+It might sound alarming to not ask for a user to sign back in, in reality any violation of IT policies will revoke the session. Some examples include (but aren't limited to) a password change, an incompliant device, or account disable. You can also explicitly [revoke usersΓÇÖ sessions using Microsoft Graph PowerShell](/powershell/module/microsoft.graph.users.actions/revoke-mgusersigninsession). The Microsoft Entra ID default configuration comes down to ΓÇ£donΓÇÖt ask users to provide their credentials if security posture of their sessions hasn't changedΓÇ¥.

+1. Skip the **Custom extensions** step.

+1. Select the catalog for which you want to add a custom extension and then in the left menu, select **Custom Extensions**.

+1. The custom extension created will show under the **Custom Extensions** tab. Select the ΓÇ£*Logic app*ΓÇ¥ in the custom extension that will redirect you to a page to configure the logic app.

+1. In the policy settings, go to the **Custom Extensions** tab.

+1. Under the Custom Extensions tab, in the menu below Stage, select the access package event you wish to use as trigger for this custom extension (Logic App). For our scenario, to trigger the custom extension Logic App workflow when an access package is requested, approved, granted, or removed, select **Request is created**, **Request is approved**, **Assignment is Granted**, and **Assignment is removed**.

+## Manage role assignments programmatically

+## Manage role assignments to entitlement management roles programmatically

+- Give users access automatically to those resources, based on the user's properties like department or cost center, and remove a user's access when those properties change.

+1. Select the catalog for which you want to add a custom extension and then in the left menu, select **Custom Extensions**.

+1. In the policy settings, go to the **Custom Extensions** tab.

+> [Trigger Logic Apps with custom extensions in entitlement management](entitlement-management-logic-apps-integration.md)

+| Adding and removing a user's group memberships, application roles, and SharePoint site roles, based on changes to the user's attributes | [Configure an automatic assignment policy for an access package in entitlement management](entitlement-management-access-package-auto-assignment-policy.md)|

+| Running custom workflows when a user requests or receives access, or access is removed | [Trigger Logic Apps in entitlement management](entitlement-management-logic-apps-integration.md) |

+With separation-of-duties checks in Microsoft Entra ID [entitlement management](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/ensure-compliance-using-separation-of-duties-checks-in-access/ba-p/2466939), customers can ensure that users don't take on excessive access rights:

+* With integration with [Pathlock](https://pathlock.com/) and other partner products, customers can take advantage of fine-grained separation-of-duties checks with access packages in Microsoft Entra ID. Over time, this ability will help customers address Sarbanes-Oxley and other compliance requirements.

+ * [Summarization](../language-service/summarization/how-to/use-containers.md)

+## Download the summarization container models

+A pre-requisite for running the summarization container is to download the models first. This can be done by running one of the following commands using a CPU container image as an example:

+docker run -v {HOST_MODELS_PATH}:/models mcr.microsoft.com/azure-cognitive-services/textanalytics/summarization:cpu downloadModels=ExtractiveSummarization billing={ENDPOINT_URI} apikey={API_KEY}

+docker run -v {HOST_MODELS_PATH}:/models mcr.microsoft.com/azure-cognitive-services/textanalytics/summarization:cpu downloadModels=AbstractiveSummarization billing={ENDPOINT_URI} apikey={API_KEY}

+docker run -v {HOST_MODELS_PATH}:/models mcr.microsoft.com/azure-cognitive-services/textanalytics/summarization:cpu downloadModels=ConversationSummarization billing={ENDPOINT_URI} apikey={API_KEY}

+Once the *Summarization* container is on the host computer, use the following `docker run` command to run the containers. The container will continue to run until you stop it. Replace the placeholders below with your own values:

+| Placeholder | Value | Format or example |

+|-|-||

+| **{HOST_MODELS_PATH}** | The host computer [volume mount](https://docs.docker.com/storage/volumes/), which Docker uses to persist the model. |An example is c:\SummarizationModel where the c:\ drive is located on the host machine.|

+| **{ENDPOINT_URI}** | The endpoint for accessing the summarization API. You can find it on your resource's **Key and endpoint** page, on the Azure portal. | `https://<your-custom-subdomain>.cognitiveservices.azure.com`|

+| **{API_KEY}** | The key for your Language resource. You can find it on your resource's **Key and endpoint** page, on the Azure portal. |`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`|

+docker run -p 5000:5000 -v {HOST_MODELS_PATH}:/models mcr.microsoft.com/azure-cognitive-services/textanalytics/summarization:cpu eula=accept rai_terms=accept billing={ENDPOINT_URI} apikey={API_KEY}

+Or if you are running a GPU container, use this command instead.

+docker run -p 5000:5000 --gpus all -v {HOST_MODELS_PATH}:/models mcr.microsoft.com/azure-cognitive-services/textanalytics/summarization:gpu eula=accept rai_terms=accept billing={ENDPOINT_URI} apikey={API_KEY}

+|  [Anomaly Detector](./Anomaly-Detector/index.yml)(retired) | Identify potential problems early on |

+|  [Metrics Advisor](./metrics-advisor/index.yml)(retired) | An AI service that detects unwanted contents |

+|  [Personalizer](./personalizer/index.yml)(retired) | Create rich, personalized experiences for each user |

+> [!NOTE]

+> For windows, set the environment variable to override the ARC on an Azure VM installation.

+> ```powershell

+> [System.Environment]::SetEnvironmentVariable("MSFT_ARC_TEST",'true', [System.EnvironmentVariableTarget]::Machine)

+> ```

+1. Regenerate the key that was used by the SAS token or secondaryKey of the map account.

+1. Remove the role assignment for the managed identity on the associated map account.

+> 1. Create a SAS token using `secondaryKey`, or a different managed identity than the previous one, as the `signingKey` and distribute the new SAS token to the application.

+| signingKey | `primaryKey` | Required, the string enum value for the signingKey either `primaryKey`, `secondaryKey` or managed identity is used to create the signature of the SAS. |

+- **Red Hat, CentOS, Oracle**:

+>[!NOTE]

+>While regenerating the [Log Analytics Workspace shared keys](/rest/api/loganalytics/workspace-shared-keys) is possible, the intention for this is **not** to immediately restrict access to any agents currently using those keys. Agents use the key to generate a certificate that expires after three months. Regenerating the shared keys will only prevent agents from renewing their certificates, not continuing to use those certificates until they expire.

+ :::image type="content" source="./media/agent-windows-troubleshoot/output-testcloudconnection-tool-01.png" lightbox="./media/agent-windows-troubleshoot/output-testcloudconnection-tool-01.png" alt-text="Screenshot that shows TestCloudConnection tool execution results.":::

+ :::image type="content" source="./media/agent-windows-troubleshoot/event-id-1210-healthservice-01.png" lightbox="./media/agent-windows-troubleshoot/event-id-1210-healthservice-01.png" alt-text="Screenshot that shows an Event ID 1210 description.":::

+>[!NOTE]

+>While regenerating the [Log Analytics Workspace shared keys](/rest/api/loganalytics/workspace-shared-keys) is possible, the intention for this is **not** to immediately restrict access to any agents currently using those keys. Agents use the key to generate a certificate that expires after three months. Regenerating the shared keys will only prevent agents from renewing their certificates, not continuing to use those certificates until they expire.

