redundant false

+```

+- [Armis Alerts Activities (using Azure Functions)](data-connectors/armis-alerts-activities.md)

+## Cribl

+- [Cribl](data-connectors/cribl.md)

+## HYAS Infosec Inc

+- [HYAS Protect (using Azure Functions)](data-connectors/hyas-protect.md)

+## Illumio, Inc.

+- [Illumio SaaS (using Azure Functions)](data-connectors/illumio-saas.md)

+## Infoblox

+- [[Recommended] Infoblox Cloud Data Connector via AMA](data-connectors/recommended-infoblox-cloud-data-connector-via-ama.md)

+- [[Recommended] Infoblox SOC Insight Data Connector via AMA](data-connectors/recommended-infoblox-soc-insight-data-connector-via-ama.md)

+- [Infoblox Data Connector via REST API (using Azure Functions)](data-connectors/infoblox-data-connector-via-rest-api.md)

+- [Infoblox SOC Insight Data Connector via REST API](data-connectors/infoblox-soc-insight-data-connector-via-rest-api.md)

+- [Premium Microsoft Defender Threat Intelligence (Preview)](data-connectors/premium-microsoft-defender-threat-intelligence.md)

+- [Azure CloudNGFW By Palo Alto Networks](data-connectors/azure-cloudngfw-by-palo-alto-networks.md)

+## Phosphorus Cybersecurity

+- [Phosphorus Devices](data-connectors/phosphorus-devices.md)

+## Radiflow

+- [Radiflow iSID via AMA](data-connectors/radiflow-isid-via-ama.md)

+## Silverfort Ltd.

+- [Silverfort Admin Console](data-connectors/silverfort-admin-console.md)

+## Zerofox, Inc.

+- [ZeroFox CTI (using Azure Functions)](data-connectors/zerofox-cti.md)

+- [ZeroFox Enterprise - Alerts (Polling CCP)](data-connectors/zerofox-enterprise-alerts-polling-ccp.md)

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+The first installation step is to retrieve both your **Workspace ID** and **Primary Key** from the Microsoft Sentinel platform.

+The sample application can be installed locally using a [Docker compose file](https://github.com/42Crunch/azure-sentinel-integration/blob/main/sample-deployment/docker-compose.yml) which will install the httpbin API server, the 42Crunch API protection and the Microsoft Sentinel log forwarder. Set the environment variables as required using the values copied from step 2.

+After approximately 20 minutes access the Log Analytics workspace on your Microsoft Sentinel installation, and locate the *Custom Logs* section verify that a *apifirewall_log_1_CL* table exists. Use the sample queries to examine the data.

+ Title: "Armis Alerts Activities (using Azure Functions) connector for Microsoft Sentinel"

+description: "Learn how to install the connector Armis Alerts Activities (using Azure Functions) to connect your data source to Microsoft Sentinel."

+# Armis Alerts Activities (using Azure Functions) connector for Microsoft Sentinel

+The [Armis](https://www.armis.com/) Alerts Activities connector gives the capability to ingest Armis Alerts and Activities into Microsoft Sentinel through the Armis REST API. Refer to the API documentation: `https://<YourArmisInstance>.armis.com/api/v1/docs` for more information. The connector provides the ability to get alert and activity information from the Armis platform and to identify and prioritize threats in your environment. Armis uses your existing infrastructure to discover and identify devices without having to deploy any agents.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Azure function app code** | https://aka.ms/sentinel-ArmisAlertsActivitiesAPI-functionapp |

+| **Log Analytics table(s)** | Armis_Alerts_CL<br/> Armis_Activities_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Armis Corporation](https://support.armis.com/) |

+## Query samples

+**Armis Alert Events - All Alerts.**

+ ```kusto

+Armis_Alerts_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Armis Activity Events - All Activities.**

+ ```kusto

+Armis_Activities_CL

+

+ | sort by TimeGenerated desc

+ ```

+## Prerequisites

+To integrate with Armis Alerts Activities (using Azure Functions) make sure you have:

+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).

+- **REST API Credentials/permissions**: **Armis Secret Key** is required. See the documentation to learn more about API on the `https://<YourArmisInstance>.armis.com/api/v1/doc`

+## Vendor installation instructions

+> [!NOTE]

+ > This connector uses Azure Functions to connect to the Armis API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.

+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.

+> [!NOTE]

+ > This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias ArmisActivities/ArmisAlerts and load the function code. The function usually takes 10-15 minutes to activate after solution installation/update.

+**STEP 1 - Configuration steps for the Armis API**

+ Follow these instructions to create an Armis API secret key.

+ 1. Log into your Armis instance

+ 2. Navigate to Settings -> API Management

+ 3. If the secret key has not already been created, press the Create button to create the secret key

+ 4. To access the secret key, press the Show button

+ 5. The secret key can now be copied and used during the Armis Alerts Activities connector configuration

+**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**

+>**IMPORTANT:** Before deploying the Armis Alerts Activities data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the Armis API Authorization Key(s)

+Option 1 - Azure Resource Manager (ARM) Template

+Use this method for automated deployment of the Armis connector.

+1. Click the **Deploy to Azure** button below.

+ [](https://aka.ms/sentinel-ArmisAlertsActivitiesAPI-azuredeploy) [](https://aka.ms/sentinel-ArmisAlertsActivitiesAPI-azuredeploy-gov)

+2. Select the preferred **Subscription**, **Resource Group** and **Location**.

+3. Enter the below information :

+ - Function Name

+ - Workspace ID

+ - Workspace Key

+ - Armis Secret Key

+ - Armis URL `https://<armis-instance>.armis.com/api/v1/`

+ - Armis Alert Table Name

+ - Armis Activity Table Name

+ - Armis Schedule

+ - Avoid Duplicates (Default: true)

+4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.

+5. Click **Purchase** to deploy.

+Option 2 - Manual Deployment of Azure Functions

+Use the following step-by-step instructions to deploy the Armis Alerts Activities data connector manually with Azure Functions (Deployment via Visual Studio Code).

+**1. Deploy a Function App**

+> **NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.

+1. Download the [Azure Function App](https://aka.ms/sentinel-ArmisAlertsActivitiesAPI-functionapp) file. Extract archive to your local development computer.

+2. Start VS Code. Choose File in the main menu and select Open Folder.

+3. Select the top level folder from extracted files.

+4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.

+If you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**

+If you're already signed in, go to the next step.

+5. Provide the following information at the prompts:

+ a. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.

+ b. **Select Subscription:** Choose the subscription to use.

+ c. Select **Create new Function App in Azure** (Don't choose the Advanced option)

+ d. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. ARMISXXXXX).

+ e. **Select a runtime:** Choose Python 3.11

+ f. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.

+6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.

+7. Go to Azure Portal for the Function App configuration.

+**2. Configure the Function App**

+1. In the Function App, select the Function App Name and select **Configuration**.

+2. In the **Application settings** tab, select **+ New application setting**.

+3. Add each of the following application settings individually, with their respective values (case-sensitive):

+ - Workspace ID

+ - Workspace Key

+ - Armis Secret Key

+ - Armis URL `https://<armis-instance>.armis.com/api/v1/`

+ - Armis Alert Table Name

+ - Armis Activity Table Name

+ - Armis Schedule

+ - Avoid Duplicates (Default: true)

+ - logAnalyticsUri (optional)

+ - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://<CustomerId>.ods.opinsights.azure.us`.

+4. Once all application settings have been entered, click **Save**.

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/armisinc1668090987837.armis-solution?tab=Overview) in the Azure Marketplace.

+ e. **Select a runtime:** Choose Python 3.11 or above.

+The Armorblox data connector provides the capability to ingest incidents from your Armorblox instance into Microsoft Sentinel through the REST API. The connector provides ability to get events which helps to examine potential security risks, and more.

+| **Supported by** | Armorblox |

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ Title: "Auth0 Access Management(using Azure Function) connector for Microsoft Sentinel"

+description: "Learn how to install the connector Auth0 Access Management(using Azure Function) to connect your data source to Microsoft Sentinel."

+# Auth0 Access Management(using Azure Function) connector for Microsoft Sentinel

+To integrate with Auth0 Access Management(using Azure Function) make sure you have:

+ e. **Select a runtime:** Choose Python 3.11.

+ Title: "Azure CloudNGFW By Palo Alto Networks connector for Microsoft Sentinel"

+description: "Learn how to install the connector Azure CloudNGFW By Palo Alto Networks to connect your data source to Microsoft Sentinel."

+# Azure CloudNGFW By Palo Alto Networks connector for Microsoft Sentinel

+Cloud Next-Generation Firewall by Palo Alto Networks - an Azure Native ISV Service - is Palo Alto Networks Next-Generation Firewall (NGFW) delivered as a cloud-native service on Azure. You can discover Cloud NGFW in the Azure Marketplace and consume it in your Azure Virtual Networks (VNet). With Cloud NGFW, you can access the core NGFW capabilities such as App-ID, URL filtering based technologies. It provides threat prevention and detection through cloud-delivered security services and threat prevention signatures. The connector allows you to easily connect your Cloud NGFW logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. For more information, see the [Cloud NGFW for Azure documentation](https://docs.paloaltonetworks.com/cloud-ngfw/azure).

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | fluentbit_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Palo Alto Networks](https://support.paloaltonetworks.com) |

+## Query samples

+**List of connected Cloud NGFW resources**

+ ```kusto

+fluentbit_CL

+ | distinct FirewallName_s

+ ```

+**Connectivity status of Cloud NGFW resources**

