Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
active-directory-b2c | Aad Sspr Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/aad-sspr-technical-profile.md | Title: Microsoft Entra ID SSPR technical profiles in custom policies description: Custom policy reference for Microsoft Entra ID SSPR technical profiles in Azure AD B2C.-+ --++ Last updated 11/08/2022 |
active-directory-b2c | Access Tokens | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/access-tokens.md | Title: Request an access token in Azure Active Directory B2C description: Learn how to request an access token from Azure Active Directory B2C.-+ -+ Last updated 03/09/2023-+ |
active-directory-b2c | Active Directory Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/active-directory-technical-profile.md | Title: Define a Microsoft Entra technical profile in a custom policy description: Define a Microsoft Entra technical profile in a custom policy in Azure Active Directory B2C.-+ --++ Last updated 11/06/2023 |
active-directory-b2c | Add Api Connector Token Enrichment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-api-connector-token-enrichment.md | Title: Token enrichment - Azure Active Directory B2C description: Enrich tokens with claims from external identity data sources using APIs or outbound webhooks.-+ --++ Last updated 01/17/2023 |
active-directory-b2c | Add Api Connector | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-api-connector.md | Title: Add API connectors to sign up user flows description: Configure an API connector to be used in a sign-up user flow.-+ Last updated 12/20/2022 -+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Add Identity Provider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-identity-provider.md | Title: Add an identity provider - Azure Active Directory B2C description: Learn how to add an identity provider to your Active Directory B2C tenant.-+ Last updated 02/08/2023-+ |
active-directory-b2c | Add Native Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-native-application.md | Title: Add a native client application - Azure Active Directory B2C description: Learn how to add a native client application to your Active Directory B2C tenant.-+ Last updated 02/04/2019-+ |
active-directory-b2c | Add Password Change Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-password-change-policy.md | Title: Set up password change by using custom policies description: Learn how to set up a custom policy so users can change their password in Azure Active Directory B2C.-+ --++ Last updated 08/24/2021 |
active-directory-b2c | Add Password Reset Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-password-reset-policy.md | Title: Set up a password reset flow description: Learn how to set up a password reset flow in Azure Active Directory B2C (Azure AD B2C).-+ -+ Last updated 10/25/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Add Profile Editing Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-profile-editing-policy.md | Title: Set up a profile editing flow description: Learn how to set up a profile editing flow in Azure Active Directory B2C.-+ -+ Last updated 06/07/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Add Ropc Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-ropc-policy.md | Title: Set up a resource owner password credentials flow description: Learn how to set up the resource owner password credentials (ROPC) flow in Azure Active Directory B2C.-+ -+ Last updated 12/16/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Add Sign In Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-sign-in-policy.md | Title: Set up a sign-in flow description: Learn how to set up a sign-in flow in Azure Active Directory B2C.-+ -+ Last updated 08/24/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Add Sign Up And Sign In Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-sign-up-and-sign-in-policy.md | Title: Set up a sign-up and sign-in flow description: Learn how to set up a sign-up and sign-in flow in Azure Active Directory B2C.-+ -+ Last updated 02/09/2023 |
active-directory-b2c | Add Web Api Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-web-api-application.md | Title: Add a web API application - Azure Active Directory B2C description: Learn how to add a web API application to your Active Directory B2C tenant.-+ |
active-directory-b2c | Age Gating | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/age-gating.md | Title: Enable age gating in Azure Active Directory B2C description: Learn about how to identify minors using your application.-+ -+ Last updated 04/07/2022 |
active-directory-b2c | Analytics With Application Insights | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/analytics-with-application-insights.md | Title: Track user behavior by using Application Insights description: Learn how to enable event logs in Application Insights from Azure AD B2C user journeys.-+ -+ Last updated 08/24/2021 |
active-directory-b2c | Api Connector Samples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/api-connector-samples.md | Title: Samples of APIs for modifying your Azure AD B2C user flows description: Code samples for modifying user flows with API connectors -+ |
active-directory-b2c | Api Connectors Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/api-connectors-overview.md | Title: About API connectors in Azure AD B2C description: Use Microsoft Entra API connectors to customize and extend your user flows and custom policies by using REST APIs or outbound webhooks to external identity data sources. -+ |
active-directory-b2c | App Registrations Training Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/app-registrations-training-guide.md | Title: New App registrations experience in Azure AD B2C description: An introduction to the new App registration experience in Azure AD B2C.-+ -+ Last updated 05/25/2020-+ |
active-directory-b2c | Application Types | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/application-types.md | Title: Application types supported by Azure AD B2C description: Learn about the types of applications you can use with Azure Active Directory B2C.-+ -+ Last updated 10/11/2022 |
active-directory-b2c | Authorization Code Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/authorization-code-flow.md | Title: Authorization code flow - Azure Active Directory B2C description: Learn how to build web apps by using Azure AD B2C and OpenID Connect authentication protocol.- - - Last updated 11/06/2023 + +# Customer intent: As a developer who is building a web app, I want to learn more about the OAuth 2.0 authorization code flow in Azure AD B2C, so that I can add sign-up, sign-in, and other identity management tasks to my app. + # OAuth 2.0 authorization code flow in Azure Active Directory B2C -You can use the OAuth 2.0 authorization code grant in apps installed on a device to gain access to protected resources, such as web APIs. By using the Azure Active Directory B2C (Azure AD B2C) implementation of OAuth 2.0, you can add sign-up, sign-in, and other identity management tasks to your single-page, mobile, and desktop apps. This article is language-independent. In the article, we describe how to send and receive HTTP messages without using any open-source libraries. When possible, we recommend you use the supported Microsoft Authentication Libraries (MSAL).Take a look at the [sample apps that use MSAL](integrate-with-app-code-samples.md). +You can use the OAuth 2.0 authorization code grant in apps installed on a device to gain access to protected resources, such as web APIs. By using the Azure Active Directory B2C (Azure AD B2C) implementation of OAuth 2.0, you can add sign-up, sign-in, and other identity management tasks to your single-page, mobile, and desktop apps. In this article, we describe how to send and receive HTTP messages without using any open-source libraries. This article is language-independent. When possible, we recommend you use the supported Microsoft Authentication Libraries (MSAL). Take a look at the [sample apps that use MSAL](integrate-with-app-code-samples.md). The OAuth 2.0 authorization code flow is described in [section 4.1 of the OAuth 2.0 specification](https://tools.ietf.org/html/rfc6749). You can use it for authentication and authorization in most [application types](application-types.md), including web applications, single-page applications, and natively installed applications. You can use the OAuth 2.0 authorization code flow to securely acquire access tokens and refresh tokens for your applications, which can be used to access resources that are secured by an [authorization server](protocols-overview.md). The refresh token allows the client to acquire new access (and refresh) tokens once the access token expires, typically after one hour. The authorization code flow for single page applications requires some additiona The `spa` redirect type is backwards compatible with the implicit flow. Apps currently using the implicit flow to get tokens can move to the `spa` redirect URI type without issues and continue using the implicit flow. ## 1. Get an authorization code-The authorization code flow begins with the client directing the user to the `/authorize` endpoint. This is the interactive part of the flow, where the user takes action. In this request, the client indicates in the `scope` parameter the permissions that it needs to acquire from the user. The following examples (with line breaks for readability) shows how to acquire an authorization code. If you're testing this GET HTTP request, use your browser. +The authorization code flow begins with the client directing the user to the `/authorize` endpoint. This is the interactive part of the flow, where the user takes action. In this request, the client indicates in the `scope` parameter the permissions that it needs to acquire from the user. The following examples (with line breaks for readability) show how to acquire an authorization code. If you're testing this GET HTTP request, use your browser. ```http client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 | client_id |Required |The application ID assigned to your app in the [Azure portal](https://portal.azure.com). | | response_type |Required |The response type, which must include `code` for the authorization code flow. You can receive an ID token if you include it in the response type, such as `code+id_token`, and in this case, the scope needs to include `openid`.| | redirect_uri |Required |The redirect URI of your app, where authentication responses are sent and received by your app. It must exactly match one of the redirect URIs that you registered in the portal, except that it must be URL-encoded. |-| scope |Required |A space-separated list of scopes. The `openid` scope indicates a permission to sign in the user and get data about the user in the form of ID tokens. The `offline_access` scope is optional for web applications. It indicates that your application will need a *refresh token* for extended access to resources.The client-id indicates the token issued are intended for use by Azure AD B2C registered client. The `https://{tenant-name}/{app-id-uri}/{scope}` indicates a permission to protected resources, such as a web API. For more information, see [Request an access token](access-tokens.md#scopes). | +| scope |Required |A space-separated list of scopes. The `openid` scope indicates a permission to sign in the user and get data about the user in the form of ID tokens. The `offline_access` scope is optional for web applications. It indicates that your application will need a *refresh token* for extended access to resources. The client-id indicates the token issued are intended for use by Azure AD B2C registered client. The `https://{tenant-name}/{app-id-uri}/{scope}` indicates a permission to protected resources, such as a web API. For more information, see [Request an access token](access-tokens.md#scopes). | | response_mode |Recommended |The method that you use to send the resulting authorization code back to your app. It can be `query`, `form_post`, or `fragment`. | | state |Recommended |A value included in the request that can be a string of any content that you want to use. Usually, a randomly generated unique value is used, to prevent cross-site request forgery attacks. The state also is used to encode information about the user's state in the app before the authentication request occurred. For example, the page the user was on, or the user flow that was being executed. | | prompt |Optional |The type of user interaction that is required. Currently, the only valid value is `login`, which forces the user to enter their credentials on that request. Single sign-on will not take effect. | grant_type=authorization_code | client_id |Required |The application ID assigned to your app in the [Azure portal](https://portal.azure.com).| | client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, and therefore are not used in this call. If you use a client secret, please change it on a periodic basis. | | grant_type |Required |The type of grant. For the authorization code flow, the grant type must be `authorization_code`. |-| scope |Recommended |A space-separated list of scopes. A single scope value indicates to Microsoft Entra ID both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID. The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources. You also can use the `openid` scope to request an ID token from Azure AD B2C. | +| scope |Recommended |A space-separated list of scopes. A single scope value indicates to Azure AD B2C both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID. The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources. You also can use the `openid` scope to request an ID token from Azure AD B2C. | | code |Required |The authorization code that you acquired in from the `/authorize` endpoint. | | redirect_uri |Required |The redirect URI of the application where you received the authorization code. | | code_verifier | recommended | The same `code_verifier` used to obtain the authorization code. Required if PKCE was used in the authorization code grant request. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). | |
active-directory-b2c | Azure Monitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/azure-monitor.md | Title: Monitor Azure AD B2C with Azure Monitor description: Learn how to log Azure AD B2C events with Azure Monitor by using delegated resource management.-+ -+ |
active-directory-b2c | B2c Global Identity Funnel Based Design | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2c-global-identity-funnel-based-design.md | Title: Build a global identity solution with funnel-based approach description: Learn the funnel-based design consideration for Azure AD B2C to provide customer identity management for global customers.-+ -+ Last updated 12/15/2022 |
active-directory-b2c | B2c Global Identity Proof Of Concept Funnel | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2c-global-identity-proof-of-concept-funnel.md | Title: Azure Active Directory B2C global identity framework proof of concept for funnel-based configuration description: Learn how to create a proof of concept for funnel-based approach for Azure AD B2C to provide customer identity and access management for global customers.-+ -+ Last updated 12/15/2022 |
active-directory-b2c | B2c Global Identity Proof Of Concept Regional | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2c-global-identity-proof-of-concept-regional.md | Title: Azure Active Directory B2C global identity framework proof of concept for region-based configuration description: Learn how to create a proof of concept regional based approach for Azure AD B2C to provide customer identity and access management for global customers.-+ -+ Last updated 12/15/2022 |
active-directory-b2c | B2c Global Identity Region Based Design | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2c-global-identity-region-based-design.md | Title: Build a global identity solution with region-based approach description: Learn the region-based design consideration for Azure AD B2C to provide customer identity management for global customers.-+ -+ Last updated 12/15/2022 |
active-directory-b2c | B2c Global Identity Solutions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2c-global-identity-solutions.md | Title: Azure Active Directory B2C global identity framework description: Learn how to configure Azure AD B2C to provide customer identity and access management for global customers.-+ -+ Last updated 12/15/2022 |
active-directory-b2c | B2clogin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2clogin.md | Title: Migrate applications and APIs to b2clogin.com description: Learn about using b2clogin.com in your redirect URLs for Azure Active Directory B2C.-+ -+ Last updated 11/21/2023 |
active-directory-b2c | Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/best-practices.md | Title: Best practices for Azure AD B2C description: Recommendations and best practices to consider when working with Azure Active Directory B2C (Azure AD B2C).-+ -+ Last updated 07/13/2023 |
active-directory-b2c | Billing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/billing.md | Title: Billing model for Azure Active Directory B2C description: Learn about Azure AD B2C's monthly active users (MAU) billing model, how to link an Azure AD B2C tenant to an Azure subscription, and how to select the appropriate premium tier pricing.-+ -+ Last updated 06/06/2023 |
active-directory-b2c | Boolean Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/boolean-transformations.md | Title: Boolean claims transformation examples for custom policies description: Boolean claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Buildingblocks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/buildingblocks.md | Title: BuildingBlocks description: Specify the BuildingBlocks element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 12/10/2019 |
active-directory-b2c | Claim Resolver Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claim-resolver-overview.md | Title: Claim resolvers in custom policies description: Learn how to use claims resolvers in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Claims Transformation Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claims-transformation-technical-profile.md | Title: Define a claims transformation technical profile description: Define a claims transformation technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 01/17/2022 |
active-directory-b2c | Claimsproviders | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claimsproviders.md | Title: ClaimsProviders - Azure Active Directory B2C description: Specify the ClaimsProvider element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 03/08/2021 |
active-directory-b2c | Claimsschema | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claimsschema.md | Title: "ClaimsSchema: Azure Active Directory B2C" description: Specify the ClaimsSchema element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 03/06/2022 |
active-directory-b2c | Claimstransformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/claimstransformations.md | Title: ClaimsTransformations - Azure Active Directory B2C description: Definition of the ClaimsTransformations element in the Identity Experience Framework Schema of Azure Active Directory B2C.-+ -+ Last updated 09/10/2018 |
active-directory-b2c | Client Credentials Grant Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/client-credentials-grant-flow.md | Title: Set up OAuth 2.0 client credentials flow description: Learn how to set up the OAuth 2.0 client credentials flow in Azure Active Directory B2C.- - - Last updated 11/21/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Conditional Access Identity Protection Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/conditional-access-identity-protection-overview.md | Title: Identity Protection and Conditional Access in Azure AD B2C description: Learn how Identity Protection gives you visibility into risky sign-ins and risk detections. Find out how and Conditional Access lets you enforce organizational policies based on risk events in your Azure AD B2C tenants. - |
active-directory-b2c | Conditional Access Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/conditional-access-technical-profile.md | Title: Conditional Access technical profiles in custom policies description: Custom policy reference for Conditional Access technical profiles in Azure AD B2C.-+ -+ Last updated 06/18/2021 |
active-directory-b2c | Conditional Access User Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/conditional-access-user-flow.md | Title: Add Conditional Access to a user flow in Azure AD B2C description: Learn how to add Conditional Access to your Azure AD B2C user flows. Configure multifactor authentication (MFA) settings and Conditional Access policies in your user flows to enforce policies and remediate risky sign-ins.-+ Last updated 04/10/2022-+ |
active-directory-b2c | Configure A Sample Node Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-a-sample-node-web-app.md | Title: Configure authentication in a sample Node.js web application by using Azure Active Directory B2C (Azure AD B2C) description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in a Node.js web application. -+ -+ Last updated 07/07/2022 |
active-directory-b2c | Configure Authentication In Azure Static App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-static-app.md | Title: Configure authentication in an Azure Static Web App by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in an Azure Static Web App.-+ -+ Last updated 08/22/2022 |
active-directory-b2c | Configure Authentication In Azure Web App File Based | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-web-app-file-based.md | Title: Configure authentication in an Azure Web App configuration file by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in an Azure Web App using configuration file.-+ -+ Last updated 06/28/2022 |
active-directory-b2c | Configure Authentication In Azure Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-web-app.md | Title: Configure authentication in an Azure Web App by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in an Azure Web App.-+ -+ Last updated 06/28/2022 |
active-directory-b2c | Configure Authentication In Sample Node Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-sample-node-web-app-with-api.md | Title: Configure authentication in a sample Node.js web API by using Azure Active Directory B2C description: Follow the steps in this article to learn how to configure authentication in a sample Node.js web API by using Azure AD B2C -+ -+ Last updated 03/24/2023 |
active-directory-b2c | Configure Authentication Sample Android App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-android-app.md | Title: Configure authentication in a sample Android application by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in an Android application.-+ -+ Last updated 07/05/2021 |
active-directory-b2c | Configure Authentication Sample Angular Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md | Title: Configure authentication in a sample Angular SPA by using Azure Active Directory B2C description: Learn how to use Azure Active Directory B2C to sign in and sign up users in an Angular SPA.-+ -+ Last updated 03/09/2023 |
active-directory-b2c | Configure Authentication Sample Ios App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-ios-app.md | Title: Configure authentication in a sample iOS Swift application by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in an iOS Swift application.-+ -+ Last updated 01/06/2023 |
active-directory-b2c | Configure Authentication Sample Python Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-python-web-app.md | Title: Configure authentication in a sample Python web application by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in a Python web application.-+ -+ Last updated 02/28/2023 |
active-directory-b2c | Configure Authentication Sample React Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-react-spa-app.md | Title: Configure authentication in a sample React SPA by using Azure Active Directory B2C description: Learn how to use Azure Active Directory B2C to sign in and sign up users in a React SPA.-+ -+ Last updated 04/24/2023 |
active-directory-b2c | Configure Authentication Sample Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-spa-app.md | Title: Configure authentication in a sample single-page application by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in a single-page application.-+ -+ Last updated 04/30/2022 |
active-directory-b2c | Configure Authentication Sample Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-web-app-with-api.md | Title: Configure authentication in a sample web application that calls a web API by using Azure Active Directory B2C description: This article discusses using Azure Active Directory B2C to sign in and sign up users in an ASP.NET web application that calls a web API.-+ -+ Last updated 07/05/2021 |
active-directory-b2c | Configure Authentication Sample Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-web-app.md | Title: Configure authentication in a sample web application by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in an ASP.NET web application.-+ -+ Last updated 03/11/2022 |
active-directory-b2c | Configure Authentication Sample Wpf Desktop App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-wpf-desktop-app.md | Title: Configure authentication in a sample WPF desktop application by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to sign in and sign up users in a WPF desktop application.-+ -+ Last updated 08/04/2021 |
active-directory-b2c | Configure Security Analytics Sentinel | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-security-analytics-sentinel.md | Title: Configure security analytics for Azure Active Directory B2C data with Microsoft Sentinel description: Use Microsoft Sentinel to perform security analytics for Azure Active Directory B2C data.-+ -+ Last updated 03/06/2023 |
active-directory-b2c | Configure Tokens | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-tokens.md | Title: Configure tokens - Azure Active Directory B2C description: Learn how to configure the token lifetime and compatibility settings in Azure Active Directory B2C.- - - Last updated 11/20/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Configure User Input | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-user-input.md | Title: Add user attributes and customize user input description: Learn how to customize user input and add user attributes to the sign-up or sign-in journey in Azure Active Directory B2C.-+ -+ Last updated 12/28/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Contentdefinitions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/contentdefinitions.md | Title: ContentDefinitions description: Specify the ContentDefinitions element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 09/12/2021 |
active-directory-b2c | Cookie Definitions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/cookie-definitions.md | Title: Cookie definitions description: Provides definitions for the cookies used in Azure Active Directory B2C.-+ -+ Last updated 03/20/2022 |
active-directory-b2c | Custom Domain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-domain.md | Title: Enable Azure AD B2C custom domains description: Learn how to enable custom domains in your redirect URLs for Azure Active Directory B2C.- - Previously updated : 11/3/2022 Last updated : 11/13/2023 zone_pivot_groups: b2c-policy-type+ +#Customer intent: As a developer, I want to use my own domain name for the sign-in and sign-up experience, so that my users have a seamless experience. # Enable custom domains for Azure Active Directory B2C [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)] -This article describes how to enable custom domains in your redirect URLs for Azure Active Directory B2C (Azure AD B2C). By using a verified custom domain, you've benefits such as: +This article describes how to enable custom domains in your redirect URLs for Azure Active Directory B2C (Azure AD B2C). Using a verified custom domain has a number of benefits such as: - It provides a more seamless user experience. From the user's perspective, they remain in your domain during the sign in process rather than redirecting to the Azure AD B2C default domain *<tenant-name>.b2clogin.com*.-- By staying in the same domain for your application during sign-in, you mitigate the impact of [third-party cookie blocking](/azure/active-directory/develop/reference-third-party-cookies-spas). -+- By staying in the same domain for your application during sign-in, you mitigate the impact of [third-party cookie blocking](/entra/identity-platform/reference-third-party-cookies-spas). - You increase the number of objects (user accounts and applications) you can create in your Azure AD B2C tenant from the default 1.25 million to 5.25 million. -![Screenshot demonstrates an Azure AD B2C custom domain user experience.](./media/custom-domain/custom-domain-user-experience.png) + :::image type="content" source="./media/custom-domain/custom-domain-user-experience.png" alt-text="Screenshot of a browser window with the domain name highlighted in the address bar to show the custom domain experience."::: ## Custom domain overview The following diagram illustrates Azure Front Door integration: 1. Azure Front Door invokes Azure AD B2C content using the Azure AD B2C `<tenant-name>.b2clogin.com` default domain. The request to the Azure AD B2C endpoint includes the original custom domain name. 1. Azure AD B2C responds to the request by displaying the relevant content and the original custom domain. -![Diagram shows the custom domain networking flow.](./media/custom-domain/custom-domain-network-flow.png) > [!IMPORTANT] > The connection from the browser to Azure Front Door should always use IPv4 instead of IPv6. When using custom domains, consider the following: -- You can set up multiple custom domains. For the maximum number of supported custom domains, see [Microsoft Entra service limits and restrictions](../active-directory/enterprise-users/directory-service-limits-restrictions.md) for Azure AD B2C and [Azure subscription and service limits, quotas, and constraints](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-front-door-classic-limits) for Azure Front Door.+- You can set up multiple custom domains. For the maximum number of supported custom domains, see [Microsoft Entra service limits and restrictions](/entra/identity/users/directory-service-limits-restrictions) for Azure AD B2C and [Azure subscription and service limits, quotas, and constraints](/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-front-door-classic-limits) for Azure Front Door. - Azure Front Door is a separate Azure service, so extra charges will be incurred. For more information, see [Front Door pricing](https://azure.microsoft.com/pricing/details/frontdoor). - After you configure custom domains, users will still be able to access the Azure AD B2C default domain name *<tenant-name>.b2clogin.com* (unless you're using a custom policy and you [block access](#optional-block-access-to-the-default-domain-name). - If you have multiple applications, migrate them all to the custom domain because the browser stores the Azure AD B2C session under the domain name currently being used. When using custom domains, consider the following: ## Step 1: Add a custom domain name to your Azure AD B2C tenant -Every new Azure AD B2C tenant comes with an initial domain name, <domainname>.onmicrosoft.com. You can't change or delete the initial domain name, but you can add a custom domain. +When you create an Azure AD B2C tenant it comes with an initial domain name, <domainname>.onmicrosoft.com. You can't change or delete the initial domain name, but you can add your own custom domain. Follow these steps to add a custom domain to your Azure AD B2C tenant: -1. [Add your custom domain name to Microsoft Entra ID](../active-directory/fundamentals/add-custom-domain.md#add-your-custom-domain-name). +1. [Add your custom domain name to Microsoft Entra ID](/entra/fundamentals/add-custom-domain#add-your-custom-domain-name). > [!IMPORTANT] > For these steps, be sure to sign in to your **Azure AD B2C** tenant and select the **Microsoft Entra ID** service. -1. [Add your DNS information to the domain registrar](../active-directory/fundamentals/add-custom-domain.md#add-your-dns-information-to-the-domain-registrar). After you add your custom domain name to Microsoft Entra ID, create a DNS `TXT`, or `MX` record for your domain. Creating this DNS record for your domain verifies ownership of your domain name. +1. [Add your DNS information to the domain registrar](/entra/fundamentals/add-custom-domain#add-your-dns-information-to-the-domain-registrar). After you add your custom domain name to Microsoft Entra ID, create a DNS `TXT`, or `MX` record for your domain. Creating this DNS record for your domain verifies ownership of your domain name. The following examples demonstrate TXT records for *login.contoso.com* and *account.contoso.com*: Follow these steps to add a custom domain to your Azure AD B2C tenant: > [!TIP] > You can manage your custom domain with any publicly available DNS service, such as GoDaddy. If you don't have a DNS server, you can use [Azure DNS zone](../dns/dns-getstarted-portal.md), or [App Service domains](../app-service/manage-custom-dns-buy-domain.md). -1. [Verify your custom domain name](../active-directory/fundamentals/add-custom-domain.md#verify-your-custom-domain-name). Verify each subdomain, or hostname you plan to use. For example, to be able to sign in with *login.contoso.com* and *account.contoso.com*, you need to verify both subdomains and not just the top-level domain *contoso.com*. +1. [Verify your custom domain name](/entra/fundamentals/add-custom-domain#verify-your-custom-domain-name). Verify each subdomain, or hostname you plan to use. For example, to be able to sign in with *login.contoso.com* and *account.contoso.com*, you need to verify both subdomains and not just the top-level domain *contoso.com*. > [!IMPORTANT] > After the domain is verified, **delete** the DNS TXT record you created. Follow these steps to create an Azure Front Door: |Subscription|Select your Azure subscription.| |Resource group| Select an existing resource group, or create a new one.| |Name| Give your profile a name such as `b2cazurefrontdoor`.|- |Tier| Select either Standard or Premium tier. Standard tier is content delivery optimized. Premium tier builds on Standard tier and is focused on security. See [Tier Comparison](../frontdoor/standard-premium/tier-comparison.md).| + |Tier| Select either Standard or Premium tier. Standard tier is content delivery optimized. Premium tier builds on Standard tier and is focused on security. See [Tier Comparison](../frontdoor/front-door-cdn-comparison.md).| |Endpoint name| Enter a globally unique name for your endpoint, such as `b2cazurefrontdoor`. The **Endpoint hostname** is generated automatically. | |Origin type| Select `Custom`.|- |Origin host name| Enter `<tenant-name>.b2clogin.com`. Replace `<tenant-name>` with the [name of your Azure AD B2C tenant]( tenant-management-read-tenant-name.md#get-your-tenant-name) such as `contoso.b2clogin.com`.| + |Origin host name| Enter `<tenant-name>.b2clogin.com`. Replace `<tenant-name>` with the [name of your Azure AD B2C tenant](tenant-management-read-tenant-name.md#get-your-tenant-name) such as `contoso.b2clogin.com`.| Leave the **Caching** and **WAF policy** empty. -1. Once the Azure Front Door resource is created, select **Overview**, and copy the **Endpoint hostname**. It looks something like `b2cazurefrontdoor-ab123e.z01.azurefd.net`. +1. Once the Azure Front Door resource is created, select **Overview**, and copy the **Endpoint hostname**. You will need this later on. It will look something like `b2cazurefrontdoor-ab123e.z01.azurefd.net`. 1. Make sure the **Host name** and **Origin host header** of your origin have the same value: 1. Under **Settings**, select **Origin groups**. Follow these steps to create an Azure Front Door: 1. On the right pane, select your **Origin host name** such as `contoso.b2clogin.com`. 1. On the **Update origin** pane, update the **Host name** and **Origin host header** to have the same value. - :::image type="content" source="./media/custom-domain/azure-front-door-custom-domain-origins.png" alt-text="Screenshot of how to update custom domain origins."::: -+ :::image type="content" source="./media/custom-domain/azure-front-door-custom-domain-origins.png" alt-text="Screenshot of the Origin groups menu from the Azure portal with Host name and Origin host header text boxes highlighted."::: ## Step 3: Set up your custom domain on Azure Front Door The **default-route** routes the traffic from the client to Azure Front Door. Th The following screenshot shows how to select the default-route. - ![Screenshot of selecting the default route.](./media/custom-domain/enable-the-route.png) + :::image type="content" source="./media/custom-domain/enable-the-route.png" alt-text="Screenshot of the Front Door manager page from the Azure portal with the default route highlighted."::: 1. Select the **Enable route** checkbox. 1. Select **Update** to save the changes. ## Step 4: Configure CORS -If you [customize the Azure AD B2C user interface](customize-ui-with-html.md) with an HTML template, you need to [Configure CORS](customize-ui-with-html.md?pivots=b2c-user-flow.md#3-configure-cors) with your custom domain. +If you are using a custom HTML template to [customize the Azure AD B2C user interface](customize-ui-with-html.md), you need to [Configure CORS](customize-ui-with-html.md?pivots=b2c-user-flow.md#3-configure-cors) with your custom domain. Configure Azure Blob storage for Cross-Origin Resource Sharing with the following steps: Configure Azure Blob storage for Cross-Origin Resource Sharing with the followin 1. For **Application**, select the web application named *webapp1* that you previously registered. The **Reply URL** should show `https://jwt.ms`. 1. Copy the URL under **Run user flow endpoint**. - ![Screenshot of how to copy the authorization request U R I.](./media/custom-domain/user-flow-run-now.png) + :::image type="content" source="./media/custom-domain/user-flow-run-now.png" alt-text="Screenshot of the Run user flow page from the Azure portal with the copy button for the Run userflow endpoint text box highlighted."::: -1. To simulate a sign in with your custom domain, open a web browser and use the URL you copied. Replace the Azure AD B2C domain (_<tenant-name>_.b2clogin.com) with your custom domain. +1. To simulate a sign in with your custom domain, open a web browser and use the URL you just copied. Replace the Azure AD B2C domain (_<tenant-name>_.b2clogin.com) with your custom domain. For example, instead of: The following example shows a valid OAuth redirect URI: https://login.contoso.com/contoso.onmicrosoft.com/oauth2/authresp ``` -If you choose to use the [tenant ID](#optional-use-tenant-id), a valid OAuth redirect URI would look like the following sample: --```http -https://login.contoso.com/11111111-1111-1111-1111-111111111111/oauth2/authresp -``` - The [SAML identity providers](saml-identity-provider-technical-profile.md) metadata would look like the following sample: ```http The custom domain integration applies to authentication endpoints that use Azure Replace: - **custom-domain** with your custom domain - **tenant-name** with your tenant name or tenant ID-- **policy-name** with your policy name. [Learn more about Azure AD B2C policies](technical-overview.md#identity-experiences-user-flows-or-custom-policies). -+- **policy-name** with your policy name. The [SAML service provider](./saml-service-provider.md) metadata may look like the following sample: https://custom-domain-name/tenant-name/policy-name/Samlp/metadata You can replace your B2C tenant name in the URL with your tenant ID GUID so as to remove all references to ΓÇ£b2cΓÇ¥ in the URL. You can find your tenant ID GUID in the B2C Overview page in Azure portal. For example, change `https://account.contosobank.co.uk/contosobank.onmicrosoft.com/` -to -`https://account.contosobank.co.uk/<tenant ID GUID>/` +to `https://account.contosobank.co.uk/<tenant ID GUID>/` ++If you choose to use tenant ID instead of tenant name, be sure to update the identity provider **OAuth redirect URIs** accordingly. When using your tenant ID instead of tenant name, a valid OAuth redirect URI would look like the following sample: -If you choose to use tenant ID instead of tenant name, be sure to update the identity provider **OAuth redirect URIs** accordingly. For more information, see [Configure your identity provider](#configure-your-identity-provider). +```http +https://login.contoso.com/11111111-1111-1111-1111-111111111111/oauth2/authresp +``` +For more information, see [Configure your identity provider](#configure-your-identity-provider). ### Token issuance The token issuer name (iss) claim changes based on the custom domain being used. ```http https://<domain-name>/11111111-1111-1111-1111-111111111111/v2.0/ ```- ::: zone pivot="b2c-custom-policy" ## (Optional) Block access to the default domain name -After you add the custom domain and configure your application, users will still be able to access the <tenant-name>.b2clogin.com domain. To prevent access, you can configure the policy to check the authorization request "host name" against an allowed list of domains. The host name is the domain name that appears in the URL. The host name is available through `{Context:HostName}` [claim resolvers](claim-resolver-overview.md). Then you can present a custom error message. +After you add the custom domain and configure your application, users will still be able to access the <tenant-name>.b2clogin.com domain. If you want to prevent access, you can configure the policy to check the authorization request "host name" against an allowed list of domains. The host name is the domain name that appears in the URL. The host name is available through `{Context:HostName}` [claim resolvers](claim-resolver-overview.md). Then you can present a custom error message. 1. Get the example of a conditional access policy that checks the host name from [GitHub](https://github.com/azure-ad-b2c/samples/tree/master/policies/check-host-name). 1. In each file, replace the string `yourtenant` with the name of your Azure AD B2C tenant. For example, if the name of your B2C tenant is *contosob2c*, all instances of `yourtenant.onmicrosoft.com` become `contosob2c.onmicrosoft.com`. When using custom domains, consider the following points: - **Possible causes** - This issue could be related to the Azure Front Door route configuration. - **Resolution**: Check the status of the **default-route**. If it's disabled, [Enable the route](#33-enable-the-route). The following screenshot shows how the default-route should look like: - ![Screenshot of the status of the default-route.](./media/custom-domain/azure-front-door-route-status.png) + :::image type="content" source="./media/custom-domain/azure-front-door-route-status.png" alt-text="Screenshot of the Front Door manager page from the Azure portal with the default route, Status and Provisioning state items highlighted."::: ### Azure AD B2C returns the resource you're looking for has been removed, had its name changed, or is temporarily unavailable. When using custom domains, consider the following points: - **Possible causes** - This issue could be related to the Microsoft Entra custom domain verification. - **Resolution**: Make sure the custom domain is [registered and **successfully verified**](#step-1-add-a-custom-domain-name-to-your-azure-ad-b2c-tenant) in your Azure AD B2C tenant. -### Identify provider returns an error +### Identity provider returns an error - **Symptom** - After you configure a custom domain, you're able to sign in with local accounts. But when you sign in with credentials from external [social or enterprise identity providers](add-identity-provider.md), the identity provider presents an error message. - **Possible causes** - When Azure AD B2C takes the user to sign in with a federated identity provider, it specifies the redirect URI. The redirect URI is the endpoint to where the identity provider returns the token. The redirect URI is the same domain your application uses with the authorization request. If the redirect URI isn't yet registered in the identity provider, it may not trust the new redirect URI, which results in an error message. Yes, Azure AD B2C supports BYO-WAF (Bring Your Own Web Application Firewall). Ho Yes, Azure Front Door can be in a different subscription. -## Next steps +## See also ++* Learn about [OAuth authorization requests](protocols-overview.md). +* Learn about [OpenID Connect authorization requests](openid-connect.md). +* Learn about [authorization code flow](authorization-code-flow.md). + -Learn about [OAuth authorization requests](protocols-overview.md). |
active-directory-b2c | Custom Email Mailjet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-email-mailjet.md | Title: Custom email verification with Mailjet description: Learn how to integrate with Mailjet to customize the verification email sent to your customers when they sign up to use your Azure AD B2C-enabled applications.-+ -+ Last updated 10/06/2022 |
active-directory-b2c | Custom Email Sendgrid | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-email-sendgrid.md | Title: Custom email verification with SendGrid description: Learn how to integrate with SendGrid to customize the verification email sent to your customers when they sign up to use your Azure AD B2C-enabled applications.-+ -+ Last updated 11/20/2023 |
active-directory-b2c | Custom Policies Series Branch User Journey | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-branch-user-journey.md | Title: Create branching in user journey by using Azure AD B2C custom policy description: Learn how to enable or disable Technical Profiles based on claims values. Learn how to branch in user journeys by enabling and disabling Azure AD B2C custom policy technical profiles. -+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policies Series Call Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-call-rest-api.md | Title: Call a REST API by using Azure Active Directory B2C custom policy description: Learn how to make an HTTP call to external API by using Azure Active Directory B2C custom policy.-+ -+ -+ Last updated 11/20/2023 Next, learn: - About [RESTful technical profile](restful-technical-profile.md). -- How to [Create and read a user account by using Azure Active Directory B2C custom policy](custom-policies-series-store-user.md)+- How to [Create and read a user account by using Azure Active Directory B2C custom policy](custom-policies-series-store-user.md) |
active-directory-b2c | Custom Policies Series Collect User Input | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-collect-user-input.md | Title: Collect and manipulate user inputs by using Azure AD B2C custom policy description: Learn how to collect user inputs from a user and manipulate them by using Azure Active Directory B2C custom policy -+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policies Series Hello World | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-hello-world.md | Title: Write your first Azure AD B2C custom policy - Hello World! description: Learn how to write your first custom policy. A custom that shows of returns Hello World message. -+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policies Series Install Xml Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-install-xml-extensions.md | Title: Validate custom policy files by using TrustFrameworkPolicy schema description: Learn how to validate custom policy files by using TrustFrameworkPolicy schema and other XML extensions for Visual Studio code. You also learn to navigate custom policy file by using Azure AD B2C extension. -+ -+ Last updated 11/20/2023 |
active-directory-b2c | Custom Policies Series Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-overview.md | Title: Create and run your own custom policies in Azure Active Directory B2C description: Learn how to create and run your own custom policies in Azure Active Directory B2C. Learn how to create Azure Active Directory B2C custom policies from scratch in a how-to guide series.-+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policies Series Sign Up Or Sign In Federation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-sign-up-or-sign-in-federation.md | Title: Set up a sign-up and sign-in flow with a social account by using Azure Active Directory B2C custom policy description: Learn how to configure a sign-up and sign-in flow for a social account, Facebook, by using Azure Active Directory B2C custom policy. -+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policies Series Sign Up Or Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-sign-up-or-sign-in.md | Title: Set up a sign-up and sign-in flow for a local account by using Azure Active Directory B2C custom policy description: Learn how to configure a sign-up and sign-in flow for a local account, using email and password, by using Azure Active Directory B2C custom policy. -+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policies Series Store User | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-store-user.md | Title: Create a user account by using Azure Active Directory B2C custom policy description: Learn how to create a user account in Azure AD B2C storage by using a custom policy. -+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policies Series Validate User Input | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-validate-user-input.md | Title: Validate user inputs by using Azure AD B2C custom policy description: Learn how to validate user inputs by using Azure Active Directory B2C custom policy. Learn how to validate user input by limiting user input options. Learn how to validate user input by using Predicates. Learn how to validate user input by using Regular Expressions. Learn how to validate user input by using validation technical profiles -+ -+ Last updated 11/06/2023 |
active-directory-b2c | Custom Policy Developer Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policy-developer-notes.md | Title: Developer notes for user flows and custom policies description: Notes for developers on configuring and maintaining Azure AD B2C with user flows and custom policies.-+ -+ Last updated 10/05/2023-+ |
active-directory-b2c | Custom Policy Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policy-overview.md | Title: Azure Active Directory B2C custom policy overview description: A topic about Azure Active Directory B2C custom policies and the Identity Experience Framework.-+ -+ Last updated 11/20/2023 |
active-directory-b2c | Custom Policy Reference Sso | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policy-reference-sso.md | Title: Single sign-on session providers using custom policies description: Learn how to manage single sign-on sessions using custom policies in Azure AD B2C.-+ -+ Last updated 02/03/2022 |
active-directory-b2c | Customize Ui With Html | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/customize-ui-with-html.md | Title: Customize the user interface with HTML templates description: Learn how to customize the user interface with HTML templates for your applications that use Azure Active Directory B2C.-+ -+ Last updated 11/06/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Customize Ui | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/customize-ui.md | Title: Customize the user interface description: Learn how to customize the user interface for your applications that use Azure Active Directory B2C.-+ -+ Last updated 12/16/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Data Residency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/data-residency.md | Title: "Azure AD B2C: Region availability & data residency" description: Region availability, data residency, high availability, SLA, and information about Azure Active Directory B2C preview tenants.-+ -+ Last updated 06/24/2023 |
active-directory-b2c | Date Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/date-transformations.md | Title: Date claims transformation examples for custom policies description: Date claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Deploy Custom Policies Devops | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/deploy-custom-policies-devops.md | Title: Deploy custom policies with Azure Pipelines description: Learn how to deploy Azure AD B2C custom policies in a CI/CD pipeline by using Azure Pipelines.-+ -+ Last updated 03/25/2022 |
active-directory-b2c | Deploy Custom Policies Github Action | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/deploy-custom-policies-github-action.md | Title: Deploy custom policies with GitHub Actions description: Learn how to deploy Azure AD B2C custom policies in a CI/CD pipeline by using GitHub Actions.-+ -+ Last updated 08/25/2021 |
active-directory-b2c | Direct Signin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/direct-signin.md | Title: Set up direct sign-in using Azure Active Directory B2C description: Learn how to prepopulate the sign-in name or redirect straight to a social identity provider.-+ -+ Last updated 06/21/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Disable Email Verification | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/disable-email-verification.md | Title: Disable email verification during customer sign-up description: Learn how to disable email verification during customer sign-up in Azure Active Directory B2C.-+ -+ Last updated 09/15/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Display Control Time Based One Time Password | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/display-control-time-based-one-time-password.md | Title: TOTP display controls description: Learn how to use Azure AD B2C TOTP display controls in the user journeys provided by your custom policies.-+ -+ Last updated 07/20/2022 |
active-directory-b2c | Display Control Verification | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/display-control-verification.md | Title: Verify claims with display controls description: Learn how to use Azure AD B2C display controls to verify the claims in the user journeys provided by your custom policies.-+ -+ Last updated 12/10/2019 |
active-directory-b2c | Display Controls | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/display-controls.md | Title: Display control reference description: Reference for Azure AD B2C display controls. Use display controls for customizing user journeys defined in your custom policies.-+ -+ Last updated 12/9/2021 |
active-directory-b2c | Embedded Login | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/embedded-login.md | Title: Embed Azure Active Directory B2C user interface into your app with a custom policy description: Learn how to embed Azure Active Directory B2C user interface into your app with a custom policy- - - Last updated 11/20/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Enable Authentication Android App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-android-app-options.md | Title: Enable Android mobile application options by using Azure Active Directory B2C description: This article discusses several ways to enable Android mobile application options by using Azure Active Directory B2C.-+ -+ Last updated 10/06/2022 |
active-directory-b2c | Enable Authentication Android App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-android-app.md | Title: Enable authentication in an Android app - Azure AD B2C description: Enable authentication in an Android application using Azure Active Directory B2C building blocks. Learn how to use Azure AD B2C to sign in and sign up users in an Android application.-+ -+ Last updated 09/16/2021 |
active-directory-b2c | Enable Authentication Angular Spa App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-angular-spa-app-options.md | Title: Configure authentication options in an Angular application by using Azure Active Directory B2C description: Enable the use of Angular application options in several ways.-+ -+ Last updated 03/23/2023 |
active-directory-b2c | Enable Authentication Angular Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-angular-spa-app.md | Title: Enable authentication in an Angular application by using Azure Active Directory B2C building blocks description: Use the building blocks of Azure Active Directory B2C to sign in and sign up users in an Angular application.-+ -+ Last updated 03/23/2023 |
active-directory-b2c | Enable Authentication Azure Static App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-azure-static-app-options.md | Title: Enable Azure Static Web App authentication options using Azure Active Directory B2C description: This article discusses several ways to enable Azure Static Web App authentication options.-+ -+ Last updated 06/28/2022 |
active-directory-b2c | Enable Authentication In Node Web App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app-options.md | Title: Enable Node.js web app authentication options using Azure Active Directory B2C description: This article discusses several ways to enable Node.js web app authentication options.-+ -+ Last updated 02/02/2022 |
active-directory-b2c | Enable Authentication In Node Web App With Api Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app-with-api-options.md | Title: Enable Node.js web API authentication options using Azure Active Directory B2C description: This article discusses several ways to enable Node.js web API authentication options.-+ -+ Last updated 02/10/2022 |
active-directory-b2c | Enable Authentication In Node Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app-with-api.md | Title: Enable authentication in your own Node.js web API by using Azure Active Directory B2C description: Follow this article to learn how to call your own web API protected by Azure AD B2C from your own node js web app. The web app acquires an access token and uses it to call a protected endpoint in the web API. The web app adds the access token as a bearer in the Authorization header, and the web API needs to validate it. -+ -+ Last updated 02/09/2022 |
active-directory-b2c | Enable Authentication In Node Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-in-node-web-app.md | Title: Enable authentication in your own Node web application using Azure Active Directory B2C description: This article explains how to enable authentication in your own Node.js web application using Azure AD B2C -+ -+ Last updated 02/02/2022 |
active-directory-b2c | Enable Authentication Ios App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-ios-app-options.md | Title: Enable iOS Swift mobile application options by using Azure Active Directory B2C description: This article discusses several ways to enable iOS Swift mobile application options by using Azure Active Directory B2C.-+ -+ Last updated 07/29/2021 |
active-directory-b2c | Enable Authentication Ios App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-ios-app.md | Title: Enable authentication in an iOS Swift app by using Azure AD B2C description: This article discusses how to enable authentication in an iOS Swift application by using Azure Active Directory B2C building blocks. Learn how to use Azure AD B2C to sign in and sign up users in an iOS Swift application.-+ -+ Last updated 03/24/2023 |
active-directory-b2c | Enable Authentication Python Web App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-python-web-app-options.md | Title: Enable Python web application options by using Azure Active Directory B2C description: This article shows you how to enable the use of Python web application options.-+ -+ Last updated 07/05/2021 |
active-directory-b2c | Enable Authentication Python Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-python-web-app.md | Title: Enable authentication in your own Python web application using Azure Active Directory B2C description: This article explains how to enable authentication in your own Python web application using Azure AD B2C -+ -+ Last updated 06/28/2022 |
active-directory-b2c | Enable Authentication React Spa App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-react-spa-app-options.md | Title: Enable React application options by using Azure Active Directory B2C description: Enable the use of React application options in several ways.-+ -+ Last updated 07/07/2022 |
active-directory-b2c | Enable Authentication React Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-react-spa-app.md | Title: Enable authentication in a React application by using Azure Active Directory B2C building blocks description: Use the building blocks of Azure Active Directory B2C to sign in and sign up users in a React application.-+ -+ Last updated 11/20/2023 |
active-directory-b2c | Enable Authentication Spa App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-spa-app-options.md | Title: Enable SPA application options by using Azure Active Directory B2C description: This article discusses several ways to enable the use of SPA applications.-+ -+ Last updated 07/05/2021 |
active-directory-b2c | Enable Authentication Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-spa-app.md | Title: Enable authentication in a SPA application by using Azure Active Directory B2C building blocks description: This article discusses the building blocks of Azure Active Directory B2C for signing in and signing up users in a SPA application.-+ -+ Last updated 03/24/2023 |
active-directory-b2c | Enable Authentication Web Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-api.md | Title: Enable authentication in a web API by using Azure Active Directory B2C description: This article discusses how to use Azure Active Directory B2C to protect a web API.-+ -+ Last updated 11/20/2023 |
active-directory-b2c | Enable Authentication Web App With Api Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-app-with-api-options.md | Title: Enable a web application that calls web API options by using Azure Active Directory B2C description: This article discusses how to enable the use of a web application that calls web API options in several ways.-+ -+ Last updated 07/05/2021 |
active-directory-b2c | Enable Authentication Web App With Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-app-with-api.md | Title: Enable authentication in web apps that call a web API by using Azure Active Directory B2C building blocks description: This article discusses the building blocks of an ASP.NET web app that calls a web API by using Azure Active Directory B2C.-+ -+ Last updated 11/10/2021 |
active-directory-b2c | Enable Authentication Web Application Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-application-options.md | Title: Enable web app authentication options using Azure Active Directory B2C description: This article discusses several ways to enable web app authentication options.-+ -+ Last updated 08/12/2021 |
active-directory-b2c | Enable Authentication Web Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-application.md | Title: Enable authentication in a web app by using Azure Active Directory B2C building blocks description: This article discusses how to use the building blocks of Azure Active Directory B2C to sign in and sign up users in an ASP.NET web app.-+ -+ Last updated 06/11/2021 |
active-directory-b2c | Enable Authentication Wpf Desktop App Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-wpf-desktop-app-options.md | Title: Enable WPF desktop application options using Azure Active Directory B2C description: Enable the use of WPF desktop application options by using several ways.-+ -+ Last updated 08/04/2021 |
active-directory-b2c | Error Codes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/error-codes.md | Title: Error code reference description: A list of the error codes that can be returned by the Azure Active Directory B2C service.-+ -+ Last updated 11/08/2023 |
active-directory-b2c | Extensions App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/extensions-app.md | Title: Extensions app in Azure Active Directory B2C description: Restoring the b2c-extensions-app.-+ -+ Last updated 11/02/2021 |
active-directory-b2c | External Identities Videos | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/external-identities-videos.md | Title: Microsoft Azure Active Directory B2C external identity video series description: Learn about external identities in Azure AD B2C in the Microsoft identity platform -+ -+ Last updated 06/08/2023 |
active-directory-b2c | Find Help Open Support Ticket | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/find-help-open-support-ticket.md | Title: Find help and open a support ticket for Azure Active Directory B2C description: Learn how to find technical, pre-sales, billing, and subscription help and open a support ticket for Azure Active Directory B2C -+ -+ Last updated 03/13/2023 |
active-directory-b2c | Force Password Reset | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/force-password-reset.md | Title: Configure a force password reset flow in Azure AD B2C description: Learn how to set up a forced password reset flow in Azure Active Directory B2C.-+ -+ Last updated 10/31/2023 |
active-directory-b2c | General Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/general-transformations.md | Title: General claims transformation examples for custom policies description: General claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Https Cipher Tls Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/https-cipher-tls-requirements.md | Title: TLS and cipher suite requirements - Azure AD B2C description: Notes for developers on HTTPS cipher suite and TLS requirements when interacting with web API endpoints.-+ -+ Last updated 04/30/2021-+ |
active-directory-b2c | Id Token Hint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/id-token-hint.md | Title: Define an ID token hint technical profile in a custom policy description: Define an ID token hint technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 09/16/2021 |
active-directory-b2c | Identity Protection Investigate Risk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-protection-investigate-risk.md | Title: Investigate risk with Azure Active Directory B2C Identity Protection description: Learn how to investigate risky users, and detections in Azure AD B2C Identity Protection - Last updated 09/16/2021-+ |
active-directory-b2c | Identity Provider Adfs Saml | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-adfs-saml.md | Title: Add AD FS as a SAML identity provider by using custom policies description: Set up AD FS 2016 using the SAML protocol and custom policies in Azure Active Directory B2C-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Adfs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-adfs.md | Title: Add AD FS as an OpenID Connect identity provider by using custom policies description: Set up AD FS 2016 using the OpenID Connect protocol and custom policies in Azure Active Directory B2C-+ -+ Last updated 06/08/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Amazon | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-amazon.md | Title: Set up sign-up and sign-in with an Amazon account description: Provide sign-up and sign-in to customers with Amazon accounts in your applications using Azure Active Directory B2C.-+ -+ -+ Last updated 09/16/2021 |
