Updates from: 02/26/2024 02:09:00
Service Microsoft Docs article Related commit history on GitHub Change details
ai-services Audio Concepts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/concepts/audio-concepts.md
Title: Audio concepts in Azure AI Speech description: An overview of audio concepts in Azure AI Speech.- Previously updated : 12/12/2023- Last updated : 2/24/2024+++ # Audio concepts in Azure AI Speech
ai-services Get Started Speech To Text https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/get-started-speech-to-text.md
Last updated 01/30/2024
-# ms.devlang: cpp, csharp, golang, java, javascript, objective-c, python
zone_pivot_groups: programming-languages-speech-services keywords: speech to text, speech to text software
ai-services Quickstart Custom Commands Application https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/quickstart-custom-commands-application.md
Previously updated : 02/19/2022 Last updated : 2/24/2024
At this time, custom commands support speech resources created in regions that h
> [!div class="checklist"] > * <a href="https://portal.azure.com/#create/Microsoft.CognitiveServicesSpeechServices" target="_blank">Create a Speech resource in a region that supports custom commands.</a> Refer to the **Region Availability** section above for list of supported regions.
-> * Download the sample
-[Smart Room Lite](https://aka.ms/speech/cc-quickstart) json file.
+> * Download the sample [Smart Room Lite](https://aka.ms/speech/cc-quickstart) json file.
> * Download the latest version of [Windows Voice Assistant Client](https://aka.ms/speech/va-samples-wvac). ## Go to the Speech Studio for custom commands
ai-services Multi Device Conversation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/quickstarts/multi-device-conversation.md
Previously updated : 06/25/2020 Last updated : 2/24/2024 zone_pivot_groups: programming-languages-set-nine ms.devlang: cpp
[!INCLUDE [Header](../includes/quickstarts/multi-device-conversation/header.md)] > [!NOTE]
-> The Speech SDK for Java, JavaScript, Objective-C, and Swift support Multi-device Conversation, but we haven't yet included a guide here.
+> The Speech SDK for Java, JavaScript, Objective-C, and Swift support multi-device conversation, but we haven't yet included a guide here.
::: zone pivot="programming-language-csharp" [!INCLUDE [Header](../includes/quickstarts/multi-device-conversation/csharp/header.md)]
ai-services Voice Assistants https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/quickstarts/voice-assistants.md
Previously updated : 06/25/2020 Last updated : 2/24/2024 ms.devlang: csharp
-# ms.devlang: csharp, golang, java
zone_pivot_groups: programming-languages-voice-assistants
ai-services Avatar Gestures With Ssml https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/avatar-gestures-with-ssml.md
Title: Customize avatar gestures with SSML - Speech service
-description: Learn how to edit text to speech avatar gestures with SSML
-
+description: Learn how to edit text to speech avatar gestures with SSML.
Previously updated : 11/15/2023-
-keywords: text to speech avatar batch synthesis
Last updated : 2/24/2024+++ # Customize text to speech avatar gestures with SSML (preview)
In this example, the avatar will start waving their hand at the left after the w
:::image type="content" source="./media/gesture.png" alt-text="Screenshot of displaying the prebuilt avatar waving their hand at the left." lightbox="./media/gesture.png":::
-## Supported pre-built avatar characters, styles and gestures
+## Supported pre-built avatar characters, styles, and gestures
The full list of prebuilt avatar supported gestures provided here can also be found in the text to speech avatar portal.
-| Characters | Styles<sup>1</sup> | Gestures<sup>2</sup> |
+| Characters | Styles | Gestures |
||-|--|
-| Lisa| casual-sitting | numeric1-left-1<br>numeric2-left-1<br>numeric3-left-1<br>thumbsup-left-1<br>show-front-1<br>show-front-2<br>show-front-3<br>show-front-4<br>show-front-5<br>think-twice-1<br>show-front-6<br>show-front-7<br>show-front-8<br>show-front-9 |
+| Lisa| casual-sitting | numeric1-left-1<br>numeric2-left-1<br>numeric3-left-1<br>thumbsup-left-1<br>show-front-1<br>show-front-2<br>show-front-3<br>show-front-4<br>show-front-5<br>think-twice-1<br>show-front-6<br>show-front-7<br>show-front-8<br>show-front-9 |
| Lisa | graceful-sitting | wave-left-1<br>wave-left-2<br>thumbsup-left<br>show-left-1<br>show-left-2<br>show-left-3<br>show-left-4<br>show-left-5<br>show-right-1<br>show-right-2<br>show-right-3<br>show-right-4<br>show-right-5 | | Lisa | graceful-standing | | | Lisa | technical-sitting | wave-left-1<br>wave-left-2<br>show-left-1<br>show-left-2<br>point-left-1<br>point-left-2<br>point-left-3<br>point-left-4<br>point-left-5<br>point-left-6<br>show-right-1<br>show-right-2<br>show-right-3<br>point-right-1<br>point-right-2<br>point-right-3<br>point-right-4<br>point-right-5<br>point-right-6 | | Lisa | technical-standing | |
-<sup>1</sup> Only `casual-sitting` style is supported on real-time API.
-
-<sup>2</sup> Gestures are only supported on batch API and not supported on real-time API.
+Only the `casual-sitting` style is supported via the real-time text to speech API. Gestures are only supported with the batch synthesis API and aren't supported via the real-time API.
## Next steps
ai-services Batch Synthesis Avatar Properties https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/batch-synthesis-avatar-properties.md
Title: Batch synthesis properties - Speech service description: Learn about the batch synthesis properties that are available for text to speech avatar. - Previously updated : 11/15/2023-
-keywords: text to speech avatar batch synthesis
Last updated : 2/24/2024+++ # Batch synthesis properties for text to speech avatar (preview)
ai-services Batch Synthesis Avatar https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/batch-synthesis-avatar.md
Title: How to use batch synthesis for text to speech avatar - Speech service
-description: Learn how to create text to speech avatar batch synthesis
-
+description: Learn how to create text to speech avatar batch synthesis.
Previously updated : 11/15/2023-
-keywords: text to speech avatar batch synthesis
Last updated : 2/24/2024+++ # How to use batch synthesis for text to speech avatar (preview)
ai-services Custom Avatar Create https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/custom-avatar-create.md
Title: How to create a custom text to speech avatar - Speech service
-description: Learn how to create a custom text to speech avatar
-
+description: Learn how to create a custom text to speech avatar.
Previously updated : 11/15/2023-
-keywords: custom text to speech avatar
Last updated : 2/24/2024+++ # How to create a custom text to speech avatar (preview)
ai-services Real Time Synthesis Avatar https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/real-time-synthesis-avatar.md
Title: Real-time synthesis for text to speech avatar (preview) - Speech service description: Learn how to use text to speech avatar with real-time synthesis.- Previously updated : 11/15/2023-
-keywords: text to speech avatar
Last updated : 2/24/2024+++ # How to do real-time synthesis for text to speech avatar (preview)
ai-services What Is Custom Text To Speech Avatar https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/what-is-custom-text-to-speech-avatar.md
Title: Custom text to speech avatar overview - Speech service description: Get an overview of the custom text to speech avatar feature of speech service, which allows you to create a customized, one-of-a-kind synthetic talking avatar for your application.- Previously updated : 11/15/2023-
-keywords: custom text to speech avatar
Last updated : 2/24/2024+++ # What is custom text to speech avatar? (preview)
ai-services What Is Text To Speech Avatar https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/what-is-text-to-speech-avatar.md
Title: Text to speech avatar overview - Speech service description: Get an overview of the Text to speech avatar feature of speech service, which allows users to create synthetic videos featuring avatars speaking based on text input. - Previously updated : 11/15/2023- Last updated : 2/24/2024+++
-keywords: text to speech avatar
# Text to speech avatar overview (preview)
ai-studio Commitment Tier https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/commitment-tier.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
Azure AI offers commitment tier pricing, each offering a discounted rate compare
## Purchase a commitment plan by updating your Azure resource 1. Sign in to the [Azure portal](https://portal.azure.com) with your Azure subscription.
-2. In your Azure resource for one of the applicable features listed, select **Commitment tier pricing**.
-3. Select **Change** to view the available commitments for hosted API and container usage. Choose a commitment plan for one or more of the following offerings:
+1. Select the existing Azure resource you want to purchase a commitment plan for.
+1. From the collapsible left menu, select **Resource Management** > **Commitment tier pricing**.
+1. Select **Change** to view the available commitments for hosted API and container usage. Choose a commitment plan for one or more of the following offerings:
* **Web**: web-based APIs, where you send data to Azure for processing. * **Connected container**: Docker containers that enable you to [deploy Azure AI services on premises](../../ai-services/cognitive-services-container-support.md), and maintain an internet connection for billing and metering.
-4. In the window that appears, select both a **Tier** and **Auto-renewal** option.
+1. In the window that appears, select both a **Tier** and **Auto-renewal** option.
* **Commitment tier** - The commitment tier for the feature. The commitment tier is enabled immediately when you select **Purchase** and you're charged the commitment amount on a pro-rated basis.
If you decide that you don't want to continue purchasing a commitment plan, you
## Purchase a commitment tier pricing plan for disconnected containers
-Commitment plans for disconnected containers have a calendar year commitment period. These are different plans than web and connected container commitment plans. When you purchase a commitment plan, you're charged the full price immediately. During the commitment period, you can't change your commitment plan, however you can purchase more units at a pro-rated price for the remaining days in the year. You have until midnight (UTC) on the last day of your commitment, to end a commitment plan.
+Commitment plans for disconnected containers have a calendar year commitment period. These plans are different the than web and connected container commitment plans. When you purchase a commitment plan, you're charged the full price immediately. During the commitment period you can't change your commitment plan. However, you can purchase more units at a pro-rated price for the remaining days in the year. You have until midnight (UTC) on the last day of your commitment, to end a commitment plan.
You can choose a different commitment plan in the **Commitment Tier pricing** settings of your resource.
ai-studio Flow Bulk Test Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/flow-bulk-test-evaluation.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
In this article you learn to:
For a batch run and to use an evaluation method, you need to have the following ready: -- A test dataset for batch run. Your dataset should be in one of these formats: `.csv`, `.tsv`, or `.jsonl`. Your data should also include headers that match the input names of your flow. If your flow inputs include a complex structure like a list or dictionary, you're recommended to use `jsonl` format to represent your data.
+- A test dataset for batch run. Your dataset should be in one of these formats: `.csv`, `.tsv`, or `.jsonl`. Your data should also include headers that match the input names of your flow. If your flow inputs include a complex structure like a list or dictionary, use `jsonl` format to represent your data.
- An available runtime to run your batch run. A runtime is a cloud-based resource that executes your flow and generates outputs. To learn more about runtime, see [Runtime](./create-manage-runtime.md). ## Submit a batch run and use an evaluation method
You can go to the prompt flow **Runs** tab. Then go to the batch run detail page
## Check batch run history and compare metrics
-In some scenarios, you'll modify your flow to improve its performance. You can submit multiple batch runs to compare the performance of your flow with different versions. You can also compare the metrics calculated by different evaluation methods to see which one is more suitable for your flow.
+In some scenarios, you modify your flow to improve its performance. You can submit more than one batch run to compare the performance of your flow with different versions. You can also compare the metrics calculated by different evaluation methods to see which one is more suitable for your flow.
To check the batch run history of your flow, you can select the **View batch run** button of your flow page. You see a list of batch runs that you have submitted for this flow.
In the "Outputs" table, you can compare the selected batch runs by each line of
## Understand the built-in evaluation methods
-In prompt flow, we provide multiple built-in evaluation methods to help you measure the performance of your flow output. Each evaluation method calculates different metrics. Now we provide nine built-in evaluation methods available, you can check the following table for a quick reference:
+In prompt flow, we provide multiple built-in evaluation methods to help you measure the performance of your flow output. Each evaluation method calculates different metrics. See the following table for a list of built-in evaluation methods and their descriptions.
| Evaluation Method | Metrics | Description | Connection Required | Required Input | Score Value | |||||||
ai-studio Flow Deploy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/flow-deploy.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
You can invoke the endpoint for real-time inference for chat, copilot, or anothe
In this article, you learn how to deploy a flow as a managed online endpoint for real-time inference. The steps you take are: -- Test your flow and get it ready for deployment-- Create an online deployment-- Grant permissions to the endpoint-- Test the endpoint-- Consume the endpoint
+- Test your flow and get it ready for deployment.
+- Create an online deployment.
+- Grant permissions to the endpoint.
+- Test the endpoint.
+- Consume the endpoint.
## Prerequisites
See detailed guidance about how to grant permissions to the endpoint identity in
### Advanced settings - Outputs & Connections
-In this step, you can view all flow outputs, and specify which outputs will be included in the response of the endpoint you deploy. By default all flow outputs are selected.
+In this step, you can view all flow outputs, and specify which outputs to include in the response of the endpoint you deploy. By default all flow outputs are selected.
You can also specify the connections used by the endpoint when it performs inference. By default they're inherited from the flow.
ai-studio Flow Develop Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/flow-develop-evaluation.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
Evaluation flows are special types of flows that assess how well the outputs of a run align with specific criteria and goals.
-In Prompt flow, you can customize or create your own evaluation flow tailored to your tasks and objectives, and then use it to evaluate other flows. This document you'll learn:
+In prompt flow, you can customize or create your own evaluation flow tailored to your tasks and objectives, and then use it to evaluate other flows. In this document you learn:
-- How to develop an evaluation method-- Understand evaluation in Prompt flow
- - Inputs
- - Outputs and Metrics Logging
+- How to develop an evaluation method.
+- Understand inputs, outputs, and logging metrics for prompt flow evaluations.
## Starting to develop an evaluation method
There are two ways to develop your own evaluation methods:
- **Customize a Built-in Evaluation Flow:** Modify a built-in evaluation flow. Find the built-in evaluation flow from the flow creation wizard - flow gallery, select ΓÇ£CloneΓÇ¥ to do customization. -- **Create a New Evaluation Flow from Scratch:** Develop a brand-new evaluation method from the ground up. In flow creation wizard, select ΓÇ£CreateΓÇ¥ Evaluation flow, then, you can see a template of evaluation flow.
+- **Create a New Evaluation Flow from Scratch:** Develop a brand-new evaluation method from the ground up. In flow creation wizard, select ΓÇ£CreateΓÇ¥ Evaluation flow then you can see a template of evaluation flow.
## Understand evaluation in Prompt flow
In Prompt flow, a flow is a sequence of nodes that process an input and generate
Some special features of evaluation methods are:
-1. They usually run after the run to be tested, and receive outputs from that run.
-2. Apart from the outputs from the run to be tested, they can receive an optional additional dataset which might contain corresponding ground truths.
-3. They might have an aggregation node that calculates the overall performance of the flow being tested based on the individual scores.
-4. They can log metrics using log_metric() function.
+- They usually run after the run to be tested, and receive outputs from that run.
+- Apart from the outputs from the run to be tested, optionally they can receive another dataset that might contain corresponding ground truths.
+- They might have an aggregation node that calculates the overall performance of the flow being tested based on the individual scores.
+- They can log metrics using the `log_metric()` function.
-We'll introduce how the inputs and outputs should be defined in developing evaluation methods.
+We introduce how the inputs and outputs should be defined in developing evaluation methods.
### Inputs An evaluation runs after another run to assess how well the outputs of that run align with specific criteria and goals. Therefore, evaluation receives the outputs generated from that run.
-Other inputs might also be required, such as ground truth, which might come from a dataset. By default, evaluation will use the same dataset as the test dataset provided to the tested run. However, if the corresponding labels or target ground truth values are in a different dataset, you can easily switch to that one.
+Other inputs might also be required, such as ground truth, which might come from a dataset. By default, evaluation uses the same dataset as the test dataset provided to the tested run. However, if the corresponding labels or target ground truth values are in a different dataset, you can easily switch to that one.
-Therefore, to run an evaluation, you need to indicate the sources of these required inputs. To do so, when submitting an evaluation, you'll see an **"input mapping"** section.
+Therefore, to run an evaluation, you need to indicate the sources of these required inputs. To do so, when submitting an evaluation, you see an **"input mapping"** section.
- If the data source is from your run output, the source is indicated as `${run.output.[OutputName]}` - If the data source is from your test dataset, the source is indicated as `${data.[ColumnName]}` -- > [!NOTE] > If your evaluation doesn't require data from the dataset, you do not need to reference any dataset columns in the input mapping section, indicating the dataset selection is an optional configuration. Dataset selection won't affect evaluation result.
Then this description is displayed to when using this evaluation method in batch
The outputs of an evaluation are the results that measure the performance of the flow being tested. The output usually contains metrics such as scores, and might also include text for reasoning and suggestions.
-#### Instance-level scores ΓÇö outputs
+#### Instance-level scores outputs
-In Prompt flow, the flow processes each sample dataset one at a time and generates an output record. Similarly, in most evaluation cases, there will be a metric for each output, allowing you to check how the flow performs on each individual data.
+In prompt flow, the flow processes each sample dataset one at a time and generates an output record. Similarly, in most evaluation cases, there's a metric for each output, allowing you to check how the flow performs on each individual data.
To record the score for each data sample, calculate the score for each output, and log the score **as a flow output** by setting it in the output section. This authoring experience is the same as defining a standard flow output.
To record the score for each data sample, calculate the score for each output, a
We calculate this score in `line_process` node, which you can create and edit from scratch when creating by type. You can also replace this python node with an LLM node to use LLM to calculate the score.
-When this evaluation method is used to evaluate another flow, the instance-level score can be viewed in the **Overview ->Output** tab.
+When this evaluation method is used to evaluate another flow, the instance-level score can be viewed in the **Overview** > **Output** tab.
#### Metrics logging and aggregation node In addition, it's also important to provide an overall score for the run. You can check the **"set as aggregation"** of a Python node in an evaluation flow to turn it into a "reduce" node, allowing the node to take in the inputs **as a list** and process them in batch. - In this way, you can calculate and process all the scores of each flow output and compute an overall result for each variant. You can log metrics in an aggregation node using **Prompt flow_sdk.log_metrics()**. The metrics should be numerical (float/int). String type metrics logging isn't supported.
-We calculate this score in `aggregate` node, which you can create and edit from scratch when creating by type. You can also replace this python node with an LLM node to use LLM to calculate the score. See the following example for using the log_metric API in an evaluation flow:
+We calculate this score in the `aggregate` node, which you can create and edit from scratch when creating by type. You can also replace this Python node with an LLM node to use the LLM to calculate the score. See the following example for using the `log_metric` API in an evaluation flow:
```python
ai-studio Flow Develop https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/flow-develop.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
In this article, you learn how to create and develop your first prompt flow in A
## Prerequisites -- If you don't have a project already, first [create a project](create-projects.md).
+- If you don't have an Azure AI project already, first [create a project](create-projects.md).
- Prompt flow requires a runtime. If you don't have a runtime, you can [create one in Azure AI Studio](./create-manage-runtime.md). - You need a deployed model.
You can create a flow by either cloning the samples available in the gallery or
To create a prompt flow from the gallery in Azure AI Studio: 1. Sign in to [Azure AI Studio](https://ai.azure.com) and select your project from the **Build** page.
-1. From the collapsible left menu, select **Flows**.
-1. In the **Standard flows** tile, select **Create**.
+1. From the collapsible left menu, select **Prompt flow**.
+1. Select **+ Create**.
+1. In the **Standard flow** tile, select **Create**.
1. On the **Create a new flow** page, enter a folder name and then select **Create**. :::image type="content" source="../media/prompt-flow/create-standard-flow.png" alt-text="Screenshot of selecting and creating a standard flow." lightbox="../media/prompt-flow/create-standard-flow.png":::
ai-studio Flow Tune Prompts Using Variants https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/flow-tune-prompts-using-variants.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
In this article, you learn how to use variants to tune prompts and evaluate the performance of different variants.
-Crafting a good prompt is a challenging task that requires a lot of creativity, clarity, and relevance. A good prompt can elicit the desired output from a pretrained language model, while a bad prompt can lead to inaccurate, irrelevant, or nonsensical outputs. Therefore, it's necessary to tune prompts to optimize their performance and robustness for different tasks and domains.
+Crafting a good prompt is a challenging task that requires much creativity, clarity, and relevance. A good prompt can elicit the desired output from a pretrained language model, while a bad prompt can lead to inaccurate, irrelevant, or nonsensical outputs. Therefore, it's necessary to tune prompts to optimize their performance and robustness for different tasks and domains.
-Variants can help you test the modelΓÇÖs behavior under different conditions, such as different wording, formatting, context, temperature, or top-k, compare and find the best prompt and configuration that maximizes the modelΓÇÖs accuracy, diversity, or coherence.
+Variants can help you test the modelΓÇÖs behavior under different conditions, such as different wording, formatting, context, temperature, or top-k. You can compare and find the best prompt and configuration that maximizes the model's accuracy, diversity, or coherence.
## Variants in Prompt flow
By utilizing different variants of prompts and settings, you can explore how the
Benefits of using variants include: - **Enhance the quality of your LLM generation**: By creating multiple variants of the same LLM node with diverse prompts and configurations, you can identify the optimal combination that produces high-quality content aligned with your needs.-- **Save time and effort**: Even slight modifications to a prompt can yield significantly different results. It's crucial to track and compare the performance of each prompt version. With variants, you can easily manage the historical versions of your LLM nodes, facilitating updates based on any variant without the risk of forgetting previous iterations. Variants save you time and effort in managing prompt tuning history.
+- **Save time and effort**: Even slight modifications to a prompt can yield different results. It's crucial to track and compare the performance of each prompt version. With variants, you can easily manage the historical versions of your LLM nodes, facilitating updates based on any variant without the risk of forgetting previous iterations. Variants save you time and effort in managing prompt tuning history.
- **Boost productivity**: Variants streamline the optimization process for LLM nodes, making it simpler to create and manage multiple variations. You can achieve improved results in less time, thereby increasing your overall productivity. - **Facilitate easy comparison**: You can effortlessly compare the results obtained from different variants side by side, enabling you to make data-driven decisions regarding the variant that generates the best outcomes. ## How to tune prompts using variants?
-In this article, we'll use **Web Classification** sample flow as example.
+In this article, we use **Web Classification** sample flow as example.
1. Open the sample flow and remove the **prepare_examples** node as a start.
To make sure all the variants can run successfully, and work as expected, you ca
In this example, we configure variants for both **summarize_text_content** node and **classify_with_llm** node, so you have to run twice to test all the variants. 1. Select the **Run** button on the top right.
-1. Select an LLM node with variants. The other LLM nodes will use the default variant.
+1. Select an LLM node with variants. The other LLM nodes use the default variant.
2. Submit the flow run. 3. After the flow run is completed, you can check the corresponding result for each variant. 4. Submit another flow run with the other LLM node with variants, and check the outputs.
In this example, we configure variants for both **summarize_text_content** node
### Evaluate variants
-When you run the variants with a few single pieces of data and check the results with the naked eye, it cannot reflect the complexity and diversity of real-world data, meanwhile the output isn't measurable, so it's hard to compare the effectiveness of different variants, then choose the best.
+When you run the variants with a few single pieces of data and check the results with the naked eye, it can't reflect the complexity and diversity of real-world data, meanwhile the output isn't measurable, so it's hard to compare the effectiveness of different variants, then choose the best.
You can submit a batch run, which allows you test the variants with a large amount of data and evaluate them with metrics, to help you find the best fit.
-1. First you need to prepare a dataset, which is representative enough of the real-world problem you want to solve with Prompt flow. In this example, it's a list of URLs and their classification ground truth. We'll use accuracy to evaluate the performance of variants.
+1. First you need to prepare a dataset, which is representative enough of the real-world problem you want to solve with Prompt flow. In this example, it's a list of URLs and their classification ground truth. We use accuracy to evaluate the performance of variants.
2. Select **Evaluate** on the top right of the page. 3. A wizard for **Batch run & Evaluate** occurs. The first step is to select a node to run all its variants.
- To test how well different variants work for each node in a flow, you need to run a batch run for each node with variants one by one. This helps you avoid the influence of other nodes' variants and focus on the results of this node's variants. This follows the rule of the controlled experiment, which means that you only change one thing at a time and keep everything else the same.
+ To test how different variants work for each node in a flow, you need to run a batch run for each node with variants one by one. This helps you avoid the influence of other nodes' variants and focus on the results of this node's variants. This follows the rule of the controlled experiment, which means that you only change one thing at a time and keep everything else the same.
- For example, you can select **classify_with_llm** node to run all variants, the **summarize_text_content** node will use it default variant for this batch run.
+ For example, you can select **classify_with_llm** node to run all variants, the **summarize_text_content** node uses the default variant for this batch run.
4. Next in **Batch run settings**, you can set batch run name, choose a runtime, upload the prepared data. 5. Next, in **Evaluation settings**, select an evaluation method.
ai-studio Index Add https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/index-add.md
- ignite-2023 Previously updated : 01/15/2024 Last updated : 2/24/2024
If the Azure AI hub resource the project uses was created through Azure portal:
## Use an index in prompt flow
-1. Open your AI Studio project.
-1. In **Flows**, create a new flow or open an existing flow.
+1. Sign in to [Azure AI Studio](https://ai.azure.com) and select your project from the **Build** page.
+1. From the collapsible left menu, select **Prompt flow**.
+1. Open an existing prompt flow or select **+ Create** to create a new flow.
1. On the top menu of the flow designer, select **More tools**, and then select ***Index Lookup***. :::image type="content" source="../media/index-retrieve/index-lookup-tool.png" alt-text="Screenshot of Vector index Lookup from More Tools." lightbox="../media/index-retrieve/index-lookup-tool.png":::
ai-studio Hear Speak Playground https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/quickstarts/hear-speak-playground.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
ai-studio Playground Completions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/quickstarts/playground-completions.md
- ignite-2023 Previously updated : 11/15/2023 Last updated : 2/24/2024
aks Concepts Network https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/concepts-network.md
This article introduces the core concepts that provide networking to your applic
## Kubernetes networking basics
-Kubernetes employs a virtual networking layer to manage access within and between your applications or their components. This involves the following key aspects:
+Kubernetes employs a virtual networking layer to manage access within and between your applications or their components:
- **Kubernetes nodes and virtual network**: Kubernetes nodes are connected to a virtual network. This setup enables pods (basic units of deployment in Kubernetes) to have both inbound and outbound connectivity. -- **Kube-proxy component**: Running on each node, kube-proxy is responsible for providing the necessary network features.
+- **Kube-proxy component**: kube-proxy runs on each node and is responsible for providing the necessary network features.
Regarding specific Kubernetes functionalities: -- **Services**: These are used to logically group pods, allowing direct access to them through a specific IP address or DNS name on a designated port.-- **Service types**: This feature lets you specify the kind of Service you wish to create.
+- **Services**: Services is used to logically group pods, allowing direct access to them through a specific IP address or DNS name on a designated port.
+- **Service types**: Specifies the kind of Service you wish to create.
- **Load balancer**: You can use a load balancer to distribute network traffic evenly across various resources. - **Ingress controllers**: These facilitate Layer 7 routing, which is essential for directing application traffic. - **Egress traffic control**: Kubernetes allows you to manage and control outbound traffic from cluster nodes.
In the context of the Azure platform:
## Services
-To simplify the network configuration for application workloads, Kubernetes uses *Services* to logically group a set of pods together and provide network connectivity. You can specify a Kubernetes *ServiceType* to specify what kind of Service you want, for example if you want to expose a Service onto an external IP address that's outside of your cluster. For more information, see the Kubernetes documentation for [Publishing Services (ServiceTypes)][service-types].
+To simplify the network configuration for application workloads, Kubernetes uses *Services* to logically group a set of pods together and provide network connectivity. You can specify a Kubernetes *ServiceType* to define the type of Service you want. For example, if you want to expose a Service on an external IP address outside of your cluster. For more information, see the Kubernetes documentation on [Publishing Services (ServiceTypes)][service-types].
The following ServiceTypes are available: * **ClusterIP**
- ClusterIP creates an internal IP address for use within the AKS cluster. This Service is good for *internal-only applications* that support other workloads within the cluster. This is the default that's used if you don't explicitly specify a type for a Service.
+ ClusterIP creates an internal IP address for use within the AKS cluster. The ClusterIP Service is good for *internal-only applications* that support other workloads within the cluster. ClusterIP is the default used if you don't explicitly specify a type for a Service.
![Diagram showing ClusterIP traffic flow in an AKS cluster][aks-clusterip]
For more information, see [Configure kubenet networking for an AKS cluster][aks-
### Azure CNI (advanced) networking
-With Azure CNI, every pod gets an IP address from the subnet and can be accessed directly. These IP addresses must be planned in advance and unique across your network space. Each node has a configuration parameter for the maximum number of pods it supports. The equivalent number of IP addresses per node are then reserved up front. This approach can lead to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow, so it's important to plan properly. To avoid these planning challenges, it is possible to enable the feature [Azure CNI networking for dynamic allocation of IPs and enhanced subnet support][configure-azure-cni-dynamic-ip-allocation].