+ ```kusto

+fluentbit_CL

+ | extend TimeGenerated = todatetime(TimeGenerated)

+ | summarize LastLogReceived = max(TimeGenerated) by FirewallName_s

+ | extend Status = iff(now() - LastLogReceived > 24h, "Disconnected", "Connected")

+ | project FirewallName_s, LastLogReceived, Status

+ | order by Status desc, LastLogReceived desc

+ ```

+**Total data received (MB)**

+ ```kusto

+fluentbit_CL

+ | extend bytes_received = toint(parse_json(Message).bytes_recv)

+ | summarize TotalBytesReceived = sum(bytes_received)

+ | extend TotalMBReceived = round(TotalBytesReceived / 1048576.0, 2)

+ | project TotalMBReceived

+ ```

+**Top 5 apps**

+ ```kusto

+fluentbit_CL

+ | extend app = tostring(parse_json(Message).app)

+ | summarize Count = count() by app

+ | top 5 by Count desc

+ | project app, Count

+ ```

+**Top 5 categories**

+ ```kusto

+fluentbit_CL

+ | extend category = tostring(parse_json(Message).category)

+ | summarize Count = count() by category

+ | top 5 by Count desc

+ | project category, Count

+ ```

+**Top 5 rules**

+ ```kusto

+fluentbit_CL

+ | summarize Rule=count() by tostring(parse_json(Message).rule)

+ | top 5 by Rule desc

+ ```

+**Top 5 source IPs**

+ ```kusto

+fluentbit_CL

+ | summarize SourceIP=count() by tostring(parse_json(Message).src_ip)

+ | top 5 by SourceIP desc

+ ```

+**Top 5 destination IPs**

+ ```kusto

+fluentbit_CL

+ | summarize DestinationIP=count() by tostring(parse_json(Message).dst_ip)

+ | top 5 by DestinationIP desc

+ ```

+## Vendor installation instructions

+Connect Cloud NGFW by Palo Alto Networks to Microsoft Sentinel

+Enable Log Settings on All Cloud NGFWs by Palo Alto Networks.

+Inside your Cloud NGFW resource:

+1. Navigate to the **Log Settings** from the homepage.

+2. Ensure the **Enable Log Settings** checkbox is checked.

+3. From the **Log Settings** drop-down, choose the desired Log Analytics Workspace.

+4. Confirm your selections and configurations.

+5. Click **Save** to apply the settings.

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/paloaltonetworks.cloudngfw-sentinel-solution?tab=Overview) in the Azure Marketplace.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ Title: "Cribl connector for Microsoft Sentinel"

+description: "Learn how to install the connector Cribl to connect your data source to Microsoft Sentinel."

+# Cribl connector for Microsoft Sentinel

+The [Cribl](https://cribl.io/accelerate-cloud-migration/) connector allows you to easily connect your Cribl (Cribl Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's data pipelines.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | CriblAccess_CL<br/> CriblAudit_CL<br/> CriblUIAccess_CL<br/> CriblInternal_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Cribl](https://www.cribl.io/support/) |

+## Query samples

+**Cribl Internal Logs**

+ ```kusto

+CriblInternal_CL

+ | sort by TimeGenerated

+ ```

+**Cribl Audit Logs**

+ ```kusto

+CriblAudit_CL

+ | sort by TimeGenerated

+ ```

+**Cribl Access Logs**

+ ```kusto

+CriblAccess_CL

+ | sort by TimeGenerated

+ ```

+**Cribl UI Access Logs**

+ ```kusto

+CriblUIAccess_CL

+ | sort by TimeGenerated

+ ```

+## Vendor installation instructions

+Installation and setup instructions for Cribl Stream for Microsoft Sentinel

+Use the documentation from this Github repository and configure Cribl Stream using

+https://docs.cribl.io/stream/usecase-azure-workspace/

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/criblinc1673975616879.microsoft-sentinel-solution-cribl?tab=Overview) in the Azure Marketplace.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ e. **Select a runtime:** Choose Python 3.11.

+ Title: "HYAS Protect (using Azure Functions) connector for Microsoft Sentinel"

+description: "Learn how to install the connector HYAS Protect (using Azure Functions) to connect your data source to Microsoft Sentinel."

+# HYAS Protect (using Azure Functions) connector for Microsoft Sentinel

+HYAS Protect provide logs based on reputation values - Blocked, Malicious, Permitted, Suspicious.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Azure function app code** | https://aka.ms/sentinel-HYASProtect-functionapp |

+| **Log Analytics table(s)** | HYASProtectDnsSecurityLogs_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [HYAS](https://www.hyas.com/contact) |

+## Query samples

+**All Logs**

+ ```kusto

+HYASProtectDnsSecurityLogs_CL

+ ```

+## Prerequisites

+To integrate with HYAS Protect (using Azure Functions) make sure you have:

+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).

+- **REST API Credentials/permissions**: **HYAS API Key** is required for making API calls.

+## Vendor installation instructions

+> [!NOTE]

+ > This connector uses Azure Functions to connect to the HYAS API to pull Logs into Microsoft Sentinel. This might result in additional costs for data ingestion and for storing data in Azure Blob Storage costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) and [Azure Blob Storage pricing page](https://azure.microsoft.com/pricing/details/storage/blobs/) for details.

+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.

+Option 1 - Azure Resource Manager (ARM) Template

+Use this method for automated deployment of the HYAS Protect data connector using an ARM Tempate.

+1. Click the **Deploy to Azure** button below.

+ [](https://aka.ms/sentinel-HYASProtect-azuredeploy)

+2. Select the preferred **Subscription**, **Resource Group** and **Location**.

+3. Enter the **Function Name**, **Table Name**, **Workspace ID**, **Workspace Key**, **API Key**, **TimeInterval**, **FetchBlockedDomains**, **FetchMaliciousDomains**, **FetchSuspiciousDomains**, **FetchPermittedDomains** and deploy.

+4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.

+5. Click **Purchase** to deploy.

+Option 2 - Manual Deployment of Azure Functions

+Use the following step-by-step instructions to deploy the HYAS Protect Logs data connector manually with Azure Functions (Deployment via Visual Studio Code).

+**1. Deploy a Function App**

+> NOTE:You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.

+1. Download the [Azure Function App](https://aka.ms/sentinel-HYASProtect-functionapp) file. Extract archive to your local development computer.

+2. Start VS Code. Choose File in the main menu and select Open Folder.

+3. Select the top level folder from extracted files.

+4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.

+If you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**

+If you're already signed in, go to the next step.

+5. Provide the following information at the prompts:

+ a. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.

+ b. **Select Subscription:** Choose the subscription to use.

+ c. Select **Create new Function App in Azure** (Don't choose the Advanced option)

+ d. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. HyasProtectLogsXXX).

+ e. **Select a runtime:** Choose Python 3.8.

+ f. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft sentinel is located.

+6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.

+7. Go to Azure Portal for the Function App configuration.

+**2. Configure the Function App**

+1. In the Function App, select the Function App Name and select **Configuration**.

+2. In the **Application settings** tab, select **+ New application setting**.

+3. Add each of the following application settings individually, with their respective string values (case-sensitive):

+ APIKey

+ Polling

+ WorkspaceID

+ WorkspaceKey

+. Once all application settings have been entered, click **Save**.

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/hyas.microsoft-sentinel-solution-hyas-protect?tab=Overview) in the Azure Marketplace.

+ Title: "Illumio SaaS (using Azure Functions) connector for Microsoft Sentinel"

+description: "Learn how to install the connector Illumio SaaS (using Azure Functions) to connect your data source to Microsoft Sentinel."

+# Illumio SaaS (using Azure Functions) connector for Microsoft Sentinel

+[Illumio](https://www.illumio.com/) connector provides the capability to ingest events into Microsoft Sentinel. The connector provides ability to ingest auditable and flow events from AWS S3 bucket.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Azure function app code** | https://github.com/Azure/Azure-Sentinel/raw/master/Solutions/IllumioSaaS/Data%20Connectors/IllumioEventsConn.zip |

+| **Log Analytics table(s)** | Illumio_Auditable_Events_CL<br/> Illumio_Flow_Events_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Illumio](https://www.illumio.com/support/support) |

+## Query samples

+**Sample of auditable events**

