Updates from: 02/24/2021 04:03:49
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Restful Technical Profile https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/restful-technical-profile.md
If the type of authentication is set to `ApiKeyHeader`, the **CryptographicKeys*
| | -- | -- | | The name of the HTTP header, such as `x-functions-key`, or `x-api-key`. | Yes | The key that is used to authenticate. |
+> [!NOTE]
+> At this time, Azure AD B2C supports only one HTTP header for authentication. If your RESTful call requires multiple headers, such as a client ID and client secret, you will need to proxy the request in some manner.
+ ```xml <TechnicalProfile Id="REST-API-SignUp"> <DisplayName>Validate user's input data and return loyaltyNumber claim</DisplayName>
See the following articles for examples of using a RESTful technical profile:
- [Walkthrough: Integrate REST API claims exchanges in your Azure AD B2C user journey as validation of user input](custom-policy-rest-api-claims-validation.md) - [Walkthrough: Add REST API claims exchanges to custom policies in Azure Active Directory B2C](custom-policy-rest-api-claims-validation.md) - [Secure your REST API services](secure-rest-api.md)-
active-directory Howto Create Service Principal Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/howto-create-service-principal-portal.md
Let's jump straight into creating the identity. If you run into a problem, check
You've created your Azure AD application and service principal.
+> [!NOTE]
+> You can register multiple applications with the same name in Azure AD, but the applications must have different Application (client) IDs.
+ ## Assign a role to the application To access resources in your subscription, you must assign a role to the application. Decide which role offers the right permissions for the application. To learn about the available roles, see [Azure built-in roles](../../role-based-access-control/built-in-roles.md).
active-directory Id Tokens https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/id-tokens.md
View this v2.0 sample token in [jwt.ms](https://jwt.ms/#id_token=eyJ0eXAiOiJKV1Q
|--|--|-| |`typ` | String - always "JWT" | Indicates that the token is a JWT token.| |`alg` | String | Indicates the algorithm that was used to sign the token. Example: "RS256" |
-|`kid` | String | Thumbprint for the public key used to sign this token. Emitted in both v1.0 and v2.0 `id_tokens`. |
+|`kid` | String | Thumbprint for the public key used to verify this token. Emitted in both v1.0 and v2.0 `id_tokens`. |
|`x5t` | String | The same (in use and value) as `kid`. However, this is a legacy claim emitted only in v1.0 `id_tokens` for compatibility purposes. | ### Payload claims
active-directory Reference Aadsts Error Codes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/reference-aadsts-error-codes.md
For example, if you received the error code "AADSTS50058" then do a search in [h
| AADSTS53002 | ApplicationUsedIsNotAnApprovedApp - The app used is not an approved app for Conditional Access. User needs to use one of the apps from the list of approved apps to use in order to get access. | | AADSTS53003 | BlockedByConditionalAccess - Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. | | AADSTS53004 | ProofUpBlockedDueToRisk - User needs to complete the multi-factor authentication registration process before accessing this content. User should register for multi-factor authentication. |
+| AADSTS53011 | User blocked due to risk on home tenant. |
| AADSTS54000 | MinorUserBlockedLegalAgeGroupRule | | AADSTS65001 | DelegationDoesNotExist - The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. | | AADSTS65004 | UserDeclinedConsent - User declined to consent to access the app. Have the user retry the sign-in and consent to the app|
active-directory Groups Dynamic Membership https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/enterprise-users/groups-dynamic-membership.md
Previously updated : 12/02/2020 Last updated : 02/18/2021
The following device attributes can be used.
-- | -- | - accountEnabled | true false | (device.accountEnabled -eq true) displayName | any string value |(device.displayName -eq "Rob iPhone")
- deviceOSType | any string value | (device.deviceOSType -eq "iPad") -or (device.deviceOSType -eq "iPhone")<br>(device.deviceOSType -contains "AndroidEnterprise")<br>(device.deviceOSType -eq "AndroidForWork")
- deviceOSVersion | any string value | (device.deviceOSVersion -eq "9.1")
+ deviceOSType | any string value | (device.deviceOSType -eq "iPad") -or (device.deviceOSType -eq "iPhone")<br>(device.deviceOSType -contains "AndroidEnterprise")<br>(device.deviceOSType -eq "AndroidForWork")<br>(device.deviceOSType -eq "Windows")
+ deviceOSVersion | any string value | (device.deviceOSVersion -eq "9.1")<br>(device.deviceOSVersion -eq "10.0.17763.0")
deviceCategory | a valid device category name | (device.deviceCategory -eq "BYOD") deviceManufacturer | any string value | (device.deviceManufacturer -eq "Samsung") deviceModel | any string value | (device.deviceModel -eq "iPad Air")
active-directory Access Reviews External Users https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/governance/access-reviews-external-users.md
Users that no longer have access to any resources in your tenant can be removed
When the review finishes, the **Results** page shows an overview of the response given by every external identity. You can choose to apply results automatically and let Access Reviews disable and delete them. Alternatively, you can look through the responses given and decide whether you want to remove a userΓÇÖs access or follow-up with them and get additional information before making a decision. If some users still have access to resources that you have not reviewed yet, you can use the review as part of your discovery and enrich your next review and attestation cycle.
-## Disable and delete external identities with Azure AD Access Reviews (Preview)
+## Disable and delete external identities with Azure AD Access Reviews
In addition to the option of removing unwanted external identities from resources such as groups or applications, Azure AD Access Reviews can block external identities from signing-in to your tenant and delete the external identities from your tenant after 30 days. Once you select **Block user from signing-in for 30 days, then remove user from the tenant**, the review will stay in the ΓÇ£applyingΓÇ¥ state for 30 days. During this period, settings, results, reviewers or Audit logs under the current review won't be viewable or configurable. ![upon completion settings](media/access-reviews-external-users/upon-completion-settings.png) When creating a new Access Review, in the ΓÇ£Upon completion settingsΓÇ¥ section, for **Action to apply on denied users** you can define **Block users from signing-in for 30 days, then remove user from the tenant**.
