+|Tenant Creator| Create new Azure AD or Azure AD B2C tenants.| [Tenant Creator](../active-directory/roles/permissions-reference.md#tenant-creator)|

+MSAL for Java allows you to use the logging library that you're already using with your app, as long as it's compatible with SLF4J. MSAL for Java uses the [Simple Logging Facade for Java](http://www.slf4j.org/) (SLF4J) as a simple facade or abstraction for various logging frameworks, such as [java.util.logging](https://docs.oracle.com/javase/7/docs/api/java/util/logging/package-summary.html), [Logback](http://logback.qos.ch/) and [Log4j](https://logging.apache.org/log4j/2.x/). SLF4J allows the user to plug in the desired logging framework at deployment time and automatically binds to Logback at deployment time. MSAL logs will be written to the console.

+This article shows how to enable MSAL4J logging using the logback framework in a spring boot web application. You can refer to the [code sample](https://github.com/Azure-Samples/ms-identity-java-webapp/tree/master/msal-java-webapp-sample) for reference.

+1. To implement logging, include the `logback` package in the *pom.xml* file.

+ ```xml

+ <dependency>

+ <groupId>ch.qos.logback</groupId>

+ <artifactId>logback-classic</artifactId>

+ <version>1.2.3</version>

+ </dependency>

+ ```

+2. Navigate to the *resources* folder, and add a file called *logback.xml*, and insert the following code. This will append logs to the console. You can change the appender `class` to write logs to a file, database or any appender of your choosing.

+ ```xml

+ <?xml version="1.0" encoding="UTF-8"?>

+ <configuration>

+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

+ <encoder>

+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>

+ </encoder>

+ </appender>

+ <root level="debug">

+ <appender-ref ref="STDOUT" />

+ </root>

+ </configuration>

+ ```

+3. Next, you should set the *logging.config* property to the location of the *logback.xml* file before the main method. Navigate to *MsalWebSampleApplication.java* and add the following code to the `MsalWebSampleApplication` public class.

+ ```java

+ @SpringBootApplication

+ public class MsalWebSampleApplication {

+ static { System.setProperty("logging.config", "C:\Users\<your path>\src\main\resources\logback.xml"); }

+ public static void main(String[] arrgs) {

+ // Console.log("main");

+ // System.console().printf("Hello");

+ // System.out.printf("Hello %s!%n", "World");

+ System.out.printf("%s%n", "Hello World");

+ SpringApplication.run(MsalWebSampleApplication.class, args);

+ }

+ }

+ ```

+

+In your tenant, you'll need separate app registrations for the web app and the web API. For app registration and exposing the web API scope, follow the steps in the scenario [A web app that authenticates users and calls web APIs](/scenario-web-app-call-api-overview).

+By default, MSAL logging doesn't capture or log any personal or organizational data. In the following example, logging personal or organizational data is off by default:

+For more code samples, refer to [Microsoft identity platform code samples](sample-v2-code.md).

+ Title: Configure SSO on macOS and iOS

+The Microsoft Authentication Library (MSAL) for macOS and iOS supports single sign-on (SSO) between macOS/iOS apps and browsers. This article covers the following SSO scenarios:

+This type of SSO works between multiple apps distributed by the same Apple Developer. It provides silent SSO (that is, the user isn't prompted for credentials) by reading refresh tokens written by other apps from the keychain, and exchanging them for access tokens silently.

+The SSO through authentication broker isn't available on macOS.

+Microsoft provides apps called brokers, that enable SSO between applications from different vendors as long as the mobile device is registered with Azure Active Directory (Azure AD). This type of SSO requires a broker application be installed on the user's device.

+This type of SSO is currently not available on macOS. MSAL on macOS only supports WKWebView which doesn't have SSO support with Safari.

+App3 Redirect URI: `msauth.com.contoso.mytestapp3://auth`

+The format of redirect URIs must be compatible with the format MSAL supports, which is documented in [MSAL Redirect URI format requirements](redirect-uris-ios.md#msal-redirect-uri-format-requirements).

+- `com.microsoft.adalcache` on iOS

+- `com.microsoft.identity.universalstorage` on macOS.