+ ```kusto

+Illumio_Auditable_Events_CL

+

+ | sort by TimeGenerated desc

+

+ | limit 10

+ ```

+**Sample of flow summaries**

+ ```kusto

+Illumio_Flow_Events_CL

+

+ | sort by TimeGenerated desc

+

+ | limit 10

+ ```

+## Prerequisites

+To integrate with Illumio SaaS (using Azure Functions) make sure you have:

+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).

+- **SQS and AWS S3 account credentials/permissions**: **AWS_SECRET**, **AWS_REGION_NAME**, **AWS_KEY**, **QUEUE_URL** is required. See the documentation to learn more about data pulling. If you are using s3 bucket provided by Illumio, contact Illumio support. At your request they will provide you with the AWS S3 bucket name, AWS SQS url and AWS credentials to access them.

+- **Illumio API key and secret**: **ILLUMIO_API_KEY**, **ILLUMIO_API_SECRET** is required for a workbook to make connection to SaaS PCE and fetch api responses.

+## Vendor installation instructions

+> [!NOTE]

+ > This connector uses Azure Functions to connect to the AWS SQS / S3 to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.

+>**(Optional Step)** Securely store API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.

+Prerequisites

+1. Ensure AWS SQS is configured for the s3 bucket from which flow and auditable event logs are going to be pulled. In case, Illumio provides bucket, please contact Illumio support for sqs url, s3 bucket name and aws credentials.

+ 2. Register AAD application - For DCR (Data collection rule) to authentiate to ingest data into log analytics, you must use Entra application. 1. [Follow the instructions here](/azure/azure-monitor/logs/tutorial-logs-ingestion-portal#create-azure-ad-application) (steps 1-5) to get **AAD Tenant Id**, **AAD Client Id** and **AAD Client Secret**.

+ 2. Ensure you have created a log analytics workspace.

+Please keep note of the name and region where it has been deployed.

+Deployment

+Choose one of the approaches from below options. Either use the below ARM template to deploy azure resources or deploy function app manually.

+1. Azure Resource Manager (ARM) Template

+Use this method for automated deployment of Azure resources using an ARM Tempate.

+1. Click the **Deploy to Azure** button below.

+ [](https://aka.ms/sentinel-IllumioSaaS-FunctionApp)

+2. Provide the required details such as Microsoft Sentinel Workspace, AWS credentials, Azure AD Application details and ingestion configurations

+> **NOTE:** It is recommended to create a new Resource Group for deployment of function app and associated resources.

+3. Mark the checkbox labeled **I agree to the terms and conditions stated above**.

+4. Click **Purchase** to deploy.

+2. Deploy additional function apps to handle scale

+Use this method for automated deployment of additional function apps using an ARM Tempate.

+1. Click the **Deploy to Azure** button below.

+ [](https://aka.ms/sentinel-IllumioSaaS-QueueTriggerFunctionApp)

+3. Manual Deployment of Azure Functions

+Deployment via Visual Studio Code.

+**1. Deploy a Function App**

+1. Download the [Azure Function App](https://github.com/Azure/Azure-Sentinel/raw/master/Solutions/IllumioSaaS/Data%20Connectors/IllumioEventsConn.zip) file. Extract archive to your local development computer.

+2. Follow the [function app manual deployment instructions](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AzureFunctionsManualDeployment.md#function-app-manual-deployment-instructions) to deploy the Azure Functions app using VSCode.

+3. After successful deployment of the function app, follow next steps for configuring it.

+**2. Configure the Function App**

+1. Follow documentation to set up all required environment variables and click **Save**. Ensure you restart the function app once settings are saved.

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/illumioinc1629822633689.illumio_sentinel?tab=Overview) in the Azure Marketplace.

+ e. **Select a runtime:** Choose Python 3.11.

+ Title: "Infoblox Data Connector via REST API (using Azure Functions) connector for Microsoft Sentinel"

+description: "Learn how to install the connector Infoblox Data Connector via REST API (using Azure Functions) to connect your data source to Microsoft Sentinel."

+# Infoblox Data Connector via REST API (using Azure Functions) connector for Microsoft Sentinel

+The Infoblox Data Connector allows you to easily connect your Infoblox TIDE data and Dossier data with Microsoft Sentinel. By connecting your data to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | Failed_Range_To_Ingest_CL<br/> Infoblox_Failed_Indicators_CL<br/> dossier_whois_CL<br/> dossier_tld_risk_CL<br/> dossier_threat_actor_CL<br/> dossier_rpz_feeds_records_CL<br/> dossier_rpz_feeds_CL<br/> dossier_nameserver_matches_CL<br/> dossier_nameserver_CL<br/> dossier_malware_analysis_v3_CL<br/> dossier_inforank_CL<br/> dossier_infoblox_web_cat_CL<br/> dossier_geo_CL<br/> dossier_dns_CL<br/> dossier_atp_threat_CL<br/> dossier_atp_CL<br/> dossier_ptr_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Infoblox](https://support.infoblox.com/) |

+## Query samples

+**Failed Indicator time range received**

+ ```kusto

+Failed_Range_To_Ingest_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Failed Indicators Range Data**

+ ```kusto

+Infoblox_Failed_Indicators_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier whois data source**

+ ```kusto

+dossier_whois_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier tld risk data source**

+ ```kusto

+dossier_tld_risk_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier threat actor data source**

+ ```kusto

+dossier_threat_actor_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier rpz feeds records data source**

+ ```kusto

+dossier_rpz_feeds_records_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier rpz feeds data source**

+ ```kusto

+dossier_rpz_feeds_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier nameserver matches data source**

+ ```kusto

+dossier_nameserver_matches_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier nameserver data source**

+ ```kusto

+dossier_nameserver_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier malware analysis v3 data source**

+ ```kusto

+dossier_malware_analysis_v3_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier inforank data source**

+ ```kusto

+dossier_inforank_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier infoblox web cat data source**

+ ```kusto

+dossier_infoblox_web_cat_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier geo data source**

+ ```kusto

+dossier_geo_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier dns data source**

+ ```kusto

+dossier_dns_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier atp threat data source**

+ ```kusto

+dossier_atp_threat_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier atp data source**

+ ```kusto

+dossier_atp_CL

+

+ | sort by TimeGenerated desc

+ ```

+**Dossier ptr data source**

+ ```kusto

+dossier_ptr_CL

+

+ | sort by TimeGenerated desc

+ ```

+## Prerequisites

+To integrate with Infoblox Data Connector via REST API (using Azure Functions) make sure you have:

+- **Azure Subscription**: Azure Subscription with owner role is required to register an application in Microsoft Entra ID and assign role of contributor to app in resource group.

+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).

+- **REST API Credentials/permissions**: **Infoblox API Key** is required. See the documentation to learn more about API on the [Rest API reference](https://csp.infoblox.com/apidoc?url=https://csp.infoblox.com/apidoc/docs/Infrastructure#/Services/ServicesRead)

+## Vendor installation instructions

+> [!NOTE]

+ > This connector uses Azure Functions to connect to the Infoblox API to create Threat Indicators for TIDE and pull Dossier data into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.

+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.

+**STEP 1 - App Registration steps for the Application in Microsoft Entra ID**

+ This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:

+ 1. Sign in to the [Azure portal](https://portal.azure.com/).

+ 2. Search for and select **Microsoft Entra ID**.

+ 3. Under **Manage**, select **App registrations > New registration**.

+ 4. Enter a display **Name** for your application.

+ 5. Select **Register** to complete the initial app registration.

+ 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of the TriggersSync playbook.

+> **Reference link:** [/azure/active-directory/develop/quickstart-register-app](/azure/active-directory/develop/quickstart-register-app)

+**STEP 2 - Add a client secret for application in Microsoft Entra ID**

+ Sometimes called an application password, a client secret is a string value required for the execution of TriggersSync playbook. Follow the steps in this section to create a new Client Secret:

+ 1. In the Azure portal, in **App registrations**, select your application.

+ 2. Select **Certificates & secrets > Client secrets > New client secret**.

+ 3. Add a description for your client secret.

+ 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.

+ 5. Select **Add**.

+ 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of TriggersSync playbook.

+> **Reference link:** [/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)

+**STEP 3 - Assign role of Contributor to application in Microsoft Entra ID**

+ Follow the steps in this section to assign the role:

+ 1. In the Azure portal, Go to **Resource Group** and select your resource group.

+ 2. Go to **Access control (IAM)** from left panel.

+ 3. Click on **Add**, and then select **Add role assignment**.

+ 4. Select **Contributor** as role and click on next.

+ 5. In **Assign access to**, select `User, group, or service principal`.

+ 6. Click on **add members** and type **your app name** that you have created and select it.

+ 7. Now click on **Review + assign** and then again click on **Review + assign**.

+> **Reference link:** [/azure/role-based-access-control/role-assignments-portal](/azure/role-based-access-control/role-assignments-portal)

+**STEP 4 - Steps to generate the Infoblox API Credentials**

+ Follow these instructions to generate Infoblox API Key.

+ In the [Infoblox Cloud Services Portal](https://csp.infoblox.com/atlas/app/welcome), generate an API Key and copy it somewhere safe to use in the next step. You can find instructions on how to create API keys [**here**](https://docs.infoblox.com/space/BloxOneThreatDefense/230394187/How+Do+I+Create+an+API+Key%3F).

+**STEP 5 - Steps to deploy the connector and the associated Azure Function**

+>**IMPORTANT:** Before deploying the Infoblox data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the Infoblox API Authorization Credentials

+Azure Resource Manager (ARM) Template

+Use this method for automated deployment of the Infoblox Data connector.

+1. Click the **Deploy to Azure** button below.

+ [](https://aka.ms/sentinel-infoblox-azuredeploy)

+2. Select the preferred **Subscription**, **Resource Group** and **Location**.

+3. Enter the below information :

+ Azure Tenant Id

+ Azure Client Id

+ Azure Client Secret

+ Infoblox API Token

+ Infoblox Base URL

+ Workspace ID

+ Workspace Key

+ Log Level (Default: INFO)

+ Confidence

+ Threat Level

+ App Insights Workspace Resource ID

+4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.

+5. Click **Purchase** to deploy.

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/infoblox.infoblox-app-for-microsoft-sentinel?tab=Overview) in the Azure Marketplace.

+ Title: "Infoblox SOC Insight Data Connector via REST API connector for Microsoft Sentinel"

+description: "Learn how to install the connector Infoblox SOC Insight Data Connector via REST API to connect your data source to Microsoft Sentinel."