+7. Click **Next** once you have completed providing the necessary configuration settings.<br><br> :::image type="content" source="media/agent-windows/log-analytics-mma-setup-laworkspace.png" lightbox="media/agent-windows/log-analytics-mma-setup-laworkspace.png" alt-text="paste Workspace ID and Primary Key":::<br><br>

+From the computer in **Control Panel**, find the item **Microsoft Monitoring Agent**. Select it, and on the **Azure Log Analytics** tab, the agent should display a message stating *The Microsoft Monitoring Agent has successfully connected to the Microsoft Operations Management Suite service.*<br><br> :::image type="content" source="media/agent-windows/log-analytics-mma-laworkspace-status.png" lightbox="media/agent-windows/log-analytics-mma-laworkspace-status.png" alt-text="Screenshot that shows the MMA connection status to Log Analytics message.":::

+| | Azure | Γ£ô | Γ£ô | Γ£ô |

+| | Other cloud (Azure Arc) | Γ£ô | Γ£ô | |

+| | On-premises (Azure Arc) | Γ£ô | Γ£ô | |

+| | Windows Client OS | Γ£ô | | |

+| | Event Logs | Γ£ô | Γ£ô | Γ£ô |

+| | Performance | Γ£ô | Γ£ô | Γ£ô |

+| | File based logs | Γ£ô | Γ£ô | Γ£ô |

+| | IIS logs | Γ£ô | Γ£ô | Γ£ô |

+| | ETW events | | | Γ£ô |

+| | .NET app logs | | | Γ£ô |

+| | Crash dumps | | | Γ£ô |

+| | Agent diagnostics logs | | | Γ£ô |

+| | Azure Monitor Logs | Γ£ô | Γ£ô | |

+| | Azure Monitor Metrics¹ | Γ£ô (Public preview) | | Γ£ô (Public preview) |

+| | Azure Storage | | | Γ£ô |

+| | Event Hubs | | | Γ£ô |

+| | Microsoft Sentinel | Γ£ô ([View scope](./azure-monitor-agent-migration.md#migrate-additional-services-and-features)) | Γ£ô | |

+| | VM Insights | Γ£ô | Γ£ô | |

+| | Microsoft Defender for Cloud | Γ£ô (Public preview) | Γ£ô | |

+| | Automation Update Management | | Γ£ô | |

+| | Azure Stack HCI | Γ£ô | | |

+| | Change Tracking | Γ£ô (Public preview) | Γ£ô | |

+| | SQL Best Practices Assessment | Γ£ô | | |

+| | Azure | Γ£ô | Γ£ô | Γ£ô | Γ£ô |

+| | Other cloud (Azure Arc) | Γ£ô | Γ£ô | | Γ£ô |

+| | On-premises (Azure Arc) | Γ£ô | Γ£ô | | Γ£ô |

+| | Syslog | Γ£ô | Γ£ô | Γ£ô | |

+| | Performance | Γ£ô | Γ£ô | Γ£ô | Γ£ô |

+| | File based logs | Γ£ô | | | |

+| | Azure Monitor Logs | Γ£ô | Γ£ô | | |

+| | Azure Monitor Metrics¹ | Γ£ô (Public preview) | | | Γ£ô (Public preview) |

+| | Azure Storage | | | Γ£ô | |

+| | Event Hubs | | | Γ£ô | |

+| | Microsoft Sentinel | Γ£ô ([View scope](./azure-monitor-agent-migration.md#migrate-additional-services-and-features)) | Γ£ô | |

+| | VM Insights | Γ£ô | Γ£ô | |

+| | Microsoft Defender for Cloud | Γ£ô (Public preview) | Γ£ô | |

+| | Automation Update Management | | Γ£ô | |

+| | Change Tracking | Γ£ô (Public preview) | Γ£ô | |

+| Windows Server 2022 | Γ£ô | Γ£ô | |

+| Windows Server 2022 Core | Γ£ô | | |

+| Windows Server 2019 | Γ£ô | Γ£ô | Γ£ô |

+| Windows Server 2019 Core | Γ£ô | | |

+| Windows Server 2016 | Γ£ô | Γ£ô | Γ£ô |

+| Windows Server 2016 Core | Γ£ô | | Γ£ô |

+| Windows Server 2012 R2 | Γ£ô | Γ£ô | Γ£ô |

+| Windows Server 2012 | Γ£ô | Γ£ô | Γ£ô |

+| Windows Server 2008 R2 SP1 | Γ£ô | Γ£ô | Γ£ô |

+| Windows Server 2008 R2 | | | Γ£ô |

+| Windows Server 2008 SP2 | | Γ£ô | |

+| Windows 11 Client and Pro | Γ£ô², ³ | | |

+| Windows 11 Enterprise<br>(including multi-session) | Γ£ô | | |

+| Windows 10 1803 (RS4) and higher | Γ£ô² | | |

+| Windows 10 Enterprise<br>(including multi-session) and Pro<br>(Server scenarios only) | Γ£ô | Γ£ô | Γ£ô |

+| Windows 8 Enterprise and Pro<br>(Server scenarios only | | Γ£ô¹ | |

+| Windows 7 SP1<br>(Server scenarios only) | | Γ£ô¹ | |

+| Azure Stack HCI | Γ£ô | Γ£ô | |

+| Windows IoT Enterprise | Γ£ô | | |

+| AlmaLinux 8 | Γ£ô³ | Γ£ô | |

+| Amazon Linux 2017.09 | | Γ£ô | |

+| Amazon Linux 2 | Γ£ô | Γ£ô | |

+| CentOS Linux 8 | Γ£ô | Γ£ô | |

+| CentOS Linux 7 | Γ£ô³ | Γ£ô | Γ£ô |

+| CBL-Mariner 2.0 | Γ£ô^3,4 | | |

+| Debian 11 | Γ£ô³ | | |

+| Debian 10 | Γ£ô | Γ£ô | |

+| Debian 9 | Γ£ô | Γ£ô | Γ£ô |

+| Debian 8 | | Γ£ô | |

+| OpenSUSE 15 | Γ£ô | | |

+| Oracle Linux 8 | Γ£ô | Γ£ô | |

+| Oracle Linux 7 | Γ£ô | Γ£ô | Γ£ô |

+| Oracle Linux 6.4+ | | | Γ£ô |

+| Red Hat Enterprise Linux Server 9+ | Γ£ô | | |

+| Red Hat Enterprise Linux Server 8.6+ | Γ£ô³ | Γ£ô² | Γ£ô² |

+| Red Hat Enterprise Linux Server 8.0-8.5 | Γ£ô | Γ£ô² | Γ£ô² |

+| Red Hat Enterprise Linux Server 7 | Γ£ô | Γ£ô | Γ£ô |

+| Red Hat Enterprise Linux Server 6.7+ | | | Γ£ô |

+| Rocky Linux 8 | Γ£ô | Γ£ô | |

+| SUSE Linux Enterprise Server 15 SP4 | Γ£ô³ | | |

+| SUSE Linux Enterprise Server 15 SP3 | Γ£ô | | |

+| SUSE Linux Enterprise Server 15 SP2 | Γ£ô | | |

+| SUSE Linux Enterprise Server 15 SP1 | Γ£ô | Γ£ô | |

+| SUSE Linux Enterprise Server 15 | Γ£ô | Γ£ô | |

+| SUSE Linux Enterprise Server 12 | Γ£ô | Γ£ô | Γ£ô |

+| Ubuntu 22.04 LTS | Γ£ô | | |

+| Ubuntu 20.04 LTS | Γ£ô³ | Γ£ô | Γ£ô |

+| Ubuntu 18.04 LTS | Γ£ô³ | Γ£ô | Γ£ô |

+| Ubuntu 16.04 LTS | Γ£ô | Γ£ô | Γ£ô |

+| Ubuntu 14.04 LTS | | Γ£ô | Γ£ô |

+| CentOS Linux 7 | Γ£ô | | |

+| Debian 10 | Γ£ô | | |

+| Ubuntu 18 | Γ£ô | | |

+| Ubuntu 20 | Γ£ô | | |

+| Red Hat Enterprise Linux Server 7 | Γ£ô | | |

+| Red Hat Enterprise Linux Server 8 | Γ£ô | | |

+ :::image type="content" source="media/azure-monitor-agent-overview/proxy-flowchart.png" lightbox="media/azure-monitor-agent-overview/proxy-flowchart.png" alt-text="Diagram that shows a flowchart to determine the values of settings and protectedSettings parameters when you enable the extension.":::

