+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to the Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. Select the **Settings** icon in the portal toolbar.

+1. On the **Portal settings | Directories + subscriptions** page, in the **Directory name** list, find your Microsoft Entra ID directory that contains the Azure subscription and the _azure-ad-b2c-monitor_ resource group you created, and then select **Switch**.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. To choose the directory that contains the Azure subscription that youΓÇÖd like to use for Azure Front Door and *not* the directory containing your Azure AD B2C tenant select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+ 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.

+# [OpenAI Python 0.28.1](#tab/python)

+# [OpenAI Python 1.x](#tab/python-new)

+```python

+# os.getenv() for the endpoint and key assumes that you are using environment variables.

+import os

+from openai import AzureOpenAI

+client = AzureOpenAI(

+ api_key=os.getenv("AZURE_OPENAI_KEY"),

+ api_version="2023-10-01-preview",

+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")

+ )

+response = client.completions.create(

+ model="gpt-35-turbo-instruct", # model = "deployment_name".

+ prompt="{Example prompt where a severity level of low is detected}"

+ # Content that is detected at severity level medium or high is filtered,

+ # while content detected at severity level low isn't filtered by the content filters.

+)

+print(response.model_dump_json(indent=2))

+```

+# [OpenAI Python 0.28.1](#tab/python)

+ engine="gpt-35-turbo-0613", # engine = "deployment_name"

+# [OpenAI Python 1.x](#tab/python-new)

+```python

+import os

+from openai import AzureOpenAI

+client = AzureOpenAI(

+ api_key=os.getenv("AZURE_OPENAI_KEY"),

+ api_version="2023-10-01-preview",

+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT"

+)

+messages= [

+ {"role": "user", "content": "Find beachfront hotels in San Diego for less than $300 a month with free breakfast."}

+]

+functions= [

+ {

+ "name": "search_hotels",

+ "description": "Retrieves hotels from the search index based on the parameters provided",

+ "parameters": {

+ "type": "object",

+ "properties": {

+ "location": {

+ "type": "string",

+ "description": "The location of the hotel (i.e. Seattle, WA)"

+ },

+ "max_price": {

+ "type": "number",

+ "description": "The maximum price for the hotel"

+ },

+ "features": {

+ "type": "string",

+ "description": "A comma separated list of features (i.e. beachfront, free wifi, etc.)"

+ }

+ },

+ "required": ["location"]

+ }

+ }

+]

+response = client.chat.completions.create(

+ model="gpt-35-turbo-0613", # model = "deployment_name"

+ messages= messages,

+ functions = functions,

+ function_call="auto",

+)

+print(response.choices[0].message.model_dump_json(indent=2))

+```

+The response from the API includes a `function_call` property if the model determines that a function should be called. The `function_call` property includes the name of the function to call and the arguments to pass to the function. The arguments are a JSON string that you can parse and use to call your function.

+```json

+{

+ "content": null,

+ "role": "assistant",

+ "function_call": {

+ "arguments": "{\n \"location\": \"San Diego\",\n \"max_price\": 300,\n \"features\": \"beachfront, free breakfast\"\n}",

+ "name": "search_hotels"

+ }

+}

+```

+In some cases, the model may generate both `content` and a `function_call`. For example, for the prompt above the content could say something like "Sure, I can help you find some hotels in San Diego that match your criteria" along with the function_call.

+ Title: How to migrate to OpenAI Python v1.x

+description: Learn about migrating to the latest release of the OpenAI Python library with Azure OpenAI

+# Migrating to the OpenAI Python API library 1.x

+OpenAI has just released a new version of the [OpenAI Python API library](https://github.com/openai/openai-python/). This guide is supplemental to [OpenAI's migration guide](https://github.com/openai/openai-python/discussions/631) and will help bring you up to speed on the changes specific to Azure OpenAI.

+## Updates

+- This is a completely new version of the OpenAI Python API library.

+- Starting on November 6, 2023 `pip install openai` and `pip install openai --upgrade` will install `version 1.x` of the OpenAI Python library.

+- Upgrading from `version 0.28.1` to `version 1.x` is a breaking change, you'll need to test and update your code.

+- Auto-retry with backoff if there's an error

+- Proper types (for mypy/pyright/editors)

+- You can now instantiate a client, instead of using a global default.

+- Switch to explicit client instantiation

+- [Name changes](#name-changes)

+## Known issues

+- The latest release of the [OpenAI Python library](https://pypi.org/project/openai/) doesn't currently support DALL-E when used with Azure OpenAI. DALL-E with Azure OpenAI is still supported with `0.28.1`. For those who can't wait for native support for DALL-E and Azure OpenAI we're providing [two code examples](#dall-e-fix) which can be used as a workaround.

+- `embeddings_utils.py` which was used to provide functionality like cosine similarity for semantic text search is [no longer part of the OpenAI Python API library](https://github.com/openai/openai-python/issues/676).

+- You should also check the active [GitHub Issues](https://github.com/openai/openai-python/issues/703) for the OpenAI Python library.

+## Test before you migrate

+> [!IMPORTANT]

+> Automatic migration of your code using `openai migrate` is not supported with Azure OpenAI.

+As this is a new version of the library with breaking changes, you should test your code extensively against the new release before migrating any production applications to rely on version 1.x. You should also review your code and internal processes to make sure that you're following best practices and pinning your production code to only versions that you have fully tested.

+To make the migration process easier, we're updating existing code examples in our docs for Python to a tabbed experience:

+# [OpenAI Python 0.28.1](#tab/python)

+```console

+pip install openai==0.28.1

+```

+# [OpenAI Python 1.x](#tab/python-new)

+```console

+pip install openai --upgrade

+```

+This provides context for what has changed and allows you to test the new library in parallel while continuing to provide support for version `0.28.1`. If you upgrade to `1.x` and realize you need to temporarily revert back to the previous version, you can always `pip uninstall openai` and then reinstall targeted to `0.28.1` with `pip install openai==0.28.1`.

+## Chat completions

+# [OpenAI Python 0.28.1](#tab/python)

+You need to set the `engine` variable to the deployment name you chose when you deployed the GPT-3.5-Turbo or GPT-4 models. Entering the model name will result in an error unless you chose a deployment name that is identical to the underlying model name.

+```python

+import os

+import openai

+openai.api_type = "azure"

+openai.api_base = os.getenv("AZURE_OPENAI_ENDPOINT")

+openai.api_key = os.getenv("AZURE_OPENAI_KEY")

+openai.api_version = "2023-05-15"

+response = openai.ChatCompletion.create(

+ engine="gpt-35-turbo", # engine = "deployment_name".

+ messages=[

+ {"role": "system", "content": "You are a helpful assistant."},

+ {"role": "user", "content": "Does Azure OpenAI support customer managed keys?"},

+ {"role": "assistant", "content": "Yes, customer managed keys are supported by Azure OpenAI."},

+ {"role": "user", "content": "Do other Azure AI services support this too?"}

+ ]

+)

+print(response)

+print(response['choices'][0]['message']['content'])

+```

+# [OpenAI Python 1.x](#tab/python-new)

+You need to set the `model` variable to the deployment name you chose when you deployed the GPT-3.5-Turbo or GPT-4 models. Entering the model name results in an error unless you chose a deployment name that is identical to the underlying model name.

+```python

+import os

+from openai import AzureOpenAI

+client = AzureOpenAI(

+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT"),

+ api_key=os.getenv("AZURE_OPENAI_KEY"),

+ api_version="2023-05-15"

+)

+response = client.chat.completions.create(

+ model="gpt-35-turbo", # model = "deployment_name".

+ messages=[

+ {"role": "system", "content": "You are a helpful assistant."},

+ {"role": "user", "content": "Does Azure OpenAI support customer managed keys?"},

+ {"role": "assistant", "content": "Yes, customer managed keys are supported by Azure OpenAI."},

+ {"role": "user", "content": "Do other Azure AI services support this too?"}

+ ]

+)

+print(response.choices[0].message.content)

+```

+Additional examples can be found in our [in-depth Chat Completion article](chatgpt.md).

+## Completions

+# [OpenAI Python 0.28.1](#tab/python)

+```python

+import os

+import openai

+openai.api_key = os.getenv("AZURE_OPENAI_KEY")

+openai.api_base = os.getenv("AZURE_OPENAI_ENDPOINT") # your endpoint should look like the following https://YOUR_RESOURCE_NAME.openai.azure.com/

+openai.api_type = 'azure'

+openai.api_version = '2023-05-15' # this might change in the future

+deployment_name='REPLACE_WITH_YOUR_DEPLOYMENT_NAME' #This will correspond to the custom name you chose for your deployment when you deployed a model.

+# Send a completion call to generate an answer

+print('Sending a test completion job')

+start_phrase = 'Write a tagline for an ice cream shop. '

+response = openai.Completion.create(engine=deployment_name, prompt=start_phrase, max_tokens=10)

+text = response['choices'][0]['text'].replace('\n', '').replace(' .', '.').strip()

+print(start_phrase+text)

+```

+# [OpenAI Python 1.x](#tab/python-new)

+```python

+import os

+from openai import AzureOpenAI

+

+client = AzureOpenAI(

+ api_key=os.getenv("AZURE_OPENAI_KEY"),

+ api_version="2023-10-01-preview",

+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")

+ )

+

+deployment_name='REPLACE_WITH_YOUR_DEPLOYMENT_NAME' #This will correspond to the custom name you chose for your deployment when you deployed a model.