+# Infoblox SOC Insight Data Connector via REST API connector for Microsoft Sentinel

+The Infoblox SOC Insight Data Connector allows you to easily connect your Infoblox BloxOne SOC Insight data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | InfobloxInsight_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Infoblox](https://support.infoblox.com/) |

+## Query samples

+**Return all logs involving DNS Tunneling**

+ ```kusto

+InfobloxInsight_CL

+ | where threatType_s == "DNS Tunneling"

+ ```

+**Return all logs involving a configuration issue**

+ ```kusto

+InfobloxInsight_CL

+ | where tClass_s == "TI-CONFIGURATIONISSUE"

+ ```

+**Return count of critical priority insights**

+ ```kusto

+InfobloxInsight_CL

+ | where priorityText_s == "CRITICAL"

+

+ | summarize dcount(insightId_g) by priorityText_s

+ ```

+**Return each spreading insight by ThreatClass**

+ ```kusto

+InfobloxInsight_CL

+ | where isnotempty(spreadingDate_t)

+

+ | summarize dcount(insightId_g) by tClass_s

+ ```

+**Return each Insight by ThreatFamily**

+ ```kusto

+InfobloxInsight_CL

+ |

+ | summarize dcount(insightId_g) by tFamily_s

+ ```

+## Vendor installation instructions

+Workspace Keys

+In order to use the playbooks as part of this solution, find your **Workspace ID** and **Workspace Primary Key** below for your convenience.

+ Workspace Key

+Parsers

+>This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxInsight**](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20SOC%20Insights/Parsers/InfobloxInsight.yaml) which is deployed with the Microsoft Sentinel Solution.

+SOC Insights

+>This data connector assumes you have access to Infoblox BloxOne Threat Defense SOC Insights. You can find more information about SOC Insights [**here**](https://docs.infoblox.com/space/BloxOneThreatDefense/501514252/SOC+Insights).

+Follow the steps below to configure this data connector

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/infoblox.infoblox-app-for-microsoft-sentinel?tab=Overview) in the Azure Marketplace.

+ e. **Select a runtime:** Choose Python 3.11.

+**Note: This data connector fetch only the logs of the CloudHub application using Platform API and not of CloudHub 2.0 application**

+ e. **Select a runtime:** Choose Python 3.11.

+ Title: "Phosphorus Devices connector for Microsoft Sentinel"

+description: "Learn how to install the connector Phosphorus Devices to connect your data source to Microsoft Sentinel."

+# Phosphorus Devices connector for Microsoft Sentinel

+The Phosphorus Device Connector provides the capability to Phosphorus to ingest device data logs into Microsoft Sentinel through the Phosphorus REST API. The Connector provides visibility into the devices enrolled in Phosphorus. This Data Connector pulls devices information along with its corresponding alerts.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | Phosphorus_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Phosphorus Inc.](https://phosphorus.io) |

+## Query samples

+**List all Phosphorus Device Logs**

+ ```kusto

+Phosphorus_CL

+

+ | sort by TimeGenerated desc

+ ```

+## Prerequisites

+To integrate with Phosphorus Devices make sure you have:

+- **REST API Credentials/permissions**: **Phosphorus API Key** is required. Please make sure that the API Key associated with the User has the Manage Settings permissions enabled.

+ Follow these instructions to enable Manage Settings permissions.

+ 1. Log in to the Phosphorus Application

+ 2. Go to 'Settings' -> 'Groups'

+ 3. Select the Group the Integration user is a part of

+ 4. Navigate to 'Product Actions' -> toggle on the 'Manage Settings' permission.

+## Vendor installation instructions

+**STEP 1 - Configuration steps for the Phosphorus API**

+ Follow these instructions to create a Phosphorus API key.

+ 1. Log into your Phosphorus instance

+ 2. Navigate to Settings -> API

+ 3. If the API key has not already been created, press the **Add button** to create the API key

+ 4. The API key can now be copied and used during the Phosphorus Device connector configuration

+Connect the Phosphorus Application with Microsoft Sentinel

+**STEP 2 - Fill in the details below**

+>**IMPORTANT:** Before deploying the Phosphorus Device data connector, have the Phosphorus Instance Domain Name readily available as well as the Phosphorus API Key(s)

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/4043.microsoft-sentinel-solution-phosphorus?tab=Overview) in the Azure Marketplace.

+ Title: "Premium Microsoft Defender Threat Intelligence (Preview) connector for Microsoft Sentinel"

+description: "Learn how to install the connector Premium Microsoft Defender Threat Intelligence (Preview) to connect your data source to Microsoft Sentinel."

+# Premium Microsoft Defender Threat Intelligence (Preview) connector for Microsoft Sentinel

+Microsoft Sentinel provides you the capability to import threat intelligence generated by Microsoft to enable monitoring, alerting and hunting. Use this data connector to import Indicators of Compromise (IOCs) from Microsoft Defender Threat Intelligence (MDTI) into Microsoft Sentinel. Threat indicators can include IP addresses, domains, URLs, and file hashes, etc. Note: This is a paid connector. To use and ingest data from it, please purchase the "MDTI API Access" SKU from the Partner Center.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | ThreatIntelligenceIndicator<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [Microsoft Corporation](https://support.microsoft.com/) |

+## Query samples

+**Summarize by threat type**

+ ```kusto

+ThreatIntelligenceIndicator

+ | where ExpirationDateTime > now()

+ | where SourceSystem == "Premium Microsoft Defender Threat Intelligence"

+ | where ExpirationDateTime > now()

+ | join ( SigninLogs ) on $left.NetworkIP == $right.IPAddress

+ | summarize count() by ThreatType

+ ```

+**Summarize by 1 hour bins**

+ ```kusto

+ThreatIntelligenceIndicator

+ | where SourceSystem == "Premium Microsoft Defender Threat Intelligence"

+ | where TimeGenerated >= ago(1d)

+ | summarize count()ΓÇïΓÇï

+ ```

+## Vendor installation instructions

+Use this data connector to import Indicators of Compromise (IOCs) from Premium Microsoft Defender Threat Intelligence (MDTI) into Microsoft Sentinel.

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-threatintelligence-taxii?tab=Overview) in the Azure Marketplace.

+ e. **Select a runtime:** Choose Python 3.11.

+ Title: "Radiflow iSID via AMA connector for Microsoft Sentinel"

+description: "Learn how to install the connector Radiflow iSID via AMA to connect your data source to Microsoft Sentinel."

+# Radiflow iSID via AMA connector for Microsoft Sentinel

+iSID enables non-disruptive monitoring of distributed ICS networks for changes in topology and behavior, using multiple security packages, each offering a unique capability pertaining to a specific type of network activity

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | CommonSecurityLog (RadiflowEvent)<br/> |

+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |

+| **Supported by** | [Radiflow](https://www.radiflow.com) |

+## Query samples

+**Top 5 protocols by number of events**

+ ```kusto

+RadiflowEvent

+ | where DeviceProduct =~ "iSID"

+ | where isnotempty(Protocol)

+ | summarize count() by Port, Protocol

+ | project-keep count_, Port, Protocol

+ | top 5 by Protocol

+ ```

+## Vendor installation instructions

+> [!NOTE]

+ > This data connector depends on a parser based on a Kusto Function to work as expected [**RadiflowEvent**] which is deployed with the Microsoft Sentinel Solution.

+2. Secure your machine

+Make sure to configure the machine's security according to your organization's security policy

+[Learn more >](https://aka.ms/SecureCEF)

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/radiflow.azure-sentinel-solution-radiflow?tab=Overview) in the Azure Marketplace.

+ Title: "[Recommended] Infoblox Cloud Data Connector via AMA connector for Microsoft Sentinel"

+description: "Learn how to install the connector [Recommended] Infoblox Cloud Data Connector via AMA to connect your data source to Microsoft Sentinel."

+# [Recommended] Infoblox Cloud Data Connector via AMA connector for Microsoft Sentinel

+The Infoblox Cloud Data Connector allows you to easily connect your Infoblox data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | CommonSecurityLog<br/> |

+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |

+| **Supported by** | [Infoblox](https://support.infoblox.com/) |

+## Query samples

+**Return all Block DNS Query/Response logs**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "RPZ"

+ ```

+**Return all DNS Query/Response logs**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "DNS"

+ ```

+**Return all DHCP Query/Response logs**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "DHCP"

+ ```

+**Return all Service Logs Query/Response logs**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "Service"

+ ```

+**Return all Audit Query/Response logs**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "Audit"

+ ```

+**Return all Category Filters security events logs**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "RPZ"

+

+ | where AdditionalExtensions has_cs "InfobloxRPZ=CAT_"

+ ```

+**Return all Application Filters security events logs**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "RPZ"

+

+ | where AdditionalExtensions has_cs "InfobloxRPZ=APP_"

+ ```

+**Return Top 10 TD Domains Hit Count**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "RPZ"

+ | summarize count() by DestinationDnsDomain

+ | top 10 by count_ desc

+ ```

+**Return Top 10 TD Source IPs Hit Count**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID has_cs "RPZ"