+With Azure CNI, every pod gets an IP address from the subnet and can be accessed directly. These IP addresses must be planned in advance and unique across your network space. Each node has a configuration parameter for the maximum number of pods it supports. The equivalent number of IP addresses per node are then reserved up front. This approach can lead to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow, so it's important to plan properly. To avoid these planning challenges, it's possible to enable the feature [Azure CNI networking for dynamic allocation of IPs and enhanced subnet support][configure-azure-cni-dynamic-ip-allocation].
> [!NOTE] > Due to Kubernetes limitations, the Resource Group name, the Virtual Network name and the subnet name must be 63 characters or less.
-Unlike kubenet, traffic to endpoints in the same virtual network isn't NAT'd to the node's primary IP. The source address for traffic inside the virtual network is the pod IP. Traffic that's external to the virtual network still NATs to the node's primary IP.
+Unlike kubenet, traffic to endpoints in the same virtual network isn't translated (NAT) to the node's primary IP. The source address for traffic inside the virtual network is the pod IP. Traffic that's external to the virtual network still NATs to the node's primary IP.
Nodes use the [Azure CNI][cni-networking] Kubernetes plugin.
For more information, see [Configure Azure CNI for an AKS cluster][aks-configure
### Azure CNI Overlay networking
-[Azure CNI Overlay][azure-cni-overlay] represents an evolution of Azure CNI, addressing scalability and planning challenges arising from the assignment of VNet IPs to pods. It achieves this by assigning private CIDR IPs to pods, which are separate from the VNet and can be reused across multiple clusters. Additionally, Azure CNI Overlay can scale beyond the 400 node limit enforced in Kubenet clusters. Azure CNI Overlay is the recommended option for most clusters.
+[Azure CNI Overlay][azure-cni-overlay] represents an evolution of Azure CNI, addressing scalability and planning challenges arising from the assignment of virtual network IPs to pods. Azure CNI Overlay assigns private CIDR IPs to pods. The private IPs are separate from the virtual network and can be reused across multiple clusters. Azure CNI Overlay can scale beyond the 400 node limit enforced in Kubenet clusters. Azure CNI Overlay is the recommended option for most clusters.
### Azure CNI Powered by Cilium
-[Azure CNI Powered by Cilium][azure-cni-powered-by-cilium] uses [Cilium](https://cilium.io) to provide high-performance networking, observability, and network policy enforcement. It integrates natively with [Azure CNI Overlay][azure-cni-overlay] for scalable IP address management (IPAM)
+[Azure CNI Powered by Cilium][azure-cni-powered-by-cilium] uses [Cilium](https://cilium.io) to provide high-performance networking, observability, and network policy enforcement. It integrates natively with [Azure CNI Overlay][azure-cni-overlay] for scalable IP address management (IPAM).
-Additionally, Cilium enforces network policies by default, without requiring a separate network policy engine. Using eBPF programs and a more efficient API object structure, Azure CNI Powered by Cilium can scale beyond [Azure Network Policy Manager's limits of 250 nodes / 20K pod][use-network-policies].
+Additionally, Cilium enforces network policies by default, without requiring a separate network policy engine. Azure CNI Powered by Cilium can scale beyond [Azure Network Policy Manager's limits of 250 nodes / 20-K pod][use-network-policies] by using ePBF programs and a more efficient API object structure.
Azure CNI Powered by Cilium is the recommended option for clusters that require network policy enforcement. ### Bring your own CNI
-It is possible to install in AKS a third party CNI using the [Bring your own CNI][use-byo-cni] feature.
+It's possible to install in AKS a non-Microsoft CNI using the [Bring your own CNI][use-byo-cni] feature.
### Compare network models
Both kubenet and Azure CNI provide network connectivity for your AKS clusters. H
* Pods get full virtual network connectivity and can be directly reached via their private IP address from connected networks. * Requires more IP address space.
+| Network model | When to use |
+||-|
+| **Kubenet** | ΓÇó IP address space conversation is a priority. </br> ΓÇó Simple configuration. </br> ΓÇó Fewer than 400 nodes per cluster. </br> ΓÇó Kubernetes internal or external load balancers are sufficient for reaching pods from outside the cluster. </br> ΓÇó Manually managing and maintaining user defined routes is acceptable. |
+| **Azure CNI** | ΓÇó Full virtual network connectivity is required for pods. </br> ΓÇó Advanced AKS features (such as virtual nodes) are needed. </br> ΓÇó Sufficient IP address space is available. </br> ΓÇó Pod to pod and pod to virtual machine connectivity is needed. </br> ΓÇó External resources need to reach pods directly. </br> ΓÇó AKS network policies are required. |
+| **Azure CNI Overlay** | ΓÇó IP address shortage is a concern. </br> ΓÇó Scaling up to 1,000 nodes and 250 pods per node is sufficient. </br> ΓÇó Extra hop for pod connectivity is acceptable. </br> ΓÇó Simpler network configuration. </br> ΓÇó AKS egress requirements can be met. |
+ The following behavior differences exist between kubenet and Azure CNI: | Capability | Kubenet | Azure CNI | Azure CNI Overlay | Azure CNI Powered by Cilium |
The following behavior differences exist between kubenet and Azure CNI:
| Pod-VM connectivity; VM in the same virtual network | Works when initiated by pod | Works both ways | Works when initiated by pod | Works when initiated by pod | | Pod-VM connectivity; VM in peered virtual network | Works when initiated by pod | Works both ways | Works when initiated by pod | Works when initiated by pod | | On-premises access using VPN or Express Route | Works when initiated by pod | Works both ways | Works when initiated by pod | Works when initiated by pod |
-| Expose Kubernetes services using a load balancer service, App Gateway, or ingress controller | Supported | Supported | [No Application Gateway Ingress Controller (AGIC) support][azure-cni-overlay-limitations] | Same limitations when using Overlay mode |
+| Access to resources secured by service endpoints | Supported | Supported | Supported | |
+| Expose Kubernetes services using a load balancer service, App Gateway, or ingress controller | Supported | Supported | Supported| Same limitations when using Overlay mode |
| Support for Windows node pools | Not Supported | Supported | Supported | [Available only for Linux and not for Windows.][azure-cni-powered-by-cilium-limitations] |-
-For both kubenet and Azure CNI plugins, the DNS service is provided by CoreDNS, a deployment running in AKS with its own autoscaler. For more information on CoreDNS on Kubernetes, see [Customizing DNS Service](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/). CoreDNS by default is configured to forward unknown domains to the DNS functionality of the Azure Virtual Network where the AKS cluster is deployed. Hence, Azure DNS and Private Zones will work for pods running in AKS.
+| Default Azure DNS and Private Zones | Supported | Supported | Supported | |
For more information on Azure CNI and kubenet and to help determine which option is best for you, see [Configure Azure CNI networking in AKS][azure-cni-aks] and [Use kubenet networking in AKS][aks-configure-kubenet-networking].
To learn more about the AGIC add-on for AKS, see [What is Application Gateway In
### SSL/TLS termination
-SSL/TLS termination is another common feature of Ingress. On large web applications accessed via HTTPS, the Ingress resource handles the TLS termination rather than within the application itself. To provide automatic TLS certification generation and configuration, you can configure the Ingress resource to use providers such as "Let's Encrypt".
+SSL/TLS termination is another common feature of Ingress. On large web applications accessed via HTTPS, the Ingress resource handles the TLS termination rather than within the application itself. To provide automatic TLS certification generation and configuration, you can configure the Ingress resource to use providers such as "Let's Encrypt."
For more information on configuring an NGINX ingress controller with Let's Encrypt, see [Ingress and TLS][aks-ingress-tls].
api-management Api Management Authenticate Authorize Azure Openai https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-authenticate-authorize-azure-openai.md
+
+ Title: Authenticate to Azure OpenAI API - Azure API Management
+
+description: Options to authenticate and authorize to Azure OpenAI APIs using Azure API Management. Includes API key, managed identity, and OAuth 2.0 authorization.
+++ Last updated : 02/20/2024+++
+# Authenticate and authorize access to Azure OpenAI APIs using Azure API Management
+
+In this article, you learn about ways to authenticate and authorize to Azure OpenAI API endpoints that are managed using Azure API Management. This article shows the following common methods:
+
+* **Authentication** - Authenticate to an Azure OpenAI API using policies that authenticate using either an API key or a Microsoft Entra ID managed identity.
+
+* **Authorization** - For more fine-grained access control, preauthorize requests that pass OAuth 2.0 tokens generated by an identity provider such as Microsoft Entra ID.
+
+For background, see:
+
+* [Azure OpenAI Service REST API reference](/azure/ai-services/openai/reference)
+
+* [Authentication and authorization to APIs in API Management](authentication-authorization-overview.md).
+
+## Prerequisites
+
+Before following the steps in this article, you must have:
+
+- An API Management instance. For example steps, see [Create an Azure API Management instance](get-started-create-service-instance.md).
+- An Azure OpenAI resource and model added to your API Management instance. For example steps, see [Import an Azure OpenAI API as a REST API](azure-openai-api-from-specification.md).
+- Permissions to create an app registration in an identity provider such as a Microsoft Entra tenant associated with your Azure subscription (for OAuth 2.0 authorization).
+
+## Authenticate with API key
+
+A default way to authenticate to an Azure OpenAI API is by using an API key. For this type of authentication, all API requests must include a valid API key in the `api-key` HTTP header.
+
+* API Management can manage the API key in a secure way, by using a [named value](api-management-howto-properties.md).
+* The named value can then be referenced in an API policy to set the `api-key` header in requests to the Azure OpenAI API. We provide two examples of how to do this: one uses the [`set-backend-service`](set-backend-service-policy.md) policy, and the other uses the [`set-header`](set-header-policy.md) policy.
+
+### Store the API key in a named value
+
+1. Obtain an API key from the Azure OpenAI resource. In the Azure portal, find a key on the **Keys and Endpoint** page of the Azure OpenAI resource.
+1. Go to your API Management instance, and select **Named values** in the left menu.
+1. Select **+ Add**, and add the value as a secret, or optionally for more security, use a [key vault reference](api-management-howto-properties.md#key-vault-secrets).
+
+### Pass the API key in API requests - set-backend-service policy
+
+1. Create a [backend](backends.md) that points to the Azure OpenAI API.
+ 1. In the left menu of your API Management instance, select **Backends**.
+ 1. Select **+ Add**, and enter a descriptive name for the backend. Example: *openai-backend*.
+ 1. Under **Type**, select **Custom**, and enter the URL of the Azure OpenAI endpoint. Example: `https://contoso.openai.azure.com/openai`.
+ 1. Under **Authorization credentials**, select **Headers**, and enter *api-key* as the header name and the named value as the value.
+ 1. Select **Create**.
+1. Add the following `set-backend-service` policy snippet in the `inbound` policy section to pass the API key in requests to the Azure OpenAI API.
+
+ In this example, the backend resource is *openai-backend*.
+
+ ```xml
+ <set-backend-service backend-id="openai-backend" />
+ ```
+
+### Pass the API key in API requests - set-header policy
+
+Alternatively, add the following `set-header` policy snippet in the `inbound` policy section to pass the API key in requests to the Azure OpenAI API. This policy snippet sets the `api-key` header with the named value that you set up.
+
+In this example, the named value in API Management is *openai-api-key*.
+
+```xml
+<set-header name="api-key" exists-action="override">
+ <value>{{openai-api-key}}</value>
+</set-header>
+```
++
+## Authenticate with managed identity
+
+An alternative way to authenticate to an Azure OpenAI API by using a managed identity in Microsoft Entra ID. For background, see
+[How to configure Azure OpenAI Service with managed identity](../ai-services/openai/how-to/managed-identity.md).
+
+Following are steps to configure your API Management instance to use a managed identity to authenticate requests to an Azure OpenAI API.
+
+1. [Enable](api-management-howto-use-managed-service-identity.md) a system-assigned or user-assigned managed identity for your API Management instance. The following example assumes that you've enabled the instance's system-assigned managed identity.
+
+1. Assign the managed identity the **Cognitive Services OpenAI User** role, scoped to the appropriate resource. For example, assign the system-assigned managed identity the **Cognitive Services OpenAI User** role on the Azure OpenAI resource. For detailed steps, see [Role-based access control for Azure OpenAI service](../ai-services/openai/how-to/role-based-access-control.md).
+
+1. Add the following policy snippet in the `inbound` policy section to authenticate requests to the Azure OpenAI API using the managed identity.
+
+ In this example:
+
+ * The [`authentication-managed-identity`](authentication-managed-identity-policy.md) policy obtains an access token for the managed identity.
+ * The [`set-header`](set-header-policy.md) policy sets the `Authorization` header of the request with the access token.
+
+ ```xml
+ <authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="managed-id-access-token" ignore-error="false" />
+ <set-header name="Authorization" exists-action="override">
+ <value>@("Bearer " + (string)context.Variables["managed-id-access-token"])</value>
+ </set-header>
+ ```
+
+## OAuth 2.0 authorization using identity provider
+
+To enable more fine-grained access to OpenAPI APIs by particular users or clients, you can preauthorize access to the Azure OpenAI API using OAuth 2.0 authorization with Microsoft Entra ID or another identity provider. For background, see [Protect an API in Azure API Management using OAuth 2.0 authorization with Microsoft Entra ID](api-management-howto-protect-backend-with-aad.md).
+
+> [!NOTE]
+> Use OAuth 2.0 authorization as part of a defense-in-depth strategy. It's not a replacement for API key authentication or managed identity authentication to an Azure OpenAI API.
+
+Following are high level steps to restrict API access to users or apps that are authorized using an identity provider.
+
+1. Create an application in your identity provider to represent the OpenAI API in Azure API Management. If you're using Microsoft Entra ID, [register](api-management-howto-protect-backend-with-aad.md#register-an-application-in-microsoft-entra-id-to-represent-the-api) an application in your Microsoft Entra ID tenant. Record details such as the application ID and the audience URI.
+
+ As needed, configure the application to have roles or scopes that represent the fine-grained permissions needed to access the Azure OpenAI API.
+
+1. Add an `inbound` policy snippet in your API Management instance to validate requests that present a JSON web token (JWT) in the `Authorization` header. Place this snippet *before* other `inbound` policies that you set to authenticate to the Azure OpenAI API.
+
+ > [!NOTE]
+ > The following examples show the general structure of the policies to validate a JWT. Customize them to your identity provider and the requirements of your application and API.
+
+ * **validate-azure-ad-token** - If you use Microsoft Entra ID, configure the `validate-azure-ad-token` policy to validate the audience and claims in the JWT. For details, see the [policy reference](validate-azure-ad-token-policy.md).
+
+ ```xml
+ <validate-azure-ad-token tenant-id={{TENANT_ID}} header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
+ <client-application-ids>
+ <application-id>{{CLIENT_APP_ID}}</application-id>
+ </client-application-ids>
+ <audiences>
+ <audience>...</audience>
+ </audiences>
+ <required-claims>
+ <claim name=...>
+ <value>...</value>
+ </claim>
+ </required-claims>
+ </validate-azure-ad-token>
+ ```
++
+ * **validate-jwt** - If you use another identity provider, configure the `validate-jwt` policy to validate the audience and claims in the JWT. For details, see the [policy reference](validate-jwt-policy.md).
+
+ ```xml
+ <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
+ <openid-config url={{OPENID_CONFIGURATION_URL}} />
+ <issuers>
+ <issuer>{{ISSUER_URL}}</issuer>
+ </issuers>
+ <audiences>
+ <audience>...</audience>
+ </audiences>
+ <required-claims>
+ <claim name=...>
+ <value>...</value>
+ </claim>
+ </required-claims>
+ </validate-jwt>
+ ```
+
+## Related content
+
+* Learn more about [Microsoft Entra ID and OAuth2.0](../active-directory/develop/authentication-vs-authorization.md).
+* [Authenticate requests to Azure AI services](../ai-services/authentication.md)
+* [Protect Azure OpenAI keys with API Management](/semantic-kernel/deploy/use-ai-apis-with-api-management?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
api-management Azure Openai Api From Specification https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/azure-openai-api-from-specification.md
+
+ Title: Import an Azure OpenAI API as REST API - Azure API Management
+description: How to import an Azure OpenAI API as a REST API from its OpenAPI specification.
++++ Last updated : 02/22/2024+++
+# Import an Azure OpenAI API as a REST API
+
+This article shows how to import an [Azure OpenAI](/azure/ai-services/openai/overview) API into an Azure API Management instance from its OpenAPI specification. After importing the API as a REST API, you can manage and secure it, and publish it to developers.
+
+## Prerequisites
+
+- An existing API Management instance. [Create one if you haven't already](get-started-create-service-instance.md).
+- Access granted to Azure OpenAI in the desired Azure subscription.
+ You can apply for access to Azure OpenAI by completing the form at https://aka.ms/oai/access. Open an issue on this repo to contact us if you have an issue.
+- An Azure OpenAI resource with a model deployed. For more information about model deployment, see the [resource deployment guide](../ai-services/openai/how-to/create-resource.md).
+
+ Make a note of the deployment ID (name). You'll need it when you test the imported API in API Management.
+
+## Download the OpenAPI specification
+
+Download the OpenAPI specification for an endpoint that your model supports. For example, download the OpenAPI specification for the [chat completion endpoint](https://github.com/Azure/azure-rest-api-specs/blob/main/specification/cognitiveservices/data-plane/AzureOpenAI/inference/stable/2023-05-15/inference.json) of the GPT-35-Turbo and GPT-4 models.
+
+1. In a text editor, open the specification file that you downloaded.
+1. In the `servers` element in the specification, substitute the name of your Azure OpenAI resource endpoint for the placeholder values in the specification. The following example `servers` element is updated with the `contoso.openai.azure.com` resource endpoint.
+ ```json
+ [...]
+ "servers": [
+ {
+ "url": "https://contoso.openai.azure.com/openai",
+ "variables": {
+ "endpoint": {
+ "default": "contoso.openai.azure.com"
+ }
+ }
+ }
+ ],
+ [...]
+ ```
+1. Make a note of the value of the API `version` in the specification. You'll need it to test the API. Example: `2023-05-15`.
+
+## Add OpenAPI specification to API Management
++
+1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.
+1. In the left menu, select **APIs** > **+ Add API**.
+1. Under **Define a new API**, select **OpenAPI**. Enter a **Display name** and **Name** for the API and enter an **API URL suffix**.
+1. Select **Create**.
+
+The API is imported and displays operations from the OpenAPI specification.
++
+> [!IMPORTANT]
+> Authentication to the OpenAI API requires an API key or a managed identity. To configure authentication using API Management policies, see [Authenticate and authorize to Azure OpenAI API](api-management-authenticate-authorize-azure-openai.md).
++
+## Related content
+
+* [Azure OpenAI Service as a central capability with Azure API Management](/samples/azure/enterprise-azureai/enterprise-azureai/)
+* [Azure API Management - Azure OpenAI sample](https://github.com/galiniliev/apim-azure-openai-sample)
app-service Scenario Secure App Authentication App Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scenario-secure-app-authentication-app-service.md
Previously updated : 06/25/2023 Last updated : 02/23/2024
application-gateway How To Tcp Tls Proxy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/how-to-tcp-tls-proxy.md
+
+ Title: Configure Azure Application Gateway TCP/TLS proxy (Preview)
+
+description: This article provides information on how to configure Application Gateway's layer 4 proxy service for non-HTTP workloads.
++++ Last updated : 02/26/2024+++
+# Configure Azure Application Gateway TCP/TLS proxy (Preview)
+
+To try out the layer 4 features of Azure Application Gateway, this article shows how to use the Azure portal to create an Azure Application Gateway with a SQL Server virtual machine as the backend server. Connectivity through a SQL client is also tested to verify the configuration works correctly. The article guides you through the following procedures:
+
+- Create a SQL server Azure virtual machine
+- Create a new application gateway
+ - Configure basic settings and a frontend public IP address
+ - Add a backend pool and set the SQL server as a backend target
+ - Create a routing rule
+ - Create a listener with the required port (SQL 1433)
+ - Create a backend setting using layer 4 protocol
+
+ - Add a SQL server to the backend pool
+- Connect to the application gateway using a SQL client
+
+> [!IMPORTANT]
+> Application Gateway TCP/TLS proxy is currently in PREVIEW.<br>
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+## Register to the preview
+
+> [!NOTE]
+> When you join this preview, all Application Gateways will have the ability to use Layer 4 proxy features. This is an auto-approved registration and needs about **30 minutes to take effect**.
+
+For more information about preview features, see [Set up preview features in Azure subscription](../azure-resource-manager/management/preview-features.md).
+
+Use the following steps to enroll into the public preview for Application Gateway TCP/TLS proxy using the Azure portal:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+2. In the search box, enter _subscriptions_ and select **Subscriptions**.
+
+ :::image type="content" source="../azure-resource-manager/management/media/preview-features/search.png" alt-text="Screenshot of Azure portal search.":::
+
+3. Select the link for your subscription's name.
+
+ :::image type="content" source="../azure-resource-manager/management/media/preview-features/subscriptions.png" alt-text="Screenshot selecting the Azure subscription.":::
+
+4. From the left menu, under **Settings** select **Preview features**.
+
+ :::image type="content" source="../azure-resource-manager/management/media/preview-features/preview-features-menu.png" alt-text="Screenshot of the Azure preview features menu.":::
+
+5. You see a list of available preview features and your current registration status.
+
+ :::image type="content" source="../azure-resource-manager/management/media/preview-features/preview-features-list.png" alt-text="Screenshot of Azure portal list of preview features listed.":::
+
+6. From **Preview features** type into the filter box **AllowApplicationGatewayTlsProxy**, select the feature, and then select **Register**.
+
+ :::image type="content" source="../azure-resource-manager/management/media/preview-features/filter.png" alt-text="Screenshot of Azure portal filter preview features.":::
+
+## Create a SQL server
+
+First, create a SQL Server virtual machine (VM) using the Azure portal.
+
+1. From the Azure portal Home page, search for **SQL Virtual Machines** and then select **SQL virtual machines** under **Services**.
+
+ ![Screenshot of selecting SQL virtual machines in the Azure portal.](./media/how-to-tcp-tls-proxy/select-sql-virtual-machines.png)
+
+2. Select **Create** and then on the Select SQL deployment option page, choose a **Free SQL Server License** option from the drop-down menu. For example: **SQL Server 2022 Developer on Windows Server 2022**. You can also select a different Free license version to test.
+
+3. After choosing a free SQL license version, select **Create**. The **Basics** tab opens.
+
+4. Enter the following information on the **Basics** tab:
+ - **Subscription**: Select your Azure subscription name.
+ - **Resource group**: Create a new resource group so that you can easily remove it after testing, for example: **myresourcegroup**.
+ - **Virtual machine name**: mySQLVM
+ - **Region**: Select the same region as your resource group.
+ - **Availability options**: Accept the default settings.
+ - **Security type**: Accept the default settings.
+ - **Image**: Accept the default settings.
+ - **VM architecture**: Accept the default settings.
+ - **Size**: Select a size compatible with the region.
+ - **Administrator details**: Enter a username and password.
+ - **Inbound port rules**: Accept the default settings.
+
+ ![Screenshot displaying virtual machine settings.](./media/how-to-tcp-tls-proxy/create-a-virtual-machine.png)
+
+5. Select **Review + create**, and then select **Create**. Deployment of the virtual machine takes a few minutes.
+6. When deployment is complete, select the SQL server resource's overview page and write down the public IP address of the virtual machine.
+
+ ![Screenshot displaying the public IP address.](./media/how-to-tcp-tls-proxy/public-ip-address.png)
+
+## Create an Application Gateway
+
+1. On the Azure portal menu or from the **Home** page, select **Create a resource**.
+2. Under **Categories**, select **Networking** and then select **Application Gateway** in the **Popular Azure services** list.
+3. On the **Basics** tab, enter the following details:
+ - **Subscription**: Select your Azure subscription name.
+ - **Resource group**: Select the same resource group that you entered for the previous procedure to create a SQL server virtual machine.
+ - **Application gateway name**: myL4AppGW
+ - **Region**: Select the same region as your resource group.
+ - **Tier**: Standard V2
+ - **Enable autoscaling**: Accept the default setting.
+ - **Minimum instance count**: 2
+ - All other **Instance details**: Accept the default settings.
+ - **Virtual network**: Select **Create new** and enter a name. For example: **myL4AppGWVNet**. Accept the default address space settings and replace the subnet name of default with a descriptive name such as **appgw-subnet**.
+
+ > [!NOTE]
+ > Default address space and subnet settings are adjusted to avoid conflicting with other VNets that you have deployed.
+
+ ![Screenshot displaying basic Application Gateway settings.](./media/how-to-tcp-tls-proxy/create-an-application-gateway-basics.png)
+
+ The following table provides more information about the settings used in this procedure.
+
+ | Field | Details |
+ |-||
+ | Subscription | Select the same subscription where you deployed the SQL server. |
+ | Resource group | Select the same resource group where you deployed the SQL server. |
+ | Application gateway name | You can provide any name for easy identification. |
+ | Region | The region is automatically selected based on the resource group that you choose. |
+ | Tier | For TCP/TLS proxy, you can select either Standard v2 or WAF v2. The WAF functions only apply to HTTP(S) when using a gateway in hybrid mode (HTTP, HTTPS along with TCP or TLS). |
+ | Enable autoscaling | This setting allows your gateway to scale out and scale in based on loads. This is applicable for both Layer 7 and Layer 4 proxy. The default setting is **Yes**. |
+ | Min/Max instance counts | For more information, see [Scaling Application Gateway v2 and WAF v2](application-gateway-autoscaling-zone-redundant.md). |
+ | Availability zone | For more information, see [What are Azure regions and availability zones?](/azure/reliability/availability-zones-overview). |
+ | HTTP2 | The default setting of disabled can be used for this test. |
+ | Virtual network and subnet | You can choose an existing VNet under the region or create a new VNet. Application Gateway requires its own dedicated subnet with no other services deployed in it. |
+
+4. Select **Next: Frontends**.
+5. Select a **Frontend IP address type** of **Public** and either use an existing IP address or create a new one.
+
+ <br><img src="./media/how-to-tcp-tls-proxy/create-a-public-ip-address.png" alt="Screenshot displaying creation of a new public IP address." width="70%">
+
+6. Select **Next: Backends**.
+7. On the **Backends** tab, select **Add a backend pool**.
+8. Enter details under Add a backend pool:
+ - **Name**: Enter a name for the backend pool, for example **sql-vm**.
+ - **Target type**: Select **IP address or FQDN** and enter the public IP address of the SQL server virtual machine that you wrote down previously.
+
+ <img src="./media/how-to-tcp-tls-proxy/add-backend-pool.png" alt="Screenshot displaying backend pool creation." width="60%">
+
+9. Select **Add** and then select **Next: Configuration**.
+
+10. Next, you create listeners, backend settings and a routing rule that links frontend and backend properties. Start by **selecting Add a routing rule** and entering the following settings on the **Listener** tab:
+ - **Rule name**: SQL-rule
+ - **Priority**: 100
+ - **Listener name**: sql-client-listener
+ - **Frontend IP**: Public IPv4
+ - **Protocol**: TCP
+ - **Port**: 1433
+
+ <br><img src="./media/how-to-tcp-tls-proxy/create-routing-rule.png" alt="Screenshot displaying routing rule creation." width="70%">
+
+11. Select the **Backend targets** tab and enter the following settings:
+
+ - **Target type**: Backend pool
+ - **Backend target**: Select the pool name you created, for example **sql-vm**.
+ - **Backend settings**: Select Add new and create backend settings with the following values:
+ - **Backend settings name**: backend-settings-sql
+ - **Backend protocol**: TCP
+ - **Backend port**: 1433
+ - **Time-out (seconds)**: 20
+
+ <br><img src="./media/how-to-tcp-tls-proxy/create-backend-settings.png" alt="Screenshot displaying backend settings creation." width="70%">
+
+12. Select **Add** to add the backend settings, and then select **Add** to add the routing rule.
+
+ <br><img src="./media/how-to-tcp-tls-proxy/add-routing-rule.png" alt="Screenshot adding a routing rule." width="70%">
+
+13. Select **Next: Tags** and add tags if desired. No tags are required for this demonstration.
+14. Select Next: **Review + Create** and then select **Create**. The deployment process takes a few minutes.