+

+# Send a completion call to generate an answer

+print('Sending a test completion job')

+start_phrase = 'Write a tagline for an ice cream shop. '

+response = client.completions.create(model=deployment_name, prompt=start_phrase, max_tokens=10)

+print(response.choices[0].text)

+```

+## Embeddings

+# [OpenAI Python 0.28.1](#tab/python)

+```python

+import openai

+openai.api_type = "azure"

+openai.api_key = YOUR_API_KEY

+openai.api_base = "https://YOUR_RESOURCE_NAME.openai.azure.com"

+openai.api_version = "2023-05-15"

+response = openai.Embedding.create(

+ input="Your text string goes here",

+ engine="YOUR_DEPLOYMENT_NAME"

+)

+embeddings = response['data'][0]['embedding']

+print(embeddings)

+```

+# [OpenAI Python 1.x](#tab/python-new)

+```python

+import os

+from openai import AzureOpenAI

+client = AzureOpenAI(

+ api_key = os.getenv("AZURE_OPENAI_KEY"),

+ api_version = "2023-05-15",

+ azure_endpoint =os.getenv("AZURE_OPENAI_ENDPOINT")

+)

+response = client.embeddings.create(

+ input = "Your text string goes here",

+ model= "text-embedding-ada-002"

+)

+print(response.model_dump_json(indent=2))

+```

+Additional examples including how to handle semantic text search without `embeddings_utils.py` can be found in our [embeddings tutorial](../tutorials/embeddings.md).

+## Async

+OpenAI doesn't support calling asynchronous methods in the module-level client, instead you should instantiate an async client.

+```python

+from openai import AsyncAzureOpenAI

+client = AsyncAzureOpenAI(

+ api_key = os.getenv("AZURE_OPENAI_KEY"),

+ api_version = "2023-10-01-preview",

+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")

+)

+response = await client.chat.completions.create(model="gpt-35-turbo", messages=[{"role": "user", "content": "Hello world"}])

+print(response.model_dump_json(indent=2))

+```

+## Authentication

+```python

+from azure.identity import DefaultAzureCredential, get_bearer_token_provider

+from openai import AzureOpenAI

+token_provider = get_bearer_token_provider(DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default")

+api_version = "2023-10-01-preview"

+endpoint = "https://my-resource.openai.azure.com"

+client = AzureOpenAI(

+ api_version=api_version,

+ azure_endpoint=endpoint,

+ azure_ad_token_provider=token_provider,

+)

+completion = client.chat.completions.create(

+ model="deployment-name", # gpt-35-instant

+ messages=[

+ {

+ "role": "user",

+ "content": "How do I output all files in a directory using Python?",

+ },

+ ],

+)

+print(completion.model_dump_json(indent=2))

+```

+## DALL-E fix

+# [DALLE-Fix](#tab/dalle-fix)

+```python

+import time

+import json

+import httpx

+import openai

+class CustomHTTPTransport(httpx.HTTPTransport):

+ def handle_request(

+ self,

+ request: httpx.Request,

+ ) -> httpx.Response:

+ if "images/generations" in request.url.path and request.url.params[

+ "api-version"

+ ] in [

+ "2023-06-01-preview",

+ "2023-07-01-preview",

+ "2023-08-01-preview",

+ "2023-09-01-preview",

+ "2023-10-01-preview",

+ ]:

+ request.url = request.url.copy_with(path="/openai/images/generations:submit")

+ response = super().handle_request(request)

+ operation_location_url = response.headers["operation-location"]

+ request.url = httpx.URL(operation_location_url)

+ request.method = "GET"

+ response = super().handle_request(request)

+ response.read()

+ timeout_secs: int = 120

+ start_time = time.time()

+ while response.json()["status"] not in ["succeeded", "failed"]:

+ if time.time() - start_time > timeout_secs:

+ timeout = {"error": {"code": "Timeout", "message": "Operation polling timed out."}}

+ return httpx.Response(

+ status_code=400,

+ headers=response.headers,

+ content=json.dumps(timeout).encode("utf-8"),

+ request=request,

+ )

+ time.sleep(int(response.headers.get("retry-after")) or 10)

+ response = super().handle_request(request)

+ response.read()

+ if response.json()["status"] == "failed":

+ error_data = response.json()

+ return httpx.Response(

+ status_code=400,

+ headers=response.headers,

+ content=json.dumps(error_data).encode("utf-8"),

+ request=request,

+ )

+ result = response.json()["result"]

+ return httpx.Response(

+ status_code=200,

+ headers=response.headers,

+ content=json.dumps(result).encode("utf-8"),

+ request=request,

+ )

+ return super().handle_request(request)

+client = openai.AzureOpenAI(

+ azure_endpoint="<azure_endpoint>",

+ api_key="<api_key>",

+ api_version="<api_version>",

+ http_client=httpx.Client(

+ transport=CustomHTTPTransport(),

+ ),

+)

+image = client.images.generate(prompt="a cute baby seal")

+print(image.data[0].url)

+```

+# [DALLE-Fix Async](#tab/dalle-fix-async)

+```python

+import time

+import asyncio

+import json

+import httpx

+import openai

+class AsyncCustomHTTPTransport(httpx.AsyncHTTPTransport):

+ async def handle_async_request(

+ self,

+ request: httpx.Request,

+ ) -> httpx.Response:

+ if "images/generations" in request.url.path and request.url.params[

+ "api-version"

+ ] in [

+ "2023-06-01-preview",

+ "2023-07-01-preview",

+ "2023-08-01-preview",

+ "2023-09-01-preview",

+ "2023-10-01-preview",

+ ]:

+ request.url = request.url.copy_with(path="/openai/images/generations:submit")

+ response = await super().handle_async_request(request)

+ operation_location_url = response.headers["operation-location"]

+ request.url = httpx.URL(operation_location_url)

+ request.method = "GET"

+ response = await super().handle_async_request(request)

+ await response.aread()

+ timeout_secs: int = 120

+ start_time = time.time()

+ while response.json()["status"] not in ["succeeded", "failed"]:

+ if time.time() - start_time > timeout_secs:

+ timeout = {"error": {"code": "Timeout", "message": "Operation polling timed out."}}

+ return httpx.Response(

+ status_code=400,

+ headers=response.headers,

+ content=json.dumps(timeout).encode("utf-8"),

+ request=request,

+ )

+ await asyncio.sleep(int(response.headers.get("retry-after")) or 10)

+ response = await super().handle_async_request(request)

+ await response.aread()

+ if response.json()["status"] == "failed":

+ error_data = response.json()

+ return httpx.Response(

+ status_code=400,

+ headers=response.headers,

+ content=json.dumps(error_data).encode("utf-8"),

+ request=request,

+ )

+ result = response.json()["result"]

+ return httpx.Response(

+ status_code=200,

+ headers=response.headers,

+ content=json.dumps(result).encode("utf-8"),

+ request=request,

+ )

+ return await super().handle_async_request(request)

+async def dall_e():

+ client = openai.AsyncAzureOpenAI(

+ azure_endpoint="<azure_endpoint>",

+ api_key="<api_key>",

+ api_version="<api_version>",

+ http_client=httpx.AsyncClient(

+ transport=AsyncCustomHTTPTransport(),

+ ),

+ )

+ image = await client.images.generate(prompt="a cute baby seal")

+ print(image.data[0].url)

+asyncio.run(dall_e())

+```

+## Name changes

+> [!NOTE]

+> All a* methods have been removed; the async client must be used instead.

+| OpenAI Python 0.28.1 | OpenAI Python 1.x |

+| | |

+| `openai.api_base` | `openai.base_url` |

+| `openai.proxy` | `openai.proxies` |

+| `openai.InvalidRequestError` | `openai.BadRequestError` |

+| `openai.Audio.transcribe()` | `client.audio.transcriptions.create()` |

+| `openai.Audio.translate()` | `client.audio.translations.create()` |

+| `openai.ChatCompletion.create()` | `client.chat.completions.create()` |

+| `openai.Completion.create()` | `client.completions.create()` |

+| `openai.Edit.create()` | `client.edits.create()` |

+| `openai.Embedding.create()` | `client.embeddings.create()` |

+| `openai.File.create()` | `client.files.create()` |

+| `openai.File.list()` | `client.files.list()` |

+| `openai.File.retrieve()` | `client.files.retrieve()` |

+| `openai.File.download()` | `client.files.retrieve_content()` |

+| `openai.FineTune.cancel()` | `client.fine_tunes.cancel()` |

+| `openai.FineTune.list()` | `client.fine_tunes.list()` |

+| `openai.FineTune.list_events()` | `client.fine_tunes.list_events()` |

+| `openai.FineTune.stream_events()` | `client.fine_tunes.list_events(stream=True)` |

+| `openai.FineTune.retrieve()` | `client.fine_tunes.retrieve()` |

+| `openai.FineTune.delete()` | `client.fine_tunes.delete()` |

+| `openai.FineTune.create()` | `client.fine_tunes.create()` |

+| `openai.FineTuningJob.create()` | `client.fine_tuning.jobs.create()` |

+| `openai.FineTuningJob.cancel()` | `client.fine_tuning.jobs.cancel()` |

+| `openai.FineTuningJob.delete()` | `client.fine_tuning.jobs.create()` |

+| `openai.FineTuningJob.retrieve()` | `client.fine_tuning.jobs.retrieve()` |

+| `openai.FineTuningJob.list()` | `client.fine_tuning.jobs.list()` |

+| `openai.FineTuningJob.list_events()` | `client.fine_tuning.jobs.list_events()` |

+| `openai.Image.create()` | `client.images.generate()` |

+| `openai.Image.create_variation()` | `client.images.create_variation()` |

+| `openai.Image.create_edit()` | `client.images.edit()` |

+| `openai.Model.list()` | `client.models.list()` |

+| `openai.Model.delete()` | `client.models.delete()` |

+| `openai.Model.retrieve()` | `client.models.retrieve()` |

+| `openai.Moderation.create()` | `client.moderations.create()` |

+| `openai.api_resources` | `openai.resources` |

+### Removed

+- `openai.api_key_path`

+- `openai.app_info`

+- `openai.debug`

+- `openai.log`

+- `openai.OpenAIError`

+- `openai.Audio.transcribe_raw()`

+- `openai.Audio.translate_raw()`

+- `openai.ErrorObject`

+- `openai.Customer`

+- `openai.api_version`

+- `openai.verify_ssl_certs`

+- `openai.api_type`

+- `openai.enable_telemetry`

+- `openai.ca_bundle_path`

+- `openai.requestssession` (OpenAI now uses `httpx`)

+- `openai.aiosession` (OpenAI now uses `httpx`)

+- `openai.Deployment` (Previously used for Azure OpenAI)

+- `openai.Engine`

+- `openai.File.find_matching_files()`

+You can get a list of models that are available for both inference and fine-tuning by your Azure OpenAI resource by using the [Models List API](/rest/api/azureopenai/models/list).