active-directory-b2c | Identity Provider Apple Id | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-apple-id.md | Title: Set up sign-up and sign-in with an Apple ID description: Provide sign-up and sign-in to customers with Apple ID in your applications using Azure Active Directory B2C.-+ -+ Last updated 11/02/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Azure Ad B2c | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-azure-ad-b2c.md | Title: Set up sign-up and sign-in with an Azure AD B2C account from another Azure AD B2C tenant description: Provide sign-up and sign-in to customers with Azure AD B2C accounts from another tenant in your applications using Azure Active Directory B2C.-+ -+ Last updated 10/11/2023 -+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Azure Ad Multi Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-azure-ad-multi-tenant.md | Title: Set up sign-in for multi-tenant Microsoft Entra ID by custom policies + Title: Set up sign-in for multitenant Microsoft Entra ID using custom policies -description: Add a multi-tenant Microsoft Entra identity provider using custom policies in Azure Active Directory B2C. -+description: Add a multitenant Microsoft Entra identity provider using custom policies in Azure Active Directory B2C. - - Previously updated : 11/17/2022 Last updated : 11/16/2023 zone_pivot_groups: b2c-policy-type++#Customer intent: As a developer, I want to enable sign-in for users using the multitenant endpoint for Microsoft Entra ID. Allowing users from multiple Microsoft Entra tenants to sign in using Azure AD B2C, without me having to configure an identity provider for each tenant. + -# Set up sign-in for multi-tenant Microsoft Entra ID using custom policies in Azure Active Directory B2C +# Set up sign-in for multitenant Microsoft Entra ID using custom policies in Azure Active Directory B2C [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)] zone_pivot_groups: b2c-policy-type ::: zone pivot="b2c-custom-policy" -This article shows you how to enable sign-in for users using the multi-tenant endpoint for Microsoft Entra ID. Allowing users from multiple Microsoft Entra tenants to sign in using Azure AD B2C, without you having to configure an identity provider for each tenant. However, guest members in any of these tenants **will not** be able to sign in. For that, you need to [individually configure each tenant](identity-provider-azure-ad-single-tenant.md). +This article shows you how to enable sign-in for users using the multitenant endpoint for Microsoft Entra ID, allowing users from multiple Microsoft Entra tenants to sign in using Azure AD B2C, without you having to configure an identity provider for each tenant. However, guest members in any of these tenants **will not** be able to sign in. For that, you need to [individually configure each tenant](identity-provider-azure-ad-single-tenant.md). ## Prerequisites This article shows you how to enable sign-in for users using the multi-tenant en > [!NOTE] > In this article, it assumed that **SocialAndLocalAccounts** starter pack is used in the previous steps mentioned in pre-requisite. -<a name='register-an-azure-ad-app'></a> - ## Register a Microsoft Entra app -To enable sign-in for users with a Microsoft Entra account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in the [Azure portal](https://portal.azure.com). For more information, see [Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). +To enable users to sign in to Azure AD B2C with a Microsoft Entra account, you first need to create an application in the Microsoft Entra tenant from the [Azure portal](https://portal.azure.com). For more information, see [Register an application with the Microsoft identity platform](/entra/identity-platform/quickstart-register-app). 1. Sign in to the [Azure portal](https://portal.azure.com).-1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu. +1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra tenant from the **Directories + subscriptions** menu. 1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **New registration**. 1. Enter a **Name** for your application. For example, `Azure AD B2C App`. To enable sign-in for users with a Microsoft Entra account in Azure Active Direc 1. Select **Certificates & secrets**, and then select **New client secret**. 1. Enter a **Description** for the secret, select an expiration, and then select **Add**. Record the **Value** of the secret for use in a later step. -### Configuring optional claims +> [!NOTE] +> The client secret will not be shown again after this point. If you do not make a record of it, you will have to create a new one. ++### [Optional] Configuring optional claims If you want to get the `family_name`, and `given_name` claims from Microsoft Entra ID, you can configure optional claims for your application in the Azure portal UI or application manifest. For more information, see [How to provide optional claims to your Microsoft Entra app](../active-directory/develop/optional-claims.md). If you want to get the `family_name`, and `given_name` claims from Microsoft Ent ## [Optional] Verify your app authenticity -[Publisher verification](../active-directory/develop/publisher-verification-overview.md) helps your users understand the authenticity of the app you [registered](#register-an-azure-ad-app). A verified app means that the publisher of the app has [verified](/partner-center/verification-responses) their identity using their Microsoft Partner Network (MPN). Learn how to [mark your app as publisher verified](../active-directory/develop/mark-app-as-publisher-verified.md). +[Publisher verification](/entra/identity-platform/publisher-verification-overview) helps your users understand the authenticity of the app you registered. A verified app means that the publisher of the app has [verified](/partner-center/verification-responses) their identity using their Microsoft Partner Network (MPN). Learn how to [mark your app as publisher verified](/entra/identity-platform/mark-app-as-publisher-verified). ## Create a policy key -You need to store the application key that you created in your Azure AD B2C tenant. +You now need to store the application key that you created in your Azure AD B2C tenant. 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu. 1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. You need to store the application key that you created in your Azure AD B2C tena 1. For **Key usage**, select `Signature`. 1. Select **Create**. -<a name='configure-azure-ad-as-an-identity-provider'></a> ## Configure Microsoft Entra ID as an identity provider You can define Microsoft Entra ID as a claims provider by adding Microsoft Entra 1. Under the **ClaimsProvider** element, update the value for **Domain** to a unique value that can be used to distinguish it from other identity providers. 1. Under the **TechnicalProfile** element, update the value for **DisplayName**, for example, `Multi-Tenant AAD`. This value is displayed on the sign-in button on your sign-in page.-1. Set **client_id** to the application ID of the Microsoft Entra multi-tenant application that you registered earlier. -1. Under **CryptographicKeys**, update the value of **StorageReferenceId** to the name of the policy key that created earlier. For example, `B2C_1A_AADAppSecret`. +1. Set **client_id** to the application ID of the Microsoft Entra multitenant application that you registered earlier. +1. Under **CryptographicKeys**, update the value of **StorageReferenceId** to the name of the policy key that you created earlier. For example, `B2C_1A_AADAppSecret`. ### Restrict access Perform these steps for each Microsoft Entra tenant that should be used to sign 1. Select the **Run now** button. 1. From the sign-up or sign-in page, select **Common Microsoft Entra ID** to sign in with Microsoft Entra account. -To test the multi-tenant sign-in capability, perform the last two steps using the credentials for a user that exists another Microsoft Entra tenant. Copy the **Run now endpoint** and open it in a private browser window, for example, Incognito Mode in Google Chrome or an InPrivate window in Microsoft Edge. Opening in a private browser window allows you to test the full user journey by not using any currently cached Microsoft Entra credentials. +To test the multitenant sign-in capability, perform the last two steps using the credentials for a user that exists with another Microsoft Entra tenant. Copy the **Run now endpoint** and open it in a private browser window, for example, Incognito Mode in Google Chrome or an InPrivate window in Microsoft Edge. Opening in a private browser window allows you to test the full user journey by not using any currently cached Microsoft Entra credentials. If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C. -## Next steps +## See also - Learn how to [pass the Microsoft Entra token to your application](idp-pass-through-user-flow.md).-- Check out the Microsoft Entra multi-tenant federation [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#azure-active-directory), and how to pass Microsoft Entra access token [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#azure-active-directory-with-access-token)+- Check out the Microsoft Entra multitenant federation [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#azure-active-directory), and how to pass Microsoft Entra access token [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#azure-active-directory-with-access-token) ::: zone-end |
active-directory-b2c | Identity Provider Azure Ad Single Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md | Title: Set up sign-in for a Microsoft Entra organization description: Set up sign-in for a specific Microsoft Entra organization in Azure Active Directory B2C.-+ -+ Last updated 02/07/2023 -+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Ebay | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-ebay.md | Title: Set up sign-up and sign-in with an eBay account description: Provide sign-up and sign-in to customers with eBay accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 09/16/2021 |
active-directory-b2c | Identity Provider Facebook | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-facebook.md | Title: Set up sign-up and sign-in with a Facebook account description: Provide sign-up and sign-in to customers with Facebook accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 03/10/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Generic Openid Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-generic-openid-connect.md | Title: Set up sign-up and sign-in with OpenID Connect description: Set up sign-up and sign-in with any OpenID Connect identity provider (IdP) in Azure Active Directory B2C.-+ -+ Last updated 12/28/2022 |
active-directory-b2c | Identity Provider Generic Saml Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-generic-saml-options.md | Title: Set sign-in with SAML identity provider options description: Configure sign-in SAML identity provider (IdP) options in Azure Active Directory B2C.-+ -+ Last updated 03/20/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Generic Saml | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-generic-saml.md | Title: Set up sign-up and sign-in with SAML identity provider description: Set up sign-up and sign-in with any SAML identity provider (IdP) in Azure Active Directory B2C.-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Github | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-github.md | Title: Set up sign-up and sign-in with a GitHub account description: Provide sign-up and sign-in to customers with GitHub accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 03/10/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Google | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-google.md | Title: Set up sign-up and sign-in with a Google account description: Provide sign-up and sign-in to customers with Google accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 03/10/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Id Me | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-id-me.md | Title: Set up sign-up and sign-in with a ID.me account description: Provide sign-up and sign-in to customers with ID.me accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 09/16/2021 |
active-directory-b2c | Identity Provider Linkedin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-linkedin.md | Title: Set up sign-up and sign-in with a LinkedIn account description: Provide sign-up and sign-in to customers with LinkedIn accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Local | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-local.md | Title: Set up Azure AD B2C local account identity provider description: Define the identity types uses can use to sign-up or sign-in (email, username, phone number) in your Azure Active Directory B2C tenant.-+ -+ Last updated 09/02/2022 |
active-directory-b2c | Identity Provider Microsoft Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-microsoft-account.md | Title: Set up sign-up and sign-in with a Microsoft Account description: Provide sign-up and sign-in to customers with Microsoft Accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 05/01/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Mobile Id | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-mobile-id.md | Title: Set up sign-up and sign-in with Mobile ID description: Provide sign-up and sign-in to customers with Mobile ID in your applications using Azure Active Directory B2C.-+ -+ Last updated 04/08/2022 |
active-directory-b2c | Identity Provider Ping One | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-ping-one.md | Title: Set up sign-up and sign-in with a PingOne account description: Provide sign-up and sign-in to customers with PingOne accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 12/2/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Qq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-qq.md | Title: Set up sign-up and sign-in with a QQ account using Azure Active Directory B2C description: Provide sign-up and sign-in to customers with QQ accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Salesforce Saml | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-salesforce-saml.md | Title: Set up sign-in with a Salesforce SAML provider by using SAML protocol description: Set up sign-in with a Salesforce SAML provider by using SAML protocol in Azure Active Directory B2C.-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Salesforce | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-salesforce.md | Title: Set up sign-up and sign-in with a Salesforce account description: Provide sign-up and sign-in to customers with Salesforce accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Swissid | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-swissid.md | Title: Set up sign-up and sign-in with a SwissID account description: Provide sign-up and sign-in to customers with SwissID accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 12/07/2021 |
active-directory-b2c | Identity Provider Twitter | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-twitter.md | Title: Set up sign-up and sign-in with a Twitter account description: Provide sign-up and sign-in to customers with Twitter accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 07/20/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Wechat | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-wechat.md | Title: Set up sign-up and sign-in with a WeChat account description: Provide sign-up and sign-in to customers with WeChat accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Provider Weibo | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-weibo.md | Title: Set up sign-up and sign-in with a Weibo account description: Provide sign-up and sign-in to customers with Weibo accounts in your applications using Azure Active Directory B2C.-+ -+ Last updated 09/16/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Identity Verification Proofing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-verification-proofing.md | Title: Identity proofing and verification for Azure AD B2C description: Learn about our partners who integrate with Azure AD B2C to provide identity proofing and verification solutions -+ -+ Last updated 01/18/2023 |
active-directory-b2c | Idp Pass Through User Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/idp-pass-through-user-flow.md | Title: Pass an identity provider access token to your app description: Learn how to pass an access token for OAuth 2.0 identity providers as a claim in a user flow in Azure Active Directory B2C.-+ -+ Last updated 03/16/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Implicit Flow Single Page Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/implicit-flow-single-page-application.md | Title: Single-page application sign-in using the OAuth 2.0 implicit flow in Azure Active Directory B2C description: Learn how to add single-page sign-in using the OAuth 2.0 implicit flow with Azure Active Directory B2C.-+ -+ Last updated 06/21/2022 |
active-directory-b2c | Integer Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/integer-transformations.md | Title: Integer claims transformation examples for custom policies description: Integer claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Integrate With App Code Samples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/integrate-with-app-code-samples.md | Title: Azure Active Directory B2C integrates with app samples description: Code samples for integrating Azure AD B2C to mobile, desktop, web, and single-page applications.-+ |
active-directory-b2c | Javascript And Page Layout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/javascript-and-page-layout.md | Title: JavaScript and page layout versions description: Learn how to enable JavaScript and use page layout versions in Azure Active Directory B2C.-+ -+ Last updated 10/17/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Json Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/json-transformations.md | Title: JSON claims transformation examples for custom policies description: JSON claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/14/2023 |
active-directory-b2c | Jwt Issuer Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/jwt-issuer-technical-profile.md | Title: Define a technical profile for a JWT issuer in a custom policy description: Define a technical profile for a JSON web token (JWT) issuer in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 03/04/2021 |
active-directory-b2c | Language Customization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/language-customization.md | Title: Language customization in Azure Active Directory B2C description: Learn about customizing the language experience in your user flows in Azure Active Directory B2C.-+ -+ Last updated 12/28/2022-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Localization String Ids | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/localization-string-ids.md | Title: Localization string IDs - Azure Active Directory B2C description: Specify the IDs for a content definition with an ID of api.signuporsignin in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 04/19/2022 |
active-directory-b2c | Localization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/localization.md | Title: Localization - Azure Active Directory B2C description: Specify the Localization element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 03/06/2022 |
active-directory-b2c | Manage Custom Policies Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-custom-policies-powershell.md | |
active-directory-b2c | Manage User Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-user-access.md | Title: Manage user access in Azure Active Directory B2C description: Learn how to identify minors, collect date of birth and country/region data, and get acceptance of terms of use in your application by using Azure AD B2C.-+ -+ Last updated 01/13/2022 |
active-directory-b2c | Manage User Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-user-data.md | Title: Manage user data in Azure Active Directory B2C description: Learn how to delete or export user data in Azure AD B2C.-+ -+ Last updated 05/06/2018 |
active-directory-b2c | Manage Users Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-users-portal.md | Title: Create & delete Azure AD B2C consumer user accounts in the Azure portal description: Learn how to use the Azure portal to create and delete consumer users in your Azure AD B2C directory.-+ -+ Last updated 05/26/2023 |
active-directory-b2c | Microsoft Graph Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/microsoft-graph-get-started.md | Title: Register a Microsoft Graph application description: Prepare for managing Azure AD B2C resources with Microsoft Graph by registering an application that's granted the required Graph API permissions.-+ -+ Last updated 06/24/2022 |
active-directory-b2c | Microsoft Graph Operations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/microsoft-graph-operations.md | Title: Manage resources with Microsoft Graph description: How to manage resources in an Azure AD B2C tenant by calling the Microsoft Graph API and using an application identity to automate the process.- - Previously updated : 11/20/2023- Last updated : 11/13/2023 + +#Customer intent: As a developer, I want to manage resources in my Azure AD B2C tenant by calling the Microsoft Graph API and using an application identity to automate the process. + # Manage Azure AD B2C with Microsoft Graph Microsoft Graph allows you to manage resources in your Azure AD B2C directory. T > [!NOTE] > You can also programmatically create an Azure AD B2C directory itself, along with the corresponding Azure resource linked to an Azure subscription. This functionality isn't exposed through the Microsoft Graph API, but through the Azure REST API. For more information, see [B2C Tenants - Create](/rest/api/activedirectory/b2c-tenants/create). -Watch this video to learn about Azure AD B2C user migration using Microsoft Graph API. -->[!Video https://www.youtube.com/embed/9BRXBtkBzL4] - ## Prerequisites - To use MS Graph API, and interact with resources in your Azure AD B2C tenant, you need an application registration that grants the permissions to do so. Follow the steps in the [Register a Microsoft Graph application](microsoft-graph-get-started.md) article to create an application registration that your management application can use. Watch this video to learn about Azure AD B2C user migration using Microsoft Grap - [Update a user](/graph/api/user-update) - [Delete a user](/graph/api/user-delete) +### User migration ++Watch this video to learn how user migration to Azure AD B2C can be managed using Microsoft Graph API. ++>[!Video https://www.youtube.com/embed/9BRXBtkBzL4] + ## User phone number management A phone number that can be used by a user to sign-in using [SMS or voice calls](sign-in-options.md#phone-sign-in), or [multifactor authentication](multi-factor-authentication.md). For more information, see [Microsoft Entra authentication methods API](/graph/api/resources/phoneauthenticationmethod). A phone number that can be used by a user to sign-in using [SMS or voice calls]( Note, the [list](/graph/api/authentication-list-phonemethods) operation returns only enabled phone numbers. The following phone number should be enabled to use with the list operations. -![Enable phone sign-in](./media/microsoft-graph-operations/enable-phone-sign-in.png) - > [!NOTE] > A correctly represented phone number is stored with a space between the country code and the phone number. The Azure AD B2C service doesn't currently add this space by default. + ## Self-service password reset email address An email address that can be used by a [username sign-in account](sign-in-options.md#username-sign-in) to reset the password. For more information, see [Microsoft Entra authentication methods API](/graph/api/resources/emailauthenticationmethod). Configure pre-built policies for sign-up, sign-in, combined sign-up and sign-in, ## User flow authentication methods (beta) -Choose a mechanism for letting users register via local accounts. Local accounts are the accounts where Azure AD B2C does the identity assertion. For more information, see [b2cAuthenticationMethodsPolicy resource type](/graph/api/resources/b2cauthenticationmethodspolicy). +Choose a mechanism for letting users register via local accounts. A Local account is one where Azure AD B2C completes the identity assertion. For more information, see [b2cAuthenticationMethodsPolicy resource type](/graph/api/resources/b2cauthenticationmethodspolicy). - [Get](/graph/api/b2cauthenticationmethodspolicy-get) - [Update](/graph/api/b2cauthenticationmethodspolicy-update) Deleted users and apps can only be restored if they were deleted within the last ## How to programmatically manage Microsoft Graph -When you want to manage Microsoft Graph, you can either do it as the application using the application permissions, or you can use delegated permissions. For delegated permissions, either the user or an administrator consents to the permissions that the app requests. The app is delegated with the permission to act as a signed-in user when it makes calls to the target resource. Application permissions are used by apps that do not require a signed in user present and thus require application permissions. Because of this, only administrators can consent to application permissions. +You can manage Microsoft Graph in two ways: ++* **Delegated permissions** either the user or an administrator consents to the permissions that the app requests. The app is delegated with the permission to act as a signed-in user when it makes calls to the target resource. +* **Application permissions** are used by apps that do not require a signed in user present. Because of this, only administrators can consent to application permissions. > [!NOTE] > Delegated permissions for users signing in through user flows or custom policies cannot be used against delegated permissions for Microsoft Graph API.+ ## Code sample: How to programmatically manage user accounts This code sample is a .NET Core console application that uses the [Microsoft Graph SDK](/graph/sdks/sdks-overview) to interact with Microsoft Graph API. Its code demonstrates how to call the API to programmatically manage users in an Azure AD B2C tenant. The initialized _GraphServiceClient_ is then used in _UserService.cs_ to perform [Make API calls using the Microsoft Graph SDKs](/graph/sdks/create-requests) includes information on how to read and write information from Microsoft Graph, use `$select` to control the properties returned, provide custom query parameters, and use the `$filter` and `$orderBy` query parameters. -## Next steps +## See also - For code samples in JavaScript and Node.js, please see: [Manage B2C user accounts with MSAL.js and Microsoft Graph SDK](https://github.com/Azure-Samples/ms-identity-b2c-javascript-nodejs-management) - Explore [Graph Explorer](https://aka.ms/ge) that lets you try Microsoft Graph APIs and learn about them. |
active-directory-b2c | Multi Factor Auth Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/multi-factor-auth-technical-profile.md | Title: Microsoft Entra ID multifactor authentication technical profiles in custom policies description: Custom policy reference for Microsoft Entra ID multifactor authentication technical profiles in Azure AD B2C.-+ -+ Last updated 11/08/2022 |
active-directory-b2c | Multi Factor Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/multi-factor-authentication.md | Title: Multifactor authentication in Azure Active Directory B2C description: How to enable multifactor authentication in consumer-facing applications secured by Azure Active Directory B2C.--+ - - Previously updated : 07/20/2022 Last updated : 11/15/2023 -+ zone_pivot_groups: b2c-policy-type+ +#Customer intent: As a developer, I want to learn how to enable multifactor authentication in consumer-facing applications secured by Azure Active Directory B2C. + # Enable multifactor authentication in Azure Active Directory B2C [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)] -Azure Active Directory B2C (Azure AD B2C) integrates directly with [Microsoft Entra multifactor authentication](../active-directory/authentication/concept-mfa-howitworks.md) so that you can add a second layer of security to sign-up and sign-in experiences in your applications. You enable multifactor authentication without writing a single line of code. If you already created sign up and sign-in user flows, you can still enable multifactor authentication. +Azure Active Directory B2C (Azure AD B2C) integrates directly with [Microsoft Entra multifactor authentication](/entra/identity/authentication/concept-mfa-howitworks) so that you can add a second layer of security to sign-up and sign-in experiences in your applications. If you already created sign-up and sign-in user flows, you can still enable multifactor authentication. -This feature helps applications handle scenarios such as: +Using this feature applications can handle multiple scenarios such as: -- You don't require multifactor authentication to access one application, but you do require it to access another. For example, the customer can sign into an auto insurance application with a social or local account, but must verify the phone number before accessing the home insurance application registered in the same directory.-- You don't require multifactor authentication to access an application in general, but you do require it to access the sensitive portions within it. For example, the customer can sign in to a banking application with a social or local account and check the account balance, but must verify the phone number before attempting a wire transfer.+- Requiring multifactor authentication to access one application, but not requiring it to access another. For example, a customer can sign into an auto insurance application with a social or local account, but must verify the phone number before accessing the home insurance application registered in the same directory. +- Requiring multifactor authentication to access an application in general, but not requiring it to access the sensitive portions within it. For example, a customer can sign in to a banking application with a social or local account and check the account balance, but must verify the phone number before attempting a wire transfer. ## Prerequisites This feature helps applications handle scenarios such as: With [Conditional Access](conditional-access-identity-protection-overview.md) users may or may not be challenged for MFA based on configuration decisions that you can make as an administrator. The methods of the multifactor authentication are: -- **Email** - During sign-in, a verification email containing a one-time password (OTP) is sent to the user. The user provides the OTP code that was sent in the email. -- **SMS or phone call** - During the first sign-up or sign-in, the user is asked to provide and verify a phone number. During subsequent sign-ins, the user is prompted to select either the **Send Code** or **Call Me** phone MFA option. Depending on the user's choice, a text message is sent or a phone call is made to the verified phone number to identify the user. The user either provides the OTP code sent via text message or approves the phone call.+- **Email** - During sign-in, a verification email containing a one-time password (OTP) is sent to the user. The user provides the OTP code that was sent in the email to the application. +- **SMS or phone call** - During the first sign-up or sign-in, the user is asked to provide and verify a phone number. During subsequent sign-ins, the user is prompted to select either the **Send Code** or **Call Me** option. Depending on the user's choice, a text message is sent or a phone call is made to the verified phone number to identify the user. The user either provides the OTP code sent via text message or approves the phone call. - **Phone call only** - Works in the same way as the SMS or phone call option, but only a phone call is made. - **SMS only** - Works in the same way as the SMS or phone call option, but only a text message is sent. - **Authenticator app - TOTP** - The user must install an authenticator app that supports time-based one-time password (TOTP) verification, such as the [Microsoft Authenticator app](https://www.microsoft.com/security/mobile-authenticator-app), on a device that they own. During the first sign-up or sign-in, the user scans a QR code or enters a code manually using the authenticator app. During subsequent sign-ins, the user types the TOTP code that appears on the authenticator app. See [how to set up the Microsoft Authenticator app](#enroll-a-user-in-totp-with-an-authenticator-app-for-end-users). To enable multifactor authentication, get the custom policy starter pack from Gi ## Enroll a user in TOTP with an authenticator app (for end users) -When an Azure AD B2C application enables MFA using the TOTP option, end users need to use an authenticator app to generate TOTP codes. Users can use the [Microsoft Authenticator app](https://www.microsoft.com/security/mobile-authenticator-app) or any other authenticator app that supports TOTP verification. An Azure AD B2C system admin needs to advise end users to set up the Microsoft Authenticator app using the following steps: +When an Azure AD B2C application uses the TOTP option for MFA, end users need to use an authenticator app to generate TOTP codes. Users can use the [Microsoft Authenticator app](https://www.microsoft.com/security/mobile-authenticator-app) or any other authenticator app that supports TOTP verification. If using the Microsoft Authenticator app an Azure AD B2C system admin needs to advise end users to set up the Microsoft Authenticator app using the following steps: 1. [Download and install the Microsoft Authenticator app](https://www.microsoft.com/en-us/security/mobile-authenticator-app) on your Android or iOS mobile device.-1. Open the application requiring you to use TOTP for MFA, for example *Contoso webapp*, and then sign in or sign up by entering the required information. -1. If you're asked to enroll your account by scanning a QR code using an authenticator app, open the Microsoft Authenticator app in your phone, and in the upper right corner, select the **3-dotted** menu icon (for Android) or **+** menu icon (for IOS). +1. Open the Azure AD B2C application requiring you to use TOTP for MFA, for example *Contoso webapp*, and then sign in or sign up by entering the required information. +1. If you're asked to enroll your account by scanning a QR code using an authenticator app, open the Microsoft Authenticator app in your phone, and in the upper right corner, select the **3-dotted** menu icon (for Android) or **+** menu icon (for iOS). 1. Select **+ Add account**.-1. Select **Other account (Google, Facebook, etc.)**, and then scan the QR code shown in the application (for example, *Contoso webapp*) to enroll your account. If you're unable to scan the QR code, you can add the account manually: +1. Select **Other account (Google, Facebook, etc.)**, and then scan the QR code shown in the Azure AD B2C application to enroll your account. If you're unable to scan the QR code, you can add the account manually: 1. In the Microsoft Authenticator app on your phone, select **OR ENTER CODE MANUALLY**.- 1. In the application (for example, *Contoso webapp*), select **Still having trouble?**. This displays **Account Name** and **Secret**. + 1. In the Azure AD B2C application, select **Still having trouble?**. This displays **Account Name** and **Secret**. 1. Enter the **Account Name** and **Secret** in your Microsoft Authenticator app, and then select **FINISH**.-1. In the application (for example, *Contoso webapp*), select **Continue**. +1. In the Azure AD B2C application, select **Continue**. 1. In **Enter your code**, enter the code that appears in your Microsoft Authenticator app. 1. Select **Verify**. 1. During subsequent sign-in to the application, type the code that appears in the Microsoft Authenticator app. -Learn about [OATH software tokens](../active-directory/authentication/concept-authentication-oath-tokens.md) +Learn about [OATH software tokens](/entra/identity/authentication/concept-authentication-oath-tokens) ## Delete a user's TOTP authenticator enrollment (for system admins) -In Azure AD B2C, you can delete a user's TOTP authenticator app enrollment. Then the user would be required to re-enroll their account to use TOTP authentication again. To delete a user's TOTP enrollment, you can use either the [Azure portal](https://portal.azure.com) or the [Microsoft Graph API](/graph/api/softwareoathauthenticationmethod-delete). +In Azure AD B2C, you can delete a user's TOTP authenticator app enrollment. The user will then be forced to re-enroll their account to use TOTP authentication again. To delete a user's TOTP enrollment, you can use either the [Azure portal](https://portal.azure.com) or the [Microsoft Graph API](/graph/api/softwareoathauthenticationmethod-delete). > [!NOTE]-> - Deleting a user's TOTP authenticator app enrollment from Azure AD B2C doesn't remove the user's account in the TOTP authenticator app. The system admin needs to direct the user to manually delete their account from the TOTP authenticator app before trying to enroll again. +> - Deleting a user's TOTP authenticator app enrollment from Azure AD B2C doesn't remove the user's account in the TOTP authenticator app on their device. The system admin needs to direct the user to manually delete their account from the TOTP authenticator app on their device before trying to enroll again. > - If the user accidentally deletes their account from the TOTP authenticator app, they need to notify a system admin or app owner who can delete the user's TOTP authenticator enrollment from Azure AD B2C so the user can re-enroll. ### Delete TOTP authenticator app enrollment using the Azure portal In Azure AD B2C, you can delete a user's TOTP authenticator app enrollment. Then 1. Under **Usable authentication methods**, find **Software OATH token**, and then select the ellipsis menu next to it. If you don't see this interface, select the option to **"Switch to the new user authentication methods experience! Click here to use it now"** to switch to the new authentication methods experience. 1. Select **Delete**, and then select **Yes** to confirm. ### Delete TOTP authenticator app enrollment using the Microsoft Graph API |
active-directory-b2c | Multiple Token Endpoints | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/multiple-token-endpoints.md | Title: Migrate OWIN-based web APIs to b2clogin.com or a custom domain description: Learn how to enable a .NET web API to support tokens issued by multiple token issuers while you migrate your applications to b2clogin.com.-+ -+ Last updated 03/15/2021 |
active-directory-b2c | Oauth1 Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/oauth1-technical-profile.md | Title: Define an OAuth1 technical profile in a custom policy description: Define an OAuth 1.0 technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 09/10/2018 |
active-directory-b2c | Oauth2 Error Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/oauth2-error-technical-profile.md | Title: Define an OAuth2 custom error technical profile in a custom policy description: Define an OAuth2 custom error technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 02/25/2022 |
active-directory-b2c | Oauth2 Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/oauth2-technical-profile.md | Title: Define an OAuth2 technical profile in a custom policy description: Define an OAuth2 technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 11/30/2021 |
active-directory-b2c | One Time Password Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/one-time-password-technical-profile.md | Title: Enable one-time password (OTP) verification description: Learn how to set up a one-time password (OTP) scenario by using Azure AD B2C custom policies.-+ -+ Last updated 10/19/2020 |
active-directory-b2c | Openid Connect Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/openid-connect-technical-profile.md | Title: Define an OpenID Connect technical profile in a custom policy description: Define an OpenID Connect technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 09/12/2023 |
active-directory-b2c | Openid Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/openid-connect.md | Title: Web sign in with OpenID Connect - Azure Active Directory B2C description: Build web applications using the OpenID Connect authentication protocol in Azure Active Directory B2C.-+ -+ Last updated 11/22/2023 |
active-directory-b2c | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/overview.md | Title: What is Azure Active Directory B2C? description: Learn how you can use Azure Active Directory B2C to support external identities in your applications, including social sign-up with Facebook, Google, and other identity providers.- - -+ Previously updated : 10/26/2022- Last updated : 11/08/2023 + +# Customer intent: As a technical or non-technical customer, I need to understand at a high level what Azure AD B2C is and how it can help me build a customer-facing application. + # What is Azure Active Directory B2C? -Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs. +Azure Active Directory B2C provides business-to-customer identity as a service. Your customers can use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs. ![Infographic of Azure AD B2C identity providers and downstream applications](./media/overview/azureadb2c-overview.png) Azure AD B2C is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handling threats like denial-of-service, password spray, or brute force attacks. -Azure AD B2C is a separate service from [Microsoft Entra ID](../active-directory/fundamentals/whatis.md). It is built on the same technology as Microsoft Entra ID but for a different purpose. It allows businesses to build customer facing applications, and then allow anyone to sign-up and into those applications with no restrictions on user account. +Azure AD B2C is built on the same technology as [Microsoft Entra ID](../active-directory/fundamentals/whatis.md) but for a different purpose and is a separate service. It allows businesses to build customer facing applications, and then allow anyone to sign up and sign in to those applications with no restrictions on user account. ## Who uses Azure AD B2C?-Any business or individual who wishes to authenticate end users to their web/mobile applications using a white-label authentication solution. Apart from authentication, Azure AD B2C service is used for authorization such as access to API resources by authenticated users. Azure AD B2C is designed to be used by **IT administrators** and **developers**. +Any business or individual who wishes to authenticate end users to their web or mobile applications using a white-label authentication solution. Apart from authentication, Azure AD B2C service is used for authorization such as access to API resources by authenticated users. Azure AD B2C is designed to be used by **IT administrators** and **developers**. ## Custom-branded identity solution -Azure AD B2C is a white-label authentication solution. You can customize the entire user experience with your brand so that it blends seamlessly with your web and mobile applications. +Azure AD B2C is a white-label authentication solution which means you can customize the entire user experience with your brand so that it blends seamlessly with your web and mobile applications. -Customize every page displayed by Azure AD B2C when your users sign-up, sign in, and modify their profile information. Customize the HTML, CSS, and JavaScript in your user journeys so that the Azure AD B2C experience looks and feels like it's a native part of your application. +Customize every page displayed by Azure AD B2C when your users sign up, sign in, and modify their profile information. Customize the HTML, CSS, and JavaScript in your user journeys so that the Azure AD B2C experience looks and feels like it's a native part of your application. -![Customized sign-up and sign-in pages and background image](./media/overview/sign-in-small.png) ## Single sign-on access with a user-provided identity Another external user store scenario is to have Azure AD B2C handle the authenti :::image type="content" source="./media/overview/scenario-remoteprofile.png" alt-text="A logical diagram of Azure AD B2C communicating with an external user store."::: -Azure AD B2C can facilitate collecting the information from the user during registration or profile editing, then hand that data off to the external system via API. Then, during future authentications, Azure AD B2C can retrieve the data from the external system and, if needed, include it as a part of the authentication token response it sends to your application. +Azure AD B2C can facilitate collecting information from a user during registration or profile editing, then hand that data off to an external system via API. Then, during future authentications, Azure AD B2C can retrieve that data from the external system and, if needed, include it as a part of the authentication token response it sends to your application. ## Progressive profiling Another user journey option includes progressive profiling. Progressive profilin Use Azure AD B2C to facilitate identity verification and proofing by collecting user data, then passing it to a third-party system to perform validation, trust scoring, and approval for user account creation. - :::image type="content" source="./media/overview/scenario-idproofing.png" alt-text="A diagram showing the user flow for third-party identity proofing."::: -You have learned some of the things you can do with Azure AD B2C as your business-to-customer identity platform. You may now move on directly to a more in-depth [technical overview of Azure AD B2C](technical-overview.md). - ## Next steps Now that you have an idea of what Azure AD B2C is and some of the scenarios it can help with, dig a little deeper into its features and technical aspects. |
active-directory-b2c | Page Layout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/page-layout.md | Title: Page layout versions description: Page layout version history for UI customization in custom policies.-+ -+ Last updated 10/16/2023 |
active-directory-b2c | Partner Akamai Secure Hybrid Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-akamai-secure-hybrid-access.md | Title: Configure Azure Active Directory B2C with Akamai for secure hybrid access description: Learn how to integrate Azure AD B2C authentication with Akamai for secure hybrid access -+ -+ Last updated 11/23/2022 |
active-directory-b2c | Partner Akamai | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-akamai.md | Title: Configure Azure Active Directory B2C with Akamai Web Application Protector description: Configure Akamai Web Application Protector with Azure AD B2C-+ -+ Last updated 05/04/2023 |
active-directory-b2c | Partner Arkose Labs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-arkose-labs.md | Title: Tutorial to configure Azure Active Directory B2C with the Arkose Labs platform description: Learn to configure Azure Active Directory B2C with the Arkose Labs platform to identify risky and fraudulent users-+ -+ Last updated 01/18/2023 |
active-directory-b2c | Partner Asignio | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-asignio.md | Title: Configure Asignio with Azure Active Directory B2C for multifactor authentication description: Configure Azure Active Directory B2C with Asignio for multifactor authentication-+ -+ Last updated 05/04/2023 |
active-directory-b2c | Partner Bindid | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-bindid.md | Title: Configure Transmit Security with Azure Active Directory B2C for passwordless authentication description: Configure Azure AD B2C with Transmit Security BindID for passwordless customer authentication-+ -+ Last updated 04/27/2023 |
active-directory-b2c | Partner Biocatch | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-biocatch.md | Title: Tutorial to configure BioCatch with Azure Active Directory B2C description: Tutorial to configure Azure Active Directory B2C with BioCatch to identify risky and fraudulent users-+ -+ Last updated 03/13/2023 |
active-directory-b2c | Partner Bloksec | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-bloksec.md | Title: Tutorial to configure Azure Active Directory B2C with BlokSec for passwordless authentication description: Learn how to integrate Azure AD B2C authentication with BlokSec for Passwordless authentication-+ -+ Last updated 03/09/2023 |
active-directory-b2c | Partner Cloudflare | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-cloudflare.md | Title: Tutorial to configure Azure Active Directory B2C with Cloudflare Web Application Firewall description: Tutorial to configure Azure Active Directory B2C with Cloudflare Web application firewall and protect applications from malicious attacks -+ -+ Last updated 12/6/2022 |
active-directory-b2c | Partner Datawiza | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-datawiza.md | Title: Tutorial to configure Azure Active Directory B2C with Datawiza description: Learn how to integrate Azure AD B2C authentication with Datawiza for secure hybrid access -+ -+ Last updated 01/23/2023 |
active-directory-b2c | Partner Deduce | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-deduce.md | Title: Configure Azure Active Directory B2C with Deduce description: Learn how to integrate Azure AD B2C authentication with Deduce for identity verification -+ -+ Last updated 8/22/2022 |
active-directory-b2c | Partner Dynamics 365 Fraud Protection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-dynamics-365-fraud-protection.md | Title: Tutorial to configure Azure Active Directory B2C with Microsoft Dynamics 365 Fraud Protection description: Tutorial to configure Azure AD B2C with Microsoft Dynamics 365 Fraud Protection to identify risky and fraudulent accounts-+ -+ Last updated 02/27/2023 |
active-directory-b2c | Partner Eid Me | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-eid-me.md | Title: Configure Azure Active Directory B2C with Bluink eID-Me for identity verification description: Learn how to integrate Azure AD B2C authentication with eID-Me for identity verification -+ -+ Last updated 03/10/2023 |
active-directory-b2c | Partner Experian | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-experian.md | Title: Tutorial to configure Azure Active Directory B2C with Experian description: Learn how to integrate Azure AD B2C authentication with Experian for Identification verification and proofing based on user attributes to prevent fraud.-+ -+ Last updated 12/6/2022 |
active-directory-b2c | Partner F5 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-f5.md | |
active-directory-b2c | Partner Gallery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-gallery.md | Title: ISV Partner gallery for Azure AD B2C description: Learn how to integrate with our ISV partners to tailor your end-user experience to your needs. Our partner network extends our solution capabilities; enable MFA, Secure Customer Authentication, role-based access control; combat fraud through Identity Verification Proofing.-+ -+ Last updated 1/25/2023 |
active-directory-b2c | Partner Grit App Proxy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-grit-app-proxy.md | Title: Migrate applications to Azure AD B2C with Grit's app proxy description: Learn how Grit's app proxy can migrate your applications to Azure AD B2C with no code change-+ -+ Last updated 1/25/2023 |
active-directory-b2c | Partner Grit Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-grit-authentication.md | Title: Configure Grit's biometric authentication with Azure Active Directory B2C description: Learn how Grit's biometric authentication with Azure AD B2C secures your account-+ -+ Last updated 1/25/2023 |
active-directory-b2c | Partner Grit Editor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-grit-editor.md | Title: Edit identity experience framework XML with Grit Visual Identity Experience Framework (IEF) Editor description: Learn how Grit Visual IEF Editor enables fast authentication deployments in Azure AD B2C-+ -+ Last updated 10/10/2022 |
active-directory-b2c | Partner Grit Iam | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-grit-iam.md | Title: Configure the Grit IAM B2B2C solution with Azure Active Directory B2C description: Learn how to integrate Azure AD B2C authentication with the Grit IAM B2B2C solution-+ -+ Last updated 9/15/2022 |
active-directory-b2c | Partner Haventec | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-haventec.md | |
active-directory-b2c | Partner Hypr | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-hypr.md | Title: Tutorial to configure Azure Active Directory B2C with HYPR description: Tutorial to configure Azure Active Directory B2C with Hypr for true passwordless strong customer authentication-+ -+ Last updated 12/7/2022 |
active-directory-b2c | Partner Idemia | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-idemia.md | Title: Configure IDEMIA Mobile ID with Azure Active Directory B2C description: Learn to integrate Azure AD B2C authentication with IDEMIA Mobile ID for a relying party to consume Mobile ID, or US state-issued mobile IDs-+ -+ Last updated 03/10/2023 |
active-directory-b2c | Partner Idology | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-idology.md | Title: IDology integration with Azure Active Directory B2C description: Learn how to integrate a sample online payment app in Azure AD B2C with IDology. IDology is an identity verification and proofing provider with multiple solutions.-+ -+ Last updated 06/08/2020 |
active-directory-b2c | Partner Itsme | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-itsme.md | Title: itsme OpenID Connect with Azure Active Directory B2C description: Learn how to integrate Azure AD B2C authentication with itsme OIDC using client_secret user flow policy. itsme is a digital ID app. It allows you to log in securely without card-readers, passwords, two-factor authentication, and multiple PIN codes.-+ -+ Last updated 09/20/2021 |
active-directory-b2c | Partner Jumio | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-jumio.md | Title: Tutorial to configure Azure Active Directory B2C with Jumio description: Configure Azure Active Directory B2C with Jumio for automated ID verification, safeguarding customer data.-+ -+ Last updated 12/7/2022 |
active-directory-b2c | Partner Keyless | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-keyless.md | Title: Tutorial to configure Keyless with Azure Active Directory B2C description: Tutorial to configure Sift Keyless with Azure Active Directory B2C for passwordless authentication -+ -+ Last updated 03/06/2023 |
active-directory-b2c | Partner Lexisnexis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-lexisnexis.md | |
active-directory-b2c | Partner N8identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-n8identity.md | Title: Configure TheAccessHub Admin Tool by using Azure Active Directory B2C description: Configure TheAccessHub Admin Tool with Azure Active Directory B2C for customer account migration and customer service request (CSR) administration-+ -+ Last updated 12/6/2022 |
active-directory-b2c | Partner Nevis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-nevis.md | Title: Tutorial to configure Azure Active Directory B2C with Nevis description: Learn how to integrate Azure AD B2C authentication with Nevis for passwordless authentication -+ -+ Last updated 12/8/2022 |
active-directory-b2c | Partner Nok Nok | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-nok-nok.md | Title: Tutorial to configure Nok Nok Passport with Azure Active Directory B2C for passwordless FIDO2 authentication description: Configure Nok Nok Passport with Azure AD B2C to enable passwordless FIDO2 authentication-+ -+ Last updated 03/13/2023 |
active-directory-b2c | Partner Onfido | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-onfido.md | Title: Tutorial to configure Azure Active Directory B2C with Onfido description: Learn how to integrate Azure AD B2C authentication with Onfido for document ID and facial biometrics verification -+ -+ Last updated 12/8/2022 |
active-directory-b2c | Partner Ping Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-ping-identity.md | Title: Tutorial to configure Azure Active Directory B2C with Ping Identity description: Learn how to integrate Azure AD B2C authentication with Ping Identity-+ -+ Last updated 01/20/2023 |
active-directory-b2c | Partner Saviynt | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-saviynt.md | Title: Tutorial to configure Saviynt with Azure Active Directory B2C description: Learn to configure Azure AD B2C with Saviynt for cross-application integration for better security, governance, and compliance.ΓÇ»-+ -+ Last updated 05/23/2023 |
active-directory-b2c | Partner Strata | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-strata.md | Title: Tutorial to configure Azure Active Directory B2C with Strata description: Learn how to integrate Azure AD B2C authentication with whoIam for user verification -+ -+ Last updated 12/16/2022 |
active-directory-b2c | Partner Trusona | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-trusona.md | Title: Trusona Authentication Cloud with Azure AD B2C description: Learn how to add Trusona Authentication Cloud as an identity provider on Azure AD B2C to enable a "tap-and-go" passwordless authentication-+ -+ Last updated 03/10/2023 |
active-directory-b2c | Partner Twilio | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-twilio.md | Title: Twilio Verify App with Azure Active Directory B2C description: Learn how to integrate a sample online payment app in Azure AD B2C with the Twilio Verify API. Comply with PSD2 (Payment Services Directive 2) transaction requirements through dynamic linking and strong customer authentication.-+ -+ Last updated 09/20/2021 |
active-directory-b2c | Partner Typingdna | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-typingdna.md | |
active-directory-b2c | Partner Web Application Firewall | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-web-application-firewall.md | Title: Tutorial to configure Azure Active Directory B2C with Azure Web Application Firewall description: Learn to configure Azure AD B2C with Azure Web Application Firewall to protect applications from malicious attacks -+ -+ Last updated 03/08/2023 |
active-directory-b2c | Partner Whoiam Rampart | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-whoiam-rampart.md | Title: Configure WhoIAM Rampart with Azure Active Directory B2C description: Learn how to integrate Azure AD B2C authentication with WhoIAM Rampart-+ -+ Last updated 05/02/2023 |
active-directory-b2c | Partner Whoiam | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-whoiam.md | Title: Tutorial to configure Azure Active Directory B2C with WhoIAM description: In this tutorial, learn how to integrate Azure AD B2C authentication with WhoIAM for user verification. -+ -+ Last updated 01/18/2023 |
active-directory-b2c | Partner Xid | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-xid.md | Title: Configure xID with Azure Active Directory B2C for passwordless authentication description: Configure Azure Active Directory B2C with xID for passwordless authentication-+ -+ Last updated 05/04/2023 |
active-directory-b2c | Partner Zscaler | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-zscaler.md | Title: Tutorial - Configure Zscaler Private access with Azure Active Directory B description: Learn how to integrate Azure AD B2C authentication with Zscaler.-+ -+ Last updated 01/18/2023 |
active-directory-b2c | Password Complexity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/password-complexity.md | Title: Configure password complexity requirements description: How to configure complexity requirements for passwords supplied by consumers in Azure Active Directory B2C.-+ -+ Last updated 01/10/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Phone Authentication User Flows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-authentication-user-flows.md | Title: Set up phone sign-up and sign-in for user flows description: Define the identity types you can use (email, username, phone number) for local account authentication when you set up user flows in your Azure Active Directory B2C tenant.-+ -+ Last updated 09/20/2021 |
active-directory-b2c | Phone Based Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-based-mfa.md | Title: Securing phone-based MFA in Azure AD B2C description: Learn tips for securing phone-based multifactor authentication in your Azure AD B2C tenant by using Azure Monitor Log Analytics reports and alerts. Use our workbook to identify fraudulent phone authentications and mitigate fraudulent sign-ups. =-+ -+ Last updated 09/20/2021 |
active-directory-b2c | Phone Factor Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-factor-technical-profile.md | Title: Define a phone factor technical profile in a custom policy description: Define a phone factor technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 10/12/2020 |
active-directory-b2c | Phone Number Claims Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-number-claims-transformations.md | Title: Phone number claims transformations in custom policies description: Custom policy reference for phone number claims transformations in Azure AD B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Policy Keys Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/policy-keys-overview.md | Title: Policy keys overview - Azure Active Directory B2C description: Learn about the types of encryption policy keys that can be used in Azure Active Directory B2C for signing and validating tokens, client secrets, certificates, and passwords.-+ -+ Last updated 09/20/2021 |
active-directory-b2c | Predicates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/predicates.md | Title: Predicates and PredicateValidations description: Prevent malformed data from being added to your Azure AD B2C tenant by using custom policies in Azure Active Directory B2C.-+ -+ Last updated 03/13/2022 |
active-directory-b2c | Protocols Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/protocols-overview.md | Title: Authentication protocols in Azure Active Directory B2C description: How to build apps directly by using the protocols that are supported by Azure Active Directory B2C.-+ -+ Last updated 06/21/2022 |
active-directory-b2c | Publish App To Azure Ad App Gallery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/publish-app-to-azure-ad-app-gallery.md | Title: Publish your Azure Active Directory B2C app to the Microsoft Entra app gallery description: Learn how to list an Azure AD B2C app that supports single sign-on in the Microsoft Entra app gallery. -+ -+ Last updated 09/30/2022 |
active-directory-b2c | Quickstart Native App Desktop | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/quickstart-native-app-desktop.md | Title: "Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C" description: In this Quickstart, run a sample WPF desktop application that uses Azure Active Directory B2C to provide account sign in.-+ -+ Last updated 01/13/2022 |
active-directory-b2c | Quickstart Single Page App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/quickstart-single-page-app.md | Title: "Quickstart: Set up sign in for a single-page app (SPA)" description: In this Quickstart, run a sample single-page application that uses Azure Active Directory B2C to provide account sign-in.-+ -+ Last updated 02/23/2023 |
active-directory-b2c | Quickstart Web App Dotnet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/quickstart-web-app-dotnet.md | Title: "Quickstart: Set up sign-in for an ASP.NET web app" description: In this Quickstart, run a sample ASP.NET web app that uses Azure Active Directory B2C to provide account sign-in.-+ |
active-directory-b2c | Register Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/register-apps.md | Title: Register apps in Azure Active Directory B2C description: Learn how to register different apps types such as web app, web API, single-page apps, mobile and desktop apps, daemon apps, Microsoft Graph apps and SAML app in Azure Active Directory B2C -+ -+ Last updated 09/30/2022 |
active-directory-b2c | Relyingparty | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/relyingparty.md | Title: RelyingParty - Azure Active Directory B2C description: Specify the RelyingParty element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 03/13/2023-+ |
active-directory-b2c | Restful Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/restful-technical-profile.md | Title: Define a RESTful technical profile in a custom policy description: Define a RESTful technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 06/08/2022 |
active-directory-b2c | Roles Resource Access Control | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/roles-resource-access-control.md | Title: Roles and resource access control description: Learn how to use roles to control resource access.-+ -+ Last updated 02/24/2023 |
active-directory-b2c | Saml Identity Provider Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-identity-provider-technical-profile.md | Title: Define a SAML technical profile in a custom policy description: Define a SAML technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 01/05/2023 |
active-directory-b2c | Saml Issuer Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-issuer-technical-profile.md | Title: Define a technical profile for a SAML issuer in a custom policy description: Define a technical profile for a Security Assertion Markup Language token (SAML) issuer in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 04/08/2022 |
active-directory-b2c | Saml Service Provider Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-service-provider-options.md | Title: Configure SAML service provider options title-suffix: Azure Active Directory B2C description: Learn how to configure Azure Active Directory B2C SAML service provider options.-+ -+ Last updated 10/16/2023 |
active-directory-b2c | Saml Service Provider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-service-provider.md | Title: Configure Azure Active Directory B2C as a SAML IdP to your applications title-suffix: Azure Active Directory B2C description: Learn how to configure Azure Active Directory B2C to provide SAML protocol assertions to your applications (service providers).-+ -+ Last updated 06/24/2023 |
active-directory-b2c | Secure Api Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/secure-api-management.md | Title: Secure an Azure API Management API by using Azure Active Directory B2C description: Learn how to use access tokens issued by Azure Active Directory B2C to secure an Azure API Management API endpoint.-+ -+ Last updated 09/20/2021 |
active-directory-b2c | Secure Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/secure-rest-api.md | Title: Secure APIs used for API connectors in Azure AD B2C description: Secure your custom RESTful APIs used for API connectors in Azure AD B2C.- - - Last updated 11/20/2023 |
active-directory-b2c | Security Architecture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/security-architecture.md | Title: Security architecture in Azure AD B2C description: End to end guidance on how to secure your Azure AD B2C solution.-+ -+ Last updated 05/09/2023 |
active-directory-b2c | Self Asserted Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/self-asserted-technical-profile.md | Title: Define a self-asserted technical profile in a custom policy description: Define a self-asserted technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 11/07/2022 |
active-directory-b2c | Service Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/service-limits.md | Title: Azure Active Directory B2C service limits and restrictions description: Reference for service limits and restrictions for Azure Active Directory B2C service.-+ -+ Last updated 12/29/2022 |
active-directory-b2c | Session Behavior | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/session-behavior.md | Title: Configure session behavior - Azure Active Directory B2C description: Learn how to configure session behavior in Azure Active Directory B2C.-+ -+ Last updated 11/20/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Sign In Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/sign-in-options.md | Title: Sign-in options supported by Azure AD B2C description: Learn about the sign-up and sign-in options you can use with Azure Active Directory B2C, including username and password, email, phone, or federation with social or external identity providers.-+ -+ Last updated 02/08/2023 |
active-directory-b2c | Social Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/social-transformations.md | Title: Social account claims transformation examples for custom policies description: Social account claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Solution Articles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/solution-articles.md | Title: Solutions and Training for Azure Active Directory B2C description: This article gives you links to solution and training information that can help you understand and use Azure Active Directory B2C for end-to-end-business solutions.-+ |
active-directory-b2c | String Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/string-transformations.md | Title: String claims transformation examples for custom policies description: String claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Stringcollection Transformations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/stringcollection-transformations.md | Title: StringCollection claims transformation examples for custom policies description: StringCollection claims transformation examples for the Identity Experience Framework (IEF) schema of Azure Active Directory B2C.-+ -+ Last updated 02/16/2022 |
active-directory-b2c | Subjourneys | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/subjourneys.md | Title: Sub journeys in Azure Active Directory B2C description: Specify the sub journeys element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 02/09/2022 |
active-directory-b2c | Supported Azure Ad Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/supported-azure-ad-features.md | Title: Supported Microsoft Entra ID features description: Learn about Microsoft Entra ID features, which are still supported in Azure AD B2C.-+ -+ Last updated 11/06/2023 |