+
+## Connect to the SQL server
+
+1. Before connecting to the SQL server, verify that you have:
+ - The public IP address of the Application Gateway frontend
+ - Configured the SQL server to accept SQL authentication
+ - Created an admin account on the SQL server
+
+2. On a client device with [SQL Server Management Studio](/sql/ssms/download-sql-server-management-studio-ssms) installed, connect to the public IP address of the Azure virtual machine.
+
+ <br><img src="./media/how-to-tcp-tls-proxy/sql-connect.png" alt="Screenshot displaying the connection to a SQL server." width="60%">
+
+## Clean up resources
+
+When no longer needed, remove the application gateway and all related resources by deleting the resource group you created, **myresourcegroup**.
+
+## Unregister from the preview
+
+Using the same process that you used to register for the preview, unregister from the preview by selecting the preview feature and then selecting **Unregister**.
+
+## Next steps
+
+To monitor the health of your backend pool, see [Backend health and diagnostic logs for Application Gateway](application-gateway-diagnostics.md).
application-gateway Monitor Application Gateway Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/monitor-application-gateway-reference.md
Previously updated : 05/17/2023 Last updated : 02/26/2024 <!-- VERSION 2.2 Template for monitoring data reference article for Azure services. This article is support for the main "Monitoring [servicename]" article for the service. -->
Template for monitoring data reference article for Azure services. This article
See [Monitoring Azure Application Gateway](monitor-application-gateway.md) for details on collecting and analyzing monitoring data for Azure Application Gateway.
-## Metrics
-
-<!-- REQUIRED if you support Metrics. If you don't, keep the section but call that out. Some services are only onboarded to logs.
-<!-- Please keep headings in this order -->
-
-<!-- OPTION 2 - Link to the metrics as above, but work in extra information not found in the automated metric-supported reference article. NOTE: YOU WILL NOW HAVE TO MANUALLY MAINTAIN THIS SECTION to make sure it stays in sync with the metrics-supported link. For highly customized example, see [CosmosDB](../cosmos-db/monitor-cosmos-db-reference.md#metrics). They even regroup the metrics into usage type vs. resource provider and type.
>-
-<!-- Example format. Mimic the setup of metrics supported, but add extra information -->
-
-### Application Gateway v2 metrics
+## Application Gateway v2 metrics
Resource Provider and Type: [Microsoft.Network/applicationGateways](../azure-monitor/essentials/metrics-supported.md#microsoftnetworkapplicationgateways)
-#### Timing metrics
+### Timing metrics
Application Gateway provides several builtΓÇæin timing metrics related to the request and response, which are all measured in milliseconds. > [!NOTE]
If you notice a spike in *Backend last byte response time* but the *Backend firs
Similarly, if the *Application gateway total time* has a spike but the *Backend last byte response time* is stable, then it can either be a sign of performance bottleneck at the Application Gateway or a bottleneck in the network between client and Application Gateway. Additionally, if the *client RTT* also has a corresponding spike, then it indicates that the degradation is because of the network between client and Application Gateway.
-#### Application Gateway metrics
+### Application Gateway metrics
| Metric | Unit | Description| |:-|:--|:|
Similarly, if the *Application gateway total time* has a spike but the *Backend
|**Throughput**|Bytes/sec|Number of bytes per second the Application Gateway has served. (This metric accounts for only the Content size served by the Application Gateway. It doesn't include data transfers such as TLS header negotiations, TCP/IP packet headers, or retransmissions.)| |**Total Requests**|Count|Count of successful requests that Application Gateway has served. The request count can be further filtered to show count per each/specific backend pool-http setting combination.|
-#### Backend metrics
+### Backend metrics
| Metric | Unit | Description| |:-|:--|:|
Similarly, if the *Application gateway total time* has a spike but the *Backend
|**Unhealthy host count**|Count|The number of backends that are determined unhealthy by the health probe. You can filter on a per backend pool basis to show the number of unhealthy hosts in a specific backend pool.| |**Requests per minute per Healthy Host**|Count|The average number of requests received by each healthy member in a backend pool in a minute. Specify the backend pool using the *BackendPool HttpSettings* dimension.| -
-### Application Gateway v1 metrics
-
-#### Application Gateway metrics
+## Application Gateway layer 4 proxy monitoring
+
+### Layer 4 metrics
+
+With layer 4 proxy feature now available with Application Gateway, there are some Common metrics (apply to both layer 7 as well as layer 4), and some layer 4 specific metrics. The following table describes all the metrics are the applicable for layer 4 usage.
+
+| Metric | Description | Type | Dimension |
+|:--|:|:-|:-|
+| Current Connections | The number of active connections: reading, writing, or waiting. The count of current connections established with Application Gateway. | Common | None |
+| New Connections per second | The average number of connections handled per second in last 1 minute. | Common | None |
+| Throughput | The rate of data flow (inBytes+ outBytes) in the last 1 minute. | Common | None |
+| Healthy host count | The number of healthy backend hosts. | Common | BackendSettingsPool |
+| Unhealthy host | The number of unhealthy backend hosts. | Common | BackendSettingsPool |
+| ClientRTT | Average round trip time between clients and Application Gateway. | Common | Listener |
+| Backend Connect Time | Time spent establishing a connection with a backend server. | Common | Listener, BackendServer, BackendPool, BackendSetting |
+| Backend First Byte Response Time | Time interval between start of establishing a connection to backend server and receiving the first byte of data (approximating processing time of backend server). | Common | Listener, BackendServer, BackendPool, BackendHttpSetting`*` |
+| Backend Session Duration | The total time of a backend connection. The average time duration from the start of a new connection to its termination. | L4 only | Listener, BackendServer, BackendPool, BackendHttpSetting`*` |
+| Connection Lifetime | The total time of a client connection to application gateway. The average time duration from the start of a new connection to its termination in milliseconds. | L4 only | Listener |
+
+`*` BackendHttpSetting dimension includes both layer 7 and layer 4 backend settings.
+
+### Layer 4 logs
+
+Application GatewayΓÇÖs Layer 4 proxy provides log data through access logs. These logs are only generated and published if they are configured in the diagnostic settings of your gateway.
+- Also see: [Supported categories for Azure Monitor resource logs](/azure/azure-monitor/essentials/resource-logs-categories#microsoftnetworkapplicationgateways).
+
+| Category | Resource log category |
+|:--|:-|
+| ResourceGroup | The resource group to which the application gateway resource belongs. |
+| SubscriptionId |The subscription ID of the application gateway resource. |
+| ResourceProvider |This will be MICROSOFT.NETWORK for application gateway. |
+| Resource |The name of the application gateway resource. |
+| ResourceType |This will be APPLICATIONGATEWAYS. |
+| ruleName |The name of the routing rule that served the connection request. |
+| instanceId |Application Gateway instance that served the request. |
+| clientIP |Originating IP for the request. |
+| receivedBytes |Data received from client to gateway, in bytes. |
+| sentBytes |Data sent from gateway to client, in bytes. |
+| listenerName |The name of the listener that established the frontend connection with client. |
+| backendSettingName |The name of the backend setting used for the backend connection. |
+| backendPoolName |The name of the backend pool from which a target server was selected to establish the backend connection. |
+| protocol |TCP (Irrespective of it being TCP or TLS, the protocol value will always be TCP). |
+| sessionTime |session duration, in seconds (this is for the client->appgw session) |
+| upstreamSentBytes |Data sent to backend server, in bytes. |
+| upstreamReceivedBytes |Data received from backend server, in bytes. |
+| upstreamSessionTime |session duration, in seconds (this is for the appgw->backend session) |
+| sslCipher |Cipher suite being used for TLS communication (for TLS protocol listeners). |
+| sslProtocol |SSL/TLS protocol being used (for TLS protocol listeners). |
+| serverRouted |The backend server IP and port number to which the traffic was routed. |
+| serverStatus |200 - session completed successfully. 400 - client data could not be parsed. 500 - internal server error. 502 - bad gateway. For example, when an upstream server could not be reached. 503 - service unavailable. For example, if access is limited by the number of connections. |
+| ResourceId |Application Gateway resource URI |
+
+### Layer 4 backend health
+
+Application GatewayΓÇÖs layer 4 proxy provides the capability to monitor the health of individual members of the backend pools through the portal and REST API.
+
+![Screenshot of backend health](./media/monitor-application-gateway-reference/backend-health.png)
+
+### REST API
+
+See [Application Gateways - Backend Health](/rest/api/application-gateway/application-gateways/backend-health?tabs=HTTP) for details of the API call to retrieve the backend health of an application gateway.
+
+Sample Request:
+``output
+POST
+https://management.azure.com/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Network/
+applicationGateways/appgw/backendhealth?api-version=2021-08-01
+After
+``
+
+After sending this POST request, you should see an HTTP 202 Accepted response. In the response headers, find the Location header and send a new GET request using that URL.
+
+``output
+GET
+https://management.azure.com/subscriptions/subid/providers/Microsoft.Network/locations/region-name/operationResults/GUID?api-version=2021-08-01
+``
+
+## Application Gateway v1 metrics
+
+### Application Gateway metrics
| Metric | Unit | Description| |:-|:--|:|
For more information, see a list of [all platform metrics supported in Azure Mon
-## Metric Dimensions
+## Metrics Dimensions
<!-- REQUIRED. Please keep headings in this order --> <!-- If you have metrics with dimensions, outline it here. If you have no dimensions, say so. Questions email azmondocs@microsoft.com -->
-For more information on what metric dimensions are, see [Multi-dimensional metrics](../azure-monitor/essentials/data-platform-metrics.md#multi-dimensional-metrics).
+For more information on what metrics dimensions are, see [Multi-dimensional metrics](../azure-monitor/essentials/data-platform-metrics.md#multi-dimensional-metrics).
<!-- See https://learn.microsoft.com/azure/storage/common/monitor-storage-reference#metrics-dimensions for an example. Part is copied below. -->
This section lists the types of resource logs you can collect for Azure Applicat
For reference, see a list of [all resource logs category types supported in Azure Monitor](../azure-monitor/essentials/resource-logs-schema.md). > [!NOTE]
-> The Performance log is available only for the v1 SKU. For the v2 SKU, use [Metrics](#metrics) for performance data.
+> The Performance log is available only for the v1 SKU. For the v2 SKU, use [Application Gateway v2 metrics](#application-gateway-v2-metrics) for performance data.
-For more information, see [Backend health and diagnostic logs for Application Gateway](application-gateway-diagnostics.md#access-log)
+For more information, see [Backend health and diagnostic logs for Application Gateway](application-gateway-diagnostics.md#access-log).
-<!-- OPTION 2 - Link to the resource logs as above, but work in extra information not found in the automated metric-supported reference article. NOTE: YOU WILL NOW HAVE TO MANUALLY MAINTAIN THIS SECTION to make sure it stays in sync with the resource-log-categories link. You can group these sections however you want provided you include the proper links back to resource-log-categories article.
+<!-- OPTION 2 - Link to the resource logs as above, but work in extra information not found in the automated metric-supported reference article. NOTE: YOU MUST MANUALLY MAINTAIN THIS SECTION to make sure it stays in sync with the resource-log-categories link. You can group these sections however you want provided you include the proper links back to resource-log-categories article.
--> <!-- Example format. Add extra information -->
-### Application Gateway
+## Application Gateway
Resource Provider and Type: [Microsoft.Network/applicationGateways](../azure-monitor/essentials/resource-logs-categories.md#microsoftnetworkapplicationgateways)
Resource Provider and Type: [Microsoft.Network/applicationGateways](../azure-mon
|:|:-|| | **Activitylog** | Activity log | Activity log entries are collected by default. You can use [Azure activity logs](../azure-monitor/essentials/activity-log.md) (formerly known as operational logs and audit logs) to view all operations that are submitted to your Azure subscription, and their status. | |**ApplicationGatewayAccessLog**|Access log| You can use this log to view Application Gateway access patterns and analyze important information. This includes the caller's IP address, requested URL, response latency, return code, and bytes in and out. An access log is collected every 60 seconds. This log contains one record per instance of Application Gateway. The Application Gateway instance is identified by the instanceId property.|
-| **ApplicationGatewayPerformanceLog**|Performance log|You can use this log to view how Application Gateway instances are performing. This log captures performance information for each instance, including total requests served, throughput in bytes, total requests served, failed request count, and healthy and unhealthy backend instance count. A performance log is collected every 60 seconds. The Performance log is available only for the v1 SKU. For the v2 SKU, use [Metrics](#metrics) for performance data.|
+| **ApplicationGatewayPerformanceLog**|Performance log|You can use this log to view how Application Gateway instances are performing. This log captures performance information for each instance, including total requests served, throughput in bytes, total requests served, failed request count, and healthy and unhealthy backend instance count. A performance log is collected every 60 seconds. The Performance log is available only for the v1 SKU. For the v2 SKU, use [Application Gateway v2 metrics](#application-gateway-v2-metrics) for performance data.|
|**ApplicationGatewayFirewallLog**|Firewall log|You can use this log to view the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall. Firewall logs are collected every 60 seconds.|
For a reference of all Azure Monitor Logs / Log Analytics tables, see the [Azure
### Diagnostics tables <!-- REQUIRED. Please keep heading in this order -->
-<!-- If your service uses the AzureDiagnostics table in Azure Monitor Logs / Log Analytics, list what fields you use and what they are for. Azure Diagnostics is over 500 columns wide with all services using the fields that are consistent across Azure Monitor and then adding extra ones just for themselves. If it uses service specific diagnostic table, refers to that table. If it uses both, put both types of information in. Most services in the future will have their own specific table. If you have questions, contact azmondocs@microsoft.com -->
+<!-- If your service uses the AzureDiagnostics table in Azure Monitor Logs / Log Analytics, list what fields you use and what they are for. Azure Diagnostics is over 500 columns wide with all services using the fields that are consistent across Azure Monitor and then adding extra ones just for themselves. If it uses service specific diagnostic table, refers to that table. If it uses both, put both types of information in. Most services in the future have their own specific table. If you have questions, contact azmondocs@microsoft.com -->
Azure Application Gateway uses the [Azure Diagnostics](/azure/azure-monitor/reference/tables/azurediagnostics) table to store resource log information. The following columns are relevant.
application-gateway Monitor Application Gateway https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/monitor-application-gateway.md
Previously updated : 06/10/2021 Last updated : 02/26/2024 <!-- VERSION 2.2
The **Overview** page in the Azure portal for each Application Gateway includes
- Avg Healthy Host Count By BackendPool HttpSettings - Avg Unhealthy Host Count By BackendPool HttpSettings
-This is just a subset of the metrics available for Application Gateway. For more information, see [Monitoring Azure Application Gateway data reference](monitor-application-gateway-reference.md).
+This list is just a subset of the metrics available for Application Gateway. For more information, see [Monitoring Azure Application Gateway data reference](monitor-application-gateway-reference.md).
## Azure Monitor Network Insights
-Some services in Azure have a special focused pre-built monitoring dashboard in the Azure portal that provides a starting point for monitoring your service. These special dashboards are called "insights".
+Some services in Azure have a special focused prebuilt monitoring dashboard in the Azure portal that provides a starting point for monitoring your service. These special dashboards are called "insights".
<!-- Give a quick outline of what your "insight page" provides and refer to another article that gives details -->
See [Monitoring Azure Application Gateway data reference](monitor-application-ga
Platform metrics and the Activity log are collected and stored automatically, but can be routed to other locations by using a diagnostic setting.
-Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations.
+Resource Logs aren't collected and stored until you create a diagnostic setting and route them to one or more locations.
<!-- Include any additional information on collecting logs. The number of things that diagnostics settings control is expanding -->
The metrics and logs you can collect are discussed in the following sections.
## Analyzing metrics <!-- REQUIRED. Please keep headings in this order
-If you don't support metrics, say so. Some services may be only onboarded to logs -->
+If you don't support metrics, say so. Some services might be only onboarded to logs -->
You can analyze metrics for Azure Application Gateway with metrics from other Azure services using metrics explorer by opening **Metrics** from the **Azure Monitor** menu. See [Analyze metrics with Azure Monitor metrics explorer](../azure-monitor/essentials/analyze-metrics.md) for details on using this tool. <!-- Point to the list of metrics available in your monitor-service-reference article. -->
-For a list of the platform metrics collected for Azure Application Gateway, see [Monitoring Application Gateway data reference metrics](monitor-application-gateway-reference.md#metrics).
+For a list of the platform metrics collected for Azure Application Gateway, see [Monitoring Application Gateway data reference](monitor-application-gateway-reference.md).
For reference, you can see a list of [all resource metrics supported in Azure Monitor](../azure-monitor/essentials/metrics-supported.md).
-<!-- Optional: Call out additional information to help your customers. For example, you can include additional information here about how to use metrics explorer specifically for your service. Remember that the UI is subject to change quite often so you will need to maintain these screenshots yourself if you add them in. -->
+<!-- Optional: Call out additional information to help your customers. For example, you can include additional information here about how to use metrics explorer specifically for your service. Remember that the UI is subject to change quite often so you need to maintain these screenshots yourself if you add them in. -->
## Analyzing logs <!-- REQUIRED. Please keep headings in this order
-If you don't support resource logs, say so. Some services may be only onboarded to metrics and the activity log. -->
+If you don't support resource logs, say so. Some services might be only onboarded to metrics and the activity log. -->
Data in Azure Monitor Logs is stored in tables where each table has its own set of unique properties.
For a list of the types of resource logs collected for Azure Application Gateway
For a list of the tables used by Azure Monitor Logs and queryable by Log Analytics, see [Monitoring Azure Application Gateway data reference](monitor-application-gateway-reference.md#azure-monitor-logs-tables).
-<!-- Optional: Call out additional information to help your customers. For example, you can include additional information here about log usage or what logs are most important. Remember that the UI is subject to change quite often so you will need to maintain these screenshots yourself if you add them in. -->
+<!-- Optional: Call out additional information to help your customers. For example, you can include additional information here about log usage or what logs are most important. Remember that the UI is subject to change quite often so you need to maintain these screenshots yourself if you add them in. -->
### Sample Kusto queries
For a list of the tables used by Azure Monitor Logs and queryable by Log Analyti
<!-- Add sample Log Analytics Kusto queries for your service. --> > [!IMPORTANT]
-> When you select **Logs** from the Application Gateway menu, Log Analytics is opened with the query scope set to the current Application Gateway. This means that log queries will only include data from that resource. If you want to run a query that includes data from other Application Gateways or data from other Azure services, select **Logs** from the **Azure Monitor** menu. See [Log query scope and time range in Azure Monitor Log Analytics](/azure/azure-monitor/log-query/scope/) for details.
+> When you select **Logs** from the Application Gateway menu, Log Analytics is opened with the query scope set to the current Application Gateway. This means that log queries only include data from that resource. If you want to run a query that includes data from other Application Gateways or data from other Azure services, select **Logs** from the **Azure Monitor** menu. See [Log query scope and time range in Azure Monitor Log Analytics](/azure/azure-monitor/log-query/scope/) for details.
-<!-- REQUIRED: Include queries that are helpful for figuring out the health and state of your service. Ideally, use some of these queries in the alerts section. It's possible that some of your queries may be in the Log Analytics UI (sample or example queries). Check if so. -->
+<!-- REQUIRED: Include queries that are helpful for figuring out the health and state of your service. Ideally, use some of these queries in the alerts section. It's possible that some of your queries might be in the Log Analytics UI (sample or example queries). Check if so. -->
You can use the following queries to help you monitor your Application Gateway resource.
Azure Monitor alerts proactively notify you when important conditions are found
<!-- only include next line if applications run on your service and work with App Insights. -->
-If you're creating or running an application which use Application Gateway [Azure Monitor Application Insights](../azure-monitor/app/app-insights-overview.md) may offer additional types of alerts.
+If you're creating or running an application that uses Application Gateway, [Azure Monitor Application Insights](../azure-monitor/app/app-insights-overview.md) can offer additional types of alerts.
<!-- end --> The following tables list common and recommended alert rules for Application Gateway.
The following tables list common and recommended alert rules for Application Gat
| Alert type | Condition | Description | |:|:|:|
-|Metric|CPU utilization crosses 80%|Under normal conditions, CPU usage should not regularly exceed 90%, as this may cause latency in the websites hosted behind the Application Gateway and disrupt the client experience.|
+|Metric|CPU utilization crosses 80%|Under normal conditions, CPU usage shouldn't regularly exceed 90%. This can cause latency in the websites hosted behind the Application Gateway and disrupt the client experience.|
|Metric|Unhealthy host count crosses threshold|Indicates the number of backend servers that Application Gateway is unable to probe successfully. This catches issues where the Application Gateway instances are unable to connect to the backend. Alert if this number goes above 20% of backend capacity.| |Metric|Response status (4xx, 5xx) crosses threshold|When Application Gateway response status is 4xx or 5xx. There could be occasional 4xx or 5xx response seen due to transient issues. You should observe the gateway in production to determine static threshold or use dynamic threshold for the alert.| |Metric|Failed requests crosses threshold|When failed requests metric crosses a threshold. You should observe the gateway in production to determine static threshold or use dynamic threshold for the alert.|
The following tables list common and recommended alert rules for Application Gat
|:|:|:| |Metric|Compute Unit utilization crosses 75% of average usage|Compute unit is the measure of compute utilization of your Application Gateway. Check your average compute unit usage in the last one month and set alert if it crosses 75% of it.| |Metric|Capacity Unit utilization crosses 75% of peak usage|Capacity units represent overall gateway utilization in terms of throughput, compute, and connection count. Check your maximum capacity unit usage in the last one month and set alert if it crosses 75% of it.|
-|Metric|Unhealthy host count crosses threshold|Indicates number of backend servers that application gateway is unable to probe successfully. This will catch issues where Application gateway instances are unable to connect to the backend. Alert if this number goes above 20% of backend capacity.|
+|Metric|Unhealthy host count crosses threshold|Indicates number of backend servers that application gateway is unable to probe successfully. This catches issues where Application gateway instances are unable to connect to the backend. Alert if this number goes above 20% of backend capacity.|
|Metric|Response status (4xx, 5xx) crosses threshold|When Application Gateway response status is 4xx or 5xx. There could be occasional 4xx or 5xx response seen due to transient issues. You should observe the gateway in production to determine static threshold or use dynamic threshold for the alert.| |Metric|Failed requests crosses threshold|When Failed requests metric crosses threshold. You should observe the gateway in production to determine static threshold or use dynamic threshold for the alert.| |Metric|Backend last byte response time crosses threshold|Indicates the time interval between start of establishing a connection to backend server and receiving the last byte of the response body. Create an alert if the backend response latency is more that certain threshold from usual.|
application-gateway Multiple Site Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/multiple-site-overview.md
description: This article provides an overview of the Azure Application Gateway
Previously updated : 04/25/2023 Last updated : 02/26/2024
-# Application Gateway multiple site hosting
+# Application Gateway multi-site hosting
-Multiple site hosting enables you to configure more than one web application on the same port of application gateways using public-facing listeners. It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be directed to its own backend pool. For example, three domains, contoso.com, fabrikam.com, and adatum.com, point to the IP address of the application gateway. You'd create three multi-site listeners and configure each listener for the respective port and protocol setting.
+Multi-site hosting enables you to configure more than one web application on the same port of application gateways using public-facing listeners. It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be directed to its own backend pool. For example, three domains, contoso.com, fabrikam.com, and adatum.com, point to the IP address of the application gateway. You'd create three multi-site listeners and configure each listener for the respective port and protocol setting.
You can also define wildcard host names in a multi-site listener and up to 5 host names per listener. To learn more, see [wildcard host names in listener](#wildcard-host-names-in-listener).
Using a wildcard character in the host name, you can match multiple host names i
>[!NOTE] > This feature is available only for Standard_v2 and WAF_v2 SKU of Application Gateway.
-In [Azure PowerShell](tutorial-multiple-sites-powershell.md), you must use `-HostNames` instead of `-HostName`. With HostNames, you can mention up to 5 host names as comma-separated values and use wildcard characters. For example, `-HostNames "*.contoso.com","*.fabrikam.com"`
+In [Azure PowerShell](tutorial-multiple-sites-powershell.md), you must use `-HostNames` instead of `-HostName`. With HostNames, you can mention up to 5 host names as comma-separated values and use wildcard characters. For example, `-HostNames "*.contoso.com","*.fabrikam.com"`.
-In [Azure CLI](tutorial-multiple-sites-cli.md), you must use `--host-names` instead of `--host-name`. With host-names, you can mention up to 5 host names as comma-separated values and use wildcard characters. For example, `--host-names "*.contoso.com,*.fabrikam.com"`
+In [Azure CLI](tutorial-multiple-sites-cli.md), you must use `--host-names` instead of `--host-name`. With host-names, you can mention up to 5 host names as comma-separated values and use wildcard characters. For example, `--host-names "*.contoso.com,*.fabrikam.com"`.
In the Azure portal, under the multi-site listener, you must choose the **Multiple/Wildcard** host type to mention up to five host names with allowed wildcard characters.
In the Azure portal, under the multi-site listener, you must choose the **Multip
See [create multi-site using Azure PowerShell](tutorial-multiple-sites-powershell.md) or [using Azure CLI](tutorial-multiple-sites-cli.md) for the step-by-step guide on how to configure wildcard host names in a multi-site listener.
+## Multi-site listeners for Application Gateway layer 4 proxy
+Multi-site hosting enables you to configure more than one backend TLS or TCP-based application on the same port of application gateway. This can be achieved by using TLS listeners only. This allows you to configure a more efficient topology for your deployments by adding multiple backend applications on the same port using single application gateway. The traffic for each application can be directed to its own backend pool by providing domain names in the TLS listener.
+
+For example, you can create three multisite listeners each with its own domain (contoso.com, fabrikam.com, and *.adatum.com), and route them to their respective backend pools having different applications. All three domains must point to the frontend IP address of the application gateway. This feature is in preview phase for use with layer 4 proxy.
+
+### Feature information:
+
+- Multi-site listener allows you to add listeners using the same port number.
+- For multisite TLS listeners, Application Gateway uses the Server Name Indication (SNI) value. SNI is primarily used to present clients with the domain server certificate and route a connection to the appropriate backend pool. This is done by picking the common name in TLS handshake data of an incoming connection.
+- Application Gateway allows domain-based routing using multisite TLS listener. You can use wildcard characters like asterisk (*) and question mark (?) in the host name, and up to 5 domains per multi-site TLS listener. For example, *.contoso.com.
+- The TCP connection inherently has no concept of hostname or domain name. Hence, with Layer 4 proxy the multisite listener isn't supported for TCP listeners.
## Host headers and Server Name Indication (SNI)
-There are three common mechanisms for enabling multiple site hosting on the same infrastructure.
+There are three common mechanisms for enabling multi-site hosting on the same infrastructure.
1. Host multiple web applications each on a unique IP address. 2. Use host name to host multiple web applications on the same IP address.
Application Gateway relies on HTTP 1.1 host headers to host more than one websit
## Next steps
-Learn how to configure multiple site hosting in Application Gateway
+Learn how to configure multi-site hosting in Application Gateway
* [Using the Azure portal](create-multiple-sites-portal.md) * [Using Azure PowerShell](tutorial-multiple-sites-powershell.md) * [Using Azure CLI](tutorial-multiple-sites-cli.md)
-You can visit [Resource Manager template using multiple site hosting](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/application-gateway-multihosting) for an end to end template-based deployment.
+See [Resource Manager template using multiple site hosting](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/application-gateway-multihosting) for an end to end template-based deployment.
application-gateway Overview V2 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/overview-v2.md
Previously updated : 04/19/2023 Last updated : 02/26/2024
Application Gateway is available under a Standard_v2 SKU. Web Application Firewa
The new v2 SKU includes the following enhancements:
+- **TCP/TLS proxy (Preview)**: Azure Application Gateway now also supports Layer 4 (TCP protocol) and TLS (Transport Layer Security) proxying. This feature is currently in public preview. For more information, see [Application Gateway TCP/TLS proxy overview](tcp-tls-proxy-overview.md).
- **Autoscaling**: Application Gateway or WAF deployments under the autoscaling SKU can scale out or in based on changing traffic load patterns. Autoscaling also removes the requirement to choose a deployment size or instance count during provisioning. This SKU offers true elasticity. In the Standard_v2 and WAF_v2 SKU, Application Gateway can operate both in fixed capacity (autoscaling disabled) and in autoscaling enabled mode. Fixed capacity mode is useful for scenarios with consistent and predictable workloads. Autoscaling mode is beneficial in applications that see variance in application traffic. - **Zone redundancy**: An Application Gateway or WAF deployment can span multiple Availability Zones, removing the need to provision separate Application Gateway instances in each zone with a Traffic Manager. You can choose a single zone or multiple zones where Application Gateway instances are deployed, which makes it more resilient to zone failure. The backend pool for applications can be similarly distributed across availability zones.