-This setting, currently in preview, allows you to identify, block, and delete external identities from your Azure AD tenant. External identities who are reviewed and denied continued access by the reviewer will be blocked and deleted, irrespective of the resource access or group membership they have. This setting is best used as a last step after you have validated that the external users in-review no longer carries resource access and can safely be removed from your tenant or if you want to make sure they are removed, irrespective of their standing access. The ΓÇ£Disable and deleteΓÇ¥ feature blocks the external user first, taking away their ability to signing into your tenant and accessing resources. Resource access is not revoked in this stage, and in case you wanted to reinstantiate the external user, their ability to log on can be reconfigured. Upon no further action, a blocked external identity will be deleted from the directory after 30 days, removing the account as well as their access.
+This setting allows you to identify, block, and delete external identities from your Azure AD tenant. External identities who are reviewed and denied continued access by the reviewer will be blocked and deleted, irrespective of the resource access or group membership they have. This setting is best used as a last step after you have validated that the external users in-review no longer carries resource access and can safely be removed from your tenant or if you want to make sure they are removed, irrespective of their standing access. The ΓÇ£Disable and deleteΓÇ¥ feature blocks the external user first, taking away their ability to signing into your tenant and accessing resources. Resource access is not revoked in this stage, and in case you wanted to reinstantiate the external user, their ability to log on can be reconfigured. Upon no further action, a blocked external identity will be deleted from the directory after 30 days, removing the account as well as their access.
## Next steps - [Access reviews - Graph API](/graph/api/resources/accessreviews-root?view=graph-rest-beta)-- [Entitlement management - Graph API](/graph/api/resources/entitlementmanagement-root?view=graph-rest-beta)
+- [Entitlement management - Graph API](/graph/api/resources/entitlementmanagement-root?view=graph-rest-beta)
active-directory Entitlement Management External Users https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/governance/entitlement-management-external-users.md
To ensure people outside of your organization can request access packages and ge
- Allowing guests to invite other guests to your directory means that guest invites can occur outside of entitlement management. We recommend setting **Guests can invite** to **No** to only allow for properly governed invitations. - If you are using the B2B allow list, you must make sure any domain you want to partner with using entitlement management is added to the list. Alternatively, if you are using the B2B deny list, you must make sure any domain you want to partner with is not added to the list. - If you create an entitlement management policy for **All users** (All connected organizations + any new external users), and a user doesnΓÇÖt belong to a connected organization in your directory, a connected organization will automatically be created for them when they request the package. Any B2B allow or deny list settings you have will take precedence. Therefore, be sure to include the domains you intend to include in this policy to your allow list if you are using one, and exclude them from your deny list if you are using a deny list.-- If you want to create an entitlement management policy that includes **All users** (All connected organizations + any new external users), you must first enable email one-time passcode authentication for your directory. For more information, see [Email one-time passcode authentication (preview)](../external-identities/one-time-passcode.md).
+- If you want to create an entitlement management policy that includes **All users** (All connected organizations + any new external users), you must first enable email one-time passcode authentication for your directory. For more information, see [Email one-time passcode authentication](../external-identities/one-time-passcode.md).
- For more information about Azure AD B2B external collaboration settings, see [Enable B2B external collaboration and manage who can invite guests](../external-identities/delegate-invitations.md). ![Azure AD external collaboration settings](./media/entitlement-management-external-users/collaboration-settings.png)
You can select what happens when an external user, who was invited to your direc
- [Add a connected organization](entitlement-management-organization.md) - [For users not in your directory](entitlement-management-access-package-request-policy.md#for-users-not-in-your-directory)-- [Troubleshoot](entitlement-management-troubleshoot.md)
+- [Troubleshoot](entitlement-management-troubleshoot.md)
azure-functions Functions Get Started https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-get-started.md
Use the following resources to get started.
::: zone pivot="programming-language-javascript" | Action | Resources | | | |
-| **Create your first function** | Using one of the following tools:<br><br><li>[Visual Studio Code](./create-first-function-vs-code-node.md)<li>[Node.js terminal/command prompt](./create-first-function-cli-java.md) |
+| **Create your first function** | Using one of the following tools:<br><br><li>[Visual Studio Code](./create-first-function-vs-code-node.md)<li>[Node.js terminal/command prompt](./create-first-function-cli-node.md) |
| **See a function running** | <li>[Azure Samples Browser](/samples/browse/?expanded=azure&languages=javascript%2ctypescript&products=azure-functions)<li>[Azure Community Library](https://www.serverlesslibrary.net/?technology=Functions%202.x&language=JavaScript%2CTypeScript) | | **Explore an interactive tutorial** | <li>[Choose the best Azure serverless technology for your business scenario](/learn/modules/serverless-fundamentals/)<li>[Well-Architected Framework - Performance efficiency](/learn/modules/azure-well-architected-performance-efficiency/)<li>[Build Serverless APIs with Azure Functions](/learn/modules/build-api-azure-functions/)<li>[Create serverless logic with Azure Functions](/learn/modules/create-serverless-logic-with-azure-functions/)<li>[Refactor Node.js and Express APIs to Serverless APIs with Azure Functions](/learn/modules/shift-nodejs-express-apis-serverless/) <br><br>See Microsoft Learn for a [full listing of interactive tutorials](/learn/browse/?expanded=azure&products=azure-functions).| | **Review best practices** |<li>[Performance and reliability](./functions-best-practices.md)<li>[Manage connections](./manage-connections.md)<li>[Error handling and function retries](./functions-bindings-error-pages.md?tabs=javascript)<li>[Security](./security-concepts.md)|
azure-sql Vnet Service Endpoint Rule Powershell Create https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/scripts/vnet-service-endpoint-rule-powershell-create.md
This first PowerShell script assigns values to variables. The subsequent scripts
## (Needed only one time per powershell.exe session.) ## ###########################################################
-$yesno = Read-Host 'Do you need to log into Azure (only one time per powershell.exe session)? [yes/no]';
-if ('yes' -eq $yesno) { Connect-AzAccount; }
+$yesno = Read-Host 'Do you need to log into Azure (only one time per powershell.exe session)? [yes/no]'
+if ('yes' -eq $yesno) { Connect-AzAccount }
########################################################### ## Assignments to variables used by the later scripts. ## ########################################################### # You can edit these values, if necessary.