active-directory-b2c | Technical Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/technical-overview.md | Title: Technical and feature overview - Azure Active Directory B2C description: An in-depth introduction to the features and technologies in Azure Active Directory B2C. Azure Active Directory B2C has high availability globally. - - - Previously updated : 10/26/2022- Last updated : 11/08/2023 + +#Customer intent: As an IT admin or developer, I need to understand in more detail the technical aspects and features of Azure AD B2C and how it can help me build a customer-facing application. + # Technical and feature overview of Azure Active Directory B2C -A companion to [About Azure Active Directory B2C](overview.md), this article provides a more in-depth introduction to the service. Discussed here are the primary resources you work with in the service, its features. Learn how these features enable you to provide a fully custom identity experience for your customers in your applications. +This article is a companion to [About Azure Active Directory B2C](overview.md) and provides a more in-depth introduction to the service. We will discuss here the primary resources you work with in the service, its features and learn how they enable you to provide a fully custom identity experience for customers in your applications. ## Azure AD B2C tenant -In Azure Active Directory B2C (Azure AD B2C), a *tenant* represents your organization and is a directory of users. Each Azure AD B2C tenant is distinct and separate from other Azure AD B2C tenants. An Azure AD B2C tenant is different than a Microsoft Entra tenant, which you may already have. +In Azure Active Directory B2C (Azure AD B2C), a *tenant* represents your organization and is a directory of users. Each Azure AD B2C tenant is distinct and separate from other Azure AD B2C tenants. An Azure AD B2C tenant is also different from a Microsoft Entra tenant, which you may already have. The primary resources you work with in an Azure AD B2C tenant are: -* **Directory** - The *directory* is where Azure AD B2C stores your users' credentials, profile data, and your application registrations. -* **Application registrations** - Register your web, mobile, and native applications with Azure AD B2C to enable identity management. You can also register any APIs you want to protect with Azure AD B2C. -* **User flows** and **custom policies** - Create identity experiences for your applications with built-in user flows and fully configurable custom policies: +* **Directory** - This is where Azure AD B2C stores your users' credentials, profile data, and your application registrations. +* **Application registrations** - You can register your web, mobile, and native applications with Azure AD B2C to enable identity management. You can also register any APIs you want to protect with Azure AD B2C. +* **User flows** and **custom policies** - These are used to create identity experiences for your applications with built-in user flows and fully configurable custom policies: * **User flows** help you quickly enable common identity tasks like sign-up, sign-in, and profile editing. * **Custom policies** let you build complex identity workflows unique to your organization, customers, employees, partners, and citizens. * **Sign-in options** - Azure AD B2C offers various [sign-up and sign-in options](sign-in-options.md) for users of your applications:- * **Username, email, and phone sign-in** - Configure your Azure AD B2C local accounts to allow sign-up and sign-in with a username, email address, phone number, or a combination of methods. - * **Social identity providers** - Federate with social providers like Facebook, LinkedIn, or Twitter. - * **External identity providers** - Federate with standard identity protocols like OAuth 2.0, OpenID Connect, and more. + * **Username, email, and phone sign-in** - You can configure your Azure AD B2C local accounts to allow sign up and sign in with a username, email address, phone number, or a combination of methods. + * **Social identity providers** - You can federate with social providers like Facebook, LinkedIn, or Twitter. + * **External identity providers** - You can also federate with standard identity protocols like OAuth 2.0, OpenID Connect, and more. * **Keys** - Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords. An Azure AD B2C tenant is the first resource you need to create to get started with Azure AD B2C. Learn how to: An Azure AD B2C tenant is the first resource you need to create to get started w Azure AD B2C defines several types of user accounts. Microsoft Entra ID, Microsoft Entra B2B, and Azure Active Directory B2C share these account types. * **Work account** - Users with work accounts can manage resources in a tenant, and with an administrator role, can also manage tenants. Users with work accounts can create new consumer accounts, reset passwords, block/unblock accounts, and set permissions or assign an account to a security group.-* **Guest account** - External users you invite to your tenant as guests. A typical scenario for inviting a guest user to your Azure AD B2C tenant is to share administration responsibilities. -* **Consumer account** - Accounts that are managed by Azure AD B2C user flows and custom policies. +* **Guest account** - These are external users you invite to your tenant as guests. A typical scenario for inviting a guest user to your Azure AD B2C tenant is to share administration responsibilities. +* **Consumer account** - These are accounts that are managed by Azure AD B2C user flows and custom policies. :::image type="content" source="media/technical-overview/portal-01-users.png" alt-text="Screenshot of the Azure AD B2C user management page in the Azure portal.":::<br/>*Figure: User directory within an Azure AD B2C tenant in the Azure portal.* For more information, see [Overview of user accounts in Azure Active Directory B ## Local account sign-in options -Azure AD B2C provides various ways in which you can authenticate a user. Users can sign-in to a local account, by using username and password, phone verification (also known as password-less authentication). Email sign-up is enabled by default in your local account identity provider settings. +Azure AD B2C provides various ways in which you can authenticate a user. Users can sign-in to a local account, by using username and password, phone verification (also known as passwordless authentication). Email sign-up is enabled by default in your local account identity provider settings. Learn more about [sign-in options](sign-in-options.md) or how to [set up the local account identity provider](identity-provider-local.md). Learn more about [sign-in options](sign-in-options.md) or how to [set up the loc Azure AD B2C lets you manage common attributes of consumer account profiles. For example display name, surname, given name, city, and others. -You can also extend the Microsoft Entra schema to store additional information about your users. For example, their country/region of residency, preferred language, and preferences like whether they want to subscribe to a newsletter or enable multifactor authentication. For more information, see: +You can also extend the underlying Microsoft Entra ID schema to store additional information about your users. For example, their country/region of residency, preferred language, and preferences like whether they want to subscribe to a newsletter or enable multifactor authentication. For more information, see: * [User profile attributes](user-profile-attributes.md) * [Add user attributes and customize user input in](configure-user-input.md) ## Sign-in with external identity providers -You can configure Azure AD B2C to allow users to sign in to your application with credentials from social and enterprise identity providers. Azure AD B2C can federate with identity providers that support OAuth 1.0, OAuth 2.0, OpenID Connect, and SAML protocols. For example, Facebook, Microsoft account, Google, Twitter, and AD-FS. +You can configure Azure AD B2C to allow users to sign in to your application with credentials from social and enterprise identity providers. Azure AD B2C can federate with identity providers that support OAuth 1.0, OAuth 2.0, OpenID Connect, and SAML protocols. For example, Facebook, Microsoft account, Google, Twitter, and Active Directory Federation Service (AD FS). :::image type="content" source="media/technical-overview/external-idps.png" alt-text="Diagram showing company logos for a sample of external identity providers."::: On the sign-up or sign-in page, Azure AD B2C presents a list of external identit :::image type="content" source="media/technical-overview/external-idp.png" alt-text="Diagram showing a mobile sign-in example with a social account (Facebook)."::: -To see how to add identity providers in Azure AD B2C, see [Add identity providers to your applications in Azure Active Directory B2C](add-identity-provider.md). +To learn more about identity providers, see [Add identity providers to your applications in Azure Active Directory B2C](add-identity-provider.md). ## Identity experiences: user flows or custom policies -In Azure AD B2C, you can define the business logic that users follow to gain access to your application. For example, you can determine the sequence of steps users follow when they sign in, sign up, edit a profile, or reset a password. After completing the sequence, the user acquires a token and gains access to your application. +In Azure AD B2C, you can define the business logic that users follow to gain access to your application. For example, you can determine the sequence of steps users follow when they sign in, sign up, edit their profile, or reset a password. After completing the sequence, the user acquires a token and gains access to your application. In Azure AD B2C, there are two ways to provide identity user experiences: -* **User flows** are predefined, built-in, configurable policies that we provide so you can create sign-up, sign-in, and policy editing experiences in minutes. +* **User flows** - These are predefined, built-in, configurable policies that we provide so you can create sign-up, sign-in, and policy editing experiences in minutes. -* **Custom policies** enable you to create your own user journeys for complex identity experience scenarios. +* **Custom policies** - These enable you to create your own user journeys for complex identity experience scenarios. The following screenshot shows the user flow settings UI, versus custom policy configuration files. :::image type="content" source="media/technical-overview/user-flow-vs-custom-policy.png" alt-text="Screenshot showing the user flow settings UI versus a custom policy configuration file."::: -Read the [User flows and custom policies overview](user-flow-overview.md) article. It gives an overview of user flows and custom policies, and helps you decide which method will work best for your business needs. +To learn more about user flows and custom policies, and help you decide which method will work best for your business needs, see [User flows and custom policies overview](user-flow-overview.md). ## User interface For information on UI customization, see: ## Custom domain -You can customize your Azure AD B2C domain in the redirect URIs for your application. Custom domain allows you to create a seamless experience so that the pages that are shown blend seamlessly with the domain name of your application. From the user's perspective, they remain in your domain during the sign-in process rather than redirecting to the Azure AD B2C default domain .b2clogin.com. +You can customize your Azure AD B2C domain in the redirect URIs for your application. Custom domain allows you to create a seamless experience so that the pages that are shown blend seamlessly with the domain name of your application. From the user's perspective, they remain in your domain during the sign-in process rather than redirecting to the Azure AD B2C default domain *.b2clogin.com*. For more information, see [Enable custom domains](custom-domain.md). ## Localization -Language customization in Azure AD B2C allows you to accommodate different languages to suit your customer needs. Microsoft provides the translations for 36 languages, but you can also provide your own translations for any language. +Language customization in Azure AD B2C allows you to accommodate different languages to suit your customer needs. Microsoft provides localizations for 36 languages, but you can also provide your own localizations for any language. :::image type="content" source="media/technical-overview/localization.png" alt-text="Screenshot of three sign in pages showing UI text in different languages."::: See how localization works in [Language customization in Azure Active Directory ## Email verification -Azure AD B2C ensures valid email addresses by requiring customers to verify them during the sign-up, and password reset flows. It also prevents malicious actors from using automated processes to generate fraudulent accounts in your applications. +Azure AD B2C ensures valid email addresses by requiring customers to verify them during the sign-up, and password reset flows. This also prevents malicious actors from using automated processes to generate fraudulent accounts in your applications. :::image type="content" source="media/technical-overview/email-verification.png" alt-text="Screenshots showing the process for email verification."::: -You can customize the email to users that sign up to use your applications. By using the third-party email provider, you can use your own email template and From: address and subject, as well as support localization and custom one-time password (OTP) settings. For more information, see: +You can customize the email sent to users that sign up to use your applications. By using a third-party email provider, you can use your own email template and From: address and subject, as well as support localization and custom one-time password (OTP) settings. For more information, see: * [Custom email verification with Mailjet](custom-email-mailjet.md) * [Custom email verification with SendGrid](custom-email-sendgrid.md) You can add a REST API call at any step in a user journey defined by a custom po * After Azure AD B2C creates a new account in the directory * Before Azure AD B2C issues an access token -For more information, see [Integrate REST API claims exchanges in your Azure AD B2C custom policy](api-connectors-overview.md). +For more information, see [About API connectors in Azure AD B2C](api-connectors-overview.md). ## Protocols and tokens For more information, see [Integrate REST API claims exchanges in your Azure AD The following diagram shows how Azure AD B2C can communicate using various protocols within the same authentication flow: -![Diagram of OIDC-based client app federating with a SAML-based IdP](media/technical-overview/protocols.png) :::image type="content" source="media/technical-overview/protocols.png" alt-text="Diagram of OIDC-based client app federating with a SAML-based IdP."::: - 1. The relying party application starts an authorization request to Azure AD B2C using OpenID Connect. 1. When a user of the application chooses to sign in using an external identity provider that uses the SAML protocol, Azure AD B2C invokes the SAML protocol to communicate with that identity provider. 1. After the user completes the sign-in operation with the external identity provider, Azure AD B2C then returns the token to the relying party application using OpenID Connect. For example, to sign in to an application, the application uses the *sign up or ## Multifactor authentication (MFA) -Azure AD B2C Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for your users. It provides extra security by requiring a second form of authentication, and delivers strong authentication by offering a range of easy-to-use authentication methods. +Azure AD B2C Multifactor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for your users. It provides extra security by requiring a second form of authentication, and delivers strong authentication by offering a range of easy-to-use authentication methods. Your users may or may not be challenged for MFA based on configuration decisions that you can make as an administrator. Microsoft Entra ID Protection risk-detection features, including risky users and :::image type="content" source="media/technical-overview/conditional-access-flow.png" alt-text="Diagram showing conditional access flow."::: --Azure AD B2C evaluates each sign-in event and ensures that all policy requirements are met before granting the user access. Risky users or sign-ins may be blocked, or challenged with a specific remediation like multifactor authentication (MFA). For more information, see [Identity Protection and Conditional Access](conditional-access-identity-protection-overview.md). +Azure AD B2C evaluates each sign-in event and ensures that all policy requirements are met before granting the user access. Risky users or risky sign-ins may be blocked, or challenged with a specific remediation like multifactor authentication (MFA). For more information, see [Identity Protection and Conditional Access](conditional-access-identity-protection-overview.md). ## Password complexity For more information, see [Configure complexity requirements for passwords in Az ## Force password reset -As an Azure AD B2C tenant administrator, you can [reset a user's password](manage-users-portal.md#reset-a-users-password) if the user forgets their password. Or you would like to force them to reset the password periodically. For more information, see [Set up a force password reset flow](force-password-reset.md). --+As an Azure AD B2C tenant administrator, you can [reset a user's password](manage-users-portal.md#reset-a-users-password) if the user forgets their password. Or you can set a policy to force users to reset their password periodically. For more information, see [Set up a force password reset flow](force-password-reset.md). :::image type="content" source="media/technical-overview/force-password-reset-flow.png" alt-text="Force password reset flow."::: As an Azure AD B2C tenant administrator, you can [reset a user's password](manag To prevent brute-force password guessing attempts, Azure AD B2C uses a sophisticated strategy to lock accounts based on the IP of the request, the passwords entered, and several other factors. The duration of the lockout is automatically increased based on risk and the number of attempts. -![Account smart lockout](media/technical-overview/smart-lockout1.png) :::image type="content" source="media/technical-overview/smart-lockout1.png" alt-text="Screenshot of UI for account lockout with arrows highlighting the lockout notification."::: For more information about managing password protection settings, see [Mitigate credential attacks in Azure AD B2C](threat-management.md). ## Protect resources and customer identities -Azure AD B2C complies with the security, privacy, and other commitments described in the [Microsoft Azure Trust Center](https://www.microsoft.com/trustcenter/cloudservices/azure). +Azure AD B2C complies with the security, privacy, and other commitments described in the [Microsoft Azure Trust Center](https://www.microsoft.com//trust-center). -Sessions are modeled as encrypted data, with the decryption key known only to the Azure AD B2C Security Token Service. A strong encryption algorithm, AES-192, is used. All communication paths are protected with TLS for confidentiality and integrity. Our Security Token Service uses an Extended Validation (EV) certificate for TLS. In general, the Security Token Service mitigates cross-site scripting (XSS) attacks by not rendering untrusted input. +Sessions are modeled as encrypted data, with the decryption key known only to the Azure AD B2C Security Token Service (STS). A strong encryption algorithm, AES-192, is used. All communication paths are protected with TLS for confidentiality and integrity. Our Security Token Service uses an Extended Validation (EV) certificate for TLS. In general, the Security Token Service mitigates cross-site scripting (XSS) attacks by not rendering untrusted input. :::image type="content" source="media/technical-overview/user-data.png" alt-text="Diagram of secure data in transit and at rest."::: You can assign roles to control who can perform certain administrative actions i * Create and manage trust framework policies in the Identity Experience Framework (custom policies) * Manage secrets for federation and encryption in the Identity Experience Framework (custom policies) -For more information about Microsoft Entra roles, including Azure AD B2C administration role support, see [Administrator role permissions in Microsoft Entra ID](../active-directory/roles/permissions-reference.md). +For more information about Microsoft Entra roles, including Azure AD B2C administration role support, see [Administrator role permissions in Microsoft Entra ID](/entra/identity/role-based-access-control/permissions-reference). ## Auditing and logs -Azure AD B2C emits audit logs containing activity information about its resources, issued tokens, and administrator access. You can use the audit logs to understand platform activity and diagnose issues. Audit log entries are available soon after the activity that generated the event occurs. +Azure AD B2C creates audit logs containing activity information about its resources, issued tokens, and administrator access. You can use the audit logs to understand platform activity and diagnose issues. Audit log entries are available soon after the activity that generated the event occurs. In an audit log, which is available for your Azure AD B2C tenant or for a particular user, you can find information including: Learn more about [Azure Active Directory B2C service Region availability & data ## Automation using Microsoft Graph API -Use MS graph API to manage your Azure AD B2C directory. You can also create the Azure AD B2C directory itself. You can manage users, identity providers, user flows, custom policies and many more. +Use MS graph API to manage your Azure AD B2C directory. You can also create the Azure AD B2C directory itself. You can manage users, identity providers, user flows, custom policies and more. Learn more about how to [Manage Azure AD B2C with Microsoft Graph](microsoft-graph-operations.md). |
active-directory-b2c | Technicalprofiles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/technicalprofiles.md | Title: Technical profiles description: Specify the TechnicalProfiles element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 06/22/2023 |
active-directory-b2c | Tenant Management Check Tenant Creation Permission | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-check-tenant-creation-permission.md | Title: Review tenant creation permission in Azure Active Directory B2C description: Learn how to check tenant creation permission in Azure Active Directory B2C before you create tenant-+ -+ -+ Last updated 01/30/2023 |
active-directory-b2c | Tenant Management Directory Quota | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-directory-quota.md | Title: Manage directory size quota in Azure Active Directory B2C description: Learn how to manage directory size quota in your Azure AD B2C tenant-+ -+ Last updated 06/15/2023-+ |
active-directory-b2c | Tenant Management Emergency Access Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-emergency-access-account.md | Title: Manage emergency access accounts in Azure Active Directory B2C description: Learn how to manage emergency access accounts in Azure AD B2C tenants -+ -+ Last updated 11/20/2023-+ |
active-directory-b2c | Tenant Management Manage Administrator | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-manage-administrator.md | Title: Manage administrator accounts in Azure Active Directory B2C description: Learn how to add an administrator account to your Azure Active Directory B2C tenant. Learn how to invite a guest account as an administrator into your Azure AD B2C tenant. -+ -+ -+ Last updated 01/30/2023 |
active-directory-b2c | Tenant Management Read Tenant Name | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-read-tenant-name.md | Title: Find tenant name and tenant ID description: Learn how to find tenant name and tenant ID -+ -+ Last updated 01/30/2023-+ |
active-directory-b2c | Threat Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/threat-management.md | Title: Mitigate credential attacks - Azure AD B2C description: Learn about detection and mitigation techniques for credential attacks (password attacks) in Azure Active Directory B2C, including smart account lockout features.-+ -+ Last updated 09/20/2021 |
active-directory-b2c | Tokens Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tokens-overview.md | Title: Overview of tokens - Azure Active Directory B2C description: Learn about the tokens used in Azure Active Directory B2C.-+ -+ Last updated 04/24/2023 |
active-directory-b2c | Troubleshoot With Application Insights | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/troubleshoot-with-application-insights.md | Title: Troubleshoot custom policies with Application Insights description: How to set up Application Insights to trace the execution of your custom policies.-+ -+ Last updated 11/20/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/troubleshoot.md | Title: Troubleshoot custom policies and user flows in Azure Active Directory B2C description: Learn about approaches to solving errors when working with custom policies in Azure Active Directory B2C.-+ -+ Last updated 11/20/2023 |
active-directory-b2c | Trustframeworkpolicy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/trustframeworkpolicy.md | Title: TrustFrameworkPolicy - Azure Active Directory B2C description: Specify the TrustFrameworkPolicy element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 11/09/2021 |
active-directory-b2c | Tutorial Create Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-create-tenant.md | Title: Tutorial - Create an Azure Active Directory B2C tenant description: Follow this tutorial to learn how to prepare for registering your applications by creating an Azure Active Directory B2C tenant using the Azure portal.-+ -+ Last updated 11/08/2023 |
active-directory-b2c | Tutorial Create User Flows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-create-user-flows.md | Title: Tutorial - Create user flows and custom policies - Azure Active Directory B2C description: Follow this tutorial to learn how to create user flows and custom policies in the Azure portal to enable sign up, sign in, and user profile editing for your applications in Azure Active Directory B2C.- - - Previously updated : 10/26/2022 Last updated : 11/10/2023 -+ zone_pivot_groups: b2c-policy-type+ +#Customer intent: As a developer, I want to learn how to create user flows and custom policies in the Azure portal to enable sign up, sign in, and user profile editing for my applications in Azure Active Directory B2C. + # Tutorial: Create user flows and custom policies in Azure Active Directory B2C A user flow lets you determine how users interact with your application when the ::: zone-end ::: zone pivot="b2c-custom-policy"- - If you don't have one already, [create an Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription. - [Register a web application](tutorial-register-applications.md), and [enable ID token implicit grant](tutorial-register-applications.md#enable-id-token-implicit-grant).-- ::: zone-end ::: zone pivot="b2c-user-flow" ## Create a sign-up and sign-in user flow -The sign-up and sign-in user flow handles both sign-up and sign-in experiences with a single configuration. Users of your application are led down the right path depending on the context. +The sign-up and sign-in user flow handles both experiences with a single configuration. Users of your application are led down the right path depending on the context. To create a sign-up and sign-in user flow: 1. Sign in to the [Azure portal](https://portal.azure.com). 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu. 1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**, and then select **New user flow**. - ![User flows page in portal with New user flow button highlighted](./media/tutorial-create-user-flows/sign-up-sign-in-user-flow.png) + ![Screenshot of the User flows page from the Azure portal with New user flow button highlighted.](./media/tutorial-create-user-flows/sign-up-sign-in-user-flow.png) 1. On the **Create a user flow** page, select the **Sign up and sign in** user flow. - ![Select a user flow page with Sign-up and sign-in flow highlighted](./media/tutorial-create-user-flows/select-user-flow-type.png) + ![Screenshot of the Select a user flow page from the Azure portal with the Sign-up and sign-in flow highlighted.](./media/tutorial-create-user-flows/select-user-flow-type.png) 1. Under **Select a version**, select **Recommended**, and then select **Create**. ([Learn more](user-flow-versions.md) about user flow versions.) The sign-up and sign-in user flow handles both sign-up and sign-in experiences w 1. For **Identity providers**, select **Email signup**. 1. For **User attributes and token claims**, choose the claims and attributes that you want to collect and send from the user during sign-up. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**. - ![Attributes and claims selection page with three claims selected](./media/tutorial-create-user-flows/signup-signin-attributes.png) + ![Screenshot of the attributes and claims selection page from the Azure portal with three claims selected and highlighted.](./media/tutorial-create-user-flows/signup-signin-attributes.png) -1. Select **Create** to add the user flow. A prefix of *B2C_1_* is automatically prepended to the name. +1. Select **Create** to add the user flow. A prefix of *B2C_1_* is automatically prepended to the name you entered earlier. For example, *B2C_1_signupsignin1*. ### Test the user flow -1. Select the user flow you created to open its overview page. -1. At the top of the user flow overview page, select **Run user flow**. A pane opens at the right side of the page. +1. From the **User flows** page, select the user flow you just created to open its overview page. +1. At the top of the user flow overview page, select **Run user flow**. A pane will open at the right side of the page. 1. For **Application**, select the web application you wish to test, such as the one named *webapp1*. The **Reply URL** should show `https://jwt.ms`. 1. Select **Run user flow**, and then select **Sign up now**. - ![Run user flow page in portal with Run user flow button highlighted](./media/tutorial-create-user-flows/signup-signin-run-now.PNG) + ![A screenshot of the Run user flow page from the Azure portal portal with Run user flow button, Application text box and Reply URL text box highlighted.](./media/tutorial-create-user-flows/signup-signin-run-now.PNG) 1. Enter a valid email address, select **Send verification code**, enter the verification code that you receive, then select **Verify code**. 1. Enter a new password and confirm the password.-1. Select your country and region, enter the name that you want displayed, enter a postal code, and then select **Create**. The token is returned to `https://jwt.ms` and should be displayed to you. -1. You can now run the user flow again and you should be able to sign in with the account that you created. The returned token includes the claims that you selected of country/region, name, and postal code. +1. Select your country and region, enter the name that you want displayed, enter a postal code, and then select **Create**. The token is returned to `https://jwt.ms` and should be displayed to you in your browser. +1. You can now run the user flow again and you should be able to sign in with the account that you just created. The returned token includes the claims that you selected of country/region, name, and postal code. > [!NOTE]-> The "Run user flow" experience is not currently compatible with the SPA reply URL type using authorization code flow. To use the "Run user flow" experience with these kinds of apps, register a reply URL of type "Web" and enable the implicit flow as described [here](tutorial-register-spa.md). +> The "Run user flow" experience is not currently compatible with the SPA reply URL type using authorization code flow. To use the "Run user flow" experience with these kinds of apps, [register a reply URL of type "Web" and enable the implicit flow.](tutorial-register-spa.md). ## Enable self-service password reset To enable [self-service password reset](add-password-reset-policy.md) for the sign-up or sign-in user flow: -1. Select the sign-up or sign-in user flow you created. +1. From the **User flows** page, select the sign-up or sign-in user flow you just created. 1. Under **Settings** in the left menu, select **Properties**. 1. Under **Password configuration**, select **Self-service password reset**. 1. Select **Save**. ### Test the user flow -1. Select the user flow you created to open its overview page, then select **Run user flow**. +1. From the **User flows** page, select the user flow you just created to open its overview page, then select **Run user flow**. 1. For **Application**, select the web application you wish to test, such as the one named *webapp1*. The **Reply URL** should show `https://jwt.ms`. 1. Select **Run user flow**. 1. From the sign-up or sign-in page, select **Forgot your password?**. 1. Verify the email address of the account that you previously created, and then select **Continue**.-1. You now have the opportunity to change the password for the user. Change the password and select **Continue**. The token is returned to `https://jwt.ms` and should be displayed to you. +1. You now have the opportunity to change the password for the user. Change the password and select **Continue**. The token is returned to `https://jwt.ms` and should be displayed in your browser. ## Create a profile editing user flow If you want to enable users to edit their profile in your application, you use a ### Test the user flow 1. Select the user flow you created to open its overview page.-1. At the top of the user flow overview page, select **Run user flow**. A pane opens at the right side of the page. +1. At the top of the user flow overview page, select **Run user flow**. A pane will open at the right side of the page. 1. For **Application**, select the web application you wish to test, such as the one named *webapp1*. The **Reply URL** should show `https://jwt.ms`. 1. Select **Run user flow**, and then sign in with the account that you previously created.-1. You now have the opportunity to change the display name and job title for the user. Select **Continue**. The token is returned to `https://jwt.ms` and should be displayed to you. +1. You now have the opportunity to change the display name and job title for the user. Select **Continue**. The token is returned to `https://jwt.ms` and should be displayed in your browser. ::: zone-end ::: zone pivot="b2c-custom-policy" > [!TIP] > This article explains how to set up your tenant manually. You can automate the entire process from this article. Automating will deploy the Azure AD B2C [SocialAndLocalAccountsWithMFA starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack), which will provide Sign Up and Sign In, Password Reset and Profile Edit journeys. To automate the walkthrough below, visit the [IEF Setup App](https://aka.ms/iefsetup) and follow the instructions. - ## Add signing and encryption keys for Identity Experience Framework applications 1. Sign in to the [Azure portal](https://portal.azure.com). If you want to enable users to edit their profile in your application, you use a ## Register Identity Experience Framework applications -Azure AD B2C requires you to register two applications that it uses to sign up and sign in users with local accounts: *IdentityExperienceFramework*, a web API, and *ProxyIdentityExperienceFramework*, a native app with delegated permission to the IdentityExperienceFramework app. Your users can sign up with an email address or username and a password to access your tenant-registered applications, which creates a "local account." Local accounts exist only in your Azure AD B2C tenant. +Azure AD B2C requires you to register two applications that it uses to sign up and sign in users with local accounts: *IdentityExperienceFramework*, a web API, and *ProxyIdentityExperienceFramework*, a native app with delegated permission to the IdentityExperienceFramework app. Your users can sign up with an email address or username and a password to access applications registered to your tenant, which creates a "local account." Local accounts exist only in your Azure AD B2C tenant. -You need to register these two applications in your Azure AD B2C tenant only once. +You will need to register these two applications in your Azure AD B2C tenant only once. ### Register the IdentityExperienceFramework application Now, grant permissions to the API scope you exposed earlier in the *IdentityExpe 1. In the left menu, under **Manage**, select **API permissions**. 1. Under **Configured permissions**, select **Add a permission**.-1. Select the **My APIs** tab, then select the **IdentityExperienceFramework** application. +1. Select the **APIs my organization uses** tab, then select the **IdentityExperienceFramework** application. 1. Under **Permission**, select the **user_impersonation** scope that you defined earlier. 1. Select **Add permissions**. As directed, wait a few minutes before proceeding to the next step. 1. Select **Grant admin consent for *<your tenant name)>***. Now, grant permissions to the API scope you exposed earlier in the *IdentityExpe ## Custom policy starter pack -Custom policies are a set of XML files you upload to your Azure AD B2C tenant to define technical profiles and user journeys. We provide starter packs with several pre-built policies to get you going quickly. Each of these starter packs contains the smallest number of technical profiles and user journeys needed to achieve the scenarios described: +Custom policies are a set of XML files you upload to your Azure AD B2C tenant to define technical profiles and user journeys. We provide starter packs with several pre-built policies to get you going quickly. Each of these starter packs contains the smallest number of technical profiles and user journeys needed to achieve the scenarios described. For a more in-depth guide to Azure AD B2C custom policies, follow our [custom policies how-to guide series](custom-policies-series-overview.md). - **LocalAccounts** - Enables the use of local accounts only. - **SocialAccounts** - Enables the use of social (or federated) accounts only. - **SocialAndLocalAccounts** - Enables the use of both local and social accounts.-- **SocialAndLocalAccountsWithMFA** - Enables social, local, and multi-factor authentication options.+- **SocialAndLocalAccountsWithMFA** - Enables social, local, and multifactor authentication options. Each starter pack contains: In this article, you edit the XML custom policy files in the **SocialAndLocalAcc ### Get the starter pack -Get the custom policy starter packs from GitHub, then update the XML files in the SocialAndLocalAccounts starter pack with your Azure AD B2C tenant name. +Get the custom policy starter packs from GitHub, then update the XML files in the **SocialAndLocalAccounts** starter pack with your Azure AD B2C tenant name. 1. [Download the .zip file](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/archive/master.zip) or clone the repository: Add the application IDs to the extensions file *TrustFrameworkExtensions.xml*. ## Add Facebook as an identity provider -The **SocialAndLocalAccounts** starter pack includes Facebook social sign in. Facebook isn't required for using custom policies, but we use it here to demonstrate how you can enable federated social login in a custom policy. If you don't need to enable federated social login, use the **LocalAccounts** starter pack instead, and skip [Add Facebook as an identity provider](tutorial-create-user-flows.md?pivots=b2c-custom-policy#add-facebook-as-an-identity-provider) section. +The **SocialAndLocalAccounts** starter pack includes Facebook social sign in. Facebook isn't required for using custom policies, but we use it here to demonstrate how you can enable federated social login in a custom policy. If you don't need to enable federated social login, use the **LocalAccounts** starter pack instead, and skip to the [Upload the policies](tutorial-create-user-flows.md?pivots=b2c-custom-policy#upload-the-policies) section. ### Create Facebook application |
active-directory-b2c | Tutorial Delete Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-delete-tenant.md | Title: Clean up resources and delete a tenant - Azure Active Directory B2C description: Steps describing how to delete an Azure AD B2C tenant. Learn how to delete all tenant resources, and then delete the tenant.-+ -+ Last updated 03/06/2023 |
active-directory-b2c | Tutorial Register Applications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-register-applications.md | Title: "Tutorial: Register a web application in Azure Active Directory B2C" + Title: "Tutorial - Register a web application in Azure Active Directory B2C" description: Follow this tutorial to learn how to register a web application in Azure Active Directory B2C using the Azure portal.- - - Last updated 10/26/2022-+ ++#Customer intent: As a developer or IT admin, I want to register my web application in Azure AD B2C so that I can enable my users to sign up, sign in, and manage their profiles. + # Tutorial: Register a web application in Azure Active Directory B2C Before your [applications](application-types.md) can interact with Azure Active Directory B2C (Azure AD B2C), they must be registered in a tenant that you manage. This tutorial shows you how to register a web application using the Azure portal. -A "web application" refers to a traditional web application that performs most of the application logic on the server. They may be built using frameworks like ASP.NET Core, Spring (Java), Flask (Python), and Express (Node.js). +A "web application" refers to a traditional web application that performs most of the application logic on the server. They may be built using frameworks like ASP.NET Core, Spring (Java), Flask (Python), or Express (Node.js). > [!IMPORTANT] > If you're using a single-page application ("SPA") instead (e.g. using Angular, Vue, or React), learn [how to register a single-page application](tutorial-register-spa.md). If you haven't already created your own [Azure AD B2C Tenant](tutorial-create-te ## Register a web application -To register a web application in your Azure AD B2C tenant, you can use our new unified **App registrations** experience or our legacy **Applications (Legacy)** experience. [Learn more about the new experience](./app-registrations-training-guide.md). +To register a web application in your Azure AD B2C tenant, you can use our new unified **App registrations**. [Learn more about the new experience](./app-registrations-training-guide.md). -#### [App registrations](#tab/app-reg-ga/) +#### App registrations 1. Sign in to the [Azure portal](https://portal.azure.com). 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu. To register a web application in your Azure AD B2C tenant, you can use our new u 1. Under **Permissions**, select the *Grant admin consent to openid and offline_access permissions* check box. 1. Select **Register**. -#### [Applications (Legacy)](#tab/applications-legacy/) --1. Sign in to the [Azure portal](https://portal.azure.com). -1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu. -1. In the Azure portal, search for and select **Azure AD B2C**. -1. Select **Applications (Legacy)**, and then select **Add**. -1. Enter a name for the application. For example, *webapp1*. -1. For **Include web app/ web API**, select **Yes**. -1. For **Reply URL**, enter an endpoint where Azure AD B2C should return any tokens that your application requests. For example, you could set it to listen locally at `http://localhost:5000`. You can add and modify redirect URIs in your registered applications at any time. -- The following restrictions apply to redirect URIs: -- * The reply URL must begin with the scheme `https`, unless using `localhost`. - * The reply URL is case-sensitive. Its case must match the case of the URL path of your running application. For example, if your application includes as part of its path `.../abc/response-oidc`, do not specify `.../ABC/response-oidc` in the reply URL. Because the web browser treats paths as case-sensitive, cookies associated with `.../abc/response-oidc` may be excluded if redirected to the case-mismatched `.../ABC/response-oidc` URL. - * The reply URL should include or exclude the trailing forward slash as your application expects it. For example, `https://contoso.com/auth-response` and `https://contoso.com/auth-response/` might be treated as nonmatching URLs in your application. --1. Select **Create** to complete the application registration. --* * * - > [!TIP] > If you don't see the app(s) you created under **App registrations**, refresh the portal. To register a web application in your Azure AD B2C tenant, you can use our new u For a web application, you need to create an application secret. The client secret is also known as an *application password*. The secret will be used by your application to exchange an authorization code for an access token. -#### [App registrations](#tab/app-reg-ga/) +#### App registrations 1. In the **Azure AD B2C - App registrations** page, select the application you created, for example *webapp1*. 1. In the left menu, under **Manage**, select **Certificates & secrets**. For a web application, you need to create an application secret. The client secr 1. Under **Expires**, select a duration for which the secret is valid, and then select **Add**. 1. Record the secret's **Value** for use in your client application code. This secret value is never displayed again after you leave this page. You use this value as the application secret in your application's code. -#### [Applications (Legacy)](#tab/applications-legacy/) --1. In the **Azure AD B2C - Applications** page, select the application you created, for example *webapp1*. -1. Select **Keys** and then select **Generate key**. -1. Select **Save** to view the key. Make note of the **App key** value. You use this value as the application secret in your application's code. --* * * - > [!NOTE] > For security purposes, you can roll over the application secret periodically, or immediately in case of emergency. Any application that integrates with Azure AD B2C should be prepared to handle a secret rollover event, no matter how frequently it may occur. You can set two application secrets, allowing your application to keep using the old secret during an application secret rotation event. To add another client secret, repeat steps in this section. |
active-directory-b2c | Tutorial Register Spa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-register-spa.md | Title: Register a single-page application in Azure Active Directory B2C description: Follow this guide to learn how to register a single-page application (SPA) in Azure Active Directory B2C using the Azure portal.-+ -+ Last updated 11/20/2023-+ |
active-directory-b2c | User Flow Custom Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-custom-attributes.md | Title: Define custom attributes in Azure Active Directory B2C description: Define custom attributes for your application in Azure Active Directory B2C to collect information about your customers.-+ -+ Last updated 03/09/2023-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | User Flow Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-overview.md | Title: User flows and custom policies in Azure Active Directory B2C description: Learn more about built-in user flows and the custom policy extensible policy framework of Azure Active Directory B2C.- - - Previously updated : 10/24/2022- Last updated : 11/09/2023 + +# Customer intent: As a developer, I want to understand the difference between user flows and custom policies, so that I can choose the best method for my business needs. I want to understand the scenarios that can be enabled with each method, and how to integrate them with my applications. + # User flows and custom policies overview In Azure AD B2C, there are two ways to provide identity user experiences: The following screenshot shows the user flow settings UI, versus custom policy configuration files. This article gives a brief overview of user flows and custom policies, and helps you decide which method will work best for your business needs. To set up the most common identity tasks, the Azure portal includes several pred You can configure user flow settings like these to control identity experience behaviors in your applications: * Account types used for sign-in, such as social accounts like a Facebook, or local accounts that use an email address and password for sign-in-* Attributes to be collected from the consumer, such as first name, postal code, or country/region of residency -* Microsoft Entra multifactor authentication +* Attributes to be collected from the consumer, such as first name, last name, postal code, or country/region of residency +* Multifactor authentication * Customization of the user interface * Set of claims in a token that your application receives after the user completes the user flow * Session management Most of the common identity scenarios for apps can be defined and implemented ef Custom policies are configuration files that define the behavior of your Azure AD B2C tenant user experience. While user flows are predefined in the Azure AD B2C portal for the most common identity tasks, custom policies can be fully edited by an identity developer to complete many different tasks. -A custom policy is fully configurable and policy-driven. It orchestrates trust between entities in standard protocols. For example, OpenID Connect, OAuth, SAML, and a few non-standard ones, for example REST API-based system-to-system claims exchanges. The framework creates user-friendly, white-labeled experiences. +A custom policy is fully configurable and policy-driven. It orchestrates trust between entities in standard protocols such as OpenID Connect, OAuth, SAML. As well as a few non-standard ones, for example REST API-based system-to-system claims exchanges. The framework creates user-friendly, white-labeled experiences. The custom policy gives you the ability to construct user journeys with any combination of steps. For example: The custom policy gives you the ability to construct user journeys with any comb Each user journey is defined by a policy. You can build as many or as few policies as you need to enable the best user experience for your organization. -![Diagram showing an example of a complex user journey enabled by IEF](media/user-flow-overview/custom-policy-diagram.png) A custom policy is defined by multiple XML files that refer to each other in a hierarchical chain. The XML elements define the claims schema, claims transformations, content definitions, claims providers, technical profiles, user journey orchestration steps, and other aspects of the identity experience. You can create many user flows, or custom policies of different types in your te When a user wants to sign in to your application, the application initiates an authorization request to a user flow- or custom policy-provided endpoint. The user flow or custom policy defines and controls the user's experience. When they complete a user flow, Azure AD B2C generates a token, then redirects the user back to your application. -![Mobile app with arrows showing flow between Azure AD B2C sign-in page](media/user-flow-overview/app-integration.png) Multiple applications can use the same user flow or custom policy. A single application can use multiple user flows or custom policies. For example, to sign in to an application, the application uses the *sign up or Your application triggers a user flow by using a standard HTTP authentication request that includes the user flow or custom policy name. A customized [token](tokens-overview.md) is received as a response. - ## Next steps - To create the recommended user flows, follow the instructions in [Tutorial: Create a user flow](tutorial-create-user-flows.md). |
active-directory-b2c | User Flow Versions Legacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-versions-legacy.md | Title: Legacy user flow versions in Azure Active Directory B2C description: Learn about legacy versions of user flows available in Azure Active Directory B2C.-+ -+ Last updated 07/30/2020 |
active-directory-b2c | User Flow Versions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-versions.md | Title: User flow versions in Azure Active Directory B2C description: Learn about the versions of user flows available in Azure Active Directory B2C.-+ -+ Last updated 08/17/2021 |
active-directory-b2c | User Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-migration.md | Title: User migration approaches description: Migrate user accounts from another identity provider to Azure AD B2C by using the pre migration or seamless migration methods.-+ -+ Last updated 12/29/2022 -+ # Migrate users to Azure AD B2C |
active-directory-b2c | User Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-overview.md | Title: Overview of user accounts in Azure Active Directory B2C description: Learn about the types of user accounts that can be used in Azure Active Directory B2C.-+ -+ Last updated 12/28/2022 |
active-directory-b2c | User Profile Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-profile-attributes.md | Title: User profile attributes in Azure Active Directory B2C description: Learn about the user resource type attributes that Azure AD B2C directory user profile supports. Find out about built-in attributes, extensions, and how attributes map to Microsoft Graph.- - - Last updated 11/20/2023 |
active-directory-b2c | Userinfo Endpoint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/userinfo-endpoint.md | Title: UserInfo endpoint description: Define a UserInfo endpoint in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 09/20/2021-+ zone_pivot_groups: b2c-policy-type |
active-directory-b2c | Userjourneys | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/userjourneys.md | Title: UserJourneys description: Specify the UserJourneys element of a custom policy in Azure Active Directory B2C.-+ -+ Last updated 01/27/2023 |
active-directory-b2c | Validation Technical Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/validation-technical-profile.md | Title: Define a validation technical profile in a custom policy description: Validate claims by using a validation technical profile in a custom policy in Azure Active Directory B2C.-+ -+ Last updated 03/16/2020 |
active-directory-b2c | View Audit Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/view-audit-logs.md | Title: Access and review audit logs description: How to access Azure AD B2C audit logs programmatically and in the Azure portal.-+ -+ Last updated 06/08/2022 |
active-directory-b2c | Whats New Docs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/whats-new-docs.md | Last updated 11/01/2023 -+ |
ai-services | Concept Add On Capabilities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-add-on-capabilities.md | monikerRange: '>=doc-intel-3.1.0' Document Intelligence supports more sophisticated and modular analysis capabilities. Use the add-on features to extend the results to include more features extracted from your documents. Some add-on features incur an extra cost. These optional features can be enabled and disabled depending on the scenario of the document extraction. The following add-on capabilities are available for `2023-07-31 (GA)` and later releases: -* [`ocr.highResolution`](#high-resolution-extraction) +* [`ocrHighResolution`](#high-resolution-extraction) -* [`ocr.formula`](#formula-extraction) +* [`formulas`](#formula-extraction) -* [`ocr.font`](#font-property-extraction) +* [`styleFont`](#font-property-extraction) ++* [`barcodes`](#barcode-property-extraction) ++* [`languages`](#language-detection) -* [`ocr.barcode`](#barcode-property-extraction) :::moniker-end :::moniker range="doc-intel-4.0.0" > [!NOTE] >-> Add-on capabilities are available within all models except for the [Read model](concept-read.md). +> Not all add-on capabilities are supported by all models. For more information, *see* [model data extraction](concept-model-overview.md#model-data-extraction). The following add-on capability is available for `2023-10-31-preview` and later releases: +* [`keyValuePairs`](#key-value-pairs) * [`queryFields`](#query-fields) > [!NOTE] The `ocr.barcode` capability extracts all identified barcodes in the `barcodes` | `ITF` |:::image type="content" source="media/barcodes/interleaved-two-five.png" alt-text="Screenshot of the interleaved-two-of-five barcode (ITF).":::| | `Data Matrix` |:::image type="content" source="media/barcodes/datamatrix.gif" alt-text="Screenshot of the Data Matrix.":::| +## Language detection ++It predicts the detected primary language for each text line along with the `confidence` in the `languages` collection under `analyzeResult`. ++```json +"languages": [ + { + "spans": [ + { + "offset": 0, + "length": 131 + } + ], + "locale": "en", + "confidence": 0.7 + }, +] +``` + :::moniker range="doc-intel-4.0.0" +## Key-value Pairs ++Key-value pairs are specific spans within the document that identify a label or key and its associated response or value. In a structured form, these pairs could be the label and the value the user entered for that field. In an unstructured document, they could be the date a contract was executed on based on the text in a paragraph. The AI model is trained to extract identifiable keys and values based on a wide variety of document types, formats, and structures. ++Keys can also exist in isolation when the model detects that a key exists, with no associated value or when processing optional fields. For example, a middle name field can be left blank on a form in some instances. Key-value pairs are spans of text contained in the document. For documents where the same value is described in different ways, for example, customer/user, the associated key is either customer or user (based on context). + ## Query Fields * Document Intelligence now supports query field extractions. With query field extraction, you can add fields to the extraction process using a query request without the need for added training. For query field extraction, specify the fields you want to extract and Document :::image type="content" source="media/studio/query-fields.png" alt-text="Screenshot of the query fields button in Document Intelligence Studio."::: -* You can pass a list of field labels like `Party1`, `Party2`, `TermsOfUse`, `PaymentTerms`, `PaymentDate`, and `TermEndDate`" as part of the analyze document request. +* You can pass a list of field labels like `Party1`, `Party2`, `TermsOfUse`, `PaymentTerms`, `PaymentDate`, and `TermEndDate`" as part of the `analyze document` request. :::image type="content" source="media/studio/query-field-select.png" alt-text="Screenshot of query fields selection window in Document Intelligence Studio."::: |
ai-services | Concept Business Card | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-business-card.md | Document Intelligence **v3.1:2023-07-31 (GA)** supports the following tools, app | Feature | Resources | Model ID | |-|-|--|-|**Business card model**| • [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=businessCard)<br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)<br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)<br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)<br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)<br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-businessCard**| +|**Business card model**| • [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=businessCard)<br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)<br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)<br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)<br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)<br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-businessCard**| :::moniker-end ::: moniker range=">=doc-intel-3.0.0" |
ai-services | Concept Composed Models | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-composed-models.md | Document Intelligence **v4.0:2023-10-31-preview** supports the following tools, | Feature | Resources | |-|-|-|_**Custom model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/BuildDocumentModel)</br>• [C# SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [Java SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [JavaScript SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [Python SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)| -| _**Composed model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/ComposeDocumentModel)</br>• [C# SDK](/dotnet/api/azure.ai.formrecognizer.training.formtrainingclient.startcreatecomposedmodel)</br>• [Java SDK](/java/api/com.azure.ai.formrecognizer.training.formtrainingclient.begincreatecomposedmodel)</br>• [JavaScript SDK](/javascript/api/@azure/ai-form-recognizer/documentmodeladministrationclient?view=azure-node-latest#@azure-ai-form-recognizer-documentmodeladministrationclient-begincomposemodel&preserve-view=true)</br>• [Python SDK](/python/api/azure-ai-formrecognizer/azure.ai.formrecognizer.formtrainingclient?view=azure-python#azure-ai-formrecognizer-formtrainingclient-begin-create-composed-model&preserve-view=true)| +|_**Custom model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [C# SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [Java SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [JavaScript SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [Python SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)| +| _**Composed model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](/rest/api/aiservices/document-models/compose-model?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [C# SDK](/dotnet/api/azure.ai.formrecognizer.training.formtrainingclient.startcreatecomposedmodel)</br>• [Java SDK](/java/api/com.azure.ai.formrecognizer.training.formtrainingclient.begincreatecomposedmodel)</br>• [JavaScript SDK](/javascript/api/@azure/ai-form-recognizer/documentmodeladministrationclient?view=azure-node-latest#@azure-ai-form-recognizer-documentmodeladministrationclient-begincomposemodel&preserve-view=true)</br>• [Python SDK](/python/api/azure-ai-formrecognizer/azure.ai.formrecognizer.formtrainingclient?view=azure-python#azure-ai-formrecognizer-formtrainingclient-begin-create-composed-model&preserve-view=true)| :::moniker-end Document Intelligence **v3.1:2023-07-31 (GA)** supports the following tools, app | Feature | Resources | |-|-|-|_**Custom model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [C# SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [Java SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [JavaScript SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [Python SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)| -| _**Composed model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/ComposeDocumentModel)</br>• [C# SDK](/dotnet/api/azure.ai.formrecognizer.training.formtrainingclient.startcreatecomposedmodel)</br>• [Java SDK](/java/api/com.azure.ai.formrecognizer.training.formtrainingclient.begincreatecomposedmodel)</br>• [JavaScript SDK](/javascript/api/@azure/ai-form-recognizer/documentmodeladministrationclient?view=azure-node-latest#@azure-ai-form-recognizer-documentmodeladministrationclient-begincomposemodel&preserve-view=true)</br>• [Python SDK](/python/api/azure-ai-formrecognizer/azure.ai.formrecognizer.formtrainingclient?view=azure-python#azure-ai-formrecognizer-formtrainingclient-begin-create-composed-model&preserve-view=true)| +|_**Custom model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [C# SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [Java SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [JavaScript SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [Python SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)| +| _**Composed model**_| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>• [REST API](/rest/api/aiservices/document-models/compose-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [C# SDK](/dotnet/api/azure.ai.formrecognizer.training.formtrainingclient.startcreatecomposedmodel)</br>• [Java SDK](/java/api/com.azure.ai.formrecognizer.training.formtrainingclient.begincreatecomposedmodel)</br>• [JavaScript SDK](/javascript/api/@azure/ai-form-recognizer/documentmodeladministrationclient?view=azure-node-latest#@azure-ai-form-recognizer-documentmodeladministrationclient-begincomposemodel&preserve-view=true)</br>• [Python SDK](/python/api/azure-ai-formrecognizer/azure.ai.formrecognizer.formtrainingclient?view=azure-python#azure-ai-formrecognizer-formtrainingclient-begin-create-composed-model&preserve-view=true)| :::moniker-end |
ai-services | Concept Contract | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-contract.md | The Document Intelligence contract model uses powerful Optical Character Recogni ## Automated contract processing -Automated contract processing is the process of extracting key contract fields from documents. Historically, the contract analysis process has been done manually and, hence, very time consuming. Accurate extraction of key data from contracts is typically the first and one of the most critical steps in the contract automation process. +Automated contract processing is the process of extracting key contract fields from documents. Historically, the contract analysis process is achieved manually and, hence, very time consuming. Accurate extraction of key data from contracts is typically the first and one of the most critical steps in the contract automation process. ## Development options Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**Contract model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-contract**| +|**Contract model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-contract**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**Contract model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-contract**| +|**Contract model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-contract**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" |
ai-services | Concept Custom Classifier | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-custom-classifier.md | |
ai-services | Concept Custom Label Tips | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-custom-label-tips.md | |
ai-services | Concept Custom Label | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-custom-label.md | Tabular fields are also useful when extracting repeating information within a do * View the REST APIs: > [!div class="nextstepaction"]- > [Document Intelligence API v4.0:2023-10-31-preview](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument) + > [Document Intelligence API v4.0:2023-10-31-preview](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP) > [!div class="nextstepaction"]- > [Document Intelligence API v3.1:2023-07-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) + > [Document Intelligence API v3.1:2023-07-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) |
ai-services | Concept Custom Lifecycle | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-custom-lifecycle.md | |
ai-services | Concept Custom Neural | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-custom-neural.md | As of October 18, 2022, Document Intelligence custom neural model training will > [!TIP] > You can [copy a model](disaster-recovery.md#copy-api-overview) trained in one of the select regions listed to **any other region** and use it accordingly. >-> Use the [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/CopyDocumentModelTo) or [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects) to copy a model to another region. +> Use the [**REST API**](/rest/api/aiservices/document-models/copy-model-to?view=rest-aiservices-2023-10-31-preview&preserve-view=true +&tabs=HTTP) or [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects) to copy a model to another region. :::moniker-end As of October 18, 2022, Document Intelligence custom neural model training will > [!TIP] > You can [copy a model](disaster-recovery.md#copy-api-overview) trained in one of the select regions listed to **any other region** and use it accordingly. >-> Use the [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/CopyDocumentModelTo) or [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects) to copy a model to another region. +> Use the [**REST API**](/rest/api/aiservices/document-models/copy-model-to?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) or [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects) to copy a model to another region. :::moniker-end Custom neural models are available in the [v3.0 and later models](v3-1-migration | Document Type | REST API | SDK | Label and Test Models| |--|--|--|--|-| Custom document | [Document Intelligence 3.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio) +| Custom document | [Document Intelligence 3.1](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio) The build operation to train model supports a new ```buildMode``` property, to train a custom neural model, set the ```buildMode``` to ```neural```. |
ai-services | Concept Custom Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-custom-template.md | Template models rely on a defined visual template, changes to the template resul ::: moniker range="doc-intel-4.0.0" -Custom template models are generally available with the [v4.0 API](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/BuildDocumentModel). If you're starting with a new project or have an existing labeled dataset, use the v3.1 or v3.0 API with Document Intelligence Studio to train a custom template model. +Custom template models are generally available with the [v4.0 API](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP). If you're starting with a new project or have an existing labeled dataset, use the v3.1 or v3.0 API with Document Intelligence Studio to train a custom template model. | Model | REST API | SDK | Label and Test Models| |--|--|--|--|-| Custom template | [v3.1 API](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/BuildDocumentModel)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio)| +| Custom template | [v3.1 API](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio)| With the v3.0 and later APIs, the build operation to train model supports a new ```buildMode``` property, to train a custom template model, set the ```buildMode``` to ```template```. https://{endpoint}/documentintelligence/documentModels:build?api-version=2023-10 ::: moniker range="doc-intel-3.1.0" -Custom template models are generally available with the [v3.1 API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/BuildDocumentModel). If you're starting with a new project or have an existing labeled dataset, use the v3.1 or v3.0 API with Document Intelligence Studio to train a custom template model. +Custom template models are generally available with the [v3.1 API](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP). If you're starting with a new project or have an existing labeled dataset, use the v3.1 or v3.0 API with Document Intelligence Studio to train a custom template model. | Model | REST API | SDK | Label and Test Models| |--|--|--|--|-| Custom template | [v3.1 API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio)| +| Custom template | [v3.1 API](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio)| With the v3.0 and later APIs, the build operation to train model supports a new ```buildMode``` property, to train a custom template model, set the ```buildMode``` to ```template```. |
ai-services | Concept Custom | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-custom.md | The custom template or custom form model relies on a consistent visual template Your training set consists of structured documents where the formatting and layout are static and constant from one document instance to the next. Custom template models support key-value pairs, selection marks, tables, signature fields, and regions. Template models and can be trained on documents in any of the [supported languages](language-support.md). For more information, *see* [custom template models](concept-custom-template.md). -If the language of your documents and extraction scenarios supports custom neural models, it's recommended that you use custom neural models over template models for higher accuracy. +If the language of your documents and extraction scenarios supports custom neural models, we recommend that you use custom neural models over template models for higher accuracy. > [!TIP] > If the language of your documents and extraction scenarios supports custom neura ### Build mode -The build custom model operation has added support for the *template* and *neural* custom models. Previous versions of the REST API and SDKs only supported a single build mode that is now known as the *template* mode. +The build custom model operation adds support for the *template* and *neural* custom models. Previous versions of the REST API and SDKs only supported a single build mode that is now known as the *template* mode. * Template models only accept documents that have the same basic page structureΓÇöa uniform visual appearanceΓÇöor the same relative positioning of elements within the document. Document Intelligence v3.1 and later models support the following tools, applica | Feature | Resources | Model ID| |||:|-|Custom model| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/customform/projects)</br>• [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [C# SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>• [Python SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)|***custom-model-id***| +|Custom model| • [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/customform/projects)</br>• [REST API](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [C# SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>• [Python SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)|***custom-model-id***| :::moniker-end The following table describes the features available with the associated tools a | Document type | REST API | SDK | Label and Test Models| |--|--|--|--|-| Custom template v 4.0 v3.1 v3.0 | [Document Intelligence 3.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio)| -| Custom neural v4.0 v3.1 v3.0 | [Document Intelligence 3.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio) +| Custom template v 4.0 v3.1 v3.0 | [Document Intelligence 3.1](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio)| +| Custom neural v4.0 v3.1 v3.0 | [Document Intelligence 3.1](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)| [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio) | Custom form v2.1 | [Document Intelligence 2.1 GA API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeWithCustomForm) | [Document Intelligence SDK](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-2.1.0&preserve-view=true?pivots=programming-language-python)| [Sample labeling tool](https://fott-2-1.azurewebsites.net/)| > [!NOTE] > Custom template models trained with the 3.0 API will have a few improvements over the 2.1 API stemming from improvements to the OCR engine. Datasets used to train a custom template model using the 2.1 API can still be used to train a new model using the 3.0 API. The following table describes the features available with the associated tools a * **Custom model v4.0, v3.1 and v3.0 APIs** supports signature detection for custom forms. When you train custom models, you can specify certain fields as signatures. When a document is analyzed with your custom model, it indicates whether a signature was detected or not. * [Document Intelligence v3.1 migration guide](v3-1-migration-guide.md): This guide shows you how to use the v3.0 version in your applications and workflows.-* [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument): This API shows you more about the v3.0 version and new capabilities. +* [REST API](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP): This API shows you more about the v3.0 version and new capabilities. 1. Build your training dataset. |