+ :::image type="content" source="media/azure-monitor-agent-install/built-in-ama-dcr-initiatives.png" lightbox="media/azure-monitor-agent-install/built-in-ama-dcr-initiatives.png" alt-text="Partial screenshot from the Azure Policy Definitions page that shows two built-in policy initiatives for configuring Azure Monitor Agent.":::

+ :::image type="content" source="media/azure-monitor-agent-windows-client/azure-monitor-agent-client-installer-portal.png" lightbox="media/azure-monitor-agent-windows-client/azure-monitor-agent-client-installer-portal.png" alt-text="Diagram shows download agent link on Azure portal.":::

+ :::image type="content" source="../../sentinel/media/forward-syslog-monitor-agent/create-data-collection-rule.png" lightbox="../../sentinel/media/forward-syslog-monitor-agent/create-data-collection-rule.png" alt-text="Screenshot that shows the Data Collection Rules pane with the Create option selected.":::

+ :::image type="content" source="../../sentinel/media/forward-syslog-monitor-agent/create-rule-scope.png" lightbox="../../sentinel/media/forward-syslog-monitor-agent/create-rule-scope.png" alt-text="Screenshot that shows the page to select the scope for the data collection rule. ":::

+ :::image type="content" source="../../sentinel/media/forward-syslog-monitor-agent/create-rule-data-source.png" lightbox="../../sentinel/media/forward-syslog-monitor-agent/create-rule-data-source.png" alt-text="Screenshot that shows the page to select the data source type and minimum log level.":::

+ :::image type="content" source="../../sentinel/media/forward-syslog-monitor-agent/create-rule-add-destination.png" lightbox="../../sentinel/media/forward-syslog-monitor-agent/create-rule-add-destination.png" alt-text="Screenshot that shows the Destination tab with the Add destination option selected.":::

+3. Run the Troubleshooter: sudo sh ama_troubleshooter.sh -A

+To create a zip file use this command when running the troubleshooter: sudo sh ama_troubleshooter.sh -A L. You'll be asked for a file location to create the zip file.

+- [GitHub or Azure DevOps integration](release-and-work-item-insights.md?tabs=work-item-integration): Create [GitHub](/training/paths/github-administration-products/) or [Azure DevOps](/azure/devops/) work items in the context of Application Insights data.

+* [Create release annotations](release-and-work-item-insights.md?tabs=release-annotations).

+ Title: Release and work item insights for Application Insights

+description: Learn how to set up continuous monitoring of your release pipeline, create work items in GitHub or Azure DevOps, and track deployment or other significant events.

+# Release and work item insights

+Release and work item insights are crucial for optimizing the software development lifecycle. As applications evolve, it's vital to monitor each release and its work items closely. These insights highlight performance bottlenecks and let teams address issues proactively, ensuring smooth deployment and user experience. They equip developers and stakeholders to make decisions, adjust processes, and deliver high-quality software.

+## [Continuous monitoring](#tab/continuous-monitoring)

+Azure Pipelines integrates with Application Insights to allow continuous monitoring of your Azure DevOps release pipeline throughout the software development lifecycle.

+With continuous monitoring, release pipelines can incorporate monitoring data from Application Insights and other Azure resources. When the release pipeline detects an Application Insights alert, the pipeline can gate or roll back the deployment until the alert is resolved. If all checks pass, deployments can proceed automatically from test all the way to production, without the need for manual intervention.

+## Configure continuous monitoring

+1. In [Azure DevOps](https://dev.azure.com), select an organization and project.

+1. On the left menu of the project page, select **Pipelines** > **Releases**.

+1. Select the dropdown arrow next to **New** and select **New release pipeline**. Or, if you don't have a pipeline yet, select **New pipeline** on the page that appears.

+1. On the **Select a template** pane, search for and select **Azure App Service deployment with continuous monitoring**, and then select **Apply**.

+ :::image type="content" source="media/release-and-work-item-insights/001.png" lightbox="media/release-and-work-item-insights/001.png" alt-text="Screenshot that shows a new Azure Pipelines release pipeline.":::

+1. In the **Stage 1** box, select the hyperlink to **View stage tasks.**

+ :::image type="content" source="media/release-and-work-item-insights/002.png" lightbox="media/release-and-work-item-insights/002.png" alt-text="Screenshot that shows View stage tasks.":::

+1. In the **Stage 1** configuration pane, fill in the following fields:

+ | Parameter | Value |

+ | - |:--|

+ | **Stage name** | Provide a stage name or leave it at **Stage 1**. |

+ | **Azure subscription** | Select the dropdown arrow and select the linked Azure subscription you want to use.|

+ | **App type** | Select the dropdown arrow and select your app type. |

+ | **App Service name** | Enter the name of your Azure App Service. |

+ | **Resource Group name for Application Insights** | Select the dropdown arrow and select the resource group you want to use. |

+ | **Application Insights resource name** | Select the dropdown arrow and select the Application Insights resource for the resource group you selected.

+1. To save the pipeline with default alert rule settings, select **Save** in the upper-right corner of the Azure DevOps window. Enter a descriptive comment and select **OK**.

+## Modify alert rules

+Out of the box, the **Azure App Service deployment with continuous monitoring** template has four alert rules: **Availability**, **Failed requests**, **Server response time**, and **Server exceptions**. You can add more rules or change the rule settings to meet your service level needs.

+To modify alert rule settings:

+In the left pane of the release pipeline page, select **Configure Application Insights Alerts**.

+The four default alert rules are created via an Inline script:

+```azurecli

+$subscription = az account show --query "id";$subscription.Trim("`"");$resource="/subscriptions/$subscription/resourcegroups/"+"$(Parameters.AppInsightsResourceGroupName)"+"/providers/microsoft.insights/components/" + "$(Parameters.ApplicationInsightsResourceName)";

+az monitor metrics alert create -n 'Availability_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'avg availabilityResults/availabilityPercentage < 99' --description "created from Azure DevOps";

+az monitor metrics alert create -n 'FailedRequests_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'count requests/failed > 5' --description "created from Azure DevOps";

+az monitor metrics alert create -n 'ServerResponseTime_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'avg requests/duration > 5' --description "created from Azure DevOps";

+az monitor metrics alert create -n 'ServerExceptions_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'count exceptions/server > 5' --description "created from Azure DevOps";

+```

+You can modify the script and add more alert rules. You can also modify the alert conditions. And you can remove alert rules that don't make sense for your deployment purposes.

+## Add deployment conditions

+When you add deployment gates to your release pipeline, an alert that exceeds the thresholds you set prevents unwanted release promotion. After you resolve the alert, the deployment can proceed automatically.

+To add deployment gates:

+1. On the main pipeline page, under **Stages**, select the **Pre-deployment conditions** or **Post-deployment conditions** symbol, depending on which stage needs a continuous monitoring gate.

+ :::image type="content" source="media/release-and-work-item-insights/004.png" lightbox="media/release-and-work-item-insights/004.png" alt-text="Screenshot that shows Pre-deployment conditions.":::

+1. In the **Pre-deployment conditions** configuration pane, set **Gates** to **Enabled**.