+Learn about [ Models, and fine-tuning with the REST API](/rest/api/azureopenai/fine-tuning?view=rest-azureopenai-2023-10-01-preview).

+# [OpenAI Python 0.28.1](#tab/python)

+# [OpenAI Python 1.x](#tab/python-new)

+```console

+pip install openai num2words matplotlib plotly scipy scikit-learn pandas tiktoken

+```

+## Import libraries

+# [OpenAI Python 0.28.1](#tab/python)

+# [OpenAI Python 1.x](#tab/python-new)

+```python

+import os

+import re

+import requests

+import sys

+from num2words import num2words

+import os

+import pandas as pd

+import numpy as np

+import tiktoken

+from openai import AzureOpenAI

+```

+# [OpenAI Python 0.28.1](#tab/python)

+# [OpenAI Python 1.x](#tab/python-new)

+```python

+client = AzureOpenAI(

+ api_key = os.getenv("AZURE_OPENAI_API_KEY"),

+ api_version = "2023-05-15",

+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")

+)

+def generate_embeddings(text, model="text-embedding-ada-002"): # model = "deployment_name"

+ return client.embeddings.create(input = [text], model=model).data[0].embedding

+df_bills['ada_v2'] = df_bills["text"].apply(lambda x : generate_embeddings (x, model = 'text-embedding-ada-002')) # model should be set to the deployment name you chose when you deployed the text-embedding-ada-002 (Version 2) model

+```

+# [OpenAI Python 0.28.1](#tab/python)

+# [OpenAI Python 1.x](#tab/python-new)

+```python

+def cosine_similarity(a, b):

+ return np.dot(a, b) / (np.linalg.norm(a) * np.linalg.norm(b))

+def get_embedding(text, model="text-embedding-ada-002"): # model = "deployment_name"

+ return client.embeddings.create(input = [text], model=model).data[0].embedding

+def search_docs(df, user_query, top_n=4, to_print=True):

+ embedding = get_embedding(

+ user_query,

+ model="text-embedding-ada-002" # model should be set to the deployment name you chose when you deployed the text-embedding-ada-002 (Version 2) model

+ )

+ df["similarities"] = df.ada_v2.apply(lambda x: cosine_similarity(x, embedding))

+ res = (

+ df.sort_values("similarities", ascending=False)

+ .head(top_n)

+ )

+ if to_print:

+ display(res)

+ return res

+res = search_docs(df_bills, "Can I get information on cable company tax revenue?", top_n=4)

+```

+|`diarization`|Indicates that diarization analysis should be carried out on the input, which is expected to be a mono channel that contains multiple voices. Specify the minimum and maximum number of people who might be speaking. You must also set the `diarizationEnabled` property to `true`. The [transcription file](batch-transcription-get.md#transcription-result-file) will contain a `speaker` entry for each transcribed phrase.<br/><br/>You need to use this property when you expect three or more speakers. For two speakers setting `diarizationEnabled` property to `true` is enough. See an example of the property usage in [Transcriptions_Create](https://eastus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-1/operations/Transcriptions_Create) operation description.<br/><br/>Diarization is the process of separating speakers in audio data. The batch pipeline can recognize and separate multiple speakers on mono channel recordings. The maximum number of speakers for diarization must be less than 36 and more or equal to the `minSpeakers` property (see [example](https://eastus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-1/operations/Transcriptions_Create)). The feature isn't available with stereo recordings.<br/><br/>When this property is selected, source audio length can't exceed 240 minutes per file.<br/><br/>**Note**: This property is only available with Speech to text REST API version 3.1 and later. If you set this property with any previous version (such as version 3.0) then it will be ignored and only 2 speakers will be identified.|

+&emsp; Current supported language pairs are listed in the following table. For higher quality, we encourage you to retrain your models accordingly. For more information, *see* [Language support](../language-support.md).

+|Language|Language code|Cloud ΓÇô Text Translation and Document Translation|Containers ΓÇô Text Translation|Custom Translator|Auto Language Detection|Dictionary|

+|:-|:-|:-|:-|:-|:-|:-|

+|Afrikaans|af|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Albanian|sq|Γ£ö|Γ£ö| |Γ£ö| |

+|Amharic|am|Γ£ö|Γ£ö| |Γ£ö| |

+|Arabic|ar|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Armenian|hy|Γ£ö|Γ£ö| |Γ£ö| |

+|Assamese|as|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Azerbaijani (Latin)|az|Γ£ö|Γ£ö| |Γ£ö| |

+|Bangla|bn|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Bashkir|ba|Γ£ö|Γ£ö| |Γ£ö| |

+|Basque|eu|Γ£ö|Γ£ö| |Γ£ö| |

+|Bhojpuri|bho|Γ£ö|Γ£ö | | | |

+|Bodo|brx |Γ£ö|Γ£ö | | | |

+|Bosnian (Latin)|bs|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Bulgarian|bg|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Cantonese (Traditional)|yue|Γ£ö|Γ£ö| |Γ£ö| |

+|Catalan|ca|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Chinese (Literary)|lzh|Γ£ö|Γ£ö| | | |

+|Chinese Simplified|zh-Hans|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Chinese Traditional|zh-Hant|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|chiShona|sn|Γ£ö|Γ£ö| | | |

+|Croatian|hr|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Czech|cs|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Danish|da|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Dari|prs|Γ£ö|Γ£ö| |Γ£ö| |

+|Divehi|dv|Γ£ö|Γ£ö| |Γ£ö| |

+|Dogri|doi|Γ£ö| | | | |

+|Dutch|nl|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|English|en|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Estonian|et|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Faroese|fo|Γ£ö|Γ£ö| |Γ£ö| |

+|Fijian|fj|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Filipino|fil|Γ£ö|Γ£ö|Γ£ö| | |

+|Finnish|fi|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|French|fr|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|French (Canada)|fr-ca|Γ£ö|Γ£ö| | | |

+|Galician|gl|Γ£ö|Γ£ö| |Γ£ö| |

+|Georgian|ka|Γ£ö|Γ£ö| |Γ£ö| |

+|German|de|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Greek|el|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Gujarati|gu|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Haitian Creole|ht|Γ£ö|Γ£ö| |Γ£ö|Γ£ö|

+|Hausa|ha|Γ£ö|Γ£ö| |Γ£ö| |

+|Hebrew|he|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Hindi|hi|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Hmong Daw (Latin)|mww|Γ£ö|Γ£ö| |Γ£ö|Γ£ö|

+|Hungarian|hu|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Icelandic|is|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Igbo|ig|Γ£ö|Γ£ö| |Γ£ö| |

+|Indonesian|id|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Inuinnaqtun|ikt|Γ£ö|Γ£ö| | | |

+|Inuktitut|iu|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Inuktitut (Latin)|iu-Latn|Γ£ö|Γ£ö| |Γ£ö| |

+|Irish|ga|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Italian|it|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Japanese|ja|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Kannada|kn|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Kashmiri|ks|Γ£ö|Γ£ö | | | |

+|Kazakh|kk|Γ£ö|Γ£ö| |Γ£ö| |

+|Khmer|km|Γ£ö|Γ£ö| |Γ£ö| |

+|Kinyarwanda|rw|Γ£ö|Γ£ö| |Γ£ö| |

+|Klingon|tlh-Latn|Γ£ö| | |Γ£ö|Γ£ö|

+|Klingon (plqaD)|tlh-Piqd|Γ£ö| | |Γ£ö| |

+|Konkani|gom|Γ£ö|Γ£ö| | | |

+|Korean|ko|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Kurdish (Central)|ku|Γ£ö|Γ£ö| |Γ£ö| |

+|Kurdish (Northern)|kmr|Γ£ö|Γ£ö| | | |

+|Kyrgyz (Cyrillic)|ky|Γ£ö|Γ£ö| |Γ£ö| |

+|Lao|lo|Γ£ö|Γ£ö| |Γ£ö| |

+|Latvian|lv|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Lithuanian|lt|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Lingala|ln|Γ£ö|Γ£ö| | | |

+|Lower Sorbian|dsb|Γ£ö| | | | |

+|Luganda|lug|Γ£ö|Γ£ö| | | |

+|Macedonian|mk|Γ£ö|Γ£ö| |Γ£ö| |

+|Maithili|mai|Γ£ö|Γ£ö| | | |

+|Malagasy|mg|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Malay (Latin)|ms|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Malayalam|ml|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Maltese|mt|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Maori|mi|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Marathi|mr|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Mongolian (Cyrillic)|mn-Cyrl|Γ£ö|Γ£ö| |Γ£ö| |

+|Mongolian (Traditional)|mn-Mong|Γ£ö|Γ£ö| | | |

+|Myanmar|my|Γ£ö|Γ£ö| |Γ£ö| |

+|Nepali|ne|Γ£ö|Γ£ö| |Γ£ö| |

+|Norwegian|nb|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Nyanja|nya|Γ£ö|Γ£ö| | | |

+|Odia|or|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Pashto|ps|Γ£ö|Γ£ö| |Γ£ö| |

+|Persian|fa|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Polish|pl|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Portuguese (Brazil)|pt|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Portuguese (Portugal)|pt-pt|Γ£ö|Γ£ö| | | |