ai-services | Concept Document Intelligence Studio | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-document-intelligence-studio.md | |
ai-services | Concept General Document | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-general-document.md | -|Layout model with the optional query string parameter **`features=keyValuePairs`** enabled.|• v4:2023-10-31-preview</br>• v3.1:2023-07-31 (GA) |**`prebuilt-layout`**| +|`Layout` model with the optional query string parameter **`features=keyValuePairs`** enabled.|• v4:2023-10-31-preview</br>• v3.1:2023-07-31 (GA) |**`prebuilt-layout`**| |General document model|• v3.1:2023-07-31 (GA)</br>• v3.0:2022-08-31 (GA)</br>• v2.1 (GA)|**`prebuilt-document`**| :::moniker-end Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**General document model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-document**| +|**General document model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-document**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" Keys can also exist in isolation when the model detects that a key exists, with * Follow our [**Document Intelligence v3.1 migration guide**](v3-1-migration-guide.md) to learn how to use the v3.1 version in your applications and workflows. -* Explore our [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument). +* Explore our [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP). > [!div class="nextstepaction"] > [Try the Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio) |
ai-services | Concept Health Insurance Card | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-health-insurance-card.md | Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**Health insurance card model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-healthInsuranceCard.us**| +|**Health insurance card model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-healthInsuranceCard.us**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**Health insurance card model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-healthInsuranceCard.us**| +|**Health insurance card model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-healthInsuranceCard.us**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" See how data is extracted from health insurance cards using the Document Intelli * Follow our [**Document Intelligence v3.1 migration guide**](v3-1-migration-guide.md) to learn how to use the v3.1 version in your applications and workflows. -* Explore our [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) to learn more about the v3.1 version and new capabilities. +* Explore our [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) to learn more about the v3.1 version and new capabilities. ## Next steps |
ai-services | Concept Id Document | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-id-document.md | Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**ID document model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-idDocument**| +|**ID document model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-idDocument**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**ID document model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-idDocument**| +|**ID document model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-idDocument**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" |
ai-services | Concept Invoice | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-invoice.md | Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**Invoice model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-invoice**| +|**Invoice model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-invoice**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**Invoice model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-invoice**| +|**Invoice model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-invoice**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" |
ai-services | Concept Layout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-layout.md | Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**Layout model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-layout**| +|**Layout model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-layout**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**Layout model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-layout**| +|**Layout model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-layout**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" See how data, including text, tables, table headers, selection marks, and struct * Select the **Fetch** button. -1. Select **Run Layout**. The Document Intelligence Sample Labeling tool calls the Analyze Layout API and analyze the document. +1. Select **Run Layout**. The Document Intelligence Sample Labeling tool calls the `Analyze Layout` API and analyze the document. :::image type="content" source="media/fott-layout.png" alt-text="Screenshot of `Layout` dropdown window."::: For large multi-page documents, use the `pages` query parameter to indicate spec ## The Get Analyze Layout Result operation -The second step is to call the [Get Analyze Layout Result](https://westcentralus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/GetAnalyzeLayoutResult) operation. This operation takes as input the Result ID the Analyze Layout operation created. It returns a JSON response that contains a **status** field with the following possible values. +The second step is to call the [Get Analyze Layout Result](https://westcentralus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/GetAnalyzeLayoutResult) operation. This operation takes as input the Result ID the `Analyze Layout` operation created. It returns a JSON response that contains a **status** field with the following possible values. |Field| Type | Possible values | |:--|:-:|:-| |
ai-services | Concept Model Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-model-overview.md | -|Model|[2023-10-31-preview](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)|[2023-07-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)|[2022-08-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2022-08-31/operations/AnalyzeDocument)|[v2.1 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)| +|Model|[2023-10-31-preview](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)|[2023-07-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)|[2022-08-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2022-08-31/operations/AnalyzeDocument)|[v2.1 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)| |-|--||--|| |[Add-on capabilities](concept-add-on-capabilities.md) | ✔️| ✔️| n/a| n/a| |[Business Card](concept-business-card.md) | deprecated|✔️|✔️|✔️ | The following table shows the available models for each current preview and stab | [Custom classification model](#custom-classifier)| The **Custom classification model** can classify each page in an input file to identify the document(s) within and can also identify multiple documents or multiple instances of a single document within an input file. | [Composed models](#composed-models) | Combine several custom models into a single model to automate processing of diverse document types with a single composed model. -For all models, except Business card model, Document Intelligence now supports add-on capabilities to allow for more sophisticated analysis. These optional capabilities can be enabled and disabled depending on the scenario of the document extraction. There are four add-on capabilities available for the `2023-07-31` (GA) and later API version: +For all models, except Business card model, Document Intelligence now supports add-on capabilities to allow for more sophisticated analysis. These optional capabilities can be enabled and disabled depending on the scenario of the document extraction. There are seven add-on capabilities available for the `2023-07-31` (GA) and later API version: -* [`ocr.highResolution`](concept-add-on-capabilities.md#high-resolution-extraction) -* [`ocr.formula`](concept-add-on-capabilities.md#formula-extraction) -* [`ocr.font`](concept-add-on-capabilities.md#font-property-extraction) -* [`ocr.barcode`](concept-add-on-capabilities.md#barcode-property-extraction) +* [`ocrHighResolution`](concept-add-on-capabilities.md#high-resolution-extraction) +* [`formulas`](concept-add-on-capabilities.md#formula-extraction) +* [`styleFont`](concept-add-on-capabilities.md#font-property-extraction) +* [`barcodes`](concept-add-on-capabilities.md#barcode-property-extraction) +* [`languages`](concept-add-on-capabilities.md#language-detection) +* [`keyValuePairs`](concept-add-on-capabilities.md#key-value-pairs) (2023-10-31-preview) +* [`queryFields`](concept-add-on-capabilities.md#query-fields) (2023-31-preview) ## Analysis features The Layout analysis model analyzes and extracts text, tables, selection marks, a > > [Learn more: layout model](concept-layout.md) - ### Health insurance card :::image type="icon" source="media/studio/health-insurance-logo.png"::: The US tax document models analyze and extract key fields and line items from a |US Tax 1098-T|Extract qualified tuition details.|**prebuilt-tax.us.1098T**| |US Tax 1099|Extract Information from 1099 forms.|**prebuilt-tax.us.1099(variations)**| - ***Sample W-2 document processed using [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.w2)***: :::image type="content" source="./media/studio/w-2.png" alt-text="Screenshot of a sample W-2."::: |
ai-services | Concept Query Fields | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-query-fields.md | |
ai-services | Concept Read | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-read.md | Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**Read OCR model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-read**| +|**Read OCR model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-read**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**Read OCR model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-read**| +|**Read OCR model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-read**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" Complete a Document Intelligence quickstart: Explore our REST API: > [!div class="nextstepaction"]-> [Document Intelligence API v3.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +> [Document Intelligence API v3.1](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) |
ai-services | Concept Receipt | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-receipt.md | Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**Receipt model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-receipt**| +|**Receipt model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**prebuilt-receipt**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**Receipt model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-receipt**| +|**Receipt model**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**prebuilt-receipt**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" |
ai-services | Concept Tax Document | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/concept-tax-document.md | Document Intelligence v4.0 (2023-10-31-preview) supports the following tools, ap | Feature | Resources | Model ID | |-|-|--|-|**US tax form models**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/document-intelligence-api-2023-10-31-preview/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**• prebuilt-tax.us.W-2</br>• prebuilt-tax.us.1098</br>• prebuilt-tax.us.1098E</br>• prebuilt-tax.us.1098T</br>• prebuilt-tax.us.1099(Variations)**| +|**US tax form models**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-10-31-preview&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**• prebuilt-tax.us.W-2</br>• prebuilt-tax.us.1098</br>• prebuilt-tax.us.1098E</br>• prebuilt-tax.us.1098T</br>• prebuilt-tax.us.1099(Variations)**| ::: moniker-end ::: moniker range="doc-intel-3.1.0" Document Intelligence v3.1 supports the following tools, applications, and libra | Feature | Resources | Model ID | |-|-|--|-|**US tax form models**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**• prebuilt-tax.us.W-2</br>• prebuilt-tax.us.1098</br>• prebuilt-tax.us.1098E</br>• prebuilt-tax.us.1098T**| +|**US tax form models**|• [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>• [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>• [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)</br>• [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.1.0&preserve-view=true)|**• prebuilt-tax.us.W-2</br>• prebuilt-tax.us.1098</br>• prebuilt-tax.us.1098E</br>• prebuilt-tax.us.1098T**| ::: moniker-end ::: moniker range="doc-intel-3.0.0" The following are the fields extracted from a 1099-nec tax form in the JSON outp |Name| Type | Description | Example output | |:--|:-|:-|::|-| TaxYear | String | Tax Year extracted from Form 1099-NEC.| 2021 | -| Payer | Object | An object that contains the payers's TIN, Name, Address, and PhoneNumber | | -| Recipient | Object | An object that contains the recipient's TIN, Name, Address, and AccountNumber| | -| Box1 |number|Box 1 extracted from Form 1099-NEC.| 123456 | -| Box2 |boolean|Box 2 extracted from Form 1099-NEC.| true | -| Box4 |number|Box 4 extracted from Form 1099-NEC.| 123456 | -| StateTaxesWithheld |array| State Taxes Withheld extracted from Form 1099-NEC (boxes 5,6, and 7)| | +| `TaxYear` | String | Tax Year extracted from Form 1099-NEC.| 2021 | +| `Payer` | Object | An object that contains the payer's TIN, Name, Address, and PhoneNumber | | +| `Recipient` | Object | An object that contains the recipient's TIN, Name, Address, and AccountNumber| | +| `Box1` |number|Box 1 extracted from Form 1099-NEC.| 123456 | +| `Box2` |boolean|Box 2 extracted from Form 1099-NEC.| true | +| `Box4` |number|Box 4 extracted from Form 1099-NEC.| 123456 | +| `StateTaxesWithheld` |array| State Taxes Withheld extracted from Form 1099-NEC (boxes 5, 6, and 7)| | The tax documents key-value pairs and line items extracted are in the `documentResults` section of the JSON output. |
ai-services | Create Sas Tokens | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/create-sas-tokens.md | The SAS URL includes a special set of [query parameters](/rest/api/storageservic ### REST API -To use your SAS URL with the [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/BuildDocumentModel), add the SAS URL to the request body: +To use your SAS URL with the [REST API](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP), add the SAS URL to the request body: ```json { |
ai-services | Disaster Recovery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/disaster-recovery.md | Ocp-Apim-Subscription-Key: {SOURCE_FORM_RECOGNIZER_RESOURCE_KEY} ### Track the target model ID -You can also use the **[Get model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/GetModel)** API to track the status of the operation by querying the target model. Call the API using the target model ID that you copied down from the [Generate Copy authorization request](#generate-copy-authorization-request) response. +You can also use the **[Get model](/rest/api/aiservices/document-models/get-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)** API to track the status of the operation by querying the target model. Call the API using the target model ID that you copied down from the [Generate Copy authorization request](#generate-copy-authorization-request) response. ```http GET https://{YOUR-ENDPOINT}/formrecognizer/documentModels/{modelId}?api-version=2023-07-31" -H "Ocp-Apim-Subscription-Key: {YOUR-KEY} Operation-Location: https://{source-resource}.cognitiveservices.azure.com/formre ### Track copy operation progress -You can use the [**Get operation**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/GetOperation) API to list all document model operations (succeeded, in-progress, or failed) associated with your Document Intelligence resource. Operation information only persists for 24 hours. Here's a list of the operations (operationId) that can be returned: +You can use the [**Get operation**](/rest/api/aiservices/miscellaneous/get-operation?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) API to list all document model operations (succeeded, in-progress, or failed) associated with your Document Intelligence resource. Operation information only persists for 24 hours. Here's a list of the operations (operationId) that can be returned: * documentModelBuild * documentModelCompose You can use the [**Get operation**](https://westus.dev.cognitive.microsoft.com/d ### Track the target model ID -If the operation was successful, the document model can be accessed using the [**getModel**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/GetModel) (get a single model), or [**GetModels**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/GetModels) (get a list of models) APIs. +If the operation was successful, the document model can be accessed using the [**getModel**](/rest/api/aiservices/document-models/get-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) (get a single model), or [**GetModels**](/rest/api/aiservices/document-models/get-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTPs) (get a list of models) APIs. ::: moniker-end curl -i GET "https://<SOURCE_FORM_RECOGNIZER_RESOURCE_ENDPOINT>/formrecognizer/v In this guide, you learned how to use the Copy API to back up your custom models to a secondary Document Intelligence resource. Next, explore the API reference docs to see what else you can do with Document Intelligence. -* [REST API reference documentation](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +* [REST API reference documentation](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) ::: moniker-end |
ai-services | Compose Custom Models | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/how-to-guides/compose-custom-models.md | If you want to use manually labeled data, you have to upload the *.labels.json* When you [train your model](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects) with labeled data, the model uses supervised learning to extract values of interest, using the labeled forms you provide. Labeled data results in better-performing models and can produce models that work with complex forms or forms containing values without keys. -Document Intelligence uses the [prebuilt-layout model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) API to learn the expected sizes and positions of typeface and handwritten text elements and extract tables. Then it uses user-specified labels to learn the key/value associations and tables in the documents. We recommend that you use five manually labeled forms of the same type (same structure) to get started with training a new model. Then, add more labeled data, as needed, to improve the model accuracy. Document Intelligence enables training a model to extract key-value pairs and tables using supervised learning capabilities. +Document Intelligence uses the [prebuilt-layout model](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) API to learn the expected sizes and positions of typeface and handwritten text elements and extract tables. Then it uses user-specified labels to learn the key/value associations and tables in the documents. We recommend that you use five manually labeled forms of the same type (same structure) to get started with training a new model. Then, add more labeled data, as needed, to improve the model accuracy. Document Intelligence enables training a model to extract key-value pairs and tables using supervised learning capabilities. ### [Document Intelligence Studio](#tab/studio) Training with labels leads to better performance in some scenarios. To train wit > [!NOTE] > **the `create compose model` operation is only available for custom models trained _with_ labels.** Attempting to compose unlabeled models will produce an error. -With the [**create compose model**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/ComposeDocumentModel) operation, you can assign up to 100 trained custom models to a single model ID. When analyze documents with a composed model, Document Intelligence first classifies the form you submitted, then chooses the best matching assigned model, and returns results for that model. This operation is useful when incoming forms may belong to one of several templates. +With the [**create compose model**](/rest/api/aiservices/document-models/compose-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) operation, you can assign up to 100 trained custom models to a single model ID. When analyze documents with a composed model, Document Intelligence first classifies the form you submitted, then chooses the best matching assigned model, and returns results for that model. This operation is useful when incoming forms may belong to one of several templates. ### [Document Intelligence Studio](#tab/studio) Once the training process has successfully completed, you can begin to build you #### Compose your custom models -The [compose model API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/ComposeDocumentModel) accepts a list of model IDs to be composed. +The [compose model API](/rest/api/aiservices/document-models/compose-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) accepts a list of model IDs to be composed. :::image type="content" source="../media/compose-model-request-body.png" alt-text="Screenshot of compose model request."::: #### Analyze documents -To make an [**Analyze document**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) request, use a unique model name in the request parameters. +To make an [**Analyze document**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) request, use a unique model name in the request parameters. :::image type="content" source="../media/custom-model-analyze-request.png" alt-text="Screenshot of a custom model request URL."::: #### Manage your composed models -You can manage custom models throughout your development needs including [**copying**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/CopyDocumentModelTo), [**listing**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/GetModels), and [**deleting**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/DeleteModel) your models. +You can manage custom models throughout your development needs including [**copying**](/rest/api/aiservices/document-models/copy-model-to?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP), [**listing**](/rest/api/aiservices/document-models/get-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTPs), and [**deleting**](/rest/api/aiservices/document-models/delete-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) your models. ### [Client libraries](#tab/sdks) When the operation completes, your newly composed model appears in the list. ### [**REST API**](#tab/rest) -Using the **REST API**, you can make a [**Compose Custom Model**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/ComposeDocumentModel) request to create a single composed model from existing models. The request body requires a string array of your `modelIds` to compose and you can optionally define the `modelName`. +Using the **REST API**, you can make a [**Compose Custom Model**](/rest/api/aiservices/document-models/compose-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) request to create a single composed model from existing models. The request body requires a string array of your `modelIds` to compose and you can optionally define the `modelName`. ### [**Client-library SDKs**](#tab/sdks) Use the programming language code of your choice to create a composed model that ### [**REST API**](#tab/rest) -Using the REST API, you can make an [Analyze Document](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) request to analyze a document and extract key-value pairs and table data. +Using the REST API, you can make an [Analyze Document](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) request to analyze a document and extract key-value pairs and table data. ### [**Client-library SDKs**](#tab/sdks) Test your newly trained models by [analyzing forms](build-a-custom-model.md?view ## Manage your custom models -You can [manage your custom models](../how-to-guides/use-sdk-rest-api.md?view=doc-intel-2.1.0&preserve-view=true) throughout their lifecycle by viewing a [list of all custom models](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/GetModels) under your subscription, retrieving information about [a specific custom model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/GetModel), and [deleting custom models](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/DeleteModel) from your account. +You can [manage your custom models](../how-to-guides/use-sdk-rest-api.md?view=doc-intel-2.1.0&preserve-view=true) throughout their lifecycle by viewing a [list of all custom models](/rest/api/aiservices/document-models/get-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTPs) under your subscription, retrieving information about [a specific custom model](/rest/api/aiservices/document-models/get-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP), and [deleting custom models](/rest/api/aiservices/document-models/delete-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) from your account. Great! You've learned the steps to create custom and composed models and use them in your Document Intelligence projects and applications. Great! You've learned the steps to create custom and composed models and use the Learn more about the Document Intelligence client library by exploring our API reference documentation. > [!div class="nextstepaction"]-> [Document Intelligence API reference](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +> [Document Intelligence API reference](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) ::: moniker-end |
ai-services | Use Sdk Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/how-to-guides/use-sdk-rest-api.md | Congratulations! You've learned to use Document Intelligence models to analyze v > [Try the Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio) > [!div class="nextstepaction"]-> [Explore the Document Intelligence REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +> [Explore the Document Intelligence REST API](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) ::: moniker-end ::: moniker range="doc-intel-2.1.0" |
ai-services | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/overview.md | You can use Document Intelligence to automate document processing in application | Model ID | Description| Development options | |-|--|-|-|**prebuilt-contract**|Extract contract agreement and party details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=contract)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +|**prebuilt-contract**|Extract contract agreement and party details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=contract)</br>● [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) > [!div class="nextstepaction"] > [Return to model types](#prebuilt-models) You can use Document Intelligence to automate document processing in application | Model ID | Description| Development options | |-|--|-|-|**prebuilt-tax.us.1098**|Extract mortgage interest information and details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.1098)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +|**prebuilt-tax.us.1098**|Extract mortgage interest information and details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.1098)</br>● [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) > [!div class="nextstepaction"] > [Return to model types](#prebuilt-models) You can use Document Intelligence to automate document processing in application | Model ID | Description |Development options | |-|--|-|-|**prebuilt-tax.us.1098E**|Extract student loan information and details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.1098E)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +|**prebuilt-tax.us.1098E**|Extract student loan information and details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.1098E)</br>● [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) > [!div class="nextstepaction"] > [Return to model types](#prebuilt-models) You can use Document Intelligence to automate document processing in application | Model ID |Description|Development options | |-|--|--|-|**prebuilt-tax.us.1098T**|Extract tuition information and details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.1098T)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +|**prebuilt-tax.us.1098T**|Extract tuition information and details.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.1098T)</br>● [**REST API**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) > [!div class="nextstepaction"] > [Return to model types](#prebuilt-models) You can use Document Intelligence to automate document processing in application | About | Description |Automation use cases |Development options | |-|--|--|--|-|[**Custom model**](concept-custom.md) | Extracts information from forms and documents into structured data based on a model created from a set of representative training document sets.|Extract distinct data from forms and documents specific to your business and use cases.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/BuildDocumentModel)</br>● [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| +|[**Custom model**](concept-custom.md) | Extracts information from forms and documents into structured data based on a model created from a set of representative training document sets.|Extract distinct data from forms and documents specific to your business and use cases.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>● [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)| > [!div class="nextstepaction"] > [Return to custom model types](#custom-models) You can use Document Intelligence to automate document processing in application | About | Description |Automation use cases | Development options | |-|--|-|--|-|[**Custom Template model**](concept-custom-template.md) | The custom template model extracts labeled values and fields from structured and semi-structured documents.</br> | Extract key data from highly structured documents with defined visual templates or common visual layouts, forms.| ● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/BuildDocumentModel)</br>● [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true) +|[**Custom Template model**](concept-custom-template.md) | The custom template model extracts labeled values and fields from structured and semi-structured documents.</br> | Extract key data from highly structured documents with defined visual templates or common visual layouts, forms.| ● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>● [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true) > [!div class="nextstepaction"] > [Return to custom model types](#custom-models) You can use Document Intelligence to automate document processing in application | About | Description |Automation use cases | Development options | |-|--|-|--|- |[**Custom Neural model**](concept-custom-neural.md)| The custom neural model is used to extract labeled data from structured (surveys, questionnaires), semi-structured (invoices, purchase orders), and unstructured documents (contracts, letters).|Extract text data, checkboxes, and tabular fields from structured and unstructured documents.|[**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/BuildDocumentModel)</br>● [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true) + |[**Custom Neural model**](concept-custom-neural.md)| The custom neural model is used to extract labeled data from structured (surveys, questionnaires), semi-structured (invoices, purchase orders), and unstructured documents (contracts, letters).|Extract text data, checkboxes, and tabular fields from structured and unstructured documents.|[**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](/rest/api/aiservices/document-models/build-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>● [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true)</br>● [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true) > [!div class="nextstepaction"] > [Return to custom model types](#custom-models) You can use Document Intelligence to automate document processing in application | About | Description |Automation use cases | Development options | |-|--|-|--|-|[**Composed custom models**](concept-composed-models.md)| A composed model is created by taking a collection of custom models and assigning them to a single model built from your form types.| Useful when you train several models and want to group them to analyze similar form types like purchase orders.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/ComposeDocumentModel)</br>● [**C# SDK**](/dotnet/api/azure.ai.formrecognizer.training.formtrainingclient.startcreatecomposedmodel)</br>● [**Java SDK**](/jav?view=doc-intel-3.0.0&preserve-view=true) +|[**Composed custom models**](concept-composed-models.md)| A composed model is created by taking a collection of custom models and assigning them to a single model built from your form types.| Useful when you train several models and want to group them to analyze similar form types like purchase orders.|● [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [**REST API**](/rest/api/aiservices/document-models/compose-model?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br>● [**C# SDK**](/dotnet/api/azure.ai.formrecognizer.training.formtrainingclient.startcreatecomposedmodel)</br>● [**Java SDK**](/jav?view=doc-intel-3.0.0&preserve-view=true) > [!div class="nextstepaction"] > [Return to custom model types](#custom-models) You can use Document Intelligence to automate document processing in application | About | Description |Automation use cases | Development options | |-|--|-|--|-|[**Composed classification model**](concept-custom-classifier.md)| Custom classification models combine layout and language features to detect, identify, and classify documents within an input file.|● A loan application packaged containing application form, payslip, and, bank statement.</br>● A collection of scanned invoices. |● [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/BuildDocumentClassifier)</br> +|[**Composed classification model**](concept-custom-classifier.md)| Custom classification models combine layout and language features to detect, identify, and classify documents within an input file.|● A loan application packaged containing application form, payslip, and, bank statement.</br>● A collection of scanned invoices. |● [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</br>● [REST API](/rest/api/aiservices/document-classifiers/build-classifier?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> > [!div class="nextstepaction"] > [Return to custom model types](#custom-models) |
ai-services | Sdk Overview V3 0 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/sdk-overview-v3-0.md | Document Intelligence SDK supports the following languages and platforms: | Language → Document Intelligence SDK version | Package| Supported API version| Platform support | |:-:|:-|:-| :-|-| [.NET/C# → 4.0.0 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/dotnet/Azure.AI.FormRecognizer/4.0.0/https://docsupdatetracker.net/index.html)|[NuGet](https://www.nuget.org/packages/Azure.AI.FormRecognizer)|[v3.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux, Docker](https://dotnet.microsoft.com/download)| -|[Java → 4.0.6 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/java/azure-ai-formrecognizer/4.0.0/https://docsupdatetracker.net/index.html) |[MVN repository](https://mvnrepository.com/artifact/com.azure/azure-ai-formrecognizer/4.0.0-beta.6) |[v3.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/java/openjdk/install)| -|[JavaScript → 4.0.0 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/javascript/azure-ai-form-recognizer/4.0.0/https://docsupdatetracker.net/index.html)| [npm](https://www.npmjs.com/package/@azure/ai-form-recognizer)| [v3.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) | [Browser, Windows, macOS, Linux](https://nodejs.org/en/download/) | -|[Python → 3.2.0 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-formrecognizer/3.2.0/https://docsupdatetracker.net/index.html) | [PyPI](https://pypi.org/project/azure-ai-formrecognizer/3.2.0/)| [v3.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/azure/developer/python/configure-local-development-environment?tabs=windows%2Capt%2Ccmd#use-the-azure-cli) +| [.NET/C# → 4.0.0 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/dotnet/Azure.AI.FormRecognizer/4.0.0/https://docsupdatetracker.net/index.html)|[NuGet](https://www.nuget.org/packages/Azure.AI.FormRecognizer)|[v3.0](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux, Docker](https://dotnet.microsoft.com/download)| +|[Java → 4.0.6 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/java/azure-ai-formrecognizer/4.0.0/https://docsupdatetracker.net/index.html) |[MVN repository](https://mvnrepository.com/artifact/com.azure/azure-ai-formrecognizer/4.0.0-beta.6) |[v3.0](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/java/openjdk/install)| +|[JavaScript → 4.0.0 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/javascript/azure-ai-form-recognizer/4.0.0/https://docsupdatetracker.net/index.html)| [npm](https://www.npmjs.com/package/@azure/ai-form-recognizer)| [v3.0](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) | [Browser, Windows, macOS, Linux](https://nodejs.org/en/download/) | +|[Python → 3.2.0 (GA)](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-formrecognizer/3.2.0/https://docsupdatetracker.net/index.html) | [PyPI](https://pypi.org/project/azure-ai-formrecognizer/3.2.0/)| [v3.0](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/azure/developer/python/configure-local-development-environment?tabs=windows%2Capt%2Ccmd#use-the-azure-cli) ## Supported Clients The [Microsoft Q&A](/answers/topics/azure-form-recognizer.html) and [Stack Overf ## Next steps >[!div class="nextstepaction"]-> [**Explore Document Intelligence REST API v3.0**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +> [**Explore Document Intelligence REST API v3.0**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) > [!div class="nextstepaction"] > [**Try a Document Intelligence quickstart**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true) |
ai-services | Sdk Overview V3 1 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/sdk-overview-v3-1.md | Document Intelligence SDK supports the following languages and platforms: | Language ΓåÆ Document Intelligence SDK version           | Package| Supported API version          | Platform support | |:-:|:-|:-| :-:|-| [**.NET/C# ΓåÆ latest (GA)**](/dotnet/api/overview/azure/ai.formrecognizer-readme?view=azure-dotnet&preserve-view=true)|[NuGet](https://www.nuget.org/packages/Azure.AI.FormRecognizer/4.1.0)|[• 2023-07-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [• 2022-08-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux, Docker](https://dotnet.microsoft.com/download)| -|[**Java ΓåÆ latest (GA)**](https://azuresdkdocs.blob.core.windows.net/$web/java/azure-ai-formrecognizer/4.1.0/https://docsupdatetracker.net/index.html) |[MVN repository](https://mvnrepository.com/artifact/com.azure/azure-ai-formrecognizer/4.1.0) |[• 2023-07-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [• 2022-08-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/java/openjdk/install)| -|[**JavaScript ΓåÆ latest (GA)**](https://azuresdkdocs.blob.core.windows.net/$web/javascript/azure-ai-form-recognizer/5.0.0/https://docsupdatetracker.net/index.html)| [npm](https://www.npmjs.com/package/@azure/ai-form-recognizer)| [• 2023-07-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> • [2022-08-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) | [Browser, Windows, macOS, Linux](https://nodejs.org/en/download/) | -|[**Python ΓåÆ latest (GA)**](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-formrecognizer/3.3.0/https://docsupdatetracker.net/index.html) | [PyPI](https://pypi.org/project/azure-ai-formrecognizer/3.3.0/)| [• 2023-07-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> • [2022-08-31 (GA)](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/azure/developer/python/configure-local-development-environment?tabs=windows%2Capt%2Ccmd#use-the-azure-cli) +| [**.NET/C# ΓåÆ latest (GA)**](/dotnet/api/overview/azure/ai.formrecognizer-readme?view=azure-dotnet&preserve-view=true)|[NuGet](https://www.nuget.org/packages/Azure.AI.FormRecognizer/4.1.0)|[• 2023-07-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [• 2022-08-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux, Docker](https://dotnet.microsoft.com/download)| +|[**Java ΓåÆ latest (GA)**](https://azuresdkdocs.blob.core.windows.net/$web/java/azure-ai-formrecognizer/4.1.0/https://docsupdatetracker.net/index.html) |[MVN repository](https://mvnrepository.com/artifact/com.azure/azure-ai-formrecognizer/4.1.0) |[• 2023-07-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [• 2022-08-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/java/openjdk/install)| +|[**JavaScript ΓåÆ latest (GA)**](https://azuresdkdocs.blob.core.windows.net/$web/javascript/azure-ai-form-recognizer/5.0.0/https://docsupdatetracker.net/index.html)| [npm](https://www.npmjs.com/package/@azure/ai-form-recognizer)| [• 2023-07-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> • [2022-08-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) | [Browser, Windows, macOS, Linux](https://nodejs.org/en/download/) | +|[**Python ΓåÆ latest (GA)**](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-formrecognizer/3.3.0/https://docsupdatetracker.net/index.html) | [PyPI](https://pypi.org/project/azure-ai-formrecognizer/3.3.0/)| [• 2023-07-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> • [2022-08-31 (GA)](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP)</br> [• v2.1](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync)</br>[• v2.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2/operations/AnalyzeLayoutAsync) |[Windows, macOS, Linux](/azure/developer/python/configure-local-development-environment?tabs=windows%2Capt%2Ccmd#use-the-azure-cli) ## Supported Clients The [Microsoft Q&A](/answers/topics/azure-form-recognizer.html) and [Stack Overf ## Next steps > [!div class="nextstepaction"]->Explore [**Document Intelligence REST API 2023-07-31**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) operations. +>Explore [**Document Intelligence REST API 2023-07-31**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) operations. |
ai-services | V3 1 Migration Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/v3-1-migration-guide.md | GET https://{your-form-recognizer-endpoint}/formrecognizer/info? api-version=202 ## Next steps -* [Review the new REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument) +* [Review the new REST API](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP) * [What is Document Intelligence?](overview.md) * [Document Intelligence quickstart](quickstarts/get-started-sdks-rest-api.md) |
ai-services | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/whats-new.md | The v3.1 API introduces new and updated capabilities: * US Military ID > [!TIP]-> All January 2023 updates are available with [REST API version **2022-08-31 (GA)**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument). +> All January 2023 updates are available with [REST API version **2022-08-31 (GA)**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP). * **[Prebuilt receipt model](concept-receipt.md#supported-languages-and-locales)ΓÇöadditional language support**: The v3.1 API introduces new and updated capabilities: * Document Intelligence v3.0 generally available - * **Document Intelligence REST API v3.0 is now generally available and ready for use in production applications!** Update your applications with [**REST API version 2022-08-31**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2023-07-31/operations/AnalyzeDocument). + * **Document Intelligence REST API v3.0 is now generally available and ready for use in production applications!** Update your applications with [**REST API version 2022-08-31**](/rest/api/aiservices/document-models/analyze-document?view=rest-aiservices-2023-07-31&preserve-view=true&tabs=HTTP). * Document Intelligence Studio updates > [!div class="checklist"] |
ai-services | Document Summarization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/summarization/how-to/document-summarization.md | You can also use the `sortby` parameter to specify in what order the extracted s ### Try document abstractive summarization -<!-- [Reference documentation](https://go.microsoft.com/fwlink/?linkid=2211684) --> - The following example gets you started with document abstractive summarization: 1. Copy the command below into a text editor. The BASH example uses the `\` line continuation character. If your console or terminal uses a different line continuation character, use that character instead. |
ai-services | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/summarization/overview.md | As you use document summarization in your applications, see the following refere |JavaScript | [JavaScript documentation](/javascript/api/overview/azure/ai-text-analytics-readme?view=azure-node-preview&preserve-view=true) | [JavaScript samples](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/textanalytics/ai-text-analytics/samples/v5) | |Python | [Python documentation](/python/api/overview/azure/ai-textanalytics-readme?view=azure-python-preview&preserve-view=true) | [Python samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/textanalytics/azure-ai-textanalytics/samples) | -<!-- |REST API | [REST API documentation](https://go.microsoft.com/fwlink/?linkid=2211684) | | --> - ## Responsible AI An AI system includes not only the technology, but also the people who will use it, the people who will be affected by it, and the environment in which itΓÇÖs deployed. Read the [transparency note for summarization](/legal/cognitive-services/language-service/transparency-note-extractive-summarization?context=/azure/ai-services/language-service/context/context) to learn about responsible AI use and deployment in your systems. You can also see the following articles for more information: |
ai-services | Models | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/concepts/models.md | See [model versions](../concepts/model-versions.md) to learn about how Azure Ope | `gpt-4-32k`(0314) | 32,768 | Sep 2021 | | `gpt-4` (0613) | 8,192 | Sep 2021 | | `gpt-4-32k` (0613) | 32,768 | Sep 2021 |-| `gpt-4` (1106-preview)**<sup>1</sup>** | Input: 128,000 <br> Output: 4096 | Apr 2023 | +| `gpt-4` (1106-preview)**<sup>1</sup>**<br>**GPT-4 Turbo Preview** | Input: 128,000 <br> Output: 4096 | Apr 2023 | -**<sup>1</sup>** We don't recommend using this model in production. We will upgrade all deployments of this model to a future stable version. Models designated preview do not follow the standard Azure OpenAI model lifecycle. +**<sup>1</sup>** GPT-4 Turbo Preview = `gpt-4` (1106-preview). To deploy this model, under **Deployments** select model **gpt-4**. For **Model version** select **1106-preview**. We don't recommend using this model in production. We will upgrade all deployments of this model to a future stable version. Models designated preview do not follow the standard Azure OpenAI model lifecycle. > [!NOTE] > Regions where GPT-4 (0314) & (0613) are listed as available have access to both the 8K and 32K versions of the model |
ai-services | Content Filters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/content-filters.md | keywords: # How to configure content filters with Azure OpenAI Service > [!NOTE]-> All customers have the ability to modify the content filters to be stricter (for example, to filter content at lower severity levels than the default). Approval is required for full content filtering control, including (i) configuring content filters at severity level high only (ii) or turning the content filters off. Managed customers only may apply for full content filtering control via this form: [Azure OpenAI Limited Access Review: Modified Content Filters and Abuse Monitoring (microsoft.com)](https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR7en2Ais5pxKtso_Pz4b1_xURE01NDY1OUhBRzQ3MkQxMUhZSE1ZUlJKTiQlQCN0PWcu). +> All customers have the ability to modify the content filters to be stricter (for example, to filter content at lower severity levels than the default). Approval is required for turning the content filters partially or fully off. Managed customers only may apply for full content filtering control via this form: [Azure OpenAI Limited Access Review: Modified Content Filters and Abuse Monitoring (microsoft.com)](https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR7en2Ais5pxKtso_Pz4b1_xURE01NDY1OUhBRzQ3MkQxMUhZSE1ZUlJKTiQlQCN0PWcu). -The content filtering system integrated into Azure OpenAI Service runs alongside the core models and uses an ensemble of multi-class classification models to detect four categories of harmful content (violence, hate, sexual, and self-harm) at four severity levels respectively (safe, low, medium, and high), and optional binary classifiers for detecting jailbreak risk, existing text, and code in public repositories. The default content filtering configuration is set to filter at the medium severity threshold for all four content harms categories for both prompts and completions. That means that content that is detected at severity level medium or high is filtered, while content detected at severity level low or safe is not filtered by the content filters. Learn more about content categories, severity levels, and the behavior of the content filtering system [here](../concepts/content-filter.md). Jailbreak risk detection and protected text and code models are optional and off by default. For jailbreak and protected material text and code models, the configurability feature allows all customers to turn the models on and off. The models are by default off and can be turned on per your scenario. Note that some models are required to be on for certain scenarios to retain coverage under the [Customer Copyright Commitment](https://www.microsoft.com/licensing/news/Microsoft-Copilot-Copyright-Commitment). +The content filtering system integrated into Azure OpenAI Service runs alongside the core models and uses an ensemble of multi-class classification models to detect four categories of harmful content (violence, hate, sexual, and self-harm) at four severity levels respectively (safe, low, medium, and high), and optional binary classifiers for detecting jailbreak risk, existing text, and code in public repositories. The default content filtering configuration is set to filter at the medium severity threshold for all four content harms categories for both prompts and completions. That means that content that is detected at severity level medium or high is filtered, while content detected at severity level low or safe is not filtered by the content filters. Learn more about content categories, severity levels, and the behavior of the content filtering system [here](../concepts/content-filter.md). Jailbreak risk detection and protected text and code models are optional and off by default. For jailbreak and protected material text and code models, the configurability feature allows all customers to turn the models on and off. The models are by default off and can be turned on per your scenario. Note that some models are required to be on for certain scenarios to retain coverage under the [Customer Copyright Commitment](/legal/cognitive-services/openai/customer-copyright-commitment?context=%2Fazure%2Fai-services%2Fopenai%2Fcontext%2Fcontext). Content filters can be configured at resource level. Once a new configuration is created, it can be associated with one or more deployments. For more information about model deployment, see the [resource deployment guide](create-resource.md). |
ai-services | Embeddings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/embeddings.md | AzureKeyCredential credentials = new (oaiKey); OpenAIClient openAIClient = new (oaiEndpoint, credentials); -EmbeddingsOptions embeddingOptions = new ("Your text string goes here"); +EmbeddingsOptions embeddingOptions = new() +{ + DeploymentName = "text-embedding-ada-002", + Input = { "Your text string goes here" }, +}; -var returnValue = openAIClient.GetEmbeddings("YOUR_DEPLOYMENT_NAME", embeddingOptions); +var returnValue = openAIClient.GetEmbeddings(embeddingOptions); -foreach (float item in returnValue.Value.Data[0].Embedding) +foreach (float item in returnValue.Value.Data[0].Embedding.ToArray()) { Console.WriteLine(item); } |
ai-services | Latency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/latency.md | + + Title: Azure OpenAI Service performance & latency ++description: Learn about performance and latency with Azure OpenAI +++ Last updated : 11/21/2023+++recommendations: false ++++# Performance and latency ++This article will provide you with background around how latency works with Azure OpenAI and how to optimize your environment to improve performance. ++## What is latency? ++The high level definition of latency in this context is the amount of time it takes to get a response back from the model. For completion and chat completion requests, latency is largely dependent on model type as well as the number of tokens generated and returned. The number of tokens sent to the model as part of the input token limit, has a much smaller overall impact on latency. ++## Improve performance ++### Model selection ++Latency varies based on what model you are using. For an identical request, it is expected that different models will have a different latency. If your use case requires the lowest latency models with the fastest response times we recommend the latest models in the [GPT-3.5 Turbo model series](../concepts/models.md#gpt-35-models). ++### Max tokens ++When you send a completion request to the Azure OpenAI endpoint your input text is converted to tokens which are then sent to your deployed model. The model receives the input tokens and then begins generating a response. It's an iterative sequential process, one token at a time. Another way to think of it is like a for loop with `n tokens = n iterations`. ++So another important factor when evaluating latency is how many tokens are being generated. This is controlled largely via the `max_tokens` parameter. Reducing the number of tokens generated per request will reduce the latency of each request. ++### Streaming ++**Examples of when to use streaming**: ++Chat bots and conversational interfaces. ++Streaming impacts perceived latency. If you have streaming enabled you'll receive tokens back in chunks as soon as they're available. From a user perspective, this often feels like the model is responding faster even though the overall time to complete the request remains the same. ++**Examples of when streaming is less important**: ++Sentiment analysis, language translation, content generation. ++There are many use cases where you are performing some bulk task where you only care about the finished result, not the real-time response. If streaming is disabled, you won't receive any tokens until the model has finished the entire response. ++### Content filtering ++Azure OpenAI includes a [content filtering system](./content-filters.md) that works alongside the core models. This system works by running both the prompt and completion through an ensemble of classification models aimed at detecting and preventing the output of harmful content. ++The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions. ++The addition of content filtering comes with an increase in safety, but also latency. There are many applications where this tradeoff in performance is necessary, however there are certain lower risk use cases where disabling the content filters to improve performance might be worth exploring. ++Learn more about requesting modifications to the default, [content filtering policies](./content-filters.md). ++## Summary ++* **Model latency**: If model latency is important to you we recommend trying out our latest models in the [GPT-3.5 Turbo model series](../concepts/models.md). ++* **Lower max tokens**: OpenAI has found that even in cases where the total number of tokens generated is similar the request with the higher value set for the max token parameter will have more latency. ++* **Lower total tokens generated**: The fewer tokens generated the faster the overall response will be. Remember this is like having a for loop with `n tokens = n iterations`. Lower the number of tokens generated and overall response time will improve accordingly. ++* **Streaming**: Enabling streaming can be useful in managing user expectations in certain situations by allowing the user to see the model response as it is being generated rather than having to wait until the last token is ready. ++* **Content Filtering** improves safety, but it also impacts latency. Evaluate if any of your workloads would benefit from [modified content filtering policies](./content-filters.md). |
ai-services | Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/migration.md | description: Learn about migrating to the latest release of the OpenAI Python li -+ Last updated 11/15/2023 asyncio.run(dall_e()) - `openai.aiosession` (OpenAI now uses `httpx`) - `openai.Deployment` (Previously used for Azure OpenAI) - `openai.Engine`-- `openai.File.find_matching_files()`+- `openai.File.find_matching_files()` |
ai-services | Switching Endpoints | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/switching-endpoints.md | Title: How to switch between OpenAI and Azure OpenAI Service endpoints with Python description: Learn about the changes you need to make to your code to swap back and forth between OpenAI and Azure OpenAI endpoints.--++ Previously updated : 07/20/2023 Last updated : 11/22/2023 -> [!NOTE] -> This library is maintained by OpenAI and is currently in preview. Refer to the [release history](https://github.com/openai/openai-python/releases) or the [version.py commit history](https://github.com/openai/openai-python/commits/main/openai/version.py) to track the latest updates to the library. +This article only shows examples with the new OpenAI Python 1.x API library. For information on migrating from `0.28.1` to `1.x` refer to our [migration guide](./migration.md). ## Authentication We recommend using environment variables. If you haven't done this before our [P <td> ```python-import openai +from openai import OpenAI ++client = OpenAI( + api_key=os.environ['OPENAI_API_KEY'] +) -openai.api_key = "sk-..." -openai.organization = "..." ``` openai.organization = "..." <td> ```python-import openai --openai.api_type = "azure" -openai.api_key = "..." -openai.api_base = "https://example-endpoint.openai.azure.com" -openai.api_version = "2023-05-15" # subject to change +import os +from openai import AzureOpenAI + +client = AzureOpenAI( + api_key=os.getenv("AZURE_OPENAI_KEY"), + api_version="2023-10-01-preview", + azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT") + ) ``` </td> openai.api_version = "2023-05-15" # subject to change <td> ```python-import openai +from openai import OpenAI ++client = OpenAI( + api_key=os.environ['OPENAI_API_KEY'] +) + -openai.api_key = "sk-..." -openai.organization = "..." openai.organization = "..." <td> ```python-import openai -from azure.identity import DefaultAzureCredential +from azure.identity import DefaultAzureCredential, get_bearer_token_provider +from openai import AzureOpenAI -credential = DefaultAzureCredential() -token = credential.get_token("https://cognitiveservices.azure.com/.default") +token_provider = get_bearer_token_provider(DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default") -openai.api_type = "azure_ad" -openai.api_key = token.token -openai.api_base = "https://example-endpoint.openai.azure.com" -openai.api_version = "2023-05-15" # subject to change +api_version = "2023-12-01-preview" +endpoint = "https://my-resource.openai.azure.com" ++client = AzureOpenAI( + api_version=api_version, + azure_endpoint=endpoint, + azure_ad_token_provider=token_provider, +) ``` </td> For OpenAI `engine` still works in most instances, but it's deprecated and `mode <td> ```python-completion = openai.Completion.create( - prompt="<prompt>", - model="text-davinci-003" -) - -chat_completion = openai.ChatCompletion.create( - messages="<messages>", - model="gpt-4" +completion = client.completions.create( + model='gpt-3.5-turbo-instruct', + prompt="<prompt>) ) -embedding = openai.Embedding.create( - input="<input>", - model="text-embedding-ada-002" +chat_completion = client.chat.completions.create( + model="gpt-4", + messages="<messages>" ) ---+embedding = client.embeddings.create( + input="<input>", + model="text-embedding-ada-002" +) ``` </td> <td> ```python-completion = openai.Completion.create( - prompt="<prompt>", - deployment_id="text-davinci-003" # This must match the custom deployment name you chose for your model. - #engine="text-davinci-003" +completion = client.completions.create( + model=gpt-35-turbo-instruct, # This must match the custom deployment name you chose for your model. + prompt=<"prompt"> )- -chat_completion = openai.ChatCompletion.create( - messages="<messages>", - deployment_id="gpt-4" # This must match the custom deployment name you chose for your model. - #engine="gpt-4" +chat_completion = client.chat.completions.create( + model="gpt-35-turbo", # model = "deployment_name". + messages=<"messages"> ) -embedding = openai.Embedding.create( - input="<input>", - deployment_id="text-embedding-ada-002" # This must match the custom deployment name you chose for your model. - #engine="text-embedding-ada-002" +embedding = client.embeddings.create( + input = "<input>", + model= "text-embedding-ada-002" # model = "deployment_name". ) ``` OpenAI currently allows a larger number of array inputs with text-embedding-ada- ```python inputs = ["A", "B", "C"] -embedding = openai.Embedding.create( +embedding = client.embeddings.create( input=inputs, model="text-embedding-ada-002" ) embedding = openai.Embedding.create( ```python inputs = ["A", "B", "C"] #max array size=16 -embedding = openai.Embedding.create( +embedding = client.embeddings.create( input=inputs,- deployment_id="text-embedding-ada-002" # This must match the custom deployment name you chose for your model. + model="text-embedding-ada-002" # This must match the custom deployment name you chose for your model. #engine="text-embedding-ada-002" )+ ``` </td> |
ai-services | Working With Models | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/working-with-models.md | description: Learn about managing model deployment life cycle, updates, & retire Last updated 10/04/2023-+ |
ai-services | Quotas Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/quotas-limits.md | The following sections provide you with a quick guide to the default quotas and |--|--| | OpenAI resources per region per Azure subscription | 30 | | Default DALL-E 2 quota limits | 2 concurrent requests |-| Default DALL-E 3 quota limits| 2 capacity units (12 requests per minute)| +| Default DALL-E 3 quota limits| 2 capacity units (6 requests per minute)| | Maximum prompt tokens per request | Varies per model. For more information, see [Azure OpenAI Service models](./concepts/models.md)| | Max fine-tuned model deployments | 5 | | Total number of training jobs per resource | 100 | |
ai-services | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/whats-new.md | keywords: ## November 2023 ++ ### GPT-4 Turbo Preview & GPT-3.5-Turbo-1106 released Both models are the latest release from OpenAI with improved instruction following, [JSON mode](./how-to/json-mode.md), [reproducible output](./how-to/reproducible-output.md), and parallel function calling. DALL-E 3 includes built-in prompt rewriting to enhance images, reduce bias, and Try out DALL-E 3 by following a [quickstart](./dall-e-quickstart.md). +### Responsible AI ++- **Expanded customer configurability**: All Azure OpenAI customers can now configure all severity levels (low, medium, high) for the categories hate, violence, sexual and self-harm, including filtering only high severity content. [Configure content filters](./how-to/content-filters.md) ++- **Content Credentials in all DALL-E models**: AI-generated images from all DALL-E models now include a digital credential that discloses the content as AI-generated. Applications that display image assets can leverage the open source [Content Authenticity Initiative SDK](https://opensource.contentauthenticity.org/docs/js-sdk/getting-started/quick-start/) to display credentials in their AI generated images. [Content Credentials in Azure OpenAI](/azure/ai-services/openai/concepts/content-credentials) +++- **New RAI models** + + - **Jailbreak risk detection**: Jailbreak attacks are user prompts designed to provoke the Generative AI model into exhibiting behaviors it was trained to avoid or to break the rules set in the System Message. The jailbreak risk detection model is optional (default off), and available in annotate and filter model. It runs on user prompts. + - **Protected material text**: Protected material text describes known text content (for example, song lyrics, articles, recipes, and selected web content) that can be outputted by large language models. The protected material text model is optional (default off), and available in annotate and filter model. It runs on LLM completions. + - **Protected material code**: Protected material code describes source code that matches a set of source code from public repositories, which can be outputted by large language models without proper citation of source repositories. The protected material code model is optional (default off), and available in annotate and filter model. It runs on LLM completions. ++ [Configure content filters](./how-to/content-filters.md) ++- **Blocklists**: Customers can now quickly customize content filter behavior for prompts and completions further by creating a custom blocklist in their filters. The custom blocklist allows the filter to take action on a customized list of patterns, such as specific terms or regex patterns. In addition to custom blocklists, we provide a Microsoft profanity blocklist (English). [Use blocklists](./how-to/use-blocklists.md) ## October 2023 ### New fine-tuning models (preview) |
ai-services | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/policy-reference.md | Title: Built-in policy definitions for Azure AI services description: Lists Azure Policy built-in policy definitions for Azure AI services. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
ai-services | Recover Purge Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/recover-purge-resources.md | + + Title: Recover or purge deleted Azure AI services resources ++description: This article provides instructions on how to recover or purge an already-deleted Azure AI services resource. ++++ Last updated : 11/15/2023++++# Recover or purge deleted Azure AI services resources ++This article provides instructions on how to recover or purge an Azure AI services resource that is already deleted. ++Once you delete a resource, you won't be able to create another one with the same name for 48 hours. To create a resource with the same name, you need to purge the deleted resource. ++> [!NOTE] +> The instructions in this article are applicable to both a multi-service resource and a single-service resource. A multi-service resource enables access to multiple Azure AI services using a single key and endpoint. On the other hand, a single-service resource enables access to just that specific Azure AI service for which the resource was created. ++## Recover a deleted resource ++The following prerequisites must be met before you can recover a deleted resource: ++* The resource to be recovered must have been deleted within the past 48 hours. +* The resource to be recovered must not have been purged already. A purged resource can't be recovered. +* Before you attempt to recover a deleted resource, make sure that the resource group for that account exists. If the resource group was deleted, you must recreate it. Recovering a resource group isn't possible. For more information, seeΓÇ»[Manage resource groups](../azure-resource-manager/management/manage-resource-groups-portal.md). +* If the deleted resource used customer-managed keys with Azure Key Vault and the key vault have also been deleted, then you must restore the key vault before you restore the Azure AI services resource. For more information, see [Azure Key Vault recovery management](../key-vault/general/key-vault-recovery.md). +* If the deleted resource used a customer-managed storage and storage account has also been deleted, you must restore the storage account before you restore the Azure AI services resource. For instructions, see [Recover a deleted storage account](../storage/common/storage-account-recover.md). ++To recover a deleted Azure AI services resource, use the following commands. Where applicable, replace: ++* `{subscriptionID}` with your Azure subscription ID +* `{resourceGroup}` with your resource group +* `{resourceName}` with your resource name +* `{location}` with the location of your resource +++# [Azure portal](#tab/azure-portal) ++If you need to recover a deleted resource, navigate to the hub of the Azure AI services API type and select "Manage deleted resources" from the menu. For example, if you would like to recover an "Anomaly detector" resource, search for "Anomaly detector" in the search bar and select the service. Then select **Manage deleted resources**. ++Select the subscription in the dropdown list to locate the deleted resource you would like to recover. Select one or more of the deleted resources and select **Recover**. +++> [!NOTE] +> It can take a couple of minutes for your deleted resource(s) to recover and show up in the list of the resources. Select the **Refresh** button in the menu to update the list of resources. ++# [Rest API](#tab/rest-api) ++Use the following `PUT` command: ++```rest-api +https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroup}/providers/Microsoft.CognitiveServices/accounts/{resourceName}?Api-Version=2021-04-30 +``` ++In the request body, use the following JSON format: ++```json +{ + "location": "{location}", + "properties": { + "restore": true + } +} +``` ++# [PowerShell](#tab/powershell) ++Use the following command to restore the resource: ++```powershell +New-AzResource -Location {location} -Properties @{restore=$true} -ResourceId /subscriptions/{subscriptionID}/resourceGroups/{resourceGroup}/providers/Microsoft.CognitiveServices/accounts/{resourceName} -ApiVersion 2021-04-30 +``` ++If you need to find the name of your deleted resources, you can get a list of deleted resource names with the following command: ++```powershell +Get-AzResource -ResourceId /subscriptions/{subscriptionId}/providers/Microsoft.CognitiveServices/deletedAccounts -ApiVersion 2021-04-30 +``` ++# [Azure CLI](#tab/azure-cli) ++```azurecli-interactive +az resource create --subscription {subscriptionID} -g {resourceGroup} -n {resourceName} --location {location} --namespace Microsoft.CognitiveServices --resource-type accounts --properties "{\"restore\": true}" +``` ++++## Purge a deleted resource ++Your subscription must have `Microsoft.CognitiveServices/locations/resourceGroups/deletedAccounts/delete` permissions to purge resources, such as [Cognitive Services Contributor](../role-based-access-control/built-in-roles.md#cognitive-services-contributor) or [Contributor](../role-based-access-control/built-in-roles.md#contributor). ++When using `Contributor` to purge a resource the role must be assigned at the subscription level. If the role assignment is only present at the resource or resource group level, you can't access the purge functionality. ++To purge a deleted Azure AI services resource, use the following commands. Where applicable, replace: ++* `{subscriptionID}` with your Azure subscription ID +* `{resourceGroup}` with your resource group +* `{resourceName}` with your resource name +* `{location}` with the location of your resource ++> [!NOTE] +> Once a resource is purged, it is permanently deleted and cannot be restored. You will lose all data and keys associated with the resource. +++# [Azure portal](#tab/azure-portal) ++If you need to purge a deleted resource, the steps are similar to recovering a deleted resource. ++1. Navigate to the hub of the Azure AI services API type of your deleted resource. For example, if you would like to purge an "Anomaly detector" resource, search for "Anomaly detector" in the search bar and select the service. Then select **Manage deleted resources** from the menu. ++1. Select the subscription in the dropdown list to locate the deleted resource you would like to purge. ++1. Select one or more deleted resources and select **Purge**. Purging permanently deletes an Azure AI services resource. ++ :::image type="content" source="media/managing-deleted-resource.png" alt-text="A screenshot showing a list of resources that can be purged." lightbox="media/managing-deleted-resource.png"::: +++# [Rest API](#tab/rest-api) ++Use the following `DELETE` command: ++```rest-api +https://management.azure.com/subscriptions/{subscriptionID}/providers/Microsoft.CognitiveServices/locations/{location}/resourceGroups/{resourceGroup}/deletedAccounts/{resourceName}?Api-Version=2021-04-30` +``` ++# [PowerShell](#tab/powershell) ++```powershell +Remove-AzResource -ResourceId /subscriptions/{subscriptionID}/providers/Microsoft.CognitiveServices/locations/{location}/resourceGroups/{resourceGroup}/deletedAccounts/{resourceName} -ApiVersion 2021-04-30 +``` ++# [Azure CLI](#tab/azure-cli) ++```azurecli-interactive +az resource delete --ids /subscriptions/{subscriptionId}/providers/Microsoft.CognitiveServices/locations/{location}/resourceGroups/{resourceGroup}/deletedAccounts/{resourceName} +``` +++++## See also +* [Create a multi-service resource](multi-service-resource.md) +* [Create a new resource using an ARM template](create-account-resource-manager-template.md) |