+1. Next to **Deployment gates**, select **Add**.

+1. Select **Query Azure Monitor alerts** from the dropdown menu. This option lets you access both Azure Monitor and Application Insights alerts.

+ :::image type="content" source="media/release-and-work-item-insights/005.png" lightbox="media/release-and-work-item-insights/005.png" alt-text="Screenshot that shows Query Azure Monitor alerts.":::

+1. Under **Evaluation options**, enter the values you want for settings like **The time between re-evaluation of gates** and **The timeout after which gates fail**.

+## View release logs

+You can see deployment gate behavior and other release steps in the release logs. To open the logs:

+1. Select **Releases** from the left menu of the pipeline page.

+1. Select any release.

+1. Under **Stages**, select any stage to view a release summary.

+1. To view logs, select **View logs** in the release summary, select the **Succeeded** or **Failed** hyperlink in any stage, or hover over any stage and select **Logs**.

+ :::image type="content" source="media/release-and-work-item-insights/006.png" lightbox="media/release-and-work-item-insights/006.png" alt-text="Screenshot that shows viewing release logs.":::

+## [Release annotations](#tab/release-annotations)

+Annotations show where you deployed a new build or other significant events. Annotations make it easy to see whether your changes had any effect on your application's performance. They can be automatically created by the [Azure Pipelines](/azure/devops/pipelines/tasks/) build system. You can also create annotations to flag any event you want by creating them from PowerShell.

+## Release annotations with Azure Pipelines build

+Release annotations are a feature of the cloud-based Azure Pipelines service of Azure DevOps.

+If all the following criteria are met, the deployment task creates the release annotation automatically:

+- The resource to which you're deploying is linked to Application Insights via the `APPINSIGHTS_INSTRUMENTATIONKEY` app setting.

+- The Application Insights resource is in the same subscription as the resource to which you're deploying.

+- You're using one of the following Azure DevOps pipeline tasks:

+ | Task code | Task name | Versions |

+ ||-|--|

+ | AzureAppServiceSettings | Azure App Service Settings | Any |

+ | AzureRmWebAppDeployment | Azure App Service deploy | V3 and above |

+ | AzureFunctionApp | Azure Functions | Any |

+ | AzureFunctionAppContainer | Azure Functions for container | Any |

+ | AzureWebAppContainer | Azure Web App for Containers | Any |

+ | AzureWebApp | Azure Web App | Any |

+> [!NOTE]

+> If you're still using the Application Insights annotation deployment task, you should delete it.

+### Configure release annotations

+If you can't use one of the deployment tasks in the previous section, you need to add an inline script task in your deployment pipeline.

+1. Go to a new or existing pipeline and select a task.

+ :::image type="content" source="./media/release-and-work-item-insights/task.png" alt-text="Screenshot that shows a task selected under Stages." lightbox="./media/release-and-work-item-insights/task.png":::

+1. Add a new task and select **Azure CLI**.

+ :::image type="content" source="./media/release-and-work-item-insights/add-azure-cli.png" alt-text="Screenshot that shows adding a new task and selecting Azure CLI." lightbox="./media/release-and-work-item-insights/add-azure-cli.png":::

+1. Specify the relevant Azure subscription. Change **Script Type** to **PowerShell** and **Script Location** to **Inline**.

+1. Add the [PowerShell script from step 2 in the next section](#create-release-annotations-with-the-azure-cli) to **Inline Script**.

+1. Add the following arguments. Replace the angle-bracketed placeholders with your values to **Script Arguments**. The `-releaseProperties` are optional.

+ ```powershell

+ -aiResourceId "<aiResourceId>" `

+ -releaseName "<releaseName>" `

+ -releaseProperties @{"ReleaseDescription"="<a description>";

+ "TriggerBy"="<Your name>" }

+ ```

+ :::image type="content" source="./media/release-and-work-item-insights/inline-script.png" alt-text="Screenshot of Azure CLI task settings with Script Type, Script Location, Inline Script, and Script Arguments highlighted." lightbox="./media/release-and-work-item-insights/inline-script.png":::

+ The following example shows metadata you can set in the optional `releaseProperties` argument by using [build](/azure/devops/pipelines/build/variables#build-variables-devops-services) and [release](/azure/devops/pipelines/release/variables#default-variablesrelease) variables.

+ ```powershell

+ -releaseProperties @{

+ "BuildNumber"="$(Build.BuildNumber)";

+ "BuildRepositoryName"="$(Build.Repository.Name)";

+ "BuildRepositoryProvider"="$(Build.Repository.Provider)";

+ "ReleaseDefinitionName"="$(Build.DefinitionName)";

+ "ReleaseDescription"="Triggered by $(Build.DefinitionName) $(Build.BuildNumber)";

+ "ReleaseEnvironmentName"="$(Release.EnvironmentName)";

+ "ReleaseId"="$(Release.ReleaseId)";

+ "ReleaseName"="$(Release.ReleaseName)";

+ "ReleaseRequestedFor"="$(Release.RequestedFor)";

+ "ReleaseWebUrl"="$(Release.ReleaseWebUrl)";

+ "SourceBranch"="$(Build.SourceBranch)";

+ "TeamFoundationCollectionUri"="$(System.TeamFoundationCollectionUri)" }

+ ```

+1. Select **Save**.

+## Create release annotations with the Azure CLI

+You can use the `CreateReleaseAnnotation` PowerShell script to create annotations from any process you want without using Azure DevOps.

+1. Sign in to the [Azure CLI](/cli/azure/authenticate-azure-cli).

+1. Make a local copy of the following script and call it `CreateReleaseAnnotation.ps1`.

+ ```powershell

+ param(

+ [parameter(Mandatory = $true)][string]$aiResourceId,

+ [parameter(Mandatory = $true)][string]$releaseName,

+ [parameter(Mandatory = $false)]$releaseProperties = @()

+ )

+

+ $annotation = @{

+ Id = [GUID]::NewGuid();

+ AnnotationName = $releaseName;

+ EventTime = (Get-Date).ToUniversalTime().GetDateTimeFormats("s")[0];

+ Category = "Deployment"; #Application Insights only displays annotations from the "Deployment" Category

+ Properties = ConvertTo-Json $releaseProperties -Compress

+ }

+

+ $body = (ConvertTo-Json $annotation -Compress) -replace '(\\+)"', '$1$1"' -replace "`"", "`"`""

+ az rest --method put --uri "$($aiResourceId)/Annotations?api-version=2015-05-01" --body "$($body) "

+ # Use the following command for Linux Azure DevOps Hosts or other PowerShell scenarios

+ # Invoke-AzRestMethod -Path "$aiResourceId/Annotations?api-version=2015-05-01" -Method PUT -Payload $body

+ ```

+ > [!NOTE]

+ > Your annotations must have **Category** set to **Deployment** to appear in the Azure portal.

+1. Call the PowerShell script with the following code. Replace the angle-bracketed placeholders with your values. The `-releaseProperties` are optional.

+ ```powershell

+ .\CreateReleaseAnnotation.ps1 `

+ -aiResourceId "<aiResourceId>" `

+ -releaseName "<releaseName>" `

+ -releaseProperties @{"ReleaseDescription"="<a description>";

+ "TriggerBy"="<Your name>" }

+ ```

+ |Argument | Definition | Note|

+ |--|--|--|

+ |`aiResourceId` | The resource ID to the target Application Insights resource. | Example:<br> /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyRGName/providers/microsoft.insights/components/MyResourceName|

+ |`releaseName` | The name to give the created release annotation. | |

+ |`releaseProperties` | Used to attach custom metadata to the annotation. | Optional|

+

+## View annotations

+> [!NOTE]

+> Release annotations aren't currently available in the **Metrics** pane of Application Insights.