-$SubscriptionName = 'yourSubscriptionName';
-Select-AzSubscription -SubscriptionName $SubscriptionName;
+$SubscriptionName = 'yourSubscriptionName'
+Select-AzSubscription -SubscriptionName $SubscriptionName
-$ResourceGroupName = 'RG-YourNameHere';
-$Region = 'westcentralus';
+$ResourceGroupName = 'RG-YourNameHere'
+$Region = 'westcentralus'
-$VNetName = 'myVNet';
-$SubnetName = 'mySubnet';
-$VNetAddressPrefix = '10.1.0.0/16';
-$SubnetAddressPrefix = '10.1.1.0/24';
-$VNetRuleName = 'myFirstVNetRule-ForAcl';
+$VNetName = 'myVNet'
+$SubnetName = 'mySubnet'
+$VNetAddressPrefix = '10.1.0.0/16'
+$SubnetAddressPrefix = '10.1.1.0/24'
+$VNetRuleName = 'myFirstVNetRule-ForAcl'
-$SqlDbServerName = 'mysqldbserver-forvnet';
-$SqlDbAdminLoginName = 'ServerAdmin';
-$SqlDbAdminLoginPassword = 'ChangeYourAdminPassword1';
+$SqlDbServerName = 'mysqldbserver-forvnet'
+$SqlDbAdminLoginName = 'ServerAdmin'
+$SqlDbAdminLoginPassword = 'ChangeYourAdminPassword1'
-$ServiceEndpointTypeName_SqlDb = 'Microsoft.Sql'; # Official type name.
+$ServiceEndpointTypeName_SqlDb = 'Microsoft.Sql' # Official type name.
-Write-Host 'Completed script 1, the "Variables".';
+Write-Host 'Completed script 1, the "Variables".'
``` <a name="a-script-20"></a>
This script prepares for the next script, where the endpoint action is. This scr
## Ensure your Resource Group already exists. ## ###########################################################
-Write-Host "Check whether your Resource Group already exists.";
+Write-Host "Check whether your Resource Group already exists."
-$gottenResourceGroup = $null;
+$gottenResourceGroup = $null
+$gottenResourceGroup = Get-AzResourceGroup -Name $ResourceGroupName -ErrorAction SilentlyContinue
-$gottenResourceGroup = Get-AzResourceGroup `
- -Name $ResourceGroupName `
- -ErrorAction SilentlyContinue;
-
-if ($null -eq $gottenResourceGroup)
-{
- Write-Host "Creating your missing Resource Group - $ResourceGroupName.";
-
- $gottenResourceGroup = New-AzResourceGroup `
- -Name $ResourceGroupName `
- -Location $Region;
-
- $gottenResourceGroup;
+if ($null -eq $gottenResourceGroup) {
+ Write-Host "Creating your missing Resource Group - $ResourceGroupName."
+ New-AzResourceGroup -Name $ResourceGroupName -Location $Region
+} else {
+ Write-Host "Good, your Resource Group already exists - $ResourceGroupName."
}
-else { Write-Host "Good, your Resource Group already exists - $ResourceGroupName."; }
-$gottenResourceGroup = $null;
+$gottenResourceGroup = $null
########################################################### ## Ensure your server already exists. ## ###########################################################
-Write-Host "Check whether your server already exists.";
+Write-Host "Check whether your server already exists."
-$sqlDbServer = $null;
-
-$sqlDbServer = Get-AzSqlServer `
- -ResourceGroupName $ResourceGroupName `
- -ServerName $SqlDbServerName `
- -ErrorAction SilentlyContinue;
+$sqlDbServer = $null
+$azSqlParams = @{
+ ResourceGroupName = $ResourceGroupName
+ ServerName = $SqlDbServerName
+ ErrorAction = 'SilentlyContinue'
+}
+$sqlDbServer = Get-AzSqlServer @azSqlParams
if ($null -eq $sqlDbServer) {
- Write-Host "Creating the missing server - $SqlDbServerName.";
- Write-Host "Gather the credentials necessary to next create a server.";
-
- $sqlAdministratorCredentials = New-Object `
- -TypeName System.Management.Automation.PSCredential `
- -ArgumentList `
- $SqlDbAdminLoginName, `
- $(ConvertTo-SecureString `
- -String $SqlDbAdminLoginPassword `
- -AsPlainText `
- -Force `
- );
+ Write-Host "Creating the missing server - $SqlDbServerName."
+ Write-Host "Gather the credentials necessary to next create a server."
+
+ $sqlAdministratorCredentials = [pscredential]::new($SqlDbAdminLoginName,(ConvertTo-SecureString -String $SqlDbAdminLoginPassword -AsPlainText -Force))
if ($null -eq $sqlAdministratorCredentials) {
- Write-Host "ERROR, unable to create SQL administrator credentials. Now ending.";
- return;
+ Write-Host "ERROR, unable to create SQL administrator credentials. Now ending."
+ return
}
- Write-Host "Create your server.";
+ Write-Host "Create your server."
- $sqlDbServer = New-AzSqlServer `
- -ResourceGroupName $ResourceGroupName `
- -ServerName $SqlDbServerName `
- -Location $Region `
- -SqlAdministratorCredentials $sqlAdministratorCredentials;
-
- $sqlDbServer;
-}
-else {
- Write-Host "Good, your server already exists - $SqlDbServerName.";
+ $sqlSrvParams = @{
+ ResourceGroupName = $ResourceGroupName
+ ServerName = $SqlDbServerName
+ Location = $Region
+ SqlAdministratorCredentials = $sqlAdministratorCredentials
+ }
+ New-AzSqlServer @sqlSrvParams
+} else {
+ Write-Host "Good, your server already exists - $SqlDbServerName."
}
-$sqlAdministratorCredentials = $null;
-$sqlDbServer = $null;
+$sqlAdministratorCredentials = $null
+$sqlDbServer = $null
-Write-Host 'Completed script 2, the "Prerequisites".';
+Write-Host 'Completed script 2, the "Prerequisites".'