The new v2 SKU includes the following enhancements:
## Unsupported regions
-The Standard_v2 and WAF_v2 SKU is not currently available in the following regions:
+The Standard_v2 and WAF_v2 SKU isn't currently available in the following regions:
- UK North-- UK South2
+- UK South 2
- China East - China North - US DOD East
application-gateway Tcp Tls Proxy Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tcp-tls-proxy-overview.md
+
+ Title: Application Gateway TCP/TLS proxy overview (Preview)
+description: This article provides an overview of Azure Application Gateway's TCP/TLS (layer 4) proxy service.
++++ Last updated : 02/26/2024+++
+# Application Gateway TCP/TLS proxy overview (Preview)
+
+In addition to the existing Layer 7 capabilities (HTTP, HTTPS, WebSockets and HTTP/2), Azure Application Gateway now also supports Layer 4 (TCP protocol) and TLS (Transport Layer Security) proxying. This feature is currently in public preview. To preview this feature, see [Register to the preview](how-to-tcp-tls-proxy.md#register-to-the-preview).
+
+## Application Gateway Layer 4 capabilities
+
+As a reverse proxy service, the Layer 4 operations of Application Gateway work similar to its Layer 7 proxy operations. A client establishes a TCP connection with Application Gateway, and Application Gateway itself initiates a new TCP connection to a backend server from the backend pool. The following figure shows typical operation.
+
+![Overview diagram of how TCP/TLS proxy works.](./media/tcp-tls-proxy-overview/layer-4-proxy-overview.png)
+
+Process flow:
+
+1. A client initiates a TCP or TLS connection with the application gateway using its frontend listener's IP address and port number. This establishes the frontend connection. Once the connection is established, the client sends a request using the required application layer protocol.
+2. The application gateway establishes a new connection with one of the backend targets from the associated backend pool (forming the backend connection) and sends the client request to that backend server.
+3. The response from the backend server is sent back to the client by the application gateway.
+4. The same frontend TCP connection is used for subsequent requests from the client unless the TCP idle timeout closes that connection.
+
+## Features
+
+- Use a single endpoint (frontend IP) to serve HTTP and non-HTTP workloads. The same application gateway deployment can support Layer 7 and Layer 4 protocols: HTTP(S), TCP, or TLS. All your clients can connect to the same endpoint and access different backend applications.
+- Use a custom domain to front any backend service. With the frontend for the Application Gateway V2 SKU as public and private IP addresses, you can configure any custom domain name to point its IP address using an address (A) record. Additionally, with TLS termination and support for certificates from a private certification authority (CA), you can ensure a secure connection on the domain of your choice.
+- Use a backend server from any location (Azure or On-premises). The backends for the application gateway can be:
+ - Azure resources such as IaaS virtual machines, virtual machine scale sets, or PaaS (App Services, Event Hubs, SQL)
+ - Remote resources such as on-premises servers accessible via FQDN or IP addresses
+- Supported for a private-only gateway. With TLS and TCP proxy support for private Application Gateway deployments, you can support HTTP and non-HTTP clients in an isolated environment for enhanced security.
+
+## Limitations
+
+- A WAF v2 SKU gateway allows the creation of TLS or TCP listeners and backends to support HTTP and non-HTTP traffic through the same resource. However, it does not inspect traffic on TLS and TCP listeners for exploits and vulnerabilities.
+- The default [draining timeout](configuration-http-settings.md#connection-draining) value for backend servers is 30 seconds. At present, a user-defined draining value is not supported.
+
+## Next steps
+
+[Configure Azure Application Gateway TCP/TLS proxy](how-to-tcp-tls-proxy.md)
azure-app-configuration Quickstart Feature Flag Azure Functions Csharp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-feature-flag-azure-functions-csharp.md
ms.devlang: csharp Previously updated : 3/20/2023 Last updated : 02/17/2024 # Quickstart: Add feature flags to an Azure Functions app
-In this quickstart, you create an Azure Functions app and use feature flags in it. You use the feature management from Azure App Configuration to centrally store all your feature flags and control their states.
+In this quickstart, you create an Azure Functions C# code project and use feature flags in it. You use the feature management from Azure App Configuration to centrally store all your feature flags and control their states.
The .NET Feature Management libraries extend the framework with feature flag support. These libraries are built on top of the .NET configuration system. They integrate with App Configuration through its .NET configuration provider.
+>[!NOTE]
+>This article currently only supports [C# in-process function apps](../azure-functions/functions-dotnet-class-library.md) that run on .NET 6.
+ ## Prerequisites - An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/). - An App Configuration store. [Create a store](./quickstart-azure-app-configuration-create.md#create-an-app-configuration-store). - [Visual Studio 2019](https://visualstudio.microsoft.com/vs) with the **Azure development** workload.-- [Azure Functions tools](../azure-functions/functions-develop-vs.md#check-your-tools-version) ## Add a feature flag
Add a feature flag called *Beta* to the App Configuration store and leave **Labe
> [!div class="mx-imgBorder"] > ![Enable feature flag named Beta](media/add-beta-feature-flag.png)
-## Create a Functions app
+## Create a Functions project
+
+The Azure Functions project template in Visual Studio creates a C# class library project that you can publish to a function app in Azure. You can use a function app to group functions as a logical unit for easier management, deployment, scaling, and sharing of resources.
+
+1. From the Visual Studio menu, select **File** > **New** > **Project**.
+
+1. In **Create a new project**, enter *functions* in the search box, choose the **Azure Functions** template, and then select **Next**.
+
+1. In **Configure your new project**, enter a **Project name** for your project, and then select **Create**. The function app name must be valid as a C# namespace, so don't use underscores, hyphens, or any other nonalphanumeric characters.
+
+1. For the **Create a new Azure Functions application** settings, use the values in the following table:
+
+ | Setting | Value | Description |
+ | | - |-- |
+ | **.NET version** | **.NET 6** | This value creates a function project that runs in-process with version 4.x of the Azure Functions runtime. For more information, see [Azure Functions runtime versions overview](../azure-functions/functions-versions.md). |
+ | **Function template** | **HTTP trigger** | This value creates a function triggered by an HTTP request. |
+ | **Storage account (AzureWebJobsStorage)** | **Storage emulator** | Because a function app in Azure requires a storage account, one is assigned or created when you publish your project to Azure. An HTTP trigger doesn't use an Azure Storage account connection string; all other trigger types require a valid Azure Storage account connection string. |
+ | **Authorization level** | **Anonymous** | The created function can be triggered by any client without providing a key. This authorization setting makes it easy to test your new function. For more information about keys and authorization, see [Authorization keys](../azure-functions/functions-bindings-http-webhook-trigger.md#authorization-keys) and [HTTP and webhook bindings](../azure-functions/functions-bindings-http-webhook.md). |
+
+ ![Screenshot of Azure Functions project settings](../../includes/media/functions-vs-tools-create/functions-project-settings.png)
+
+
+
+ Make sure you set the **Authorization level** to **Anonymous**. If you choose the default level of **Function**, you're required to present the [function key](../azure-functions/functions-bindings-http-webhook-trigger.md#authorization-keys) in requests to access your function endpoint.
+1. Select **Create** to create the function project and HTTP trigger function.
## Connect to an App Configuration store
azure-functions Create First Function Cli Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-python.md
Title: Create a Python function from the command line - Azure Functions description: Learn how to create a Python function from the command line, then publish the local project to serverless hosting in Azure Functions. Previously updated : 12/14/2023 Last updated : 02/16/2024 ms.devlang: python
Before you begin, you must have the following requirements in place:
+ The Azure [Az PowerShell module](/powershell/azure/install-azure-powershell) version 5.9.0 or later.
-+ [Python versions that are supported by Azure Functions](supported-languages.md#languages-by-runtime-version).
++ [A Python version supported by Azure Functions](supported-languages.md#languages-by-runtime-version). ::: zone pivot="python-mode-decorators" + The [Azurite storage emulator](../storage/common/storage-use-azurite.md?tabs=npm#install-azurite). While you can also use an actual Azure Storage account, the article assumes you're using this emulator. ::: zone-end
Before you begin, you must have the following requirements in place:
## <a name="create-venv"></a>Create and activate a virtual environment
-In a suitable folder, run the following commands to create and activate a virtual environment named `.venv`. Make sure that you're using a [version of Python that is supported by Azure Functions](supported-languages.md?pivots=programming-language-python#languages-by-runtime-version).
+In a suitable folder, run the following commands to create and activate a virtual environment named `.venv`. Make sure that you're using a [version of Python supported by Azure Functions](supported-languages.md?pivots=programming-language-python#languages-by-runtime-version).
### [bash](#tab/bash)
In this section, you create a function project and add an HTTP triggered functio
``` If prompted, choose the **ANONYMOUS** option. [`func new`](functions-core-tools-reference.md#func-new) adds an HTTP trigger endpoint named `HttpExample` to the `function_app.py` file, which is accessible without authentication.
-
-1. Open the local.settings.json project file and verify that the `AzureWebJobsFeatureFlags` setting has a value of `EnableWorkerIndexing`. This is required for Functions to interpret your project correctly as the Python v2 model. You'll add this same setting to your application settings after you publish your project to Azure.
+<! Remove these last steps after the next Core Tools version is released (4.28.0)>
+1. Open the local.settings.json project file and verify that the `AzureWebJobsFeatureFlags` setting has a value of `EnableWorkerIndexing`. This setting is required for Functions to interpret your project correctly as the Python v2 model when running locally.
1. In the local.settings.json file, update the `AzureWebJobsStorage` setting as in the following example:
In this section, you create a function project and add an HTTP triggered functio
"AzureWebJobsStorage": "UseDevelopmentStorage=true", ```
- This tells the local Functions host to use the storage emulator for the storage connection currently required by the Python v2 model. When you publish your project to Azure, you'll need to instead use the default storage account. If you're instead using an Azure Storage account, set your storage account connection string here.
+ This setting tells the local Functions host to use the storage emulator for the storage connection currently required by the Python v2 model. When you publish your project to Azure, you need to instead use the default storage account. If you're instead using an Azure Storage account, set your storage account connection string here.
1. Run this command to make sure that the Azure Functions library is installed in the environment.
Before you can deploy your function code to Azure, you need to create three reso
Use the following commands to create these items. Both Azure CLI and PowerShell are supported.
-1. If you haven't done so already, sign in to Azure.
+1. If needed, sign in to Azure.
# [Azure CLI](#tab/azure-cli) ```azurecli
Use the following commands to create these items. Both Azure CLI and PowerShell
# [Azure CLI](#tab/azure-cli) ```azurecli
- az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location westeurope --runtime python --runtime-version 3.9 --functions-version 4 --name <APP_NAME> --os-type linux --storage-account <STORAGE_NAME>
+ az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location westeurope --runtime python --runtime-version <PYTHON_VERSION> --functions-version 4 --name <APP_NAME> --os-type linux --storage-account <STORAGE_NAME>
```
- The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure. If you're using Python 3.9, 3.8, or 3.7, change `--runtime-version` to `3.9`, `3.8`, or `3.7`, respectively. You must supply `--os-type linux` because Python functions can't run on Windows, which is the default.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure. You must supply `--os-type linux` because Python functions only run on Linux.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
- New-AzFunctionApp -Name <APP_NAME> -ResourceGroupName AzureFunctionsQuickstart-rg -StorageAccountName <STORAGE_NAME> -FunctionsVersion 4 -RuntimeVersion 3.9 -Runtime python -Location '<REGION>'
+ New-AzFunctionApp -Name <APP_NAME> -ResourceGroupName AzureFunctionsQuickstart-rg -StorageAccountName <STORAGE_NAME> -FunctionsVersion 4 -RuntimeVersion <PYTHON_VERSION> -Runtime python -Location '<REGION>'
```
- The [New-AzFunctionApp](/powershell/module/az.functions/new-azfunctionapp) cmdlet creates the function app in Azure. If you're using Python 3.9, 3.8, or 3.7, change `-RuntimeVersion` to `3.9`, `3.8`, or `3.7`, respectively.
+ The [New-AzFunctionApp](/powershell/module/az.functions/new-azfunctionapp) cmdlet creates the function app in Azure.
- In the previous example, replace `<APP_NAME>` with a globally unique name appropriate to you. The `<APP_NAME>` is also the default DNS domain for the function app.
+ In the previous example, replace `<APP_NAME>` with a globally unique name appropriate to you. The `<APP_NAME>` is also the default subdomain for the function app. Make sure that the value you set for `<PYTHON_VERSION>` is a [version supported by Functions](supported-languages.md#languages-by-runtime-version) and is the same version you used during local development.
This command creates a function app running in your specified language runtime under the [Azure Functions Consumption Plan](consumption-plan.md), which is free for the amount of usage you incur here. The command also creates an associated Azure Application Insights instance in the same resource group, with which you can monitor your function app and view logs. For more information, see [Monitor Azure Functions](functions-monitoring.md). The instance incurs no costs until you activate it. [!INCLUDE [functions-publish-project-cli](../../includes/functions-publish-project-cli.md)]
-## Update app settings
-
-To use the Python v2 model in your function app, you need to add a new application setting in Azure named `AzureWebJobsFeatureFlags` with a value of `EnableWorkerIndexing`. This setting is already in your local.settings.json file.
-
-Run the following command to add this setting to your new function app in Azure.
-
-# [Azure CLI](#tab/azure-cli)
-
-```azurecli
-az functionapp config appsettings set --name <FUNCTION_APP_NAME> --resource-group <RESOURCE_GROUP_NAME> --settings AzureWebJobsFeatureFlags=EnableWorkerIndexing
-```
-
-# [Azure PowerShell](#tab/azure-powershell)
-
-```azurepowershell
-Update-AzFunctionAppSetting -Name <FUNCTION_APP_NAME> -ResourceGroupName <RESOURCE_GROUP_NAME> -AppSetting @{"AzureWebJobsFeatureFlags" = "EnableWorkerIndexing"}
-```
---
-In the previous example, replace `<FUNCTION_APP_NAME>` and `<RESOURCE_GROUP_NAME>` with the name of your function app and resource group, respectively. This setting is already in your local.settings.json file.
- ## Verify in Azure Run the following command to view near real-time streaming logs in Application Insights in the Azure portal.
azure-functions Create First Function Vs Code Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-vs-code-python.md
Completing this quickstart incurs a small cost of a few USD cents or less in you
There's also a [CLI-based version](create-first-function-cli-python.md) of this article.
-This video shows you how to create a Python function in Azure using VS Code.
+This video shows you how to create a Python function in Azure using Visual Studio Code.
> [!VIDEO a1e10f96-2940-489c-bc53-da2b915c8fc2] The steps in the video are also described in the following sections.
Before you begin, make sure that you have the following requirements in place:
+ An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio).
-+ Python versions that are [supported by Azure Functions](supported-languages.md#languages-by-runtime-version). For more information, see [How to install Python](https://wiki.python.org/moin/BeginnersGuide/Download).
++ A Python version that is [supported by Azure Functions](supported-languages.md#languages-by-runtime-version). For more information, see [How to install Python](https://wiki.python.org/moin/BeginnersGuide/Download). + [Visual Studio Code](https://code.visualstudio.com/) on one of the [supported platforms](https://code.visualstudio.com/docs/supporting/requirements#_platforms).
Before you begin, make sure that you have the following requirements in place:
## <a name="create-an-azure-functions-project"></a>Create your local project
-In this section, you use Visual Studio Code to create a local Azure Functions project in Python. Later in this article, you'll publish your function code to Azure.
+In this section, you use Visual Studio Code to create a local Azure Functions project in Python. Later in this article, you publish your function code to Azure.
1. Choose the Azure icon in the Activity bar. Then in the **Workspace (local)** area, select the **+** button, choose **Create Function** in the dropdown. When prompted, choose **Create new project**.
In this section, you use Visual Studio Code to create a local Azure Functions pr
|**Authorization level**| Choose `ANONYMOUS`, which lets anyone call your function endpoint. For more information about the authorization level, see [Authorization keys](functions-bindings-http-webhook-trigger.md#authorization-keys).| 4. Visual Studio Code uses the provided information and generates an Azure Functions project with an HTTP trigger. You can view the local project files in the Explorer. The generated `function_app.py` project file contains your functions.
-
-5. Open the local.settings.json project file and verify that the `AzureWebJobsFeatureFlags` setting has a value of `EnableWorkerIndexing`. This is required for Functions to interpret your project correctly as the Python v2 model. You'll add this same setting to your application settings after you publish your project to Azure.
+<! Remove these last steps after the next Core Tools version is released (4.28.0)>
+5. Open the local.settings.json project file and verify that the `AzureWebJobsFeatureFlags` setting has a value of `EnableWorkerIndexing`. This is required for Functions to interpret your project correctly as the Python v2 model when running locally.
6. In the local.settings.json file, update the `AzureWebJobsStorage` setting as in the following example:
In this section, you use Visual Studio Code to create a local Azure Functions pr
"AzureWebJobsStorage": "UseDevelopmentStorage=true", ```
- This tells the local Functions host to use the storage emulator for the storage connection currently required by the Python v2 model. When you publish your project to Azure, you'll need to instead use the default storage account. If you're instead using an Azure Storage account, set your storage account connection string here.
+ This tells the local Functions host to use the storage emulator for the storage connection currently required by the Python v2 model. When you publish your project to Azure, you need to instead use the default storage account. If you're instead using an Azure Storage account, set your storage account connection string here.
## Start the emulator
In this section, you use Visual Studio Code to create a local Azure Functions pr
[!INCLUDE [functions-run-function-test-local-vs-code](../../includes/functions-run-function-test-local-vs-code.md)]
-After you've verified that the function runs correctly on your local computer, it's time to use Visual Studio Code to publish the project directly to Azure.
+After you verify that the function runs correctly on your local computer, it's time to use Visual Studio Code to publish the project directly to Azure.
[!INCLUDE [functions-sign-in-vs-code](../../includes/functions-sign-in-vs-code.md)]
In this section, you create a function app and related resources in your Azure s
[!INCLUDE [functions-deploy-project-vs-code](../../includes/functions-deploy-project-vs-code.md)]
-## Update app settings
-
-To use the Python v2 model in your function app, you need to add a new application setting in Azure named `AzureWebJobsFeatureFlags` with a value of `EnableWorkerIndexing`. This setting is already in your local.settings.json file.
-
-1. In Visual Studio Code, press <kbd>F1</kbd> to open the command palette. In the command palette, search for and select `Azure Functions: Add New Setting...`.
-
-1. Choose your new function app, type `AzureWebJobsFeatureFlags` for the new app setting name, and press <kbd>Enter</kbd>.
-
-1. For the value, type `EnableWorkerIndexing` and press <kbd>Enter</kbd>.
-
-The setting added to your new function app, which enables it to run the v2 model in Azure.
- [!INCLUDE [functions-vs-code-run-remote](../../includes/functions-vs-code-run-remote.md)] [!INCLUDE [functions-cleanup-resources-vs-code.md](../../includes/functions-cleanup-resources-vs-code.md)] ## Next steps
-You have used [Visual Studio Code](functions-develop-vs-code.md?tabs=python) to create a function app with a simple HTTP-triggered function. In the next articles, you expand that function by connecting to Azure Cosmos DB and Azure Storage. To learn more about connecting to other Azure services, see [Add bindings to an existing function in Azure Functions](add-bindings-existing-function.md?tabs=python).
+You created and deployed a function app with a simple HTTP-triggered function. In the next articles, you expand that function by connecting to a storage service in Azure. To learn more about connecting to other Azure services, see [Add bindings to an existing function in Azure Functions](add-bindings-existing-function.md?tabs=python).
> [!div class="nextstepaction"] > [Connect to Azure Cosmos DB](functions-add-output-binding-cosmos-db-vs-code.md?pivots=programming-language-python)
azure-functions Functions Create Function App Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-create-function-app-portal.md
Title: Create your first function in the Azure portal description: Learn how to create your first Azure Function for serverless execution using the Azure portal. Previously updated : 12/28/2023 Last updated : 01/31/2024
+zone_pivot_groups: programming-languages-set-functions
# Create your first function in the Azure portal
-Azure Functions lets you run your code in a serverless environment without having to first create a virtual machine (VM) or publish a web application. In this article, you learn how to use Azure Functions to create a "hello world" HTTP trigger function in the Azure portal.
--
-We recommend that you [develop your functions locally](functions-develop-local.md) and publish to a function app in Azure.
-Use one of the following links to get started with your chosen local development environment and language:
-
-| Visual Studio Code | Terminal/command prompt | Visual Studio |
-| | | |
-| &bull;&nbsp;[Get started with C#](./create-first-function-vs-code-csharp.md)<br/>&bull;&nbsp;[Get started with Java](./create-first-function-vs-code-java.md)<br/>&bull;&nbsp;[Get started with JavaScript](./create-first-function-vs-code-node.md)<br/>&bull;&nbsp;[Get started with PowerShell](./create-first-function-vs-code-powershell.md)<br/>&bull;&nbsp;[Get started with Python](./create-first-function-vs-code-python.md) |&bull;&nbsp;[Get started with C#](./create-first-function-cli-csharp.md)<br/>&bull;&nbsp;[Get started with Java](./create-first-function-cli-java.md)<br/>&bull;&nbsp;[Get started with JavaScript](./create-first-function-cli-node.md)<br/>&bull;&nbsp;[Get started with PowerShell](./create-first-function-cli-powershell.md)<br/>&bull;&nbsp;[Get started with Python](./create-first-function-cli-python.md) | [Get started with C#](functions-create-your-first-function-visual-studio.md) |
-
+Azure Functions lets you run your code in a serverless environment without having to first create a virtual machine (VM) or publish a web application. In this article, you learn how to use Azure Functions to create a "hello world" HTTP trigger function in the Azure portal.
+
+Choose your preferred programming language at the top of the article.
+
+>[!NOTE]
+>Editing your C# function code in the Azure portal is currently only supported for [C# script (.csx) functions](functions-reference-csharp.md). To learn more about the limitations on editing function code in the Azure portal, see [Development limitations in the Azure portal](functions-how-to-use-azure-function-app-settings.md#development-limitations-in-the-azure-portal).
+>
+> You should instead [develop your functions locally](functions-develop-local.md) and publish to a function app in Azure. Use one of the following links to get started with your chosen local development environment:
+>+ [Visual Studio](functions-create-your-first-function-visual-studio.md)
+>+ [Visual Studio Code](./create-first-function-vs-code-csharp.md)
+>+ [Terminal/command prompt](./create-first-function-cli-csharp.md)
+>[!NOTE]
+>Editing your Java function code in the Azure portal isn't currently supported. For more information, see [Development limitations in the Azure portal](functions-how-to-use-azure-function-app-settings.md#development-limitations-in-the-azure-portal).
+>
+> You should instead [develop your functions locally](functions-develop-local.md) and publish to a function app in Azure. Use one of the following links to get started with your chosen local development environment:
+>+ [Eclipse](functions-create-maven-eclipse.md)
+>+ [Gradle](functions-create-first-java-gradle.md)
+>+ [IntelliJ IDEA](functions-create-maven-intellij.md)
+>+ [Maven](create-first-function-cli-java.md)
+>+ [Quarkus](functions-create-first-quarkus.md)
+>+ [Spring Cloud](/azure/developer/java/spring-framework/getting-started-with-spring-cloud-function-in-azure?toc=/azure/azure-functions/toc.json)
+>+ [Visual Studio Code](create-first-function-vs-code-java.md)
+>[!NOTE]
+>Because of [development limitations in the Azure portal](functions-how-to-use-azure-function-app-settings.md#development-limitations-in-the-azure-portal), you should instead [develop your functions locally](functions-develop-local.md) and publish to a function app in Azure. Use one of the following links to get started with your chosen local development environment:
+>+ [Visual Studio Code](./create-first-function-vs-code-node.md)
+>+ [Terminal/command prompt](./create-first-function-cli-node.md)
+>[!NOTE]
+>Editing your TypeScript function code in the Azure portal isn't currently supported. For more information, see [Development limitations in the Azure portal](functions-how-to-use-azure-function-app-settings.md#development-limitations-in-the-azure-portal).
+>
+> You should instead [develop your functions locally](functions-develop-local.md) and publish to a function app in Azure. Use one of the following links to get started with your chosen local development environment:
+>+ [Visual Studio Code](./create-first-function-vs-code-typescript.md)
+>+ [Terminal/command prompt](./create-first-function-cli-typescript.md)
+>[!NOTE]
+>Because of [development limitations in the Azure portal](functions-how-to-use-azure-function-app-settings.md#development-limitations-in-the-azure-portal), you should instead [develop your functions locally](functions-develop-local.md) and publish to a function app in Azure. Use one of the following links to get started with your chosen local development environment:
+>+ [Visual Studio Code](./create-first-function-vs-code-powershell.md)
+>+ [Terminal/command prompt](./create-first-function-cli-powershell.md)
+>[!NOTE]
+>Developing Python functions in the Azure portal is currently only supported when running in a [Consumption plan](./consumption-plan.md). For more information, see [Development limitations in the Azure portal](functions-how-to-use-azure-function-app-settings.md#development-limitations-in-the-azure-portal).
+>
+> You should instead [develop your functions locally](functions-develop-local.md) and publish to a function app in Azure. Use one of the following links to get started with your chosen local development environment:
+>+ [Visual Studio Code](./create-first-function-vs-code-python.md)
+>+ [Terminal/command prompt](./create-first-function-cli-python.md)
+
+Please review the [known issues](./recover-python-functions.md#development-issues-in-the-azure-portal) for development of Azure Functions using Python in the Azure portal.
## Prerequisites
Sign in to the [Azure portal](https://portal.azure.com) with your Azure account.
## Create a function app
-You must have a function app to host the execution of your functions. A function app lets you group functions as a logical unit for easier management, deployment, scaling, and sharing of resources.
+You must have a function app to host the execution of your functions. A function app lets you group functions as a logical unit for easier management, deployment, scaling, and sharing of resources.
+
+Use these steps to create your function app and related Azure resources, whether or not you're able to edit your code in the Azure portal.
+To be able to create a C# script app that you can edit in the portal, you must choose **6 (LTS)** for .NET **Version**.
[!INCLUDE [Create function app Azure portal](../../includes/functions-create-function-app-portal.md)] Next, create a function in the new function app. ## <a name="create-function"></a>Create an HTTP trigger function
-1. In your function app, select **Overview**, and then select **+ Create** under **Functions**.
+1. In your function app, select **Overview**, and then select **+ Create** under **Functions**. If you don't see the **+ Create** button, you can instead [create your functions locally](#create-your-functions-locally).
1. Under **Select a template**, scroll down and choose the **HTTP trigger** template. 1. In **Template details**, use `HttpExample` for **New Function**, select **Anonymous** from the **[Authorization level](functions-bindings-http-webhook-trigger.md#authorization-keys)** drop-down list, and then select **Create**. Azure creates the HTTP trigger function. Now, you can run the new function by sending an HTTP request.
+## Create your functions locally
+
+If you aren't able to create your function code in the portal, you can instead create a local project and publish the function code to your new function app.
+
+1. In your function app, select **Overview**, and then in **Create functions in your preferred environment** under **Functions**.
+
+1. Choose your preferred local development environment and follow the steps in the linked article to create and publish your first Azure Functions project.
+ >[!TIP]
+ >When publishing your new project, make sure to use the function app and related resources you just created.
## Test the function > [!TIP] > The **Code + Test** functionality in the portal works even for functions that are read-only and can't be edited in the portal.
-1. In your new HTTP trigger function, select **Code + Test** from the left menu, and then select **Get function URL** from the top menu.
+1. In the portal, locate the HTTP triggered function in your new function app, select **Code + Test** from the left menu, and then select **Get function URL** from the top menu.
:::image type="content" source="./media/functions-create-first-azure-function/function-app-http-example-get-function-url.png" alt-text="Screenshot of Get function URL window.":::
azure-functions Functions Create Your First Function Visual Studio https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-create-your-first-function-visual-studio.md
Visual Studio can publish your local project to Azure. Before you can publish yo
## Verify your function in Azure
-1. In Cloud Explorer, your new function app should be selected. If not, expand your subscription > **App Services**, and select your new function app.
+1. In the Azure portal, you should be in the **Overview** page for your new functions app.
-1. Right-click the function app and choose **Open in Browser**. This opens the root of your function app in your default web browser and displays the page that indicates your function app is running.
+1. Under **Functions**, select your new function named **HttpExample**, then in the function page select **Get function URL** and then the **Copy to clipboard icon**.
- :::image type="content" source="media/functions-create-your-first-function-visual-studio/function-app-running-azure-v4.png" alt-text="Function app running":::
-
-1. In the address bar in the browser, append the string `/api/HttpExample?name=Functions` to the base URL and run the request.
+1. In the address bar in your browser, paste the URL you just copied and run the request.