+|Punjabi|pa|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Queretaro Otomi|otq|Γ£ö|Γ£ö| |Γ£ö| |

+|Romanian|ro|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Rundi|run|Γ£ö|Γ£ö| | | |

+|Russian|ru|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Samoan (Latin)|sm|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Serbian (Cyrillic)|sr-Cyrl|Γ£ö|Γ£ö| |Γ£ö| |

+|Serbian (Latin)|sr-Latn|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Sesotho|st|Γ£ö|Γ£ö| | | |

+|Sesotho sa Leboa|nso|Γ£ö|Γ£ö| | | |

+|Setswana|tn|Γ£ö|Γ£ö| | | |

+|Sindhi|sd|Γ£ö|Γ£ö| |Γ£ö| |

+|Sinhala|si|Γ£ö|Γ£ö| |Γ£ö| |

+|Slovak|sk|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Slovenian|sl|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Somali (Arabic)|so|Γ£ö|Γ£ö| |Γ£ö| |

+|Spanish|es|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Swahili (Latin)|sw|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Swedish|sv|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Tahitian|ty|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Tamil|ta|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Tatar (Latin)|tt|Γ£ö|Γ£ö| |Γ£ö| |

+|Telugu|te|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Thai|th|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Tibetan|bo|Γ£ö|Γ£ö| |Γ£ö| |

+|Tigrinya|ti|Γ£ö|Γ£ö| |Γ£ö| |

+|Tongan|to|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |

+|Turkish|tr|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Turkmen (Latin)|tk|Γ£ö|Γ£ö| |Γ£ö| |

+|Ukrainian|uk|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Upper Sorbian|hsb|Γ£ö|Γ£ö| |Γ£ö| |

+|Urdu|ur|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Uyghur (Arabic)|ug|Γ£ö|Γ£ö| |Γ£ö| |

+|Uzbek (Latin)|uz|Γ£ö|Γ£ö| |Γ£ö| |

+|Vietnamese|vi|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Welsh|cy|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|

+|Xhosa|xh|Γ£ö|Γ£ö| |Γ£ö| |

+|Yoruba|yo|Γ£ö|Γ£ö| |Γ£ö| |

+|Yucatec Maya|yua|Γ£ö|Γ£ö| |Γ£ö| |

+|Zulu|zu|Γ£ö|Γ£ö| |Γ£ö| |

+Azure CNI offers two IP addressing options for pods: The traditional configuration that assigns VNet IPs to pods and Overlay networking. The choice of which option to use for your AKS cluster is a balance between flexibility and advanced configuration needs. The following considerations help outline when each network model might be the most appropriate.

+az aks create -n $clusterName -g $resourceGroup \

+ --location $location \

+ --network-plugin azure \

+ --network-plugin-mode overlay \

+ --pod-cidr 192.168.0.0/16

+> If using a custom azure-ip-masq-agent config to include additional IP ranges that should not SNAT packets from pods, upgrading to Azure CNI Overlay can break connectivity to these ranges. Pod IPs from the overlay space will not be reachable by anything outside the cluster nodes.

+> Additionally, for sufficiently old clusters there might be a ConfigMap left over from a previous version of azure-ip-masq-agent. If this ConfigMap, named `azure-ip-masq-agent-config`, exists and is not intetionally in-place it should be deleted before running the update command.

+## Dual-stack Networking (Preview)

+You can deploy your AKS clusters in a dual-stack mode when using Overlay networking and a dual-stack Azure virtual network. In this configuration, nodes receive both an IPv4 and IPv6 address from the Azure virtual network subnet. Pods receive both an IPv4 and IPv6 address from a logically different address space to the Azure virtual network subnet of the nodes. Network address translation (NAT) is then configured so that the pods can reach resources on the Azure virtual network. The source IP address of the traffic is NAT'd to the node's primary IP address of the same family (IPv4 to IPv4 and IPv6 to IPv6).

+### Prerequisites

+ - You must have Azure CLI 2.48.0 or later installed.

+ - You must register the `Microsoft.ContainerService` `AzureOverlayDualStackPreview` feature flag.

+ - Kubernetes version 1.26.3 or greater.

+### Limitations

+The following features aren't supported with dual-stack networking:

+ - Windows Nodepools

+ - Azure network policies

+ - Calico network policies

+ - NAT Gateway

+ - Virtual nodes add-on

+## Deploy a dual-stack AKS cluster

+The following attributes are provided to support dual-stack clusters:

+* **`--ip-families`**: Takes a comma-separated list of IP families to enable on the cluster.

+ * Only `ipv4` or `ipv4,ipv6` are supported.

+* **`--pod-cidrs`**: Takes a comma-separated list of CIDR notation IP ranges to assign pod IPs from.

+ * The count and order of ranges in this list must match the value provided to `--ip-families`.

+ * If no values are supplied, the default value `10.244.0.0/16,fd12:3456:789a::/64` is used.

+* **`--service-cidrs`**: Takes a comma-separated list of CIDR notation IP ranges to assign service IPs from.

+ * The count and order of ranges in this list must match the value provided to `--ip-families`.

+ * If no values are supplied, the default value `10.0.0.0/16,fd12:3456:789a:1::/108` is used.

+ * The IPv6 subnet assigned to `--service-cidrs` can be no larger than a /108.

+### Register the `AzureOverlayDualStackPreview` feature flag

+1. Register the `AzureOverlayDualStackPreview` feature flag using the [`az feature register`][az-feature-register] command. It takes a few minutes for the status to show *Registered*.

+```azurecli-interactive

+az feature register --namespace "Microsoft.ContainerService" --name "AzureOverlayDualStackPreview"

+```

+2. Verify the registration status using the [`az feature show`][az-feature-show] command.

+```azurecli-interactive

+az feature show --namespace "Microsoft.ContainerService" --name "AzureOverlayDualStackPreview"

+```

+3. When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider using the [`az provider register`][az-provider-register] command.

+```azurecli-interactive

+az provider register --namespace Microsoft.ContainerService

+```

+### Create a dual-stack AKS cluster

+1. Create an Azure resource group for the cluster using the [`az group create`][az-group-create] command.

+ ```azurecli-interactive

+ az group create -l <region> -n <resourceGroupName>

+ ```

+2. Create a dual-stack AKS cluster using the [`az aks create`][az-aks-create] command with the `--ip-families` parameter set to `ipv4,ipv6`.

+ ```azurecli-interactive

+ az aks create -l <region> -g <resourceGroupName> -n <clusterName> \

+ --network-plugin azure \

+ --network-plugin-mode overlay \

+ --ip-families ipv4,ipv6

+ ```

+## Create an example workload

+Once the cluster has been created, you can deploy your workloads. This article walks you through an example workload deployment of an NGINX web server.

+### Deploy an NGINX web server

+# [kubectl](#tab/kubectl)

+1. Create an NGINX web server using the `kubectl create deployment nginx` command.

+ ```bash-interactive

+ kubectl create deployment nginx --image=nginx:latest --replicas=3

+ ```

+2. View the pod resources using the `kubectl get pods` command.

+ ```bash-interactive

+ kubectl get pods -o custom-columns="NAME:.metadata.name,IPs:.status.podIPs[*].ip,NODE:.spec.nodeName,READY:.status.conditions[?(@.type=='Ready')].status"

+ ```

+ The output shows the pods have both IPv4 and IPv6 addresses. The pods don't show IP addresses until they're ready.

+ ```output

+ NAME IPs NODE READY

+ nginx-55649fd747-9cr7h 10.244.2.2,fd12:3456:789a:0:2::2 aks-nodepool1-14508455-vmss000002 True

+ nginx-55649fd747-p5lr9 10.244.0.7,fd12:3456:789a::7 aks-nodepool1-14508455-vmss000000 True

+ nginx-55649fd747-r2rqh 10.244.1.2,fd12:3456:789a:0:1::2 aks-nodepool1-14508455-vmss000001 True

+ ```

+# [YAML](#tab/yaml)

+1. Create an NGINX web server using the following YAML manifest.

+ ```yml

+ apiVersion: apps/v1

+ kind: Deployment

+ metadata:

+ labels:

+ app: nginx

+ name: nginx

+ spec:

+ replicas: 3

+ selector:

+ matchLabels:

+ app: nginx

+ template:

+ metadata:

+ labels:

+ app: nginx

+ spec:

+ containers:

+ - image: nginx:latest

+ name: nginx

+ ```

+2. View the pod resources using the `kubectl get pods` command.

+ ```bash-interactive

+ kubectl get pods -o custom-columns="NAME:.metadata.name,IPs:.status.podIPs[*].ip,NODE:.spec.nodeName,READY:.status.conditions[?(@.type=='Ready')].status"

+ ```

+ The output shows the pods have both IPv4 and IPv6 addresses. The pods don't show IP addresses until they're ready.

+ ```output

+ NAME IPs NODE READY

+ nginx-55649fd747-9cr7h 10.244.2.2,fd12:3456:789a:0:2::2 aks-nodepool1-14508455-vmss000002 True

+ nginx-55649fd747-p5lr9 10.244.0.7,fd12:3456:789a::7 aks-nodepool1-14508455-vmss000000 True

+ nginx-55649fd747-r2rqh 10.244.1.2,fd12:3456:789a:0:1::2 aks-nodepool1-14508455-vmss000001 True

+ ```

+## Expose the workload via a `LoadBalancer` type service

+> [!IMPORTANT]

+> There are currently **two limitations** pertaining to IPv6 services in AKS.

+>

+> 1. Azure Load Balancer sends health probes to IPv6 destinations from a link-local address. In Azure Linux node pools, this traffic can't be routed to a pod, so traffic flowing to IPv6 services deployed with `externalTrafficPolicy: Cluster` fail. IPv6 services must be deployed with `externalTrafficPolicy: Local`, which causes `kube-proxy` to respond to the probe on the node.