+ | summarize count() by SourceIP

+ | top 10 by count_ desc

+ ```

+**Return Recently Created DHCP Leases**

+ ```kusto

+CommonSecurityLog

+ | where DeviceEventClassID == "DHCP-LEASE-CREATE"

+ ```

+## Vendor installation instructions

+>**IMPORTANT:** This Microsoft Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of Threat Defense, access to an appropriate Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements.

+1. Linux Syslog agent configuration

+Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.

+> Notice that the data from all regions will be stored in the selected workspace

+1.1 Select or create a Linux machine

+Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds.

+1.2 Install the CEF collector on the Linux machine

+Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.

+> 1. Make sure that you have Python on your machine using the following command: python -version.

+> 2. You must have elevated permissions (sudo) on your machine.

+ Run the following command to install and apply the CEF collector:

+ `sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}`

+2. Configure Infoblox to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent

+Follow the steps below to configure the Infoblox CDC to send data to Microsoft Sentinel via the Linux Syslog agent.

+1. Navigate to **Manage > Data Connector**.

+2. Click the **Destination Configuration** tab at the top.

+3. Click **Create > Syslog**.

+ - **Name**: Give the new Destination a meaningful **name**, such as **Microsoft-Sentinel-Destination**.

+ - **Description**: Optionally give it a meaningful **description**.

+ - **State**: Set the state to **Enabled**.

+ - **Format**: Set the format to **CEF**.

+ - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.

+ - **Port**: Leave the port number at **514**.

+ - **Protocol**: Select desired protocol and CA certificate if applicable.

+ - Click **Save & Close**.

+4. Click the **Traffic Flow Configuration** tab at the top.

+5. Click **Create**.

+ - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Microsoft-Sentinel-Flow**.

+ - **Description**: Optionally give it a meaningful **description**.

+ - **State**: Set the state to **Enabled**.

+ - Expand the **Service Instance** section.

+ - **Service Instance**: Select your desired Service Instance for which the Data Connector service is enabled.

+ - Expand the **Source Configuration** section.

+ - **Source**: Select **BloxOne Cloud Source**.

+ - Select all desired **log types** you wish to collect. Currently supported log types are:

+ - Threat Defense Query/Response Log

+ - Threat Defense Threat Feeds Hits Log

+ - DDI Query/Response Log

+ - DDI DHCP Lease Log

+ - Expand the **Destination Configuration** section.

+ - Select the **Destination** you just created.

+ - Click **Save & Close**.

+6. Allow the configuration some time to activate.

+3. Validate connection

+Follow the instructions to validate your connectivity:

+Open Log Analytics to check if the logs are received using the CommonSecurityLog schema.

+>It may take about 20 minutes until the connection streams data to your workspace.

+If the logs are not received, run the following connectivity validation script:

+> 1. Make sure that you have Python on your machine using the following command: python -version

+>2. You must have elevated permissions (sudo) on your machine

+ Run the following command to validate your connectivity:

+ `sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}`

+4. Secure your machine

+Make sure to configure the machine's security according to your organization's security policy

+[Learn more >](https://aka.ms/SecureCEF)

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/infoblox.infoblox-app-for-microsoft-sentinel?tab=Overview) in the Azure Marketplace.

+ Title: "[Recommended] Infoblox SOC Insight Data Connector via AMA connector for Microsoft Sentinel"

+description: "Learn how to install the connector [Recommended] Infoblox SOC Insight Data Connector via AMA to connect your data source to Microsoft Sentinel."

+# [Recommended] Infoblox SOC Insight Data Connector via AMA connector for Microsoft Sentinel

+The Infoblox SOC Insight Data Connector allows you to easily connect your Infoblox BloxOne SOC Insight data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.

+This data connector ingests Infoblox SOC Insight CDC logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector.**

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | CommonSecurityLog (InfobloxCDC_SOCInsights)<br/> |

+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |

+| **Supported by** | [Infoblox](https://support.infoblox.com/) |

+## Query samples

+**Return all logs involving DNS Tunneling**

+ ```kusto

+InfobloxCDC_SOCInsights

+ | where ThreatType == "DNS Tunneling"

+ ```

+**Return all logs involving a configuration issue**

+ ```kusto

+InfobloxCDC_SOCInsights

+ | where ThreatClass == "TI-CONFIGURATIONISSUE"

+ ```

+**Return all high threat level logs**

+ ```kusto

+InfobloxCDC_SOCInsights

+ | where ThreatLevel == "High"

+ ```

+**Return raised status logs**

+ ```kusto

+InfobloxCDC_SOCInsights

+ | where Status == "RAISED"

+ ```

+**Return logs involving a high amount of unblocked DNS hits**

+ ```kusto

+InfobloxCDC_SOCInsights

+ | where NotBlockedCount >= 100

+ ```

+**Return each Insight by ThreatFamily**

+ ```kusto

+InfobloxCDC_SOCInsights

+ | summarize dcount(InfobloxInsightID) by ThreatFamily

+ ```

+## Prerequisites

+To integrate with [Recommended] Infoblox SOC Insight Data Connector via AMA make sure you have:

+- ****: To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)

+- ****: Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed. [Learn more](/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)

+## Vendor installation instructions

+Workspace Keys

+In order to use the playbooks as part of this solution, find your **Workspace ID** and **Workspace Primary Key** below for your convenience.

+ Workspace Key

+Parsers

+>This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC_SOCInsights**](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20SOC%20Insights/Parsers/InfobloxCDC_SOCInsights.yaml) which is deployed with the Microsoft Sentinel Solution.

+SOC Insights

+>This data connector assumes you have access to Infoblox BloxOne Threat Defense SOC Insights. You can find more information about SOC Insights [**here**](https://docs.infoblox.com/space/BloxOneThreatDefense/501514252/SOC+Insights).

+Infoblox Cloud Data Connector

+>This data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements.

+2. Secure your machine

+Make sure to configure the machine's security according to your organization's security policy

+[Learn more >](https://aka.ms/SecureCEF)

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/infoblox.infoblox-app-for-microsoft-sentinel?tab=Overview) in the Azure Marketplace.

+ Title: "SailPoint IdentityNow (using Azure Functions) connector for Microsoft Sentinel"

+description: "Learn how to install the connector SailPoint IdentityNow (using Azure Functions) to connect your data source to Microsoft Sentinel."

+# SailPoint IdentityNow (using Azure Functions) connector for Microsoft Sentinel

+To integrate with SailPoint IdentityNow (using Azure Functions) make sure you have:

+ e. **Select a runtime:** Choose Python 3.9.

+ Title: "Silverfort Admin Console connector for Microsoft Sentinel"

+description: "Learn how to install the connector Silverfort Admin Console to connect your data source to Microsoft Sentinel."

+# Silverfort Admin Console connector for Microsoft Sentinel

+The [Silverfort](https://silverfort.com) ITDR Admin Console connector solution allows ingestion of Silverfort events and logging into Microsoft Sentinel.

+ Silverfort provides syslog based events and logging using Common Event Format (CEF). By forwarding your Silverfort ITDR Admin Console CEF data into Microsoft Sentinel, you can take advantage of Sentinels's search & correlation, alerting, and threat intelligence enrichment on Silverfort data.

+ Please contact Silverfort or consult the Silverfort documentation for more information.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | CommonSecurityLog (DATATYPE_NAME)<br/> |

+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |

+| **Supported by** | [Silverfort](https://www.silverfort.com/customer-success/#support) |

+## Query samples

+**Get all User Brute Force incidents**

+ ```kusto

+CommonSecurityLog

+

+ | where DeviceVendor has 'Silverfort'

+

+ | where DeviceProduct has 'Admin Console'

+

+ | where DeviceEventClassID == "NewIncident"

+

+ | where Message has "UserBruteForce"

+ ```

+## Vendor installation instructions

+1. Linux Syslog agent configuration

+Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.

+> Notice that the data from all regions will be stored in the selected workspace

+1.1 Select or create a Linux machine

+Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds.

+1.2 Install the CEF collector on the Linux machine

+Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.

+> 1. Make sure that you have Python on your machine using the following command: python -version.

+> 2. You must have elevated permissions (sudo) on your machine.

+ Run the following command to install and apply the CEF collector:

+ `sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}`

+2. Forward Common Event Format (CEF) logs to Syslog agent

+Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address.

+3. Validate connection

+Follow the instructions to validate your connectivity:

+Open Log Analytics to check if the logs are received using the CommonSecurityLog schema.

+>It may take about 20 minutes until the connection streams data to your workspace.

+If the logs are not received, run the following connectivity validation script:

+> 1. Make sure that you have Python on your machine using the following command: python -version

+>2. You must have elevated permissions (sudo) on your machine

+ Run the following command to validate your connectivity:

+ `sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}`

+4. Secure your machine

+Make sure to configure the machine's security according to your organization's security policy

+[Learn more >](https://aka.ms/SecureCEF)

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/silverfort.microsoft-sentinel-solution-silverfort?tab=Overview) in the Azure Marketplace.

+ e. **Select a runtime:** Choose Python 3.11.

+## Query samples

+**All Threat Intelligence APIs Indicators**

+ ```kusto

+ThreatIntelligenceIndicator

+ | where SourceSystem !in ('SecurityGraph', 'Azure Sentinel', 'Microsoft Sentinel')