The URL that calls your HTTP trigger function is in the following format:
azure-functions Functions Develop Vs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-develop-vs.md
description: Learn how to develop and test Azure Functions by using Azure Functi
ms.devlang: csharp Previously updated : 09/08/2022 Last updated : 01/30/2024
+zone_pivot_groups: function-worker-process
# Develop Azure Functions using Visual Studio Visual Studio lets you develop, test, and deploy C# class library functions to Azure. If this experience is your first with Azure Functions, see [An introduction to Azure Functions](functions-overview.md).
-Visual Studio provides the following benefits when you develop your functions:
-
-* Edit, build, and run functions on your local development computer.
-* Publish your Azure Functions project directly to Azure, and create Azure resources as needed.
-* Use C# attributes to declare function bindings directly in the C# code.
-* Develop and deploy pre-compiled C# functions. Pre-complied functions provide a better cold-start performance than C# script-based functions.
-* Code your functions in C# while having all of the benefits of Visual Studio development.
-
-This article provides details about how to use Visual Studio to develop C# class library functions and publish them to Azure. Before you read this article, consider completing the [Functions quickstart for Visual Studio](functions-create-your-first-function-visual-studio.md).
-
+To get started right away, consider completing the [Functions quickstart for Visual Studio](functions-create-your-first-function-visual-studio.md).
+
+This article provides details about how to use Visual Studio to develop C# class library functions and publish them to Azure.
+There are two models for developing C# class library functions: the [Isolated worker model](dotnet-isolated-process-guide.md) and the [In-process model](functions-dotnet-class-library.md).
+You're reading the isolated worker model version this article. You can choose your preferred model at the top of the article.
+You're reading the in-process model version this article. You can choose your preferred model at the top of the article.
Unless otherwise noted, procedures and examples shown are for Visual Studio 2022. For more information about Visual Studio 2022 releases, see [the release notes](/visualstudio/releases/2022/release-notes) or the [preview release notes](/visualstudio/releases/2022/release-notes-preview). ## Prerequisites -- Azure Functions Tools. To add Azure Function Tools, include the **Azure development** workload in your Visual Studio installation. If you're using Visual Studio 2017, you may need to [follow some extra installation steps](#azure-functions-tools-with-visual-studio-2017).-
+- Visual Studio 2022, including the **Azure development** workload.
- Other resources that you need, such as an Azure Storage account, are created in your subscription during the publishing process. - [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)] ## Create an Azure Functions project
+The Azure Functions project template in Visual Studio creates a C# class library project that you can publish to a function app in Azure. You can use a function app to group functions as a logical unit for easier management, deployment, scaling, and sharing of resources.
+
+1. From the Visual Studio menu, select **File** > **New** > **Project**.
+
+1. In **Create a new project**, enter *functions* in the search box, choose the **Azure Functions** template, and then select **Next**.
+
+1. In **Configure your new project**, enter a **Project name** for your project, and then select **Create**. The function app name must be valid as a C# namespace, so don't use underscores, hyphens, or any other nonalphanumeric characters.
+
+1. For the **Create a new Azure Functions application** settings, use the values in the following table:
+
+ ::: zone pivot="isolated"
+ | Setting | Value | Description |
+ | | - |-- |
+ | **.NET version** | **.NET 6 Isolated** | This value creates a function project that runs in an [isolated worker process](dotnet-isolated-process-guide.md). Isolated worker process supports other non-LTS version of .NET and also .NET Framework. For more information, see [Azure Functions runtime versions overview](functions-versions.md). |
+ | **Function template** | **HTTP trigger** | This value creates a function triggered by an HTTP request. |
+ | **Storage account (AzureWebJobsStorage)** | **Storage emulator** | Because a function app in Azure requires a storage account, one is assigned or created when you publish your project to Azure. An HTTP trigger doesn't use an Azure Storage account connection string; all other trigger types require a valid Azure Storage account connection string. |
+ | **Authorization level** | **Anonymous** | The created function can be triggered by any client without providing a key. This authorization setting makes it easy to test your new function. For more information about keys and authorization, see [Authorization keys](functions-bindings-http-webhook-trigger.md#authorization-keys) and [HTTP and webhook bindings](functions-bindings-http-webhook.md). |
+
+ ![Screenshot of Azure Functions project settings](./media/functions-develop-vs/functions-project-settings-v4-isolated.png)
+ ::: zone-end
+ ::: zone pivot="in-proc"
+ | Setting | Value | Description |
+ | | - |-- |
+ | **.NET version** | **.NET 6** | This value creates a function project that runs in-process with version 4.x of the Azure Functions runtime. For more information, see [Azure Functions runtime versions overview](functions-versions.md). |
+ | **Function template** | **HTTP trigger** | This value creates a function triggered by an HTTP request. |
+ | **Storage account (AzureWebJobsStorage)** | **Storage emulator** | Because a function app in Azure requires a storage account, one is assigned or created when you publish your project to Azure. An HTTP trigger doesn't use an Azure Storage account connection string; all other trigger types require a valid Azure Storage account connection string. |
+ | **Authorization level** | **Anonymous** | The created function can be triggered by any client without providing a key. This authorization setting makes it easy to test your new function. For more information about keys and authorization, see [Authorization keys](functions-bindings-http-webhook-trigger.md#authorization-keys) and [HTTP and webhook bindings](functions-bindings-http-webhook.md). |
+
+ ![Screenshot of Azure Functions project settings](./media/functions-develop-vs/functions-project-settings.png)
+ ::: zone-end
-After you create an Azure Functions project, the project template creates a C# project, installs the `Microsoft.NET.Sdk.Functions` NuGet package, and sets the target framework. The new project has the following files:
+ Make sure you set the **Authorization level** to **Anonymous**. If you choose the default level of **Function**, you're required to present the [function key](functions-bindings-http-webhook-trigger.md#authorization-keys) in requests to access your function endpoint.
+
+1. Select **Create** to create the function project and HTTP trigger function.
+After you create an Azure Functions project, the project template creates a C# project, installs the `Microsoft.Azure.Functions.Worker` and `Microsoft.Azure.Functions.Worker.Sdk` NuGet packages, and sets the target framework.
+After you create an Azure Functions project, the project template creates a C# project, installs the `Microsoft.NET.Sdk.Functions` NuGet package, and sets the target framework.
+The new project has the following files:
* **host.json**: Lets you configure the Functions host. These settings apply both when running locally and in Azure. For more information, see [host.json reference](functions-host-json.md).
After you create an Azure Functions project, the project template creates a C# p
>[!IMPORTANT] >Because the local.settings.json file can contain secrets, you must exclude it from your project source control. Make sure the **Copy to Output Directory** setting for this file is set to **Copy if newer**. -
+For more information, see [Project structure](dotnet-isolated-process-guide.md#project-structure) in the Isolated worker guide.
For more information, see [Functions class library project](functions-dotnet-class-library.md#functions-class-library-project).- [!INCLUDE [functions-local-settings-file](../../includes/functions-local-settings-file.md)] Visual Studio doesn't automatically upload the settings in local.settings.json when you publish the project. To make sure that these settings also exist in your function app in Azure, upload them after you publish your project. For more information, see [Function app settings](#function-app-settings). The values in a `ConnectionStrings` collection are never published.
Your code can also read the function app settings values as environment variable
## Configure the project for local development
-The Functions runtime uses an Azure Storage account internally. For all trigger types other than HTTP and webhooks, set the `Values.AzureWebJobsStorage` key to a valid Azure Storage account connection string. Your function app can also use the [Azurite emulator](../storage/common/storage-use-azurite.md) for the `AzureWebJobsStorage` connection setting that's required by the project. To use the emulator, set the value of `AzureWebJobsStorage` to `UseDevelopmentStorage=true`. Change this setting to an actual storage account connection string before deployment. For more information, see [Local storage emulator](functions-develop-local.md#local-storage-emulator).
+The Functions runtime uses an Azure Storage account internally. For all trigger types other than HTTP and webhooks, set the `Values.AzureWebJobsStorage` key to a valid Azure Storage account connection string. Your function app can also use the [Azurite emulator](../storage/common/storage-use-azurite.md) for the `AzureWebJobsStorage` connection setting required by the project. To use the emulator, set the value of `AzureWebJobsStorage` to `UseDevelopmentStorage=true`. Change this setting to an actual storage account connection string before deployment. For more information, see [Local storage emulator](functions-develop-local.md#local-storage-emulator).
To set the storage account connection string: 1. In the Azure portal, navigate to your storage account.
-2. In the **Access keys** tab, below **Security + networking**, copy the **Connection string** of **key1**.
+1. In the **Access keys** tab, below **Security + networking**, copy the **Connection string** of **key1**.
-2. In your project, open the local.settings.json file and set the value of the `AzureWebJobsStorage` key to the connection string you copied.
+1. In your project, open the local.settings.json file and set the value of the `AzureWebJobsStorage` key to the connection string you copied.
3. Repeat the previous step to add unique keys to the `Values` array for any other connections required by your functions.
To set the storage account connection string:
In C# class library functions, the bindings used by the function are defined by applying attributes in the code. When you create your function triggers from the provided templates, the trigger attributes are applied for you.
-1. In **Solution Explorer**, right-click your project node and select **Add** > **New Item**.
+1. In **Solution Explorer**, right-click your project node and select **Add** > **New Azure Function**.
-2. Select **Azure Function**, enter a **Name** for the class, and then select **Add**.
+1. Enter a **Name** for the class, and then select **Add**.
-3. Choose your trigger, set the binding properties, and then select **Add**. The following example shows the settings for creating a Queue storage trigger function.
+1. Choose your trigger, set the required binding properties, and then select **Add**. The following example shows the settings for creating a Queue storage trigger function.
![Create a Queue storage trigger function](./media/functions-develop-vs/functions-vstools-create-queuetrigger.png)
- You'll then be prompted to choose between the Azurite storage emulator or referencing a provisioned Azure storage account.
+ For an Azure Storage service trigger, check the **Configure connection** box and you're prompted to choose between using an Azurite storage emulator or referencing a provisioned Azure storage account. Select **Next** and if you choose a storage account, Visual Studio tries to connect to your Azure account and get the connection string. Choose **Save connection string value in Local user secrets file** and then **Finish** to create the trigger class.
- This trigger example uses a connection string with a key named `QueueStorage`. This key, stored in the [local.settings.json file](functions-develop-local.md#local-settings-file), either references the Azurite emulator or an Azure storage account.
+ This trigger example uses an application setting for the storage connection with a key named `QueueStorage`. This key, stored in the [local.settings.json file](functions-develop-local.md#local-settings-file), either references the Azurite emulator or an Azure storage account.
-4. Examine the newly added class. You see a static `Run()` method that's attributed with the `FunctionName` attribute. This attribute indicates that the method is the entry point for the function.
+1. Examine the newly added class. For example, the following C# class represents a basic Queue storage trigger function:
+ ::: zone pivot="isolated"
+ You see a static `Run()` method attributed with `Function`. This attribute indicates that the method is the entry point for the function.
- For example, the following C# class represents a basic Queue storage trigger function:
-
- ```csharp
- using System;
- using Microsoft.Azure.WebJobs;
- using Microsoft.Azure.WebJobs.Host;
- using Microsoft.Extensions.Logging;
+ :::code language="csharp" source="~/functions-quickstart-templates/Functions.Templates/Templates/QueueTrigger-CSharp-Isolated/QueueTriggerCSharp.cs" :::
+ ::: zone-end
+ ::: zone pivot="in-proc"
+ You see a static `Run()` method attributed with `FunctionName`. This attribute indicates that the method is the entry point for the function.
- namespace FunctionApp1
- {
- public static class Function1
- {
- [FunctionName("QueueTriggerCSharp")]
- public static void Run([QueueTrigger("myqueue-items",
- Connection = "QueueStorage")]string myQueueItem, ILogger log)
- {
- log.LogInformation($"C# Queue trigger function processed: {myQueueItem}");
- }
- }
- }
- ```
+ :::code language="csharp" source="~/functions-quickstart-templates/Functions.Templates/Templates/QueueTrigger-CSharp-4.x/QueueTriggerCSharp.cs" :::
+ ::: zone-end
A binding-specific attribute is applied to each binding parameter supplied to the entry point method. The attribute takes the binding information as parameters. In the previous example, the first parameter has a `QueueTrigger` attribute applied, indicating a Queue storage trigger function. The queue name and connection string setting name are passed as parameters to the `QueueTrigger` attribute. For more information, see [Azure Queue storage bindings for Azure Functions](functions-bindings-storage-queue-trigger.md).
Use the above procedure to add more functions to your function app project. Each
As with triggers, input and output bindings are added to your function as binding attributes. Add bindings to a function as follows:
-1. Make sure you've [configured the project for local development](#configure-the-project-for-local-development).
+1. Make sure you [configure the project for local development](#configure-the-project-for-local-development).
1. Add the appropriate NuGet extension package for the specific binding by finding the binding-specific NuGet package requirements in the reference article for the binding. For example, find package requirements for the Event Hubs trigger in the [Event Hubs binding reference article](functions-bindings-event-hubs.md). 1. Use the following command in the Package Manager Console to install a specific package:
- # [Isolated worker model](#tab/isolated-process)
-
+ ::: zone pivot="isolated"
```powershell Install-Package Microsoft.Azure.Functions.Worker.Extensions.<BINDING_TYPE> -Version <TARGET_VERSION> ```
-
- # [In-process model](#tab/in-process)
-
+ ::: zone-end
+ ::: zone pivot="in-proc"
```powershell Install-Package Microsoft.Azure.WebJobs.Extensions.<BINDING_TYPE> -Version <TARGET_VERSION> ```
-
-
+ ::: zone-end
+ In this example, replace `<BINDING_TYPE>` with the name specific to the binding extension and `<TARGET_VERSION>` with a specific version of the package, such as `4.0.0`. Valid versions are listed on the individual package pages at [NuGet.org](https://nuget.org).
- In this example, replace `<BINDING_TYPE>` with the name specific to the binding extension and `<TARGET_VERSION>` with a specific version of the package, such as `3.0.0-beta5`. Valid versions are listed on the individual package pages at [NuGet.org](https://nuget.org). The major versions that correspond to Functions runtime 1.x or 2.x are specified in the reference article for the binding.
+1. If there are app settings that the binding needs, add them to the `Values` collection in the [local setting file](functions-develop-local.md#local-settings-file).
-3. If there are app settings that the binding needs, add them to the `Values` collection in the [local setting file](functions-develop-local.md#local-settings-file).
+ The function uses these values when it runs locally. When the function runs in the function app in Azure, it uses the [function app settings](#function-app-settings). Visual Studio makes it easy to [publish local settings to Azure](#function-app-settings).
- The function uses these values when it runs locally. When the function runs in the function app in Azure, it uses the [function app settings](#function-app-settings).
+1. Add the appropriate binding attribute to the method signature. In the following example, a queue message triggers the function, and the output binding creates a new queue message with the same text in a different queue.
-4. Add the appropriate binding attribute to the method signature. In the following example, a queue message triggers the function, and the output binding creates a new queue message with the same text in a different queue.
+ ::: zone pivot="isolated"
+ ```csharp
+ public class QueueTrigger
+ {
+ private readonly ILogger _logger;
+
+ public QueueTrigger(ILoggerFactory loggerFactory)
+ {
+ _logger = loggerFactory.CreateLogger<QueueTrigger>();
+ }
+
+ [Function("CopyQueueMessage")]
+ [QueueOutput("myqueue-items-destination", Connection = "QueueStorage")]
+ public string Run([QueueTrigger("myqueue-items-source", Connection = "QueueStorage")] string myQueueItem)
+ {
+ _logger.LogInformation($"C# Queue trigger function processed: {myQueueItem}");
+ return myQueueItem;
+ }
+ }
+ ```
+ The `QueueOutput` attribute defines the binding on the method. For multiple output bindings, you would instead place this attribute on a string property of the returned object. For more information, see [Multiple output bindings](dotnet-isolated-process-guide.md#multiple-output-bindings).
+ ::: zone-end
+ ::: zone pivot="in-proc"
```csharp public static class SimpleExampleWithOutput { [FunctionName("CopyQueueMessage")] public static void Run(
- [QueueTrigger("myqueue-items-source", Connection = "AzureWebJobsStorage")] string myQueueItem,
- [Queue("myqueue-items-destination", Connection = "AzureWebJobsStorage")] out string myQueueItemCopy,
+ [QueueTrigger("myqueue-items-source", Connection = "QueueStorage")] string myQueueItem,
+ [Queue("myqueue-items-destination", Connection = "QueueStorage")] out string myQueueItemCopy,
ILogger log) { log.LogInformation($"CopyQueueMessage function processed: {myQueueItem}");
As with triggers, input and output bindings are added to your function as bindin
} ```
- The connection to Queue storage is obtained from the `AzureWebJobsStorage` setting. For more information, see the reference article for the specific binding.
+ The `Queue` attribute on the `out` parameter defines the output binding.
+ ::: zone-end
+
+ The connection to Queue storage is obtained from the `QueueStorage` setting. For more information, see the reference article for the specific binding.
For a full list of the bindings supported by Functions, see [Supported bindings](functions-triggers-bindings.md?tabs=csharp#supported-bindings).
For a more detailed testing scenario using Visual Studio, see [Testing functions
## Publish to Azure
-When you publish from Visual Studio, it uses one of the two deployment methods:
+When you publish your functions project to Azure, Visual Studio uses [zip deployment](functions-deployment-technologies.md#zip-deploy) to deploy the project files. When possible, you should also select **Run-From-Package** so that the project runs in the deployment (.zip) package. For more information, see [Run your functions from a package file in Azure](run-functions-from-deployment-package.md).
-* [Web Deploy](functions-deployment-technologies.md#web-deploy-msdeploy): Packages and deploys Windows apps to any IIS server.
-* [Zip Deploy with Run-From-Package enabled](functions-deployment-technologies.md#zip-deploy): Recommended for Azure Functions deployments.
+Don't deploy to Azure Functions using Web Deploy (`msdeploy`).
Use the following steps to publish your project to a function app in Azure.
The way you attach the debugger depends on your execution mode. When debugging a
When you're done, you should [disable remote debugging](#disable-remote-debugging).
-# [Isolated worker model](#tab/isolated-process)
- To attach a remote debugger to a function app running in a process separate from the Functions host: 1. From the **Publish** tab, select the ellipses (**...**) in the **Hosting** section, and then choose **Download publish profile**. This action downloads a copy of the publish profile and opens the download location. You need this file, which contains the credentials used to attach to your isolated worker process running in Azure.
To attach a remote debugger to a function app running in a process separate from
:::image type="content" source="media/functions-develop-vs/attach-to-process-in-process.png" alt-text="Screenshot of attaching the debugger from Visual Studio.":::
- Visual Studio connects to your function app and enables remote debugging, if it's not already enabled.
+ Visual Studio connects to your function app and enables remote debugging, if not already enabled.
> [!NOTE] > Because the remote debugger isn't able to connect to the host process, you could see an error. In any case, the default debugging won't break into your code.
To attach a remote debugger to a function app running in a process separate from
![Visual Studio enter credential](./media/functions-develop-vs/creds-dialog.png) 1. Check **Show process from all users** and then choose **dotnet.exe** and select **Attach**. When the operation completes, you're attached to your C# class library code running in an isolated worker process. At this point, you can debug your function app as normal.-
-# [In-process model](#tab/in-process)
To attach a remote debugger to a function app running in-process with the Functions host:
To attach a remote debugger to a function app running in-process with the Functi
:::image type="content" source="media/functions-develop-vs/attach-to-process-in-process.png" alt-text="Screenshot of attaching the debugger from Visual Studio.":::
-Visual Studio connects to your function app and enables remote debugging, if it's not already enabled. It also locates and attaches the debugger to the host process for the app. At this point, you can debug your function app as normal.
--
+Visual Studio connects to your function app and enables remote debugging, if not already enabled. It also locates and attaches the debugger to the host process for the app. At this point, you can debug your function app as normal.
### Disable remote debugging
After the function app restarts, you can no longer remotely connect to your remo
## Monitoring functions
-The recommended way to monitor the execution of your functions is by integrating your function app with Azure Application Insights. When you create a function app in the Azure portal, this integration is done for you by default. However, when you create your function app during Visual Studio publishing, the integration in your function app in Azure isn't done. To learn how to connect Application Insights to your function app, see [Enable Application Insights integration](configure-monitoring.md#enable-application-insights-integration).
+The recommended way to monitor the execution of your functions is by integrating your function app with Azure Application Insights. You should enable this integration when you create your function app during Visual Studio publishing.
+
+If for some reason the integration wasn't done during publishing, you should still [enable Application Insights integration](configure-monitoring.md#enable-application-insights-integration) for your function app in Azure.
To learn more about monitoring using Application Insights, see [Monitor Azure Functions](functions-monitoring.md). ## Testing functions
-This section describes how to create a C# function app project in Visual Studio and to run and test with [xUnit](https://github.com/xunit/xunit).
+This section describes how to create a C# in-process model project that you can test with [xUnit](https://github.com/xunit/xunit).
![Testing Azure Functions with C# in Visual Studio](./media/functions-test-a-function/azure-functions-test-visual-studio-xunit.png)
-### Setup
+### 1. Setup
-To set up your environment, create a function and test the app. The following steps help you create the apps and functions required to support the tests:
+Use these steps to configure the environment, including the app project and functions, required to support your tests:
1. [Create a new Functions app](functions-get-started.md) and name it **Functions**
-2. [Create an HTTP function from the template](functions-get-started.md) and name it **MyHttpTrigger**.
-3. [Create a timer function from the template](functions-create-scheduled-function.md) and name it **MyTimerTrigger**.
-4. [Create an xUnit Test app](https://xunit.net/docs/getting-started/netcore/cmdline) in the solution and name it **Functions.Tests**. Remove the default test files.
-5. Use NuGet to add a reference from the test app to [Microsoft.AspNetCore.Mvc](https://www.nuget.org/packages/Microsoft.AspNetCore.Mvc/)
-6. [Reference the *Functions* app](/visualstudio/ide/managing-references-in-a-project) from *Functions.Tests* app.
+1. [Create an HTTP function from the template](functions-get-started.md) and name it **MyHttpTrigger**.
+1. [Create a timer function from the template](functions-create-scheduled-function.md) and name it **MyTimerTrigger**.
+1. [Create an xUnit Test app](https://xunit.net/docs/getting-started/netcore/cmdline) in the solution and name it **Functions.Tests**. Remove the default test files.
+1. Use NuGet to add a reference from the test app to [Microsoft.AspNetCore.Mvc](https://www.nuget.org/packages/Microsoft.AspNetCore.Mvc/)
+1. [Reference the *Functions* app](/visualstudio/ide/managing-references-in-a-project) from *Functions.Tests* app.
-### Create test classes
+Now that the projects are created, you can create the classes used to run the automated tests.
-Now that the projects are created, you can create the classes used to run the automated tests.
+### 2. Create test classes
-Each function takes an instance of [ILogger](/dotnet/api/microsoft.extensions.logging.ilogger) to handle message logging. Some tests either don't log messages or have no concern for how logging is implemented. Other tests need to evaluate messages logged to determine whether a test is passing.
+Each function takes an instance of [`ILogger`](/dotnet/api/microsoft.extensions.logging.ilogger) to handle message logging. Some tests either don't log messages or have no concern for how logging is implemented. Other tests need to evaluate messages logged to determine whether a test is passing.
-You'll create a new class named `ListLogger`, which holds an internal list of messages to evaluate during testing. To implement the required `ILogger` interface, the class needs a scope. The following class mocks a scope for the test cases to pass to the `ListLogger` class.
+1. Create a class named `ListLogger`, which holds an internal list of messages to evaluate during testing. To implement the required `ILogger` interface, the class needs a scope. The following class mocks a scope for the test cases to pass to the `ListLogger` class.
-Create a new class in *Functions.Tests* project named **NullScope.cs** and enter the following code:
+1. Create a new class in your *Functions.Tests* project named **NullScope.cs** and add this code:
-```csharp
-using System;
-
-namespace Functions.Tests
-{
- public class NullScope : IDisposable
+ ```csharp
+ using System;
+
+ namespace Functions.Tests
{
- public static NullScope Instance { get; } = new NullScope();
-
- private NullScope() { }
-
- public void Dispose() { }
+ public class NullScope : IDisposable
+ {
+ public static NullScope Instance { get; } = new NullScope();
+
+ private NullScope() { }
+
+ public void Dispose() { }
+ }
}
-}
-```
-
-Next, create a new class in *Functions.Tests* project named **ListLogger.cs** and enter the following code:
+ ```
-```csharp
-using Microsoft.Extensions.Logging;
-using System;
-using System.Collections.Generic;
-using System.Text;
+1. Create a class in your *Functions.Tests* project named **ListLogger.cs** and add this code:
-namespace Functions.Tests
-{
- public class ListLogger : ILogger
+ ```csharp
+ using Microsoft.Extensions.Logging;
+ using System;
+ using System.Collections.Generic;
+ using System.Text;
+
+ namespace Functions.Tests
{
- public IList<string> Logs;
-
- public IDisposable BeginScope<TState>(TState state) => NullScope.Instance;
-
- public bool IsEnabled(LogLevel logLevel) => false;
-
- public ListLogger()
+ public class ListLogger : ILogger
{
- this.Logs = new List<string>();
- }
-
- public void Log<TState>(LogLevel logLevel,
- EventId eventId,
- TState state,
- Exception exception,
- Func<TState, Exception, string> formatter)
- {
- string message = formatter(state, exception);
- this.Logs.Add(message);
+ public IList<string> Logs;
+
+ public IDisposable BeginScope<TState>(TState state) => NullScope.Instance;
+
+ public bool IsEnabled(LogLevel logLevel) => false;
+
+ public ListLogger()
+ {
+ this.Logs = new List<string>();
+ }
+
+ public void Log<TState>(LogLevel logLevel,
+ EventId eventId,
+ TState state,
+ Exception exception,
+ Func<TState, Exception, string> formatter)
+ {
+ string message = formatter(state, exception);
+ this.Logs.Add(message);
+ }
} }
-}
-```
-
-The `ListLogger` class implements the following members as contracted by the `ILogger` interface:
--- **BeginScope**: Scopes add context to your logging. In this case, the test just points to the static instance on the `NullScope` class to allow the test to function.--- **IsEnabled**: A default value of `false` is provided.--- **Log**: This method uses the provided `formatter` function to format the message and then adds the resulting text to the `Logs` collection.-
-The `Logs` collection is an instance of `List<string>` and is initialized in the constructor.
-
-Next, create a new file in *Functions.Tests* project named **LoggerTypes.cs** and enter the following code:
+ ```
+
+ The `ListLogger` class implements the following members as contracted by the `ILogger` interface:
+
+ - **BeginScope**: Scopes add context to your logging. In this case, the test just points to the static instance on the `NullScope` class to allow the test to function.
+
+ - **IsEnabled**: A default value of `false` is provided.
+
+ - **Log**: This method uses the provided `formatter` function to format the message and then adds the resulting text to the `Logs` collection.
+
+ The `Logs` collection is an instance of `List<string>` and is initialized in the constructor.
+
+1. Create a code file in *Functions.Tests* project named **LoggerTypes.cs** and add this code:
-```csharp
-namespace Functions.Tests
-{
- public enum LoggerTypes
+ ```csharp
+ namespace Functions.Tests
{
- Null,
- List
+ public enum LoggerTypes
+ {
+ Null,
+ List
+ }
}
-}
-```
-
-This enumeration specifies the type of logger used by the tests.
+ ```
-Now create a new class in *Functions.Tests* project named **TestFactory.cs** and enter the following code:
+ This enumeration specifies the type of logger used by the tests.