``` <a name="a-script-30"></a>
This script creates a virtual network with a subnet. Then the script assigns the
## Create your virtual network, and give it a subnet. ## ###########################################################
-Write-Host "Define a subnet '$SubnetName', to be given soon to a virtual network.";
+Write-Host "Define a subnet '$SubnetName', to be given soon to a virtual network."
-$subnet = New-AzVirtualNetworkSubnetConfig `
- -Name $SubnetName `
- -AddressPrefix $SubnetAddressPrefix `
- -ServiceEndpoint $ServiceEndpointTypeName_SqlDb;
+$subnetParams = @{
+ Name = $SubnetName
+ AddressPrefix = $SubnetAddressPrefix
+ ServiceEndpoint = $ServiceEndpointTypeName_SqlDb
+}
+$subnet = New-AzVirtualNetworkSubnetConfig @subnetParams
-Write-Host "Create a virtual network '$VNetName'." `
- " Give the subnet to the virtual network that we created.";
+Write-Host "Create a virtual network '$VNetName'.`nGive the subnet to the virtual network that we created."
-$vnet = New-AzVirtualNetwork `
- -Name $VNetName `
- -AddressPrefix $VNetAddressPrefix `
- -Subnet $subnet `
- -ResourceGroupName $ResourceGroupName `
- -Location $Region;
+$vnetParams = @{
+ Name = $VNetName
+ AddressPrefix = $VNetAddressPrefix
+ Subnet = $subnet
+ ResourceGroupName = $ResourceGroupName
+ Location = $Region
+}
+$vnet = New-AzVirtualNetwork @vnetParams
########################################################### ## Create a Virtual Service endpoint on the subnet. ## ###########################################################
-Write-Host "Assign a Virtual Service endpoint 'Microsoft.Sql' to the subnet.";
+Write-Host "Assign a Virtual Service endpoint 'Microsoft.Sql' to the subnet."
-$vnet = Set-AzVirtualNetworkSubnetConfig `
- -Name $SubnetName `
- -AddressPrefix $SubnetAddressPrefix `
- -VirtualNetwork $vnet `
- -ServiceEndpoint $ServiceEndpointTypeName_SqlDb;
+$vnetSubParams = @{
+ Name = $SubnetName
+ AddressPrefix = $SubnetAddressPrefix
+ VirtualNetwork = $vnet
+ ServiceEndpoint = $ServiceEndpointTypeName_SqlDb
+}
+$vnet = Set-AzVirtualNetworkSubnetConfig @vnetSubParams
-Write-Host "Persist the updates made to the virtual network > subnet.";
+Write-Host "Persist the updates made to the virtual network > subnet."
-$vnet = Set-AzVirtualNetwork `
- -VirtualNetwork $vnet;
+$vnet = Set-AzVirtualNetwork -VirtualNetwork $vnet
-$vnet.Subnets[0].ServiceEndpoints; # Display the first endpoint.
+$vnet.Subnets[0].ServiceEndpoints # Display the first endpoint.
########################################################### ## Add the Virtual Service endpoint Id as a rule, ## ## into SQL Database ACLs. ## ###########################################################
-Write-Host "Get the subnet object.";
+Write-Host "Get the subnet object."
-$vnet = Get-AzVirtualNetwork `
- -ResourceGroupName $ResourceGroupName `
- -Name $VNetName;
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $VNetName
-$subnet = Get-AzVirtualNetworkSubnetConfig `
- -Name $SubnetName `
- -VirtualNetwork $vnet;
+$subnet = Get-AzVirtualNetworkSubnetConfig -Name $SubnetName -VirtualNetwork $vnet
-Write-Host "Add the subnet .Id as a rule, into the ACLs for your server.";
+Write-Host "Add the subnet .Id as a rule, into the ACLs for your server."
-$vnetRuleObject1 = New-AzSqlServerVirtualNetworkRule `
- -ResourceGroupName $ResourceGroupName `
- -ServerName $SqlDbServerName `
- -VirtualNetworkRuleName $VNetRuleName `
- -VirtualNetworkSubnetId $subnet.Id;
-
-$vnetRuleObject1;
-
-Write-Host "Verify that the rule is in the SQL Database ACL.";
+$ruleParams = @{
+ ResourceGroupName = $ResourceGroupName
+ ServerName = $SqlDbServerName
+ VirtualNetworkRuleName = $VNetRuleName
+ VirtualNetworkSubnetId = $subnet.Id
+}
+New-AzSqlServerVirtualNetworkRule @ruleParams
-$vnetRuleObject2 = Get-AzSqlServerVirtualNetworkRule `
- -ResourceGroupName $ResourceGroupName `
- -ServerName $SqlDbServerName `
- -VirtualNetworkRuleName $VNetRuleName;
+Write-Host "Verify that the rule is in the SQL Database ACL."
-$vnetRuleObject2;
+$rule2Params = @{
+ ResourceGroupName = $ResourceGroupName
+ ServerName = $SqlDbServerName
+ VirtualNetworkRuleName = $VNetRuleName
+}
+Get-AzSqlServerVirtualNetworkRule @rule2Params
-Write-Host 'Completed script 3, the "Virtual-Network-Rule".';
+Write-Host 'Completed script 3, the "Virtual-Network-Rule".'
``` <a name="a-script-40"></a>
You can run script 4 any time after script 1 completes.
## 3. The test virtual network is deleted. ## ###########################################################
-Write-Host "Delete the rule from the SQL Database ACL.";
+Write-Host "Delete the rule from the SQL Database ACL."
-Remove-AzSqlServerVirtualNetworkRule `
- -ResourceGroupName $ResourceGroupName `
- -ServerName $SqlDbServerName `
- -VirtualNetworkRuleName $VNetRuleName `
- -ErrorAction SilentlyContinue;
+$removeParams = @{
+ ResourceGroupName = $ResourceGroupName
+ ServerName = $SqlDbServerName
+ VirtualNetworkRuleName = $VNetRuleName
+ ErrorAction = 'SilentlyContinue'
+}
+Remove-AzSqlServerVirtualNetworkRule @removeParams
-Write-Host "Delete the endpoint from the subnet.";
+Write-Host "Delete the endpoint from the subnet."