+MSAL provides support for brokered authentication with Microsoft Authenticator. Microsoft Authenticator provides SSO for Azure AD registered devices, and also helps your application follow Conditional Access policies.

+ ```xml

+ <key>CFBundleURLSchemes</key>

+ <array>

+ <string>msauth.<app.bundle.id></string>

+ </array>

+ ```

+ ```xml

+ <key>LSApplicationQueriesSchemes</key>

+ <array>

+ <string>msauthv2</string>

+ <string>msauthv3</string>

+ </array>

+ ```

+ Objective-C:

+ ```objc

+ - (BOOL)application:(UIApplication *)app openURL:(NSURL *)url options:(NSDictionary<NSString *,id> *)options

+ {

+ return [MSALPublicClientApplication handleMSALResponse:url sourceApplication:options[UIApplicationOpenURLOptionsSourceApplicationKey]];

+ }

+ ```

+ Swift:

+ ```swift

+ func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {

+ return MSALPublicClientApplication.handleMSALResponse(url, sourceApplication: options[UIApplication.OpenURLOptionsKey.sourceApplication] as? String)

+ }

+ ```

+[Azure role-based access control (Azure RBAC)](../../role-based-access-control/role-assignments-portal.md) for Azure AD Connect Health provides access to users and groups other than Hybrid Identity Administrators. Azure RBAC assigns roles to the intended users and groups, and provides a mechanism to limit the Hybrid Identity Administrators within your directory.

+1. Download the latest version of the [Azure Connected Machine agent Windows Installer package](https://aka.ms/AzureConnectedMachineAgent) from the Microsoft Download Center and save it to the remote share.

+ .\DeployGPO.ps1 -DomainFQDN contoso.com -ReportServerFQDN Server.contoso.com -ArcRemoteShare AzureArcOnBoard -ServicePrincipalSecret $ServicePrincipalSecret -ServicePrincipalClientId $ServicePrincipalClientId -SubscriptionId $SubscriptionId -ResourceGroup $ResourceGroup -Location $Location -TenantId $TenantId [-AgentProxy $AgentProxy]

+Enhanced soft delete is currently available in the following regions: East US, West US, West US 2, West Central US, Japan East, , Brazil South, Australia East, and North Europe.

+**Total cost for the call**: $0.11 + $0.02 = $0.13

+> [!TIP]

+> This article documents the use of global throughput control groups in the Azure Cosmos DB Spark Connector, but the functionality is also available in the [Java SDK](/azure/cosmos-db/nosql/sdk-java-v4). In the SDK, you can also use Local Throughput Control groups to limit the RU consumption in the context of a single client connection instance. For example, you can apply this to different operations within a single microservice, or maybe to a single data loading program. Take a look at a code snippet [here](https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/cosmos/azure-cosmos/src/samples/java/com/azure/cosmos/ThroughputControlCodeSnippet.java) for how to build a CosmosAsyncClient with both local and global control groups.

+> Throughput control does not do RU pre-calculation of each operation. Instead, it tracks the RU usages *after* the operation based on the response header. As such, throughput control is based on an approximation - and **does not guarantee** that amount of throughput will be available for the group at any given time. For example, if the configured RU is so low that a single operation can use it all, then throughput control cannot avoid the RU exceeding the configured limit. Therefore, throughput control works best when the configured limit is higher than any single operation that can be executed by a client in the given control group.

+- Copying files from/to network file share. To use a Linux file share, install [Samba](https://www.samba.org/) on your Linux server.

+>[!NOTE]

+>Copying files from local machine is not supported under Azure Integration Runtime.<br>

+>Refer to the command line from [here](create-self-hosted-integration-runtime.md#set-up-an-existing-self-hosted-ir-via-local-powershell) to enable the access to the local machine under Self-hosted integration runtime. By default, it's disabled.

+ Title: Troubleshoot the file system connector

+description: Learn how to troubleshoot issues with the file system connector in Azure Data Factory and Azure Synapse Analytics.

+# Troubleshoot the file system connector in Azure Data Factory and Azure Synapse

+This article provides suggestions to troubleshoot common problems with the file system connector in Azure Data Factory and Azure Synapse.

+## Error code: AccessToOnPremFileSystemDenied

+- **Message**: `Access to '%path;' is not allowed.`

+- **Cause**: Copying files from local machine is not supported under Azure Integration Runtime. For Self-hosted Integration Runtime (versions >= 5.22.8297.1) , Azure Data Factory is introducing a new security control to allow or disallow local SHIR file system access through the connector. By default, it's disabled.

+- **Recommendation**: Using command line from [Set up an existing self-hosted IR via local PowerShell](create-self-hosted-integration-runtime.md#set-up-an-existing-self-hosted-ir-via-local-powershell) , you could allow or disallow local SHIR file system access.