+ | sort by TimeGenerated desc

+ ```

+## Vendor installation instructions

+You can connect your threat intelligence data sources to Microsoft Sentinel by either:

+>Using an integrated Threat Intelligence Platform (TIP), such as Threat Connect, Palo Alto Networks MineMeld, MISP, and others.

+>Calling the Microsoft Sentinel data plane API directly from another application.

+ - Note: The 'Status' of the connector will not appear as 'Connected' here, because the data is ingested by making an API call.

+Follow These Steps to Connect to your Threat Intelligence:

+1. Get Microsoft Entra ID Access Token

+[concat('To send request to the APIs, you need to acquire Azure Active Directory access token. You can follow instruction in this page: /azure/databricks/dev-tools/api/latest/aad/app-aad-token#get-an-azure-ad-access-token

+ - Notice: Please request AAD access token with scope value: ', variables('management'), '.default')]

+2. Send indicators to Sentinel

+You can send indicators by calling our Upload Indicators API. For more information about the API, click [here](/azure/sentinel/upload-indicators-api).

+>HTTP method: POST

+>Endpoint: `https://api.ti.sentinel.azure.com/workspaces/[WorkspaceID]/threatintelligenceindicators:upload?api-version=2022-07-01`

+>WorkspaceID: the workspace that the indicators are uploaded to.

+>Header Value 1: "Authorization" = "Bearer [Microsoft Entra ID Access Token from step 1]"

+> Header Value 2: "Content-Type" = "application/json"

+

+>Body: The body is a JSON object containing an array of indicators in STIX format.

+ Title: "ZeroFox CTI (using Azure Functions) connector for Microsoft Sentinel"

+description: "Learn how to install the connector ZeroFox CTI (using Azure Functions) to connect your data source to Microsoft Sentinel."

+# ZeroFox CTI (using Azure Functions) connector for Microsoft Sentinel

+The ZeroFox CTI data connectors provide the capability to ingest the different [ZeroFox](https://www.zerofox.com/threat-intelligence/) cyber threat intelligence alerts into Microsoft Sentinel.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | ZeroFox_CTI_advanced_dark_web_CL<br/> ZeroFox_CTI_botnet_CL<br/> ZeroFox_CTI_breaches_CL<br/> ZeroFox_CTI_C2_CL<br/> ZeroFox_CTI_compromised_credentials_CL<br/> ZeroFox_CTI_credit_cards_CL<br/> ZeroFox_CTI_dark_web_CL<br/> ZeroFox_CTI_discord_CL<br/> ZeroFox_CTI_disruption_CL<br/> ZeroFox_CTI_email_addresses_CL<br/> ZeroFox_CTI_exploits_CL<br/> ZeroFox_CTI_irc_CL<br/> ZeroFox_CTI_malware_CL<br/> ZeroFox_CTI_national_ids_CL<br/> ZeroFox_CTI_phishing_CL<br/> ZeroFox_CTI_phone_numbers_CL<br/> ZeroFox_CTI_ransomware_CL<br/> ZeroFox_CTI_telegram_CL<br/> ZeroFox_CTI_threat_actors_CL<br/> ZeroFox_CTI_vulnerabilities_CL<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [ZeroFox](https://www.zerofox.com/contact-us/) |

+## Query samples

+**ZeroFox CTI C2-domains Logs**

+ ```kusto

+ZeroFox_CTI_C2_CL

+

+ | sort by TimeGenerated desc

+ ```

+**ZeroFox CTI Email Addresses Logs**

+ ```kusto

+ZeroFox_CTI_email_addresses_CL

+

+ | sort by TimeGenerated desc

+ ```

+**ZeroFox CTI Malware Logs**

+ ```kusto

+ZeroFox_CTI_malware_CL

+

+ | sort by TimeGenerated desc

+ ```

+## Prerequisites

+To integrate with ZeroFox CTI (using Azure Functions) make sure you have:

+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).

+- **ZeroFox API Credentials/permissions**: **ZeroFox Username**, **ZeroFox Personal Access Token** are required for ZeroFox CTI REST API.

+## Vendor installation instructions

+> [!NOTE]

+ > This connector uses Azure Functions to connect to the ZeroFox CTI REST API to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.

+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.

+**STEP 1 - Retrieval of ZeroFox credentials:**

+ Follow these instructions for set up logging and obtain credentials.

+1. [Log into ZeroFox's website.](https://cloud.zerofox.com/login) using your username and password

+2 - Click into the Settings button and go to the Data Connectors Section.

+3 - Select the API DATA FEEDS tab and head to the bottom of the page, select **Reset** in the API Information box, to obtain a Personal Access Token to be used along with your username.

+**STEP 2 - Deploy the Azure Function data connectors using the Azure Resource Manager template: **

+>**IMPORTANT:** Before deploying the ZeroFox CTI data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), readily available.

+Preparing resources for deployment.

+1. Click the **Deploy to Azure** button below.

+ [](https://aka.ms/sentinel-zerofox-azuredeploy)

+2. Select the preferred **Subscription**, **Resource Group**, Log analytics Workspace and **Location**.

+3. Enter the **Workspace ID**, **Workspace Key**, **ZeroFox Username**, **ZeroFox Personal Access Token**

+4.

+5. Click **Review + Create** to deploy.

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/zerofoxinc1695922129370.zerofox-sentinel-connector?tab=Overview) in the Azure Marketplace.

+ Title: "ZeroFox Enterprise - Alerts (Polling CCP) connector for Microsoft Sentinel"

+description: "Learn how to install the connector ZeroFox Enterprise - Alerts (Polling CCP) to connect your data source to Microsoft Sentinel."

+# ZeroFox Enterprise - Alerts (Polling CCP) connector for Microsoft Sentinel

+Collects alerts from ZeroFox API.

+This is autogenerated content. For changes, contact the solution provider.

+## Connector attributes

+| Connector attribute | Description |

+| | |

+| **Log Analytics table(s)** | {{graphQueriesTableName}}<br/> |

+| **Data collection rules support** | Not currently supported |

+| **Supported by** | [ZeroFox](https://www.zerofox.com/contact-us/) |

+## Query samples

+**List all ZeroFox alerts**

+ ```kusto

+{{graphQueriesTableName}}

+ | sort by TimeGenerated asc

+ ```

+**Count alerts by network type**

+ ```kusto

+{{graphQueriesTableName}}

+ | summarize Count = count() by ThreatSource=network_s

+ ```

+**Count alerts by entity**