-$vnet = Get-AzVirtualNetwork `
- -ResourceGroupName $ResourceGroupName `
- -Name $VNetName;
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $VNetName
-Remove-AzVirtualNetworkSubnetConfig `
- -Name $SubnetName `
- -VirtualNetwork $vnet;
+Remove-AzVirtualNetworkSubnetConfig -Name $SubnetName -VirtualNetwork $vnet
-Write-Host "Delete the virtual network (thus also deletes the subnet).";
+Write-Host "Delete the virtual network (thus also deletes the subnet)."
-Remove-AzVirtualNetwork `
- -Name $VNetName `
- -ResourceGroupName $ResourceGroupName `
- -ErrorAction SilentlyContinue;
+$removeParams = @{
+ Name = $VNetName
+ ResourceGroupName = $ResourceGroupName
+ ErrorAction = 'SilentlyContinue'
+}
+Remove-AzVirtualNetwork @removeParams
########################################################### ## Clean-up phase B: Conditional deletes. ##
Remove-AzVirtualNetwork `
## 2. Azure resource group ## ###########################################################
-$yesno = Read-Host 'CAUTION !: Do you want to DELETE your server AND your resource group? [yes/no]';
+$yesno = Read-Host 'CAUTION !: Do you want to DELETE your server AND your resource group? [yes/no]'
if ('yes' -eq $yesno) {
- Write-Host "Remove the server.";
+ Write-Host "Remove the server."
- Remove-AzSqlServer `
- -ServerName $SqlDbServerName `
- -ResourceGroupName $ResourceGroupName `
- -ErrorAction SilentlyContinue;
-
- Write-Host "Remove the Azure Resource Group.";
+ $removeParams = @{
+ ServerName = $SqlDbServerName
+ ResourceGroupName = $ResourceGroupName
+ ErrorAction = 'SilentlyContinue'
+ }
+ Remove-AzSqlServer @removeParams
- Remove-AzResourceGroup `
- -Name $ResourceGroupName `
- -ErrorAction SilentlyContinue;
-}
-else {
- Write-Host "Skipped over the DELETE of SQL Database and resource group.";
+ Write-Host "Remove the Azure Resource Group."
+
+ Remove-AzResourceGroup -Name $ResourceGroupName -ErrorAction SilentlyContinue
+} else {
+ Write-Host "Skipped over the DELETE of SQL Database and resource group."
}
-Write-Host 'Completed script 4, the "Clean-Up".';
+Write-Host 'Completed script 4, the "Clean-Up".'
``` <a name="a-actual-output"></a>
This PowerShell script does not update anything, unless you respond yes if is as
```powershell ### 1. LOG into to your Azure account, needed only once per PS session. Assign variables.
-$yesno = Read-Host 'Do you need to log into Azure (only one time per powershell.exe session)? [yes/no]';
-if ('yes' -eq $yesno) { Connect-AzAccount; }
+$yesno = Read-Host 'Do you need to log into Azure (only one time per powershell.exe session)? [yes/no]'
+if ('yes' -eq $yesno) { Connect-AzAccount }
# Assignments to variables used by the later scripts. # You can EDIT these values, if necessary.
-$SubscriptionName = 'yourSubscriptionName';
-Select-AzSubscription -SubscriptionName "$SubscriptionName";
+$SubscriptionName = 'yourSubscriptionName'
+Select-AzSubscription -SubscriptionName "$SubscriptionName"
-$ResourceGroupName = 'yourRGName';
-$VNetName = 'yourVNetName';
-$SubnetName = 'yourSubnetName';
-$SubnetAddressPrefix = 'Obtain this value from the Azure portal.'; # Looks roughly like: '10.0.0.0/24'
+$ResourceGroupName = 'yourRGName'
+$VNetName = 'yourVNetName'
+$SubnetName = 'yourSubnetName'
+$SubnetAddressPrefix = 'Obtain this value from the Azure portal.' # Looks roughly like: '10.0.0.0/24'
-$ServiceEndpointTypeName_SqlDb = 'Microsoft.Sql'; # Do NOT edit. Is official value.
+$ServiceEndpointTypeName_SqlDb = 'Microsoft.Sql' # Do NOT edit. Is official value.
### 2. Search for your virtual network, and then for your subnet. # Search for the virtual network.
-$vnet = $null;
-$vnet = Get-AzVirtualNetwork `
- -ResourceGroupName $ResourceGroupName `
- -Name $VNetName;
+$vnet = $null
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $VNetName
if ($vnet -eq $null) {
- Write-Host "Caution: No virtual network found by the name '$VNetName'.";
- Return;
+ Write-Host "Caution: No virtual network found by the name '$VNetName'."
+ return
}
-$subnet = $null;
-for ($nn=0; $nn -lt $vnet.Subnets.Count; $nn++) {
- $subnet = $vnet.Subnets[$nn];
- if ($subnet.Name -eq $SubnetName)
- { break; }
- $subnet = $null;
+$subnet = $null
+for ($nn = 0; $nn -lt $vnet.Subnets.Count; $nn++) {
+ $subnet = $vnet.Subnets[$nn]
+ if ($subnet.Name -eq $SubnetName) { break }
+ $subnet = $null
}
-if ($subnet -eq $null) {
- Write-Host "Caution: No subnet found by the name '$SubnetName'";
- Return;
+if ($null -eq $subnet) {
+ Write-Host "Caution: No subnet found by the name '$SubnetName'"
+ Return
} ### 3. Is your subnet tagged as 'Microsoft.Sql' endpoint server type?