+Whenever you use the release template to deploy a new release, an annotation is sent to Application Insights. You can view annotations in the following locations:

+- **Performance:**

+ :::image type="content" source="./media/release-and-work-item-insights/performance.png" alt-text="Screenshot that shows the Performance tab with a release annotation selected to show the Release Properties tab." lightbox="./media/release-and-work-item-insights/performance.png":::

+- **Failures:**

+ :::image type="content" source="./media/release-and-work-item-insights/failures.png" alt-text="Screenshot that shows the Failures tab with a release annotation selected to show the Release Properties tab." lightbox="./media/release-and-work-item-insights/failures.png":::

+- **Usage:**

+ :::image type="content" source="./media/release-and-work-item-insights/usage-pane.png" alt-text="Screenshot that shows the Users tab bar with release annotations selected. Release annotations appear as blue arrows above the chart indicating the moment in time that a release occurred." lightbox="./media/release-and-work-item-insights/usage-pane.png":::

+- **Workbooks:**

+ In any log-based workbook query where the visualization displays time along the x-axis:

+

+ :::image type="content" source="./media/release-and-work-item-insights/workbooks-annotations.png" alt-text="Screenshot that shows the Workbooks pane with a time series log-based query with annotations displayed." lightbox="./media/release-and-work-item-insights/workbooks-annotations.png":::

+

+To enable annotations in your workbook, go to **Advanced Settings** and select **Show annotations**.

+

+Select any annotation marker to open details about the release, including requestor, source control branch, release pipeline, and environment.

+## Release annotations by using API keys

+Release annotations are a feature of the cloud-based Azure Pipelines service of Azure DevOps.

+> [!IMPORTANT]

+> Annotations using API keys is deprecated. We recommend using the [Azure CLI](#create-release-annotations-with-the-azure-cli) instead.

+### Install the annotations extension (one time)

+To create release annotations, install one of the many Azure DevOps extensions available in Visual Studio Marketplace.

+1. Sign in to your [Azure DevOps](https://azure.microsoft.com/services/devops/) project.

+1. On the **Visual Studio Marketplace** [Release Annotations extension](https://marketplace.visualstudio.com/items/ms-appinsights.appinsightsreleaseannotations) page, select your Azure DevOps organization. Select **Install** to add the extension to your Azure DevOps organization.

+ :::image type="content" source="./media/release-and-work-item-insights/1-install.png" lightbox="./media/release-and-work-item-insights/1-install.png" alt-text="Screenshot that shows selecting an Azure DevOps organization and selecting Install.":::

+You only need to install the extension once for your Azure DevOps organization. You can now configure release annotations for any project in your organization.

+### Configure release annotations by using API keys

+Create a separate API key for each of your Azure Pipelines release templates.

+1. Sign in to the [Azure portal](https://portal.azure.com) and open the Application Insights resource that monitors your application. Or if you don't have one, [create a new Application Insights resource](create-workspace-resource.md).

+1. Open the **API Access** tab and copy the **Application Insights ID**.

+ :::image type="content" source="./media/release-and-work-item-insights/2-app-id.png" lightbox="./media/release-and-work-item-insights/2-app-id.png" alt-text="Screenshot that shows under API Access, copying the Application ID.":::

+1. In a separate browser window, open or create the release template that manages your Azure Pipelines deployments.

+1. Select **Add task** and then select the **Application Insights Release Annotation** task from the menu.

+

+ :::image type="content" source="./media/release-and-work-item-insights/3-add-task.png" lightbox="./media/release-and-work-item-insights/3-add-task.png" alt-text="Screenshot that shows selecting Add Task and Application Insights Release Annotation.":::

+ > [!NOTE]

+ > The Release Annotation task currently supports only Windows-based agents. It won't run on Linux, macOS, or other types of agents.

+1. Under **Application ID**, paste the Application Insights ID you copied from the **API Access** tab.

+ :::image type="content" source="./media/release-and-work-item-insights/4-paste-app-id.png" lightbox="./media/release-and-work-item-insights/4-paste-app-id.png" alt-text="Screenshot that shows pasting the Application Insights ID.":::

+1. Back in the Application Insights **API Access** window, select **Create API Key**.

+ :::image type="content" source="./media/release-and-work-item-insights/5-create-api-key.png" lightbox="./media/release-and-work-item-insights/5-create-api-key.png" alt-text="Screenshot that shows selecting the Create API Key on the API Access tab.":::

+1. In the **Create API key** window, enter a description, select **Write annotations**, and then select **Generate key**. Copy the new key.

+ :::image type="content" source="./media/release-and-work-item-insights/6-create-api-key.png" lightbox="./media/release-and-work-item-insights/6-create-api-key.png" alt-text="Screenshot that shows in the Create API key window, entering a description, selecting Write annotations, and then selecting the Generate key.":::

+1. In the release template window, on the **Variables** tab, select **Add** to create a variable definition for the new API key.

+1. Under **Name**, enter **ApiKey**. Under **Value**, paste the API key you copied from the **API Access** tab.

+ :::image type="content" source="./media/release-and-work-item-insights/7-paste-api-key.png" lightbox="./media/release-and-work-item-insights/7-paste-api-key.png" alt-text="Screenshot that shows in the Azure DevOps Variables tab, selecting Add, naming the variable ApiKey, and pasting the API key under Value.":::

+1. Select **Save** in the main release template window to save the template.

+ > [!NOTE]

+ > Limits for API keys are described in the [REST API rate limits documentation](/rest/api/yammer/rest-api-rate-limits).

+### Transition to the new release annotation

+To use the new release annotations:

+1. [Remove the Release Annotations extension](/azure/devops/marketplace/uninstall-disable-extensions).

+1. Remove the Application Insights Release Annotation task in your Azure Pipelines deployment.

+1. Create new release annotations with [Azure Pipelines](#release-annotations-with-azure-pipelines-build) or the [Azure CLI](#create-release-annotations-with-the-azure-cli).

+## [Work item integration](#tab/work-item-integration)

+Work item integration functionality allows you to easily create work items in GitHub or Azure DevOps that have relevant Application Insights data embedded in them.

+The new work item integration offers the following features over [classic](#classic-work-item-integration):

+- Advanced fields like assignee, projects, or milestones.

+- Repo icons so you can differentiate between GitHub & Azure DevOps workbooks.

+- Multiple configurations for any number of repositories or work items.

+- Deployment through Azure Resource Manager templates.

+- Pre-built & customizable Keyword Query Language (KQL) queries to add Application Insights data to your work items.

+- Customizable workbook templates.

+## Create and configure a work item template

+1. To create a work item template, go to your Application Insights resource and on the left under *Configure* select **Work Items** then at the top select **Create a new template**

+ :::image type="content" source="./media/release-and-work-item-insights/create-work-item-template.png" alt-text=" Screenshot of the Work Items tab with create a new template selected." lightbox="./media/release-and-work-item-insights/create-work-item-template.png":::

+ You can also create a work item template from the end-to-end transaction details tab, if no template currently exists. Select an event and on the right select **Create a work item**, then **Start with a workbook template**.