ai-services | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure AI services description: Lists Azure Policy Regulatory Compliance controls available for Azure AI services. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
ai-services | How To Pronunciation Assessment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/how-to-pronunciation-assessment.md | var pronunciationAssessmentConfig = new sdk.PronunciationAssessmentConfig( gradingSystem: sdk.PronunciationAssessmentGradingSystem.HundredMark, granularity: sdk.PronunciationAssessmentGranularity.Phoneme, enableMiscue: false); -pronunciationAssessmentConfig.EnableProsodyAssessment(); -pronunciationAssessmentConfig.EnableContentAssessmentWithTopic("greeting"); +pronunciationAssessmentConfig.enableProsodyAssessment(); +pronunciationAssessmentConfig.enableContentAssessmentWithTopic("greeting"); ``` ::: zone-end |
ai-services | Speech Services Quotas And Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/speech-services-quotas-and-limits.md | These limits aren't adjustable. For more information on batch synthesis latency, | Quota | Free (F0)| Standard (S0) | |--|--|--| | File size (plain text in SSML)<sup>1</sup> | 3,000 characters per file | 20,000 characters per file |-| File size (lexicon file)<sup>2</sup> | 3,000 characters per file | 20,000 characters per file | +| File size (lexicon file)<sup>2</sup> | 30KB per file | 100KB per file| | Billable characters in SSML| 15,000 characters per file | 100,000 characters per file | | Export to audio library | 1 concurrent task | N/A | <sup>1</sup> The limit only applies to plain text in SSML and doesn't include tags. -<sup>2</sup> The limit includes all text including tags. The characters of lexicon file aren't charged. Only the lexicon elements in SSML are counted as billable characters. Refer to [billable characters](text-to-speech.md#billable-characters) to learn more. +<sup>2</sup> The characters of lexicon file aren't charged. Only the lexicon elements in SSML are counted as billable characters. Refer to [billable characters](text-to-speech.md#billable-characters) to learn more. ### Speaker recognition quotas and limits per resource |
ai-studio | Configure Managed Network | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/configure-managed-network.md | __Outbound__ service tag rules: __Inbound__ service tag rules: * `AzureMachineLearning` +> [!NOTE] +> For an Azure AI resource using a managed virtual network, a private endpoint is automatically created for a connection if the target resource is an Azure Private Link supported resource (Key Vault, Storage Account, Container Registry, Azure AI, Azure OpenAI, Azure Cognitive Search). For more on connections, see [How to add a new connection in Azure AI Studio](connections-add.md). + ## List of scenario specific outbound rules ### Scenario: Access public machine learning packages |
ai-studio | Configure Private Link | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/configure-private-link.md | description: Learn how to configure a private link for Azure AI -- - ignite-2023 + Last updated 11/15/2023 |
ai-studio | Create Projects | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/create-projects.md | You can create a project in Azure AI Studio in more than one way. The most direc 1. Enter a name for the project. 1. Select an Azure AI resource from the dropdown to host your project. If you don't have access to an Azure AI resource yet, select **Create a new resource**. - > [!TIP] - > It's recommended to share an Azure AI resource with your team. This lets you share configurations like data connections with all projects, and centrally manage security settings and spend. + :::image type="content" source="../media/how-to/projects-create-details.png" alt-text="Screenshot of the project details page within the create project dialog." lightbox="../media/how-to/projects-create-details.png"::: > [!NOTE]- > To create an Azure AI resource, you must have **Owner** or **Contributor** permissions on the selected resource group. -- :::image type="content" source="../media/how-to/projects-create-details.png" alt-text="Screenshot of the project details page within the create project dialog." lightbox="../media/how-to/projects-create-details.png"::: + > To create an Azure AI resource, you must have **Owner** or **Contributor** permissions on the selected resource group. It's recommended to share an Azure AI resource with your team. This lets you share configurations like data connections with all projects, and centrally manage security settings and spend. 1. If you're creating a new Azure AI resource, enter a name. You can create a project in Azure AI Studio in more than one way. The most direc > [!TIP] > Especially for getting started it's recommended to create a new resource group for your project. This allows you to easily manage the project and all of its resources together. When you create a project, several resources are created in the resource group, including an Azure AI resource, a container registry, and a storage account. --1. Enter the **Location** for the Azure AI resource and then select **Next**. The location is the region where the Azure AI resource is hosted. The location of the Azure AI resource is also the location of the project. -1. Review the project details and then select **Create a project**. Azure AI services availability differs per region. For example, certain models might not be available in certain regions. +1. Enter the **Location** for the Azure AI resource and then select **Next**. The location is the region where the Azure AI resource is hosted. The location of the Azure AI resource is also the location of the project. Azure AI services availability differs per region. For example, certain models might not be available in certain regions. +1. Review the project details and then select **Create a project**. :::image type="content" source="../media/how-to/projects-create-review-finish.png" alt-text="Screenshot of the review and finish page within the create project dialog." lightbox="../media/how-to/projects-create-review-finish.png"::: |
ai-studio | Evaluate Generative Ai App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/evaluate-generative-ai-app.md | description: Evaluate your generative AI application with Azure AI Studio UI and -- - ignite-2023 + Last updated 11/15/2023 |
ai-studio | Index Add | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/index-add.md | You must have: > [!NOTE] > If you see a **DeploymentNotFound** error, you need to assign more permissions. See [mitigate DeploymentNotFound error](#mitigate-deploymentnotfound-error) for more details. -1. You're taken to the index details page where you can see the status of your index creation +1. You're taken to the index details page where you can see the status of your index creation. ### Mitigate DeploymentNotFound error |
ai-studio | Python Tool | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/prompt-flow-tools/python-tool.md | description: This article introduces the Python tool for flows in Azure AI Studi -- - ignite-2023 + Last updated 11/15/2023 |
ai-studio | Troubleshoot Deploy And Monitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/troubleshoot-deploy-and-monitor.md | Option 2: Find the build log within Azure Machine Learning studio, which is a se **Answer:** We're working on improving the user experience of web app deployment at this time. For the time being, here's a tip: if your web app launch button doesn't become active after a while, try deploy again using the 'update an existing app' option. If the web app was properly deployed, it should show up on the dropdown list of your existing web apps. +**Question:** I deployed a model but I don't see it in the playground. +**Answer:** Playground only supports a few select models, such as Azure OpenAI models and Llama-2. If playground support is available, you see the **Open in playground** button on the model deployment's **Details** page. + ## Next steps - [Azure AI Studio overview](../what-is-ai-studio.md) |
ai-studio | Deploy Chat Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/tutorials/deploy-chat-web-app.md | Follow these steps to deploy a chat model and test it without your data. :::image type="content" source="../media/tutorials/chat-web-app/deploy-gpt-35-turbo-16k.png" alt-text="Screenshot of the model selection page." lightbox="../media/tutorials/chat-web-app/deploy-gpt-35-turbo-16k.png"::: 1. On the **Deploy model** page, enter a name for your deployment, and then select **Deploy**. After the deployment is created, you see the deployment details page. Details include the date you created the deployment and the created date and version of the model you deployed.-1. On the deployment details page from the previous step, select **Test in playground**. +1. On the deployment details page from the previous step, select **Open in playground**. :::image type="content" source="../media/tutorials/chat-web-app/deploy-gpt-35-turbo-16k-details.png" alt-text="Screenshot of the GPT chat deployment details." lightbox="../media/tutorials/chat-web-app/deploy-gpt-35-turbo-16k-details.png"::: |
ai-studio | Deploy Copilot Ai Studio | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/tutorials/deploy-copilot-ai-studio.md | + + Title: Build and deploy a question and answer copilot with prompt flow in Azure AI Studio ++description: Use this article to build and deploy a question and answer copilot with prompt flow in Azure AI Studio ++++ Last updated : 11/15/2023++++# Tutorial: Build and deploy a question and answer copilot with prompt flow in Azure AI Studio +++In this [Azure AI Studio](https://ai.azure.com) tutorial, you use generative AI and prompt flow to build, configure, and deploy a copilot for your retail company called Contoso. Your retail company specializes in outdoor camping gear and clothing. ++The copilot should answer questions about your products and services. It should also answer questions about your customers. For example, the copilot can answer questions such as "How much do the TrailWalker hiking shoes cost?" and "How many TrailWalker hiking shoes did Daniel Wilson buy?". ++The steps in this tutorial are: ++1. Create an Azure AI Studio project. +1. Deploy an Azure OpenAI model and chat with your data. +1. Create a prompt flow from the playground. +1. Customize prompt flow with multiple data sources. +1. Evaluate the flow using a question and answer evaluation dataset. +1. Deploy the flow for consumption. ++## Prerequisites ++- An Azure subscription - <a href="https://azure.microsoft.com/free/cognitive-services" target="_blank">Create one for free</a>. +- Access granted to Azure OpenAI in the desired Azure subscription. ++ Currently, access to this service is granted only by application. You can apply for access to Azure OpenAI by completing the form at <a href="https://aka.ms/oai/access" target="_blank">https://aka.ms/oai/access</a>. Open an issue on this repo to contact us if you have an issue. ++- You need an Azure AI resource and your user role must be **Azure AI Developer**, **Contributor**, or **Owner** on the Azure AI resource. For more information, see [Azure AI resources](../concepts/ai-resources.md) and [Azure AI roles](../concepts/rbac-ai-studio.md). + - If your role is **Contributor** or **Owner**, you can [create an Azure AI resource in this tutorial](#create-an-azure-ai-project-in-azure-ai-studio). + - If your role is **Azure AI Developer**, the Azure AI resource must already be created. ++- Your subscription needs to be below your [quota limit](../how-to/quota.md) to [deploy a new model in this tutorial](#deploy-a-chat-model). Otherwise you already need to have a [deployed chat model](../how-to/deploy-models.md). ++- You need a local copy of product and customer data. The [Azure/aistudio-copilot-sample repository on GitHub](https://github.com/Azure/aistudio-copilot-sample/tree/main/data) contains sample retail customer and product information that's relevant for this tutorial scenario. Clone the repository or copy the files from [1-customer-info](https://github.com/Azure/aistudio-copilot-sample/tree/main/data/1-customer-info) and [3-product-info](https://github.com/Azure/aistudio-copilot-sample/tree/main/data/3-product-info). ++## Create an Azure AI project in Azure AI Studio ++Your Azure AI project is used to organize your work and save state while building your copilot. During this tutorial, your project contains your data, prompt flow runtime, evaluations, and other resources. For more information about the Azure AI projects and resources model, see [Azure AI resources](../concepts/ai-resources.md). ++To create an Azure AI project in Azure AI Studio, follow these steps: ++1. Sign in to [Azure AI Studio](https://ai.azure.com) and go to the **Build** page from the top menu. +1. Select **+ New project**. +1. Enter a name for the project. +1. Select an Azure AI resource from the dropdown to host your project. If you don't have access to an Azure AI resource yet, select **Create a new resource**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/create-project-details.png" alt-text="Screenshot of the project details page within the create project dialog." lightbox="../media/tutorials/copilot-deploy-flow/create-project-details.png"::: ++ > [!NOTE] + > To create an Azure AI resource, you must have **Owner** or **Contributor** permissions on the selected resource group. It's recommended to share an Azure AI resource with your team. This lets you share configurations like data connections with all projects, and centrally manage security settings and spend. ++1. If you're creating a new Azure AI resource, enter a name. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/create-project-resource.png" alt-text="Screenshot of the create resource page within the create project dialog." lightbox="../media/tutorials/copilot-deploy-flow/create-project-resource.png"::: ++1. Select your **Azure subscription** from the dropdown. Choose a specific Azure subscription for your project for billing, access, or administrative reasons. For example, this grants users and service principals with subscription-level access to your project. ++1. Leave the **Resource group** as the default to create a new resource group. Alternatively, you can select an existing resource group from the dropdown. ++ > [!TIP] + > Especially for getting started it's recommended to create a new resource group for your project. This allows you to easily manage the project and all of its resources together. When you create a project, several resources are created in the resource group, including an Azure AI resource, a container registry, and a storage account. ++1. Enter the **Location** for the Azure AI resource and then select **Next**. The location is the region where the Azure AI resource is hosted. The location of the Azure AI resource is also the location of the project. ++ > [!NOTE] + > Azure AI resources and services availability differ per region. For example, certain models might not be available in certain regions. The resources in this tutorial are created in the **East US 2** region. ++1. Review the project details and then select **Create a project**. ++Once a project is created, you can access the **Tools**, **Components**, and **Settings** assets in the left navigation panel. ++## Deploy a chat model ++Follow these steps to deploy an Azure OpenAI chat model for your copilot. ++1. Sign in to [Azure AI Studio](https://ai.azure.com) with credentials that have access to your Azure OpenAI resource. During or after the sign-in workflow, select the appropriate directory, Azure subscription, and Azure OpenAI resource. You should be on the Azure AI Studio **Home** page. +1. Select **Build** from the top menu and then select **Deployments** > **Create**. + + :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-create.png" alt-text="Screenshot of the deployments page with a button to create a new project." lightbox="../media/tutorials/copilot-deploy-flow/deploy-create.png"::: ++1. On the **Select a model** page, select the model you want to deploy from the **Model** dropdown. For example, select **gpt-35-turbo-16k**. Then select **Confirm**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-gpt-35-turbo-16k.png" alt-text="Screenshot of the model selection page." lightbox="../media/tutorials/copilot-deploy-flow/deploy-gpt-35-turbo-16k.png"::: ++1. On the **Deploy model** page, enter a name for your deployment, and then select **Deploy**. After the deployment is created, you see the deployment details page. Details include the date you created the deployment and the created date and version of the model you deployed. +1. On the deployment details page from the previous step, select **Open in playground**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-gpt-35-turbo-16k-details.png" alt-text="Screenshot of the GPT chat deployment details." lightbox="../media/tutorials/copilot-deploy-flow/deploy-gpt-35-turbo-16k-details.png"::: ++For more information about deploying models, see [how to deploy models](../how-to/deploy-models.md). ++## Chat in the playground without your data ++In the [Azure AI Studio](https://ai.azure.com) playground you can observe how your model responds with and without your data. In this section, you test your model without your data. In the next section, you add your data to the model to help it better answer questions about your products. ++1. In the playground, make sure that **Chat** is selected from the **Mode** dropdown. Select your deployed GPT chat model from the **Deployment** dropdown. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/playground-chat.png" alt-text="Screenshot of the chat playground with the chat mode and model selected." lightbox="../media/tutorials/copilot-deploy-flow/playground-chat.png"::: ++1. In the **System message** text box on the **Assistant setup** pane, provide this prompt to guide the assistant: "You're an AI assistant that helps people find information." You can tailor the prompt for your scenario. For more information, see [prompt samples](../how-to/models-foundation-azure-ai.md#prompt-samples). +1. Select **Apply changes** to save your changes, and when prompted to see if you want to update the system message, select **Continue**. +1. In the chat session pane, enter the following question: "How much do the TrailWalker hiking shoes cost", and then select the right arrow icon to send. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/chat-without-data.png" alt-text="Screenshot of the first chat question without grounding data." lightbox="../media/tutorials/copilot-deploy-flow/chat-without-data.png"::: ++1. The assistant replies that it doesn't know the answer. The model doesn't have access to product information about the TrailWalker hiking shoes. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/assistant-reply-not-grounded.png" alt-text="Screenshot of the assistant's reply without grounding data." lightbox="../media/tutorials/copilot-deploy-flow/assistant-reply-not-grounded.png"::: ++In the next section, you'll add your data to the model to help it answer questions about your products. ++## Add your data and try the chat model again ++You need a local copy of example product information. For more information and links to example data, see the [prerequisites](#prerequisites). ++You upload your local data files to Azure Blob storage and create an Azure AI Search index. Your data source is used to help ground the model with specific data. Grounding means that the model uses your data to help it understand the context of your question. You're not changing the deployed model itself. Your data is stored separately and securely in your Azure subscription. For more information, see [Azure OpenAI on your data](/azure/ai-services/openai/concepts/use-your-data). ++Follow these steps to add your data to the playground to help the assistant answer questions about your products. ++1. If you aren't already in the [Azure AI Studio](https://ai.azure.com) playground, select **Build** from the top menu and then select **Playground** from the collapsible left menu. +1. On the **Assistant setup** pane, select **Add your data (preview)** > **+ Add a data source**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-your-data.png" alt-text="Screenshot of the chat playground with the option to add a data source visible." lightbox="../media/tutorials/copilot-deploy-flow/add-your-data.png"::: ++1. In the **Data source** page that appears, select **Upload files** from the **Select data source** dropdown. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-your-data-source.png" alt-text="Screenshot of the product data source selection options." lightbox="../media/tutorials/copilot-deploy-flow/add-your-data-source.png"::: ++ > [!TIP] + > For data source options and supported file types and formats, see [Azure OpenAI on your data](/azure/ai-services/openai/concepts/use-your-data). ++1. Enter *product-info* as the name of your product information index. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-your-data-source-details.png" alt-text="Screenshot of the resources and information required to upload files." lightbox="../media/tutorials/copilot-deploy-flow/add-your-data-source-details.png"::: ++1. Select or create an Azure AI Search resource named *contoso-outdoor-search* and select the acknowledgment that connecting it incurs usage on your account. ++ > [!NOTE] + > You use the *product-info* index and the *contoso-outdoor-search* Azure AI Search resource in prompt flow later in this tutorial. If the names you enter differ from what's specified here, make sure to use the names you entered in the rest of the tutorial. ++1. Select the Azure subscription that contains the Azure OpenAI resource you want to use. Then select **Next**. ++1. On the **Upload files** page, select **Browse for a file** and select the files you want to upload. Select the product info files that you downloaded or created earlier. See the [prerequisites](#prerequisites). If you want to upload more than one file, do so now. You can't add more files later in the same playground session. +1. Select **Upload** to upload the file to your Azure Blob storage account. Then select **Next** from the bottom of the page. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-your-data-uploaded-product-info.png" alt-text="Screenshot of the dialog to select and upload files." lightbox="../media/tutorials/copilot-deploy-flow/add-your-data-uploaded-product-info.png"::: ++1. On the **Data management** page under **Search type**, select **Keyword**. This setting helps determine how the model responds to requests. Then select **Next**. + + > [!NOTE] + > If you had added vector search on the **Select or add data source** page, then more options would be available here for an additional cost. For more information, see [Azure OpenAI on your data](/azure/ai-services/openai/concepts/use-your-data). + +1. Review the details you entered, and select **Save and close**. You can now chat with the model and it uses information from your data to construct the response. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-your-data-review-finish.png" alt-text="Screenshot of the review and finish page for adding data." lightbox="../media/tutorials/copilot-deploy-flow/add-your-data-review-finish.png"::: ++1. Now on the **Assistant setup** pane, you can see that your data ingestion is in progress. Before proceeding, wait until you see the data source and index name in place of the status. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-your-data-ingestion-in-progress.png" alt-text="Screenshot of the chat playground with the status of data ingestion in view." lightbox="../media/tutorials/copilot-deploy-flow/add-your-data-ingestion-in-progress.png"::: ++1. You can now chat with the model asking the same question as before ("How much do the TrailWalker hiking shoes cost"), and this time it uses information from your data to construct the response. You can expand the **references** button to see the data that was used. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/chat-with-data.png" alt-text="Screenshot of the assistant's reply with grounding data." lightbox="../media/tutorials/copilot-deploy-flow/chat-with-data.png"::: +++## Create compute and runtime that are needed for prompt flow ++You use prompt flow to optimize the messages that are sent to the copilot's chat model. Prompt flow requires a compute instance and a runtime. If you already have a compute instance and a runtime, you can skip this section and remain in the playground. ++To create a compute instance and a runtime, follow these steps: +1. If you don't have a compute instance, you can [create one in Azure AI Studio](../how-to/create-manage-compute.md). +1. Then create a runtime by following the steps in [how to create a runtime](../how-to/create-manage-runtime.md). ++To complete the rest of the tutorial, make sure that your runtime is in the **Running** status. You might need to select **Refresh** to see the updated status. ++> [!IMPORTANT] +> You're charged for compute instances while they are running. To avoid incurring unnecessary Azure costs, pause the compute instance when you're not actively working in prompt flow. For more information, see [how to start and stop compute](../how-to/create-manage-compute.md#start-or-stop-a-compute-instance). +++## Create a prompt flow from the playground ++Now that your [deployed chat model](#deploy-a-chat-model) is working in the playground [with your data](#add-your-data-and-try-the-chat-model-again), you could [deploy your copilot as a web app](deploy-chat-web-app.md#deploy-your-web-app) from the playground. ++But you might ask "How can I further customize this copilot?" You might want to add multiple data sources, compare different prompts or the performance of multiple models. A [prompt flow](../how-to/prompt-flow.md) serves as an executable workflow that streamlines the development of your LLM-based AI application. It provides a comprehensive framework for managing data flow and processing within your application. ++In this section, you learn how to transition to prompt flow from the playground. You export the playground chat environment including connections to the data that you added. Later in this tutorial, you [evaluate the flow](#evaluate-the-flow-using-a-question-and-answer-evaluation-dataset) and then [deploy the flow](#deploy-the-flow) for [consumption](#use-the-deployed-flow). ++> [!NOTE] +> The changes made in prompt flow aren't applied backwards to update the playground environment. ++You can create a prompt flow from the playground by following these steps: +1. If you aren't already in the [Azure AI Studio](https://ai.azure.com) playground, select **Build** from the top menu and then select **Playground** from the collapsible left menu. +1. Select **Open in prompt flow** from the menu above the **Chat session** pane. +1. Enter a folder name for your prompt flow. Then select **Open**. Azure AI Studio exports the playground chat environment including connections to your data to prompt flow. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/prompt-flow-from-playground.png" alt-text="Screenshot of the open in prompt flow dialog." lightbox="../media/tutorials/copilot-deploy-flow/prompt-flow-from-playground.png"::: ++Within a flow, nodes take center stage, representing specific tools with unique capabilities. These nodes handle data processing, task execution, and algorithmic operations, with inputs and outputs. By connecting nodes, you establish a seamless chain of operations that guides the flow of data through your application. For more information, see [prompt flow tools](../how-to/prompt-flow.md#prompt-flow-tools). ++To facilitate node configuration and fine-tuning, a visual representation of the workflow structure is provided through a DAG (Directed Acyclic Graph) graph. This graph showcases the connectivity and dependencies between nodes, providing a clear overview of the entire workflow. The nodes in the graph shown here are representative of the playground chat experience that you exported to prompt flow. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/prompt-flow-overview-graph.png" alt-text="Screenshot of the default graph exported from the playground to prompt flow." lightbox="../media/tutorials/copilot-deploy-flow/prompt-flow-overview-graph.png"::: ++Nodes can be added, updated, rearranged, or removed. The nodes in your flow at this point include: +- **DetermineIntent**: This node determines the intent of the user's query. It uses the system prompt to determine the intent. You can edit the system prompt to provide scenario-specific few-shot examples. +- **ExtractIntent**: This node formats the output of the **DetermineIntent** node and sends it to the **RetrieveDocuments** node. +- **RetrieveDocuments**: This node searches for top documents related to the query. This node uses the search type and any parameters you pre-configured in playground. +- **FormatRetrievedDocuments**: This node formats the output of the **RetrieveDocuments** node and sends it to the **DetermineReply** node. +- **DetermineReply**: This node contains an extensive system prompt, which asks the LLM to respond using the retrieved documents only. There are two inputs: + - The **RetrieveDocuments** node provides the top retrieved documents. + - The **FormatConversation** node provides the formatted conversation history including the latest query. ++The **FormatReply** node formats the output of the **DetermineReply** node. ++In prompt flow, you should also see: +- **Save**: You can save your prompt flow at any time by selecting **Save** from the top menu. Be sure to save your prompt flow periodically as you make changes in this tutorial. +- **Runtime**: The runtime that you created [earlier in this tutorial](#create-compute-and-runtime-that-are-needed-for-prompt-flow). You can start and stop runtimes and compute instances via **Settings** in the left menu. To work in prompt flow, make sure that your runtime is in the **Running** status. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/prompt-flow-overview.png" alt-text="Screenshot of the prompt flow editor and surrounding menus." lightbox="../media/tutorials/copilot-deploy-flow/prompt-flow-overview.png"::: ++- **Tools**: You can return to the prompt flow anytime by selecting **Prompt flow** from **Tools** in the left menu. Then select the prompt flow folder that you created earlier (not the sample flow). ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/prompt-flow-return.png" alt-text="Screenshot of the list of your prompt flows." lightbox="../media/tutorials/copilot-deploy-flow/prompt-flow-return.png"::: +++## Customize prompt flow with multiple data sources ++Earlier in the [Azure AI Studio](https://ai.azure.com) playground, you [added your data](#add-your-data-and-try-the-chat-model-again) to create one search index that contained product data for the Contoso copilot. So far, users can only inquire about products with questions such as "How much do the TrailWalker hiking shoes cost?". But they can't get answers to questions such as "How many TrailWalker hiking shoes did Daniel Wilson buy?" To enable this scenario, we add another index with customer information to the flow. ++### Create the customer info index ++You need a local copy of example customer information. For more information and links to example data, see the [prerequisites](#prerequisites). ++Follow these instructions on how to create a new index: ++1. Select **Index** from the left menu. Then select **+ New index**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-index-new.png" alt-text="Screenshot of the indexes page with the button to create a new index." lightbox="../media/tutorials/copilot-deploy-flow/add-index-new.png"::: ++ You're taken to the **Create an index** wizard. ++1. On the Source data page, select **Upload folder** from the **Upload** dropdown. Select the customer info files that you downloaded or created earlier. See the [prerequisites](#prerequisites). ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-index-dataset-upload-folder.png" alt-text="Screenshot of the customer data source selection options." lightbox="../media/tutorials/copilot-deploy-flow/add-index-dataset-upload-folder.png"::: ++1. Select **Next** at the bottom of the page. +1. Select the same Azure AI Search resource (*contoso-outdoor-search*) that you used for your product info index (*product-info*). Then select **Next**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-index-storage.png" alt-text="Screenshot of the selected Azure AI Search resource." lightbox="../media/tutorials/copilot-deploy-flow/add-index-storage.png"::: ++1. Select **Hybrid + Semantic (Recommended)** for the **Search type**. This type should be selected by default. +1. Select *Default_AzureOpenAI* from the **Azure OpenAI resource** dropdown. Select the checkbox to acknowledge that an Azure OpenAI embedding model will be deployed if it's not already. Then select **Next**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-index-search-settings.png" alt-text="Screenshot of index search type options." lightbox="../media/tutorials/copilot-deploy-flow/add-index-search-settings.png"::: ++ > [!NOTE] + > The embedding model is listed with other model deployments in the **Deployments** page. ++1. Enter **customer-info** for the index name. Then select **Next**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-index-settings.png" alt-text="Screenshot of the index name and virtual machine options." lightbox="../media/tutorials/copilot-deploy-flow/add-index-settings.png"::: ++1. Review the details you entered, and select **Create**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-index-review.png" alt-text="Screenshot of the review and finish index creation page." lightbox="../media/tutorials/copilot-deploy-flow/add-index-review.png"::: ++ > [!NOTE] + > You use the *customer-info* index and the *contoso-outdoor-search* Azure AI Search resource in prompt flow later in this tutorial. If the names you enter differ from what's specified here, make sure to use the names you entered in the rest of the tutorial. ++1. You're taken to the index details page where you can see the status of your index creation ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/add-index-created-details.png" alt-text="Screenshot of the customer info index details." lightbox="../media/tutorials/copilot-deploy-flow/add-index-created-details.png"::: ++For more information on how to create an index, see [Create an index](../how-to/index-add.md). ++### Add customer information to the flow ++After you're done creating your index, return to your prompt flow and follow these steps to add the customer info to the flow: ++1. Select the **RetrieveDocuments** node from the graph and rename it **RetrieveProductInfo**. Now the retrieve product info node can be distinguished from the retrieve customer info node that you add to the flow. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/node-rename-retrieve-product-info.png" alt-text="Screenshot of the prompt flow node for retrieving product info." lightbox="../media/tutorials/copilot-deploy-flow/node-rename-retrieve-product-info.png"::: ++1. Select **+ Python** from the top menu to create a new [Python node](../how-to/prompt-flow-tools/python-tool.md) that's used to retrieve customer information. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/node-new-retrieve-customer-info.png" alt-text="Screenshot of the prompt flow node for retrieving customer info." lightbox="../media/tutorials/copilot-deploy-flow/node-new-retrieve-customer-info.png"::: ++1. Name the node **RetrieveCustomerInfo** and select **Add**. +1. Copy and paste the Python code from the **RetrieveProductInfo** node into the **RetrieveCustomerInfo** node to replace all of the default code. +1. Select the **Validate and parse input** button to validate the inputs for the **RetrieveCustomerInfo** node. If the inputs are valid, prompt flow parses the inputs and creates the necessary variables for you to use in your code. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/customer-info-validate-parse.png" alt-text="Screenshot of the validate and parse input button." lightbox="../media/tutorials/copilot-deploy-flow/customer-info-validate-parse.png"::: ++1. Edit the **RetrieveCustomerInfo** inputs that prompt flow parsed for you so that it can connect to your *customer-info* index. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/customer-info-edit-inputs.png" alt-text="Screenshot of inputs to edit in the retrieve customer info node." lightbox="../media/tutorials/copilot-deploy-flow/customer-info-edit-inputs.png"::: ++ > [!NOTE] + > The graph is updated immediately after you set the **queries** input value to **ExtractIntent.output.search_intents**. In the graph you can see that **RetrieveCustomerInfo** gets inputs from **ExtractIntent**. ++ The inputs are case sensitive, so be sure they match these values exactly: + + | Name | Type | Value | + |-|-|--| + | **embeddingModelConnection** | Azure OpenAI | *Default_AzureOpenAI* | + | **embeddingModelName** | string | *None* | + | **indexName** | string | *customer-info* | + | **queries** | string | *${ExtractIntent.output.search_intents}* | + | **queryType** | string | *simple* | + | **searchConnection** | Cognitive search | *contoso-outdoor-search* | + | **semanticConfiguration** | string | *None* | + | **topK** | int | *5* | ++1. Select **Save** from the top menu to save your changes. ++### Format the retrieved documents to output ++Now that you have both the product and customer info in your prompt flow, you format the retrieved documents so that the large language model can use them. ++1. Select the **FormatRetrievedDocuments** node from the graph. +1. Copy and paste the following Python code to replace all contents in the **FormatRetrievedDocuments** code block. ++ ```python + from promptflow import tool + + @tool + def format_retrieved_documents(docs1: object, docs2: object, maxTokens: int) -> str: + formattedDocs = [] + strResult = "" + docs = [val for pair in zip(docs1, docs2) for val in pair] + for index, doc in enumerate(docs): + formattedDocs.append({ + f"[doc{index}]": { + "title": doc['title'], + "content": doc['content'] + } + }) + formattedResult = { "retrieved_documents": formattedDocs } + nextStrResult = str(formattedResult) + if (estimate_tokens(nextStrResult) > maxTokens): + break + strResult = nextStrResult + + return { + "combined_docs": docs, + "strResult": strResult + } + + def estimate_tokens(text: str) -> int: + return (len(text) + 2) / 3 + ``` ++1. Select the **Validate and parse input** button to validate the inputs for the **FormatRetrievedDocuments** node. If the inputs are valid, prompt flow parses the inputs and creates the necessary variables for you to use in your code. ++1. Edit the **FormatRetrievedDocuments** inputs that prompt flow parsed for you so that it can extract product and customer info from the **RetrieveProductInfo** and **RetrieveCustomerInfo** nodes. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/format-retrieved-documents-edit-inputs.png" alt-text="Screenshot of inputs to edit in the format retrieved documents node." lightbox="../media/tutorials/copilot-deploy-flow/format-retrieved-documents-edit-inputs.png"::: ++ The inputs are case sensitive, so be sure they match these values exactly: + + | Name | Type | Value | + |-|-|--| + | **docs1** | object | *${RetrieveProductInfo.output}* | + | **docs2** | object | *${RetrieveCustomerInfo.output}* | + | **maxTokens** | int | *5000* | ++1. Select the **DetermineReply** node from the graph. +1. Set the **documentation** input to *${FormatRetrievedDocuments.output.strResult}*. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/determine-reply-edit-inputs.png" alt-text="Screenshot of editing the documentation input value in the determine reply node." lightbox="../media/tutorials/copilot-deploy-flow/determine-reply-edit-inputs.png"::: ++1. Select the **outputs** node from the graph. +1. Set the **fetched_docs** input to *${FormatRetrievedDocuments.output.combined_docs}*. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/outputs-edit.png" alt-text="Screenshot of editing the fetched_docs input value in the outputs node." lightbox="../media/tutorials/copilot-deploy-flow/outputs-edit.png"::: ++1. Select **Save** from the top menu to save your changes. ++### Chat in prompt flow with product and customer info ++By now you have both the product and customer info in prompt flow. You can chat with the model in prompt flow and get answers to questions such as "How many TrailWalker hiking shoes did Daniel Wilson buy?" Before proceeding to a more formal evaluation, you can optionally chat with the model to see how it responds to your questions. ++1. Select **Chat** from the top menu in prompt flow to try chat. +1. Enter "How many TrailWalker hiking shoes did Daniel Wilson buy?" and then select the right arrow icon to send. +1. The response is what you expect. The model uses the customer info to answer the question. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/chat-with-data-customer.png" alt-text="Screenshot of the assistant's reply with product and customer grounding data." lightbox="../media/tutorials/copilot-deploy-flow/chat-with-data-customer.png"::: ++## Evaluate the flow using a question and answer evaluation dataset ++In [Azure AI Studio](https://ai.azure.com), you want to evaluate the flow before you [deploy the flow](#deploy-the-flow) for [consumption](#use-the-deployed-flow). ++In this section, you use the built-in evaluation to evaluate your flow with a question and answer evaluation dataset. The built-in evaluation uses AI-assisted metrics to evaluate your flow: groundedness, relevance, and retrieval score. For more information, see [built-in evaluation metrics](../concepts/evaluation-metrics-built-in.md). ++### Create an evaluation ++You need a question and answer evaluation dataset that contains questions and answers that are relevant to your scenario. Create a new file locally named **qa-evaluation.jsonl**. Copy and paste the following questions and answers (`"truth"`) into the file. ++```json +{"question": "What color is the CozyNights Sleeping Bag?", "truth": "Red"} +{"question": "When did Daniel Wilson order the BaseCamp Folding Table?", "truth": "May 7th, 2023"} +{"question": "How much do TrailWalker Hiking Shoes cost? ", "truth": "$110"} +{"question": "What kind of tent did Sarah Lee buy?", "truth": "SkyView 2 person tent"} +{"question": "What is Melissa Davis's phone number?", "truth": "555-333-4444"} +{"question": "What is the proper care for trailwalker hiking shoes?", "truth": "After each use, remove any dirt or debris by brushing or wiping the shoes with a damp cloth."} +{"question": "Does TrailMaster Tent come with a warranty?", "truth": "2 years"} +{"question": "How much did David Kim spend on the TrailLite Daypack?", "truth": "$240"} +{"question": "What items did Amanda Perez purchase?", "truth": "TrailMaster X4 Tent, TrekReady Hiking Boots (quantity 3), CozyNights Sleeping Bag, TrailBlaze Hiking Pants, RainGuard Hiking Jacket, and CompactCook Camping Stove"} +{"question": "What is the Brand for TrekReady Hiking Boots", "truth": "TrekReady"} +{"question": "How many items did Karen Williams buy?", "truth": "three items of the Summit Breeze Jacket"} +{"question": "France is in Europe", "truth": "Sorry, I can only truth questions related to outdoor/camping gear and equipment"} +``` ++Now that you have your evaluation dataset, you can evaluate your flow by following these steps: ++1. Select **Evaluate** > **Built-in evaluation** from the top menu in prompt flow. + + :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-built-in-evaluation.png" alt-text="Screenshot of the option to create a built-in evaluation from prompt flow." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-built-in-evaluation.png"::: ++ You're taken to the **Create a new evaluation** wizard. ++1. Enter a name for your evaluation and select a runtime. +1. Select **Question and answer pairs with retrieval-augmented generation** from the scenario options. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-basic-scenario.png" alt-text="Screenshot of selecting an evaluation scenario." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-basic-scenario.png"::: ++1. Select the flow to evaluate. In this example, select *Contoso outdoor flow* or whatever you named your flow. Then select **Next**. ++1. Select the metrics you want to use to evaluate your flow. In this example, select **Groundedness**, **Relevance**, and **Retrieval score**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-metrics.png" alt-text="Screenshot of selecting evaluation metrics." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-metrics.png"::: ++1. Select a model to use for evaluation. In this example, select **gpt-35-turbo-16k**. Then select **Next**. ++ > [!NOTE] + > Evaluation with AI-assisted metrics needs to call another GPT model to do the calculation. For best performance, use a GPT-4 or gpt-35-turbo-16k model. If you didn't previously deploy a GPT-4 or gpt-35-turbo-16k model, you can deploy another model by following the steps in [Deploy a chat model](#deploy-a-chat-model). Then return to this step and select the model you deployed. ++1. Select **Add new dataset**. Then select **Next**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-add-dataset.png" alt-text="Screenshot of the option to use a new or existing dataset." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-add-dataset.png"::: ++1. Select **Upload files**, browse files, and select the **qa-evaluation.jsonl** file that you created earlier. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-upload-files.png" alt-text="Screenshot of the dataset upload files button." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-upload-files.png"::: ++1. After the file is uploaded, you need to map the properties from the file (data source) to the evaluation properties. Enter the following values for each data source property: ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-map-data-source.png" alt-text="Screenshot of the evaluation dataset mapping." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-map-data-source.png"::: ++ | Name | Description | Type | Data source | + |-|-|--|--| + | **chat_history** | The chat history | list | *${data.chat_history}* | + | **query** | The query | string | *${data.question}* | + | **question** | A query seeking specific information | string | *${data.question}* | + | **answer** | The response to question generated by the model as answer | string | ${run.outputs.reply} | + | **documents** | String with context from retrieved documents | string | ${run.outputs.fetched_docs} | ++1. Select **Next**. +1. Review the evaluation details and then select **Submit**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-review-finish.png" alt-text="Screenshot of the review and finish page within the create evaluation dialog." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-review-finish.png"::: ++ You're taken to the **Metric evaluations** page. ++### View the evaluation status and results ++Now you can view the evaluation status and results by following these steps: ++1. After you [create an evaluation](#create-an-evaluation), if you aren't there already go to **Build** > **Evaluation**. On the **Metric evaluations** page, you can see the evaluation status and the metrics that you selected. You might need to select **Refresh** after a couple of minutes to see the **Completed** status. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-status-completed.png" alt-text="Screenshot of the metric evaluations page." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-status-completed.png"::: ++ > [!TIP] + > Once the evaluation is in **Completed** status, you don't need runtime or compute to complete the rest of this tutorial. You can stop your compute instance to avoid incurring unnecessary Azure costs. For more information, see [how to start and stop compute](../how-to/create-manage-compute.md#start-or-stop-a-compute-instance). ++1. Select the name of the evaluation that completed first (*contoso-evaluate-from-flow_variant_0*) to see the evaluation details with the columns that you mapped earlier. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-view-results-detailed.png" alt-text="Screenshot of the detailed metrics results page." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-view-results-detailed.png"::: ++1. Select the name of the evaluation that completed second (*evaluation_contoso-evaluate-from-flow_variant_0*) to see the evaluation metrics: **Groundedness**, **Relevance**, and **Retrieval score**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/evaluate-view-results-metrics.png" alt-text="Screenshot of the average metrics scores." lightbox="../media/tutorials/copilot-deploy-flow/evaluate-view-results-metrics.png"::: ++For more information, see [view evaluation results](../how-to/evaluate-flow-results.md). ++## Deploy the flow ++Now that you [built a flow](#create-a-prompt-flow-from-the-playground) and completed a metrics-based [evaluation](#evaluate-the-flow-using-a-question-and-answer-evaluation-dataset), it's time to create your online endpoint for real-time inference. That means you can use the deployed flow to answer questions in real time. ++Follow these steps to deploy a prompt flow as an online endpoint from [Azure AI Studio](https://ai.azure.com). ++1. Have a prompt flow ready for deployment. If you don't have one, see [how to build a prompt flow](../how-to/flow-develop.md). +1. Optional: Select **Chat** to test if the flow is working correctly. Testing your flow before deployment is recommended best practice. ++1. Select **Deploy** on the flow editor. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-from-flow.png" alt-text="Screenshot of the deploy button from a prompt flow editor." lightbox = "../media/tutorials/copilot-deploy-flow/deploy-from-flow.png"::: ++1. Provide the requested information on the **Basic Settings** page in the deployment wizard. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-basic-settings.png" alt-text="Screenshot of the basic settings page in the deployment wizard." lightbox = "../media/tutorials/copilot-deploy-flow/deploy-basic-settings.png"::: ++1. Select **Next** to proceed to the advanced settings pages. +1. On the **Advanced settings - Endpoint** page, leave the default settings and select **Next**. +1. On the **Advanced settings - Deployment** page, leave the default settings and select **Next**. +1. On the **Advanced settings - Outputs & connections** page, make sure all outputs are selected under **Included in endpoint response**. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-advanced-outputs-connections.png" alt-text="Screenshot of the advanced settings page in the deployment wizard." lightbox = "../media/tutorials/copilot-deploy-flow/deploy-advanced-outputs-connections.png"::: ++1. Select **Review + Create** to review the settings and create the deployment. +1. Select **Create** to deploy the prompt flow. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-review-create.png" alt-text="Screenshot of the review prompt flow deployment settings page." lightbox = "../media/tutorials/copilot-deploy-flow/deploy-review-create.png"::: ++For more information, see [how to deploy a flow](../how-to/flow-deploy.md). ++## Use the deployed flow ++Your copilot application can use the deployed prompt flow to answer questions in real time. You can use the REST endpoint or the SDK to use the deployed flow. ++1. To view the status of your deployment in [Azure AI Studio](https://ai.azure.com), select **Deployments** from the left navigation. Once the deployment is created successfully, you can select the deployment to view the details. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deployments-state-updating.png" alt-text="Screenshot of the prompt flow deployment state in progress." lightbox = "../media/tutorials/copilot-deploy-flow/deployments-state-updating.png"::: ++ > [!NOTE] + > If you see a message that says "Currently this endpoint has no deployments" or the **State** is still *Updating*, you might need to select **Refresh** after a couple of minutes to see the deployment. ++1. Optionally, the details page is where you can change the authentication type or enable monitoring. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deploy-authentication-monitoring.png" alt-text="Screenshot of the prompt flow deployment details page." lightbox = "../media/tutorials/copilot-deploy-flow/deploy-authentication-monitoring.png"::: ++1. Select the **Consume** tab. You can see code samples and the REST endpoint for your copilot application to use the deployed flow. ++ :::image type="content" source="../media/tutorials/copilot-deploy-flow/deployments-score-url-samples.png" alt-text="Screenshot of the prompt flow deployment endpoint and code samples." lightbox = "../media/tutorials/copilot-deploy-flow/deployments-score-url-samples.png"::: +++## Clean up resources ++To avoid incurring unnecessary Azure costs, you should delete the resources you created in this quickstart if they're no longer needed. To manage resources, you can use the [Azure portal](https://portal.azure.com?azure-portal=true). ++You can also [stop or delete your compute instance](../how-to/create-manage-compute.md#start-or-stop-a-compute-instance) in [Azure AI Studio](https://ai.azure.com). ++## Next steps ++* Learn more about [prompt flow](../how-to/prompt-flow.md). +* [Deploy a web app for chat on your data](./deploy-chat-web-app.md). +* [Get started building a sample copilot application with the SDK](https://github.com/azure/aistudio-copilot-sample) |
aks | Ai Toolchain Operator | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/ai-toolchain-operator.md | Title: Deploy an AI model on Azure Kubernetes Service (AKS) with the AI toolchain operator (Preview) description: Learn how to enable the AI toolchain operator add-on on Azure Kubernetes Service (AKS) to simplify OSS AI model management and deployment. - - - azure-kubernetes-service - - ignite-2023 + Last updated 11/03/2023 |
aks | Aks Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/aks-migration.md | Title: Migrate to Azure Kubernetes Service (AKS) description: This article shows you how to migrate to Azure Kubernetes Service (AKS). Previously updated : 05/30/2023 Last updated : 11/21/2023 In this article, we summarize migration details for: * Ensure your target Kubernetes version is within the supported window for AKS. Older versions may not be within the supported range and require a version upgrade for AKS support. For more information, see [AKS supported Kubernetes versions](./supported-kubernetes-versions.md). * If you're migrating to a newer version of Kubernetes, review the [Kubernetes version and version skew support policy](https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions). +An important practice that you should include as part of your migration process is remembering to follow commonly used deployment and testing patterns. Testing your application before deployment is an important step to ensure its quality, functionality, and compatibility with the target environment. It can help you identify and fix any errors, bugs, or issues that might affect the performance, security, or usability of the application or underlying infrastructure. + ## Use Azure Migrate to migrate your applications to AKS Azure Migrate offers a unified platform to assess and migrate to Azure on-premises servers, infrastructure, applications, and data. For AKS, you can use Azure Migrate for the following tasks: |
aks | App Routing Dns Ssl | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/app-routing-dns-ssl.md | Title: Use an Azure DNS zone with SSL/TLS certificates from Azure Key Vault -description: Understand what Azure DNS zone and Azure Key Vault configuration options are supported with the application routing add-on for Azure Kubernetes Service. + Title: Set up advanced Ingress configurations on Azure Kubernetes Service +description: Understand the advanced configuration options that are supported with the application routing add-on for Azure Kubernetes Service. Previously updated : 11/03/2023 Last updated : 11/21/2023 -# Use an Azure DNS zone with SSL/TLS certificates from Azure Key Vault with the application routing add-on +# Set up advanced Ingress configurations with the application routing add-on An Ingress is an API object that defines rules, which allow external access to services in an Azure Kubernetes Service (AKS) cluster. When you create an Ingress object that uses the application routing add-on nginx Ingress classes, the add-on creates, configures, and manages one or more Ingress controllers in your AKS cluster. -This article shows you how to set up an advanced Ingress configuration to encrypt the traffic and use Azure DNS to manage DNS zones. +This article shows you how to set up an advanced Ingress configuration to encrypt the traffic with SSL/TLS certificates stored in an Azure Key Vault, and use Azure DNS to manage DNS zones. ## Application routing add-on with nginx features az keyvault certificate import --vault-name <KeyVaultName> -n <KeyVaultCertifica > [!IMPORTANT] > To enable the add-on to reload certificates from Azure Key Vault when they change, you should to enable the [secret autorotation feature][csi-secrets-store-autorotation] of the Secret Store CSI driver with the `--enable-secret-rotation` argument. When autorotation is enabled, the driver updates the pod mount and the Kubernetes secret by polling for changes periodically, based on the rotation poll interval you define. The default rotation poll interval is two minutes. - ### Enable Azure Key Vault integration On a cluster with the application routing add-on enabled, use the [`az aks approuting update`][az-aks-approuting-update] command using the `--enable-kv` and `--attach-kv` arguments to enable the Azure Key Vault provider for Secrets Store CSI Driver and apply the required role assignments. To enable support for DNS zones, see the following prerequisites: > [!NOTE] > If you already have an Azure DNS Zone, you can skip this step.-> + 1. Create an Azure DNS zone using the [`az network dns zone create`][az-network-dns-zone-create] command. ```azurecli-interactive Learn about monitoring the Ingress-nginx controller metrics included with the ap [rbac-owner]: ../role-based-access-control/built-in-roles.md#owner [rbac-classic]: ../role-based-access-control/rbac-and-directory-admin-roles.md#classic-subscription-administrator-roles [app-routing-add-on-basic-configuration]: app-routing.md-[secret-store-csi-provider]: csi-secrets-store-driver.md [csi-secrets-store-autorotation]: csi-secrets-store-configuration-options.md#enable-and-disable-auto-rotation-[az-keyvault-set-policy]: /cli/azure/keyvault#az-keyvault-set-policy [azure-key-vault-overview]: ../key-vault/general/overview.md-[az-aks-addon-update]: /cli/azure/aks/addon#az-aks-addon-update [az-aks-approuting-update]: /cli/azure/aks/approuting#az-aks-approuting-update [az-aks-approuting-zone]: /cli/azure/aks/approuting/zone [az-network-dns-zone-show]: /cli/azure/network/dns/zone#az-network-dns-zone-show-[az-role-assignment-create]: /cli/azure/role/assignment#az-role-assignment-create [az-network-dns-zone-create]: /cli/azure/network/dns/zone#az-network-dns-zone-create [az-keyvault-certificate-import]: /cli/azure/keyvault/certificate#az-keyvault-certificate-import [az-keyvault-create]: /cli/azure/keyvault#az-keyvault-create Learn about monitoring the Ingress-nginx controller metrics included with the ap [create-an-azure-dns-zone]: #create-a-global-azure-dns-zone [azure-dns-overview]: ../dns/dns-overview.md [az-keyvault-certificate-show]: /cli/azure/keyvault/certificate#az-keyvault-certificate-show-[az-aks-enable-addons]: /cli/azure/aks/addon#az-aks-enable-addon -[az-aks-show]: /cli/azure/aks/addon#az-aks-show [prometheus-in-grafana]: app-routing-nginx-prometheus.md |
aks | App Routing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/app-routing.md | When the application routing add-on is disabled, some Kubernetes resources might ## Next steps -* [Configure custom ingress configurations][custom-ingress-configurations] shows how to create Ingresses with a private load balancer, configure SSL certificate integration with Azure Key Vault, and DNS management with Azure DNS. +* [Configure custom ingress configurations][custom-ingress-configurations] shows how to create an advanced Ingress configuration to encrypt the traffic and use Azure DNS to manage DNS zones. * Learn about monitoring the ingress-nginx controller metrics included with the application routing add-on with [with Prometheus in Grafana][prometheus-in-grafana] (preview) as part of analyzing the performance and usage of your application. When the application routing add-on is disabled, some Kubernetes resources might [az-aks-approuting-enable]: /cli/azure/aks/approuting#az-aks-approuting-enable [az-aks-approuting-disable]: /cli/azure/aks/approuting#az-aks-approuting-disable [az-aks-enable-addons]: /cli/azure/aks#az-aks-enable-addons-[az-aks-disable-addons]: /cli/azure/aks#az-aks-disable-addons [az-aks-install-cli]: /cli/azure/aks#az-aks-install-cli [az-aks-get-credentials]: /cli/azure/aks#az-aks-get-credentials [install-azure-cli]: /cli/azure/install-azure-cli |
aks | Auto Upgrade Node Os Image | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/auto-upgrade-node-os-image.md | + + Title: Auto-upgrade Node OS Images +description: Learn how to choose an upgrade channel that best supports your needs for cluster's node OS security and maintenance. ++++ Last updated : 11/22/2023+++# Auto-upgrade node OS images ++AKS provides multiple auto-upgrade channels dedicated to timely node-level OS security updates. This channel is different from cluster-level Kubernetes version upgrades and supersedes it. ++## Interactions between node OS auto-upgrade and cluster auto-upgrade ++Node-level OS security updates are released at a faster rate than Kubernetes patch or minor version updates. The node OS auto-upgrade channel grants you flexibility and enables a customized strategy for node-level OS security updates. Then, you can choose a separate plan for cluster-level Kubernetes version [auto-upgrades][Autoupgrade]. +It's best to use both cluster-level [auto-upgrades][Autoupgrade] and the node OS auto-upgrade channel together. Scheduling can be fine-tuned by applying two separate sets of [maintenance windows][planned-maintenance] - `aksManagedAutoUpgradeSchedule` for the cluster [auto-upgrade][Autoupgrade] channel and `aksManagedNodeOSUpgradeSchedule` for the node OS auto-upgrade channel. ++## Channels for node OS image upgrades ++The selected channel determines the timing of upgrades. When making changes to node OS auto-upgrade channels, allow up to 24 hours for the changes to take effect. ++> [!NOTE] +> Node OS image auto-upgrade won't affect the cluster's Kubernetes version. It only works for a cluster in a [supported version][supported]. ++The following upgrade channels are available. You're allowed to choose one of these options: ++|Channel|Description|OS-specific behavior| +||| +| `None`| Your nodes don't have security updates applied automatically. This means you're solely responsible for your security updates.|N/A| +| `Unmanaged`|OS updates are applied automatically through the OS built-in patching infrastructure. Newly allocated machines are unpatched initially. The OS's infrastructure patches them at some point.|Ubuntu and Azure Linux (CPU node pools) apply security patches through unattended upgrade/dnf-automatic roughly once per day around 06:00 UTC. Windows doesn't automatically apply security patches, so this option behaves equivalently to `None`.| +| `SecurityPatch`|This channel is in preview and requires enabling the feature flag `NodeOsUpgradeChannelPreview`. Refer to the prerequisites section for details. AKS regularly updates the node's virtual hard disk (VHD) with patches from the image maintainer labeled "security only." There might be disruptions when the security patches are applied to the nodes. When the patches are applied, the VHD is updated and existing machines are upgraded to that VHD, honoring maintenance windows and surge settings. This option incurs the extra cost of hosting the VHDs in your node resource group. If you use this channel, Linux [unattended upgrades][unattended-upgrades] are disabled by default.|Azure Linux doesn't support this channel on GPU-enabled VMs. `SecurityPatch` works on patch versions that are deprecated, so long as the minor Kubernetes version is still supported.| +| `NodeImage`|AKS updates the nodes with a newly patched VHD containing security fixes and bug fixes on a weekly cadence. The update to the new VHD is disruptive, following maintenance windows and surge settings. No extra VHD cost is incurred when choosing this option. If you use this channel, Linux [unattended upgrades][unattended-upgrades] are disabled by default. Node image upgrades support patch versions that are deprecated, so long as the minor Kubernetes version is still supported.| ++To set the node OS auto-upgrade channel when creating a cluster, use the *node-os-upgrade-channel* parameter, similar to the following example. ++```azurecli-interactive +az aks create --resource-group myResourceGroup --name myAKSCluster --node-os-upgrade-channel SecurityPatch +``` ++To set the node os auto-upgrade channel on existing cluster, update the *node-os-upgrade-channel* parameter, similar to the following example. ++```azurecli-interactive +az aks update --resource-group myResourceGroup --name myAKSCluster --node-os-upgrade-channel SecurityPatch +``` ++## Update ownership and schedule ++The default cadence means there's no planned maintenance window applied. ++|Channel|Updates Ownership|Default cadence| +||| +| `Unmanaged`|OS driven security updates. AKS has no control over these updates.|Nightly around 6AM UTC for Ubuntu and Azure Linux. Monthly for Windows.| +| `SecurityPatch`|AKS|Weekly.| +| `NodeImage`|AKS|Weekly.| ++## SecurityPatch channel requirements ++To use the `SecurityPatch` channel, your cluster must support these requirements. +- Must be using API version `11-02-preview` or later ++- If using Azure CLI, the `aks-preview` CLI extension version `0.5.127` or later must be installed ++- The `NodeOsUpgradeChannelPreview` feature flag must be enabled on your subscription ++### Register NodeOsUpgradeChannelPreview ++Register the `NodeOsUpgradeChannelPreview` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example: ++```azurecli-interactive +az feature register --namespace "Microsoft.ContainerService" --name "NodeOsUpgradeChannelPreview" +``` ++It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature show][az-feature-show] command: ++```azurecli-interactive +az feature show --namespace "Microsoft.ContainerService" --name "NodeOsUpgradeChannelPreview" +``` ++When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command: ++```azurecli-interactive +az provider register --namespace Microsoft.ContainerService +``` ++## Node channel known bugs ++- Currently, when you set the [cluster auto-upgrade channel][Autoupgrade] to `node-image`, it also automatically sets the node OS auto-upgrade channel to `NodeImage`. You can't change node OS auto-upgrade channel value if your cluster auto-upgrade channel is `node-image`. In order to set the node OS auto-upgrade channel value, check the [cluster auto-upgrade channel][Autoupgrade] value isn't `node-image`. ++- The `SecurityPatch` channel isn't supported on Windows OS node pools. + + > [!NOTE] + > By default, any new cluster created with an API version of `06-01-2022` or later will set the node OS auto-upgrade channel value to `NodeImage`. Any existing clusters created with an API version earlier than `06-01-2022` will have the node OS auto-upgrade channel value set to `None` by default. +++## Node OS planned maintenance windows ++Planned maintenance for the node OS auto-upgrade starts at your specified maintenance window. ++> [!NOTE] +> To ensure proper functionality, use a maintenance window of four hours or more. ++For more information on Planned Maintenance, see [Use Planned Maintenance to schedule maintenance windows for your Azure Kubernetes Service (AKS) cluster][planned-maintenance]. ++## Node OS auto-upgrades FAQ ++* How can I check the current nodeOsUpgradeChannel value on a cluster? ++Run the `az aks show` command and check the "autoUpgradeProfile" to determine what value the `nodeOsUpgradeChannel` is set to: ++```azurecli-interactive +az aks show --resource-group myResourceGroup --name myAKSCluster --query "autoUpgradeProfile" +``` ++* How can I monitor the status of node OS auto-upgrades? ++To view the status of your node OS auto upgrades, look up [activity logs][monitor-aks] on your cluster. You can also look up specific upgrade-related events as mentioned in [Upgrade an AKS cluster][aks-upgrade]. AKS also emits upgrade-related Event Grid events. To learn more, see [AKS as an Event Grid source][aks-eventgrid]. ++* Can I change the node OS auto-upgrade channel value if my cluster auto-upgrade channel is set to `node-image` ? ++ No. Currently, when you set the [cluster auto-upgrade channel][Autoupgrade] to `node-image`, it also automatically sets the node OS auto-upgrade channel to `NodeImage`. You can't change the node OS auto-upgrade channel value if your cluster auto-upgrade channel is `node-image`. In order to be able to change the node OS auto-upgrade channel values, make sure the [cluster auto-upgrade channel][Autoupgrade] isn't `node-image`. ++<!-- LINKS --> +[planned-maintenance]: planned-maintenance.md +[release-tracker]: release-tracker.md +[az-provider-register]: /cli/azure/provider#az-provider-register +[az-feature-register]: /cli/azure/feature#az-feature-register +[az-feature-show]: /cli/azure/feature#az-feature-show +[upgrade-aks-cluster]: upgrade-cluster.md +[unattended-upgrades]: https://help.ubuntu.com/community/AutomaticSecurityUpdates +[Autoupgrade]: auto-upgrade-cluster.md +[kured]: node-updates-kured.md +[supported]: ./support-policies.md +[monitor-aks]: ./monitor-aks-reference.md +[aks-eventgrid]: ./quickstart-event-grid.md +[aks-upgrade]: ./upgrade-cluster.md |