-$endpointMsSql = $null;
-for ($nn=0; $nn -lt $subnet.ServiceEndpoints.Count; $nn++) {
- $endpointMsSql = $subnet.ServiceEndpoints[$nn];
+$endpointMsSql = $null
+for ($nn = 0; $nn -lt $subnet.ServiceEndpoints.Count; $nn++) {
+ $endpointMsSql = $subnet.ServiceEndpoints[$nn]
if ($endpointMsSql.Service -eq $ServiceEndpointTypeName_SqlDb) {
- $endpointMsSql;
- break;
+ $endpointMsSql
+ break
}
- $endpointMsSql = $null;
+ $endpointMsSql = $null
}
-if ($endpointMsSql -ne $null) {
- Write-Host "Good: Subnet found, and is already tagged as an endpoint of type '$ServiceEndpointTypeName_SqlDb'.";
- Return;
-}
-else {
- Write-Host "Caution: Subnet found, but not yet tagged as an endpoint of type '$ServiceEndpointTypeName_SqlDb'.";
+if ($null -eq $endpointMsSql) {
+ Write-Host "Good: Subnet found, and is already tagged as an endpoint of type '$ServiceEndpointTypeName_SqlDb'."
+ return
+} else {
+ Write-Host "Caution: Subnet found, but not yet tagged as an endpoint of type '$ServiceEndpointTypeName_SqlDb'."
# Ask the user for confirmation.
- $yesno = Read-Host 'Do you want the PS script to apply the endpoint type name to your subnet? [yes/no]';
- if ('no' -eq $yesno) { Return; }
+ $yesno = Read-Host 'Do you want the PS script to apply the endpoint type name to your subnet? [yes/no]'
+ if ('no' -eq $yesno) { return }
} ### 4. Add a Virtual Service endpoint of type name 'Microsoft.Sql', on your subnet.
-$vnet = Set-AzVirtualNetworkSubnetConfig `
- -Name $SubnetName `
- -AddressPrefix $SubnetAddressPrefix `
- -VirtualNetwork $vnet `
- -ServiceEndpoint $ServiceEndpointTypeName_SqlDb;
+$setParams = @{
+ Name = $SubnetName
+ AddressPrefix = $SubnetAddressPrefix
+ VirtualNetwork = $vnet
+ ServiceEndpoint = $ServiceEndpointTypeName_SqlDb
+}
+$vnet = Set-AzVirtualNetworkSubnetConfig @setParams
# Persist the subnet update.
-$vnet = Set-AzVirtualNetwork `
- -VirtualNetwork $vnet;
+$vnet = Set-AzVirtualNetwork -VirtualNetwork $vnet
-for ($nn=0; $nn -lt $vnet.Subnets.Count; $nn++) {
- $vnet.Subnets[0].ServiceEndpoints; } # Display.
+for ($nn = 0; $nn -lt $vnet.Subnets.Count; $nn++) {
+ $vnet.Subnets[0].ServiceEndpoints # Display.
+}
``` <!-- Link references: --> [sql-db-vnet-service-endpoint-rule-overview-735r]:../vnet-service-endpoint-rule-overview.md
-[http-azure-portal-link-ref-477t]: https://portal.azure.com/
+[http-azure-portal-link-ref-477t]: https://portal.azure.com/
data-factory Control Flow For Each Activity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/control-flow-for-each-activity.md
Here are some limitations of the ForEach activity and suggested workarounds.
||| | You can't nest a ForEach loop inside another ForEach loop (or an Until loop). | Design a two-level pipeline where the outer pipeline with the outer ForEach loop iterates over an inner pipeline with the nested loop. | | The ForEach activity has a maximum `batchCount` of 50 for parallel processing, and a maximum of 100,000 items. | Design a two-level pipeline where the outer pipeline with the ForEach activity iterates over an inner pipeline. |
+| SetVariable can't be used inside a ForEach activity that runs in parallel as the variables are global to the whole pipeline, they are not scoped to a ForEach or any other activity. | Consider using sequential ForEach or use Execute Pipeline inside ForEach (Variable/Parameter handled in child Pipeline).|
| | | ## Next steps
data-factory Transform Data Databricks Notebook https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/transform-data-databricks-notebook.md
In certain cases you might require to pass back certain values from notebook bac
1. In your notebook, you may call [dbutils.notebook.exit("returnValue")](/azure/databricks/notebooks/notebook-workflows#notebook-workflows-exit) and corresponding "returnValue" will be returned to data factory.
-2. You can consume the output in data factory by using expression such as `'@activity('databricks notebook activity name').output.runOutput'`.
+2. You can consume the output in data factory by using expression such as `@{activity('databricks notebook activity name').output.runOutput}`.
> [!IMPORTANT]
- > If you are passing JSON object you can retrieve values by appending property names. Example: `'@activity('databricks notebook activity name').output.runOutput.PropertyName'`
+ > If you are passing JSON object you can retrieve values by appending property names. Example: `@{activity('databricks notebook activity name').output.runOutput.PropertyName}`
## How to upload a library in Databricks
healthcare-apis Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/overview.md
Azure API for FHIR enables rapid exchange of data through Fast Healthcare Intero
- Managed FHIR service, provisioned in the cloud in minutes - Enterprise-grade, FHIR®-based endpoint in Azure for data access, and storage in FHIR® format - High performance, low latency-- Secure management of Protected Health Data (PHI) in a compliant cloud environment
+- Secure management of Protected Health Information (PHI) in a compliant cloud environment
- SMART on FHIR for mobile and web implementations - Control your own data at scale with role-based access control (RBAC) - Audit log tracking for access, creation, modification, and reads within each data store
To try out the Azure IoT Connector for FHIR feature, check out the quickstart to
>[!div class="nextstepaction"] >[Deploy Azure IoT Connector for FHIR](iot-fhir-portal-quickstart.md)
-*In the Azure portal, Azure IoT Connector for FHIR is referred to as IoT Connector (preview). FHIR is a registered trademark of HL7 and is used with the permission of HL7.