+ :::image type="content" source="./media/release-and-work-item-insights/create-template-from-transaction-details.png" alt-text=" Screenshot of end-to-end transaction details tab with create a work item, start with a workbook template selected." lightbox="./media/release-and-work-item-insights/create-template-from-transaction-details.png":::

+2. After you select **create a new template**, you can choose your tracking systems, name your workbook, link to your selected tracking system, and choose a region to storage the template (the default is the region your Application Insights resource is located in). The URL parameters are the default URL for your repository, for example, `https://github.com/myusername/reponame` or `https://mydevops.visualstudio.com/myproject`.

+ :::image type="content" source="./media/release-and-work-item-insights/create-workbook.png" alt-text=" Screenshot of create a new work item workbook template.":::

+ You can set specific work item properties directly from the template itself. This includes the assignee, iteration path, projects, & more depending on your version control provider.

+## Create a work item

+ You can access your new template from any End-to-end transaction details that you can access from Performance, Failures, Availability, or other tabs.

+1. To create a work item go to End-to-end transaction details, select an event then select **Create work item** and choose your work item template.

+ :::image type="content" source="./media/release-and-work-item-insights/create-work-item.png" alt-text=" Screenshot of end to end transaction details tab with create work item selected." lightbox="./media/release-and-work-item-insights/create-work-item.png":::

+1. A new tab in your browser will open up to your select tracking system. In Azure DevOps you can create a bug or task, and in GitHub you can create a new issue in your repository. A new work item is automatically create with contextual information provided by Application Insights.

+ :::image type="content" source="./media/release-and-work-item-insights/github-work-item.png" alt-text=" Screenshot of automatically created GitHub issue." lightbox="./media/release-and-work-item-insights/github-work-item.png":::

+ :::image type="content" source="./media/release-and-work-item-insights/azure-devops-work-item.png" alt-text=" Screenshot of automatically create bug in Azure DevOps." lightbox="./media/release-and-work-item-insights/azure-devops-work-item.png":::

+## Edit a template

+To edit your template, go to the **Work Items** tab under *Configure* and select the pencil icon next to the workbook you would like to update.

+Select edit :::image type="icon" source="./media/release-and-work-item-insights/edit-icon.png"::: in the top toolbar.

+You can create more than one work item configuration and have a custom workbook to meet each scenario. The workbooks can also be deployed by Azure Resource Manager ensuring standard implementations across your environments.

+## Classic work item integration

+1. In your Application Insights resource under *Configure* select **Work Items**.

+1. Select **Switch to Classic**, fill out the fields with your information, and authorize.

+ :::image type="content" source="./media/release-and-work-item-insights/classic.png" alt-text=" Screenshot of how to configure classic work items." lightbox="./media/release-and-work-item-insights/classic.png":::

+1. Create a work item by going to the end-to-end transaction details, select an event then select **Create work item (Classic)**.

+### Migrate to new work item integration

+To migrate, delete your classic work item configuration then [create and configure a work item template](#create-and-configure-a-work-item-template) to recreate your integration.

+To delete, go to in your Application Insights resource under *Configure* select **Work Items** then select **Switch to Classic** and **Delete* at the top.

+## See also

+* [Azure Pipelines documentation](/azure/devops/pipelines)

+* [Create work items](./diagnostic-search.md#create-work-item)

+* [Automation with PowerShell](./powershell.md)

+* [Availability test](availability-overview.md)

+If you use Azure DevOps, you can [get an annotation marker](./release-and-work-item-insights.md?tabs=release-annotations) added to your charts whenever you release a new version.

+- Any integration that relies on API keys, such as [release annotations](./release-and-work-item-insights.md?tabs=release-annotations) and [live metrics secure control channel](./live-stream.md#secure-the-control-channel). You need to generate new API keys and update the associated integration.

+- Use [annotations](../app/release-and-work-item-insights.md?tabs=release-annotations) to identify when a new build is deployed so that you can visually inspect any change in performance after the update.

+The following example is a DCR for data from the Logs Ingestion API that sends data to both the `Syslog` table and a custom table with the data in a different format. This DCR requires a separate `dataFlow` for each with a different `transformKql` and `OutputStream` for each. When using custom tables, it is important to ensure that the schema of the destination (your custom table) contains the custom columns ([how-to add or delete custom columns](../logs/create-custom-table.md#add-or-delete-a-custom-column)) that match the schema of the records you are sending. For instance, if your record has a field called SyslogMessage, but the destination custom table only has TimeGenerated and RawData, youΓÇÖll receive an event in the custom table with only the TimeGenerated field populated and the RawData field will be empty. The SyslogMessage field will be dropped because the schema of the destination table doesnΓÇÖt contain a string field called SyslogMessage.

+## Permissions required

+| Action | Permissions required |

+|:|:|

+| Create a computer group from a log query. | `microsoft.operationalinsights/workspaces/savedSearches/write` permissions to the Log Analytics workspace where you want to create the computer group, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example. |

+| Run a computer group's log search or use a computer group in a log query. | `Microsoft.OperationalInsights/workspaces/query/*/read` permissions to the Log Analytics workspaces you query, as provided by the [Log Analytics Reader built-in role](./manage-access.md#log-analytics-reader), for example. |

+| Delete a computer group. | `microsoft.operationalinsights/workspaces/savedSearches/delete` permissions to the Log Analytics workspace where the computer group is saved, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example. |

+## Permissions required

+- You must have `Microsoft.OperationalInsights/workspaces/query/*/read` permissions to the Log Analytics workspaces you query, as provided by the [Log Analytics Reader built-in role](./manage-access.md#log-analytics-reader), for example.

+- To save a query, you must have `microsoft.operationalinsights/querypacks/queries/action` permisisons to the query pack where you want to save the query, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example.

+* References to a cross resource, such as another workspace, should be explicit and can't be parameterized. See [Gather identifiers for Log Analytics workspaces](?tabs=workspace-identifier#gather-identifiers-for-log-analytics-workspaces-and-application-insights-resources) for examples.

+## Gather identifiers for Log Analytics workspaces and Application Insights resources

+### [Workspace identifier](#tab/workspace-identifier)

+### [App identifier](#tab/app-identifier)

+## Query across Log Analytics workspaces and from Application Insights

+Follow the instructions in this section to query without using a function or by using a function.

+### Query without using a function

+For more information on the union, where, and summarize operators, see [union operator](/azure/data-explorer/kusto/query/unionoperator), [where operator](/azure/data-explorer/kusto/query/summarizeoperator), and [summarize operator](/azure/data-explorer/kusto/query/summarizeoperator).

+### Query by using a function

+You need your subscription ID, resource group name, workspace name, workspace resource ID, and event hub instance resource ID in subsequent steps:

+1. Navigate to your event hub instance, select **JSON** to open the **Resource JSON** screen, and copy the event hub instance's **Resource ID**. You'll need the event hub instance's resource ID to associate the data collection rule with the event hub.

+ - **Event Hub Instance Resource ID** - See [Collect required information](#collect-required-information).

+After data sources are connected to the target workspace, ingested data is stored in the target workspace. Older data stays in the original workspace and is subject to the retention policy. You can perform a [cross-workspace query](./cross-workspace-query.md). If both workspaces were assigned the same name, use a qualified name (*subscriptionName/resourceGroup/componentName*) in the workspace reference.

+While new data is being ingested to your new workspace, older data in the original workspace remains available for query and is subject to the retention policy defined in the workspace. We recommend that you keep the original workspace for as long as you need older data to [query across](./cross-workspace-query.md) workspaces.