+ ```kusto

+{{graphQueriesTableName}}

+ | summarize Count = count() by Entity=entity_name_s

+ ```

+## Prerequisites

+To integrate with ZeroFox Enterprise - Alerts (Polling CCP) make sure you have:

+- **ZeroFox Personal Access Token (PAT)**: A ZeroFox PAT is required. You can get it in Data Connectors > [API Data Feeds](https://cloud.zerofox.com/data_connectors/api).

+## Vendor installation instructions

+Connect ZeroFox to Microsoft Sentinel

+Provide your ZeroFox PAT

+## Next steps

+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/zerofoxinc1695922129370.zerofox-sentinel-connector?tab=Overview) in the Azure Marketplace.

+[Rollup 76](https://support.microsoft.com/topic/update-rollup-75-for-azure-site-recovery-4884b937-8976-454a-9b80-57e0200eb2ec) | 9.63.7187.1 | 9.63.7187.1 | 9.63.7187.1 | 5.24.0902.11 | 2.0.9938.0

+[Rollup 75](https://support.microsoft.com/topic/update-rollup-75-for-azure-site-recovery-4884b937-8976-454a-9b80-57e0200eb2ec) | 9.62.7172.1 | 9.62.7172.1 | 9.62.7172.1 | 5.24.0814.2 | 2.0.9932.0

+## Updates (October 2024)

+### Update Rollup 76

+Update [rollup 76](https://support.microsoft.com/topic/update-rollup-75-for-azure-site-recovery-4884b937-8976-454a-9b80-57e0200eb2ec) provides the following updates:

+**Update** | **Details**

+ |

+**Providers and agents** | Updates to Site Recovery agents and providers as detailed in the rollup KB article.

+**Issue fixes/improvements** | Many fixes and improvement as detailed in the rollup KB article.

+**Azure VM disaster recovery** | Added support for Debian 11, SLES 12, SLES 15, Ubuntu 22.04 to 18.04 distros, Oracle Linux 9.4, and RHEL 9 Linux distros.

+**VMware VM/physical disaster recovery to Azure** | Added support for Debian 11, SLES 12, SLES 15, Ubuntu 22.04 to 18.04 distros, Oracle Linux 9.4, and RHEL 9 Linux distros.

+SUSE Linux Enterprise Server 12, SP1, SP2, SP3, SP4, SP5 | 9.63 | By default, all [stock SUSE 12 SP1, SP2, SP3, SP4, SP5, SP6 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported.</br> No new kernels in this release. |

+SUSE Linux Enterprise Server 15, SP1, SP2, SP3, SP4, SP5 | 9.63 | By default, all [stock SUSE 15 SP1, SP2, SP3, SP4, SP5, SP6 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported.</br> No new kernels in this release. |

+SUSE Linux Enterprise Server 15, SP1, SP2, SP3, SP4 | 9.60 | By default, all [stock SUSE 15 SP1, SP2, SP3, SP4, SP5 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported.</br> 5.14.21-150500.33.29-azure <br>5.14.21-150500.33.34-azure |

+SUSE Linux Enterprise Server 15, SP1, SP2, SP3, SP4 | 9.59 | By default, all [stock SUSE 15 SP1, SP2, SP3, SP4, SP5 kernels](https://www.suse.com/support/kb/doc/?id=000019587) are supported.</br> No new SUSE 15 kernels supported in this release. |

+| endsWith | less | less ||

+Using the [Sample prices](#sample-prices) that appear in this article, and assuming an **8-MiB** block size, the following table estimates the cost to upload **1000** blobs that are each **5 GiB** in size to the hot tier.

+| **Cost of write operations (641,000 * price of a single operation)** | **$3.5255** |

+| **Cost of data retrieval (5 * price of data retrieval)** | **$0.05** |

+| **Cost to write (1000 * price of a single operation)** | **$0.0055** |

+| **Cost of read operations (1,000 * price of a single operation)** | **$0.00044** |

+| **Cost to rename blob virtual directories (1000 * price of a single operation)** | **$0.0055** | **$0.01** | **$.018** |

+| **Cost to rename Data Lake Storage directories (1000 * price of a single operation)** | **$0.715** | **$0.715** | **$0.715** |

+| **Cost to rename blob virtual directories (1000 * (1000 * price of a single operation)** | **$5.50** | **$10.00** | **$18.00** |

+| **Cost to rename Data Lake Storage directories (1000 * price of a single operation)** | **$0.715** | **$0.715** | **0.715** |

+The following example lists the blobs in the specified container using a flat listing. This example includes blob snapshots and blob versions, if they exist:

+Customers using NFS Azure file shares can take file share snapshots. This capability allows users to roll back entire file systems or recover files that were accidentally deleted or corrupted. See [Use share snapshots with Azure Files](storage-snapshots-files.md#nfs-file-share-snapshots).

+- If you experience any issues, see [Troubleshoot NFS Azure file shares](/troubleshoot/azure/azure-storage/files-troubleshoot-linux-nfs?toc=/azure/storage/files/toc.json).

+| China North 2 | 40.73.50.0 | 52.130.40.64/29 |

+| Central Israel | | 20.217.59.248/29, 20.217.91.192/29, 20.217.75.192/29 |

+| North Italy | | 4.232.107.184/29, 4.232.195.192/29, 4.232.123.192/29 |

+| Malaysia South | | 20.17.67.248/29 |

+| Poland Central | | 20.215.27.192/29, 20.215.155.248/29, 20.215.19.192/29 |

+| Qatar Central | | 20.21.43.248/29, 20.21.75.192/29, 20.21.67.192/29 |

+| Spain Central | | 68.221.99.184/29, 68.221.154.88/29, 68.221.147.192/29 |

+| Sweden Central | | 51.12.224.32/29, 51.12.232.32/29 |

+| Sweden South | | 51.12.200.32/29, 51.12.201.32/29 |

+| Taiwan North | | 51.53.107.248/29 |

+| Taiwan Northwest | | 51.53.187.248/29 |

+Use the Request ID and the Step Index to retrieve details from [sys.dm_pdw_sql_requests](/sql/relational-databases/system-dynamic-management-views/sys-dm-pdw-sql-requests-transact-sql?view=azure-sqldw-latest&preserve-view=true), which contains execution information of the query step on all of the distributed databases.

+> [!IMPORTANT]

+> User-defined routes management with Azure Virtual Network Manager is in public preview. Public previews are made available to you on the condition that you agree to the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). Some features might not be supported or might have constrained capabilities. This preview version is provided without a service level agreement, and it's not recommended for production workloads.

+In virtual network manager, you create a routing configuration. Inside the configuration, you create rule collections to describe the UDRs needed for a network group (target network group). In the rule collection, route rules are used to describe the desired routing behavior for the subnets or virtual networks in the target network group. Once the configuration is created, you need to [deploy the configuration](./concept-deployments.md) for it to apply to your resources. Upon deployment, all routes are stored in a route table located inside a virtual network manager-managed resource group.

+## Adding other virtual networks

+When you add other virtual networks to a network group, the routing configuration is automatically applied to the new virtual network. Your network manager automatically detects the new virtual network and applies the routing configuration to it. When you remove a virtual network from the network group, the applied routing configuration is automatically removed as well.

+Newly created or deleted subnets have their route table updated with eventual consistency. The processing time may vary based on the volume of subnet creation and deletion.

+- UDR Management supports creating 1000 UDRs within a route table. This means that you can create a routing configuration with a maximum of 1,000 routing rules.

+If you no longer need Azure Virtual Network Manager and the associated virtual networks, you can remove it by deleting the resource group and its resources.

+1. In the **Azure portal**, browse to your resource group - **resource-group**.

+1. Select **resource-group** and select **Delete resource group**.

+1. In the **Delete a resource group** window, confirm that you want to delete by entering **resource-group** in the text box, and then select **Delete**.

+Before you can create an Azure Virtual Network Manager instance, you have to create a resource group to host it. Create a resource group by using [New-AzResourceGroup](/powershell/module/az.Resources/New-azResourceGroup). This example creates a resource group named *resource-group* in the *West US 2* region:

+# Create a resource group

+$location = "West US 2"

+ Name = 'resource-group'

+$subID= <subscription_id>

+$subGroup.Add("/subscriptions/$subID")

+Create a Virtual Network Manager instance by using [New-AzNetworkManager](/powershell/module/az.network/new-aznetworkmanager). This example creates an instance named *network-manager* in the *West US 2* region:

+ Name = 'network-manager'

+ ResourceGroupName = $rg.ResourceGroupName

+Create three virtual networks by using [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). This example creates virtual networks named *vnet-spoke-001*, *vnet-spoke-002*, and *vnet-hub-001* in the *West US 2* region. If you already have virtual networks that you want create a mesh network with, you can skip to the next section.

+$vnetspoke001 = @{

+ Name = 'vnet-spoke-001'

+ ResourceGroupName = $rg.ResourceGroupName

+$vnet_spoke_001 = New-AzVirtualNetwork @vnetspoke001

+$vnetspoke002 = @{

+ Name = 'vnet-spoke-002'

+ ResourceGroupName = $rg.ResourceGroupName

+$vnet_spoke_002 = New-AzVirtualNetwork @vnetspoke002

+$vnethub001 = @{

+ Name = 'vnet-hub-001'

+ ResourceGroupName = $rg.ResourceGroupName

+$vnet_hub_001 = New-AzVirtualNetwork @vnethub001

+$subnet_vnetspoke001 = @{

+ VirtualNetwork = $vnet_spoke_001

+$subnetConfig_vnetspoke001 = Add-AzVirtualNetworkSubnetConfig @subnet_vnetspoke001

+$vnet_spoke_001 | Set-AzVirtualNetwork

+$subnet_vnetspoke002 = @{

+ VirtualNetwork = $vnet_spoke_002

+$subnetConfig_vnetspoke002 = Add-AzVirtualNetworkSubnetConfig @subnet_vnetspoke002

+$vnet_spoke_002 | Set-AzVirtualNetwork

+$subnet_vnet_hub_001 = @{

+ VirtualNetwork = $vnet_hub_001

+$subnetConfig_vnet_hub_001 = Add-AzVirtualNetworkSubnetConfig @subnet_vnet_hub_001

+$vnet_hub_001 | Set-AzVirtualNetwork

+Virtual Network Manager applies configurations to groups of virtual networks by placing them in network groups. Create a network group by using [New-AzNetworkManagerGroup](/powershell/module/az.network/new-aznetworkmanagergroup). This example creates a network group named *network-group* in the West US 2 region:

+ Name = 'network-group'

+ ResourceGroupName = $rg.ResourceGroupName

+In this task, you add the static members *vnet-spoke-001* and *vnet-spoke-002* to the network group *network-group* by using [New-AzNetworkManagerStaticMember](/powershell/module/az.network/new-aznetworkmanagerstaticmember).

+$sm_vnetspoke001 = @{

+ Name = Get-UniqueString $vnet_spoke_001.Id

+ ResourceGroupName = $rg.ResourceGroupName

+ ResourceId = $vnet_spoke_001.Id

+ $sm_vnetspoke001 = New-AzNetworkManagerStaticMember @sm_vnetspoke001

+$sm_vnetspoke002 = @{

+ Name = Get-UniqueString $vnet_spoke_002.Id

+ ResourceGroupName = $rg.ResourceGroupName

+ ResourceId = $vnet_spoke_002.Id

+ $sm_vnetspoke002 = New-AzNetworkManagerStaticMember @sm_vnetspoke002

+In this task, you create a connectivity configuration with the network group *network-group* by using [New-AzNetworkManagerConnectivityConfiguration](/powershell/module/az.network/new-aznetworkmanagerconnectivityconfiguration) and [New-AzNetworkManagerConnectivityGroupItem](/powershell/module/az.network/new-aznetworkmanagerconnectivitygroupitem):

+ Name = 'connectivity-configuration'

+ ResourceGroupName = $rg.ResourceGroupName

+$target.Add("westus2")

+ ResourceGroupName = $rg.ResourceGroupName

+Deploy-AzNetworkManagerCommit @deployment

+If you no longer need the Azure Virtual Network Manager instance and it's associate resources, delete the resource group that contains them. Deleting the resource group also deletes the resources that you created.

+1. Delete the resource group using [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup):

+ Remove-AzResourceGroup -Name $rg.ResourceGroupName -Force