+*In the Azure portal, Azure IoT Connector for FHIR is referred to as IoT Connector (preview). FHIR is a registered trademark of HL7 and is used with the permission of HL7.
machine-learning Dsvm Tools Deep Learning Frameworks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/data-science-virtual-machine/dsvm-tools-deep-learning-frameworks.md
Deep learning frameworks on the DSVM are listed below.
| Category | Value | | - | - |
-| Version(s) supported | 1.2.0 (Ubuntu 16.04), 1.4.0 (Ubuntu 18.04, Windows 2019) |
+| Version(s) supported | 1.2.0 (Ubuntu 16.04), 1.7.1 (Ubuntu 18.04, Windows 2019) |
| Supported DSVM editions | Windows Server 2019<br>Ubuntu 18.04<br> Ubuntu 16.04 |
-| How is it configured / installed on the DSVM? | Installed in [Python 3.5](dsvm-tools-languages.md#python-linux-edition). Sample Jupyter notebooks are included, and samples are in /dsvm/samples/pytorch. |
+| How is it configured / installed on the DSVM? | Installed in [Python 3.7](dsvm-tools-languages.md#python-linux-edition) under the py37_pytorch conda environment. Sample Jupyter notebooks are included, and samples are in /dsvm/samples/pytorch. |
| How to run it | Terminal: Activate the correct environment, and then run Python.<br/>* [JupyterHub](dsvm-ubuntu-intro.md#how-to-access-the-ubuntu-data-science-virtual-machine): Connect, and then open the PyTorch directory for samples. | ## [TensorFlow](https://www.tensorflow.org/)
Deep learning frameworks on the DSVM are listed below.
| Version(s) supported | 1.0.3 | | Supported DSVM editions | Ubuntu 16.04 | | How is it configured / installed on the DSVM? |Theano is installed in Python 2.7 (_root_), and in Python 3.5 (_py35_) environment. |
-| How to run it | Terminal: Activate the Python version you want (root or py35), run Python, and then import Theano.<br/>* Jupyter: Select the Python 2.7 or 3.5 kernel, and then import Theano. <br/>To work around a recent math kernel library (MKL) bug, you need to first set the MKL threading layer as follows:<br/><br/>`export MKL_THREADING_LAYER=GNU` |
+| How to run it | Terminal: Activate the Python version you want (root or py35), run Python, and then import Theano.<br/>* Jupyter: Select the Python 2.7 or 3.5 kernel, and then import Theano. <br/>To work around a recent math kernel library (MKL) bug, you need to first set the MKL threading layer as follows:<br/><br/>`export MKL_THREADING_LAYER=GNU` |
machine-learning Tools Included https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/data-science-virtual-machine/tools-included.md
The Data Science Virtual Machine comes with the most useful data-science tools p
| [MXNet](https://mxnet.apache.org/) | <span class='green-check'>&#9989;</span> | <span class='green-check'>&#9989;</span></br> (1.3.0) | <span class='red-x'>&#10060;</span> | <span class='red-x'>&#10060;</span> | [MXNet on the DSVM](./dsvm-tools-deep-learning-frameworks.md#mxnet) | | [MXNet Model Server](https://github.com/awslabs/mxnet-model-server#quick-start) | <span class='green-check'>&#9989;</span> | <span class='green-check'>&#9989;</span></br> (1.0.1) | <span class='red-x'>&#10060;</span> | <span class='red-x'>&#10060;</span> | [MXNet Model Server on the DSVM](./dsvm-tools-deep-learning-frameworks.md#mxnet-model-server) | | [NVidia System Management Interface (nvidia-smi)](https://developer.nvidia.com/nvidia-system-management-interface) | <span class='green-check'>&#9989;</span> | <span class='green-check'>&#9989;</span></br> | <span class='green-check'>&#9989;</span> | <span class='green-check'>&#9989;</span> | [nvidia-smi on the DSVM](./dsvm-tools-deep-learning-frameworks.md#nvidia-system-management-interface-nvidia-smi) |
-| [PyTorch](https://pytorch.org) | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span></br> (1.2.0) | <span class='green-check'>&#9989;</span></br> (1.4.0) | <span class='green-check'>&#9989;</span></br> (1.4.0) | [PyTorch on the DSVM](./dsvm-tools-deep-learning-frameworks.md#pytorch) |
+| [PyTorch](https://pytorch.org) | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span></br> (1.2.0) | <span class='green-check'>&#9989;</span></br> (1.7.1) | <span class='green-check'>&#9989;</span></br> (1.7.1) | [PyTorch on the DSVM](./dsvm-tools-deep-learning-frameworks.md#pytorch) |
| [TensorFlow](https://www.tensorflow.org) | <span class='green-check'>&#9989;</span></br> (1.13) | <span class='green-check'>&#9989;</span></br> (1.13) | <span class='green-check'>&#9989;</span></br> | <span class='green-check'>&#9989;</span></br> | [TensorFlow on the DSVM](./dsvm-tools-deep-learning-frameworks.md#tensorflow) | | [TensorFlow Serving](https://www.tensorflow.org/tfx/guide/serving) | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span></br> (1.12.0) | <span class='red-x'>&#10060;</span> | <span class='red-x'>&#10060;</span> | [TensorFlow Serving on the DSVM](./dsvm-tools-deep-learning-frameworks.md#tensorflow-serving) | | [Theano](https://github.com/Theano/Theano) | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span></br> (1.0.3) | <span class='red-x'>&#10060;</span> | <span class='red-x'>&#10060;</span> | [Theano on the DSVM](./dsvm-tools-deep-learning-frameworks.md#theano) |
If you were using only AzureML use azureml_py36_automl </br>
|-|:-:|:-:|:-:|:-:|::| | [Microsoft Office](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0) ProPlus with shared activation: Excel, Word, and PowerPoint | <span class='green-check'>&#9989;</span> | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span> | <span class='red-x'>&#10060;</span> | | | [Power BI Desktop](https://powerbi.microsoft.com/) | <span class='green-check'>&#9989;</span></br> (2.73.55xx) | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span></br> | <span class='red-x'>&#10060;</span> | |
-| Microsoft Edge Browser | <span class='red-x'>&#10060;</span> | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span> | <span class='red-x'>&#10060;</span> | |
+| Microsoft Edge Browser | <span class='red-x'>&#10060;</span> | <span class='red-x'>&#10060;</span> | <span class='green-check'>&#9989;</span> | <span class='red-x'>&#10060;</span> | |
storage Storage Blobs Static Site Github Actions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/blobs/storage-blobs-static-site-github-actions.md
In the example above, replace the placeholders with your subscription ID and res
with: azcliversion: 2.0.72 inlineScript: |
- az cdn endpoint purge --content-paths "/*" --profile-name "CDN_PROFILE_NAME" --name "CDN_ENDPOINT" --resource-group "RESOURCE_GROUP"
+ az cdn endpoint purge --content-paths "/*" --profile-name "CDN_PROFILE_NAME" --name "CDN_ENDPOINT" --resource-group "RESOURCE_GROUP"
``` 1. Complete your workflow by adding an action to logout of Azure. Here is the completed workflow. The file will appear in the `.github/workflows` folder of your repository.