+> 2. Prior to Kubernetes version 1.27, only the first IP address for a service will be provisioned to the load balancer, so a dual-stack service only receives a public IP for its first-listed IP family. To provide a dual-stack service for a single deployment, please create two services targeting the same selector, one for IPv4 and one for IPv6. This is no longer a limitation in kubernetes 1.27 or later.

+# [kubectl](#tab/kubectl)

+1. Expose the NGINX deployment using the `kubectl expose deployment nginx` command.

+ ```bash-interactive

+ kubectl expose deployment nginx --name=nginx-ipv4 --port=80 --type=LoadBalancer'

+ kubectl expose deployment nginx --name=nginx-ipv6 --port=80 --type=LoadBalancer --overrides='{"spec":{"ipFamilies": ["IPv6"]}}'

+ ```

+ You receive an output that shows the services have been exposed.

+ ```output

+ service/nginx-ipv4 exposed

+ service/nginx-ipv6 exposed

+ ```

+2. Once the deployment is exposed and the `LoadBalancer` services are fully provisioned, get the IP addresses of the services using the `kubectl get services` command.

+ ```bash-interactive

+ kubectl get services

+ ```

+ ```output

+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

+ nginx-ipv4 LoadBalancer 10.0.88.78 20.46.24.24 80:30652/TCP 97s

+ nginx-ipv6 LoadBalancer fd12:3456:789a:1::981a 2603:1030:8:5::2d 80:32002/TCP 63s

+ ```

+3. Verify functionality via a command-line web request from an IPv6 capable host. Azure Cloud Shell isn't IPv6 capable.

+ ```bash-interactive

+ SERVICE_IP=$(kubectl get services nginx-ipv6 -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

+ curl -s "http://[${SERVICE_IP}]" | head -n5

+ ```

+ ```html

+ <!DOCTYPE html>

+ <html>

+ <head>

+ <title>Welcome to nginx!</title>

+ <style>

+ ```

+# [YAML](#tab/yaml)

+1. Expose the NGINX deployment using the following YAML manifest.

+ ```yml

+

+ apiVersion: v1

+ kind: Service

+ metadata:

+ labels:

+ app: nginx

+ name: nginx-ipv4

+ spec:

+ externalTrafficPolicy: Cluster

+ ports:

+ - port: 80

+ protocol: TCP

+ targetPort: 80

+ selector:

+ app: nginx

+ type: LoadBalancer

+

+ apiVersion: v1

+ kind: Service

+ metadata:

+ labels:

+ app: nginx

+ name: nginx-ipv6

+ spec:

+ externalTrafficPolicy: Cluster

+ ipFamilies:

+ - IPv6

+ ports:

+ - port: 80

+ protocol: TCP

+ targetPort: 80

+ selector:

+ app: nginx

+ type: LoadBalancer

+ ```

+2. Once the deployment is exposed and the `LoadBalancer` services are fully provisioned, get the IP addresses of the services using the `kubectl get services` command.

+ ```bash-interactive

+ kubectl get services

+ ```

+ ```output

+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

+ nginx-ipv4 LoadBalancer 10.0.88.78 20.46.24.24 80:30652/TCP 97s

+ nginx-ipv6 LoadBalancer fd12:3456:789a:1::981a 2603:1030:8:5::2d 80:32002/TCP 63s

+ ```

+* AKS clusters can't use `169.254.0.0/16`, `172.30.0.0/16`, `172.31.0.0/16`, or `192.0.2.0/24` for the Kubernetes service address range, pod address range, or cluster virtual network address range.

+> * When you **scale** an AKS cluster, a new node is deployed into the cluster. Services and workloads begin to run on the new node. Your IP address range needs to take into considerations how you might want to scale up the number of nodes and pods your cluster can support. One additional node for upgrade operations should also be included. Your node count is then `n + number-of-additional-scaled-nodes-you-anticipate + 1`.

+If you expect your nodes to run the maximum number of pods, and regularly destroy and deploy pods, you should also factor in some extra IP addresses per node. A few seconds can be required to delete a service and release its IP address for a new service to be deployed and acquire the address. These extra IP addresses consider this possibility.

+| Virtual network | The Azure virtual network can be as large as /8, but is limited to 65,536 configured IP addresses. Consider all your networking needs, including communicating with services in other virtual networks, before configuring your address space. For example, if you configure too large of an address space, you might run into issues with overlapping other address spaces within your network.|

+For the OS-based vulnerabilities in the VHD, AKS also relies on node image vhd updates by default, so any security updates will come with weekly node image releases . Unattended upgrades is disabled unless you switch to unmanaged which is not recommended as its release is global.

+> There are currently **two limitations** pertaining to IPv6 services in AKS.

+ Title: Kubernetes Event-driven Autoscaling (KEDA)

+# Simplified application autoscaling with Kubernetes Event-driven Autoscaling (KEDA) add-on

+The KEDA add-on makes it even easier by deploying a managed KEDA installation, providing you with [a rich catalog of Azure KEDA scalers][keda-scalers] that you can scale your applications with on your Azure Kubernetes Services (AKS) cluster.

+## Installation

+- Scale application workloads to meet demand using [a rich catalog of Azure KEDA scalers][keda-scalers]

+- Integrate with [Microsoft Entra Workload ID][workload-identity] for authentication

+> [!NOTE]

+> If you plan to use workload identity, [enable the workload identity add-on][workload-identity-deploy] before enabling the KEDA add-on.

+## Supported Kubernetes and KEDA versions

+Your cluster Kubernetes version determines what KEDA version will be installed on your AKS cluster. To see which KEDA version maps to each AKS version, see the **AKS managed add-ons** column of the [Kubernetes component version table](./supported-kubernetes-versions.md#aks-components-breaking-changes-by-version).

+For GA Kubernetes versions, AKS offers full support of the corresponding KEDA minor version in the table. Kubernetes preview versions and the latest KEDA patch are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:

+- [AKS support policies][support-policies]

+- [Azure support FAQ][azure-support-faq]

+* [View the upstream KEDA docs][keda]

+[workload-identity]: ./workload-identity-overview.md

+[workload-identity-deploy]: ./workload-identity-deploy-cluster.md

+[support-policies]: ./support-policies.md

+[azure-support-faq]: https://azure.microsoft.com/support/legal/faq/

+## Create an SSH key pair

+- Configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials][az-aks-get-credentials] command. The following example gets credentials for the AKS cluster named *MyAKSCluster* in the *MyResourceGroup*:

+```azurecli

+az aks get-credentials --resource-group MyResourceGroup --name MyAKSCluster

+```

+## Example deployment

+The following snippet is a sample deployment that creates a cluster with KEDA enabled with a single node pool comprised of three `DS2_v5` nodes.

+```json

+{

+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

+ "contentVersion": "1.0.0.0",

+ "resources": [

+ {

+ "apiVersion": "2023-03-01",

+ "dependsOn": [],

+ "type": "Microsoft.ContainerService/managedClusters",

+ "location": "westcentralus",

+ "name": "myAKSCluster",

+ "properties": {

+ "kubernetesVersion": "1.27",

+ "enableRBAC": true,

+ "dnsPrefix": "myAKSCluster",

+ "agentPoolProfiles": [

+ {

+ "name": "agentpool",

+ "osDiskSizeGB": 200,

+ "count": 3,

+ "enableAutoScaling": false,

+ "vmSize": "Standard_D2S_v5",

+ "osType": "Linux",

+ "storageProfile": "ManagedDisks",

+ "type": "VirtualMachineScaleSets",

+ "mode": "System",

+ "maxPods": 110,

+ "availabilityZones": [],

+ "nodeTaints": [],

+ "enableNodePublicIP": false

+ }

+ ],

+ "networkProfile": {

+ "loadBalancerSku": "standard",

+ "networkPlugin": "kubenet"

+ },

+ "workloadAutoScalerProfile": {

+ "keda": {

+ "enabled": true

+ }

+ }

+ },

+ "identity": {

+ "type": "SystemAssigned"

+ }

+ }

+ ]

+}

+```

+To learn more, view the [upstream KEDA docs][keda].

+[keda]: https://keda.sh/docs/2.12/

+## Install the KEDA add-on with Azure CLI

+To install the KEDA add-on, use `--enable-keda` when creating or updating a cluster.

+- Verify the KEDA add-on is running on your cluster using the `kubectl get pods` command.

+ The following example output shows the KEDA operator, admissions hook, and metrics API server are installed on the cluster:

+ keda-admission-webhooks-**********-2n9zl 1/1 Running 0 3d18h

+ keda-admission-webhooks-**********-69dkg 1/1 Running 0 3d18h

+ keda-operator-*********-4hb5n 1/1 Running 0 3d18h

+ keda-operator-*********-pckpx 1/1 Running 0 3d18h

+ keda-operator-metrics-apiserver-**********-gqg4s 1/1 Running 0 3d18h

+ keda-operator-metrics-apiserver-**********-trfcb 1/1 Running 0 3d18h

+To verify the version of your KEDA, use `kubectl get crd/scaledobjects.keda.sh -o yaml `. For example:

+```azurecli-interactive

+kubectl get crd/scaledobjects.keda.sh -o yaml

+```

+The following example output shows the configuration of KEDA in the `app.kubernetes.io/version` label:

+```yaml

+apiVersion: apiextensions.k8s.io/v1

+kind: CustomResourceDefinition

+metadata:

+ annotations:

+ controller-gen.kubebuilder.io/version: v0.9.0

+ meta.helm.sh/release-name: aks-managed-keda

+ meta.helm.sh/release-namespace: kube-system

+ creationTimestamp: "2023-08-09T15:58:56Z"

+ generation: 1

+ labels:

+ app.kubernetes.io/component: operator

+ app.kubernetes.io/managed-by: Helm

+ app.kubernetes.io/name: keda-operator

+ app.kubernetes.io/part-of: keda-operator

+ app.kubernetes.io/version: 2.10.1

+ helm.toolkit.fluxcd.io/name: keda-adapter-helmrelease

+ helm.toolkit.fluxcd.io/namespace: 64d3b6fd3365790001260647

+ name: scaledobjects.keda.sh

+ resourceVersion: "1421"

+ uid: 29109c8c-638a-4bf5-ac1b-c28ad9aa11fa

+spec:

+ conversion:

+ strategy: None

+ group: keda.sh

+ names:

+ kind: ScaledObject

+ listKind: ScaledObjectList

+ plural: scaledobjects

+ shortNames:

+ - so

+ singular: scaledobject

+ scope: Namespaced

+ # Redacted due to length

+```

+To learn more, view the [upstream KEDA docs][keda].