+> - Cross workspace queries having an explicit identifier: workspace ID, or workspace Azure Resource ID, consume less resources and are more performant. See [Gather identifiers for Log Analytics workspaces](./cross-workspace-query.md?tabs=workspace-identifier#gather-identifiers-for-log-analytics-workspaces-and-application-insights-resources)

+|Azure DevOps and GitHub | Azure Monitor Application Insights gives you the ability to create [Work Item Integration](app/release-and-work-item-insights.md?tabs=work-item-integration) with monitoring data embedding in it. Additional options include [release annotations](app/release-and-work-item-insights.md?tabs=release-annotations) and [continuous monitoring](app/release-and-work-item-insights.md?tabs=continuous-monitoring). |

+In addition to those general limits, the following limits apply to DNS operations:

+| DNS Zone Operation | Limit (per zone) |

+| | -- |

+| Create or Update | 40 per minute |

+| Delete | 40 per minute |

+| Get | 1000 per minute |

+| List | 60 per minute |

+| List By Resource Group | 60 per minute |

+| Update | 40 per minute |

+| DNS Record Set Operation | Limit (per zone) |

+| | -- |

+| Create or Update | 200 per minute |

+| Delete | 200 per minute |

+| Get | 1000 per minute |

+| List By DNS Zone | 60 per minute |

+| List By Type | 60 per minute |

+| Update | 200 per minute |

+The simplest way to create a reliable client is to use Client SDK. Client SDK implements [Web PubSub client specification](./reference-client-specification.md) and uses `json.reliable.webpubsub.azure.v1` by default. Please refer to [Publish/subscribe among clients](./quickstarts-pubsub-among-clients.md) for quick start.

+Azure Web PubSub does not store any customer data. If you use Azure Web PubSub service together with other Azure services, like Azure Storage for diagnostics, see [Azure Privacy Overview (white paper)](https://go.microsoft.com/fwlink/p/?linkid=2220836) for guidance about how to keep data residency in Azure regions.

+ Title: Call external service endpoints from workflows

+description: Send outbound HTTP or HTTPS requests to service endpoints from workflows in Azure Logic Apps.

+# Call external service endpoints over HTTP or HTTPS from workflows in Azure Logic Apps

+This how-to guide shows create a logic app workflow that can send outbound requests to endpoints on other services and systems over HTTP or HTTPS. To receive and respond to inbound HTTPS calls instead, use the built-in [Request trigger and Response action](../connectors/connectors-native-reqres.md).

+* The logic app workflow from where you want to call the target endpoint. To start with the HTTP trigger, you have to start with a blank workflow. To use the HTTP action, start your workflow with any trigger that you want. This example uses the HTTP trigger as the first step.

+1. In the [Azure portal](https://portal.azure.com), open your logic app and blank workflow in the designer.

+1. [Follow these general steps to add the built-in trigger named **HTTP** to your workflow](../logic-apps/create-workflow-with-trigger-or-action.md?tabs=consumption#add-trigger).

+ This example renames the trigger to **HTTP trigger** so that the trigger has a more descriptive name. Also, the example later adds an HTTP action, and both names must be unique.

+1. Continue building your workflow with actions that run when the trigger fires.

+1. When you're done, remember to save your workflow. On the designer toolbar, select **Save**.

+1. In the [Azure portal](https://portal.azure.com), open your logic app and workflow in the designer.

+ This example uses the HTTP trigger added in the previous section as the first step.

+1. [Follow these general steps to add the built-in action named **HTTP** to your workflow](../logic-apps/create-workflow-with-trigger-or-action.md?tabs=consumption#add-action).

+ This example renames the action to **HTTP action** so that the step has a more descriptive name. Operation names in your workflow must be unique.

+1. When you're done, remember to save your workflow. On the designer toolbar, select **Save**.

+ Title: Receive and respond to inbound HTTPS calls

+description: Receive and respond to inbound HTTPS requests received by workflows in Azure Logic Apps.

+# Receive and respond to inbound HTTPS calls to workflows in Azure Logic Apps

+This how-to guide shows create a logic app workflow that can receive and handle an inbound HTTPS request or call from another service using the Request built-in trigger. When your workflow uses this trigger, you can then respond to the HTTPS request by using the Response built-in action.

+On the **Deployment settings** page of **Integration runtime setup** pane, select the **Create SSIS catalog (SSISDB) hosted by Azure SQL Database server/Managed Instance to store your projects/packages/environments/execution logs** check box in below scenarios:

+ - Project Deployment Model. You deploy your packages into SSISDB.

+ - Regardless of deployment model, using SQL Server Agent hosted by Azure SQL Managed Instance to orchestrate/schedule your package executions.

+

+ For more information, see [Schedule SSIS package executions via Azure SQL Managed Instance Agent](./how-to-invoke-ssis-package-managed-instance-agent.md).

+In below scenario, there is no need to create SSISDB nor select the check box:

+ - Package Deployment Model and not using SQL Server Agent hosted by Azure SQL Managed Instance to orchestrate/schedule your package execution.

+

+ You deploy your packages into file system, Azure Files, or SQL Server database (MSDB) hosted by Azure SQL Managed Instance (Package Deployment Model), and use Data Factory pipeline to orchestrate/schedule your package executions.

+If you would like to evaluate Defender for IoT, you can use a trial license:

+- **For Enterprise IoT networks**, use a 30-day trial to view alerts, recommendations, and vulnerabilities in Microsoft 365. An Enterprise IoT trial is not limited to a specific number of devices. For more information, see [Enable Enterprise IoT security with Defender for Endpoint](eiot-defender-for-endpoint.md).

+### Access an environment

+

+### Deploy an environment

+```azurecli

+az devcenter dev environment deploy-action --action-id "deploy" --dev-center-name <devcenter-name> \

+ -g <resource-group-name> --project-name <project-name> --environment-name <environment-name> --parameters <parameters-json-string>

+```

+### Delete an environment

+```azurecli

+az devcenter dev environment delete --dev-center-name <devcenter-name> --project-name <project-name> --environment-name <environment-name> --user-id "me"

+```

+In Azure Deployment Environments, a platform engineer gives developers access to projects and the environment types that are associated with them. After a developer has access, they can create deployment environments based on the preconfigured environment types. The permissions that the creator of the environment and the rest of team have to access the environment's resources are defined in the specific environment type.

+The Azure CLI provides a command-line interface for speed and efficiency when you create multiple similar environments, or for platforms where resources like memory are limited. You can use the `devcenter` Azure CLI extension to create, list, deploy, or delete an environment.

+To learn how to manage your environments by using the CLI, see [Create and access an environment by using the Azure CLI](how-to-create-access-environments.md).

+For reference documentation on the `devcenter` Azure CLI extension, see [az devcenter](https://aka.ms/CLI-reference).

+## Related content

+- [Create and configure a dev center for Azure Deployment Environments by using the Azure CLI](how-to-create-configure-dev-center.md)

+- [Create and configure a project by using the Azure CLI](how-to-create-configure-projects.md)

+ Title: Create callable or nestable workflows

+description: Set up HTTPS endpoints to call, trigger, or nest workflows in Azure Logic Apps.

+# Create workflows that you can call, trigger, or nest using HTTPS endpoints in Azure Logic Apps

+Some scenarios might require that you create a workflow that you can call through a URL or that can receive and inbound requests from other services or workflows. For this task, you can natively expose a synchronous HTTPS endpoint for your workflow by using any of the following request-based trigger types:

+This how-to guide shows how to create a callable endpoint for your workflow by using the Request trigger and call that endpoint from another workflow. All principles identically apply to the other request-based trigger types that can receive inbound requests.

+For information about security, authorization, and encryption for inbound calls to your workflow, such as [Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security), previously known as Secure Sockets Layer (SSL), [Azure Active Directory Open Authentication (Azure AD OAuth)](../active-directory/develop/index.yml), exposing your logic app with Azure API Management, or restricting the IP addresses that originate inbound calls, see [Secure access and data - Access for inbound calls to request-based triggers](logic-apps-securing-a-logic-app.md#secure-inbound-requests).