-```csharp
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Internal;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Logging.Abstractions;
-using Microsoft.Extensions.Primitives;
-using System.Collections.Generic;
+1. Create a class in *Functions.Tests* project named **TestFactory.cs** and add this code:
-namespace Functions.Tests
-{
- public class TestFactory
+ ```csharp
+ using Microsoft.AspNetCore.Http;
+ using Microsoft.AspNetCore.Http.Internal;
+ using Microsoft.Extensions.Logging;
+ using Microsoft.Extensions.Logging.Abstractions;
+ using Microsoft.Extensions.Primitives;
+ using System.Collections.Generic;
+
+ namespace Functions.Tests
{
- public static IEnumerable<object[]> Data()
+ public class TestFactory
{
- return new List<object[]>
+ public static IEnumerable<object[]> Data()
{
- new object[] { "name", "Bill" },
- new object[] { "name", "Paul" },
- new object[] { "name", "Steve" }
-
- };
- }
-
- private static Dictionary<string, StringValues> CreateDictionary(string key, string value)
- {
- var qs = new Dictionary<string, StringValues>
+ return new List<object[]>
+ {
+ new object[] { "name", "Bill" },
+ new object[] { "name", "Paul" },
+ new object[] { "name", "Steve" }
+
+ };
+ }
+
+ private static Dictionary<string, StringValues> CreateDictionary(string key, string value)
{
- { key, value }
- };
- return qs;
- }
-
- public static HttpRequest CreateHttpRequest(string queryStringKey, string queryStringValue)
- {
- var context = new DefaultHttpContext();
- var request = context.Request;
- request.Query = new QueryCollection(CreateDictionary(queryStringKey, queryStringValue));
- return request;
- }
-
- public static ILogger CreateLogger(LoggerTypes type = LoggerTypes.Null)
- {
- ILogger logger;
-
- if (type == LoggerTypes.List)
+ var qs = new Dictionary<string, StringValues>
+ {
+ { key, value }
+ };
+ return qs;
+ }
+
+ public static HttpRequest CreateHttpRequest(string queryStringKey, string queryStringValue)
{
- logger = new ListLogger();
+ var context = new DefaultHttpContext();
+ var request = context.Request;
+ request.Query = new QueryCollection(CreateDictionary(queryStringKey, queryStringValue));
+ return request;
}
- else
+
+ public static ILogger CreateLogger(LoggerTypes type = LoggerTypes.Null)
{
- logger = NullLoggerFactory.Instance.CreateLogger("Null Logger");
+ ILogger logger;
+
+ if (type == LoggerTypes.List)
+ {
+ logger = new ListLogger();
+ }
+ else
+ {
+ logger = NullLoggerFactory.Instance.CreateLogger("Null Logger");
+ }
+
+ return logger;
}-
- return logger;
} }
-}
-```
-
-The `TestFactory` class implements the following members:
--- **Data**: This property returns an [IEnumerable](/dotnet/api/system.collections.ienumerable) collection of sample data. The key value pairs represent values that are passed into a query string.--- **CreateDictionary**: This method accepts a key/value pair as arguments and returns a new `Dictionary` used to create `QueryCollection` to represent query string values.--- **CreateHttpRequest**: This method creates an HTTP request initialized with the given query string parameters.--- **CreateLogger**: Based on the logger type, this method returns a logger class used for testing. The `ListLogger` keeps track of logged messages available for evaluation in tests.
+ ```
-Finally, create a new class in *Functions.Tests* project named **FunctionsTests.cs** and enter the following code:
+ The `TestFactory` class implements the following members:
+
+ - **Data**: This property returns an [IEnumerable](/dotnet/api/system.collections.ienumerable) collection of sample data. The key value pairs represent values that are passed into a query string.
+
+ - **CreateDictionary**: This method accepts a key/value pair as arguments and returns a new `Dictionary` used to create `QueryCollection` to represent query string values.
+
+ - **CreateHttpRequest**: This method creates an HTTP request initialized with the given query string parameters.
+
+ - **CreateLogger**: Based on the logger type, this method returns a logger class used for testing. The `ListLogger` keeps track of logged messages available for evaluation in tests.
-```csharp
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
-using Xunit;
+1. Create a class in *Functions.Tests* project named **FunctionsTests.cs** and add this code:
-namespace Functions.Tests
-{
- public class FunctionsTests
+ ```csharp
+ using Microsoft.AspNetCore.Mvc;
+ using Microsoft.Extensions.Logging;
+ using Xunit;
+
+ namespace Functions.Tests
{
- private readonly ILogger logger = TestFactory.CreateLogger();
-
- [Fact]
- public async void Http_trigger_should_return_known_string()
- {
- var request = TestFactory.CreateHttpRequest("name", "Bill");
- var response = (OkObjectResult)await MyHttpTrigger.Run(request, logger);
- Assert.Equal("Hello, Bill. This HTTP triggered function executed successfully.", response.Value);
- }
-
- [Theory]
- [MemberData(nameof(TestFactory.Data), MemberType = typeof(TestFactory))]
- public async void Http_trigger_should_return_known_string_from_member_data(string queryStringKey, string queryStringValue)
+ public class FunctionsTests
{
- var request = TestFactory.CreateHttpRequest(queryStringKey, queryStringValue);
- var response = (OkObjectResult)await MyHttpTrigger.Run(request, logger);
- Assert.Equal($"Hello, {queryStringValue}. This HTTP triggered function executed successfully.", response.Value);
- }
-
- [Fact]
- public void Timer_should_log_message()
- {
- var logger = (ListLogger)TestFactory.CreateLogger(LoggerTypes.List);
- new MyTimerTrigger().Run(null, logger);
- var msg = logger.Logs[0];
- Assert.Contains("C# Timer trigger function executed at", msg);
+ private readonly ILogger logger = TestFactory.CreateLogger();
+
+ [Fact]
+ public async void Http_trigger_should_return_known_string()
+ {
+ var request = TestFactory.CreateHttpRequest("name", "Bill");
+ var response = (OkObjectResult)await MyHttpTrigger.Run(request, logger);
+ Assert.Equal("Hello, Bill. This HTTP triggered function executed successfully.", response.Value);
+ }
+
+ [Theory]
+ [MemberData(nameof(TestFactory.Data), MemberType = typeof(TestFactory))]
+ public async void Http_trigger_should_return_known_string_from_member_data(string queryStringKey, string queryStringValue)
+ {
+ var request = TestFactory.CreateHttpRequest(queryStringKey, queryStringValue);
+ var response = (OkObjectResult)await MyHttpTrigger.Run(request, logger);
+ Assert.Equal($"Hello, {queryStringValue}. This HTTP triggered function executed successfully.", response.Value);
+ }
+
+ [Fact]
+ public void Timer_should_log_message()
+ {
+ var logger = (ListLogger)TestFactory.CreateLogger(LoggerTypes.List);
+ new MyTimerTrigger().Run(null, logger);
+ var msg = logger.Logs[0];
+ Assert.Contains("C# Timer trigger function executed at", msg);
+ }
} }
-}
-```
-
-The members implemented in this class are:
--- **Http_trigger_should_return_known_string**: This test creates a request with the query string values of `name=Bill` to an HTTP function and checks that the expected response is returned.--- **Http_trigger_should_return_string_from_member_data**: This test uses xUnit attributes to provide sample data to the HTTP function.--- **Timer_should_log_message**: This test creates an instance of `ListLogger` and passes it to a timer function. Once the function is run, then the log is checked to make sure the expected message is present.
+ ```
-If you want to access application settings in your tests, you can [inject](functions-dotnet-dependency-injection.md) an `IConfiguration` instance with mocked environment variable values into your function.
+ The members implemented in this class are:
+
+ - **Http_trigger_should_return_known_string**: This test creates a request with the query string values of `name=Bill` to an HTTP function and checks that the expected response is returned.
+
+ - **Http_trigger_should_return_string_from_member_data**: This test uses xUnit attributes to provide sample data to the HTTP function.
+
+ - **Timer_should_log_message**: This test creates an instance of `ListLogger` and passes it to a timer function. Once the function is run, then the log is checked to make sure the expected message is present.
+
+1. To access application settings in your tests, you can [inject](functions-dotnet-dependency-injection.md) an `IConfiguration` instance with mocked environment variable values into your function.
-### Run tests
+### 3. Run tests
To run the tests, navigate to the **Test Explorer** and select **Run All Tests in View**. ![Testing Azure Functions with C# in Visual Studio](./media/functions-test-a-function/azure-functions-test-visual-studio-xunit.png)
-### Debug tests
+### 4. Debug tests
To debug the tests, set a breakpoint on a test, navigate to the **Test Explorer** and select **Run > Debug Last Run**.-
-## Azure Functions tools with Visual Studio 2017
-
-Azure Functions Tools is available in the Azure development workload starting with Visual Studio 2017. In Visual Studio 2017, the Azure development workload installs Azure Functions Tools as a separate extension. In Visual Studio 2019 and later, the Azure Functions tools extension is updated as part of Visual Studio.
-
-When you update your Visual Studio 2017 installation, make sure that you're using the [most recent version](#check-your-tools-version) of the Azure Functions Tools. The following sections show you how to check and (if needed) update your Azure Functions Tools extension in Visual Studio 2017.
-
-### <a name="check-your-tools-version"></a>Check your tools version in Visual Studio 2017
-
-1. From the **Tools** menu, choose **Extensions and Updates**. Expand **Installed** > **Tools**, and then choose **Azure Functions and Web Jobs Tools**.
-
- ![Verify the Functions tools version](./media/functions-develop-vs/functions-vstools-check-functions-tools.png)
-
-1. Note the installed **Version** and compare this version with the latest version listed in the [release notes](https://github.com/Azure/Azure-Functions/blob/master/VS-AzureTools-ReleaseNotes.md).
-
-1. If your version is older, update your tools in Visual Studio as shown in the following section.
-
-### Update your tools in Visual Studio
-
-1. In the **Extensions and Updates** dialog, expand **Updates** > **Visual Studio Marketplace**, choose **Azure Functions and Web Jobs Tools** and select **Update**.
-
- ![Update the Functions tools version](./media/functions-develop-vs/functions-vstools-update-functions-tools.png)
-
-1. After the tools update is downloaded, select **Close**, and then close Visual Studio to trigger the tools update with VSIX Installer.
-
-1. In VSIX Installer, choose **Modify** to update the tools.
-
-1. After the update is complete, choose **Close**, and then restart Visual Studio.
## Next steps For more information about the Azure Functions Core Tools, see [Work with Azure Functions Core Tools](functions-run-local.md).
-For more information about developing functions as .NET class libraries, see [Azure Functions C# developer reference](functions-dotnet-class-library.md). This article also links to examples on how to use attributes to declare the various types of bindings supported by Azure Functions.
+> [!div class="nextstepaction"]
+> [C# in-process model guide](functions-dotnet-class-library.md)
+> [!div class="nextstepaction"]
+> [C# isolated worker model guide](./dotnet-isolated-process-guide.md)
azure-functions Functions How To Use Azure Function App Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-how-to-use-azure-function-app-settings.md
In this script, replace `<SUBSCRIPTION_ID>` and `<APP_NAME>` with the ID of your
You must consider these limitations when developing your functions in the [Azure portal](https://portal.azure.com): + In-portal editing is only supported for JavaScript, PowerShell, Python, and C# Script functions.
-+ Python in-portal editing is only supported when running in the Consumption plan.
++ Python in-portal editing is only supported when running in the Consumption plan. + In-portal editing is currently only supported for functions that were created or last modified in the portal. + When you deploy code to a function app from outside the portal, you can no longer edit any of the code for that function app in the portal. In this case, just continue using [local development](functions-develop-local.md). + For compiled C# functions, Java functions, and some Python functions, you can create the function app and related resources in the portal. However, you must create the functions code project locally and then publish it to Azure.
This same process works for any other file you need to add to your app.
> [!IMPORTANT] > When possible, you shouldn't edit files directly in your function app in Azure. We recommend [downloading your app files locally](deployment-zip-push.md#download-your-function-app-files), using [Core Tools to install extensions](./functions-core-tools-reference.md#func-extensions-install) and other packages, validating your changes, and then [republishing your app using Core Tools](functions-run-local.md#publish) or one of the other [supported deployment methods](functions-deployment-technologies.md#deployment-methods).
-The Functions editor built into the Azure portal lets you update your function code and configuration (function.json) files directly in the portal.
+The Functions editor built into the Azure portal lets you update your function code and configuration files directly in the portal.
1. Select your function app, then under **Functions** select **Functions**. 1. Choose your function and select **Code + test** under **Developer**.
azure-functions Functions Scenarios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-scenarios.md
Functions can also connect to other services to help process data and perform ot
::: zone pivot="programming-language-csharp"- + Sample: [Text summarization using AI Cognitive Language Service](https://github.com/Azure-Samples/function-csharp-ai-textsummarize) ::: zone-end ::: zone pivot="programming-language-javascript" + Training: [Create a custom skill for Azure AI Search](/training/modules/create-enrichment-pipeline-azure-cognitive-search)++ Sample: [Chat using ChatGPT](https://github.com/Azure-Samples/function-javascript-ai-openai-chatgpt) ::: zone-end ::: zone pivot="programming-language-python"- + Tutorial: [Apply machine learning models in Azure Functions with Python and TensorFlow](./functions-machine-learning-tensorflow.md) + Tutorial: [Deploy a pretrained image classification model to Azure Functions with PyTorch](./machine-learning-pytorch.md)++ Sample: [Chat using ChatGPT](https://github.com/Azure-Samples/function-python-ai-openai-chatgpt)++ Sample: [LangChain with Azure OpenAI and ChatGPT](https://github.com/Azure-Samples/function-python-ai-langchain) ::: zone-end ## Run scheduled tasks
azure-functions Legacy Proxies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/legacy-proxies.md
Re-enabling proxies requires you to set a flag in the `AzureWebJobsFeatureFlags`
> [!IMPORTANT] > For equivalent content using API Management, see [Expose serverless APIs from HTTP endpoints using Azure API Management](functions-openapi-definition.md).
-Proxies are defined in the _proxies.json_ file in the root of your function app. The steps in this section show you how to use the Azure portal to create this file in your function app. Not all languages and operating system combinations support in-portal editing. If you can't modify your function app files in the portal, you can instead create and deploy the equivalent `proxies.json` file from the root of your local project folder. To learn more about portal editing support, see [Language support details](functions-create-function-app-portal.md#language-support-details).
+Proxies are defined in the _proxies.json_ file in the root of your function app. The steps in this section show you how to use the Azure portal to create this file in your function app. Not all languages and operating system combinations support in-portal editing. If you can't modify your function app files in the portal, you can instead create and deploy the equivalent `proxies.json` file from the root of your local project folder. To learn more about portal editing support, see [Language support details](supported-languages.md#language-support-details).
1. Open the [Azure portal], and then go to your function app. 1. In the left pane, select **Proxies** and then select **+Add**.
azure-functions Recover Python Functions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/recover-python-functions.md
Specifically with the v2 model, here are some known issues and their workarounds
* [Could not load file or assembly](#troubleshoot-could-not-load-file-or-assembly) * [Unable to resolve the Azure Storage connection named Storage](#troubleshoot-unable-to-resolve-the-azure-storage-connection)
-* [Issues with deployment](#issue-with-deployment)
General troubleshooting guides for Python Functions include:
General troubleshooting guides for Python Functions include:
* [Python exited with code 137](#troubleshoot-python-exited-with-code-137) * [Python exited with code 139](#troubleshoot-python-exited-with-code-139) * [Sync triggers failed](#sync-triggers-failed)
+* [Development issues in the Azure portal](#development-issues-in-the-azure-portal)
::: zone-end
-## Troubleshoot ModuleNotFoundError
+## Troubleshoot: ModuleNotFoundError
This section helps you troubleshoot module-related errors in your Python function app. These errors typically result in the following Azure Functions error message:
-"Exception: ModuleNotFoundError: No module named 'module_name'."
+>Exception: ModuleNotFoundError: No module named 'module_name'.
This error occurs when a Python function app fails to load a Python module. The root cause for this error is one of the following issues:
This error occurs when a Python function app fails to load a Python module. The
To identify the actual cause of your issue, you need to get the Python project files that run on your function app. If you don't have the project files on your local computer, you can get them in one of the following ways: * If the function app has a `WEBSITE_RUN_FROM_PACKAGE` app setting and its value is a URL, download the file by copying and pasting the URL into your browser.
-* If the function app has `WEBSITE_RUN_FROM_PACKAGE` and it's set to `1`, go to `https://<app-name>.scm.azurewebsites.net/api/vfs/data/SitePackages` and download the file from the latest `href` URL.
+* If the function app has `WEBSITE_RUN_FROM_PACKAGE` set to `1`, go to `https://<app-name>.scm.azurewebsites.net/api/vfs/data/SitePackages` and download the file from the latest `href` URL.
* If the function app doesn't have either of the preceding app settings, go to `https://<app-name>.scm.azurewebsites.net/api/settings` and find the URL under `SCM_RUN_FROM_PACKAGE`. Download the file by copying and pasting the URL into your browser. * If suggestions resolve the issue, go to `https://<app-name>.scm.azurewebsites.net/DebugConsole` and view the content under `/home/site/wwwroot`.
To mitigate the issue, see [Update your package to the latest version](#update-y
#### The package conflicts with other packages
-If you've verified that the package is resolved correctly with the proper Linux wheels, there might be a conflict with other packages. In certain packages, the PyPi documentation might clarify the incompatible modules. For example, in [`azure 4.0.0`](https://pypi.org/project/azure/4.0.0/), you'll find the following statement:
+If you've verified that the package is resolved correctly with the proper Linux wheels, there might be a conflict with other packages. In certain packages, the PyPi documentation might clarify the incompatible modules. For example, in [`azure 4.0.0`](https://pypi.org/project/azure/4.0.0/), you find the following statement:
-"This package isn't compatible with azure-storage.
-If you installed azure-storage, or if you installed azure 1.x/2.x and didnΓÇÖt uninstall azure-storage, you must uninstall azure-storage first."
+>This package isn't compatible with azure-storage.
+>If you installed azure-storage, or if you installed azure 1.x/2.x and didnΓÇÖt uninstall azure-storage, you must uninstall azure-storage first.
You can find the documentation for your package version in `https://pypi.org/project/<package-name>/<package-version>`.
The following are potential mitigations for module-related issues. Use the [prev
Make sure that remote build is enabled. The way that you make sure depends on your deployment method.
-# [Visual Studio Code](#tab/vscode)
+##### [Visual Studio Code](#tab/vscode)
Make sure that the latest version of the [Azure Functions extension for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azurefunctions) is installed. Verify that the *.vscode/settings.json* file exists and it contains the setting `"azureFunctions.scmDoBuildDuringDeployment": true`. If it doesn't, create the file with the `azureFunctions.scmDoBuildDuringDeployment` setting enabled, and then redeploy the project.
-# [Azure Functions Core Tools](#tab/coretools)
+##### [Azure Functions Core Tools](#tab/coretools)
Make sure that the latest version of [Azure Functions Core Tools](https://github.com/Azure/azure-functions-core-tools/releases) is installed. Go to your local function project folder, and use `func azure functionapp publish <app-name>` for deployment.
-# [Manual publishing](#tab/manual)
+##### [Manual publishing](#tab/manual)
If you're manually publishing your package into the `https://<app-name>.scm.azurewebsites.net/api/zipdeploy` endpoint, make sure that both `SCM_DO_BUILD_DURING_DEPLOYMENT` and `ENABLE_ORYX_BUILD` are set to `true`. To learn more, see [how to work with application settings](functions-how-to-use-azure-function-app-settings.md#settings).
First, take a look into the latest version of the package in `https://pypi.org/p
Sometimes, the package might have been integrated into [Python Standard Library](https://docs.python.org/3/library/) (such as `pathlib`). If so, because we provide a certain Python distribution in Azure Functions (Python 3.6, Python 3.7, Python 3.8, and Python 3.9), the package in your *requirements.txt* file should be removed.
-However, if you're finding that the issue hasn't been fixed, and you're on a deadline, we encourage you to do some research to find a similar package for your project. Usually, the Python community will provide you with a wide variety of similar libraries that you can use.
+However, if you're finding that the issue hasn't been fixed, and you're on a deadline, we encourage you to do some research to find a similar package for your project. Usually, the Python community provides you with a wide variety of similar libraries that you can use.
#### Disable dependency isolation flag
Set the application setting [PYTHON_ISOLATE_WORKER_DEPENDENCIES](functions-app-s
-## Troubleshoot cannot import 'cygrpc'
+## Troubleshoot: cannot import 'cygrpc'
This section helps you troubleshoot 'cygrpc'-related errors in your Python function app. These errors typically result in the following Azure Functions error message:
-"Cannot import name 'cygrpc' from 'grpc._cython'"
+>Cannot import name 'cygrpc' from 'grpc._cython'
This error occurs when a Python function app fails to start with a proper Python interpreter. The root cause for this error is one of the following issues:
This error occurs when a Python function app fails to start with a proper Python
### Diagnose the 'cygrpc' reference error
+There are several possible causes for errors that reference `cygrpc`, which are detailed in this section.
+ #### The Python interpreter mismatches OS architecture This mismatch is most likely caused by a 32-bit Python interpreter being installed on your 64-bit operating system.
If there's a mismatch between Python interpreter bitness and the operating syste
#### The Python interpreter isn't supported by Azure Functions Python Worker
-The Azure Functions Python Worker supports only Python versions 3.6, 3.7, 3.8, and 3.9.
+The Azure Functions Python Worker supports only [specific Python versions](functions-versions.md?pivots=programming-language-python#languages).
-Check to see whether your Python interpreter matches your expected version by `py --version` in Windows or `python3 --version` in Unix-like systems. Ensure that the return result is `Python 3.6.x`, `Python 3.7.x`, `Python 3.8.x`, or `Python 3.9.x`.
+Check to see whether your Python interpreter matches your expected version by `py --version` in Windows or `python3 --version` in Unix-like systems. Ensure that the return result is one of the [supported Python versions](functions-versions.md?pivots=programming-language-python#languages).
-If your Python interpreter version doesn't meet the requirements for Azure Functions, instead download the Python version 3.6, 3.7, 3.8, or 3.9 interpreter from [Python Software Foundation](https://www.python.org/downloads).
+If your Python interpreter version doesn't meet the requirements for Azure Functions, instead download a Python interpreter version that is supported by Functions from the [Python Software Foundation](https://www.python.org/downloads).
-## Troubleshoot "python exited with code 137"
+## Troubleshoot: python exited with code 137
Code 137 errors are typically caused by out-of-memory issues in your Python function app. As a result, you get the following Azure Functions error message:
-"Microsoft.Azure.WebJobs.Script.Workers.WorkerProcessExitException : python exited with code 137"
+>Microsoft.Azure.WebJobs.Script.Workers.WorkerProcessExitException : python exited with code 137
-This error occurs when a Python function app is forced to terminate by the operating system with a SIGKILL signal. This signal usually indicates an out-of-memory error in your Python process. The Azure Functions platform has a [service limitation](functions-scale.md#service-limits) that terminates any function apps that exceed this limit.
+This error occurs when a Python function app is forced to terminate by the operating system with a `SIGKILL` signal. This signal usually indicates an out-of-memory error in your Python process. The Azure Functions platform has a [service limitation](functions-scale.md#service-limits) that terminates any function apps that exceed this limit.
-Visit the tutorial section in [memory profiling on Python functions](python-memory-profiler-reference.md#memory-profiling-process) to analyze the memory bottleneck in your function app.
+To analyze the memory bottleneck in your function app, see [Profile Python function app in local development environment](python-memory-profiler-reference.md#memory-profiling-process).
-## Troubleshoot "python exited with code 139"
+## Troubleshoot: python exited with code 139
This section helps you troubleshoot segmentation fault errors in your Python function app. These errors typically result in the following Azure Functions error message:
-"Microsoft.Azure.WebJobs.Script.Workers.WorkerProcessExitException : python exited with code 139"
+>Microsoft.Azure.WebJobs.Script.Workers.WorkerProcessExitException : python exited with code 139
-This error occurs when a Python function app is forced to terminate by the operating system with a SIGSEGV signal. This signal indicates violation of the memory segmentation, which can result from an unexpected reading from or writing into a restricted memory region. In the following sections, we provide a list of common root causes.
+This error occurs when a Python function app is forced to terminate by the operating system with a `SIGSEGV` signal. This signal indicates violation of the memory segmentation, which can result from an unexpected reading from or writing into a restricted memory region. In the following sections, we provide a list of common root causes.
### A regression from third-party packages
-In your function app's *requirements.txt* file, an unpinned package will be upgraded to the latest version in every Azure Functions deployment. Vendors of these packages might introduce regressions in their latest release. To recover from this issue, try commenting out the import statements, disabling the package references, or pinning the package to a previous version in *requirements.txt*.
+In your function app's *requirements.txt* file, an unpinned package gets upgraded to the latest version during each deployment to Azure. Package updates can potentially introduce regressions that affect your app. To recover from such issues, comment out the import statements, disable the package references, or pin the package to a previous version in *requirements.txt*.
### Unpickling from a malformed \.pkl file
The error `Sync triggers failed` can be caused by several issues. One potential
::: zone pivot="python-mode-decorators"
-## Troubleshoot "could not load file or assembly"
+## Troubleshoot: could not load file or assembly
-If you receive this error, it might be because you're using the v2 programming model. This error results from a known issue that will be resolved in an upcoming release.
+You can see this error when you're running locally using the v2 programming model. This error is caused by a known issue to be resolved in an upcoming release.
-This specific error might read:
+This is an example message for this error:
-"DurableTask.Netherite.AzureFunctions: Could not load file or assembly 'Microsoft.Azure.WebJobs.Extensions.DurableTask, Version=2.0.0.0, Culture=neutral, PublicKeyToken=014045d636e89289'.
-The system cannot find the file specified."
+>DurableTask.Netherite.AzureFunctions: Could not load file or assembly 'Microsoft.Azure.WebJobs.Extensions.DurableTask, Version=2.0.0.0, Culture=neutral, PublicKeyToken=014045d636e89289'.
+>The system cannot find the file specified.
-This error might occur because of an issue with how the extension bundle was cached. To troubleshoot this issue, you can run the following command with `--verbose` to see more details:
+The error occurs because of an issue with how the extension bundle was cached. To troubleshoot the issue, run this command with `--verbose` to see more details:
-> `func host start --verbose`
+```console
+func host start --verbose
+```
-After you run the command, if you notice that `Loading startup extension <>` isn't followed by `Loaded extension <>` for each extension, it's likely that you have a caching issue.
+It's likely you're seeing this caching issue when you see an extension loading log like `Loading startup extension <>` that isn't followed by `Loaded extension <>`.
To resolve this issue:
-1. Find the *\.azure-functions-core-tools* path by running:
+1. Find the `.azure-functions-core-tools` path by running:
```console func GetExtensionBundlePath ```
-1. Delete the *\.azure-functions-core-tools* directory.
+1. Delete the `.azure-functions-core-tools` directory.
- # [bash](#tab/bash)
+ ### [Bash](#tab/bash)
```bash rm -r <insert path>/.azure-functions-core-tools ```
- # [PowerShell](#tab/powershell)
+ ### [PowerShell](#tab/powershell)
```powershell Remove-Item <insert path>/.azure-functions-core-tools ```
- # [Cmd](#tab/cmd)
+ ### [Cmd](#tab/cmd)
```cmd rmdir <insert path>/.azure-functions-core-tools
To resolve this issue:
-## Troubleshoot "unable to resolve the Azure Storage connection"
+The cache directory is recreated when you run Core Tools again.
+
+## Troubleshoot: unable to resolve the Azure Storage connection
You might see this error in your local output as the following message:
-"Microsoft.Azure.WebJobs.Extensions.DurableTask: Unable to resolve the Azure Storage connection named 'Storage'.
-Value cannot be null. (Parameter 'provider')"
+>Microsoft.Azure.WebJobs.Extensions.DurableTask: Unable to resolve the Azure Storage connection named 'Storage'.
+>Value cannot be null. (Parameter 'provider')
This error is a result of how extensions are loaded from the bundle locally. To resolve this error, take one of the following actions: * Use a storage emulator such as [Azurite](../storage/common/storage-use-azurite.md). This option is a good one when you aren't planning to use a storage account in your function application. * Create a storage account and add a connection string to the `AzureWebJobsStorage` environment variable in the *localsettings.json* file. Use this option when you're using a storage account trigger or binding with your application, or if you have an existing storage account. To get started, see [Create a storage account](../storage/common/storage-account-create.md).
-## Issue with deployment
+## Development issues in the Azure portal
-In the [Azure portal](https://portal.azure.com), select **Settings** > **Configuration**, and then ensure that the `AzureWebJobsFeatureFlags` application setting has a value of `EnableWorkerIndexing`. If it's not found, add this setting to the function app.
+When using the [Azure portal](https://portal.azure.com/), take into account these known issues and their workarounds:
+
+* There are general limitations for writing your function code in the portal. For more information, see [Development limitations in the Azure portal](./functions-how-to-use-azure-function-app-settings.md#development-limitations-in-the-azure-portal).
+* To delete a function from a function app in the portal, remove the function code from the file itself. The **Delete** button doesn't work to remove the function when using the Python v2 programming model.
+* When creating a function in the portal, you might be admonished to use a different tool for development. There are several scenarios where you can't edit your code in the portal, including when a syntax error has been detected. In these scenarios, use [Visual Studio Code](functions-develop-vs-code.md?pivots=programming-language-python) or [Azure Functions Core Tools](functions-run-local.md?pivots=programming-language-python) to develop and publish your function code.