+[keda]: https://keda.sh/docs/2.12/

+ Title: Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS)

+description: Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS).

+# Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS)

+KEDA can integrate with various tools and services through [a rich catalog of Azure KEDA scalers][keda-scalers] and supports leading cloud platforms and open-source technologies.

+As of KEDA version `2.10`, the [Prometheus scaler][prometheus-scaler] supports Azure managed service for Prometheus.

+You can also install external scalers to autoscale on other Azure

+> [!IMPORTANT]

+> External scalers *aren't supported as part of the add-on* and rely on community support.

+* [Enable the KEDA add-on with an ARM template][keda-arm]

+* [Enable the KEDA add-on with the Azure CLI][keda-cli]

+* [Troubleshoot KEDA add-on problems][keda-troubleshoot]

+* [Autoscale a .NET Core worker processing Azure Service Bus Queue message][keda-sample]

+* [View the upstream KEDA docs][keda]

+[prometheus-scaler]: https://keda.sh/docs/2.11/scalers/prometheus/

+[keda]: https://keda.sh/docs/2.12/

+ Title: Stop Azure Kubernetes Service (AKS) cluster upgrades automatically on API breaking changes

+# Stop Azure Kubernetes Service (AKS) cluster upgrades automatically on API breaking changes

+> This method requires you to use the Azure CLI version 2.53 or `aks-preview` Azure CLI extension version 0.5.134 or later. This method isn't recommended, as deprecated APIs in the targeted Kubernetes version may not work long term. We recommend removing them as soon as possible after the upgrade completes.

+* **Major versions** change when incompatible API updates or backwards compatibility might be broken.

+| 1.28 | Aug 2023 | Sep 2023 | Nov 2023 | Nov 2024 | Until 1.32 GA|

+| 1.25 | Azure policy 1.0.1<br>Metrics-Server 0.6.3<br>KEDA 2.9.3<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.5.3<br>Image Cleaner v1.1.1<br>Azure Workload identity v1.0.0<br>MDC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0| Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 18.04 Cgroups V1 <br>ContainerD 1.7<br>| Ubuntu 22.04 by default with cgroupv2 and Overlay VPA 0.13.0 |CgroupsV2 - If you deploy Java applications with the JDK, prefer to use JDK 11.0.16 and later or JDK 15 and later, which fully support cgroup v2

+| 1.26 | Azure policy 1.0.1<br>Metrics-Server 0.6.3<br>KEDA 2.9.3<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.5.3<br>Image Cleaner v1.1.1<br>Azure Workload identity v1.0.0<br>MDC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0| Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7<br>|No breaking changes |None

+| 1.27 | Azure policy 1.1.0<br>Metrics-Server 0.6.3<br>KEDA 2.10.0<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.7.2<br>Image Cleaner v1.1.1<br>Azure Workload identity v1.0.0<br>MDC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0|Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7 for Linux and 1.6 for Windows<br>|Keda 2.10.0 |Because of Ubuntu 22.04 FIPS certification status, we'll switch AKS FIPS nodes from 18.04 to 20.04 from 1.27 onwards.

+| 1.28 | Azure policy 1.2.1<br>Metrics-Server 0.6.3<br>KEDA 2.11.2<br>Open Service Mesh 1.2.7<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.13.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.7.2<br>Image Cleaner v1.2.2<br>Azure Workload identity v2.0.0<br>MDC Defender Security Publisher 1.0.68<br>MDC Defender Old File Cleaner 1.3.68<br>MDC Defender Pod Collector 1.0.78<br>MDC Defender Low Level Collector 1.3.81<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.8.1|Cilium 1.13.5<br>CNI v1.4.43.1 (Default)/v1.5.11 (Azure CNI Overlay)<br> Cluster Autoscaler 1.27.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7.5 for Linux and 1.7.1 for Windows<br>|No breaking changes|None

+AKS might also support preview versions, which are explicitly labeled and subject to [preview terms and conditions][preview-terms].

+> AKS uses safe deployment practices which involve gradual region deployment. This means it might take up to 10 business days for a new release or a new version to be available in all regions.

+Specific patch releases might be skipped or rollout accelerated, depending on the severity of the bug or security issue.

+No. Once a version is deprecated/removed, you can't create a cluster with that version. As the change rolls out, you'll start to see the old version removed from your version list. This process might take up to two weeks from announcement, progressively by region.

+No. You aren't allowed to add node pools of the deprecated version to your cluster. You can add node pools of a new version, but it might require you to update the control plane first.

+| [Pass-through gRPC APIs](grpc-api.md) (preview) | No | Yes | No | No | Yes |

+| [Pass-through GraphQL](graphql-apis-overview.md) | ✔️ | ✔️ | ✔️ |

+| [Synthetic GraphQL](graphql-apis-overview.md)| Γ£ö∩╕Å | Γ£ö∩╕Ź | Γ£ö∩╕Ź |

+| [Pass-through gRPC](grpc-api.md) | ❌ | ❌ | ✔️ |

+| [Circuit Breaker](backends.md#circuit-breaker-preview) | ✔️ | ✔️ | ✔️ |

+¹ Synthetic GraphQL subscriptions (preview) aren't supported.

+ Title: Import a gRPC API to Azure API Management (preview) | Microsoft Docs

+description: Learn how to import a gRPC service definition as an API to an API Management instance using the Azure portal, ARM template, or bicep template.

+# Import a gRPC API (preview)

+This article shows how to import a gRPC service definition as an API in API Management. You can then manage the API in API Management, secure access and apply other polices, and pass gRPC API requests through the gateway to the gRPC backend.

+To add a gRPC API to API Management, you need to:

+* Upload the API's Protobuf (protocol buffer) definition file to API Management

+* Specify the location of your gRPC service

+* Configure the API in API Management

+API Management supports pass-through with the following types of gRPC service methods: unary, server streaming, client streaming, and bidirectional streaming. For background about gRPC, see [Introduction to gRPC](https://grpc.io/docs/what-is-grpc/introduction/).

+> [!NOTE]

+> * Importing a gRPC API is in preview. Currently, gRPC APIs are only supported in the self-hosted gateway, not the managed gateway for your API Management instance.

+> * Currently, testing gRPC APIs isn't supported in the test console of the Azure portal or in the API Management developer portal.

+## Prerequisites

+* An API Management instance. If you don't already have one, complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md).

+* A gateway resource provisioned in your instance. If you don't already have one, see [Provision a self-hosted gateway in Azure API Management](api-management-howto-provision-self-hosted-gateway.md).

+* A gRPC Protobuff (.proto) file available locally and gRPC service that's accessible over HTTPS.

+## Add a gRPC API

+#### [Portal](#tab/portal)

+1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.

+1. In the left menu, select **APIs** > **+ Add API**.

+1. Under **Define a new API**, select **gRPC**.

+ :::image type="content" source="./media/grpc-api/grpc-api.png" alt-text="Screenshot of creating a gRPC API in the portal." :::

+1. In the **Create a gRPC API window**, select **Full**.

+1. For a gRPC API, you must specify the following settings:

+ 1. In **Upload schema**, select a local .proto file associated with the API to import.

+ 1. In **gRPC server URL**, enter the address of the gRPC service. The address must be accessible over HTTPS.

+ 1. In **Gateways**, select the gateway resource that you want to use to expose the API.

+ > [!IMPORTANT]

+ > In public preview, you can only select a self-hosted gateway. The **Managed** gateway isn't supported.

+1. Enter remaining settings to configure your API. These settings are explained in the [Import and publish your first API](import-and-publish.md#import-and-publish-a-backend-api) tutorial.

+1. Select **Create**.

+ The API is added to the **APIs** list. You can view update your settings by going to the **Settings** tab of the API.

+description: Learn about the different authentication options available for web apps or web APIs hosted on App Service. This article provides recommendations on which auth solution(s) can be used for specific scenarios such as quickly and simply limiting access to your web app, custom authorization, and incremental consent. Learn about the benefits and drawbacks of using built-in authentication versus code implementation of authentication.

+If you have a web app or an API running in Azure App Service, you can restrict access to it based on the identity of the users or applications that request it. App Service offers several authentication solutions to help you achieve this goal. In this article, you will learn about the different authentication options, their benefits and drawbacks, and which authentication solution to use for specific scenarios.

+ Title: Transport Layer Security (TLS) overview

+description: Learn about Transport Layer Security (TLS) on App Service.

+keywords: app service, azure app service, tls, transport layer security, support, web app, troubleshooting,

+# Azure App Service TLS overview

+## What does TLS do in App Service?

+Transport Layer Security (TLS) is a widely adopted security protocol designed to secure connections and communications between servers and clients. App Service allows customers to use TLS/SSL certificates to secure incoming requests to their web apps. App Service currently supports different set of TLS features for customers to secure their web apps.

+## What TLS options are available in App Service?

+For incoming requests to your web app, App Service supports TLS versions 1.0, 1.1, and 1.2. [In the next few months, App Service will begin supporting TLS version 1.3](https://techcommunity.microsoft.com/t5/apps-on-azure-blog/upcoming-tls-1-3-on-azure-app-service-for-web-apps-functions-and/ba-p/3974138).