aks | Azure Cni Overlay | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/azure-cni-overlay.md | You can provide outbound (egress) connectivity to the internet for Overlay pods You can configure ingress connectivity to the cluster using an ingress controller, such as Nginx or [HTTP application routing](./http-application-routing.md). You cannot configure ingress connectivity using Azure App Gateway. For details see [Limitations with Azure CNI Overlay](#limitations-with-azure-cni-overlay). +## Regional availability for ARM64 node pools ++Azure CNI Overlay is currently unavailable for ARM64 node pools in the following regions: ++- East US 2 +- France Central +- Southeast Asia +- South Central US +- West Europe +- West US 3 + ## Differences between Kubenet and Azure CNI Overlay Like Azure CNI Overlay, Kubenet assigns IP addresses to pods from an address space logically different from the VNet, but it has scaling and other limitations. The below table provides a detailed comparison between Kubenet and Azure CNI Overlay. If you don't want to assign VNet IP addresses to pods due to IP shortage, we recommend using Azure CNI Overlay. az aks create -n $clusterName -g $resourceGroup \ > - Doesn't use the dynamic pod IP allocation feature. > - Doesn't have network policies enabled. > - Doesn't use any Windows node pools with docker as the container runtime.++> [!NOTE] +> Because Routing domain is not yet supported for ARM, CNI Overlay is not yet supported on ARM-based (ARM64) processor nodes. +> > [!WARNING] > Prior to Windows OS Build 20348.1668, there was a limitation around Windows Overlay pods incorrectly SNATing packets from host network pods, which had a more detrimental effect for clusters upgrading to Overlay. To avoid this issue, **use Windows OS Build greater than or equal to 20348.1668**. |
aks | Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/best-practices.md | Title: Best practices for Azure Kubernetes Service (AKS) description: Collection of the cluster operator and developer best practices to build and manage applications in Azure Kubernetes Service (AKS) Previously updated : 03/07/2023 Last updated : 11/21/2023 Building and running applications successfully in Azure Kubernetes Service (AKS) * Cluster and pod security. * Business continuity and disaster recovery. -The AKS product group, engineering teams, and field teams (including global black belts [GBBs]) contributed to, wrote, and grouped the following best practices and conceptual articles. Their purpose is to help cluster operators and developers better understand the concepts above and implement the appropriate features. +The AKS product group, engineering teams, and field teams (including global black belts (GBBs)) contributed to, wrote, and grouped the following best practices and conceptual articles. Their purpose is to help cluster operators and developers better understand the concepts above and implement the appropriate features. ## Cluster operator best practices If you're a cluster operator, work with application owners and developers to understand their needs. Then, you can use the following best practices to configure your AKS clusters to fit your needs. +An important practice that you should include as part of your application development and deployment process is remembering to follow commonly used deployment and testing patterns. Testing your application before deployment is an important step to ensure its quality, functionality, and compatibility with the target environment. It can help you identify and fix any errors, bugs, or issues that might affect the performance, security, or usability of the application or underlying infrastructure. + ### Multi-tenancy * [Best practices for cluster isolation](operator-best-practices-cluster-isolation.md) |
aks | Confidential Containers Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/confidential-containers-overview.md | The following are considerations with this preview of Confidential Containers: * Pulling container images from a private container registry or container images that originate from a private container registry in a Confidential Containers pod manifest isn't supported in this release. * Version 1 container images aren't supported. * Updates to secrets and ConfigMaps aren't reflected in the guest.-* Ephemeral containers and other troubleshooting methods require a policy modification and redeployment. It includes `exec` in container -log output from containers. `stdio` (ReadStreamRequest and WriteStreamRequest) is enabled. +* Ephemeral containers and other troubleshooting methods like `exec` into a container, +log outputs from containers, and `stdio` (ReadStreamRequest and WriteStreamRequest) require a policy modification and redeployment. * The policy generator tool doesn't support cronjob deployment types.-* Due to container image layer measurements being encoded in the security policy, we don't recommend using the `latest` tag when specifying containers. It's also a restriction with the policy generator tool. +* Due to container image layer measurements being encoded in the security policy, we don't recommend using the `latest` tag when specifying containers. * Services, Load Balancers, and EndpointSlices only support the TCP protocol. * All containers in all pods on the clusters must be configured to `imagePullPolicy: Always`. * The policy generator only supports pods that use IPv4 addresses. log output from containers. `stdio` (ReadStreamRequest and WriteStreamRequest) i It's important you understand the memory and processor resource allocation behavior in this release. * CPU: The shim assigns one vCPU to the base OS inside the pod. If no resource `limits` are specified, the workloads don't have separate CPU shares assigned, the vCPU is then shared with that workload. If CPU limits are specified, CPU shares are explicitly allocated for workloads.-* Memory: The Kata-CC handler uses 2 GB memory for the UVM OS and X MB memory for containers based on resource `limits` if specified (resulting in a 2-GB VM when no limit is given, without implicit memory for containers). The [Kata][kata-technical-documentation] handler uses 256 MB base memory for the UVM OS and X MB memory when resource `limits` are specified. If limits are unspecified, an implicit limit of 1,792 MB is added resulting in a 2 GB VM and 1,792 MB implicit memory for containers. +* Memory: The Kata-CC handler uses 2 GB memory for the UVM OS and X MB additional memory where X is the resource `limits` if specified in the YAML manifest (resulting in a 2-GB VM when no limit is given, without implicit memory for containers). The [Kata][kata-technical-documentation] handler uses 256 MB base memory for the UVM OS and X MB additional memory when resource `limits` are specified in the YAML manifest. If limits are unspecified, an implicit limit of 1,792 MB is added resulting in a 2 GB VM and 1,792 MB implicit memory for containers. In this release, specifying resource requests in the pod manifests aren't supported. The Kata container ignores resource requests from pod YAML manifest, and as a result, containerd doesn't pass the requests to the shim. Use resource `limit` instead of resource `requests` to allocate memory or CPU resources for workloads or containers. With the local container filesystem backed by VM memory, writing to the containe [pod-sandboxing-overview]: use-pod-sandboxing.md [azure-dedicated-hosts]: ../virtual-machines/dedicated-hosts.md [deploy-confidential-containers-default-aks]: deploy-confidential-containers-default-policy.md-[confidential-containers-security-policy]: ../confidential-computing/confidential-containers-aks-security-policy.md +[confidential-containers-security-policy]: ../confidential-computing/confidential-containers-aks-security-policy.md |
aks | Coredns Custom | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/coredns-custom.md | Sudden spikes in DNS traffic within AKS clusters are a common occurrence due to CoreDNS uses [horizontal cluster proportional autoscaler][cluster-proportional-autoscaler] for pod auto scaling. The `coredns-autoscaler` ConfigMap can be edited to configure the scaling logic for the number of CoreDNS pods. The `coredns-autoscaler` ConfigMap currently supports two different ConfigMap key values: `linear` and `ladder` which correspond to two supported control modes. The `linear` controller yields a number of replicas in [min,max] range equivalent to `max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )`. The `ladder` controller calculates the number of replicas by consulting two different step functions, one for core scaling and another for node scaling, yielding the max of the two replica values. For more information on the control modes and ConfigMap format, please consult the [upstream documentation][cluster-proportional-autoscaler-control-patterns]. +> [!IMPORTANT] +> A minimum of 2 CoreDNS pod replicas per cluster is recommended. Configuring a minimum of 1 CoreDNS pod replica may result in failures during operations which require node draining, such as cluster upgrade operations. + To retrieve the `coredns-autoscaler` ConfigMap, you can run the `kubectl get configmap coredns-autoscaler -n kube-system -o yaml` command which will return the following: ```yaml |
aks | Cost Analysis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/cost-analysis.md | description: Learn how to use cost analysis to surface granular cost allocation -- - ignite-2023 + Last updated 11/06/2023 |
aks | Enable Authentication Microsoft Entra Id | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/enable-authentication-microsoft-entra-id.md | Title: Enable Managed Identity Authentication -description: Learn how to enable Microsoft Entra ID on AKS with kubelogin. Connect your clusters to authenticate Azure users with credentials or managed roles. + Title: Enable managed identity authentication on Azure Kubernetes Service +description: Learn how to enable Microsoft Entra ID on Azure Kubernetes Service with kubelogin and authenticate Azure users with credentials or managed roles. Previously updated : 11/13/2023 Last updated : 11/22/2023 -# Enable Azure Managed Identity authentication for Kubernetes clusters with kubelogin +# Enable Azure managed identity authentication for Kubernetes clusters with kubelogin The AKS-managed Microsoft Entra integration simplifies the Microsoft Entra integration process. Previously, you were required to create a client and server app, and the Microsoft Entra tenant had to grant Directory Read permissions. Now, the AKS resource provider manages the client and server apps for you. Cluster administrators can configure Kubernetes role-based access control (Kuber Learn more about the Microsoft Entra integration flow in the [Microsoft Entra documentation](concepts-identity.md#azure-ad-integration). -## Limitations of integration +## Limitations -Azure Managed ID on AKS has certain limits to account for before you make a decision. -* The integration can't be disabled once added. +The following are constraints integrating Azure managed identity authentication on AKS. ++* Integration can't be disabled once added. * Downgrades from an integrated cluster to the legacy Microsoft Entra ID clusters aren't supported. * Clusters without Kubernetes RBAC support are unable to add the integration. ## Before you begin -There are a few requirements to properly install the aks addon for managed identity. +The following requirements need to be met in order to properly install the AKS addon for managed identity. + * You have Azure CLI version 2.29.0 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli). * You need `kubectl` with a minimum version of [1.18.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1181) or [`kubelogin`][kubelogin]. With the Azure CLI and the Azure PowerShell module, these two commands are included and automatically managed. Meaning, they're upgraded by default and running `az aks install-cli` isn't required or recommended. If you're using an automated pipeline, you need to manage upgrades for the correct or latest version. The difference between the minor versions of Kubernetes and `kubectl` shouldn't be more than *one* version. Otherwise, authentication issues occur on the wrong version. * If you're using [helm](https://github.com/helm/helm), you need a minimum version of helm 3.3. There are some non-interactive scenarios that don't support `kubectl`. In these ## Troubleshoot access issues > [!IMPORTANT]-> The steps described in this section bypass the normal Microsoft Entra group authentication. Use them only in an emergency. +> The step described in this section suggests an alternative authentication method compared to the normal Microsoft Entra group authentication. Use this option only in an emergency. -If you lack admin access to a valid Microsoft Entra group, you can follow this workaround. Sign in through the [Azure Kubernetes Service Cluster Admin](../role-based-access-control/built-in-roles.md#azure-kubernetes-service-cluster-admin-role) role and grant your group or tenant admin credentials to access your cluster. +If you lack administrative access to a valid Microsoft Entra group, you can follow this workaround. Sign in with an account that is a member of the [Azure Kubernetes Service Cluster Admin](../role-based-access-control/built-in-roles.md#azure-kubernetes-service-cluster-admin-role) role and grant your group or tenant admin credentials to access your cluster. ## Next steps |
aks | Planned Maintenance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/planned-maintenance.md | az aks maintenanceconfiguration delete -g myResourceGroup --cluster-name myAKSCl AKS auto-upgrade needs a certain amount of time to take the maintenance window into consideration. We recommend at least 24 hours between the creation/update of the maintenance configuration, and when it's scheduled to start. + Also, please ensure your cluster is started when the planned maintenance window is starting. If the cluster is stopped, then its control plane is deallocated and no operations can be performed. + * AKS auto-upgrade didn't upgrade all my agent pools - or one of the pools was upgraded outside of the maintenance window? If an agent pool fails to upgrade (eg. because of Pod Disruption Budgets preventing it to upgrade) or is in a Failed state, then it might be upgraded later outside of the maintenance window. This scenario is called "catch-up upgrade" and avoids letting Agent pools with a different version than the AKS control plane. az aks maintenanceconfiguration delete -g myResourceGroup --cluster-name myAKSCl We recommend setting the [Node OS security updates][node-image-auto-upgrade] schedule to a weekly cadence if you're using `NodeImage` channel since a new node image gets shipped every week and daily if you opt in for `SecurityPatch` channel to receive daily security updates. Set the [auto-upgrade][auto-upgrade] schedule to a monthly cadence to stay on top of the kubernetes N-2 [support policy][aks-support-policy]. +  + ## Next steps - To get started with upgrading your AKS cluster, see [Upgrade an AKS cluster][aks-upgrade] |
aks | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/policy-reference.md | Title: Built-in policy definitions for Azure Kubernetes Service description: Lists Azure Policy built-in policy definitions for Azure Kubernetes Service. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
aks | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS) description: Lists Azure Policy Regulatory Compliance controls available for Azure Kubernetes Service (AKS). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
aks | Stop Cluster Upgrade Api Breaking Changes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/stop-cluster-upgrade-api-breaking-changes.md | You can also check past API usage by enabling [Container Insights][container-ins > [!NOTE] > `Z` is the zone designator for the zero UTC/GMT offset, also known as 'Zulu' time. This example sets the end of the window to `13:00:00` GMT. For more information, see [Combined date and time representations](https://wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations). +* Once the previous command has succeeded, you can retry the upgrade operation. ++ ```azurecli-interactive + az aks upgrade --name myAKSCluster --resource-group myResourceGroup --kubernetes-version <KUBERNETES_VERSION> + ``` ++ ## Next steps This article showed you how to stop AKS cluster upgrades automatically on API breaking changes. To learn more about more upgrade options for AKS clusters, see [Upgrade options for Azure Kubernetes Service (AKS) clusters](./upgrade-cluster.md). |
aks | Upgrade Cluster | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/upgrade-cluster.md | To configure automatic upgrades, see the following articles: * [Automatically upgrade an AKS cluster](./auto-upgrade-cluster.md) * [Use Planned Maintenance to schedule and control upgrades for your AKS cluster](./planned-maintenance.md)-* [Stop AKS cluster upgrades automatically on API breaking changes (Preview)](./stop-cluster-upgrade-api-breaking-changes.md) +* [Stop AKS cluster upgrades automatically on API breaking changes](./stop-cluster-upgrade-api-breaking-changes.md) * [Automatically upgrade AKS cluster node operating system images](./auto-upgrade-node-image.md) * [Apply security updates to AKS nodes automatically using GitHub Actions](./node-upgrade-github-actions.md) |
aks | Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/upgrade.md | description: Learn about the various upgradeable components of an Azure Kubernet Previously updated : 11/11/2022 Last updated : 11/21/2023 # Upgrading Azure Kubernetes Service clusters and node pools The following table summarizes the details of updating each component: |Node image version upgrade|**Linux**: weekly<br>**Windows**: monthly|Yes|Automatic, Manual|[AKS node image upgrade][node-image-upgrade]| |Security patches and hot fixes for node images|As-necessary|||[AKS node security patches][node-security-patches]| +An important practice that you should include as part of your upgrade process is remembering to follow commonly used deployment and testing patterns. Testing an upgrade in a development or test environment before deployment in production is an important step to ensure application functionality and compatibility with the target environment. It can help you identify and fix any errors, bugs, or issues that might affect the performance, security, or usability of the application or underlying infrastructure. + ## Automatic upgrades Automatic upgrades can be performed through [auto upgrade channels][auto-upgrade] or via [GitHub Actions][gh-actions-upgrade]. |
api-management | Credentials How To User Delegated | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/credentials-how-to-user-delegated.md | description: Learn how to configure a connection with user-delegated permissions + Last updated 11/14/2023 |
api-management | Grpc Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/grpc-api.md | |
api-management | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/policy-reference.md | Title: Built-in policy definitions for Azure API Management description: Lists Azure Policy built-in policy definitions for Azure API Management. These built-in policy definitions provide approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
api-management | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure API Management description: Lists Azure Policy Regulatory Compliance controls available for Azure API Management. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
app-service | Configure Language Java | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-language-java.md | More configuration may be necessary for encrypting your JDBC connection with cer - [PostgreSQL](https://jdbc.postgresql.org/documentation/ssl/) - [SQL Server](/sql/connect/jdbc/connecting-with-ssl-encryption)-- [MySQL](https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html) - [MongoDB](https://mongodb.github.io/mongo-java-driver/3.4/driver/tutorials/ssl/) - [Cassandra](https://docs.datastax.com/en/developer/java-driver/4.3/) |
app-service | Deploy Azure Pipelines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-azure-pipelines.md | Title: Configure CI/CD with Azure Pipelines description: Learn how to deploy your code to Azure App Service from a CI/CD pipeline with Azure Pipelines. Previously updated : 09/13/2022 Last updated : 12/13/2023 ms. Use [Azure Pipelines](/azure/devops/pipelines/) to automatically deploy your web YAML pipelines are defined using a YAML file in your repository. A step is the smallest building block of a pipeline and can be a script or task (prepackaged script). [Learn about the key concepts and components that make up a pipeline](/azure/devops/pipelines/get-started/key-pipelines-concepts). -You'll use the [Azure Web App task](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app) to deploy to Azure App Service in your pipeline. For more complicated scenarios such as needing to use XML parameters in your deploy, you can use the [Azure App Service Deploy task](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment). +You'll use the [Azure Web App task (`AzureWebApp`)](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app) to deploy to Azure App Service in your pipeline. For more complicated scenarios such as needing to use XML parameters in your deploy, you can use the [Azure App Service deploy task (AzureRmWebAppDeployment)](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment). ## Prerequisites You'll use the [Azure Web App task](/azure/devops/pipelines/tasks/deploy/azure-r - Java: [Create a Java app on Azure App Service](quickstart-java.md) - Python: [Create a Python app in Azure App Service](quickstart-python.md) --### Create your pipeline +## 1. Create a pipeline for your stack The code examples in this section assume you're deploying an ASP.NET web app. You can adapt the instructions for other frameworks. -Learn more about [Azure Pipelines ecosystem support](/azure/devops/pipelines/ecosystems/ecosystems). +Learn more about [Azure Pipelines ecosystem support](/azure/devops/pipelines/ecosystems/ecosystems). # [YAML](#tab/yaml/) Learn more about [Azure Pipelines ecosystem support](/azure/devops/pipelines/eco 1. When your new pipeline appears, take a look at the YAML to see what it does. When you're ready, select **Save and run**. -### Add the Azure Web App task +# [Classic](#tab/classic/) ++To get started: ++1. Create a pipeline and select the **ASP.NET Core** template. This selection automatically adds the tasks required to build the code in the sample repository. ++2. Save the pipeline and queue a build to see it in action. ++ The **ASP.NET Core** pipeline template publishes the deployment ZIP file as an Azure artifact for the deployment task later. ++-- ++## 2. Add the deployment task ++# [YAML](#tab/yaml/) ++1. Click the end of the YAML file, then select **Show assistant**.' 1. Use the Task assistant to add the [Azure Web App](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app) task. :::image type="content" source="media/deploy-azure-pipelines/azure-web-app-task.png" alt-text="Screenshot of Azure web app task."::: -1. Select **Azure Resource Manager** for the **Connection type** and choose your **Azure subscription**. Make sure to **Authorize** your connection. + Alternatively, you can add the [Azure App Service deploy (AzureRmWebAppDeployment)](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment) task. -1. Select **Web App on Linux** and enter your `azureSubscription`, `appName`, and `package`. Your complete YAML should look like this. +1. Choose your **Azure subscription**. Make sure to **Authorize** your connection. The authorization creates the required service connection. ++1. Select the **App type**, **App name**, and **Runtime stack** based on your App Service app. Your complete YAML should look similar to the following code. ```yaml variables: Learn more about [Azure Pipelines ecosystem support](/azure/devops/pipelines/eco publishWebProjects: true - task: AzureWebApp@1 inputs:- azureSubscription: '<Azure service connection>' + azureSubscription: '<service-connection-name>' appType: 'webAppLinux'- appName: '<Name of web app>' + appName: '<app-name>' package: '$(System.DefaultWorkingDirectory)/**/*.zip' ``` - * **azureSubscription**: your Azure subscription. - * **appName**: the name of your existing app service. - * **package**: the file path to the package or a folder containing your app service contents. Wildcards are supported. + * **azureSubscription**: Name of the authorized service connection to your Azure subscription. + * **appName**: Name of your existing app. + * **package**: Fike path to the package or a folder containing your app service contents. Wildcards are supported. # [Classic](#tab/classic/) To get started: -1. Create a pipeline and select the **ASP.NET Core** template. This selection automatically adds the tasks required to build the code in the sample repository. --2. Save the pipeline and queue a build to see it in action. --3. Create a release pipeline and select the **Azure App Service Deployment** template for your stage. - This automatically adds the necessary tasks. --4. Link the build pipeline as an artifact for this release pipeline. Save the release pipeline and create a release to see it in action. ----Now you're ready to read through the rest of this article to learn some of the more common changes that people make to customize an Azure Web App deployment. --## Use the Azure Web App task +1. Create a [release pipeline](/azure/devops/pipelines/release/) by selecting **Releases** from the left menu and select **New pipeline**. -# [YAML](#tab/yaml/) +1. Select the **Azure App Service deployment** template for your stage. This automatically adds the necessary tasks. -The Azure Web App Deploy task is the simplest way to deploy to an Azure Web App. By default, your deployment happens to the root application in the Azure Web App. + > [!NOTE] + > If you're deploying a Node.js app to App Service on Windows, select the **Deploy Node.js App to Azure App Service** template. The only difference between these templates is that Node.js template configures the task to generate a **web.config** file containing a parameter that starts the **iisnode** service. -The [Azure App Service Deploy task](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment) allows you to modify configuration settings inside web packages and XML parameters files. +1. To link this release pipeline to the Azure artifact from the previous step, select **Add an artifact** > **Build**. -### Deploy a Web Deploy package +1. In **Source (build pipeline)**, select the build pipeline you created in the previous section, then select **Add**. -To deploy a .zip Web Deploy package (for example, from an ASP.NET web app) to an Azure Web App, -add the following snippet to your *azure-pipelines.yml* file: +1. Save the release pipeline and create a release to see it in action. -```yaml -- task: AzureWebApp@1- inputs: - azureSubscription: '<Azure service connection>' - appName: '<Name of web app>' - package: $(System.DefaultWorkingDirectory)/**/*.zip -``` --* **azureSubscription**: your Azure subscription. -* **appName**: the name of your existing app service. -* **package**: the file path to the package or a folder containing your app service contents. Wildcards are supported. + -The snippet assumes that the build steps in your YAML file produce the zip archive in the `$(System.DefaultWorkingDirectory)` folder on your agent. +### Example: Deploy a .NET app -For information on Azure service connections, see the [following section](#endpoint). +# [YAML](#tab/yaml/) -### Deploy a .NET app +To deploy a .zip web package (for example, from an ASP.NET web app) to an Azure Web App, use the following snippet to deploy the build to an app. -if you're building a [.NET Core app](/azure/devops/pipelines/ecosystems/dotnet-core), use the following snipped to deploy the build to an app. ```yaml variables: steps: publishWebProjects: true - task: AzureWebApp@1 inputs:- azureSubscription: '<Azure service connection>' + azureSubscription: '<service-connection-name>' appType: 'webAppLinux'- appName: '<Name of web app>' + appName: '<app-name>' package: '$(System.DefaultWorkingDirectory)/**/*.zip' ``` steps: * **appName**: the name of your existing app service. * **package**: the file path to the package or a folder containing your app service contents. Wildcards are supported. - # [Classic](#tab/classic/) -The simplest way to deploy to an Azure Web App is to use the **Azure Web App** task. -To deploy to any Azure App service (Web app for Windows, Linux, container, Function app or web jobs), use the **Azure App Service Deploy** task. -This task is automatically added to the release pipeline when you select one of the prebuilt deployment templates for Azure App Service deployment. -Templates exist for apps developed in various programming languages. If you can't find a template for your language, select the generic **Azure App Service Deployment** template. --When you link the artifact in your release pipeline to a build that compiles and publishes the web package, -it's automatically downloaded and placed into the `$(System.DefaultWorkingDirectory)` folder on the agent as part of the release. -This is where the task picks up the web package for deployment. ----<a name="endpoint"></a> --## Use a service connection +For classic pipelines, it's the easiest to define build and release stages in separate pages (**Pipelines** and **Releases**, respectively). In general, you: -To deploy to Azure App Service, you'll need to use an Azure Resource Manager [service connection](/azure/devops/pipelines/library/service-endpoints). The Azure service connection stores the credentials to connect from Azure Pipelines or Azure DevOps Server to Azure. +- In the **Pipelines** page, build and test your app by using the template of your choice, such as **ASP.NET Core**, **Node.js with Grunt**, **Maven**, or others, and publish an artifact. +- In the **Release** page, use the generic **Azure App Service deployment** template to deploy the artifact. -Learn more about [Azure Resource Manager service connections](/azure/devops/pipelines/library/connect-to-azure). If your service connection isn't working as expected, see [Troubleshooting service connections](/azure/devops/pipelines/release/azure-rm-endpoint). --# [YAML](#tab/yaml/) --You'll need an Azure service connection for the `AzureWebApp` task. The Azure service connection stores the credentials to connect from Azure Pipelines to Azure. See [Create an Azure service connection](/azure/devops/pipelines/library/connect-to-azure). --# [Classic](#tab/classic/) --For Azure DevOps Services, the easiest way to get started with this task is to be signed in as a user who owns both the Azure DevOps Services organization and the Azure subscription. In this case, you won't have to manually create the service connection. --Otherwise, to learn how to create an Azure service connection, see [Create an Azure service connection](/azure/devops/pipelines/library/connect-to-azure). +There may be templates for specific programming languages to choose from. -## Deploy to a virtual application +## Example: deploy to a virtual application # [YAML](#tab/yaml/) -By default, your deployment happens to the root application in the Azure Web App. You can deploy to a specific virtual application by using the `VirtualApplication` property of the `AzureRmWebAppDeployment` task: +By default, your deployment happens to the root application in the Azure Web App. You can deploy to a specific virtual application by using the `VirtualApplication` property of the Azure App Service deploy (`AzureRmWebAppDeployment`) task: ```yaml - task: AzureRmWebAppDeployment@4 By default, your deployment happens to the root application in the Azure Web App VirtualApplication: '<name of virtual application>' ``` -* **VirtualApplication**: the name of the Virtual Application that has been configured in the Azure portal. For more information, see [Configure an App Service app in the Azure portal +* **VirtualApplication**: the name of the Virtual Application that's configured in the Azure portal. For more information, see [Configure an App Service app in the Azure portal ](./configure-common.md). # [Classic](#tab/classic/) -By default, your deployment happens to the root application in the Azure Web App. If you want to deploy to a specific virtual application, -enter its name in the **Virtual Application** property of the **Azure App Service Deploy** task. +By default, your deployment happens to the root application in the Azure Web App. If you want to deploy to a specific virtual application, enter its name in the **Virtual Application** property of the **Azure App Service deploy** task. -## Deploy to a slot +## Example: Deploy to a slot # [YAML](#tab/yaml/) -You can configure the Azure Web App to have multiple slots. Slots allow you to safely deploy your app and test it before making it available to your customers. - The following example shows how to deploy to a staging slot, and then swap to a production slot: ```yaml - task: AzureWebApp@1 inputs:- azureSubscription: '<Azure service connection>' + azureSubscription: '<service-connection-name>' appType: webAppLinux- appName: '<name of web app>' + appName: '<app-name>' deployToSlotOrASE: true resourceGroupName: '<name of resource group>' slotName: staging The following example shows how to deploy to a staging slot, and then swap to a - task: AzureAppServiceManage@0 inputs:- azureSubscription: '<Azure service connection>' + azureSubscription: '<service-connection-name>' appType: webAppLinux- WebAppName: '<name of web app>' + WebAppName: '<app-name>' ResourceGroupName: '<name of resource group>' SourceSlot: staging SwapWithProduction: true The following example shows how to deploy to a staging slot, and then swap to a # [Classic](#tab/classic/) -You can configure the Azure Web App to have multiple slots. Slots allow you to safely deploy your app and test it before making it available to your customers. --Use the option **Deploy to Slot or App Service Environment** in the **Azure Web App** task to specify the slot to deploy to. +Use the option **Deploy to Slot or App Service Environment** in the **Azure Web App** task to specify the slot to deploy to. To swap the slots, use the **Azure App Service manage** task. -## Deploy to multiple web apps +## Example: Deploy to multiple web apps # [YAML](#tab/yaml/) -You can use [jobs](/azure/devops/pipelines/process/phases) in your YAML file to set up a pipeline of deployments. -By using jobs, you can control the order of deployment to multiple web apps. +You can use [jobs](/azure/devops/pipelines/process/phases) in your YAML file to set up a pipeline of deployments. By using jobs, you can control the order of deployment to multiple web apps. ```yaml jobs: jobs: # deploy to Azure Web App staging - task: AzureWebApp@1 inputs:- azureSubscription: '<Azure service connection>' + azureSubscription: '<service-connection-name>' appType: <app type>- appName: '<name of test stage web app>' + appName: '<staging-app-name>' deployToSlotOrASE: true- resourceGroupName: <resource group name> + resourceGroupName: <group-name> slotName: 'staging' package: '$(Build.ArtifactStagingDirectory)/**/*.zip' jobs: - task: AzureWebApp@1 inputs:- azureSubscription: '<Azure service connection>' + azureSubscription: '<service-connection-name>' appType: <app type>- appName: '<name of test stage web app>' - resourceGroupName: <resource group name> + appName: '<production-app-name>' + resourceGroupName: <group-name> package: '$(Pipeline.Workspace)/**/*.zip' ``` # [Classic](#tab/classic/) -If you want to deploy to multiple web apps, add stages to your release pipeline. -You can control the order of deployment. To learn more, see [Stages](/azure/devops/pipelines/process/stages). +If you want to deploy to multiple web apps, add stages to your release pipeline. You can control the order of deployment. To learn more, see [Stages](/azure/devops/pipelines/process/stages). -## Make configuration changes --For most language stacks, [app settings](./configure-common.md?toc=%2fazure%2fapp-service%2fcontainers%2ftoc.json#configure-app-settings) and [connection strings](./configure-common.md?toc=%2fazure%2fapp-service%2fcontainers%2ftoc.json#configure-connection-strings) can be set as environment variables at runtime. --App settings can also be resolved from Key Vault using [Key Vault references](./app-service-key-vault-references.md). +## Example: Make variable substitutions -For ASP.NET and ASP.NET Core developers, setting app settings in App Service are like setting them in `<appSettings>` in Web.config. -You might want to apply a specific configuration for your web app target before deploying to it. -This is useful when you deploy the same build to multiple web apps in a pipeline. -For example, if your Web.config file contains a connection string named `connectionString`, -you can change its value before deploying to each web app. You can do this either by applying -a Web.config transformation or by substituting variables in your Web.config file. +For most language stacks, [app settings](./configure-common.md?toc=%2fazure%2fapp-service%2fcontainers%2ftoc.json#configure-app-settings) and [connection strings](./configure-common.md?toc=%2fazure%2fapp-service%2fcontainers%2ftoc.json#configure-connection-strings) can be set as environment variables at runtime. -**Azure App Service Deploy task** allows users to modify configuration settings in configuration files (*.config files) inside web packages and XML parameters files (parameters.xml), based on the stage name specified. --> [!NOTE] -> File transforms and variable substitution are also supported by the separate [File Transform task](/azure/devops/pipelines/tasks/utility/file-transform) for use in Azure Pipelines. -You can use the File Transform task to apply file transformations and variable substitutions on any configuration and parameters files. ---### Variable substitution +But there are other reasons you would want to make variable substitutions to your *Web.config*. In this example, your Web.config file contains a connection string named `connectionString`. You can change its value before deploying to each web app. You can do this either by applying a Web.config transformation or by substituting variables in your Web.config file. # [YAML](#tab/yaml/) -The following snippet shows an example of variable substitution: +The following snippet shows an example of variable substitution by using the Azure App Service Deploy (`AzureRmWebAppDeployment`) task: ```yaml jobs: To change `connectionString` by using variable substitution: -## Deploying conditionally +## Example: Deploy conditionally # [YAML](#tab/yaml/) -To do this in YAML, you can use one of these techniques: +To do this in YAML, you can use one of the following techniques: * Isolate the deployment steps into a separate job, and add a condition to that job. * Add a condition to the step. The following example shows how to use step conditions to deploy only builds tha - task: AzureWebApp@1 condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) inputs:- azureSubscription: '<Azure service connection>' - appName: '<name of web app>' + azureSubscription: '<service-connection-name>' + appName: '<app-name>' ``` To learn more about conditions, see [Specify conditions](/azure/devops/pipelines/process/conditions). To learn more, see [Release, branch, and stage triggers](/azure/devops/pipelines -## (Classic) Deploy a release pipeline +## Example: deploy using Web Deploy ++The Azure App Service deploy (`AzureRmWebAppDeployment`) task can deploy to App Service using Web Deploy. ++# [YAML](#tab/yaml/) ++```yml +trigger: +- main ++pool: + vmImage: windows-latest ++variables: + buildConfiguration: 'Release' -You can use a release pipeline to pick up the artifacts published by your build and then deploy them to your Azure web site. +steps: +- script: dotnet build --configuration $(buildConfiguration) + displayName: 'dotnet build $(buildConfiguration)' +- task: DotNetCoreCLI@2 + inputs: + command: 'publish' + publishWebProjects: true + arguments: '--configuration $(buildConfiguration)' + zipAfterPublish: true +- task: AzureRmWebAppDeployment@4 + inputs: + ConnectionType: 'AzureRM' + azureSubscription: '<service-connection-name>' + appType: 'webApp' + WebAppName: '<app-name>' + packageForLinux: '$(System.DefaultWorkingDirectory)/**/*.zip' + enableCustomDeployment: true + DeploymentType: 'webDeploy' +``` -1. Do one of the following to start creating a release pipeline: +# [Classic](#tab/classic/) - * If you've just completed a CI build, choose the link (for example, _Build 20170815.1_) - to open the build summary. Then choose **Release** to start a new release pipeline that's automatically linked to the build pipeline. +In the release pipeline, assuming you're using the **Azure App Service deployment** template: - * Open the **Releases** tab in **Azure Pipelines**, open the **+** dropdown - in the list of release pipelines, and choose **Create release pipeline**. +1. Select the **Tasks** tab, then select **Deploy Azure App Service**. This is the `AzureRmWebAppDeployment` task. -1. The easiest way to create a release pipeline is to use a template. If you're deploying a Node.js app, select the **Deploy Node.js App to Azure App Service** template. - Otherwise, select the **Azure App Service Deployment** template. Then choose **Apply**. +1. In the dialog, make sure that **Connection type** is set to **Azure Resource Manager**. - > [!NOTE] - > The only difference between these templates is that Node.js template configures the task to generate a **web.config** file containing a parameter that starts the **iisnode** service. +1. In the dialog, expand **Additional Deployment Options** and select **Select deployment method**. Make sure that **Web Deploy** is selected as the deployment method. -1. If you created your new release pipeline from a build summary, check that the build pipeline and artifact - is shown in the **Artifacts** section on the **Pipeline** tab. If you created a new release pipeline from - the **Releases** tab, choose the **+ Add** link and select your build artifact. +1. Save the release pipeline. -1. Choose the **Continuous deployment** icon in the **Artifacts** section, check that the - continuous deployment trigger is enabled, and add a filter to include the **main** branch. +> [!NOTE] +> With the [`AzureRmWebAppDeployment@3`](/azure/devops/pipelines/tasks/reference/azure-rm-web-app-deployment-v3) and [`AzureRmWebAppDeployment@4`](/azure/devops/pipelines/tasks/reference/azure-rm-web-app-deployment-v4) tasks, you should use the **Azure Resource Manager** connection type, or `AzureRM`, when deploying with Web Deploy. It uses publishing profiles for deployment when basic authentication is enabled for your app, but it uses the more secure Entra ID authentication when [basic authentication is disabled](configure-basic-auth-disable.md). - > [!NOTE] - > Continuous deployment isn't enabled by default when you create a new release pipeline from the **Releases** tab. + -1. Open the **Tasks** tab and, with **Stage 1** selected, configure the task property variables as follows: +## Frequently asked questions - * **Azure Subscription:** Select a connection from the list under **Available Azure Service Connections** or create a more restricted permissions connection to your Azure subscription. - If you're using Azure Pipelines and if you see an **Authorize** button next to the input, select it to authorize Azure Pipelines to connect to your Azure subscription. If you're using TFS or if you don't see the desired Azure subscription in the list of subscriptions, see [Azure Resource Manager service connection](/azure/devops/pipelines/library/connect-to-azure) to manually set up the connection. +#### What's the difference between the `AzureWebApp` and `AzureRmWebAppDeployment` tasks? - * **App Service Name**: Select the name of the web app from your subscription. +The Azure Web App task (`AzureWebApp`) is the simplest way to deploy to an Azure Web App. By default, your deployment happens to the root application in the Azure Web App. - > [!NOTE] - > Some settings for the tasks may have been automatically defined as - > [stage variables](/azure/devops/pipelines/release/variables#custom-variables) - > when you created a release pipeline from a template. - > These settings cannot be modified in the task settings; instead you must - > select the parent stage item in order to edit these settings. - +The [Azure App Service Deploy task (`AzureRmWebAppDeployment`)](/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment) can handle more custom scenarios, such as: -1. Save the release pipeline. +- [Modify configuration settings](#example-make-variable-substitutions) inside web packages and XML parameters files. +- [Deploy with Web Deploy](#example-deploy-using-web-deploy), if you're used to the IIS deployment process. +- [Deploy to virtual applications](#example-deploy-to-a-virtual-application). +- Deploy to other app types, like Container apps, Function apps, WebJobs, or API and Mobile apps. -### Create a release to deploy your app +> [!NOTE] +> File transforms and variable substitution are also supported by the separate [File Transform task](/azure/devops/pipelines/tasks/utility/file-transform) for use in Azure Pipelines. You can use the File Transform task to apply file transformations and variable substitutions on any configuration and parameters files. -You're now ready to create a release, which means to run the release pipeline with the artifacts produced by a specific build. This will result in deploying the build: +#### I get the message "Invalid App Service package or folder path provided." -1. Choose **+ Release** and select **Create a release**. +In YAML pipelines, depending on your pipeline, there may be a mismatch between where your built web package is saved and where the deploy task is looking for it. For example, the `AzureWebApp` task picks up the web package for deployment. For example, the AzureWebApp task looks in `$(System.DefaultWorkingDirectory)/**/*.zip`. If the web package is deposited elsewhere, modify the value of `package`. -1. In the **Create a new release** panel, check that the artifact version you want to use is selected and choose **Create**. +#### I get the message "Publish using webdeploy options are supported only when using Windows agent." -1. Choose the release link in the information bar message. For example: "Release **Release-1** has been created". +This error occurs in the **AzureRmWebAppDeployment** task when you configure the task to deploy using Web Deploy, but your agent isn't running Windows. Verify that your YAML has something similar to the following code: ++```yml +pool: + vmImage: windows-latest +``` -1. In the pipeline view, choose the status link in the stages of the pipeline to see the logs and agent output. +#### Web Deploy doesn't work when I disable basic authentication -1. After the release is complete, navigate to your site running in Azure using the Web App URL `http://{web_app_name}.azurewebsites.net`, and verify its contents. +For troubleshooting information on getting Microsoft Entra ID authentication to work with the `AzureRmWebAppDeployment` task, see [I can't Web Deploy to my Azure App Service using Microsoft Entra ID authentication from my Windows agent](/azure/devops/pipelines/tasks/reference/azure-rm-web-app-deployment-v4#i-cant-web-deploy-to-my-azure-app-service-using-microsoft-entra-id-authentication-from-my-windows-agent) ## Next steps |
app-service | Deploy Configure Credentials | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-configure-credentials.md | description: Learn what types of deployment credentials are in Azure App Service Last updated 02/11/2021 -+ |
app-service | Deploy Continuous Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-continuous-deployment.md | Title: Configure continuous deployment description: Learn how to enable CI/CD to Azure App Service from GitHub, Bitbucket, Azure Repos, or other repos. Select the build pipeline that fits your needs. ms.assetid: 6adb5c84-6cf3-424e-a336-c554f23b4000 Previously updated : 03/12/2021 Last updated : 12/12/2023 Select the tab that corresponds to your build provider to continue. # [GitHub](#tab/github) -4. [GitHub Actions](#how-the-github-actions-build-provider-works) is the default build provider. To change the provider, select **Change provider** > **App Service Build Service** (Kudu) > **OK**. +4. [GitHub Actions](#how-does-the-github-actions-build-provider-work) is the default build provider. To change the provider, select **Change provider** > **App Service Build Service** (Kudu) > **OK**. > [!NOTE] > To use Azure Pipelines as the build provider for your App Service app, configure CI/CD directly from Azure Pipelines. Don't configure it in App Service. The **Azure Pipelines** option just points you in the right direction. Select the tab that corresponds to your build provider to continue. 1. If you're deploying from GitHub for the first time, select **Authorize** and follow the authorization prompts. If you want to deploy from a different user's repository, select **Change Account**. 1. After you authorize your Azure account with GitHub, select the **Organization**, **Repository**, and **Branch** to configure CI/CD for. -If you canΓÇÖt find an organization or repository, you might need to enable more permissions on GitHub. For more information, see [Managing access to your organization's repositories](https://docs.github.com/organizations/managing-access-to-your-organizations-repositories). -1. When GitHub Actions is selected as the build provider, you can select the workflow file you want by using the **Runtime stack** and **Version** dropdown lists. Azure commits this workflow file into your selected GitHub repository to handle build and deploy tasks. To see the file before saving your changes, select **Preview file**. + If you canΓÇÖt find an organization or repository, you might need to enable more permissions on GitHub. For more information, see [Managing access to your organization's repositories](https://docs.github.com/organizations/managing-access-to-your-organizations-repositories). ++1. (Preview) Under **Authentication type**, select **User-assigned identity** for better security. For more information, see [frequently asked questions](). ++1. When **GitHub Actions** is selected as the build provider, you can select the workflow file you want by using the **Runtime stack** and **Version** dropdown lists. Azure commits this workflow file into your selected GitHub repository to handle build and deploy tasks. To see the file before saving your changes, select **Preview file**. > [!NOTE]- > App Service detects the [language stack setting](configure-common.md#configure-language-stack-settings) of your app and selects the most appropriate workflow template. If you choose a different template, it might deploy an app that doesn't run properly. For more information, see [How the GitHub Actions build provider works](#how-the-github-actions-build-provider-works). + > App Service detects the [language stack setting](configure-common.md#configure-language-stack-settings) of your app and selects the most appropriate workflow template. If you choose a different template, it might deploy an app that doesn't run properly. For more information, see [How the GitHub Actions build provider works](#how-does-the-github-actions-build-provider-work). 1. Select **Save**. See [Local Git deployment to Azure App Service](deploy-local-git.md). ![Screenshot that shows how to disconnect your cloud folder sync with your App Service app in the Azure portal.](media/app-service-continuous-deployment/disable.png) -1. By default, the GitHub Actions workflow file is preserved in your repository, but it will continue to trigger deployment to your app. To delete the file from your repository, select **Delete workflow file**. +1. By default, the GitHub Actions workflow file is preserved in your repository, but it continues to trigger deployment to your app. To delete the file from your repository, select **Delete workflow file**. 1. Select **OK**. [!INCLUDE [What happens to my app during deployment?](../../includes/app-service-deploy-atomicity.md)] -## How the GitHub Actions build provider works +## Frequently asked questions ++- [How does the GitHub Actions build provider work?](#how-does-the-github-actions-build-provider-work) +- [How do I configure continuous deployment without basic authentication?](#how-do-i-configure-continuous-deployment-without-basic-authentication) +- [What does the user-assigned identity option do for GitHub Actions?](#what-does-the-user-assigned-identity-option-do-for-github-actions) +- [I see "You do not have sufficient permissions on this app to assign role-based access to a managed identity and configure federated credentials." when I select the user-assigned identity option with GitHub Actions.](#i-see-you-do-not-have-sufficient-permissions-on-this-app-to-assign-role-based-access-to-a-managed-identity-and-configure-federated-credentials-when-i-select-the-user-assigned-identity-option-with-github-actions) +- [How do I deploy from other repositories](#how-do-i-deploy-from-other-repositories) ++#### How does the GitHub Actions build provider work? The GitHub Actions build provider is an option for [CI/CD from GitHub](#configure-the-deployment-source). It completes these actions to set up CI/CD: You can customize the GitHub Actions build provider in these ways: - Customize the workflow file after it's generated in your GitHub repository. For more information, see [Workflow syntax for GitHub Actions](https://docs.github.com/actions/reference/workflow-syntax-for-github-actions). Just make sure that the workflow deploys to App Service with the [azure/webapps-deploy](https://github.com/Azure/webapps-deploy) action. - If the selected branch is protected, you can still preview the workflow file without saving the configuration and then manually add it into your repository. This method doesn't give you log integration with the Azure portal.-- Instead of using a publishing profile, deploy by using a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) in Microsoft Entra ID.--#### Authenticate by using a service principal --This optional configuration replaces the default authentication with publishing profiles in the generated workflow file. --1. Generate a service principal by using the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). In the following example, replace \<subscription-id>, \<group-name>, and \<app-name> with your own values: -- ```azurecli-interactive - az ad sp create-for-rbac --name "myAppDeployAuth" --role contributor \ - --scopes /subscriptions/<subscription-id>/resourceGroups/<group-name>/providers/Microsoft.Web/sites/<app-name> \ - --sdk-auth - ``` - - > [!IMPORTANT] - > For security, grant the minimum required access to the service principal. The scope in the previous example is limited to the specific App Service app and not the entire resource group. - -1. Save the entire JSON output for the next step, including the top-level `{}`. --1. In [GitHub](https://github.com/), in your repository, select **Settings** > **Secrets** > **Add a new secret**. --1. Paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret a name like `AZURE_CREDENTIALS`. --1. In the workflow file generated by the Deployment Center, revise the `azure/webapps-deploy` step to look like the following example (which is modified from a Node.js workflow file): -- ```yaml - - name: Sign in to Azure - # Use the GitHub secret you added. - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - name: Deploy to Azure Web App - # Remove publish-profile. - uses: azure/webapps-deploy@v2 - with: - app-name: '<app-name>' - slot-name: 'production' - package: . - - name: Sign out of Azure. - run: | - az logout - ``` - -## Deploy from other repositories +- Instead of using a user-assigned managed identity or the publishing profile, you can also deploy by using a [service principal](deploy-github-actions.md?tabs=userlevel) in Microsoft Entra ID. ++#### How do I configure continuous deployment without basic authentication? ++To configure continuous deployment [without basic authentication](configure-basic-auth-disable.md), try using GitHub Actions with the **user-assigned identity** option. ++#### What does the user-assigned identity option do for GitHub Actions? ++When you select **user-assigned identity** under the **GitHub Actions** source, Azure creates a [user-managed identity](/en-us/entra/identity/managed-identities-azure-resources/overview#managed-identity-types) for you and [federates it with GitHub as an authorized client](/entra/workload-id/workload-identity-federation-create-trust-user-assigned-managed-identity?pivots=identity-wif-mi-methods-azp). This user-managed identity isn't shown in the **Identities** page for your app. ++This automatically created user-managed identity should be used only for the GitHub Actions deployment. Using it for other configurations isn't supported. ++#### I see "You do not have sufficient permissions on this app to assign role-based access to a managed identity and configure federated credentials." when I select the user-assigned identity option with GitHub Actions. ++To use the **user-assigned identity** option for your GitHub Actions deployment, you need the `Microsoft.Authorization/roleAssignments/write` permission on your app. By default, the **User Access Administrator** role and **Owner** role have this permission already, but the **Contributor** role doesn't. ++#### How do I deploy from other repositories For Windows apps, you can manually configure continuous deployment from a cloud Git or Mercurial repository that the portal doesn't directly support, like [GitLab](https://gitlab.com/). You do that by selecting **External Git** in the **Source** dropdown list. For more information, see [Set up continuous deployment using manual steps](https://github.com/projectkudu/kudu/wiki/Continuous-deployment#setting-up-continuous-deployment-using-manual-steps). |
app-service | Deploy Github Actions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-github-actions.md | Title: Configure CI/CD with GitHub Actions description: Learn how to deploy your code to Azure App Service from a CI/CD pipeline with GitHub Actions. Customize the build tasks and execute complex deployments. Previously updated : 12/14/2021 Last updated : 12/14/2023 The file has three sections: ## Use the Deployment Center -You can quickly get started with GitHub Actions by using the App Service Deployment Center. This will automatically generate a workflow file based on your application stack and commit it to your GitHub repository in the correct directory. --1. Navigate to your webapp in the Azure portal -1. On the left side, click **Deployment Center** -1. Under **Continuous Deployment (CI / CD)**, select **GitHub** -1. Next, select **GitHub Actions** -1. Use the dropdowns to select your GitHub repository, branch, and application stack - - If the selected branch is protected, you can still continue to add the workflow file. Be sure to review your branch protections before continuing. -1. On the final screen, you can review your selections and preview the workflow file that will be committed to the repository. If the selections are correct, click **Finish** --This will commit the workflow file to the repository. The workflow to build and deploy your app will start immediately. +You can quickly get started with GitHub Actions by using the App Service Deployment Center. This turn-key method automatically generates a workflow file based on your application stack and commits it to your GitHub repository in the correct directory. For more information, see [Continuous deployment to Azure App Service](deploy-continuous-deployment.md). ## Set up a workflow manually -You can also deploy a workflow without using the Deployment Center. To do so, you will need to first generate deployment credentials. +You can also deploy a workflow without using the Deployment Center. To do so, you need to first generate deployment credentials. ## Generate deployment credentials -The recommended way to authenticate with Azure App Services for GitHub Actions is with a publish profile. You can also authenticate with a service principal or Open ID Connect but the process requires more steps. +The recommended way to authenticate with Azure App Services for GitHub Actions is with a user-defined managed identity, and the easiest way for that is by [configuring GitHub Actions deployment directly in the portal](deploy-continuous-deployment.md) instead and selecting **User-assigned managed identity**. -Save your publish profile credential or service principal as a [GitHub secret](https://docs.github.com/en/actions/reference/encrypted-secrets) to authenticate with Azure. You'll access the secret within your workflow. +> [!NOTE] +> Authentication using a user-assigned managed identity is currently in preview. ++Alternatively, you can authenticate with a service principal, OpenID Connect, or a publish profile. # [Publish profile](#tab/applevel) +> [!NOTE] +> Publish profile requires [basic authentication](configure-basic-auth-disable.md) to be enabled. + A publish profile is an app-level credential. Set up your publish profile as a GitHub secret. 1. Go to your app service in the Azure portal. A publish profile is an app-level credential. Set up your publish profile as a G 1. Save the downloaded file. You'll use the contents of the file to create a GitHub secret. > [!NOTE]-> As of October 2020, Linux web apps will need the app setting `WEBSITE_WEBDEPLOY_USE_SCM` set to `true` **before downloading the publish profile**. This requirement will be removed in the future. +> As of October 2020, Linux web apps needs the app setting `WEBSITE_WEBDEPLOY_USE_SCM` set to `true` **before downloading the publish profile**. This requirement will be removed in the future. # [Service principal](#tab/userlevel) az ad sp create-for-rbac --name "myApp" --role contributor \ --sdk-auth ``` -In the example above, replace the placeholders with your subscription ID, resource group name, and app name. The output is a JSON object with the role assignment credentials that provide access to your App Service app similar to below. Copy this JSON object for later. +In the previous example, replace the placeholders with your subscription ID, resource group name, and app name. The output is a JSON object with the role assignment credentials that provide access to your App Service app similar to the following JSON snippet. Copy this JSON object for later. ```output { In the example above, replace the placeholders with your subscription ID, resour OpenID Connect is an authentication method that uses short-lived tokens. Setting up [OpenID Connect with GitHub Actions](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) is more complex process that offers hardened security. -1. If you do not have an existing application, register a [new Active Directory application and service principal that can access resources](../active-directory/develop/howto-create-service-principal-portal.md). Create the Active Directory application. +1. If you don't have an existing application, register a [new Active Directory application and service principal that can access resources](../active-directory/develop/howto-create-service-principal-portal.md). Create the Active Directory application. ```azurecli-interactive az ad app create --display-name myApp ``` - This command will output JSON with an `appId` that is your `client-id`. Save the value to use as the `AZURE_CLIENT_ID` GitHub secret later. + This command outputs a JSON with an `appId` that is your `client-id`. Save the value to use as the `AZURE_CLIENT_ID` GitHub secret later. You'll use the `objectId` value when creating federated credentials with Graph API and reference it as the `APPLICATION-OBJECT-ID`. OpenID Connect is an authentication method that uses short-lived tokens. Setting az ad sp create --id $appId ``` -1. Create a new role assignment by subscription and object. By default, the role assignment will be tied to your default subscription. Replace `$subscriptionId` with your subscription ID, `$resourceGroupName` with your resource group name, and `$assigneeObjectId` with the generated `assignee-object-id`. Learn [how to manage Azure subscriptions with the Azure CLI](/cli/azure/manage-azure-subscriptions-azure-cli). +1. Create a new role assignment by subscription and object. By default, the role assignment is tied to your default subscription. Replace `$subscriptionId` with your subscription ID, `$resourceGroupName` with your resource group name, and `$assigneeObjectId` with the generated `assignee-object-id`. Learn [how to manage Azure subscriptions with the Azure CLI](/cli/azure/manage-azure-subscriptions-azure-cli). ```azurecli-interactive az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id $assigneeObjectId --scope /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/ --assignee-principal-type ServicePrincipal OpenID Connect is an authentication method that uses short-lived tokens. Setting * Replace `APPLICATION-OBJECT-ID` with the **objectId (generated while creating app)** for your Active Directory application. * Set a value for `CREDENTIAL-NAME` to reference later.- * Set the `subject`. The value of this is defined by GitHub depending on your workflow: + * Set the `subject`. Its value is defined by GitHub depending on your workflow: * Jobs in your GitHub Actions environment: `repo:< Organization/Repository >:environment:< Name >` * For Jobs not tied to an environment, include the ref path for branch/tag based on the ref path used for triggering the workflow: `repo:< Organization/Repository >:ref:< ref path>`. For example, `repo:n-username/ node_express:ref:refs/heads/my-branch` or `repo:n-username/ node_express:ref:refs/tags/my-tag`. * For workflows triggered by a pull request event: `repo:< Organization/Repository >:pull_request`. jobs: ## Next steps -You can find our set of Actions grouped into different repositories on GitHub, each one containing documentation and examples to help you use GitHub for CI/CD and deploy your apps to Azure. --- [Actions workflows to deploy to Azure](https://github.com/Azure/actions-workflow-samples)+Check out references on Azure GitHub Actions and workflows: - [Azure login](https://github.com/Azure/login)- - [Azure WebApp](https://github.com/Azure/webapps-deploy)- - [Azure WebApp for containers](https://github.com/Azure/webapps-container-deploy)- - [Docker login/logout](https://github.com/Azure/docker-login)--- [Events that trigger workflows](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)- - [K8s deploy](https://github.com/Azure/k8s-deploy)-+- [Actions workflows to deploy to Azure](https://github.com/Azure/actions-workflow-samples) - [Starter Workflows](https://github.com/actions/starter-workflows)+- [Events that trigger workflows](https://docs.github.com/en/actions/reference/events-that-trigger-workflows) |
app-service | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/policy-reference.md | Title: Built-in policy definitions for Azure App Service description: Lists Azure Policy built-in policy definitions for Azure App Service. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
app-service | Quickstart Dotnetcore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-dotnetcore.md | In this step, you fork a demo project to deploy. This quickstart uses the [Azure Developer CLI](/azure/developer/azure-developer-cli/overview) (`azd`) both to create Azure resources and deploy code to it. For more information about Azure Developer CLI, visit the [documentation](/azure/developer/azure-developer-cli/install-azd?tabs=winget-windows%2Cbrew-mac%2Cscript-linux&pivots=os-windows) or [training path](/training/paths/azure-developer-cli/). -Retrieve and initialize [the ASP.NET Core web app template](https://github.com/Azure-Samples/quickstart-deploy-aspnet-core-app-service.git) for this quickstart using the following steps: +Retrieve and initialize [the ASP.NET Core web app template](https://github.com/Azure-Samples/quickstart-deploy-aspnet-core-app-service) for this quickstart using the following steps: 1. Open a terminal window on your machine to an empty working directory. Initialize the `azd` template using the `azd init` command. |
app-service | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure App Service description: Lists Azure Policy Regulatory Compliance controls available for Azure App Service. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