## Next steps
azure-functions Supported Languages https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/supported-languages.md
This article explains the levels of support offered for your preferred language
[!INCLUDE [functions-supported-languages](../../includes/functions-supported-languages.md)]
+## Language support details
+
+The following table shows which languages supported by Functions can run on Linux or Windows. It also indicates whether your language supports editing in the Azure portal. The language is based on the **Runtime stack** option you choose when [creating your function app in the Azure portal](functions-create-function-app-portal.md#create-a-function-app). This is the same as the `--worker-runtime` option when using the `func init` command in Azure Functions Core Tools.
+
+| Language | Runtime stack | Linux | Windows | In-portal editing |
+|: |:-- |:--|: |: |
+| [C# (isolated worker model)](dotnet-isolated-process-guide.md) |.NET|Γ£ô |Γ£ô | |
+| [C# (in-process model)](functions-dotnet-class-library.md)|.NET|Γ£ô |Γ£ô | |
+| [C# script](functions-reference-csharp.md) | .NET | Γ£ô |Γ£ô |Γ£ô |
+| [JavaScript](functions-reference-node.md?tabs=javascript) | Node.js |Γ£ô |Γ£ô | Γ£ô |
+| [Python](functions-reference-python.md) | Python |Γ£ô |X|Γ£ô |
+| [Java](functions-reference-java.md) | Java |Γ£ô |Γ£ô | |
+| [PowerShell](functions-reference-powershell.md) |PowerShell Core |Γ£ô |Γ£ô |Γ£ô |
+| [TypeScript](functions-reference-node.md?tabs=typescript) | Node.js |Γ£ô |Γ£ô | |
+| [Go/Rust/other](functions-custom-handlers.md) | Custom Handlers |Γ£ô |Γ£ô | |
+
+For more information on operating system and language support, see [Operating system/runtime support](functions-scale.md#operating-systemruntime).
+
+When in-portal editing isn't available, you must instead [develop your functions locally](functions-develop-local.md#local-development-environments).
+ ### Language major version support
azure-monitor Cost Logs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/cost-logs.md
The following [standard columns](log-standard-columns.md) are common to all tabl
### Excluded tables
-Some tables are free from data ingestion charges altogether, including [AzureActivity](/azure/azure-monitor/reference/tables/azureactivity), [Heartbeat](/azure/azure-monitor/reference/tables/heartbeat), [Usage](/azure/azure-monitor/reference/tables/usage), and [Operation](/azure/azure-monitor/reference/tables/operation). This information will always be indicated by the [_IsBillable](log-standard-columns.md#_isbillable) column, which indicates whether a record was excluded from billing for data ingestion.
+Some tables are free from data ingestion charges altogether, including [AzureActivity](/azure/azure-monitor/reference/tables/azureactivity), [Heartbeat](/azure/azure-monitor/reference/tables/heartbeat), [Usage](/azure/azure-monitor/reference/tables/usage), and [Operation](/azure/azure-monitor/reference/tables/operation). This information will always be indicated by the [_IsBillable](log-standard-columns.md#_isbillable) column, which indicates whether a record was excluded from billing for data ingestion, retention and archive.
### Charges for other solutions and services
communication-services Known Issues https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/known-issues.md
Title: Azure Communication Services - known issues description: Learn more about Azure Communication Services-+ - Previously updated : 06/30/2021+ Last updated : 02/24/2024
# Known issues in the SDKs and APIs
-This article provides information about limitations and known issues related to the Azure Communication Services Calling SDKs and Communication Services Call Automation APIs.
+These articles provide information about limitations and known issues related to the Azure Communication Services Calling SDKs and Communication Services Call Automation APIs.
> [!IMPORTANT] > There are multiple factors that can affect the quality of your calling experience. To learn more about Communication Services network configuration and testing best practices, see [Network recommendations](./voice-video-calling/network-requirements.md).
iOS Chrome browser support is now available in public preview. Known issues are:
- No outgoing and incoming audio when switching browser to background or locking the device. This issue has been fixed in iOS version 16.4+. - No incoming/outgoing audio coming from bluetooth headset. When a user connects bluetooth headset in the middle of Azure Communication Services call, the audio still comes out from the speaker until the user locks and unlocks the phone. We have seen this issue on older iOS versions (15.6, 15.7), and it isn't reproducible on iOS 16.
+### iOS Safari displays an incorrect resolution size of the camera preview
+This bug occurs on iOS 16.7 or iOS 17 versions earlier than 17.4 when users rotate their phones or enable/disable video during the call.
+The camera preview briefly displays an incorrect resolution size before returning to normal.
+The issue is not reproducible on iOS 17.4 Beta.
+Related WebKit bug [here](https://bugs.webkit.org/show_bug.cgi?id=259364).
+ ### iOS 16 introduced bugs when putting browser in the background during a call The iOS 16 release introduced a bug that can stop the Azure Communication Services audio\video call when using Safari mobile browser. Apple is aware of this issue and is looking for a fix on their side. The impact could be that an Azure Communication Services call might stop working during a call and the only resolution to get it working again is to have the end customer restart their phone.
communication-services Calling Sdk Features https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/voice-video-calling/calling-sdk-features.md
Title: Azure Communication Services Calling SDK overview description: Provides an overview of the Calling SDK capabilities limitations features for video and audio.-+ -+ Last updated 02/24/2024
For example, this iframe allows both camera and microphone access:
**The maximum call duration is 30 hours**, participants that reach the maximum call duration lifetime of 30 hours will be disconnected from the call.
-## Limits to the number of simultaneous video streams
+## Supported number of incoming video streams
The Azure Communication Services Calling SDK supports the following streaming configurations:
The Azure Communication Services Calling SDK supports the following streaming co
While the Calling SDK doesn't enforce these limits, your users might experience performance degradation if they're exceeded. Use the API of [Optimal Video Count](../../how-tos/calling-sdk/manage-video.md?pivots=platform-web#remote-video-quality) to determine how many current incoming video streams your web environment can support. ## Supported video resolutions
-The Azure Communicaton Services Calling SDK support up to the following video resolutions:
+The Azure Communication Services Calling SDK support up to the following video resolutions:
| Maximum video resolution | WebJS | iOS | Android | Windows | | - | -- | -- | - | - | | **Receiving video** | 1080P | 1080P | 1080P | 1080P | | **Sending video** | 720P | 720P | 720P | 1080P |
-The resolution can vary depending on the number of participants on a call, the amount of bandwidth available to the client, and other overall call parameters.
+The resolution can vary depending on the number of participants on a call, the amount of bandwidth available to the client, and other overall call parameters. Read
+
+## Number of participants on a call support
+- Up to 350 users can join a group call, Room or Teams + ACS call. The maximum number of users that can join through WebJS calling SDK or Teams web client is capped at 100 participants, the remaining calling end point will need to join using Android, iOS, or Windows calling SDK or related Teams desktop or mobile client apps.
+- Once the call size reaches 100+ participants in a call, only the top 4 most dominant speakers that have their video camera turned can be seen.
+- When the number of people on the call is 100+, the viewable number of incoming video renders automatically decreases from 3x3 (9 incoming videos) down to 2x2 (4 incoming videos).
+- When the number of users goes below 100, the number of supported incoming videos goes back up to 3x3 (9 incoming videos).
## Calling SDK timeouts The following timeouts apply to the Communication Services Calling SDKs:
communication-services Known Issues Call Automation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/voice-video-calling/known-issues-call-automation.md
+
+ Title: Azure Communication Services - known issues Call Automation
+description: Learn more about Azure Communication Services Call automation known issues
++++ Last updated : 02/24/2024++++
+# Known issues in Azure Communication Services calling Call Automation API
++
+- The only authentication currently supported for server applications is to use a connection string.
+
+- Make calls only between entities of the same Communication Services resource. Cross-resource communication is blocked.
+
+- Calls between tenant users of Microsoft Teams and Communication Services users or server application entities aren't allowed.
+
+- If an application dials out to two or more PSTN identities and then quits the call, the call between the other PSTN entities drops.
communication-services Known Issues Webjs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/voice-video-calling/known-issues-webjs.md
+
+ Title: Azure Communication Services - known issues for WebJS calling
+description: Learn more about Azure Communication Services known issues
+++++ Last updated : 02/24/2024+++
+zone_pivot_groups: acs-web-safari-chrome-firefox-known-issues
++
+# Known issues in Azure Communication Services calling WebJS SDKs
+This article provides known issues related to using the Azure Communication Services WebJS calling SDK.
+++++
confidential-computing Confidential Vm Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/confidential-computing/confidential-vm-overview.md
Confidential VMs support the following OS options:
| 9.3 <span class="pill purple">(AMD SEV-SNP Only)</span> | 22H2 Enterprise N | 2022 Azure Edition Core | | [9.3 <span class="pill purple">Preview (Intel TDX Only)](https://aka.ms/tdx-rhel-93-preview)</span> | 22H2 Enterprise Multi-session | | | | | |
-| **SUSE** | | |
-| [15 SP5 <span class="pill purple">Tech Preview (Intel TDX, AMD SEV-SNP)](https://aka.ms/cvm-sles-preview)</span> | | |
-| [15 SP5 for SAP <span class="pill purple">Tech Preview (Intel TDX, AMD SEV-SNP)](https://aka.ms/cvm-sles-preview)</span> | | |
+| **SUSE (Tech Preview)** | | |
+| [15 SP5 <span class="pill purple">(Intel TDX, AMD SEV-SNP)](https://aka.ms/cvm-sles-preview)</span> | | |
+| [15 SP5 for SAP <span class="pill purple">(Intel TDX, AMD SEV-SNP)](https://aka.ms/cvm-sles-preview)</span> | | |
### Regions
defender-for-cloud Recommendations Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/recommendations-reference.md
Learn more about [Trusted launch for Azure virtual machines](/azure/virtual-mach
### [Management ports of virtual machines should be protected with just-in-time network access control](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/805651bc-6ecd-4c73-9b55-97a19d0582d0)
-**Description**: Defender for Cloud has identified some overly-permissive inbound rules for management ports in your Network Security Group. Enable just-in-time access control to protect your VM from internet-based brute-force attacks. Learn more in [Understanding just-in-time (JIT) VM access](/azure/defender-for-cloud/just-in-time-access-overview).
+**Description**: Defender for Cloud has identified some overly permissive inbound rules for management ports in your Network Security Group. Enable just-in-time access control to protect your VM from internet-based brute-force attacks. Learn more in [Understanding just-in-time (JIT) VM access](/azure/defender-for-cloud/just-in-time-access-overview).
(Related policy: [Management ports of virtual machines should be protected with just-in-time network access control](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2fb0f33259-77d7-4c9e-aac6-3aabcfae693c)) **Severity**: High
Privileged containers have all of the root capabilities of a host machine. They
**Type**: Vulnerability Assessment
-### [AWS registry container images should have vulnerabilities resolved - (powered by Trivy)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/03587042-5d4b-44ff-af42-ae99e3c71c87)
-
-**Description**: Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.
-
-**Severity**: High
-
-**Type**: Vulnerability Assessment
- ## Data recommendations ### [(Enable if required) Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/814df446-7128-eff0-9177-fa52ac035b74)
These accounts can be targets for attackers looking to find ways to access your
### [Guest accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/20606e75-05c4-48c0-9d97-add6daa2109a)
-**Description**: Accounts with owner permissions that have been provisioned outside of the Azure Active Directory tenant (different domain names), should be removed from your Azure resources.Guest accounts aren't managed to the same standards as enterprise tenant identities. These accounts can be targets for attackers looking to find ways to access your data without being noticed.
+**Description**: Accounts with owner permissions that have been provisioned outside of the Azure Active Directory tenant (different domain names), should be removed from your Azure resources. Guest accounts aren't managed to the same standards as enterprise tenant identities. These accounts can be targets for attackers looking to find ways to access your data without being noticed.
(No related policy) **Severity**: High ### [Guest accounts with read permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/fde1c0c9-0fd2-4ecc-87b5-98956cbc1095)
-**Description**: Accounts with read permissions that have been provisioned outside of the Azure Active Directory tenant (different domain names), should be removed from your Azure resources.Guest accounts aren't managed to the same standards as enterprise tenant identities. These accounts can be targets for attackers looking to find ways to access your data without being noticed.
+**Description**: Accounts with read permissions that have been provisioned outside of the Azure Active Directory tenant (different domain names), should be removed from your Azure resources. Guest accounts aren't managed to the same standards as enterprise tenant identities. These accounts can be targets for attackers looking to find ways to access your data without being noticed.
(No related policy) **Severity**: High ### [Guest accounts with write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/0354476c-a12a-4fcc-a79d-f0ab7ffffdbb)
-**Description**: Accounts with write permissions that have been provisioned outside of the Azure Active Directory tenant (different domain names), should be removed from your Azure resources.Guest accounts aren't managed to the same standards as enterprise tenant identities. These accounts can be targets for attackers looking to find ways to access your data without being noticed.
+**Description**: Accounts with write permissions that have been provisioned outside of the Azure Active Directory tenant (different domain names), should be removed from your Azure resources. Guest accounts aren't managed to the same standards as enterprise tenant identities. These accounts can be targets for attackers looking to find ways to access your data without being noticed.
(No related policy) **Severity**: High
Learn more in [Introduction to Microsoft Defender for Key Vault](/azure/defender
### [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/f9f0eed0-f143-47bf-b856-671ea2eeed62)
-**Description**: Defender for Cloud has analyzed the internet traffic communication patterns of the virtual machines listed below, and determined that the existing rules in the NSGs associated to them are overly-permissive, resulting in an increased potential attack surface.
+**Description**: Defender for Cloud has analyzed the internet traffic communication patterns of the virtual machines listed below, and determined that the existing rules in the NSGs associated to them are overly permissive, resulting in an increased potential attack surface.
This typically occurs when this IP address doesn't communicate regularly with this resource. Alternatively, the IP address has been flagged as malicious by Defender for Cloud's threat intelligence sources. Learn more in [Improve your network security posture with adaptive network hardening](/azure/defender-for-cloud/adaptive-network-hardening). (Related policy: [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f08e6af2d-db70-460a-bfe9-d5bd474ba9d6))
VMs with 'High' severity are internet-facing VMs.
### [Management ports of virtual machines should be protected with just-in-time network access control](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/805651bc-6ecd-4c73-9b55-97a19d0582d0)
-**Description**: Defender for Cloud has identified some overly-permissive inbound rules for management ports in your Network Security Group. Enable just-in-time access control to protect your VM from internet-based brute-force attacks. Learn more in [Understanding just-in-time (JIT) VM access](/azure/defender-for-cloud/just-in-time-access-overview).
+**Description**: Defender for Cloud has identified some overly permissive inbound rules for management ports in your Network Security Group. Enable just-in-time access control to protect your VM from internet-based brute-force attacks. Learn more in [Understanding just-in-time (JIT) VM access](/azure/defender-for-cloud/just-in-time-access-overview).
(Related policy: [Management ports of virtual machines should be protected with just-in-time network access control](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2fb0f33259-77d7-4c9e-aac6-3aabcfae693c)) **Severity**: High
defender-for-cloud Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/release-notes.md
If you're looking for items older than six months, you can find them in the [Arc
|Date | Update | |-|-|
+| February 26 | [Cloud support for Defender for Containers](#cloud-support-for-defender-for-containers) |
| February 20 | [New version of Defender Agent for Defender for Containers](#new-version-of-defender-agent-for-defender-for-containers) | | February 18| [Open Container Initiative (OCI) image format specification support](#open-container-initiative-oci-image-format-specification-support) | | February 13 | [AWS container vulnerability assessment powered by Trivy retired](#aws-container-vulnerability-assessment-powered-by-trivy-retired) | | February 8 | [Recommendations released for preview: four recommendations for Azure Stack HCI resource type](#recommendations-released-for-preview-four-recommendations-for-azure-stack-hci-resource-type) |
+### Cloud support for Defender for Containers
+
+February 26, 2024
+
+Azure Kubernetes Service (AKS) threat detection features in Defender for Containers are now fully supported in commercial, Azure Government, and Azure China 21Vianet clouds. [Review](support-matrix-defender-for-containers.md#azure) supported features.
+ ### New version of Defender Agent for Defender for Containers February 20, 2024
defender-for-cloud Support Matrix Defender For Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/support-matrix-defender-for-containers.md
Following are the features for each of the domains in Defender for Containers:
|--|--|--|--|--|--|--|--|--| | Agentless registry scan (powered by Microsoft Defender Vulnerability Management) [supported packages](#registries-and-images-support-for-azurevulnerability-assessment-powered-by-microsoft-defender-vulnerability-management)| Vulnerability assessment for images in ACR | ACR, Private ACR | GA | Preview | Enable **Agentless container vulnerability assessment** toggle | Agentless | Defender for Containers or Defender CSPM | Commercial clouds<br/><br/> National clouds: Azure Government, Azure operated by 21Vianet | | Agentless/agent-based runtime (powered by Microsoft Defender Vulnerability Management) [supported packages](#registries-and-images-support-for-azurevulnerability-assessment-powered-by-microsoft-defender-vulnerability-management)| Vulnerability assessment for running images in AKS | AKS | GA | Preview | Enable **Agentless container vulnerability assessment** toggle | Agentless (Requires Agentless discovery for Kubernetes) **OR/AND** Defender agent | Defender for Containers or Defender CSPM | Commercial clouds<br/><br/> National clouds: Azure Government, Azure operated by 21Vianet |
-| Deprecated: Agentless/agent-based runtime scan (powered by Qualys) [OS packages](#registries-and-images-support-for-azurevulnerability-assessment-powered-by-qualys-deprecated) | Vulnerability assessment for running images in AKS | AKS | GA | Preview | Activated with plan | Defender agent | Defender for Containers | Commercial clouds |
+| Deprecated: Agentless/agent-based runtime scan (powered by Qualys) [OS packages](#registries-and-images-support-for-azurevulnerability-assessment-powered-by-qualys-deprecated) | Vulnerability assessment for running images in AKS | AKS | GA | Preview | Activated with plan | Defender agent | Defender for Containers | Commercial clouds<br /> |
| Deprecated: Agentless registry scan (powered by Qualys) <BR>[Supported OS packages](#registries-and-images-support-for-azurevulnerability-assessment-powered-by-qualys-deprecated) | Vulnerability assessment for images in ACR | ACR, Private ACR | GA | Preview | Activated with plan | Agentless | Defender for Containers | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet | | Deprecated: Agentless registry scan (powered by Qualys) <BR>[Supported language packages](#registries-and-images-support-for-azurevulnerability-assessment-powered-by-qualys-deprecated) | Vulnerability assessment for images in ACR | ACR, Private ACR | Preview | - | Activated with plan | Agentless | Defender for Containers | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
Following are the features for each of the domains in Defender for Containers:
| Feature | Description | Supported resources | Linux release state | Windows release state | Enablement method | Agent | Plans | Azure clouds availability | |--|--|--|--|--|--|--|--|--| | [Control plane](defender-for-containers-introduction.md#run-time-protection-for-kubernetes-nodes-and-clusters) | Detection of suspicious activity for Kubernetes based on Kubernetes audit trail | AKS | GA | GA | Enabled with plan | Agentless | Defender for Containers | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Workload | Detection of suspicious activity for Kubernetes for cluster level, node level, and workload level | AKS | GA | - | Enable **Defender Agent in Azure** toggle **OR** deploy Defender agent on individual clusters | Defender agent | Defender for Containers | Commercial clouds |
+| Workload | Detection of suspicious activity for Kubernetes for cluster level, node level, and workload level | AKS | GA | - | Enable **Defender Agent in Azure** toggle **OR** deploy Defender agent on individual clusters | Defender agent | Defender for Containers | Commercial clouds<br /><br />National clouds: Azure Government, Azure China 21Vianet |
### Deployment & monitoring
Following are the features for each of the domains in Defender for Containers:
| Aspect | Details | |--|--|
-| Registries and images | **Supported**<br> ΓÇó ACR registries <br> ΓÇó [ACR registries protected with Azure Private Link](/azure/container-registry/container-registry-private-link) (Private registries requires access to Trusted Services) <br> ΓÇó Container images in Docker V2 format <br> ΓÇó Images with [Open Container Initiative (OCI)](https://github.com/opencontainers/image-spec/blob/main/spec.md) image format specification <br> **Unsupported**<br> ΓÇó Super-minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images<br> is currently unsupported <br>
+| Registries and images | **Supported**<br> ΓÇó ACR registries <br> ΓÇó [ACR registries protected with Azure Private Link](/azure/container-registry/container-registry-private-link) (Private registries requires access to Trusted Services) <br> ΓÇó Container images in Docker V2 format <br> ΓÇó Images with [Open Container Initiative (OCI)](https://github.com/opencontainers/image-spec/blob/main/spec.md) image format specification <br> **Unsupported**<br> ΓÇó Super-minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images<br> is currently unsupported <br> |
| Operating systems | **Supported** <br> ΓÇó Alpine Linux 3.12-3.16 <br> ΓÇó Red Hat Enterprise Linux 6-9 <br> ΓÇó CentOS 6-9<br> ΓÇó Oracle Linux 6-9 <br> ΓÇó Amazon Linux 1, 2 <br> ΓÇó openSUSE Leap, openSUSE Tumbleweed <br> ΓÇó SUSE Enterprise Linux 11-15 <br> ΓÇó Debian GNU/Linux 7-12 <br> ΓÇó Google Distroless (based on Debian GNU/Linux 7-12) <br> ΓÇó Ubuntu 12.04-22.04 <br> ΓÇó Fedora 31-37<br> ΓÇó Mariner 1-2<br> ΓÇó Windows Server 2016, 2019, 2022| | Language specific packages <br><br> | **Supported** <br> ΓÇó Python <br> ΓÇó Node.js <br> ΓÇó .NET <br> ΓÇó JAVA <br> ΓÇó Go |
deployment-environments How To Schedule Environment Deletion https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/deployment-environments/how-to-schedule-environment-deletion.md
Previously updated : 11/10/2023 Last updated : 02/23/2024 # Customer intent: As a developer, I want automatically delete my environment on a specific date so that I can keep resources current.
In this article, you learn how to set an expiration, or end date for a deploymen
Working with many deployment environments across multiple projects can be challenging. Scheduled deletion helps you manage your environments by automatically deleting them on a specific date at a specific time. Using automatic expiry and deletion helps you keep track of your active and inactive environments and helps you avoid paying for environments that you no longer need.
+As a developer, you can view and schedule the expiration dates for your environment through the developer portal. You can schedule an environment for deletion when you create it, or at a later time. You can also change the expiration date and time for an environment that you created.
+
+Deployment Environments provides platform engineers with a centralized way of viewing and managing deletion schedules for environments in Azure portal. As as user with Project Admin permissions, you can schedule any environment in your project for deletion, regardless of who created it. You can also change the expiration date and time for any environment in your project.
+ ## Prerequisites -- Access to a project that has at least one environment type.-- The [Deployment Environments User](how-to-configure-deployment-environments-user.md) role, the [DevCenter Project Admin](how-to-configure-project-admin.md) role, or a [built-in role](../role-based-access-control/built-in-roles.md) that has the required permissions to create an environment.
+- To schedule *your own* environment for automatic deletion, you must have the [Deployment Environments User](how-to-configure-deployment-environments-user.md) role.
+- To schedule *any* environment in your project for automatic deletion, you must have the [DevCenter Project Admin](how-to-configure-project-admin.md) role.
## Add an environment
Plans change, projects change, and timelines change. If you need to change the e
- Select a new time for expiration. - Select a new time zone for expiration.
- :::image type="content" source="media/how-to-schedule-environment-deletion/change-expiration-date-time.png" alt-text="Screenshot of the developer portal, showing the options for scheduled deletion which you can change." lightbox="media/how-to-schedule-environment-deletion/change-expiration-date-time.png":::
+ :::image type="content" source="media/how-to-schedule-environment-deletion/change-expiration-date-time.png" alt-text="Screenshot of the developer portal, showing the options for scheduled deletion, which you can change." lightbox="media/how-to-schedule-environment-deletion/change-expiration-date-time.png":::
1. When you've set the new expiration date and time, select **Change**.
+## Schedule an environment for deletion as a project admin
+
+Developers might not always know when an environment is no longer needed. As a project admin, you can schedule any environment in your project for deletion, regardless of who created it.
+
+1. Sign in to the [Azure portal](https://portal.azure.com), and select the project that contains the environment you want to schedule for deletion.
+
+1. In the left-hand menu, select **Environments**.
+
+1. In the list of environments, for the environment you want to schedule for deletion, scroll right, and then select **...** > **Change expiration**.
+
+ :::image type="content" source="media/how-to-schedule-environment-deletion/azure-portal-schedule-environment-deletion.png" alt-text="Screenshot of the Azure portal, showing the left-hand menu with Deployment Environments highlighted." lightbox="media/how-to-schedule-environment-deletion/azure-portal-schedule-environment-deletion.png":::
+
+1. On the **Change expiration date** pane, select **Enable scheduled deletion**.
+
+1. Select the date and time you want the environment to expire and be deleted, and then select **Save**.
+
+ :::image type="content" source="media/how-to-schedule-environment-deletion/azure-portal-change-expiration-date.png" alt-text="Screenshot of the Azure portal, showing the Change expiration date pane." lightbox="media/how-to-schedule-environment-deletion/azure-portal-change-expiration-date.png":::
+
+ The environment is now scheduled for deletion on the date and time you specified.
+ ## Related content * [Quickstart: Create and access Azure Deployment Environments by using the developer portal](quickstart-create-access-environments.md)
governance Assign Policy Azurecli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/governance/policy/assign-policy-azurecli.md
The Azure CLI commands use a backslash (`\`) for line continuation to improve re
## Create policy assignment
-Use the following commands to create a new policy assignment for your resource group. This example uses an existing resource group that contains a virtual machine _without_ managed disks. The resource group is the scope for the policy assignment.
+Use the following commands to create a new policy assignment for your resource group. This example uses an existing resource group that contains a virtual machine _without_ managed disks. The resource group is the scope for the policy assignment. This example uses the built-in policy definition [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json).
Run the following commands and replace `<resourceGroupName>` with your resource group name:
governance Assign Policy Bicep https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/governance/policy/assign-policy-bicep.md
Title: "Quickstart: Create policy assignment using Bicep file" description: In this quickstart, you create an Azure Policy assignment to identify non-compliant resources using a Bicep file. Previously updated : 02/20/2024 Last updated : 02/23/2024
In this quickstart, you use a Bicep file to create a policy assignment that vali
## Review the Bicep file
-The Bicep file creates a policy assignment for a resource group scope and assigns the built-in policy definition [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json). For a list of available built-in policies, see [Azure Policy samples](./samples/index.md).
+The Bicep file creates a policy assignment for a resource group scope and assigns the built-in policy definition [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json).
Create the following Bicep file as _policy-assignment.bicep_.
Get-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights' |
Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights' ```
+For more information, go to [Get-AzResourceProvider](/powershell/module/az.resources/get-azresourceprovider) and [Register-AzResourceProvider](/powershell/module/az.resources/register-azresourceprovider).
+ # [Azure CLI](#tab/azure-cli) ```azurecli
az provider show \
az provider register --namespace Microsoft.PolicyInsights ```
+The Azure CLI commands use a backslash (`\`) for line continuation to improve readability. For more information, go to [az provider](/cli/azure/provider).
+ The following commands deploy the policy definition to your resource group. Replace `<resourceGroupName>` with your resource group name:
az deployment group create \
--template-file policy-assignment.bicep ```
-The `rgname` variable uses an expression to get your resource group's name used in the deployment command. The Azure CLI commands use a backslash (`\`) for line continuation to improve readability.
+The `rgname` variable uses an expression to get your resource group's name used in the deployment command.
- `name` is the deployment name displayed in the output and in Azure for the resource group's deployments. - `resource-group` is the name of your resource group where the policy is assigned.
PolicyAssignmentId : /subscriptions/{subscriptionId}/resourcegroups/{resourceGro
Properties : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyAssignmentProperties ```
+For more information, go to [Get-AzPolicyAssignment](/powershell/module/az.resources/get-azpolicyassignment).
+ # [Azure CLI](#tab/azure-cli) The `rgid` variable uses an expression to get the resource group's ID used to show the policy assignment.
The output is verbose but resembles the following example:
] ```
+For more information, go to [az policy assignment](/cli/azure/policy/assignment).
+ ## Identify non-compliant resources
ComplianceState : NonCompliant
AdditionalProperties : {[complianceReasonCode, ]} ```
+For more information, go to [Get-AzPolicyState](/powershell/module/az.policyinsights/Get-AzPolicyState).
+ # [Azure CLI](#tab/azure-cli) ```azurecli
policyid=$(az policy assignment show \
az policy state list --resource $policyid --filter "(isCompliant eq false)" ```
-The `policyid` variable uses an expression to get the policy assignment's ID.