In the example above, replace the placeholders with your subscription ID and res
with: azcliversion: 2.0.72 inlineScript: |
- az cdn endpoint purge --content-paths "/*" --profile-name "CDN_PROFILE_NAME" --name "CDN_ENDPOINT" --resource-group "RESOURCE_GROUP"
+ az cdn endpoint purge --content-paths "/*" --profile-name "CDN_PROFILE_NAME" --name "CDN_ENDPOINT" --resource-group "RESOURCE_GROUP"
# Azure logout - name: logout
When your static website and GitHub repository are no longer needed, clean up th
## Next steps > [!div class="nextstepaction"]
-> [Learn about Azure Static Web Apps](../../static-web-apps/index.yml)
+> [Learn about Azure Static Web Apps](../../static-web-apps/index.yml)
storage Storage Use Azcopy Files https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/common/storage-use-azcopy-files.md
Use the [azcopy copy](storage-ref-azcopy-copy.md) command with the `--include-pa
You can also exclude files by using the `--exclude-pattern` option. To learn more, see [azcopy copy](storage-ref-azcopy-copy.md) reference docs.
-The `--include-pattern` and `--exclude-pattern` options apply only to filenames and not to the path. If you want to copy all of the text files that exist in a directory tree, use the `ΓÇôrecursive` option to get the entire directory tree, and then use the `ΓÇôinclude-pattern` and specify `*.txt` to get all of the text files.
+The `--include-pattern` and `--exclude-pattern` options apply only to filenames and not to the path. If you want to copy all of the text files that exist in a directory tree, use the `--recursive` option to get the entire directory tree, and then use the `--include-pattern` and specify `*.txt` to get all of the text files.
#### Upload files that were modified after a date and time
Use the [azcopy copy](storage-ref-azcopy-copy.md) command with the `--include-pa
You can also exclude files by using the `--exclude-pattern` option. To learn more, see [azcopy copy](storage-ref-azcopy-copy.md) reference docs.
-The `--include-pattern` and `--exclude-pattern` options apply only to filenames and not to the path. If you want to copy all of the text files that exist in a directory tree, use the `ΓÇôrecursive` option to get the entire directory tree, and then use the `ΓÇôinclude-pattern` and specify `*.txt` to get all of the text files.
+The `--include-pattern` and `--exclude-pattern` options apply only to filenames and not to the path. If you want to copy all of the text files that exist in a directory tree, use the `--recursive` option to get the entire directory tree, and then use the `--include-pattern` and specify `*.txt` to get all of the text files.
#### Download files that were modified after a date and time
Find more examples in any of these articles:
- [Transfer data](storage-use-azcopy-v10.md#transfer-data) -- [Configure, optimize, and troubleshoot AzCopy](storage-use-azcopy-configure.md)
+- [Configure, optimize, and troubleshoot AzCopy](storage-use-azcopy-configure.md)
synapse-analytics Concepts Data Factory Differences https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/data-integration/concepts-data-factory-differences.md
Check below table for features availability:
| **GIT Repository Integration** | GIT Integration | Γ£ô | Γ£ô | | **Monitoring** | Monitoring of Spark Jobs for Data Flow | Γ£ù | Γ£ô<br><small>*Leverage the Synapse Spark pools* | | | Integration with Azure Monitor | Γ£ô | Γ£ù |
+| **Lineage** | Supports publishing Pipeline lineage data to Purview | Γ£ô | Γ£ù |
> [!Note] > **Time to Live** is an Azure Integration Runtime setting that enables the Spark cluster to *stay warm* for a period of time after an execution of data flow.
virtual-machines Troubleshoot Bitlocker Boot Error https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/troubleshooting/troubleshoot-bitlocker-boot-error.md
If this method does not the resolve the problem, follow these steps to restore t
$osDiskName = "ProblemOsDisk" # Set the EncryptionSettingsEnabled property to false, so you can attach the disk to the recovery VM. New-AzDiskUpdateConfig -EncryptionSettingsEnabled $false |Update-AzDisk -diskName $osDiskName -ResourceGroupName $rgName
+ $osDisk = Get-AzDisk -ResourceGroupName $rgName -DiskName $osDiskName;
$recoveryVMName = "myRecoveryVM" $recoveryVMRG = "RecoveryVMRG"
- $OSDisk = Get-AzDisk -ResourceGroupName $rgName -DiskName $osDiskName;
- $vm = get-AzVM -ResourceGroupName $recoveryVMRG -Name $recoveryVMName Add-AzVMDataDisk -VM $vm -Name $osDiskName -ManagedDiskId $osDisk.Id -Caching None -Lun 3 -CreateOption Attach
virtual-machines Oracle Database Quick Create https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/workloads/oracle/oracle-database-quick-create.md
The Oracle software is already installed on the Marketplace image. Create a samp
1. Switch to the **oracle** user: ```bash
- $ sudo su - oracle
+ sudo su - oracle
``` 2. Start the database listener ```bash
- $ lsnrctl start
+ lsnrctl start
``` The output is similar to the following:
web-application-firewall Tutorial Restrict Web Traffic Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/web-application-firewall/ag/tutorial-restrict-web-traffic-powershell.md
$store = Get-AzStorageAccount `
Set-AzDiagnosticSetting ` -ResourceId $appgw.Id ` -StorageAccountId $store.Id `
- -Categories ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog `
+ -Category ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog `
-Enabled $true ` -RetentionEnabled $true ` -RetentionInDays 30