application-gateway | Troubleshooting Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/troubleshooting-guide.md | Scenarios in which you would notice a 500-error code on Application Gateway for - It refers to a resource that doesn't exist. In this case, the HTTPRoute's status has a condition with reason set to `BackendNotFound` and the message explains that the resource doesn't exist. - It refers to a resource in another namespace when the reference isn't explicitly allowed by a ReferenceGrant (or equivalent concept). In this case, the HTTPRoute's status has a condition with reason set to `RefNotPermitted` and the message explains which cross-namespace reference isn't allowed. - For instance, if an HTTPRoute has two backends specified with equal weights, and one is invalid 50 percent of the traffic must receive a 500. This is based on the specifications provided by Gateway API [here](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io%2fv1beta1.HTTPRouteRule) + For instance, if an HTTPRoute has two backends specified with equal weights, and one is invalid 50 percent of the traffic must receive a 500. 2. No endpoints found for all backends: when there are no endpoints found for all the backends referenced in an HTTPRoute, a 500 error code is obtained. |
attestation | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/attestation/policy-reference.md | Title: Built-in policy definitions for Azure Attestation description: Lists Azure Policy built-in policy definitions for Azure Attestation. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
automation | Automation Child Runbooks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-child-runbooks.md | Title: Create modular runbooks in Azure Automation description: This article explains how to create a runbook that another runbook calls. Previously updated : 10/16/2022 Last updated : 11/21/2022 #Customer intent: As a developer, I want create modular runbooks so that I can be more efficient. Currently, PowerShell 5.1 is supported and only certain runbook types can call e * The PowerShell types and the PowerShell Workflow types can't call each other inline. They must use `Start-AzAutomationRunbook`. > [!IMPORTANT]-> Executing child scripts using `.\child-runbook.ps1` is not supported in PowerShell 7.1 and PowerShell 7.2 (preview). +> Executing child scripts using `.\child-runbook.ps1` is not supported in PowerShell 7.1 and PowerShell 7.2 **Workaround**: Use `Start-AutomationRunbook` (internal cmdlet) or `Start-AzAutomationRunbook` (from *Az.Automation* module) to start another runbook from parent runbook. The publish order of runbooks matters only for PowerShell Workflow and graphical PowerShell Workflow runbooks. |
automation | Automation Hrw Run Runbooks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-hrw-run-runbooks.md | Title: Run Azure Automation runbooks on a Hybrid Runbook Worker description: This article describes how to run runbooks on machines in your local datacenter or other cloud provider with the Hybrid Runbook Worker. Previously updated : 09/17/2023 Last updated : 11/21/2023 Azure Automation handles jobs on Hybrid Runbook Workers differently from jobs ru Jobs for Hybrid Runbook Workers run under the local **System** account. > [!NOTE]->- PowerShell 5.1, PowerShell 7.1(preview), Python 2.7, and Python 3.8(preview) runbooks are supported on both extension-based and agent-based Windows Hybrid Runbook Workers. For agent based workers, ensure the Windows Hybrid worker version is 7.3.12960 or above. ->- PowerShell 7.2 (preview) and Python 3.10 (preview) runbooks are supported on extension-based Windows Hybrid Workers only. Ensure the Windows Hybrid worker extension version is 1.1.11 or above. +>- PowerShell 5.1, PowerShell 7.1(preview), Python 2.7, and Python 3.8 runbooks are supported on both extension-based and agent-based Windows Hybrid Runbook Workers. For agent based workers, ensure the Windows Hybrid worker version is 7.3.12960 or above. +>- PowerShell 7.2 and Python 3.10 (preview) runbooks are supported on extension-based Windows Hybrid Workers only. Ensure the Windows Hybrid worker extension version is 1.1.11 or above. #### [Extension-based Hybrid Workers](#tab/win-extn-hrw) If the *Python* executable file is at the default location *C:\Python27\python.e ### Linux Hybrid Worker > [!NOTE]->- PowerShell 5.1, PowerShell 7.1(preview), Python 2.7, Python 3.8 (preview) runbooks are supported on both extension-based and agent-based Linux Hybrid Runbook Workers. For agent-based workers, ensure the Linux Hybrid Runbook worker version is 1.7.5.0 or above. ->- PowerShell 7.2 (preview) and Python 3.10 (preview) runbooks are supported on extension-based Linux Hybrid Workers only. Ensure the Linux Hybrid worker extension version is 1.1.11 or above. +>- PowerShell 5.1, PowerShell 7.1(preview), Python 2.7, Python 3.8 runbooks are supported on both extension-based and agent-based Linux Hybrid Runbook Workers. For agent-based workers, ensure the Linux Hybrid Runbook worker version is 1.7.5.0 or above. +>- PowerShell 7.2 and Python 3.10 (preview) runbooks are supported on extension-based Linux Hybrid Workers only. Ensure the Linux Hybrid worker extension version is 1.1.11 or above. #### [Extension-based Hybrid Workers](#tab/Lin-extn-hrw) |
automation | Automation Runbook Types | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-runbook-types.md | Title: Azure Automation runbook types description: This article describes the types of runbooks that you can use in Azure Automation and considerations for determining which type to use. Previously updated : 11/07/2023 Last updated : 11/21/2023 The Azure Automation Process Automation feature supports several types of runboo | Type | Description | |: |: |-| [PowerShell](#powershell-runbooks) |Textual runbook based on Windows PowerShell scripting. The currently supported versions are: PowerShell 5.1 (GA), PowerShell 7.1 (preview), and PowerShell 7.2 (preview).| +| [PowerShell](#powershell-runbooks) |Textual runbook based on Windows PowerShell scripting. The currently supported versions are: PowerShell 5.1 (GA), PowerShell 7.1 (preview), and PowerShell 7.2 (GA).| | [PowerShell Workflow](#powershell-workflow-runbooks)|Textual runbook based on Windows PowerShell Workflow scripting. | | [Python](#python-runbooks) |Textual runbook based on Python scripting. The currently supported versions are: Python 2.7 (GA), Python 3.8 (GA), and Python 3.10 (preview). | | [Graphical](#graphical-runbooks)|Graphical runbook based on Windows PowerShell and created and edited completely in the graphical editor in Azure portal. | Take into account the following considerations when determining which type to us PowerShell runbooks are based on Windows PowerShell. You directly edit the code of the runbook using the text editor in the Azure portal. You can also use any offline text editor and [import the runbook](manage-runbooks.md) into Azure Automation. -The PowerShell version is determined by the **Runtime version** specified (that is version 7.2 (preview), 7.1 (preview) or 5.1). The Azure Automation service supports the latest PowerShell runtime. +The PowerShell version is determined by the **Runtime version** specified (that is version 7.2, 7.1 (preview) or 5.1). The Azure Automation service supports the latest PowerShell runtime. -The same Azure sandbox and Hybrid Runbook Worker can execute **PowerShell 5.1** and **PowerShell 7.1 (preview)** runbooks side by side. +The same Azure sandbox and Hybrid Runbook Worker can execute multiple **PowerShell** runbooks targeting different runtime versions side by side. > [!NOTE]-> - Currently, PowerShell 7.2 (preview) runtime version is supported for both Cloud and Hybrid jobs in all Public regions except Australia Central2, Korea South, Sweden South, Jio India Central, Brazil Southeast, Central India, West India, UAE Central, and Gov clouds. -> - At the time of runbook execution, if you select **Runtime Version** as **7.1 (preview)**, PowerShell modules targeting 7.1 (preview) runtime version are used and if you select **Runtime Version** as **5.1**, PowerShell modules targeting 5.1 runtime version are used. This applies for PowerShell 7.2 (preview) modules and runbooks. +> - Currently, PowerShell 7.2 runtime version is supported for both Cloud and Hybrid jobs in all Public regions except Central India, UAE Central, Israel Central, Italy North, Germany North and Gov clouds. +> - At the time of runbook execution, if you select **Runtime Version** as **7.2**, PowerShell modules targeting 7.2 runtime version are used and if you select **Runtime Version** as **5.1**, PowerShell modules targeting 5.1 runtime version are used. This applies for PowerShell 7.1 (preview) modules and runbooks. Ensure that you select the right Runtime Version for modules. For example: if you're executing a runbook for a SharePoint automation scenario :::image type="content" source="./media/automation-runbook-types/runbook-types.png" alt-text="runbook Types."::: > [!NOTE]-> Currently, PowerShell 5.1, PowerShell 7.1 (preview) and PowerShell 7.2 (preview) are supported. +> Currently, PowerShell 5.1, PowerShell 7.1 (preview) and PowerShell 7.2 are supported. ### Advantages The following are the current limitations and known issues with PowerShell runbo **Limitations** -- You must be familiar with PowerShell scripting. - Runbooks can't use [parallel processing](automation-powershell-workflow.md#use-parallel-processing) to execute multiple actions in parallel. - Runbooks can't use [checkpoints](automation-powershell-workflow.md#use-checkpoints-in-a-workflow) to resume runbook if there's an error. - You can include only PowerShell, PowerShell Workflow runbooks, and graphical runbooks as child runbooks by using the [Start-AzAutomationRunbook](/powershell/module/az.automation/start-azautomationrunbook) cmdlet, which creates a new job. The following are the current limitations and known issues with PowerShell runbo **Limitations** -- You must be familiar with PowerShell scripting. - The Azure Automation internal PowerShell cmdlets aren't supported on a Linux Hybrid Runbook Worker. You must import the `automationassets` module at the beginning of your PowerShell runbook to access the Automation account shared resources (assets) functions. - For the PowerShell 7 runtime version, the module activities aren't extracted for the imported modules. - *PSCredential* runbook parameter type isn't supported in PowerShell 7 runtime version. The following are the current limitations and known issues with PowerShell runbo - If you import module Az.Accounts with version 2.12.3 or newer, ensure that you import the **Newtonsoft.Json** v10 module explicitly if PowerShell 7.1 runbooks have a dependency on this version of the module. The workaround for this issue is to use PowerShell 7.2 runbooks. -# [PowerShell 7.2 (preview)](#tab/lps72) +# [PowerShell 7.2](#tab/lps72) **Limitations** > [!NOTE]-> Currently, PowerShell 7.2 (preview) runtime version is supported for both Cloud and Hybrid jobs in all Public regions except Australia Central2, Korea South, Sweden South, Jio India Central, Brazil Southeast, Central India, West India, UAE Central, and Gov clouds. +> Currently, PowerShell 7.2 runtime version is supported for both Cloud and Hybrid jobs in all Public regions except Central India, UAE Central, Israel Central, Italy North, Germany North and Gov clouds. -- For the PowerShell 7 runtime version, the module activities aren't extracted for the imported modules.+- For the PowerShell 7.2 runtime version, the module activities aren't extracted for the imported modules. - PowerShell 7.x doesn't support workflows. For more information, see [PowerShell workflow](/powershell/scripting/whats-new/differences-from-windows-powershell#powershell-workflow) for more details. - PowerShell 7.x currently doesn't support signed runbooks.-- Source control integration doesn't support PowerShell 7.2 (preview). Also, PowerShell 7.2 (preview) runbooks in source control get created in Automation account as Runtime 5.1.-- Currently, PowerShell 7.2 (preview) runbooks are only supported from Azure portal. Rest API and PowerShell aren't supported.-- Az module 8.3.0 is installed by default and can't be managed at the automation account level for PowerShell 7.2 (preview). Use custom modules to override the Az module to the desired version.-- The imported PowerShell 7.2 (preview) module would be validated during job execution. Ensure that all dependencies for the selected module are also imported for successful job execution.-- PowerShell 7.2 module management is not supported through `Get-AzAutomationModule` cmdlets.+- Source control integration doesn't support PowerShell 7.2. Also, PowerShell 7.2 runbooks in source control get created in Automation account as Runtime 5.1. +- Az module 8.3.0 is installed by default. The complete list of component modules of selected Az module version is shown once Az version is configured again using Azure portal or API. +- The imported PowerShell 7.2 module would be validated during job execution. Ensure that all dependencies for the selected module are also imported for successful job execution. - Azure runbook doesn't support `Start-Job` with `-credential`. - Azure doesn't support all PowerShell input parameters. [Learn more](runbook-input-parameters.md). The following are the current limitations and known issues with PowerShell runbo PowerShell Workflow runbooks are text runbooks based on [Windows PowerShell Workflow](automation-powershell-workflow.md). You directly edit the code of the runbook using the text editor in the Azure portal. You can also use any offline text editor and [import the runbook](manage-runbooks.md) into Azure Automation. > [!NOTE]-> PowerShell 7.1 (preview) and PowerShell 7.2 (preview) do not support Workflow runbooks. +> PowerShell 7.1 (preview) and PowerShell 7.2 do not support Workflow runbooks. ### Advantages |
automation | Extension Based Hybrid Runbook Worker Install | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/extension-based-hybrid-runbook-worker-install.md | Follow the steps mentioned below as an example: ```powershell-interactive New-AzAutomationHybridRunbookWorkerGroup -AutomationAccountName "Contoso17" -Name "RunbookWorkerGroupName" -ResourceGroupName "ResourceGroup01" ```-1. Create an Azure VM or Arc-enabled server and add it to the above created Hybrid Worker Group. Use the below command to add an existing Azure VM or Arc-enabled Server to the Hybrid Worker Group. Generate a new GUID and pass it as `hybridRunbookWorkerGroupName`. To fetch `vmResourceId`, go to the **Properties** tab of the VM on Azure portal. +1. Create an Azure VM or Arc-enabled server and add it to the above created Hybrid Worker Group. Use the below command to add an existing Azure VM or Arc-enabled Server to the Hybrid Worker Group. Generate a new GUID and pass it as the name of the Hybrid Worker. To fetch `vmResourceId`, go to the **Properties** tab of the VM on Azure portal. ```azurepowershell New-AzAutomationHybridRunbookWorker -AutomationAccountName "Contoso17" -Name "RunbookWorkerName" -HybridRunbookWorkerGroupName "RunbookWorkerGroupName" -VmResourceId "VmResourceId" -ResourceGroupName "ResourceGroup01" |
automation | Automation Tutorial Runbook Textual | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/learn/automation-tutorial-runbook-textual.md | Title: Tutorial - Create a PowerShell Workflow runbook in Azure Automation description: This tutorial teaches you to create, test, and publish a PowerShell Workflow runbook. Previously updated : 10/16/2022 Last updated : 11/21/2022 #Customer intent: As a developer, I want use workflow runbooks so that I can automate the parallel starting of VMs.-> This article is applicable for PowerShell 5.1; PowerShell 7.1 (preview) and PowerShell 7.2 (preview) don't support workflows. +> This article is applicable for PowerShell 5.1; PowerShell 7.1 (preview) and PowerShell 7.2 don't support workflows. In this tutorial, you learn how to: If you're not going to continue to use this runbook, delete it with the followin In this tutorial, you created a PowerShell workflow runbook. For a look at Python 3 runbooks, see: > [!div class="nextstepaction"]-> [Tutorial: Create a Python 3 runbook (preview)](automation-tutorial-runbook-textual-python-3.md) +> [Tutorial: Create a Python 3 runbook](automation-tutorial-runbook-textual-python-3.md) |
automation | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/policy-reference.md | Title: Built-in policy definitions for Azure Automation description: Lists Azure Policy built-in policy definitions for Azure Automation. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
automation | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Automation description: Lists Azure Policy Regulatory Compliance controls available for Azure Automation. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
azure-app-configuration | Howto Create Snapshots | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/howto-create-snapshots.md | configurationBuilder.AddAzureAppConfiguration(options => ``` > [!NOTE]-> Snapshot support is available if you use version **7.0.0-preview** or later of any of the following packages. +> Snapshot support is available if you use version **7.0.0** or later of any of the following packages. > - `Microsoft.Extensions.Configuration.AzureAppConfiguration` > - `Microsoft.Azure.AppConfiguration.AspNetCore` > - `Microsoft.Azure.AppConfiguration.Functions.Worker` |
azure-app-configuration | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/policy-reference.md | Title: Built-in policy definitions for Azure App Configuration description: Lists Azure Policy built-in policy definitions for Azure App Configuration. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-app-configuration | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure App Configuration description: Lists Azure Policy Regulatory Compliance controls available for Azure App Configuration. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
azure-arc | Validation Program | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/data/validation-program.md | To see how all Azure Arc-enabled components are validated, see [Validation progr | [PowerStore X](https://www.dell.com/en-us/dt/storage/powerstore-storage-appliance/powerstore-x-series.htm)|1.20.6|1.0.0_2021-07-30|15.0.2148.140 | 12.3 (Ubuntu 12.3-1) | ### Hitachi-|Solution and version | Kubernetes version | Azure Arc-enabled data services version | SQL engine version | PostgreSQL server version +|Solution and version |Kubernetes version |Azure Arc-enabled data services version |SQL engine version |PostgreSQL server version| |--|--|--|--|--|-|Hitachi Virtual Storage Software Block software-defined storage (VSSB) | 1.24.12 | 1.20.0_2023-06-13 | 16.0.5100.7242 | 14.5 (Ubuntu 20.04)| -|Hitachi Virtual Storage Platform (VSP) | 1.24.12 | 1.19.0_2023-05-09 | 16.0.937.6221 | 14.5 (Ubuntu 20.04)| -|[Hitachi UCP with RedHat OpenShift](https://www.hitachivantara.com/en-us/solutions/modernize-digital-core/infrastructure-modernization/hybrid-cloud-infrastructure.html) | 1.23.12 | 1.16.0_2023-02-14 | 16.0.937.6221 | 14.5 (Ubuntu 20.04)| -|[Hitachi UCP with VMware Tanzu](https://www.hitachivantara.com/en-us/solutions/modernize-digital-core/infrastructure-modernization/hybrid-cloud-infrastructure.html) | 1.23.8 | 1.16.0_2023-02-14 | 16.0.937.6221 | 14.5 (Ubuntu 20.04)| --+|Red Hat OCP 4.12.30|1.25.11|1.25.0_2023-11-14|16.0.5100.7246|Not validated| +|Hitachi Virtual Storage Software Block software-defined storage (VSSB)|1.24.12 |1.20.0_2023-06-13 |16.0.5100.7242 |14.5 (Ubuntu 20.04)| +|Hitachi Virtual Storage Platform (VSP) |1.24.12 |1.19.0_2023-05-09 |16.0.937.6221 |14.5 (Ubuntu 20.04)| +|[Hitachi UCP with RedHat OpenShift](https://www.hitachivantara.com/en-us/solutions/modernize-digital-core/infrastructure-modernization/hybrid-cloud-infrastructure.html) |1.23.12 |1.16.0_2023-02-14 |16.0.937.6221 |14.5 (Ubuntu 20.04)| ### HPE |
azure-arc | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/kubernetes/policy-reference.md | Title: Built-in policy definitions for Azure Arc-enabled Kubernetes description: Lists Azure Policy built-in policy definitions for Azure Arc-enabled Kubernetes. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 # |
azure-arc | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/policy-reference.md | Title: Built-in policy definitions for Azure Arc-enabled servers description: Lists Azure Policy built-in policy definitions for Azure Arc-enabled servers (preview). These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-arc | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Arc-enabled servers (preview) description: Lists Azure Policy Regulatory Compliance controls available for Azure Arc-enabled servers (preview). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
azure-arc | Troubleshoot Extended Security Updates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/troubleshoot-extended-security-updates.md | Title: How to troubleshoot delivery of Extended Security Updates for Windows Server 2012 through Azure Arc description: Learn how to troubleshoot delivery of Extended Security Updates for Windows Server 2012 through Azure Arc. Previously updated : 10/24/2023 Last updated : 11/21/2023 If you're unable to successfully link your Azure Arc-enabled server to an activa ## ESU patches issues -If you have issues receiving ESUs after successfully enrolling the server through Arc-enabled servers, or you need additional information related to issues affecting ESU deployment, see [Troubleshoot issues in ESU](/troubleshoot/windows-client/windows-7-eos-faq/troubleshoot-extended-security-updates-issues). +Ensure that both the licensing package and SSU are downloaded for the Azure Arc-enabled server as documented at [KB5031043: Procedure to continue receiving security updates after extended support has ended on October 10, 2023](https://support.microsoft.com/topic/kb5031043-procedure-to-continue-receiving-security-updates-after-extended-support-has-ended-on-october-10-2023-c1a20132-e34c-402d-96ca-1e785ed51d45). Ensure you are following all of the networking prerequisites as recorded at [Prepare to deliver Extended Security Updates for Windows Server 2012](prepare-extended-security-updates.md?tabs=azure-cloud#networking). ++If installing the Extended Security Update enabled by Azure Arc fails with errors such as "ESU: Trying to Check IMDS Again LastError=HRESULT_FROM_WIN32(12029)" or "ESU: Trying to Check IMDS Again LastError=HRESULT_FROM_WIN32(12002)", there is a known remediation approach: ++1. Download this [intermediate CA published by Microsoft](https://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2001%20-%20xsign.crt). +1. Install the downloaded certificate as Local Computer under `Intermediate Certificate Authorities\Certificates`. Use the following command to install the certificate correctly: ++ `certutil -addstore CA 'Microsoft Azure TLS Issuing CA 01 - xsign.crt'` ++1. Install security updates. If it fails, reboot the machine and install security updates again. ++If you're working with Azure Government Cloud, use the following instructions instead of those above: ++1. Download this [intermediate CA published by Microsoft](https://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt). ++1. Install the downloaded certificate as Local Computer under `Intermediate Certificate Authorities\Certificates`. Use the following command to install the certificate correctly: ++ `certutil -addstore CA 'Microsoft Azure TLS Issuing CA 02 - xsign.crt'` ++1. Install security updates. If it fails, reboot the machine and install security updates again. ++If you encounter the error "ESU: not eligible HRESULT_FROM_WIN32(1633)", follow these steps: ++`Remove-Item ΓÇ£$env:ProgramData\AzureConnectedMachineAgent\Certs\license.jsonΓÇ¥ -Force` ++`Restart-Service himds` ++If you have other issues receiving ESUs after successfully enrolling the server through Arc-enabled servers, or you need additional information related to issues affecting ESU deployment, see [Troubleshoot issues in ESU](/troubleshoot/windows-client/windows-7-eos-faq/troubleshoot-extended-security-updates-issues). |
azure-cache-for-redis | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/policy-reference.md | Title: Built-in policy definitions for Azure Cache for Redis description: Lists Azure Policy built-in policy definitions for Azure Cache for Redis. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-cache-for-redis | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Cache for Redis description: Lists Azure Policy Regulatory Compliance controls available for Azure Cache for Redis. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
azure-functions | Deployment Zip Push | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/deployment-zip-push.md | Title: Zip push deployment for Azure Functions description: Use the .zip file deployment facilities of the Kudu deployment service to publish your Azure Functions. -+ Last updated 08/12/2018 |
azure-functions | Dotnet Isolated Process Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/dotnet-isolated-process-guide.md | You'll find these extension packages under [Microsoft.Azure.Functions.Worker.Ext ## Start-up and configuration -When using .NET isolated functions, you have access to the start-up of your function app, which is usually in Program.cs. You're responsible for creating and starting your own host instance. As such, you also have direct access to the configuration pipeline for your app. With .NET Functions isolated worker process, you can much more easily add configurations, inject dependencies, and run your own middleware. +When using .NET isolated functions, you have access to the start-up of your function app, which is usually in `Program.cs`. You're responsible for creating and starting your own host instance. As such, you also have direct access to the configuration pipeline for your app. With .NET Functions isolated worker process, you can much more easily add configurations, inject dependencies, and run your own middleware. The following code shows an example of a [HostBuilder] pipeline: :::code language="csharp" source="~/azure-functions-dotnet-worker/samples/FunctionApp/Program.cs" id="docsnippet_startup"::: -This code requires `using Microsoft.Extensions.DependencyInjection;`. +This code requires `using Microsoft.Extensions.DependencyInjection;`. -A [HostBuilder] is used to build and return a fully initialized [`IHost`][IHost] instance, which you run asynchronously to start your function app. +Before calling `Build()` on the `HostBuilder`, you should: ++- Call either `ConfigureFunctionsWebApplication()` if using [ASP.NET Core integration](#aspnet-core-integration) or `ConfigureFunctionsWorkerDefaults()` otherwise. See [HTTP trigger](#http-trigger) for details on these options. + - If you're writing your application using F#, some trigger and binding extensions require extra configuration here. See the setup documentation for the [Blobs extension][fsharp-blobs], the [Tables extension][fsharp-tables], and the [Cosmos DB extension][fsharp-cosmos] if you plan to use this in your app. +- Configure any services or app configuration your project requires. See [Configuration] for details. + - If you are planning to use Application Insights, you need to call `AddApplicationInsightsTelemetryWorkerService()` and `ConfigureFunctionsApplicationInsights()` in the `ConfigureServices()` delegate. See [Application Insights](#application-insights) for details. ++If your project targets .NET Framework 4.8, you also need to add `FunctionsDebugger.Enable();` before creating the HostBuilder. It should be the first line of your `Main()` method. For more information, see [Debugging when targeting .NET Framework](#debugging-when-targeting-net-framework). ++The [HostBuilder] is used to build and return a fully initialized [`IHost`][IHost] instance, which you run asynchronously to start your function app. :::code language="csharp" source="~/azure-functions-dotnet-worker/samples/FunctionApp/Program.cs" id="docsnippet_host_run"::: -> [!IMPORTANT] -> If your project targets .NET Framework 4.8, you also need to add `FunctionsDebugger.Enable();` before creating the HostBuilder. It should be the first line of your `Main()` method. For more information, see [Debugging when targeting .NET Framework](#debugging-when-targeting-net-framework). +[fsharp-blobs]: ./functions-bindings-storage-blob.md#install-extension +[fsharp-tables]: ./functions-bindings-storage-table.md#install-extension +[fsharp-cosmos]: ./functions-bindings-cosmosdb-v2.md#install-extension ### Configuration The following extension methods on [FunctionContext] make it easier to work with | **`GetHttpRequestDataAsync`** | Gets the `HttpRequestData` instance when called by an HTTP trigger. This method returns an instance of `ValueTask<HttpRequestData?>`, which is useful when you want to read message data, such as request headers and cookies. | | **`GetHttpResponseData`** | Gets the `HttpResponseData` instance when called by an HTTP trigger. | | **`GetInvocationResult`** | Gets an instance of `InvocationResult`, which represents the result of the current function execution. Use the `Value` property to get or set the value as needed. |-| **` GetOutputBindings`** | Gets the output binding entries for the current function execution. Each entry in the result of this method is of type `OutputBindingData`. You can use the `Value` property to get or set the value as needed. | -| **` BindInputAsync`** | Binds an input binding item for the requested `BindingMetadata` instance. For example, you can use this method when you have a function with a `BlobInput` input binding that needs to be accessed or updated by your middleware. | +| **`GetOutputBindings`** | Gets the output binding entries for the current function execution. Each entry in the result of this method is of type `OutputBindingData`. You can use the `Value` property to get or set the value as needed. | +| **`BindInputAsync`** | Binds an input binding item for the requested `BindingMetadata` instance. For example, you can use this method when you have a function with a `BlobInput` input binding that needs to be accessed or updated by your middleware. | The following is an example of a middleware implementation that reads the `HttpRequestData` instance and updates the `HttpResponseData` instance during function execution. This middleware checks for the presence of a specific request header(x-correlationId), and when present uses the header value to stamp a response header. Otherwise, it generates a new GUID value and uses that for stamping the response header. A function can have zero or more input bindings that can pass data to a function ### Output bindings -To write to an output binding, you must apply an output binding attribute to the function method, which defined how to write to the bound service. The value returned by the method is written to the output binding. For example, the following example writes a string value to a message queue named `output-queue` by using an output binding: +To write to an output binding, you must apply an output binding attribute to the function method, which define how to write to the bound service. The value returned by the method is written to the output binding. For example, the following example writes a string value to a message queue named `output-queue` by using an output binding: :::code language="csharp" source="~/azure-functions-dotnet-worker/samples/Extensions/Queue/QueueFunction.cs" id="docsnippet_queue_output_binding" ::: |
azure-functions | Durable Functions Entities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/durable/durable-functions-entities.md | module.exports = df.entity(function(context) { ::: zone-end ::: zone pivot="python"+> [!NOTE] +> Refer to the [Azure Functions Python developer guide](../functions-reference-python.md) for more details about how the V2 model works. + The following code is the `Counter` entity implemented as a durable function written in Python. # [v2](#tab/python-v2) |
azure-functions | Durable Functions Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/durable/durable-functions-overview.md | Durable Functions is designed to work with all Azure Functions programming langu [!INCLUDE [functions-nodejs-model-tabs-description](../../../includes/functions-nodejs-model-tabs-description.md)] ::: zone-end + Like Azure Functions, there are templates to help you develop Durable Functions using [Visual Studio](durable-functions-create-first-csharp.md), [Visual Studio Code](quickstart-js-vscode.md), and the [Azure portal](durable-functions-create-portal.md). ## Application patterns You can use the `context.df` object to invoke other functions by name, pass para ::: zone-end ::: zone pivot="python"- # [Python](#tab/v1-model) ```python |
azure-functions | Functions Bindings Cosmosdb V2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-bindings-cosmosdb-v2.md | This version of the Azure Cosmos DB bindings extension introduces the ability to Add the extension to your project by installing the [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.CosmosDB/), version 4.x. +If you're writing your application using F#, you must also configure this extension as part of the app's [startup configuration](./dotnet-isolated-process-guide.md#start-up-and-configuration). In the call to `ConfigureFunctionsWorkerDefaults()` or `ConfigureFunctionsWebApplication()`, add a delegate that takes an `IFunctionsWorkerApplication` parameter. Then within the body of that delegate, call `ConfigureCosmosDBExtension()` on the object: ++```fsharp +let hostBuilder = new HostBuilder() +hostBuilder.ConfigureFunctionsWorkerDefaults(fun (context: HostBuilderContext) (appBuilder: IFunctionsWorkerApplicationBuilder) -> + appBuilder.ConfigureCosmosDBExtension() |> ignore +) |> ignore +``` + # [Functions 2.x+](#tab/functionsv2/isolated-process) Add the extension to your project by installing the [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.CosmosDB/), version 3.x. |
azure-functions | Functions Bindings Storage Blob | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-bindings-storage-blob.md | Functions 1.x apps automatically have a reference the [Microsoft.Azure.WebJobs]( This version allows you to bind to types from [Azure.Storage.Blobs](/dotnet/api/azure.storage.blobs). Learn more about how these new types are different from `WindowsAzure.Storage` and `Microsoft.Azure.Storage` and how to migrate to them from the [Azure.Storage.Blobs Migration Guide](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/AzureStorageNetMigrationV12.md). -Add the extension to your project by installing the [Microsoft.Azure.Functions.Worker.Extensions.Storage.Blobs NuGet package], version 5.x. +Add the extension to your project by installing the [Microsoft.Azure.Functions.Worker.Extensions.Storage.Blobs NuGet package], version 5.x or later. Using the .NET CLI: ```dotnetcli-dotnet add package Microsoft.Azure.Functions.Worker.Extensions.Storage.Blobs --version 5.0.0 +dotnet add package Microsoft.Azure.Functions.Worker.Extensions.Storage.Blobs ``` [!INCLUDE [functions-bindings-storage-extension-v5-isolated-worker-tables-note](../../includes/functions-bindings-storage-extension-v5-isolated-worker-tables-note.md)] +If you're writing your application using F#, you must also configure this extension as part of the app's [startup configuration](./dotnet-isolated-process-guide.md#start-up-and-configuration). In the call to `ConfigureFunctionsWorkerDefaults()` or `ConfigureFunctionsWebApplication()`, add a delegate that takes an `IFunctionsWorkerApplication` parameter. Then within the body of that delegate, call `ConfigureBlobStorageExtension()` on the object: ++```fsharp +let hostBuilder = new HostBuilder() +hostBuilder.ConfigureFunctionsWorkerDefaults(fun (context: HostBuilderContext) (appBuilder: IFunctionsWorkerApplicationBuilder) -> + appBuilder.ConfigureBlobStorageExtension() |> ignore +) |> ignore +``` + # [Functions 2.x and higher](#tab/functionsv2/isolated-process) Add the extension to your project by installing the [Microsoft.Azure.Functions.Worker.Extensions.Storage NuGet package, version 4.x]. |
azure-functions | Functions Bindings Storage Table | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-bindings-storage-table.md | dotnet add package Microsoft.Azure.Functions.Worker.Extensions.Storage --version [!INCLUDE [functions-bindings-storage-extension-v5-isolated-worker-tables-note](../../includes/functions-bindings-storage-extension-v5-isolated-worker-tables-note.md)] +If you're writing your application using F#, you must also configure this extension as part of the app's [startup configuration](./dotnet-isolated-process-guide.md#start-up-and-configuration). In the call to `ConfigureFunctionsWorkerDefaults()` or `ConfigureFunctionsWebApplication()`, add a delegate that takes an `IFunctionsWorkerApplication` parameter. Then within the body of that delegate, call `ConfigureTablesExtension()` on the object: ++```fsharp +let hostBuilder = new HostBuilder() +hostBuilder.ConfigureFunctionsWorkerDefaults(fun (context: HostBuilderContext) (appBuilder: IFunctionsWorkerApplicationBuilder) -> + appBuilder.ConfigureTablesExtension() |> ignore +) |> ignore +``` + # [Combined Azure Storage extension](#tab/storage-extension/isolated-process) Tables are included in a combined package for Azure Storage. Install the [Microsoft.Azure.Functions.Worker.Extensions.Storage NuGet package](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.Storage/4.0.4), version 4.x. |
azure-functions | Functions Container Apps Hosting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-container-apps-hosting.md | This integration also means that you can use existing Functions client tools and ## Deploying Azure Functions to Container Apps -In the current preview, you must deploy your functions code in a Linux container that you create. Functions maintains a set of [lanuage-specific base images](https://mcr.microsoft.com/catalog?search=functions) that you can use to generate your containerized function apps. When you create a Functions project using [Azure Functions Core Tools](./functions-run-local.md) and include the [`--docker` option](./functions-core-tools-reference.md#func-init), Core Tools also generates a Dockerfile that you can use to create your container from the correct base image. +In the current preview, you must deploy your functions code in a Linux container that you create. Functions maintains a set of [language-specific base images](https://mcr.microsoft.com/catalog?search=functions) that you can use to generate your containerized function apps. When you create a Functions project using [Azure Functions Core Tools](./functions-run-local.md) and include the [`--docker` option](./functions-core-tools-reference.md#func-init), Core Tools also generates a Dockerfile that you can use to create your container from the correct base image. Azure Functions currently supports the following methods of deployment to Azure Container Apps: |
azure-functions | Functions Scenarios | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-scenarios.md | public static async Task Run( ::: zone pivot="programming-language-java" + [Azure Functions Kafka trigger Java Sample](https://github.com/azure/azure-functions-kafka-extension/tree/main/samples/WalletProcessing_KafkademoSample)-+ [Event Hubs trigger examples](https://github.com/azure-samples/azure-functions-samples-java/blob/master/src/main/java/com/functions/EventHubTriggerFunction.java) -+ [Kafka triggered function examples](https://github.com/azure-samples/azure-functions-samples-java/blob/master/src/main/java/com/functions/KafkaTriggerFunction.java) + [Azure Event Hubs trigger for Azure Functions](functions-bindings-event-hubs-trigger.md?pivots=programming-language-java) + [Apache Kafka trigger for Azure Functions](functions-bindings-kafka-trigger.md?pivots=programming-language-java) ::: zone-end |
azure-government | Documentation Government Csp List | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-csp-list.md | Below you can find a list of all the authorized Cloud Solution Providers (CSPs), |[CACI Inc - Federal](https://www.caci.com/)| |[Caloudi Corporation](https://www.caloudi.com/)| |[Cambria Solutions, Inc.](https://www.cambriasolutions.com/)|-|[Capgemini Government Solutions LLC](https://www.capgemini.com/us-en/service/capgemini-government-solutions/)| |[CAPSYS Technologies, LLC](https://www.capsystech.com/)| |[Casserly Consulting](https://www.casserlyconsulting.com)| |[Carahsoft Technology Corporation](https://www.carahsoft.com/)| Below you can find a list of all the authorized Cloud Solution Providers (CSPs), |[Cyber Advisors](https://cyberadvisors.com)| |[Cyber Cloud Technologies](https://www.cyber-cloud.com)| |[Cyber Korp Inc.](https://cyberkorp.com/)|-|[Cybercore Solutions LLC](https://cybercoresolutions.com/)| |[Dalecheck Technology Group](https://www.dalechek.com/)| |[Dasher Technologies, Inc.](https://www.dasher.com)| |[Data Center Services Inc](https://www.d8acenter.com)| Below you can find a list of all the authorized Cloud Solution Providers (CSPs), |[MetroStar Systems Inc.](https://www.metrostarsystems.com)| |[Mibura Inc.](https://www.mibura.com/)| |[Microtechnologies, LLC](https://www.microtech.net/)|-|[Miken Technologies](https://www.miken.net)| |[mindSHIFT Technologies, Inc.](https://www.mindshift.com/)| |[MIS Sciences Corp](https://www.mis-sciences.com/)| |[Mission Cyber LLC](https://missioncyber.com/b/)| Below you can find a list of all the authorized Cloud Solution Providers (CSPs), |[Redhorse Corporation](https://www.redhorsecorp.com)| |[Regan Technologies Corporation](http://www.regantech.com/)| |Remote Support Solutions Corp DBA RemoteWorks|-|[Resource Metrix](https://www.rmtrx.com)| |[Revenue Solutions, Inc](https://www.revenuesolutionsinc.com)| |[Ridge IT](https://www.ridgeit.com/)| |[RMON Networks Inc.](https://rmonnetworks.com/)| Below you can find a list of all the authorized Cloud Solution Providers (CSPs), |[TSAChoice Inc.](https://www.tsachoice.com)| |[Turnkey Technologies, Inc.](https://www.turnkeytec.com)| |[Tyto Athene LLC](https://gotyto.com/)|-|[U2Cloud LLC](https://www.u2cloud.com)| |[UDRI - SSG](https://udayton.edu/)| |[Unisys Corp / Blue Bell](https://www.unisys.com)| |[United Data Technologies, Inc.](https://udtonline.com)| Below you can find a list of all the authorized Cloud Solution Providers (CSPs), |[Vology Inc.](https://www.vology.com/)| |[vSolvIT](https://www.vsolvit.com/)| |[Warren Averett Technology Group](https://warrenaverett.com/warren-averett-technology-group/)|-|[Wintellect, LLC](https://www.wintellect.com)| |[Wintellisys, Inc.](https://wintellisys.com)| |[Withum](https://www.withum.com/service/cyber-information-security-services/)| |[Workspot, Inc.](https://workspot.com)| |[WorkMagic LLC](https://www.workmagic.com)| |[Wovenware US, Inc.](https://www.wovenware.com)| |[WCC Global](https://wwcglobal.com)|-|[WWT](https://www2.wwt.com)| |[Xantrion Incorporated](https://www.xantrion.com)| |[X-Centric IT Solutions, LLC](https://www.x-centric.com/)| |[XentIT, llc](https://xentit.com)| |
azure-linux | Quickstart Azure Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-linux/quickstart-azure-powershell.md | + + Title: 'Quickstart: Deploy an Azure Linux Container Host for an AKS cluster using Azure PowerShell' +description: Learn how to quickly create an Azure Linux Container Host for an AKS cluster using Azure PowerShell. ++++ Last updated : 11/20/2023+++# Quickstart: Deploy an Azure Linux Container Host for an AKS cluster using Azure PowerShell ++Get started with the Azure Linux Container Host by using Azure PowerShell to deploy an Azure Linux Container Host for an AKS cluster. After installing the prerequisites, you create a resource group, create an AKS cluster, connect to the cluster, and run a sample multi-container application in the cluster. ++## Prerequisites ++- [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)] +- Use the PowerShell environment in [Azure Cloud Shell](/azure/cloud-shell/overview). For more information, see [Azure Cloud Shell Quickstart](/azure/cloud-shell/quickstart). + [![Screenshot of Launch Cloud Shell in a new window button.](./media/hdi-launch-cloud-shell.png)](https://shell.azure.com) +- If you're running PowerShell locally, install the `Az PowerShell` module and connect to your Azure account using the [`Connect-AzAccount`](/powershell/module/az.accounts/Connect-AzAccount) cmdlet. For more information about installing the Az PowerShell module, see [Install Azure PowerShell][install-azure-powershell]. +- The identity you use to create your cluster has the appropriate minimum permissions. For more details on access and identity for AKS, see [Access and identity options for Azure Kubernetes Service (AKS)](../aks/concepts-identity.md). ++## Create a resource group ++An [Azure resource group][azure-resource-group] is a logical group in which Azure resources are deployed and managed. When creating a resource group, you need to specify a location. This location is the storage location of your resource group metadata and where your resources run in Azure if you don't specify another region during resource creation. ++The following example creates resource group named *testAzureLinuxResourceGroup* in the *eastus* region. ++- Create a resource group using the [`New-AzResourceGroup`][new-azresourcegroup] cmdlet. ++ ```azurepowershell-interactive + New-AzResourceGroup -Name testAzureLinuxResourceGroup -Location eastus + ``` ++ The following example output resembles successful creation of the resource group: ++ ```output + ResourceGroupName : testAzureLinuxResourceGroup + Location : eastus + ProvisioningState : Succeeded + Tags : + ResourceId : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testAzureLinuxResourceGroup + ``` ++ > [!NOTE] + > The above example uses *eastus*, but Azure Linux Container Host clusters are available in all regions. ++## Create an Azure Linux Container Host cluster ++The following example creates a cluster named *testAzureLinuxCluster* with one node. ++- Create an AKS cluster using the [`New-AzAksCluster`][new-azakscluster] cmdlet with the `-NodeOsSKU` flag set to *AzureLinux*. ++ ```azurepowershell-interactive + New-AzAksCluster -ResourceGroupName testAzureLinuxResourceGroup -Name testAzureLinuxCluster -NodeOsSKU AzureLinux + ``` ++ After a few minutes, the command completes and returns JSON-formatted information about the cluster. ++## Connect to the cluster ++To manage a Kubernetes cluster, use the Kubernetes command-line client, [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/). `kubectl` is already installed if you use Azure Cloud Shell. ++1. Install `kubectl` locally using the `Install-AzAksCliTool` cmdlet. ++ ```azurepowershell-interactive + Install-AzAksCliTool + ``` ++2. Configure `kubectl` to connect to your Kubernetes cluster using the [`Import-AzAksCredential`][import-azakscredential] cmdlet. This command downloads credentials and configures the Kubernetes CLI to use them. ++ ```azurepowershell-interactive + Import-AzAksCredential -ResourceGroupName testAzureLinuxResourceGroup -Name testAzureLinuxCluster + ``` ++3. Verify the connection to your cluster using the [`kubectl get`][kubectl-get] command. This command returns a list of the cluster pods. ++ ```azurepowershell-interactive + kubectl get pods --all-namespaces + ``` ++## Deploy the application ++A [Kubernetes manifest file](../../articles/aks/concepts-clusters-workloads.md#deployments-and-yaml-manifests) defines a cluster's desired state, such as which container images to run. ++In this quickstart, you use a manifest to create all objects needed to run the [Azure Vote application](https://github.com/Azure-Samples/azure-voting-app-redis). This manifest includes two Kubernetes deployments: ++- The sample Azure Vote Python applications. +- A Redis instance. ++This manifest also creates two [Kubernetes Services](../../articles/aks/concepts-network.md#services): ++- An internal service for the Redis instance. +- An external service to access the Azure Vote application from the internet. ++1. Create a file named `azure-vote.yaml` and copy in the following manifest. ++ - If you use the Azure Cloud Shell, you can create the file using `code`, `vi`, or `nano`. ++ ```yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + name: azure-vote-back + spec: + replicas: 1 + selector: + matchLabels: + app: azure-vote-back + template: + metadata: + labels: + app: azure-vote-back + spec: + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: azure-vote-back + image: mcr.microsoft.com/oss/bitnami/redis:6.0.8 + env: + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + ports: + - containerPort: 6379 + name: redis + + apiVersion: v1 + kind: Service + metadata: + name: azure-vote-back + spec: + ports: + - port: 6379 + selector: + app: azure-vote-back + + apiVersion: apps/v1 + kind: Deployment + metadata: + name: azure-vote-front + spec: + replicas: 1 + selector: + matchLabels: + app: azure-vote-front + template: + metadata: + labels: + app: azure-vote-front + spec: + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: azure-vote-front + image: mcr.microsoft.com/azuredocs/azure-vote-front:v1 + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + ports: + - containerPort: 80 + env: + - name: REDIS + value: "azure-vote-back" + + apiVersion: v1 + kind: Service + metadata: + name: azure-vote-front + spec: + type: LoadBalancer + ports: + - port: 80 + selector: + app: azure-vote-front + ``` ++ For a breakdown of YAML manifest files, see [Deployments and YAML manifests](../../articles/aks/concepts-clusters-workloads.md#deployments-and-yaml-manifests). ++2. Deploy the application using the [`kubectl apply`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply) command and specify the name of your YAML manifest: ++ ```azurepowershell-interactive + kubectl apply -f azure-vote.yaml + ``` ++ The following example resembles output showing the successfully created deployments and ++ ```output + deployment "azure-vote-back" created + service "azure-vote-back" created + deployment "azure-vote-front" created + service "azure-vote-front" created + ``` ++## Test the application ++When the application runs, a Kubernetes service exposes the application frontend to the internet. This process can take a few minutes to complete. ++1. Monitor progress using the [`kubectl get service`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get) command with the `--watch` argument. ++ ```azurepowershell-interactive + kubectl get service azure-vote-front --watch + ``` ++ The **EXTERNAL-IP** output for the `azure-vote-front` service initially shows as *pending*. ++ ```output + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + azure-vote-front LoadBalancer 10.0.37.27 <pending> 80:30572/TCP 6s + ``` ++2. Once the **EXTERNAL-IP** address changes from *pending* to an actual public IP address, use `CTRL-C` to stop the `kubectl` watch process. The following example output shows a valid public IP address assigned to the service: ++ ```output + azure-vote-front LoadBalancer 10.0.37.27 52.179.23.131 80:30572/TCP 2m + ``` ++3. Open a web browser to the external IP address of your service to see the application in action. ++ :::image type="content" source="./media/azure-voting-application.png" alt-text="Screenshot of browsing to Azure Vote sample application."::: ++## Delete the cluster ++If you don't plan on continuing through the following tutorials, remove the created resources to avoid incurring Azure charges. ++- Remove the resource group and all related resources using the [`RemoveAzResourceGroup`][remove-azresourcegroup] cmdlet. ++ ```azurepowershell-interactive + Remove-AzResourceGroup -Name testAzureLinuxResourceGroup + ``` ++## Next steps ++In this quickstart, you deployed an Azure Linux Container Host AKS cluster. To learn more about the Azure Linux Container Host and walk through a complete cluster deployment and management example, continue to the Azure Linux Container Host tutorial. ++> [!div class="nextstepaction"] +> [Azure Linux Container Host tutorial](./tutorial-azure-linux-create-cluster.md) ++<!-- LINKS - internal --> +[install-azure-powershell]: /powershell/azure/install-az-ps +[azure-resource-group]: ../azure-resource-manager/management/overview.md +[new-azresourcegroup]: /powershell/module/az.resources/new-azresourcegroup +[new-azakscluster]: /powershell/module/az.aks/new-azakscluster +[import-azakscredential]: /powershell/module/az.aks/import-azakscredential +[kubectl-get]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get +[remove-azresourcegroup]: /powershell/module/az.resources/remove-azresourcegroup |
azure-maps | Understanding Azure Maps Transactions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/understanding-azure-maps-transactions.md | When you useΓÇ»[Azure Maps Services], the API requests you make generate transac The following table summarizes the Azure Maps services that generate transactions, billable and nonbillable, along with any notable aspects that are helpful to understand in how the number of transactions are calculated. +> [!NOTE] +> +> For Azure Maps pricing information and free offering details, see [Azure Maps Pricing]. + | Azure Maps Service | Billable | Transaction Calculation | Meter | |--|-|-|-| | Data service (Deprecated<sup>1</sup>) | Yes, except for `MapDataStorageService.GetDataStatus` and `MapDataStorageService.GetUserData`, which are nonbillable| One request = 1 transaction| <ul><li>Location Insights Data (Gen2 pricing)</li></ul>| |
azure-monitor | Azure Monitor Agent Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-migration.md | The following features and services now have an Azure Monitor Agent version (som | [Network Watcher](../../network-watcher/network-watcher-monitoring-overview.md) | Migrate to new service called Connection Monitor with Azure Monitor Agent | Generally available | [Monitor network connectivity using Azure Monitor agent with connection monitor](../../network-watcher/azure-monitor-agent-with-connection-monitor.md) | | Azure Stack HCI Insights | Migrate to Azure Monitor Agent | Generally available| [Monitor Azure Stack HCI with Insights](/azure-stack/hci/manage/monitor-hci-single) | | [Azure Virtual Desktop (AVD) Insights](../../virtual-desktop/insights.md) | Migrate to Azure Monitor Agent |Generally available | [Use Azure Virtual Desktop Insights to monitor your deployment](../../virtual-desktop/insights.md#session-host-data-settings) |+| [Container Monitoring Solution](../containers/containers.md) | Migrate to new service called Container Insights with Azure Monitor Agent | Generally Available | [Enable Container Insights](../containers/container-insights-transition-solution.md) | > [!NOTE] > Features and services listed above in preview **may not be available in Azure Government and China clouds**. They will be available typically within a month *after* the features/services become generally available. |
azure-monitor | Alerts Create New Alert Rule | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-create-new-alert-rule.md | To edit an existing alert rule: 1. On the **Actions** tab, select or create the required [action groups](./action-groups.md). + :::image type="content" source="media/alerts-create-new-alert-rule/alerts-rule-actions-tab.png" alt-text="Screenshot that shows the Actions tab when creating a new alert rule."::: + ### Set the alert rule details 1. On the **Details** tab, define the **Project details**. To edit an existing alert rule: |Field |Description | ||| |Enable upon creation| Select for the alert rule to start running as soon as you're done creating it.|- |Automatically resolve alerts (preview) |Select to make the alert stateful. When an alert is stateful, the alert is resolved when the condition is no longer met.<br> If you don't select this checkbox, metric alerts are stateless. Stateless alerts fire each time the condition is met, even if alert already fired.<br> The frequency of notifications for stateless metric alerts differs based on the alert rule's configured frequency:<br>**Alert frequency of less than 5 minutes**: While the condition continues to be met, a notification is sent somewhere between one and six minutes.<br>**Alert frequency of more than 5 minutes**: While the condition continues to be met, a notification is sent between the configured frequency and double the value of the frequency. For example, for an alert rule with a frequency of 15 minutes, a notification is sent somewhere between 15 to 30 minutes.| + |Automatically resolve alerts (preview) |Select to make the alert stateful. When an alert is stateful, the alert is resolved when the condition is no longer met.<br> If you don't select this checkbox, metric alerts are stateless. Stateless alerts fire each time the condition is met, even if alert already fired.<br> The frequency of notifications for stateless metric alerts differs based on the alert rule's configured frequency:<br>**Alert frequency of less than 5 minutes**: While the condition continues to be met, a notification is sent somewhere between one and six minutes.<br>**Alert frequency of more than 5 minutes**: While the condition continues to be met, a notification is sent between the configured frequency and doubles the value of the frequency. For example, for an alert rule with a frequency of 15 minutes, a notification is sent somewhere between 15 to 30 minutes.| #### [Log alert](#tab/log) To edit an existing alert rule: The identity associated with the rule must have these roles: - If the query is accessing a Log Analytics workspace, the identity must be assigned a **Reader role** for all workspaces accessed by the query. If you're creating resource-centric log alerts, the alert rule may access multiple workspaces, and the identity must have a reader role on all of them.- - If the you are querying an ADX or ARG cluster you must add **Reader role** for all data sources accessed by the query. For example, if the query is resource centric, it needs a reader role on that resources. + - If you are querying an ADX or ARG cluster you must add **Reader role** for all data sources accessed by the query. For example, if the query is resource centric, it needs a reader role on that resources. - If the query is [accessing a remote Azure Data Explorer cluster](../logs/azure-monitor-data-explorer-proxy.md), the identity must be assigned: - **Reader role** for all data sources accessed by the query. For example, if the query is calling a remote Azure Data Explorer cluster using the adx() function, it needs a reader role on that ADX cluster. - **Database viewer** for all databases the query is accessing. To edit an existing alert rule: 1. Select **Enable upon creation** for the alert rule to start running as soon as you're done creating it. -1. <a name="custom-props"></a>(Optional) In the **Custom properties**, if you've configured action groups for this alert rule, you can add your own properties to include in the alert notification payload. You can use these properties in the actions called by the action group, such as webhook, Azure function or logic app actions. +1. <a name="custom-props"></a>(Optional) In the **Custom properties** section, if you've configured action groups for this alert rule, you can add your own properties to include in the alert notification payload. You can use these properties in the actions called by the action group, such as webhook, Azure function or logic app actions. The custom properties are specified as key:value pairs, using either static text, a dynamic value extracted from the alert payload, or a combination of both. To edit an existing alert rule: Use the [common alert schema](alerts-common-schema.md) format to specify the field in the payload, whether or not the action groups configured for the alert rule use the common schema. - :::image type="content" source="media/alerts-create-new-alert-rule/alerts-rule-actions-tab.png" alt-text="Screenshot that shows the Actions tab when creating a new alert rule."::: + :::image type="content" source="media/alerts-create-new-alert-rule/alerts-rule-custom-props.png" alt-text="Screenshot that shows the custom properties section of creating a new alert rule."::: In the following examples, values in the **custom properties** are used to utilize data from a payload that uses the common alert schema: |
azure-monitor | Asp Net Core | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/asp-net-core.md | |
azure-monitor | Asp Net Dependencies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/asp-net-dependencies.md | |
azure-monitor | Asp Net Trace Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/asp-net-trace-logs.md | For each source, you can set the following parameters: ## Use DiagnosticSource events -You can configure [System.Diagnostics.DiagnosticSource](https://github.com/dotnet/corefx/blob/master/src/System.Diagnostics.DiagnosticSource/src/DiagnosticSourceUsersGuide.md) events to be sent to Application Insights as traces. First, install the [`Microsoft.ApplicationInsights.DiagnosticSourceListener`](https://www.nuget.org/packages/Microsoft.ApplicationInsights.DiagnosticSourceListener) NuGet package. Then edit the "TelemetryModules" section of the [ApplicationInsights.config](./configuration-with-applicationinsights-config.md) file. +You can configure [System.Diagnostics.DiagnosticSource](https://github.com/dotnet/runtime/blob/main/src/libraries/System.Diagnostics.DiagnosticSource/src/DiagnosticSourceUsersGuide.md) events to be sent to Application Insights as traces. First, install the [`Microsoft.ApplicationInsights.DiagnosticSourceListener`](https://www.nuget.org/packages/Microsoft.ApplicationInsights.DiagnosticSourceListener) NuGet package. Then edit the "TelemetryModules" section of the [ApplicationInsights.config](./configuration-with-applicationinsights-config.md) file. ```xml <Add Type="Microsoft.ApplicationInsights.DiagnosticSourceListener.DiagnosticSourceTelemetryModule, Microsoft.ApplicationInsights.DiagnosticSourceListener"> |
azure-monitor | Asp Net | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/asp-net.md | -> [!NOTE] -> An [OpenTelemetry-based .NET offering](opentelemetry-enable.md?tabs=net) is available. [Learn more](opentelemetry-overview.md). [!INCLUDE [azure-monitor-log-analytics-rebrand](../../../includes/azure-monitor-instrumentation-key-deprecation.md)] |
azure-monitor | Availability Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/availability-overview.md | You can create up to 100 availability tests per Application Insights resource. ## Troubleshooting +> [!WARNING] +> We have recently enabled TLS 1.3 in Availability Tests. If you are seeing new error messages as a result, please ensure that clients running on Windows Server 2022 with TLS 1.3 enabled can connect to your endpoint. If you are unable to do this, you may consider temporarily disabling TLS 1.3 on your endpoint so that Availability Tests will fall back to older TLS versions. +> For additional information, please check the [troubleshooting article](/troubleshoot/azure/azure-monitor/app-insights/troubleshoot-availability). See the dedicated [troubleshooting article](/troubleshoot/azure/azure-monitor/app-insights/troubleshoot-availability). ## Frequently asked questions |
azure-monitor | Configuration With Applicationinsights Config | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/configuration-with-applicationinsights-config.md | |
azure-monitor | Custom Operations Tracking | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/custom-operations-tracking.md | This article provides guidance on how to track custom operations with the Applic - Application Insights for web applications (running ASP.NET) version 2.4+. - Application Insights for ASP.NET Core version 2.1+. + ## Overview An operation is a logical piece of work run by an application. It has a name, start time, duration, result, and a context of execution like user name, properties, and result. If operation A was initiated by operation B, then operation B is set as a parent for A. An operation can have only one parent, but it can have many child operations. For more information on operations and telemetry correlation, see [Application Insights telemetry correlation](distributed-tracing-telemetry-correlation.md). |
azure-monitor | Eventcounters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/eventcounters.md | |
azure-monitor | Get Metric | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/get-metric.md | |
azure-monitor | Ilogger | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/ilogger.md | |
azure-monitor | Java Standalone Config | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/java-standalone-config.md | This article shows you how to configure Azure Monitor Application Insights for J ## Connection string and role name +Connection string and role name are the most common settings you need to get started: ++```json +{ + "connectionString": "...", + "role": { + "name": "my cloud role name" + } +} +``` +Connection string is required. Role name is important anytime you're sending data from different applications to the same Application Insights resource. More information and configuration options are provided in the following sections. You can specify your own configuration file path by using one of these two optio * `APPLICATIONINSIGHTS_CONFIGURATION_FILE` environment variable * `applicationinsights.configuration.file` Java system property -If you specify a relative path, it's resolved relative to the directory where `applicationinsights-agent-3.4.18.jar` is located. +If you specify a relative path, it resolves relative to the directory where `applicationinsights-agent-3.4.18.jar` is located. Alternatively, instead of using a configuration file, you can specify the entire _content_ of the JSON configuration via the environment variable `APPLICATIONINSIGHTS_CONFIGURATION_CONTENT`. Or you can set the connection string by using the Java system property `applicat You can also set the connection string by specifying a file to load the connection string from. -If you specify a relative path, it's resolved relative to the directory where `applicationinsights-agent-3.4.18.jar` is located. +If you specify a relative path, it resolves relative to the directory where `applicationinsights-agent-3.4.18.jar` is located. ```json { Sampling is based on request, which means that if a request is captured (sampled Sampling is also based on trace ID to help ensure consistent sampling decisions across different services. -Sampling only applies to logs inside of a request. Logs which are not inside of a request (e.g. startup logs) are always collected by default. +Sampling only applies to logs inside of a request. Logs that aren't inside of a request (for example, startup logs) are always collected by default. If you want to sample those logs, you can use [Sampling overrides](./java-standalone-sampling-overrides.md). ### Rate-limited sampling Starting from 3.4.0, rate-limited sampling is available and is now the default. -If no sampling has been configured, the default is now rate-limited sampling configured to capture at most +If no sampling is configured, the default is now rate-limited sampling configured to capture at most (approximately) five requests per second, along with all the dependencies and logs on those requests. This configuration replaces the prior default, which was to capture all requests. If you still want to capture all requests, use [fixed-percentage sampling](#fixed-percentage-sampling) and set the sampling percentage to 100. If you want to collect some other JMX metrics: In the preceding configuration example: * `name` is the metric name that is assigned to this JMX metric (can be anything).-* `objectName` is the [Object Name](https://docs.oracle.com/javase/8/docs/api/javax/management/ObjectName.html) of the JMX MBean that you want to collect. -* `attribute` is the attribute name inside of the JMX MBean that you want to collect. +* `objectName` is the [Object Name](https://docs.oracle.com/javase/8/docs/api/javax/management/ObjectName.html) of the `JMX MBean` that you want to collect. +* `attribute` is the attribute name inside of the `JMX MBean` that you want to collect. Numeric and Boolean JMX metric values are supported. Boolean JMX metrics are mapped to `0` for false and `1` for true. You can use `${...}` to read the value from the specified environment variable a ## Inherited attribute (preview) -Starting from version 3.2.0, if you want to set a custom dimension programmatically on your request telemetry -and have it inherited by dependency and log telemetry, which are captured in the context of that request: +Starting with version 3.2.0, you can set a custom dimension programmatically on your request telemetry. It ensures inheritance by dependency and log telemetry. All are captured in the context of that request. ```json { For example, when your java application returns a response like: </html> ``` -Then it will be automatically modified to return: +It automatically modifies to return: + ```html <!DOCTYPE html> <html lang="en"> Log4j, Logback, JBoss Logging, and java.util.logging are autoinstrumented. Loggi Logging is only captured if it: -* Meets the level that's configured for the logging framework. -* Also meets the level that's configured for Application Insights. +* Meets the configured level for the logging framework. +* Also meets the configured level for Application Insights. For example, if your logging framework is configured to log `WARN` (and aforementioned) from the package `com.example`, and Application Insights is configured to capture `INFO` (and aforementioned), Application Insights only captures `WARN` (and more severe) from the package `com.example`. |
azure-monitor | Migrate From Instrumentation Keys To Connection Strings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/migrate-from-instrumentation-keys-to-connection-strings.md | This article walks through migrating from instrumentation keys to [connection st 1. Configure the Application Insights SDK by following [How to set connection strings](sdk-connection-string.md#set-a-connection-string). > [!IMPORTANT]-> Don't use both a connection string and an instrumentation key. The latter one set supersedes the other, and could result in telemetry not appearing on the portal. [missing data](#missing-data). +> Don't use both a connection string and an instrumentation key. The latter one set supersedes the other, and could result in telemetry not appearing on the portal. See [missing data](#missing-data). ## Migration at scale |
azure-monitor | Nodejs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/nodejs.md | All events related to an incoming HTTP request are correlated for faster trouble You can use the TelemetryClient API to manually instrument and monitor more aspects of your app and system. We describe the TelemetryClient API in more detail later in this article. -> [!NOTE] -> An [OpenTelemetry-based Node.js offering](opentelemetry-enable.md?tabs=nodejs) is available. [Learn more](opentelemetry-overview.md). ## Get started |
azure-monitor | Opentelemetry Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/opentelemetry-configuration.md | Use one of the following two ways to configure the connection string: ### [Java](#tab/java) +To set the connection string, see [Connection string](java-standalone-config.md#connection-string). ### [Node.js](#tab/nodejs) |