+### Minimum TLS Version and SCM Minimum TLS Version

+App Service also allows you to set minimum TLS version for incoming requests to your web app and to SCM site. By default, the minimum TLS version for incoming requests to your web app and to SCM would be set to 1.2 on both portal and API.

+## TLS 1.0 and 1.1

+TLS 1.0 and 1.1 are considered legacy protocols and are no longer considered secure. It's generally recommended for customers to use TLS 1.2 as the minimum TLS version, which is also the default.

+To ensure backward compatibility for TLS 1.0 and TLS 1.1, App Service will continue to support TLS 1.0 and 1.1 for incoming requests to your web app. However, since the default minimum TLS version is set to TLS 1.2, you need to update the minimum TLS version configurations on your web app to either TLS 1.0 or 1.1 so the requests won't be rejected.

+> [!IMPORTANT]

+> Incoming requests to web apps and incoming requests to Azure are treated differently. App Service will continue to support TLS 1.0 and 1.1 for incoming requests to the web apps. For incoming requests directly to Azure, for example through ARM or API, it's not recommended to use TLS 1.0 or 1.1.

+>

+## Next steps

+* [Secure a custom DNS name with a TLS/SSL binding](configure-ssl-bindings.md)

+November 6, 2023 - 0.6.1 - Gateway / Ingress API - Header rewrite support, Ingress API - URL rewrite support, Ingress multiple-TLS listener bug fix,

+two certificates maximum per host, adopting [semantic versioning (semver)](https://semver.org/), quality improvements

+September 25, 2023 - 0.5.024542 - Custom Health Probes, Controller HA, Multi-site support for Ingress, [helm_release via Terraform fix](https://github.com/Azure/AKS/issues/3857), Path rewrite for Gateway API, status for Ingress resources, quality improvements

+July 25, 2023 - 0.4.023971 - Ingress + Gateway coexistence improvements

+<li>"Accepted"</li>

+<li>"Ready"</li>

+<td><p>BackendTLSPolicyReasonInvalid is the reason when the BackendTLSPolicy isn&rsquo;t Accepted</p>

+</td>

+</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td>

+<td><p>BackendTLSPolicyReasonInvalidGroup is used when the group is invalid</p>

+</tr><tr><td><p>&#34;InvalidName&#34;</p></td>

+<td><p>BackendTLSPolicyReasonInvalidName is used when the name is invalid</p>

+</td>

+</tr><tr><td><p>&#34;InvalidSecret&#34;</p></td>

+<td><p>BackendTLSPolicyReasonInvalidSecret is used when the Secret is invalid</p>

+</td>

+</tr><tr><td><p>&#34;InvalidService&#34;</p></td>

+<td><p>BackendTLSPolicyReasonInvalidService is used when the Service is invalid</p>

+</td>

+<td><p>BackendTLSPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p>

+<td><p>BackendTLSPolicyConditionAccepted is used to set the BackendTLSPolicyConditionType to Accepted</p>

+<td><p>BackendTLSPolicyConditionResolvedRefs is used to set the BackendTLSPolicyCondition to ResolvedRefs</p>

+<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">

+<li>"Accepted"</li>

+<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">

+<p>CustomTargetRef is a reference to a custom resource that isn&rsquo;t part of the

+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ObjectName">

+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Kind">

+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Namespace">

+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Group">

+particular FrontendTLSPolicy condition type has been raised.</p>

+<tbody><tr><td><p>&#34;Accepted&#34;</p></td>

+<td><p>FrontendTLSPolicyReasonAccepted is used to set the FrontendTLSPolicyConditionReason to Accepted

+When the given FrontendTLSPolicy is correctly configured</p>

+</td>

+</tr><tr><td><p>&#34;InvalidFrontendTLSPolicy&#34;</p></td>

+<td><p>FrontendTLSPolicyReasonInvalid is the reason when the FrontendTLSPolicy isn&rsquo;t Accepted</p>

+</td>

+</tr><tr><td><p>&#34;InvalidGateway&#34;</p></td>

+<td><p>FrontendTLSPolicyReasonInvalidGateway is used when the gateway is invalid</p>

+</td>

+</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td>

+<td><p>FrontendTLSPolicyReasonInvalidGroup is used when the group is invalid</p>

+<td><p>FrontendTLSPolicyReasonInvalidKind is used when the kind/group is invalid</p>

+<td><p>FrontendTLSPolicyReasonInvalidName is used when the name is invalid</p>

+<td><p>FrontendTLSPolicyReasonInvalidPolicyName is used when the policy name is invalid</p>

+<td><p>FrontendTLSPolicyReasonInvalidPolicyType is used when the policy type is invalid</p>

+<td><p>FrontendTLSPolicyReasonNoTargetReference is used when there is no target reference</p>

+<td><p>FrontendTLSPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p>

+<li>"Accepted"</li>

+<h3 id="alb.networking.azure.io/v1.HTTPHeader">HTTPHeader

+</h3>

+<p>

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HeaderFilter">HeaderFilter</a>)

+</p>

+<div>

+<p>HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.</p>

+</div>

+<table>

+<thead>

+<tr>

+<th>Field</th>

+<th>Description</th>

+</tr>

+</thead>

+<tbody>

+<tr>

+<td>

+<code>name</code><br/>

+<em>

+<a href="#alb.networking.azure.io/v1.HTTPHeaderName">

+HTTPHeaderName

+</a>

+</em>

+</td>

+<td>

+<p>Name is the name of the HTTP Header to be matched. Name matching MUST be

+case insensitive. (See <a href="https://tools.ietf.org/html/rfc7230#section-3.2">https://tools.ietf.org/html/rfc7230#section-3.2</a>).</p>

+<p>If multiple entries specify equivalent header names, the first entry with

+an equivalent name MUST be considered for a match. Subsequent entries

+with an equivalent header name MUST be ignored. Due to the

+case-insensitivity of header names, "foo" and "Foo" are considered

+equivalent.</p>

+</td>

+</tr>

+<tr>

+<td>

+<code>value</code><br/>

+<em>

+string

+</em>

+</td>

+<td>

+<p>Value is the value of HTTP Header to be matched.</p>

+</td>

+</tr>

+</tbody>

+</table>

+<h3 id="alb.networking.azure.io/v1.HTTPHeaderName">HTTPHeaderName

+(<code>string</code> alias)</h3>

+<p>

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HTTPHeader">HTTPHeader</a>)

+</p>

+<div>

+<p>HTTPHeaderName is the name of an HTTP header.</p>

+<p>Valid values include:</p>

+<ul>

+<li>"Authorization"</li>

+<li>"Set-Cookie"</li>

+</ul>

+<p>Invalid values include:</p>

+<ul>

+<li>":method" - ":" is an invalid character. This means that HTTP/2 pseudo

+headers are not currently supported by this type.</li>

+<li>"/invalid" - "/ " is an invalid character</li>

+</ul>

+</div>

+<h3 id="alb.networking.azure.io/v1.HTTPPathModifier">HTTPPathModifier

+</h3>

+<p>

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.Redirect">Redirect</a>, <a href="#alb.networking.azure.io/v1.URLRewriteFilter">URLRewriteFilter</a>)

+</p>

+<div>

+<p>HTTPPathModifier defines configuration for path modifiers.</p>

+</div>

+<table>

+<thead>

+<tr>

+<th>Field</th>

+<th>Description</th>

+</tr>

+</thead>

+<tbody>

+<tr>

+<td>

+<code>type</code><br/>

+<em>

+<a href="#alb.networking.azure.io/v1.HTTPPathModifierType">

+HTTPPathModifierType

+</a>

+</em>

+</td>

+<td>

+<p>Type defines the type of path modifier. Additional types may be

+added in a future release of the API.</p>

+<p>Note that values may be added to this enum, implementations

+must ensure that unknown values will not cause a crash.</p>

+<p>Unknown values here must result in the implementation setting the

+Accepted Condition for the rule to be false</p>

+</td>

+</tr>

+<tr>

+<td>

+<code>replaceFullPath</code><br/>

+<em>

+string

+</em>

+</td>

+<td>

+<em>(Optional)</em>

+<p>ReplaceFullPath specifies the value with which to replace the full path

+of a request during a rewrite or redirect.</p>

+</td>

+</tr>

+<tr>

+<td>

+<code>replacePrefixMatch</code><br/>

+<em>

+string

+</em>

+</td>

+<td>

+<em>(Optional)</em>

+<p>ReplacePrefixMatch specifies the value with which to replace the prefix

+match of a request during a rewrite or redirect. For example, a request

+to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch

+of "/xyz" would be modified to "/xyz/bar".</p>

+<p>Note that this matches the behavior of the PathPrefix match type. This

+matches full path elements. A path element refers to the list of labels

+in the path split by the <code>/</code> separator. When specified, a trailing <code>/</code> is

+ignored. For example, the paths <code>/abc</code>, <code>/abc/</code>, and <code>/abc/def</code> would all

+match the prefix <code>/abc</code>, but the path <code>/abcd</code> would not.</p>

+<p>ReplacePrefixMatch is only compatible with a <code>PathPrefix</code> HTTPRouteMatch.

+Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in

+the implementation setting the Accepted Condition for the Route to <code>status: False</code>.</p>

+<table>

+<thead>

+<tr>

+<th>Request Path</th>

+<th>Prefix Match</th>

+<th>Replace Prefix</th>

+<th>Modified Path</th>

+</tr>

+</thead>

+<tbody>

+<tr>

+<td>/foo/bar</td>

+<td>/foo</td>

+<td>/xyz</td>

+<td>/xyz/bar</td>

+</tr>

+<tr>

+<td>/foo/bar</td>

+<td>/foo</td>

+<td>/xyz/</td>

+<td>/xyz/bar</td>

+</tr>

+<tr>

+<td>/foo/bar</td>

+<td>/foo/</td>

+<td>/xyz</td>

+<td>/xyz/bar</td>

+</tr>

+<tr>

+<td>/foo/bar</td>

+<td>/foo/</td>

+<td>/xyz/</td>

+<td>/xyz/bar</td>

+</tr>

+<tr>

+<td>/foo</td>

+<td>/foo</td>

+<td>/xyz</td>

+<td>/xyz</td>

+</tr>

+<tr>

+<td>/foo/</td>

+<td>/foo</td>

+<td>/xyz</td>

+<td>/xyz/</td>

+</tr>

+<tr>

+<td>/foo/bar</td>

+<td>/foo</td>

+<td></td>

+<td>/bar</td>

+</tr>

+<tr>

+<td>/foo/</td>

+<td>/foo</td>

+<td></td>

+<td>/</td>

+</tr>

+<tr>

+<td>/foo</td>

+<td>/foo</td>

+<td></td>

+<td>/</td>

+</tr>

+<tr>

+<td>/foo/</td>

+<td>/foo</td>

+<td>/</td>

+<td>/</td>

+</tr>

+<tr>

+<td>/foo</td>

+<td>/foo</td>

+<td>/</td>

+<td>/</td>

+</tr>

+</tbody>

+</table>

+</td>

+</tr>

+</tbody>

+</table>

+<h3 id="alb.networking.azure.io/v1.HTTPPathModifierType">HTTPPathModifierType

+(<code>string</code> alias)</h3>

+<p>

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HTTPPathModifier">HTTPPathModifier</a>)

+</p>

+<div>

+<p>HTTPPathModifierType defines the type of path redirect or rewrite.</p>

+</div>

+<table>

+<thead>

+<tr>

+<th>Value</th>

+<th>Description</th>

+</tr>

+</thead>

+<tbody><tr><td><p>&#34;ReplaceFullPath&#34;</p></td>

+<td><p>FullPathHTTPPathModifier indicates that the full path will be replaced

+by the specified value.</p>

+</td>

+</tr><tr><td><p>&#34;ReplacePrefixMatch&#34;</p></td>

+<td><p>PrefixMatchHTTPPathModifier indicates that any prefix path matches will be

+replaced by the substitution value. For example, a path with a prefix

+match of "/foo" and a ReplacePrefixMatch substitution of "/bar" will have

+the "/foo" prefix replaced with "/bar" in matching requests.</p>

+<p>Note that this matches the behavior of the PathPrefix match type. This

+matches full path elements. A path element refers to the list of labels

+in the path split by the <code>/</code> separator. When specified, a trailing <code>/</code> is

+ignored. For example, the paths <code>/abc</code>, <code>/abc/</code>, and <code>/abc/def</code> would all

+match the prefix <code>/abc</code>, but the path <code>/abcd</code> would not.</p>

+</td>

+</tr></tbody>

+</table>

+<h3 id="alb.networking.azure.io/v1.HeaderFilter">HeaderFilter

+</h3>

+<p>

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRewrites">IngressRewrites</a>)

+</p>

+<div>

+<p>HeaderFilter defines a filter that modifies the headers of an HTTP

+request or response. Only one action for a given header name is permitted.

+Filters specifying multiple actions of the same or different type for any one

+header name are invalid and will be rejected.

+Configuration to set or add multiple values for a header must use RFC 7230

+header value formatting, separating each value with a comma.</p>

+</div>

+<table>

+<thead>

+<tr>

+<th>Field</th>

+<th>Description</th>

+</tr>

+</thead>

+<tbody>

+<tr>

+<td>

+<code>set</code><br/>

+<em>

+<a href="#alb.networking.azure.io/v1.HTTPHeader">

+[]HTTPHeader

+</a>

+</em>

+</td>

+<td>

+<em>(Optional)</em>

+<p>Set overwrites the request with the given header (name, value)

+before the action.</p>

+<p>Input:

+GET /foo HTTP/1.1

+my-header: foo</p>

+<p>Config:

+set:

+- name: "my-header"

+value: "bar"</p>

+<p>Output:

+GET /foo HTTP/1.1

+my-header: bar</p>

+</td>

+</tr>

+<tr>

+<td>

+<code>add</code><br/>

+<em>

+<a href="#alb.networking.azure.io/v1.HTTPHeader">

+[]HTTPHeader

+</a>

+</em>

+</td>

+<td>

+<em>(Optional)</em>

+<p>Add adds the given header(s) (name, value) to the request

+before the action. It appends to any existing values associated

+with the header name.</p>

+<p>Input:

+GET /foo HTTP/1.1

+my-header: foo</p>

+<p>Config:

+add:

+- name: "my-header"

+value: "bar,baz"</p>

+<p>Output:

+GET /foo HTTP/1.1

+my-header: foo,bar,baz</p>

+</td>

+</tr>

+<tr>

+<td>

+<code>remove</code><br/>

+<em>

+[]string

+</em>

+</td>

+<td>

+<em>(Optional)</em>

+<p>Remove the given header(s) from the HTTP request before the action. The

+value of Remove is a list of HTTP header names. Note that the header

+names are case-insensitive (see

+<a href="https://datatracker.ietf.org/doc/html/rfc2616#section-4.2)">https://datatracker.ietf.org/doc/html/rfc2616#section-4.2)</a>.</p>

+<p>Input:

+GET /foo HTTP/1.1

+my-header1: foo

+my-header2: bar

+my-header3: baz</p>

+<p>Config:

+remove: ["my-header1", "my-header3"]</p>

+<p>Output:

+GET /foo HTTP/1.1

+my-header2: bar</p>

+</td>

+</tr>

+</tbody>

+</table>

+<h3 id="alb.networking.azure.io/v1.HeaderName">HeaderName

+(<code>string</code> alias)</h3>

+<div>

+<p>HeaderName is the name of a header or query parameter.</p>

+</div>

+<tbody><tr><td><p>&#34;Accepted&#34;</p></td>

+<td><p>HealthCheckPolicyReasonInvalid is the reason when the HealthCheckPolicy isn&rsquo;t Accepted</p>

+</td>

+</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td>

+<td><p>HealthCheckPolicyReasonInvalidGroup is used when the group is invalid</p>

+</td>

+</tr><tr><td><p>&#34;InvalidKind&#34;</p></td>

+<td><p>HealthCheckPolicyReasonInvalidKind is used when the kind/group is invalid</p>

+</td>

+</tr><tr><td><p>&#34;InvalidName&#34;</p></td>

+<td><p>HealthCheckPolicyReasonInvalidName is used when the name is invalid</p>

+</tr><tr><td><p>&#34;InvalidService&#34;</p></td>

+<td><p>HealthCheckPolicyReasonInvalidService is used when the Service is invalid</p>

+<td><p>HealthCheckPolicyReasonNoTargetReference is used when there is no target reference</p>

+</td>

+</tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td>

+<td><p>HealthCheckPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p>

+<li>"Accepted"</li>

+<code>port</code><br/>

+<p>Port indicates the port on the backend service</p>

+<p>Protocol should be one of "HTTP", "HTTPS"</p>

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleTLS">IngressRuleTLS</a>)

+<code>rules</code><br/>

+<a href="#alb.networking.azure.io/v1.IngressRuleSetting">

+[]IngressRuleSetting

+<em>(Optional)</em>

+<p>Rules defines the rules per host</p>

+<code>rules</code><br/>

+<a href="#alb.networking.azure.io/v1.IngressRuleSetting">

+[]IngressRuleSetting

+<em>(Optional)</em>

+<p>Rules defines the rules per host</p>

+<code>rules</code><br/>

+<a href="#alb.networking.azure.io/v1.IngressRuleStatus">

+[]IngressRuleStatus

+<p>Rules has detailed status information regarding each Rule</p>

+<li>"Accepted"</li>

+<li>"Errors"</li>

+<h3 id="alb.networking.azure.io/v1.IngressRewrites">IngressRewrites

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting</a>)

+<p>IngressRewrites provides the various rewrites supported on a rule</p>

+<code>type</code><br/>

+<a href="#alb.networking.azure.io/v1.RewriteType">

+RewriteType

+</a>

+<p>Type identifies the type of rewrite</p>

+<code>requestHeaderModifier</code><br/>

+<a href="#alb.networking.azure.io/v1.HeaderFilter">

+HeaderFilter

+<p>RequestHeaderModifier defines a schema that modifies request headers.</p>

+<code>responseHeaderModifier</code><br/>

+<a href="#alb.networking.azure.io/v1.HeaderFilter">

+HeaderFilter

+</a>

+</em>

+</td>

+<td>

+<em>(Optional)</em>

+<p>RequestHeaderModifier defines a schema that modifies response headers.</p>

+</td>

+</tr>

+<tr>

+<td>

+<code>urlRewrite</code><br/>

+<em>

+<a href="#alb.networking.azure.io/v1.URLRewriteFilter">

+URLRewriteFilter

+</a>

+<p>URLRewrite defines a schema that modifies a request during forwarding.</p>

+<h3 id="alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting

+<p>IngressRuleSetting provides configuration options for rules</p>

+<a href="#alb.networking.azure.io/v1.IngressRuleTLS">

+IngressRuleTLS

+<p>TLS defines TLS settings for the rule</p>

+<code>rewrites</code><br/>

+<a href="#alb.networking.azure.io/v1.IngressRewrites">

+[]IngressRewrites

+<p>Rewrites defines the rewrites for the rule</p>

+<code>requestRedirect</code><br/>

+<a href="#alb.networking.azure.io/v1.Redirect">

+Redirect

+<p>RequestRedirect defines the redirect behavior for the rule</p>

+<h3 id="alb.networking.azure.io/v1.IngressRuleStatus">IngressRuleStatus

+<p>IngressRuleStatus describes the state of a rule</p>

+<p>Host identifies the rule this status describes</p>

+<p>Valid indicates that there are no validation errors present on this rule</p>

+<h3 id="alb.networking.azure.io/v1.IngressRuleTLS">IngressRuleTLS

+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting</a>)