+## Next steps

+For more troubleshooting help, try these resources:

+- [Connector troubleshooting guide](connector-troubleshoot-guide.md)

+- [Data Factory blog](https://azure.microsoft.com/blog/tag/azure-data-factory/)

+- [Data Factory feature requests](/answers/topics/azure-data-factory.html)

+- [Azure videos](https://azure.microsoft.com/resources/videos/index/?sort=newest&services=data-factory)

+- [Microsoft Q&A page](/answers/topics/azure-data-factory.html)

+- [Stack Overflow forum for Data Factory](https://stackoverflow.com/questions/tagged/azure-data-factory)

+- [Twitter information about Data Factory](https://twitter.com/hashtag/DataFactory)

+|`-DisableLocalFolderPathValidation`|| Disable security validation to enable access to file system of the local machine.|

+|`-EnableLocalFolderPathValidation`|| Enable security validation to disable access to file system of the local machine. |

+ > * To stop evaluating remaining rules if a specific rule is met, check **Stop evaluating remaining rule**. If this option is checked then all remaining rules in that Rule Set as well as all the remaining Rule Sets associated with the route will not be executed regardless of the matching conditions being met.

+ SDK v2 allows you to build a single command or a chain of commands like Python functions - the command has a name, parameters, expects input, and returns output.

+2. If the replication user is other than the server administration user (who created the server), make sure that you grant membership in a role `azure_pg_admin` to the user and assign REPLICATION and LOGIN attributes to the user. See [pglogical documentation](https://github.com/2ndQuadrant/pglogical#limitations-and-restrictions) for details.

+ GRANT azure_pg_admin to myUser;

+ ALTER ROLE myUser REPLICATION LOGIN;

+

+>[!NOTE]

+> Pglogical does not currently support an automatic DDL replication. The initial schema can be copied manually using pg_dump --schema-only. DDL statements can be executed on the provider and subscriber at the same time by using the pglogical.replicate_ddl_command function. Please be aware of other limitations of the extension listed [here](https://github.com/2ndQuadrant/pglogical#limitations-and-restrictions).

+Linux: CentOS | 5.2 to 5.11</b><br/> 6.1 to 6.10</b><br/> </br> 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, [7.7](https://support.microsoft.com/help/4528026/update-rollup-41-for-azure-site-recovery), [7.8](https://support.microsoft.com/help/4564347/), [7.9](https://support.microsoft.com/help/4578241/) </br> [8.0](https://support.microsoft.com/help/4531426/update-rollup-42-for-azure-site-recovery), 8.1, [8.2](https://support.microsoft.com/help/4570609), [8.3](https://support.microsoft.com/help/4597409/), [8.4](https://support.microsoft.com/topic/883a93a7-57df-4b26-a1c4-847efb34a9e8) (4.18.0-305.30.1.el8_4.x86_64 or later), [8.5](https://support.microsoft.com/topic/883a93a7-57df-4b26-a1c4-847efb34a9e8) (4.18.0-348.5.1.el8_5.x86_64 or later), 8.6 <br/><br/> Few older kernels on servers running CentOS 5.2-5.11 & 6.1-6.10 do not have [Linux Integration Services (LIS) components](https://www.microsoft.com/download/details.aspx?id=55106) pre-installed. If in-built LIS components are missing, ensure to install the [components](https://www.microsoft.com/download/details.aspx?id=55106) before enabling replication for the machines to boot in Azure.

+- Copy the installer corresponding to the source machineΓÇÖs operating system and place it on your source machine in a local folder, such as *C:\Program Files (x86)\Microsoft Azure Site Recovery*.

+ cd C:\Program Files (x86)\Microsoft Azure Site Recovery*

+ .\Microsoft-ASR_UA*Windows*release.exe /q /x:C:\Program Files (x86)\Microsoft Azure Site Recovery

+ .\UnifiedAgentInstaller.exe /Platform vmware /Role MS /CSType CSPrime /InstallLocation "C:\Program Files (x86)\Microsoft Azure Site Recovery"

+ cd C:\Program Files (x86)\Microsoft Azure Site Recovery

+ .\Microsoft-ASR_UA*Windows*release.exe /q /x:C:\Program Files (x86)\Microsoft Azure Site Recovery

+ .\UnifiedAgentInstaller.exe /Platform vmware /Silent /Role MS /CSType CSPrime /InstallLocation "C:\Program Files (x86)\Microsoft Azure Site Recovery"

+ "C:\Program Files (x86)\Microsoft Azure Site Recovery\agent\UnifiedAgentConfigurator.exe" /SourceConfigFilePath "config.json" /CSType CSPrime

+ | API location | **Api** | Folder containing the Azure Functions app |

+|Api | The C# Azure Functions application implements the API endpoint that provides weather information to the Blazor WebAssembly app. The **WeatherForecastFunction** returns an array of `WeatherForecast` objects. |