azure-monitor | Performance Counters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/performance-counters.md | Windows provides a variety of [performance counters](/windows/desktop/perfctrs/a Performance counters collection is supported if your application is running under IIS on an on-premises host or is a virtual machine to which you have administrative access. Although applications running as Azure Web Apps don't have direct access to performance counters, a subset of available counters is collected by Application Insights. + ## Prerequisites Grant the app pool service account permission to monitor performance counters by adding it to the [Performance Monitor Users](/windows/security/identity-protection/access-control/active-directory-security-groups#bkmk-perfmonitorusers) group. |
azure-monitor | Pre Aggregated Metrics Log Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/pre-aggregated-metrics-log-metrics.md | |
azure-monitor | Sdk Connection String | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/sdk-connection-string.md | Key-value pairs provide an easy way for users to define a prefix suffix combinat [!INCLUDE [azure-monitor-log-analytics-rebrand](../../../includes/azure-monitor-instrumentation-key-deprecation.md)] - - ## Scenario overview Scenarios most affected by this change: For more information, see [Regions that require endpoint modification](./create- #### Is the connection string a secret? -The connection string contains an ikey, which is a unique identifier used by the ingestion service to associate telemetry to a specific Application Insights resource. It's not considered a security token or key. If you want to protect your AI resource from misuse, the ingestion endpoint provides authenticated telemetry ingestion options based on Microsoft Entra ID. +The connection string contains an ikey, which is a unique identifier used by the ingestion service to associate telemetry to a specific Application Insights resource. These ikey unique identifiers aren't security tokens or security keys. If you want to protect your AI resource from misuse, the ingestion endpoint provides authenticated telemetry ingestion options based on [Microsoft Entra ID](azure-ad-authentication.md#microsoft-entra-authentication-for-application-insights). > [!NOTE]-> The Application Insights JavaScript SDK requires the connection string to be passed in during initialization and configuration. It's viewable in plain text in client browsers. There's no easy way to use the Microsoft Entra ID-based authentication for browser telemetry. We recommend that you consider creating a separate Application Insights resource for browser telemetry if you need to secure the service telemetry. +> The Application Insights JavaScript SDK requires the connection string to be passed in during initialization and configuration. It's viewable in plain text in client browsers. There's no easy way to use the [Microsoft Entra ID-based authentication](azure-ad-authentication.md#microsoft-entra-authentication-for-application-insights) for browser telemetry. We recommend that you consider creating a separate Application Insights resource for browser telemetry if you need to secure the service telemetry. ## Connection string examples |
azure-monitor | Standard Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/standard-metrics.md | |
azure-monitor | Telemetry Channels | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/telemetry-channels.md | |
azure-monitor | Worker Service | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/worker-service.md | |
azure-monitor | Container Insights Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-authentication.md | Title: Configure agent authentication for the Container Insights agent description: This article describes how to configure authentication for the containerized agent used by Container insights. + Last updated 10/18/2023 |
azure-monitor | Container Insights Enable Aks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-enable-aks.md | Title: Enable Container insights for Azure Kubernetes Service (AKS) cluster description: Learn how to enable Container insights on an Azure Kubernetes Service (AKS) cluster. Last updated 11/14/2023-+ The command will return JSON-formatted information about the solution. The `addo * If you experience issues while you attempt to onboard the solution, review the [Troubleshooting guide](container-insights-troubleshoot.md). * With monitoring enabled to collect health and resource utilization of your AKS cluster and workloads running on them, learn [how to use](container-insights-analyze.md) Container insights.- |
azure-monitor | Prometheus Remote Write | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/prometheus-remote-write.md | Use the following command to view your container log. Remote write data is flowi ```azurecli kubectl logs <Prometheus-Pod-Name> <Azure-Monitor-Side-Car-Container-Name>-# example: kubectl logs prometheus-prometheus-kube-prometheus-prometheus-0 prom-remotewrite +# example: kubectl logs prometheus-prometheus-kube-prometheus-prometheus-0 prom-remotewrite --namespace <namespace> ``` The output from this command should look similar to the following: |
azure-monitor | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/policy-reference.md | Title: Built-in policy definitions for Azure Monitor description: Lists Azure Policy built-in policy definitions for Azure Monitor. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-monitor | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Monitor description: Lists Azure Policy Regulatory Compliance controls available for Azure Monitor. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
azure-monitor | Workbooks Graph Visualizations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/visualize/workbooks-graph-visualizations.md | The following graph shows data flowing in and out of a computer via various port <!-- convertborder later --> :::image type="content" source="./media/workbooks-graph-visualizations/graph.png" lightbox="./media/workbooks-graph-visualizations/graph.png" alt-text="Screenshot that shows a tile summary view." border="false"::: -Watch this video to learn how to create graphs and use links in Azure Workbooks. -> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE5ah5O] - ## Add a graph 1. Switch the workbook to edit mode by selecting **Edit**. |
azure-monitor | Workbooks Honey Comb | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/visualize/workbooks-honey-comb.md | The following image shows the CPU utilization of virtual machines across two sub <!-- convertborder later --> :::image type="content" source=".\media\workbooks-honey-comb\cpu-example.png" lightbox=".\media\workbooks-honey-comb\cpu-example.png" alt-text="Screenshot that shows the CPU utilization of virtual machines across two subscriptions." border="false"::: +Watch this video to learn how to build a hive cluster. ++> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE5ah5O] + ## Add a honeycomb 1. Switch the workbook to edit mode by selecting **Edit**. |
azure-monitor | Workbooks Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/visualize/workbooks-overview.md | Watch this video to see how you can use Azure Workbooks to get insights and visu ## The gallery -The gallery lists all the saved workbooks and templates for your workspace. You can easily organize, sort, and manage workbooks of all types. +The gallery lists all the saved workbooks and templates in your current environment. Select **Browse across galleries** to see the workbooks for all your resources. :::image type="content" source="media/workbooks-overview/workbooks-gallery.png" alt-text="Screenshot that shows the Workbooks gallery."::: For custom roles, you must add `microsoft.insights/workbooks/write` to the user' ## Next steps -[Get started with Azure Workbooks](workbooks-getting-started.md) +[Get started with Azure Workbooks](workbooks-getting-started.md) |
azure-netapp-files | Azure Government | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-government.md | All [Azure NetApp Files features](whats-new.md) available on Azure public cloud | Azure NetApp Files backup | Public preview | No | | Azure NetApp Files large volumes | Public preview | No | | Edit network features for existing volumes | Public preview | No |-| Standard network features | Generally available (GA) | Public preview [(in select regions)](azure-netapp-files-network-topologies.md#supported-regions) | | Standard storage with cool access in Azure NetApp Files | Public preview | No | ## Portal access |
azure-netapp-files | Azure Netapp Files Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-metrics.md | Azure NetApp Files metrics are natively integrated into Azure monitor. From with This size includes logical space used by active file systems and snapshots. - *Volume Snapshot Size* The size of all snapshots in a volume. +- *Throughput limit reached* + + Throughput limit reached is a boolean metric that denotes the volume is hitting its QoS limits. The value 1 means that the volume has reached its maximum throughput, and throughput for this volume will be throttled. The value 0 means this limit has not yet been reached. + + If the volume is hitting the throughput limit, it's not sized appropriately for the application's demands. To resolve throughput issues: ++ - Resize the volume: ++ Increase the volume size to allocate more throughput to the volume so it's not throttled. + - Modify the service level: + + The Premium and Ultra service levels in Azure NetApp Files cater to workloads with higher throughput requirements. [Moving the volume to a capacity pool in a higher service level](dynamic-change-volume-service-level.md) automatically increases these limits for the volume. + - Change the workloads/application: ++ Consider repurposing the volume and delegating a different volume with a larger size and/or in a higher service level to meet your application requirements. If it's an NFS volume, consider changing mount options to reduce data flow if your application supports those changes. ++ :::image type="content" source="../media/azure-netapp-files/throughput-limit-reached.png" alt-text="Screenshot that shows Azure NetApp Files metrics a line graph demonstrating throughput limit reached." lightbox="../media/azure-netapp-files/throughput-limit-reached.png"::: + ## Performance metrics for volumes |
azure-netapp-files | Azure Netapp Files Network Topologies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-network-topologies.md | Azure NetApp Files volumes are designed to be contained in a special purpose sub * UAE North * UK South * UK West-* US Gov Texas (public preview) -* US Gov Virginia (public preview) +* US Gov Arizona +* US Gov Texas +* US Gov Virginia * West Europe * West US * West US 2 |
azure-netapp-files | Cool Access Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/cool-access-introduction.md | Using Azure NetApp Files standard storage with cool access, you can configure in Most cold data is associated with unstructured data. It can account for more than 50% of the total storage capacity in many storage environments. Infrequently accessed data associated with productivity software, completed projects, and old datasets are an inefficient use of a high-performance storage. -Azure NetApp Files supports three [service levels](azure-netapp-files-service-levels.md) that can be configured at capacity pool level (Standard, Premium and Ultra). Cool access is an additional service only on the Standard service level. +Azure NetApp Files supports three [service levels](azure-netapp-files-service-levels.md) that can be configured at capacity pool level (Standard, Premium and Ultra). Cool access is an additional service only on the Standard service level. Standard storage with cool access is supported only on capacity pools of the **auto** QoS type. You can configure the standard storage with cool access on a volume by specifying the number of days (the coolness period, ranging from 7 to 183 days) for inactive data to be considered "cool". When the data has remained inactive for the specified coolness period, the tiering process begins, and the data is moved to the cool tier (the Azure storage account). This move to the cool tier can take a few days. For example, if you specify 31 days as the coolness period, then 31 days after a data block is last accessed (read or write), it's qualified for movement to the cool tier. When you create volumes in the capacity pool and start tiering data to the cool * Assume that you create four volumes with 1 TiB each. Each volume has 0.25 TiB of the volume capacity on the hot tier, and 0.75 TiB of the volume capacity in the cool tier. The billing calculation is as follows: - * 1 TiB capacity at the hot tier rate - * 3 TiB capacity at the cool tier rate + * 1-TiB capacity at the hot tier rate + * 3-TiB capacity at the cool tier rate * Network transfer between the hot tier and the cool tier at the rate determined by the markup on top of the transaction cost (`GET`, `PUT`) on blob storage and private link transfer in either direction between the hot tiers. * Assume that you create two volumes with 1 TiB each. Each volume has 0.25 TiB of the volume capacity on the hot tier, and 0.75 TiB of the volume capacity in the cool tier. The billing calculation is as follows: - * 0.5 TiB capacity at the hot tier rate + * 0.5-TiB capacity at the hot tier rate * 2 TiB of unallocated capacity at the hot tier rate - * 1.5 TiB capacity at the cool tier rate + * 1.5-TiB capacity at the cool tier rate * Network transfer between the hot tier and the cool tier at the rate determined by the markup on top of the transaction cost (`GET`, `PUT`) on blob storage and private link transfer in either direction between the hot tiers. * Assume that you create one volume with 1 TiB. The volume has 0.25 TiB of the volume capacity on the hot tier, 0.75 of the volume capacity in the cool tier. The billing calculation is as follows: - * 0.25 TiB capacity at the hot tier rate - * 0.75 TiB capacity at the cool tier rate + * 0.25-TiB capacity at the hot tier rate + * 0.75-TiB capacity at the cool tier rate * Network transfer between the hot tier and the cool tier at the rate determined by the markup on top of the transaction cost (`GET`, `PUT`) on blob storage and private link transfer in either direction between the hot tiers. ### Examples of cost calculations with varying coolness periods Your storage cost for the *first month* would be: | Cost | Description | Calculation | |||| | Unallocated storage cost for Day 1~30 (30 days) | 1 TiB of unallocated storage | `1 TiB x 1024 x 30 days x 730/30 hrs. x $0.000202/GiB/hr. = $151.00` |-| Storage cost for Day 1~7 (7 days) | 4 TiB of active data (hot tier) | `4 TiB x 1024 x 7 days x 730/30 hrs. x $0.000202/GiB/hr. = $140.93` | +| Storage cost for Day 1~7 (seven days) | 4 TiB of active data (hot tier) | `4 TiB x 1024 x 7 days x 730/30 hrs. x $0.000202/GiB/hr. = $140.93` | | Storage cost for Day 8~30 (23 days) | 1 TiB of active data (hot tier) <br><br> 3 TiB of inactive data (cool tier) | `1 TiB x 1024 x 23 days x 730/30 hrs. x $0.000202/GiB/hr. = $115.77` <br><br> `3 TiB x 1024 x 23 days x 730/30 hrs. x $0.000082/GiB/hr. = $140.98` | | Network transfer cost | Moving inactive data to cool tier <br><br> 20% of data read/write from cool tier | `3 TiB x 1024 x $0.020000/GiB = $61.44` <br><br> `3 TiB x 1024 x 20% x $0.020000/GiB = $12.29` | | **First month total** || **`$622.41`** | Your storage cost for the *second month* would be: | Cost | Description | Calculation | |||| | Unallocated storage cost for Day 1~30 (30 days) | 1 TiB of unallocated storage | `1 TiB x 1024 x 30 days x 730/30 hrs. x $0.000202/GiB/hr. = $151.00` |-| Storage cost for Day 1~5 (5 days) | 4 TiB of active data (hot tier) | `4 TiB x 1024 x 5 days x 730/30 hrs. x $0.000202/GiB/hr. = $100.67` | +| Storage cost for Day 1~5 (five days) | 4 TiB of active data (hot tier) | `4 TiB x 1024 x 5 days x 730/30 hrs. x $0.000202/GiB/hr. = $100.67` | | Storage cost for Day 6~30 (25 days) | 1 TiB of active data (hot tier) <br><br> 3 TiB of inactive data (cool tier) | `1 TiB x 1024 x 25 days x 730/30 hrs. x $0.000202/GiB/hr. = $125.83` <br><br> `3 TiB x 1024 x 25 days x 730/30 hrs. x $0.000082/GiB/hr. = $153.24` | | Network transfer cost | Moving inactive data to cool tier <br><br> 20% of data read/write from cool tier | `3 TiB x 1024 x $0.020000 /GiB = $61.44` <br><br> `3 TiB x 1024 x 20% x $0.020000/GiB = $12.29` | | **Second month total** || **`$604.47`** | Your storage cost for the *third month* would be: | Cost | Description | Calculation | |||| | Unallocated storage cost for Day 1~30 (30 days) | 1 TiB of unallocated storage | `1 TiB x 1024 x 30 days x 730/30 hrs. x $0.000202/GiB/hr. = $151.00` |-| Storage cost for Day 1~3 (3 days) | 4 TiB of active data (hot tier) | `4 TiB x 1024 x 3 days x 730/30 hrs. x $0.000202/GiB/hr. = $60.40` | +| Storage cost for Day 1~3 (three days) | 4 TiB of active data (hot tier) | `4 TiB x 1024 x 3 days x 730/30 hrs. x $0.000202/GiB/hr. = $60.40` | | Storage cost for Day 4~30 (27 days) | 1 TiB of active data (hot tier) <br><br> 3 TiB of inactive data (cool tier) | `1 TiB x 1024 x 27 days x 730/30 hrs. x $0.000202/GiB/hr. = $135.90` <br><br> `3 TiB x 1024 x 27 days x 730/30 hrs. x $0.000082/GiB/hr. = $165.50` | | Network transfer cost | Moving inactive data to cool tier <br><br> 20% of data read/write from cool tier | `3 TiB x 1024 x $0.020000/GiB = $61.44` <br><br> `3 TiB x 1024 x 20% x $0.020000/GiB = $12.29` | | **Third month total** || **`$586.52`** | |
azure-netapp-files | Manage Cool Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/manage-cool-access.md | The standard storage with cool access feature provides options for the ΓÇ£coolne * A cool-access capacity pool can contain both volumes with cool access enabled and volumes with cool access disabled. * After the capacity pool is configured with the option to support cool access volumes, the setting can't be disabled at the _capacity pool_ level. However, you can turn on or turn off the cool access setting at the volume level anytime. Turning off the cool access setting at the _volume_ level stops further tiering of data.ΓÇ» * Standard storage with cool access is supported only on capacity pools of the **auto** QoS type. + * An auto QoS capacity pool enabled for standard storage with cool access cannot be converted to a capacity pool using manual QoS. * You can't use large volumes with Standard storage with cool access. * See [Resource limits for Azure NetApp Files](azure-netapp-files-resource-limits.md#resource-limits) for maximum number of volumes supported for cool access per subscription per region.-* Considerations for using cool access with [cross-region replication](cross-region-replication-requirements-considerations.md) (CRR): +* Considerations for using cool access with [cross-region replication](cross-region-replication-requirements-considerations.md) (CRR) and [cross-zone replication](cross-zone-replication-introduction.md): * If the volume is in a CRR relationship as a source volume, you can enable cool access on it only if the [mirror state](cross-region-replication-display-health-status.md#display-replication-status) is `Mirrored`. Enabling cool access on the source volume automatically enables cool access on the destination volume. * If the volume is in a CRR relationship as a destination volume (data protection volume), enabling cool access isn't supported for the volume. * The cool access setting is updated automatically on the destination volume to be the same as the source volume. When you update the cool access setting on the source volume, the same setting is applied at the destination volume. |
azure-netapp-files | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/whats-new.md | Azure NetApp Files is updated regularly. This article provides a summary about t ## November 2023 +* [Standard network features is US Gov regions](azure-netapp-files-network-topologies.md#supported-regions) is now generally available (GA) + + Azure NetApp Files now supports Standard network features for new volumes in US Gov Arizona, US Gov Texas, and US Gov Virginia. Standard network features provide an enhanced virtual networking experience through various features for a seamless and consistent experience with security posture of all their workloads including Azure NetApp Files. + * [Volume user and group quotas](default-individual-user-group-quotas-introduction.md) is now generally available (GA). User and group quotas enable you to stay in control and define how much storage capacity can be used by individual users or groups can use within a specific Azure NetApp Files volume. You can set default (same for all users) or individual user quotas on all NFS, SMB, and dual protocol-enabled volumes. On all NFS-enabled volumes, you can define a default (that is, same for all users) or individual group quotas. |
azure-portal | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/policy-reference.md | Title: Built-in policy definitions for Azure portal description: Lists Azure Policy built-in policy definitions for Azure portal. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-relay | Relay Hybrid Connections Java Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-relay/relay-hybrid-connections-java-get-started.md | + + Title: Azure Relay Hybrid Connections - HTTP requests in Java +description: Write a Java console application for Azure Relay Hybrid Connections HTTP requests. + Last updated : 06/21/2022++++# Get started with Relay Hybrid Connections HTTP requests in Java +++In this quickstart, you create Java sender and receiver applications that send and receive messages by using the HTTP protocol. The applications use Hybrid Connections feature of Azure Relay. To learn about Azure Relay in general, see [Azure Relay](relay-what-is-it.md). ++In this quickstart, you take the following steps: ++1. Create a Relay namespace by using the Azure portal. +2. Create a hybrid connection in that namespace by using the Azure portal. +3. Write a server (listener) console application to receive messages. +4. Write a client (sender) console application to send messages. +5. Run applications. ++## Prerequisites +- [Java](https://www.java.com/en/). Please ensure that you are running JDK 1.8+ +- [Maven](https://maven.apache.org/install.html). Please ensure that you have Maven installed +- [Azure Relay SDK](https://github.com/Azure/azure-relay-java). Review Java SDK +- An Azure subscription. If you don't have one, [create a free account](https://azure.microsoft.com/free/) before you begin. ++## Create a namespace using the Azure portal ++## Create a hybrid connection using the Azure portal ++## Create a server application (listener) +To listen and receive messages from the Relay, write a Java console application. +++## Create a client application (sender) ++To send messages to the Relay, you can use any HTTP client, or write a Java console application. +++## Run the applications ++1. Run the server application: from a Java command prompt or application type `java -cp <jar_dependency_path> com.example.listener.Listener.java`. +2. Run the client application: from a Java command prompt or application type `java -cp <jar_dependency_path> com.example.sender.Sender.java`, and enter some text. +3. Ensure that the server application console outputs the text that was entered in the client application. ++Congratulations, you have created an end-to-end Hybrid Connections application using Java! ++## Next steps +In this quickstart, you created Java client and server applications that used HTTP to send and receive messages. The Hybrid Connections feature of Azure Relay also supports using WebSockets to send and receive messages. To learn how to use WebSockets with Azure Relay Hybrid Connections, see the [WebSockets quickstart](relay-hybrid-connections-node-get-started.md). ++In this quickstart, you used Java to create client and server applications. To learn how to write client and server applications using .NET Framework, see the [.NET WebSockets quickstart](relay-hybrid-connections-dotnet-get-started.md) or the [.NET HTTP quickstart](relay-hybrid-connections-http-requests-dotnet-get-started.md). |
azure-relay | Relay What Is It | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-relay/relay-what-is-it.md | To get started with using Hybrid Connections in Azure Relay, see the following q - [Hybrid Connections - Node WebSockets](relay-hybrid-connections-node-get-started.md) - [Hybrid Connections - .NET HTTP](relay-hybrid-connections-http-requests-dotnet-get-started.md) - [Hybrid Connections - Node HTTP](relay-hybrid-connections-http-requests-node-get-started.md)+- [Hybrid Connections - Java HTTP](relay-hybrid-connections-java-get-started.md) For more samples, see [Azure Relay - Hybrid Connections samples on GitHub](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections). |
azure-resource-manager | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/custom-providers/policy-reference.md | Title: Built-in policy definitions for Azure Custom Resource Providers description: Lists Azure Policy built-in policy definitions for Azure Custom Resource Providers. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-resource-manager | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/managed-applications/policy-reference.md | Title: Built-in policy definitions for Azure Managed Applications description: Lists Azure Policy built-in policy definitions for Azure Managed Applications. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-resource-manager | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/overview.md | Title: Azure Resource Manager overview description: Describes how to use Azure Resource Manager for deployment, management, and access control of resources on Azure. Previously updated : 09/27/2023 Last updated : 11/13/2023 # What is Azure Resource Manager? There are some important factors to consider when defining your resource group: To ensure state consistency for the resource group, all [control plane operations](./control-plane-and-data-plane.md) are routed through the resource group's location. When selecting a resource group location, we recommend that you select a location close to where your control operations originate. Typically, this location is the one closest to your current location. This routing requirement only applies to control plane operations for the resource group. It doesn't affect requests that are sent to your applications. - If a resource group's region is temporarily unavailable, you can't update resources in the resource group because the metadata is unavailable. The resources in other regions still function as expected, but you can't update them. + If a resource group's region is temporarily unavailable, you may not be able to update resources in the resource group because the metadata is unavailable. The resources in other regions will still function as expected, but you may not be able to update them. This condition may also apply to global resources like Azure DNS, Azure DNS Private Zones, Azure Traffic Manager, and Azure Front Door. You can view which types have their metadata managed by Azure Resource Manager via the [list of types for the Azure Resource Graph resources table](../../governance/resource-graph/reference/supported-tables-resources.md#resources). For more information about building reliable applications, see [Designing reliable Azure applications](/azure/architecture/checklist/resiliency-per-service). The Azure Resource Manager service is designed for resiliency and continuous ava This resiliency applies to services that receive requests through Resource Manager. For example, Key Vault benefits from this resiliency. +### Resource group location alignment +To reduce the likelihood of being impacted by region outages, if they occur, it's recommended to co-locate your resources with their resource group in the same region together. +The resource group location is used to determine the location where Azure Resource Manager will store metadata related to all the resources within the resource group, which is then used for routing and caching. For instance, when you list your resources at the subscription or resource group scopes, Azure Resource Manager responds based off this cache. +When the resource group's region is unavailable, Azure Resource Manager may be unable to update your resource's metadata and may block your write calls. By co-locating your resource and resource group region, you can reduce your chance of being affected by region unavailability since your resource and resource management metadata will all be stored in one region instead of multiple. + ## Next steps * To learn about limits that are applied across Azure services, see [Azure subscription and service limits, quotas, and constraints](azure-subscription-service-limits.md). |
azure-resource-manager | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/policy-reference.md | Title: Built-in policy definitions for Azure Resource Manager description: Lists Azure Policy built-in policy definitions for Azure Resource Manager. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-resource-manager | Resource Name Rules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/resource-name-rules.md | description: Shows the rules and restrictions for naming Azure resources. Previously updated : 08/02/2023+ Last updated : 11/20/2023 # Naming rules and restrictions for Azure resources In the following tables, the term alphanumeric refers to: > [!div class="mx-tableFixed"] > | Entity | Scope | Length | Valid Characters | > | | | | |-> | workspaces | resource group | 3-33 | Alphanumerics and hyphens. | +> | workspaces | resource group | 3-33 | Alphanumerics and hyphens | > | workspaces / computes | workspace | 3-24 for compute instance<br>3-32 for AML compute<br>2-16 for other compute types | Alphanumerics and hyphens. |+> | workspaces / datastores | workspace | Maximum 255 characters for datastore name| Datastore name consists only of lowercase letters, digits, and underscores | ## Microsoft.ManagedIdentity |
azure-resource-manager | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Resource Manager description: Lists Azure Policy Regulatory Compliance controls available for Azure Resource Manager. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
azure-resource-manager | Template Functions Resource | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/template-functions-resource.md | The possible uses of `list*` are shown in the following table. | Microsoft.DocumentDB/databaseAccounts | [listKeys](/rest/api/cosmos-db-resource-provider/2021-11-15-preview/database-accounts/list-keys?tabs=HTTP) | | Microsoft.DocumentDB/databaseAccounts/notebookWorkspaces | [listConnectionInfo](/rest/api/cosmos-db-resource-provider/2023-03-15-preview/notebook-workspaces/list-connection-info?tabs=HTTP) | | Microsoft.DomainRegistration/topLevelDomains | [listAgreements](/rest/api/appservice/topleveldomains/listagreements) |-| Microsoft.EventGrid/domains | [listKeys](/rest/api/eventgrid/controlplane-version2022-06-15/domains/list-shared-access-keys) | -| Microsoft.EventGrid/topics | [listKeys](/rest/api/eventgrid/controlplane-version2022-06-15/topics/list-shared-access-keys) | | Microsoft.EventHub/namespaces/authorizationRules | [listKeys](/rest/api/eventhub) | | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/authorizationRules | [listKeys](/rest/api/eventhub) | | Microsoft.EventHub/namespaces/eventhubs/authorizationRules | [listKeys](/rest/api/eventhub) | The possible uses of `list*` are shown in the following table. | Microsoft.Logic/workflows/versions/triggers | [listCallbackUrl](/rest/api/logic/workflowversions/listcallbackurl) | | Microsoft.MachineLearning/webServices | [listkeys](/rest/api/machinelearning/webservices/listkeys) | | Microsoft.MachineLearning/Workspaces | listworkspacekeys |-| Microsoft.MachineLearningServices/workspaces/computes | [listKeys](/rest/api/azureml/2023-04-01/compute/list-keys) | -| Microsoft.MachineLearningServices/workspaces/computes | [listNodes](/rest/api/azureml/2023-04-01/compute/list-nodes) | -| Microsoft.MachineLearningServices/workspaces | [listKeys](/rest/api/azureml/2023-04-01/workspaces/list-keys) | | Microsoft.Maps/accounts | [listKeys](/rest/api/maps-management/accounts/listkeys) | | Microsoft.Media/mediaservices/assets | [listContainerSas](/rest/api/media/assets/listcontainersas) | | Microsoft.Media/mediaservices/assets | [listStreamingLocators](/rest/api/media/assets/liststreaminglocators) | The possible uses of `list*` are shown in the following table. | Microsoft.ServiceBus/namespaces/authorizationRules | [listKeys](/rest/api/servicebus/controlplane-stable/namespaces-authorization-rules/list-keys) | | Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/authorizationRules | [listKeys](/rest/api/servicebus/controlplane-stable/disaster-recovery-configs/list-keys) | | Microsoft.ServiceBus/namespaces/queues/authorizationRules | [listKeys](/rest/api/servicebus/controlplane-stable/queues-authorization-rules/list-keys) |-| Microsoft.ServiceBus/namespaces/topics/authorizationRules | [listKeys](/rest/api/servicebus/controlplane-stable/topics%20ΓÇô%20authorization%20rules/list-keys) | | Microsoft.SignalRService/SignalR | [listKeys](/rest/api/signalr/signalr/listkeys) | | Microsoft.Storage/storageAccounts | [listAccountSas](/rest/api/storagerp/storageaccounts/listaccountsas) | | Microsoft.Storage/storageAccounts | [listKeys](/rest/api/storagerp/storageaccounts/listkeys) | |
azure-signalr | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/policy-reference.md | Title: Built-in policy definitions for Azure SignalR description: Lists Azure Policy built-in policy definitions for Azure SignalR. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
azure-signalr | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure SignalR description: Lists Azure Policy Regulatory Compliance controls available for Azure SignalR. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
azure-signalr | Signalr Concept Performance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/signalr-concept-performance.md | You can easily monitor your service in the Azure portal. From the **Metrics** pa The chart shows the computing pressure of your SignalR service. You can test your scenario and check this metric to decide whether to scale up. The latency inside SignalR service remains low if the Server Load is below 70%. > [!NOTE]-> If you are using unit 50 or unit 100 **and** your scenario is mainly sending to small groups (group size <100) or single connection, you need to check [sending to small group](#small-group) or [sending to connection](#send-to-connection) for reference. In those scenarios there is large routing cost which is not included in the Server Load. +> If you are using unit 50 or unit 100 **and** your scenario is mainly sending to small groups (group size <20) or single connection, you need to check [sending to small group](#small-group) or [sending to connection](#send-to-connection) for reference. In those scenarios there is large routing cost which is not included in the Server Load. ## Term definitions Many client connections are calling the hub, so the app server number is also cr > [!NOTE] > The client connection number, message size, message sending rate, routing cost, SKU tier, and CPU/memory of the app server affect the overall performance of **send to small group**.+> +> The group count, group member count listed in the table are **not hard limits**. These parameter values are selected to establish a stable benchmark scenario. For example, it is OK to assign each conneciton to a distinct group. Under this configuration, the performance is close to [send to connection](#send-to-connection). ##### Big group |
azure-sql-edge | Deploy Onnx | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-onnx.md | This quickstart is based on **scikit-learn** and uses the [Boston Housing datase - Install Python packages needed for this quickstart: - 1. Open [New Notebook](/azure-data-studio/notebooks/sql-kernel) connected to the Python 3 Kernel. + 1. Open [New Notebook](/azure-data-studio/notebooks/notebooks-python-kernel) connected to the Python 3 Kernel. 1. Select **Manage Packages** 1. In the **Installed** tab, look for the following Python packages in the list of installed packages. If any of these packages aren't installed, select the **Add New** tab, search for the package, and select **Install**. - **scikit-learn** |
azure-web-pubsub | Concept Performance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-web-pubsub/concept-performance.md | In this guide, we'll introduce the factors that affect Web PubSub upstream appli It shows the computing pressure of your Azure Web PubSub service. You could test on your own scenario and check this metrics to decide whether to scale up. The latency inside Azure Web PubSub service would remain low if the Server Load is below 70%. > [!NOTE]-> If you are using unit 50 or unit 100 **and** your scenario is mainly sending to small groups (group size <100), you need to check [sending to small group](#small-group) for reference. In those scenarios there is large routing cost which is not included in the Server Load. +> If you are using unit 50 or unit 100 **and** your scenario is mainly sending to small groups (group size <20), you need to check [sending to small group](#small-group) for reference. In those scenarios there is large routing cost which is not included in the Server Load. Below are detailed concepts for evaluating performance. ## Term definitions The routing cost is significant for sending message to many small groups. Curren | Outbound messages per second | 4,000 | 8,000 | 20,000 | 40,000 | 80,000 | 150,000 | 150,000 | | Outbound bandwidth | **8 MBps** | **16 MBps** | **40 MBps** | **80 MBps** | **160 MBps** | **300 MBps** | **300 MBps** | +> [!NOTE] +> The group count, group member count listed in the table are **not hard limits**. These parameter values are selected to establish a stable benchmark scenario. + ### Triggering Cloud Event Service delivers client events to the upstream webhook using the [CloudEvents HTTP protocol](./reference-cloud-events.md). |
azure-web-pubsub | Howto Create Serviceclient With Net And Azure Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-web-pubsub/howto-create-serviceclient-with-net-and-azure-identity.md | This how-to guide shows you how to create a `WebPubSubServiceClient` using Micro - Install [Azure.Identity](https://www.nuget.org/packages/Azure.Identity) from nuget.org. ```bash- Install-Package Azure.Identity + dotnet add package Azure.Identity ``` - Install [Azure.Messaging.WebPubSub](https://www.nuget.org/packages/Azure.Messaging.WebPubSub) from nuget.org ```bash- Install-Package Azure.Messaging.WebPubSub + dotnet add package Azure.Messaging.WebPubSub ``` +- If using DependencyInjection, install [Microsoft.Extensions.Azure](https://www.nuget.org/packages/Microsoft.Extensions.Azure) from nuget.org ++ ```bash + dotnet add package Microsoft.Extensions.Azure + ``` + ## Sample codes 1. Create a `TokenCredential` with Azure Identity SDK. |
backup | Backup Azure Immutable Vault Concept | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-immutable-vault-concept.md | Immutable vault can help you protect your backup data by blocking any operations ## Before you start -- Immutable vault is available in all Azure public regions.+- Immutable vault is available in all Azure public and US Government regions. - Immutable vault is supported for Recovery Services vaults and Backup vaults. - Enabling Immutable vault blocks you from performing specific operations on the vault and its protected items. See the [restricted operations](#restricted-operations). - Enabling immutability for the vault is a reversible operation. However, you can choose to make it irreversible to prevent any malicious actors from disabling it (after disabling it, they can perform destructive operations). Learn about [making Immutable vault irreversible](#making-immutability-irreversible). |
backup | Backup Azure Troubleshoot Blob Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-troubleshoot-blob-backup.md | This article provides troubleshooting information to address issues you encounte **Recommendation**: Ensure that the restore point ID is correct and the restore point didn't get deleted based on the backup retention settings. For a recent recovery point, ensure that the corresponding backup job is complete. We recommend you triggering the operation again using a valid restore point. If the issue persists, contact Microsoft support. +### UserErrorContainerNotFoundForPointInTimeRestore ++**Error code**: `UserErrorContainerNotFoundForPointInTimeRestore` ++**Error message**: A container selected for the restore was not found in the storage account for the selected point in time. ++**Recommendation**: Use specific container restore or prefix match restore for containers that are present in the account. We also recommend enabling vaulted backup for your storage account to get comprehensive protection against deletion of containers. If you already have it configured, you can use a recovery point for performing recovery of deleted containers. + ### UserErrorTargetContainersExistOnAccount **Error code**: `UserErrorTargetContainersExistOnAccount` |
backup | Backup Support Matrix Iaas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix-iaas.md | Back up managed disks after enabling a resource group lock | Not supported.<br/> Modify backup policy for a VM | Supported.<br/><br/> The VM will be backed up according to the schedule and retention settings in the new policy. If retention settings are extended, existing recovery points are marked and kept. If they're reduced, existing recovery points will be pruned in the next cleanup job and eventually deleted. Cancel a backup job| Supported during the snapshot process.<br/><br/> Not supported when the snapshot is being transferred to the vault. Back up the VM to a different region or subscription |Not supported.<br><br>For successful backup, virtual machines must be in the same subscription as the vault for backup.-Back up daily via the Azure VM extension | Four backups per day: one scheduled backup as set up in the backup policy, and three on-demand backups. <br><br> To allow user retries in case of failed attempts, the hard limit for on-demand backups is set to nine attempts. +Back up daily via the Azure VM extension | Four backups per day: one scheduled backup as set up in the backup policy, and three on-demand backups. <br><br> To allow user retries in case of failed attempts, the hard limit for on-demand backups is set to nine attempts in a 24 hour UTC period. Back up daily via the MARS agent | Three scheduled backups per day. Back up daily via DPM or MABS | Two scheduled backups per day. Back up monthly or yearly| Not supported when you're backing up with the Azure VM extension. Only daily and weekly are supported.<br/><br/> You can set up the policy to retain daily or weekly backups for a monthly or yearly retention period. Back up Azure VMs with locks | Supported for managed VMs. <br><br> Not supported Configure standalone Azure VMs in Windows Storage Spaces | Not supported. [Restore Virtual Machine Scale Sets](../virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes.md#scale-sets-with-flexible-orchestration) | Supported for the flexible orchestration model to back up and restore a single Azure VM. Restore with managed identities | Supported for managed Azure VMs. <br><br> Not supported for classic and unmanaged Azure VMs. <br><br> Cross-region restore isn't supported with managed identities. <br><br> Currently, this is available in all Azure public and national cloud regions. <br><br> [Learn more](backup-azure-arm-restore-vms.md#restore-vms-with-managed-identities).-<a name="tvm-backup">Back up trusted launch VMs</a> | Backup is supported. <br><br> Backup of trusted launch VMs is supported through [Enhanced policy](backup-azure-vms-enhanced-policy.md). You can enable backup through a [Recovery Services vault](./backup-azure-arm-vms-prepare.md), the [pane for managing a VM](./backup-during-vm-creation.md#start-a-backup-after-creating-the-vm), and the [pane for creating a VM](backup-during-vm-creation.md#create-a-vm-with-backup-configured). <br><br> **Feature details** <br><br> - Backup is supported in all regions where trusted launch VMs are available. <br><br> - Configuration of backups, alerts, and monitoring for trusted launch VMs is currently not supported through the backup center. <br><br> - Migration of an existing [Gen2 VM](../virtual-machines/generation-2.md) (protected with Azure Backup) to a trusted launch VM is currently not supported. [Learn how to create a trusted launch VM](../virtual-machines/trusted-launch-portal.md?tabs=portal#deploy-a-trusted-launch-vm). <br><br> - Item-level restore is not supported. +<a name="tvm-backup">Back up trusted launch VMs</a> | Backup is supported. <br><br> Backup of trusted launch VMs is supported through [Enhanced policy](backup-azure-vms-enhanced-policy.md). You can enable backup through a [Recovery Services vault](./backup-azure-arm-vms-prepare.md), the [pane for managing a VM](./backup-during-vm-creation.md#start-a-backup-after-creating-the-vm), and the [pane for creating a VM](backup-during-vm-creation.md#create-a-vm-with-backup-configured). <br><br> **Feature details** <br><br> - Backup is supported in all regions where trusted launch VMs are available. <br><br> - Configuration of backups, alerts, and monitoring for trusted launch VMs is currently not supported through the backup center. <br><br> - Migration of an existing [Gen2 VM](../virtual-machines/generation-2.md) (protected with Azure Backup) to a trusted launch VM is currently not supported. [Learn how to create a trusted launch VM](../virtual-machines/trusted-launch-portal.md?tabs=portal#deploy-a-trusted-launch-vm). <br><br> - Item-level restore is supported for the scenarios mentioned [here](backup-support-matrix-iaas.md#support-for-file-level-restore). [Back up confidential VMs](../confidential-computing/confidential-vm-overview.md) | The backup support is in limited preview. <br><br> Backup is supported only for confidential VMs that have no confidential disk encryption and for confidential VMs that have confidential OS disk encryption through a platform-managed key (PMK). <br><br> Backup is currently not supported for confidential VMs that have confidential OS disk encryption through a customer-managed key (CMK). <br><br> **Feature details** <br><br> - Backup is supported in [all regions where confidential VMs are available](../confidential-computing/confidential-vm-overview.md#regions). <br><br> - Backup is supported only if you're using [Enhanced policy](backup-azure-vms-enhanced-policy.md). You can configure backup through the [pane for creating a VM](backup-azure-arm-vms-prepare.md), the [pane for managing a VM](backup-during-vm-creation.md#start-a-backup-after-creating-the-vm), and the [Recovery Services vault](backup-azure-arm-vms-prepare.md). <br><br> - [Cross-region restore](backup-azure-arm-restore-vms.md#cross-region-restore) and file recovery (item-level restore) for confidential VMs are currently not supported. ## VM storage support Adding a disk to a protected VM | Supported. Resizing a disk on a protected VM | Supported. Shared storage| Backing up VMs by using Cluster Shared Volumes (CSV) or Scale-Out File Server isn't supported. CSV writers are likely to fail during backup. On restore, disks that contain CSV volumes might not come up. [Shared disks](../virtual-machines/disks-shared-enable.md) | Not supported.-<a name="ultra-disk-backup">Ultra disks</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> Supported region(s) - Sweden Central, Central US, North Central US, South Central US, East US, East US 2, West US 2, West Europe and North Europe. <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/1GLRnNCntU). <br><br> - Configuration of Ultra disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Ultra disks. <br><br> - GRS type vaults cannot be used for enabling backup. -<a name="premium-ssd-v2-backup">Premium SSD v2</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> Supported region(s) - East US, West Europe, Central US, South Central US, East US 2, West US 2 and North Europe. <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/h56TpTc773). <br><br> - Configuration of Premium v2 disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Premium v2 disks. <br><br> - GRS type vaults cannot be used for enabling backup. +<a name="ultra-disk-backup">Ultra disks</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#ultra-disk-limitations). <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/1GLRnNCntU). <br><br> - Configuration of Ultra disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Ultra disks. <br><br> - GRS type vaults cannot be used for enabling backup. +<a name="premium-ssd-v2-backup">Premium SSD v2</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). The support is currently in preview. <br><br> [Supported regions](../virtual-machines/disks-types.md#regional-availability). <br><br> To enroll your subscription for this feature, [fill this form](https://forms.office.com/r/h56TpTc773). <br><br> - Configuration of Premium v2 disk protection is supported via Recovery Services vault only. This configuration is currently not supported via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Premium v2 disks. <br><br> - GRS type vaults cannot be used for enabling backup. [Temporary disks](../virtual-machines/managed-disks-overview.md#temporary-disk) | Azure Backup doesn't back up temporary disks. NVMe/[ephemeral disks](../virtual-machines/ephemeral-os-disks.md) | Not supported. [Resilient File System (ReFS)](/windows-server/storage/refs/refs-overview) restore | Supported. Volume Shadow Copy Service (VSS) supports app-consistent backups on ReFS. |
backup | Backup Support Matrix Mars Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix-mars-agent.md | Windows Server 2008 SP2| 1,700 GB Windows 8 or later| 54,400 GB Windows 7| 1,700 GB -### Minimum retention limits +### Retention limits -The following are the minimum retention durations that can be set for the different recovery points: +The following are the retention durations that can be set for the different recovery points: -|Recovery point |Duration | -||| -|Daily recovery point | 7 days | -|Weekly recovery point | 4 weeks | -|Monthly recovery point | 3 months | -|Yearly recovery point | 1 year | +|Recovery point |Minimum | Maximum +||| +|Daily recovery point | 7 days | 9999 days +|Weekly recovery point | 4 weeks | 5163 weeks +|Monthly recovery point | 3 months | 1188 months +|Yearly recovery point | 1 year | 99 years ### Other limitations |
backup | Encryption At Rest With Cmk For Backup Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/encryption-at-rest-with-cmk-for-backup-vault.md | Title: Encryption of backup data in the Backup vault using customer-managed keys description: Learn how Azure Backup allows you to encrypt your backup data using customer-managed keys (CMK) in a Backup vault. Last updated 11/20/2023-+ |
backup | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/policy-reference.md | Title: Built-in policy definitions for Azure Backup description: Lists Azure Policy built-in policy definitions for Azure Backup. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
backup | Quick Sap Hana Database Instance Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-sap-hana-database-instance-restore.md | description: In this quickstart, learn how to restore the entire SAP HANA system ms.devlang: azurecli Last updated 11/02/2023-+ |
backup | Restore Sql Database Azure Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-sql-database-azure-vm.md | The secondary region restore user experience will be similar to the primary regi >[!NOTE] >- After the restore is triggered and in the data transfer phase, the restore job can't be cancelled.->- The role/access level required to perform restore operation in cross-regions are _Backup Operator_ role in the subscription and _Contributor(write)_ access on the source and target virtual machines. To view backup jobs, _ Backup reader_ is the minimum premission required in the subscription. +>- The role/access level required to perform restore operation in cross-regions are _Backup Operator_ role in the subscription and _Contributor(write)_ access on the source and target virtual machines. To view backup jobs, _Backup reader_ is the minimum permission required in the subscription. >- The RPO for the backup data to be available in secondary region is 12 hours. Therefore, when you turn on CRR, the RPO for the secondary region is 12 hours + log frequency duration (that can be set to a minimum of 15 minutes). ### Monitoring secondary region restore jobs |
backup | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Backup description: Lists Azure Policy Regulatory Compliance controls available for Azure Backup. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
backup | Tutorial Configure Sap Hana Database Instance Snapshot Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-configure-sap-hana-database-instance-snapshot-backup.md | Title: Tutorial - Configure SAP HANA database instance snapshot backup description: In this tutorial, learn how to configure the SAP HANA database instance snapshot backup and run an on-demand backup. Last updated 11/02/2023-+ For more information on the supported scenarios, see the [support matrix](./sap- ## Next steps - [Learn how to restore an SAP HANA database instance snapshot in Azure VM](sap-hana-database-instances-restore.md).-- [Troubleshoot common issues with SAP HANA database backups](backup-azure-sap-hana-database-troubleshoot.md).+- [Troubleshoot common issues with SAP HANA database backups](backup-azure-sap-hana-database-troubleshoot.md). |
batch | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/batch/policy-reference.md | Title: Built-in policy definitions for Azure Batch description: Lists Azure Policy built-in policy definitions for Azure Batch. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 11/15/2023 Last updated : 11/21/2023 |
batch | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/batch/security-controls-policy.md | Title: Azure Policy Regulatory Compliance controls for Azure Batch description: Lists Azure Policy Regulatory Compliance controls available for Azure Batch. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 11/06/2023 Last updated : 11/21/2023 |
communication-services | Notifications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/notifications.md | You can connect an Azure Notification Hub to your Communication Services resourc Communication Services uses Azure Notification Hub as a pass-through service to communicate with the various platform-specific push notification services using the [Direct Send](/rest/api/notificationhubs/direct-send) API. This allows you to reuse your existing Azure Notification Hub resources and configurations to deliver low latency, reliable notifications to your applications. > [!NOTE]-> Currently calling push notifications are supported for both Android and iOS. Chat push notifications are only supported for Android SDK in version 1.1.0-beta.4. +> Currently calling and chat push notifications are supported for both Android and iOS. ### Notification Hub provisioning |
communication-services | Number Lookup Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/numbers/number-lookup-sdk.md | The following list presents the set of features which are currently available in | -- | - | | - | - | | | Core Capabilities | Get Number Type | ✔️ | ✔️ | ✔️ | ✔️ | | | Get Carrier registered name | ✔️ | ✔️ | ✔️ | ✔️ |-| | Get associated Mobile Network Code, if available(two or three decimal digits used to identify network operator within a country) | ✔️ | ✔️ | ✔️ | ✔️ | -| | Get associated Mobile Country Code, if available(three decimal digits used to identify the country of a mobile operator) | ✔️ | ✔️ | ✔️ | ✔️ | +| | Get associated Mobile Network Code, if available (two or three decimal digits used to identify network operator within a country) | ✔️ | ✔️ | ✔️ | ✔️ | +| | Get associated Mobile Country Code, if available (three decimal digits used to identify the country of a mobile operator) | ✔️ | ✔️ | ✔️ | ✔️ | | | Get associated ISO Country Code | ✔️ | ✔️ | ✔️ | ✔️ | | Phone Number | All number types in E164 format | ✔️ | ✔️ | ✔️ | ✔️ | |
communication-services | Privacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/privacy.md | Use [Chat APIs](/rest/api/communication/chat/chatthread) to get, list, update, a - `Delete Thread` - `Delete Message` +For customers that use Virtual appointments, refer to our Teams Interoperability [user privacy](interop/guest/privacy.md#chat-storage) for storage of chat messages in Teams meetings. + ### SMS Sent and received SMS messages are ephemerally processed by the service and not retained. |
communication-services | Matching Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/matching-concepts.md | var worker = await client.CreateWorkerAsync(new CreateWorkerOptions(workerId: "w ::: zone pivot="programming-language-javascript" ```typescript-const worker = await client.path("/routing/workers/{workerId}", "worker-1").patch({ +let worker = await client.path("/routing/workers/{workerId}", "worker-1").patch({ body: { availableForOffers: true, capacity: 2, If a worker would like to stop receiving offers, it can be deregistered by setti ```csharp worker.AvailableForOffers = false;-await client.UpdateWorkerAsync(worker); +worker = await client.UpdateWorkerAsync(worker); ``` ::: zone-end await client.UpdateWorkerAsync(worker); ::: zone pivot="programming-language-javascript" ```typescript-await client.path("/routing/workers/{workerId}", "worker-1").patch({ +worker = await client.path("/routing/workers/{workerId}", worker.body.id).patch({ body: { availableForOffers: false }, contentType: "application/merge-patch+json" }); await client.path("/routing/workers/{workerId}", "worker-1").patch({ ::: zone pivot="programming-language-python" ```python-client.upsert_worker(worker_id = "worker-1", available_for_offers = False) +worker = client.upsert_worker(worker_id = worker.id, available_for_offers = False) ``` ::: zone-end client.upsert_worker(worker_id = "worker-1", available_for_offers = False) ::: zone pivot="programming-language-java" ```java-client.updateWorkerWithResponse("worker-1", worker.setAvailableForOffers(false)); +worker = client.updateWorkerWithResponse(worker.getId(), worker.setAvailableForOffers(false)); ``` ::: zone-end |
communication-services | Teams Interop Call Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/call-automation/teams-interop-call-automation.md | call_connection_client.transfer_call_to_participant(target_participant = Microso -- -### How to tell if your Tenant isn't enabled for this preview? -![Screenshot showing the error during Step 1.](./media/teams-federation-error.png) - ## Clean up resources If you want to clean up and remove a Communication Services subscription, you can delete the resource or resource group. Deleting the resource group also deletes any other resources associated with it. Learn more about [cleaning up resources](../../quickstarts/create-communication-resource.md#clean-up-resources). |
communication-services | Send Email Smtp | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/email/send-email-smtp/send-email-smtp.md | In this quick start, you learn about how to send email using SMTP. ::: zone pivot="smtp-method-powershell" [!INCLUDE [Send a message with SMTP and Windows Powershell](./includes/send-email-smtp-powershell.md)] |
communication-services | Contact Center | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/tutorials/contact-center.md | This overview describes concepts for **contact center** applications. After comp Contact center applications are focused on unscheduled communication between **consumers** and **agents**. The **organizational boundary** between consumers and agents, and the **unscheduled** nature of the interaction, are key attributes of contact center applications. -This article focuses on *inbound* engagement, where the consumer initiates communication. Developers interested in scheduled business-to-consumer interactions should read our [Virtual Visits](/azure/communication-services/tutorials/virtual-visits) tutorial. Many businesses also have *outbound* communication needs, for which we recommend the outbound [customer engagement](/learn.microsoft.com/dynamics365/customer-insights/journeys/portal-optional) tutorial. +This article focuses on *inbound* engagement, where the consumer initiates communication. Developers interested in scheduled business-to-consumer interactions should read our [Virtual Visits](/azure/communication-services/tutorials/virtual-visits) tutorial. The term ΓÇ£contact centerΓÇ¥ captures a large family of applications diverse across scale, channels, and organizational approach: The following list presents the set of features that are currently available for - [Quickstart: Join your calling app to a Teams call queue](/azure/communication-services/quickstarts/voice-video-calling/get-started-teams-call-queue) - [Quickstart - Teams Auto Attendant on Azure Communication Services](/azure/communication-services/quickstarts/voice-video-calling/get-started-teams-auto-attendant)-- [Get started with a click to call experience using Azure Communication Services - An Azure Communication Services tutorial](/azure/communication-services/tutorials/calling-widget/calling-widget-overview) ## Extend your contact center voice solution to Teams users |
communications-gateway | Connect Operator Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/connect-operator-connect.md | -After you have deployed Azure Communications Gateway and connected it to your core network, you need to connect it to Microsoft Phone System. You also need to onboard to the Operator Connect or Teams Phone Mobile environments. +After you deploy Azure Communications Gateway and connect it to your core network, you need to connect it to Microsoft Phone System. You also need to onboard to the Operator Connect or Teams Phone Mobile environments. -This article describes how to set up Azure Communications Gateway for Operator Connect and Teams Phone Mobile. When you have finished the steps in this article, you will be ready to [Prepare for live traffic](prepare-for-live-traffic-operator-connect.md) with Operator Connect, Teams Phone Mobile and Azure Communications Gateway. +This article describes how to set up Azure Communications Gateway for Operator Connect and Teams Phone Mobile. After you finish the steps in this article, you can [prepare for live traffic](prepare-for-live-traffic-operator-connect.md) with Operator Connect, Teams Phone Mobile and Azure Communications Gateway. > [!TIP] > This article assumes that your Azure Communications Gateway onboarding team from Microsoft is also onboarding you to Operator Connect and/or Teams Phone Mobile. If you've chosen a different onboarding partner for Operator Connect or Teams Phone Mobile, you need to ask them to arrange changes to the Operator Connect and/or Teams Phone Mobile environments. ## Prerequisites -You must have carried out all the steps in [Deploy Azure Communications Gateway](deploy.md). +You must [deploy Azure Communications Gateway](deploy.md). You must have access to a user account with the Microsoft Entra Global Administrator role. +You must allocate six "service verification" test numbers for each of Operator Connect and Teams Phone Mobile. These numbers are used by the Operator Connect and Teams Phone Mobile programs for continuous call testing. +- If you selected the service you're setting up as part of deploying Azure Communications Gateway, you've allocated numbers for the service already. +- Otherwise, choose the phone numbers now (in E.164 format and including the country code) and names to identify them. We recommend names of the form OC1 and OC2 (for Operator Connect) and TPM1 and TPM2 (for Teams Phone Mobile). ++You must also allocate at least one test number for each service for integration testing. ++If you want to set up Teams Phone Mobile and you didn't select it when you deployed Azure Communications Gateway, choose: +- The number used in Teams Phone Mobile to access the Voicemail Interactive Voice Response (IVR) from native dialers. +- How you plan to route Teams Phone Mobile calls to Microsoft Phone System. Choose from: + - Integrated MCP (MCP in Azure Communications Gateway). + - On-premises MCP. + - Another method to route calls. ++## Enable Operator Connect or Teams Phone Mobile support ++> [!NOTE] +> If you selected Operator Connect or Teams Phone Mobile when you [deployed Azure Communications Gateway](deploy.md), skip this step and go to [Add the Project Synergy application to your Azure tenancy](#add-the-project-synergy-application-to-your-azure-tenancy). ++1. Sign in to the [Azure portal](https://azure.microsoft.com/). +1. In the search bar at the top of the page, search for your Communications Gateway resource and select it. +1. In the side menu bar, find **Communications services** and select **Operator Connect** or **Teams Phone Mobile** (as appropriate) to open a page for the service. +1. On the service's page, select **Operator Connect settings** or **Teams Phone Mobile settings**. +1. Fill in the fields, selecting **Review + create** and **Create**. +1. Select the **Overview** page for your resource. +1. Select **Add test lines** and add the service verification lines you chose in [Prerequisites](#prerequisites). Set the **Testing purpose** to **Automated**. + > [!IMPORTANT] + > Do not add the numbers for integration testing. You will configure numbers for integration testing when you [carry out integration testing and prepare for live traffic](prepare-for-live-traffic-operator-connect.md). +1. Wait for your resource to be updated. When your resource is ready, the **Provisioning Status** field on the resource overview changes to "Complete." We recommend that you check in periodically to see if the Provisioning Status field is "Complete." This step might take up to two weeks. + ## Add the Project Synergy application to your Azure tenancy +Before starting this step, check that the **Provisioning Status** field for your resource is "Complete". + > [!NOTE] >This step and the next step ([Assign an Admin user to the Project Synergy application](#assign-an-admin-user-to-the-project-synergy-application)) set you up as an Operator in the Teams Phone Mobile (TPM) and Operator Connect (OC) environments. If you've already gone through onboarding, go to [Find the Object ID and Application ID for your Azure Communication Gateway resource](#find-the-object-id-and-application-id-for-your-azure-communication-gateway-resource). |
communications-gateway | Connect Teams Direct Routing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/connect-teams-direct-routing.md | -After you have deployed Azure Communications Gateway and connected it to your core network, you need to connect it to Microsoft Phone System. +After you deploy Azure Communications Gateway and connect it to your core network, you need to connect it to Microsoft Phone System. -This article describes how to start setting up Azure Communications Gateway for Microsoft Teams Direct Routing. When you have finished the steps in this article, you can set up test users for test calls and prepare for live traffic. +This article describes how to start connecting Azure Communications Gateway to Microsoft Teams Direct Routing. After you finish the steps in this article, you can set up test users for test calls and prepare for live traffic. ## Prerequisites -You must have carried out all the steps in [Deploy Azure Communications Gateway](deploy.md). +You must [deploy Azure Communications Gateway](deploy.md). -Your organization must have integrated with Azure Communications Gateway's Provisioning API. +Your organization must [integrate with Azure Communications Gateway's Provisioning API](integrate-with-provisioning-api.md). If you didn't configure the Provisioning API in the Azure portal as part of deploying, you also need to know: +- The IP addresses or address ranges (in CIDR format) in your network that should be allowed to connect to the Provisioning API, as a comma-separated list. +- (Optional) The name of any custom SIP header that Azure Communications Gateway should add to messages entering your network. You must have **Reader** access to the subscription into which Azure Communications Gateway is deployed. You must be able to sign in to the Microsoft 365 admin center for your tenant as a Global Administrator. +## Enable Microsoft Teams Direct Routing support ++> [!NOTE] +> If you selected Microsoft Teams Direct Routing when you [deployed Azure Communications Gateway](deploy.md), skip this step and go to [Find your Azure Communication Gateway's domain names](#find-your-azure-communication-gateways-domain-names). ++1. Sign in to the [Azure portal](https://azure.microsoft.com/). +1. In the search bar at the top of the page, search for your Communications Gateway resource and select it. +1. In the side menu bar, find **Communications services** and select **Teams Direct Routing** to open a page for the service. +1. On the service's page, select **Teams Direct Routing settings**. +1. Fill in the fields, selecting **Review + create** and **Create**. +1. Select the **Overview** page for your resource. +1. Wait for your resource to be updated. When your resource is ready, the **Provisioning Status** field on the resource overview changes to "Complete." We recommend that you check in periodically to see if the Provisioning Status field is "Complete." This step might take up to two weeks. + ## Find your Azure Communication Gateway's domain names +Before starting this step, check that the **Provisioning Status** field for your resource is "Complete". + Microsoft Teams only sends traffic to domains that you've confirmed that you own. Your Azure Communications Gateway deployment automatically receives an autogenerated fully qualified domain name (FQDN) and regional subdomains of this domain. 1. Sign in to the [Azure portal](https://azure.microsoft.com/). |
communications-gateway | Connect Zoom | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/connect-zoom.md | -After you have deployed Azure Communications Gateway and connected it to your core network, you need to connect it to Zoom. +After you deploy Azure Communications Gateway and connect it to your core network, you need to connect it to Zoom. -This article describes how to start setting up Azure Communications Gateway for Zoom Phone Cloud Peering. When you have finished the steps in this article, you can set up test users for test calls and prepare for live traffic. +This article describes how to start connecting Azure Communications Gateway to Zoom Phone Cloud Peering. After you finish the steps in this article, you can set up test users for test calls and prepare for live traffic. ## Prerequisites -You mus |