+* An Azure account and subscription. If you don't have a subscription, [sign up for a free Azure account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

+* The logic app workflow where you want to use the trigger to create the callable endpoint. You can start with either a blank workflow or an existing logic app workflow where you can replace the current trigger. This example starts with a blank workflow. If you're new to logic apps, see [What is Azure Logic Apps](../logic-apps/logic-apps-overview.md) and [Create an example Consumption logic app workflow in multi-tenant Azure Logic Apps](../logic-apps/quickstart-create-example-consumption-workflow.md).

+1. [Follow these general steps to add the **Request** trigger named **When a HTTP request is received**](create-workflow-with-trigger-or-action.md?tabs=consumption#add-trigger).

+1. Save your workflow.

+ If you save the workflow, navigate away from the designer, and return to the designer, the token shows the parameter name that you specified, for example:

+1. Save your workflow.

+## Call workflow through endpoint URL

+After you create the endpoint, you can trigger the workflow by sending an HTTPS request to the endpoint's full URL. Logic app workflows have built-in support for direct-access endpoints.

+When you provide a JSON schema in the Request trigger, the workflow designer generates tokens for the properties in that schema. You can then use those tokens for passing data through your workflow.

+For example, if you add more properties, such as `"suite"`, to your JSON schema, tokens for those properties are available for you to use in the later steps for your workflow. Here is the complete JSON schema:

+## Create nested workflows

+ The designer shows the eligible workflows for you to select.

+1. Select the workflow to call from your current workflow.

+ 

+Sometimes you want to respond to certain requests that trigger your workflow by returning content to the caller. To construct the status code, header, and body for your response, use the Response action. This action can appear anywhere in your workflow, not just at the end of your workflow. If your workflow doesn't include a Response action, the endpoint responds *immediately* with the **202 Accepted** status.

+For the original caller to successfully get the response, all the required steps for the response must finish within the [request timeout limit](./logic-apps-limits-and-config.md) unless the triggered workflow is called as a nested workflow. If no response is returned within this limit, the incoming request times out and receives the **408 Client timeout** response.

+For nested workflows, the parent workflow continues to wait for a response until all the steps are completed, regardless of how much time is required.

+To view the JSON definition for the Response action and your workflow's complete JSON definition, on the designer toolbar, select **Code view**.

+**A**: Azure securely generates logic app callback URLs by using [Shared Access Signature (SAS)](/rest/api/storageservices/delegate-access-with-shared-access-signature). This signature passes through as a query parameter and must be validated before your workflow can run. Azure generates the signature using a unique combination of a secret key per logic app, the trigger name, and the operation that's performed. So unless someone has access to the secret logic app key, they cannot generate a valid signature.

+> For production and higher security systems, we strongly advise against calling your workflow directly from the browser for these reasons:

+For more information about security, authorization, and encryption for inbound calls to your workflow, such as [Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security), previously known as Secure Sockets Layer (SSL), [Azure Active Directory Open Authentication (Azure AD OAuth)](../active-directory/develop/index.yml), exposing your logic app workflow with Azure API Management, or restricting the IP addresses that originate inbound calls, see [Secure access and data - Access for inbound calls to request-based triggers](../logic-apps/logic-apps-securing-a-logic-app.md#secure-inbound-requests).

+## Prerequisites:

+- Enable Prompt flow in your Azure Machine Learning workspace: In your Azure Machine Learning workspace, you can enable Prompt flow by turning on **Build AI solutions with Prompt flow** in the **Manage preview features** panel.

+ :::image type="content" source="./media/get-started-prompt-flow/preview-panel.png" alt-text="Screenshot of manage preview features highlighting build AI solutions with Prompt flow button." lightbox ="./media/get-started-prompt-flow/preview-panel.png":::

+- Make sure the default data store in your workspace is blob type.

+- If you secure prompt flow with virtual network, please follow [Network isolation in prompt flow](how-to-secure-prompt-flow.md) to learn more detail.

+- Make sure the default data store in your workspace is blob type.

+- If you secure prompt flow with virtual network, please follow [Network isolation in prompt flow](how-to-secure-prompt-flow.md) to learn more detail.

+## No such file or directory error

+- If you're using private storage account, see [Network isolation in prompt flow](../how-to-secure-prompt-flow.md) to make sure your storage account can be accessed by your workspace.

+### How to find python packages installed in runtime?

+Please follow below steps to find python packages installed in runtime:

+- Add python node in your flow.

+- Put following code to the code section.

+ ```python

+ from promptflow import tool

+ import subprocess

+

+ @tool

+ def list_packages(input: str) -> str:

+ # Run the pip list command and save the output to a file

+ with open('packages.txt', 'w') as f:

+ subprocess.run(['pip', 'list'], stdout=f)

+

+ ```

+- Run the flow, then you can find `packages.txt` in the flow folder.

+ :::image type="content" source="../media/faq/list-packages.png" alt-text="Screenshot of finding python packages installed in runtime. " lightbox = "../media/faq/list-packages.png":::

+# If the version of pacemaker is or greater than 2.0.4-6.el8, then run following command (see Tip box below for details):

+# If the version of pacemaker is less than 2.0.4-6.el8, then run following command (see Tip box below for details):

+# If the version of pacemaker is or greater than 2.0.4-6.el8, then run following command (see Tip box below for details):

+# If the version of pacemaker is less than 2.0.4-6.el8, then run following command (see Tip box below for details):

+> 'value1' and 'value2' are integer values with a unit of seconds. Replace the values 'value1' and 'value2' with appropriate integer values that are at least 5 seconds apart. For example:`pcmk_delay_base="prod-cl1-0:0;prod-cl1-1:10"`. Only configure the `pcmk_delay_max` attribute in two node clusters, with pacemaker version less than 2.0.4-6.el8. For pacemaker versions greater than 2.0.4-6.el8, use `pcmk_delay_base`.<br> For more information on preventing fence races in a two node Pacemaker cluster, see [Delaying fencing in a two node cluster to prevent fence races of "fence death" scenarios](https://access.redhat.com/solutions/54829).

+mssparkutils.notebook.run("folder/Sample1", 90, list("input": 20))

+exitVal <- mssparkutils.notebook.run("mssparkutils/folder/Sample1", 90, list("input": 20))

+| Azure Compute Gallery: Specialized images | - On-demand assessment </br> - On-demand patching </br> - Periodic assessment (preview) </br> - Scheduled patching (preview) </br> | Automatic VM guest patching |

+| Non-Azure Compute Gallery images (non-SIG)| - On-demand assessment </br> - On-demand patching </br> - Periodic assessment (preview) </br> - Scheduled patching (preview) </br> | Automatic VM guest patching |

+| Public | 1.2.4583 | [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139369) *(most common)*<br />[Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139456)<br />[Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139370) |

+| Insider | 1.2.4677 | [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139233) *(most common)*<br />[Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139144)<br />[Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139368) |

+## Updates for version 1.2.4677 (Insider)

+- Improved client logging, diagnostics, and error classification to help admins troubleshoot connection and feed issues.

+>[!NOTE]

+>This Insiders release was originally version 1.2.4675, but we've replaced it with version 1.2.4677, which fixes the [CVE-2023-5217](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217) security vulnerability.

+## Updates for version 1.2.4583

+*Date published: October 6, 2023*

+Download: [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139369), [Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139456), [Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139370)

+- Fixed the [CVE-2023-5217](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217) security vulnerability.