+1. If you used **Dynamic Network Group Membership**, delete the deployed Azure Policy Definition and Assignment by navigating to your Subscription in the Portal and selecting the **Policies**. In Policies, find the **Assignment** named `AVNM quickstart dynamic group membership Policy` and delete it, then do the same for the **Definition** named `AVNM quickstart dynamic group membership Policy`.

+> [Quickstart: Create a mesh network topology with Azure Virtual Network Manager using Terraform](create-virtual-network-manager-terraform.md)

+ :::image type="content" source="./media/how-to-create-hub-and-spoke/group-members-list.png" alt-text="Screenshot that shows a list of group members.":::

+1. Select **Delete existing peerings** checkbox if you want to remove all previously created virtual network peering between virtual networks in the network group defined in this configuration, and then select **Select a hub**.

+ * *Direct connectivity*: Select **Enable peering within network group** if you want to establish virtual network peering between virtual networks in the network group of the same region.

+ * *Global Mesh*: Select **Enable mesh connectivity across regions** if you want to establish virtual network peering for all virtual networks in the network group across regions.

+ :::image type="content" source="./media/how-to-create-hub-and-spoke/deployment-succeeded.png" alt-text="Screenshot of configuration deployment in progress status.":::

+- Learn how to block network traffic with a [SecurityAdmin configuration](how-to-block-network-traffic-portal.md).

+ :::image type="content" source="./media/how-to-create-hub-and-spoke/group-members-list.png" alt-text="Screenshot that shows a list of group members.":::

+> [!IMPORTANT]

+> User-defined routes management with Azure Virtual Network Manager is in public preview. Public previews are made available to you on the condition that you agree to the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). Some features might not be supported or might have constrained capabilities. This preview version is provided without a service level agreement, and it's not recommended for production workloads.

+ | **Resource group** | Select **Create new** and enter **resource-group**.</br> Select **Ok**. |

+ | **Name** | Enter **network-manager**. |

+ | **Region** | Select **(US) West US 2** or a region of your choosing. Virtual Network Manager can manage virtual networks in any region. The selected region is where the Virtual Network Manager instance is deployed. |

+ | **Resource group** | Select **resource-group**. |

+ | **Region** | Select **(US) West US 2**. |

+ | **Resource group** | Select **resource-group**. |

+ | **Region** | Select **(US) West US 2**. |

+1. From the **Home** page, select **Resource groups** and browse to the **resource-group** resource group, and select the **vnm-1** Virtual Network Manager instance.

+ | **Name** | Enter **network-group**. |

+1. Select **network-group** and choose **Create Azure Policy**.

+ | **Policy name** | Enter **azure-policy**. |

+ | **Target network groups** | select **network-group**. |

+ | **Target regions** | Select **(US) West US 2)**. |

+> [!IMPORTANT]

+> User-defined routes management with Azure Virtual Network Manager is in public preview. Public previews are made available to you on the condition that you agree to the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). Some features might not be supported or might have constrained capabilities. This preview version is provided without a service level agreement, and it's not recommended for production workloads.

+ Title: Create a virtual network with encryption

+description: Learn how to create an encrypted virtual network. A virtual network lets Azure resources communicate with each other and the internet.

+# Create a virtual network with encryption

+ * It's not recommended to open a virtual network to the Internet by default using the Zero Trust network security principle.

+ Title: "Tutorial: Filter network traffic with a network security group (NSG)"

+description: In this tutorial, you learn how to filter network traffic to a subnet with a network security group (NSG).

+# Tutorial: Filter network traffic with a network security group

+ Title: 'Tutorial: Restrict access to PaaS resources with service endpoints'

+description: In this tutorial, you learn how to limit and restrict network access to Azure resources, such as an Azure Storage, with virtual network service endpoints.

+# Tutorial: Restrict network access to PaaS resources with virtual network service endpoints

+- Virtual Network encryption is supported on the following virtual machine instance sizes:

+ | Memory intensive workloads | E-series V4 </br> E-series V5 </br> E-series V6 </br> M-series V2 </br> M-series V3 | **[Ev4 and Esv4-series](/azure/virtual-machines/ev4-esv4-series)** </br> **[Edv4 and Edsv4-series](/azure/virtual-machines/edv4-edsv4-series)** </br> **[Eav4 and Easv4-series](/azure/virtual-machines/eav4-easv4-series)** </br> **[Ev5 and Esv5-series](/azure/virtual-machines/ev5-esv5-series)** </br> **[Edv5 and Edsv5-series](/azure/virtual-machines/edv5-edsv5-series)** </br> **[Easv5 and Eadsv5-series](/azure/virtual-machines/easv5-eadsv5-series)** </br> **[Easv6 and Eadsv6-series](/azure/virtual-machines/easv6-eadsv6-series)** </br> **[Mv2-series](/azure/virtual-machines/mv2-series)** </br> **[Msv2 and Mdsv2 Medium Memory series](/azure/virtual-machines/msv2-mdsv2-series)** </br> **[Msv3 and Mdsv3 Medium Memory series](/azure/virtual-machines/msv3-mdsv3-medium-series)** |

+ | Storage intensive workloads | L-series V3 | **[LSv3-series](/azure/virtual-machines/lsv3-series)** |

+ | Compute optimized | F-series V6 | **[Falsv6-series](/azure/virtual-machines/sizes/compute-optimized/falsv6-series)** </br> **[Famsv6-series](/azure/virtual-machines/sizes/compute-optimized/famsv6-series)** </br> **[Fasv6-series](/azure/virtual-machines/sizes/compute-optimized/fasv6-series)** |

+* In order to connect it to a virtual hub, the remote virtual network can't have a gateway (ExpressRoute or VPN) or RouteServer.

+* In order to connect it to a virtual hub, the remote virtual network can't have a gateway (ExpressRoute or VPN) or RouteServer.

+| Metric| Routing | [New Virtual Hub Metrics](monitor-virtual-wan-reference.md#hub-router-metrics)| There are now two new Virtual WAN hub metrics that display the virtual hub's capacity and spoke VM utilization: **Routing Infrastructure Units** and **Spoke VM Utilization**.| August 2024 | The **Spoke VM Utilization** metric represents an approximate number of deployed spoke VMs as a percentage of the total number of spoke VMs that the hub's routing infrastructure units can support.

+| Feature| Routing | [Routing intent](how-to-routing-policies.md)| Routing intent is the mechanism through which you can configure Virtual WAN to send private or internet traffic via a security solution deployed in the hub.|May 2023|Routing Intent is Generally Available in Azure public cloud. See documentation for [other limitations](how-to-routing-policies.md#knownlimitations).|

+|6| Configuring routing intent to route between connectivity and firewall NVAs in the same Virtual WAN Hub| Virtual WAN routing intent private routing policy does not support routing between an SD-WAN NVA and a Firewall NVA (or SaaS solution) deployed in the same Virtual hub.| | Deploy the connectivity and firewall integrated NVAs in two different hubs in the same Azure region. Alternatively, deploy the connectivity NVA to a spoke Virtual Network connected to your Virtual WAN Hub and leverage the [BGP peering](scenario-bgp-peering-hub.md).|

+|9| Routing intent update operations fail in deployments where private routing policy next hop resource is an NVA or SaaS solution.| In deployments where private routing policy is configured with next hop NVA or SaaS solutions alongside additional private prefixes, modifying routing intent fails. Examples of operations that fail are adding or removing internet or private routing policies. This known issue doesn't impact deployments with no additional private prefixes configured. | |Remove any additional private prefixes, update routing intent and then re-configure additional private prefixes.|

+> [!NOTE]

+> When a ruleset version is changed in a WAF Policy, any existing customizations you made to your ruleset will be reset to the defaults for the new ruleset. See: [Upgrading or changing ruleset version](#upgrading-or-changing-ruleset-version).

+### Upgrading or changing ruleset version

+If you are upgrading, or assigning a new ruleset version, and would like to preserve existing rule overrides and exclusions, it is recommended to use PowerShell, CLI, REST API, or a templates to make ruleset version changes. A new version of a ruleset can have newer rules, additional rule groups, and may have updates to existing signatures to enforce better security and reduce false positives. It is recommended to validate changes in a test environment, fine tune if necessary, and then deploy in a production environment.

+> [!NOTE]

+> If you are using the Azure portal to assign a new managed ruleset to a WAF policy, all the previous customizations from the existing managed ruleset such as rule state, rule actions, and rule level exclusions will be reset to the new managed ruleset's defaults. However, any custom rules, or policy settings will remain unaffected during the new ruleset assignment. You will need to redefine rule overrides and validate changes before deploying in a production environment.

+ > [!WARNING]

+ > When assigning a new managed ruleset to a WAF policy, all the previous customizations from the existing managed rulesets such as rule state, rule actions and rule level exclusions will be reset to the new managed ruleset's defaults. However, any custom rules and policy settings will remain unaffected during the new ruleset assignment.

+ Title: CRS and DRS rule groups and rules

+description: This page provides information on web application firewall CRS and DRS rule groups and rules.

+> When a ruleset version is changed in a WAF Policy, any existing customizations you made to your ruleset will be reset to the defaults for the new ruleset. See: [Upgrading or changing ruleset version](#upgrading-or-changing-ruleset-version).

+### Upgrading or changing ruleset version

+If you are upgrading, or assigning a new ruleset version, and would like to preserve existing rule overrides and exclusions, it is recommended to use PowerShell, CLI, REST API, or a templates to make ruleset version changes. A new version of a ruleset can have newer rules, additional rule groups, and may have updates to existing signatures to enforce better security and reduce false positives. It is recommended to validate changes in a test environment, fine tune if necessary, and then deploy in a production environment.

+> [!NOTE]

+> If you are using the Azure portal to assign a new managed ruleset to a WAF policy, all the previous customizations from the existing managed ruleset such as rule state, rule actions, and rule level exclusions will be reset to the new managed ruleset's defaults. However, any custom rules, policy settings, and global exclusions will remain unaffected during the new ruleset assignment. You will need to redefine rule overrides and validate changes before deploying in a production environment.

+ > [!WARNING]

+ > When assigning a new managed ruleset to a WAF policy, all the previous customizations from the existing managed rulesets such as rule state, rule actions and rule level exclusions will be reset to the new managed ruleset's defaults. However, any custom rules, policy settings, and global exclusions will remain unaffected during the new ruleset assignment.