-
-The `filter` parameter limits the output to non-compliant resources.
+The `policyid` variable uses an expression to get the policy assignment's ID. The `filter` parameter limits the output to non-compliant resources.
The `az policy state list` output is verbose, but for this article the `complianceState` shows `NonCompliant`.
The `az policy state list` output is verbose, but for this article the `complian
"isCompliant": false, ```
+For more information, go to [az policy state](/cli/azure/policy/state).
+ ## Clean up resources
governance Assign Policy Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/governance/policy/assign-policy-powershell.md
Title: "Quickstart: Create policy assignment using Azure PowerShell" description: In this quickstart, you create an Azure Policy assignment to identify non-compliant resources using Azure PowerShell. Previously updated : 02/16/2024 Last updated : 02/23/2024
To verify if `Microsoft.PolicyInsights` is registered, run `Get-AzResourceProvid
Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights' ```
+For more information, go to [Get-AzResourceProvider](/powershell/module/az.resources/get-azresourceprovider) and [Register-AzResourceProvider](/powershell/module/az.resources/register-azresourceprovider).
+ ## Create policy assignment
-Use the following commands to create a new policy assignment for your resource group. This example uses an existing resource group that contains a virtual machine _without_ managed disks. The resource group is the scope for the policy assignment.
+Use the following commands to create a new policy assignment for your resource group. This example uses an existing resource group that contains a virtual machine _without_ managed disks. The resource group is the scope for the policy assignment. This example uses the built-in policy definition [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json).
Run the following commands and replace `<resourceGroupName>` with your resource group name:
Properties : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementa
For more information, go to [New-AzPolicyAssignment](/powershell/module/az.resources/new-azpolicyassignment).
+If you want to redisplay the policy assignment information, run the following command:
+
+```azurepowershell
+Get-AzPolicyAssignment -Name 'audit-vm-managed-disks' -Scope $rg.ResourceId
+```
+ ## Identify non-compliant resources The compliance state for a new policy assignment takes a few minutes to become active and provide results about the policy's state.
The `$complianceparms` variable uses splatting to create parameter values used i
- `PolicyAssignmentName` specifies the name used when the policy assignment was created. - `Filter` uses an expression to find resources that aren't compliant with the policy assignment.
-For more information, go to [Get-AzPolicyState](/powershell/module/az.policyinsights/Get-AzPolicyState).
- Your results resemble the following example and `ComplianceState` shows `NonCompliant`: ```output
ComplianceState : NonCompliant
AdditionalProperties : {[complianceReasonCode, ]} ```
+For more information, go to [Get-AzPolicyState](/powershell/module/az.policyinsights/Get-AzPolicyState).
+ ## Clean up resources To remove the policy assignment, run the following command:
iot-hub Authenticate Authorize Azure Ad https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/authenticate-authorize-azure-ad.md
The following table describes the permissions available for IoT Hub service API
> - Both [Invoke Component Command](/rest/api/iothub/service/digitaltwin/invokecomponentcommand) and [Invoke Root Level Command](/rest/api/iothub/service/digitaltwin/invokerootlevelcommand) require `Microsoft.Devices/IotHubs/directMethods/invoke/action`. > [!NOTE]
-> To get data from IoT Hub by using Microsoft Entra ID, [set up routing to a separate event hub](iot-hub-devguide-messages-d2c.md#event-hubs-as-a-routing-endpoint). To access the [the built-in Event Hubs compatible endpoint](iot-hub-devguide-messages-read-builtin.md), use the connection string (shared access key) method as before.
+> To get data from IoT Hub by using Microsoft Entra ID, [set up routing to a custom Event Hubs endpoint](iot-hub-devguide-messages-d2c.md). To access the [the built-in Event Hubs compatible endpoint](iot-hub-devguide-messages-read-builtin.md), use the connection string (shared access key) method as before.
<a name='enforce-azure-ad-authentication'></a>
iot-hub Iot Hub Devguide Endpoints https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-devguide-endpoints.md
Previously updated : 12/21/2022 Last updated : 02/23/2024 # IoT Hub endpoints
+Azure IoT Hub exposes various endpoints to support the devices and services that interact with it.
+ [!INCLUDE [iot-hub-basic](../../includes/iot-hub-basic-partial.md)] ## IoT Hub names
-You can find the hostname of the IoT hub that hosts your endpoints in the Azure portal, on your IoT hub's **Overview** working pane. By default, the DNS name of an IoT hub looks like the following example:
+You can find the hostname of an IoT hub in the Azure portal, on your IoT hub's **Overview** working pane. By default, the DNS name of an IoT hub looks like the following example:
`{your iot hub name}.azure-devices.net`
-## List of built-in IoT Hub endpoints
+## IoT Hub endpoints for development and management
-Azure IoT Hub is a multi-tenant service that exposes its functionality to various actors. The following diagram shows the various endpoints that IoT Hub exposes.
+Azure IoT Hub is a multitenant service that exposes its functionality to various actors. The following diagram shows the various endpoints that IoT Hub exposes.
:::image type="content" source="./media/iot-hub-devguide-endpoints/endpoints.png" alt-text="Diagram showing the list of build-in IoT Hub endpoints." border="false"::: The following list describes the endpoints:
-* **Resource provider**. The IoT Hub resource provider exposes an [Azure Resource Manager](../azure-resource-manager/management/overview.md) interface. This interface enables Azure subscription owners to create and delete IoT hubs, and to update IoT hub properties. IoT Hub properties govern [hub-level shared access policies](iot-hub-dev-guide-sas.md#access-control-and-permissions), as opposed to device-level access control, and functional options for cloud-to-device and device-to-cloud messaging. The IoT Hub resource provider also enables you to [export device identities](iot-hub-devguide-identity-registry.md#import-and-export-device-identities).
-
-* **Device identity management**. Each IoT hub exposes a set of HTTPS REST endpoints to manage device identities (create, retrieve, update, and delete). [Device identities](iot-hub-devguide-identity-registry.md) are used for device authentication and access control.
+* **Resource provider**: an [Azure Resource Manager](../azure-resource-manager/management/overview.md) interface. This interface enables Azure subscription owners to create and delete IoT hubs, and to update IoT hub properties. IoT Hub properties govern [hub-level shared access policies](./authenticate-authorize-sas.md#access-control-and-permissions), as opposed to device-level access control, and functional options for cloud-to-device and device-to-cloud messaging. The IoT Hub resource provider also enables you to [export device identities](./iot-hub-devguide-identity-registry.md#import-and-export-device-identities).
-* **Device twin management**. Each IoT hub exposes a set of service-facing HTTPS REST endpoint to query and update [device twins](iot-hub-devguide-device-twins.md) (update tags and properties).
+* **Device identity management**: a set of HTTPS REST endpoints to manage device identities (create, retrieve, update, and delete). [Device identities](iot-hub-devguide-identity-registry.md) are used for device authentication and access control.
-* **Jobs management**. Each IoT hub exposes a set of service-facing HTTPS REST endpoint to query and manage [jobs](iot-hub-devguide-jobs.md).
+* **Device twin management**: a set of service-facing HTTPS REST endpoint to query and update [device twins](iot-hub-devguide-device-twins.md) (update tags and properties).
-* **Device endpoints**. For each device in the identity registry, IoT Hub exposes a set of endpoints. Except where noted, these endpoints are exposed using [MQTT v3.1.1](https://mqtt.org/), HTTPS 1.1, and [AMQP 1.0](https://www.amqp.org/) protocols. AMQP and MQTT are also available over [WebSockets](https://tools.ietf.org/html/rfc6455) on port 443.
+* **Jobs management**: a set of service-facing HTTPS REST endpoint to query and manage [jobs](iot-hub-devguide-jobs.md).
- * *Send device-to-cloud messages*. A device uses this endpoint to [send device-to-cloud messages](iot-hub-devguide-messages-d2c.md).
+* **Device endpoints**: a set of endpoints for each device in the identity registry. Except where noted, these endpoints are exposed using [MQTT v3.1.1](https://mqtt.org/), HTTPS 1.1, and [AMQP 1.0](https://www.amqp.org/) protocols. AMQP and MQTT are also available over [WebSockets](https://tools.ietf.org/html/rfc6455) on port 443. These device endpoints include:
- * *Receive cloud-to-device messages*. A device uses this endpoint to receive targeted [cloud-to-device messages](iot-hub-devguide-messages-c2d.md).
+ * Send device-to-cloud messages
- * *Initiate file uploads*. A device uses this endpoint to receive an Azure Storage SAS URI from IoT Hub to [upload a file](iot-hub-devguide-file-upload.md).
+ * Receive cloud-to-device messages
- * *Retrieve and update device twin properties*. A device uses this endpoint to access its [device twin](iot-hub-devguide-device-twins.md)'s properties. HTTPS isn't supported.
+ * Initiate file uploads
- * *Receive direct method requests*. A device uses this endpoint to listen for [direct method](iot-hub-devguide-direct-methods.md) requests. HTTPS isn't supported.
+ * Retrieve and update device twin properties (HTTPS isn't supported)
- [!INCLUDE [iot-hub-include-x509-ca-signed-support-note](../../includes/iot-hub-include-x509-ca-signed-support-note.md)]
+ * Receive direct method requests (HTTPS isn't supported)
-* **Service endpoints**. Each IoT hub exposes a set of endpoints for your solution back end to communicate with your devices. With one exception, these endpoints are only exposed using the [AMQP](https://www.amqp.org/) and AMQP over WebSockets protocols. The direct method invocation endpoint is exposed over the HTTPS protocol.
+* **Service endpoints**: a set of endpoints for your solution back end to communicate with your devices. With one exception, these endpoints are only exposed using the [AMQP](https://www.amqp.org/) and AMQP over WebSockets protocols. The direct method invocation endpoint is exposed over the HTTPS protocol.
- * *Receive device-to-cloud messages*. This endpoint is compatible with [Azure Event Hubs](../event-hubs/index.yml). A back-end service can use it to read the [device-to-cloud messages](iot-hub-devguide-messages-d2c.md) sent by your devices. You can create custom endpoints on your IoT hub in addition to this built-in endpoint.
+ * Receive device-to-cloud messages: This endpoint is the built-in endpoint discussed in message routing concepts. A back-end service can use it to read the device-to-cloud messages sent by your devices. You can create custom endpoints on your IoT hub in addition to this built-in endpoint.
- * *Send cloud-to-device messages and receive delivery acknowledgments*. These endpoints enable your solution back end to send reliable [cloud-to-device messages](iot-hub-devguide-messages-c2d.md), and to receive the corresponding delivery or expiration acknowledgments.
-
- * *Receive file notifications*. This messaging endpoint allows you to receive notifications of when your devices successfully upload a file.
+ * Send cloud-to-device messages and receive delivery acknowledgments
+
+ * Receive file upload notifications
- * *Direct method invocation*. This endpoint allows a back-end service to invoke a [direct method](iot-hub-devguide-direct-methods.md) on a device.
+ * Invoke direct method
The [Azure IoT Hub SDKs](iot-hub-devguide-sdks.md) article describes the various ways to access these endpoints. All IoT Hub endpoints use the [TLS](https://tools.ietf.org/html/rfc5246) protocol, and no endpoint is ever exposed on unencrypted/unsecured channels.
-## Custom endpoints
+
+## Custom endpoints for message routing
You can link existing Azure services in your Azure subscriptions to your IoT hub to act as endpoints for message routing. These endpoints act as service endpoints and are used as sinks for message routes. Devices can't write directly to these endpoints. For more information about message routing, see [Use IoT Hub message routing to send device-to-cloud messages to different endpoints](../iot-hub/iot-hub-devguide-messages-d2c.md).
IoT Hub currently supports the following Azure services as custom endpoints:
* Service Bus Topics * Cosmos DB (preview)
-For the limits on the number of endpoints you can add, see [Quotas and throttling](iot-hub-devguide-quotas-throttling.md).
+For the limits on endpoints per hub, see [Quotas and throttling](iot-hub-devguide-quotas-throttling.md).
-## Endpoint Health
+### Built-in endpoint
+You can use standard [Event Hubs integration and SDKs](iot-hub-devguide-messages-read-builtin.md) to receive device-to-cloud messages from the built-in endpoint (**messages/events**). Once any route is created, data stops flowing to the built-in endpoint unless a route is created to that endpoint. Even if no routes are created, a fallback route must be enabled to route messages to the built-in endpoint. The fallback is enabled by default if you create your hub using the portal or the CLI.
+
+### Azure Storage as a routing endpoint
+
+There are two storage services IoT Hub can route messages to: [Azure Blob Storage](../storage/blobs/storage-blobs-introduction.md) and [Azure Data Lake Storage Gen2](../storage/blobs/data-lake-storage-introduction.md) (ADLS Gen2) accounts. Both of these use blobs for their storage.
+
+IoT Hub supports writing data to Azure Storage in the [Apache Avro](https://avro.apache.org/) format and the JSON format. The default is AVRO. To use JSON encoding set the contentType property to **application/json** and contentEncoding property to **UTF-8** in the message [system properties](iot-hub-devguide-routing-query-syntax.md#system-properties). Both of these values are case-insensitive. If the content encoding isn't set, then IoT Hub writes the messages in base 64 encoded format.
+
+The encoding format can be set only when the blob storage endpoint is configured; it can't be edited for an existing endpoint.
+
+IoT Hub batches messages and writes data to storage whenever the batch reaches a certain size or a certain amount of time has elapsed. IoT Hub defaults to the following file naming convention: `{iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}`.
+
+You may use any file naming convention, but you must use all listed tokens. IoT Hub writes to an empty blob if there's no data to write.
+
+We recommend listing the blobs or files and then iterating over them, to ensure that all blobs or files are read without making any assumptions of partition. The partition range could potentially change during a Microsoft-initiated failover or IoT Hub manual failover. You can use the [List Blobs API](/rest/api/storageservices/list-blobs) to enumerate the list of blobs or [List ADLS Gen2 API](/rest/api/storageservices/datalakestoragegen2/path) for the list of files. For example:
-## Field gateways
+```csharp
+public void ListBlobsInContainer(string containerName, string iothub)
+{
+ var storageAccount = CloudStorageAccount.Parse(this.blobConnectionString);
+ var cloudBlobContainer = storageAccount.CreateCloudBlobClient().GetContainerReference(containerName);
+ if (cloudBlobContainer.Exists())
+ {
+ var results = cloudBlobContainer.ListBlobs(prefix: $"{iothub}/");
+ foreach (IListBlobItem item in results)
+ {
+ Console.WriteLine(item.Uri);
+ }
+ }
+}
+```
-In an IoT solution, a *field gateway* sits between your devices and your IoT Hub endpoints. It's typically located close to your devices. Your devices communicate directly with the field gateway by using a protocol supported by the devices. The field gateway connects to an IoT Hub endpoint using a protocol that is supported by IoT Hub. A field gateway might be a dedicated hardware device or a low-power computer running custom gateway software.
+To create an Azure Data Lake Gen2-compatible storage account, create a new V2 storage account and select **Enable hierarchical namespace** from the **Data Lake Storage Gen2** section of the **Advanced** tab, as shown in the following image:
-You can use [Azure IoT Edge](../iot-edge/index.yml) to implement a field gateway. IoT Edge offers functionality such as multiplexing communications from multiple devices onto the same IoT Hub connection.
+
+### Service Bus queues and Service Bus topics as a routing endpoint
+
+Service Bus queues and topics used as IoT Hub endpoints must not have **Sessions** or **Duplicate Detection** enabled. If either of those options are enabled, the endpoint appears as **Unreachable** in the Azure portal.
+
+### Event Hubs as a routing endpoint
+
+Apart from the built-in-Event Hubs compatible endpoint, you can also route data to custom endpoints of type Event Hubs.
+
+### Azure Cosmos DB as a routing endpoint (preview)
+
+You can send data directly to Azure Cosmos DB from IoT Hub. IoT Hub supports writing to Cosmos DB in JSON (if specified in the message content-type) or as base 64 encoded binary.
+
+To support high-scale scenarios, you can enable [synthetic partition keys](../cosmos-db/nosql/synthetic-partition-keys.md) for the Cosmos DB endpoint. As Cosmos DB is a hyperscale data store, all data/documents written to it must contain a field that represents a logical partition. Each logical partition has a maximum size of 20 GB. You can specify the partition key property name in **Partition key name**. The partition key property name is defined at the container level and can't be changed once it has been set.
+
+You can configure the synthetic partition key value by specifying a template in **Partition key template** based on your estimated data volume. For example, in manufacturing scenarios, your logical partition might be expected to approach its maximum limit of 20 GB within a month. In that case, you can define a synthetic partition key as a combination of the device ID and the month. The generated partition key value is automatically added to the partition key property for each new Cosmos DB record, ensuring logical partitions are created each month for each device.
+
+> [!CAUTION]
+> If you're using the system assigned managed identity for authenticating to Cosmos DB, you must use Azure CLI or Azure PowerShell to assign the Cosmos DB Built-in Data Contributor built-in role definition to the identity. Role assignment for Cosmos DB isn't currently supported from the Azure portal. For more information about the various roles, see [Configure role-based access for Azure Cosmos DB](../cosmos-db/how-to-setup-rbac.md). To understand assigning roles via CLI, see [Manage Azure Cosmos DB SQL role resources.](/cli/azure/cosmosdb/sql/role)
+
+## Endpoint Health
+ ## Next steps
-Other reference topics in this IoT Hub developer guide include:
+Learn more about these topics:
* [IoT Hub query language for device and module twins, jobs, and message routing](iot-hub-devguide-query-language.md) * [IoT Hub quotas and throttling](iot-hub-devguide-quotas-throttling.md)
iot-hub Iot Hub Devguide Messages D2c https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-devguide-messages-d2c.md
Previously updated : 02/22/2023 Last updated : 02/23/2024
-# Use IoT Hub message routing to send device-to-cloud messages to different endpoints
+# Use IoT Hub message routing to send device-to-cloud messages to Azure services
-Message routing enables you to send messages from your devices to cloud services in an automated, scalable, and reliable manner. Message routing can be used for:
+Message routing enables you to send messages from your devices to cloud services in an automated, scalable, and reliable manner. Message routing can be used to:
-* **Sending device telemetry messages and events** to the built-in endpoint and custom endpoints. Events that can be routed include device lifecycle events, device twin change events, digital twin change events, and device connection state events.
+* **Send device telemetry messages and events** to the built-in endpoint and custom endpoints. Events that can be routed include device lifecycle events, device twin change events, digital twin change events, and device connection state events.
-* **Filtering data before routing it to various endpoints** by applying rich queries. Message routing allows you to query on the message properties and message body as well as device twin tags and device twin properties. For more information, see [queries in message routing](iot-hub-devguide-routing-query-syntax.md).
+* **Filter data before routing it** by applying rich queries. Message routing allows you to query on the message properties and message body as well as device twin tags and device twin properties. For more information, see [queries in message routing](iot-hub-devguide-routing-query-syntax.md).
-The IoT Hub defines a [common format](iot-hub-devguide-messages-construct.md) for all device-to-cloud messaging for interoperability across protocols.
+The IoT Hub defines a common format for all device-to-cloud messaging for interoperability across protocols. For more information, see [Create and read IoT Hub messages](iot-hub-devguide-messages-construct.md).
[!INCLUDE [iot-hub-basic](../../includes/iot-hub-basic-partial.md)] ## Routing endpoints
-Each IoT hub has a default built-in endpoint (**messages/events**) that is compatible with Event Hubs. You also can create [custom endpoints](iot-hub-devguide-endpoints.md#custom-endpoints) that point to other services in your Azure subscription.
+Each IoT hub has a default routing endpoint called **messages/events** that is compatible with Event Hubs. You also can create custom endpoints that point to other services in your Azure subscription.
-Each message is routed to all endpoints whose routing queries it matches. In other words, a message can be routed to multiple endpoints. If a message matches multiple routes that point to the same endpoint, IoT Hub delivers the message to that endpoint only once.
-
-IoT Hub currently supports the following endpoints:
+IoT Hub currently supports the following endpoints for message routing:
* Built-in endpoint * Storage containers
IoT Hub currently supports the following endpoints:
* Event Hubs * Cosmos DB (preview)
+For more information about each of these endpoints, see [IoT Hub endpoints](./iot-hub-devguide-endpoints.md#custom-endpoints-for-message-routing).
+
+Each message is routed to all endpoints whose routing queries it matches, which means that a message can be routed to multiple endpoints. However, if a message matches multiple routes that point to the same endpoint, IoT Hub delivers the message to that endpoint only once.
+ IoT Hub needs write access to these service endpoints for message routing to work. If you configure your endpoints through the Azure portal, the necessary permissions are added for you. If you configure your endpoints using PowerShell or the Azure CLI, you need to provide the write access permission. To learn how to create endpoints, see the following articles:
To learn how to create endpoints, see the following articles:
* [Manage routes and endpoints using PowerShell](how-to-routing-powershell.md) * [Manage routes and endpoints using Azure Resource Manager](how-to-routing-arm.md)
-Make sure you configure your services to support the expected throughput. For example, if you're using Event Hubs as a custom endpoint, you must configure the **throughput units** for that event hub so it can handle the ingress of events you plan to send via IoT Hub message routing. Similarly, when using a Service Bus queue as an endpoint, you must configure the **maximum size** to ensure the queue can hold all the data ingressed, until it's egressed by consumers. When you first configure your IoT solution, you may need to monitor your other endpoints and make any necessary adjustments for the actual load.
+Make sure that you configure your services to support the expected throughput. For example, if you're using Event Hubs as a custom endpoint, you must configure the **throughput units** for that event hub so that it can handle the ingress of events you plan to send via IoT Hub message routing. Similarly, when using a Service Bus queue as an endpoint, you must configure the **maximum size** to ensure the queue can hold all the data ingressed, until it's egressed by consumers. When you first configure your IoT solution, you may need to monitor your other endpoints and make any necessary adjustments for the actual load.
If your custom endpoint has firewall configurations, consider using the [Microsoft trusted first party exception.](./virtual-network-support.md#egress-connectivity-from-iot-hub-to-other-azure-resources)
-### Built-in endpoint
-
-You can use standard [Event Hubs integration and SDKs](iot-hub-devguide-messages-read-builtin.md) to receive device-to-cloud messages from the built-in endpoint (**messages/events**). Once a route is created, data stops flowing to the built-in endpoint unless a route is created to that endpoint. Even if no routes are created, a fallback route must be enabled to route messages to the built-in endpoint. The fallback is enabled by default if you create your hub using the portal or the CLI.
-
-### Azure Storage as a routing endpoint
-
-There are two storage services IoT Hub can route messages to: [Azure Blob Storage](../storage/blobs/storage-blobs-introduction.md) and [Azure Data Lake Storage Gen2](../storage/blobs/data-lake-storage-introduction.md) (ADLS Gen2) accounts. Azure Data Lake Storage accounts are [hierarchical namespace-enabled](../storage/blobs/data-lake-storage-namespace.md) storage accounts built on top of blob storage. Both of these use blobs for their storage.
-
-IoT Hub supports writing data to Azure Storage in the [Apache Avro](https://avro.apache.org/) format and the JSON format. The default is AVRO. When using JSON encoding, you must set the contentType property to **application/json** and contentEncoding property to **UTF-8** in the message [system properties](iot-hub-devguide-routing-query-syntax.md#system-properties). Both of these values are case-insensitive. If the content encoding isn't set, then IoT Hub writes the messages in base 64 encoded format.
-
-The encoding format can be set only when the blob storage endpoint is configured; it can't be edited for an existing endpoint
-
-IoT Hub batches messages and writes data to storage whenever the batch reaches a certain size or a certain amount of time has elapsed. IoT Hub defaults to the following file naming convention: `{iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}`.
-
-You may use any file naming convention, however you must use all listed tokens. IoT Hub writes to an empty blob if there's no data to write.
-
-We recommend listing the blobs or files and then iterating over them, to ensure all blobs or files are read without making any assumptions of partition. The partition range could potentially change during a [Microsoft-initiated failover](iot-hub-ha-dr.md#microsoft-initiated-failover) or IoT Hub [manual failover](iot-hub-ha-dr.md#manual-failover). You can use the [List Blobs API](/rest/api/storageservices/list-blobs) to enumerate the list of blobs or [List ADLS Gen2 API](/rest/api/storageservices/datalakestoragegen2/path) for the list of files. For example:
-
-```csharp
-public void ListBlobsInContainer(string containerName, string iothub)
-{
- var storageAccount = CloudStorageAccount.Parse(this.blobConnectionString);
- var cloudBlobContainer = storageAccount.CreateCloudBlobClient().GetContainerReference(containerName);
- if (cloudBlobContainer.Exists())
- {
- var results = cloudBlobContainer.ListBlobs(prefix: $"{iothub}/");
- foreach (IListBlobItem item in results)
- {
- Console.WriteLine(item.Uri);
- }
- }
-}
-```
-
-To create an Azure Data Lake Gen2-compatible storage account, create a new V2 storage account and select **Enable hierarchical namespace** from the **Data Lake Storage Gen2** section of the **Advanced** tab, as shown in the following image:
--
-### Service Bus queues and Service Bus topics as a routing endpoint
-
-Service Bus queues and topics used as IoT Hub endpoints must not have **Sessions** or **Duplicate Detection** enabled. If either of those options are enabled, the endpoint appears as **Unreachable** in the Azure portal.
-
-### Event Hubs as a routing endpoint
-
-Apart from the built-in-Event Hubs compatible endpoint, you can also route data to custom endpoints of type Event Hubs.
-
-### Azure Cosmos DB as a routing endpoint (preview)
-
-You can send data directly to Azure Cosmos DB from IoT Hub. Cosmos DB is a fully managed hyperscale multi-model database service. It provides low latency and high availability, making it a great choice for scenarios like connected solutions and manufacturing that require extensive downstream data analysis.
-
-IoT Hub supports writing to Cosmos DB in JSON (if specified in the message content-type) or as Base64 encoded binary.
-
-To effectively support high-scale scenarios, you can enable [synthetic partition keys](../cosmos-db/nosql/synthetic-partition-keys.md) for the Cosmos DB endpoint. As Cosmos DB is a hyperscale data store, all data/documents written to it must contain a field that represents a logical partition. Each logical partition has a maximum size of 20 GB. You can specify the partition key property name in **Partition key name**. The partition key property name is defined at the container level and can't be changed once it has been set.
-
-You can configure the synthetic partition key value by specifying a template in **Partition key template** based on your estimated data volume. For example, in manufacturing scenarios, your logical partition might be expected to approach its maximum limit of 20 GB within a month. In that case, you can define a synthetic partition key as a combination of the device ID and the month. The generated partition key value is automatically added to the partition key property for each new Cosmos DB record, ensuring logical partitions are created each month for each device.
-
-> [!CAUTION]
-> If you're using the system assigned managed identity for authenticating to Cosmos DB, you must use Azure CLI or Azure PowerShell to assign the Cosmos DB Built-in Data Contributor built-in role definition to the identity. Role assignment for Cosmos DB isn't currently supported from the Azure portal. For more information about the various roles, see [Configure role-based access for Azure Cosmos DB](../cosmos-db/how-to-setup-rbac.md). To understand assigning roles via CLI, see [Manage Azure Cosmos DB SQL role resources.](/cli/azure/cosmosdb/sql/role)
- ## Route to an endpoint in another subscription If the endpoint resource is in a different subscription than your IoT hub, you need to configure your IoT hub as a trusted Microsoft service before creating a custom endpoint. When you do create the custom endpoint, set the **Authentication type** to user-assigned identity.
IoT Hub message routing provides a querying capability to filter the data before
| - | -- | | **Name** | The unique name that identifies the query. | | **Source** | The origin of the data stream to be acted upon. For example, device telemetry. |
-| **Condition** | The query expression for the routing query that is run against the message application properties, system properties, message body, device twin tags, and device twin properties to determine if it's a match for the endpoint. For more information about constructing a query, see the see [message routing query syntax](iot-hub-devguide-routing-query-syntax.md) |
+| **Condition** | The query expression for the routing query that is run against the message application properties, system properties, message body, device twin tags, and device twin properties to determine if it's a match for the endpoint. |
| **Endpoint** | The name of the endpoint where IoT Hub sends messages that match the query. We recommend that you choose an endpoint in the same region as your IoT hub. | A single message may match the condition on multiple routing queries, in which case IoT Hub delivers the message to the endpoint associated with each matched query. IoT Hub also automatically deduplicates message delivery, so if a message matches multiple queries that have the same destination, it's only written once to that destination.
Use the following articles to learn how to read messages from an endpoint.
## Fallback route
-The fallback route sends all the messages that don't satisfy query conditions on any of the existing routes to the built-in endpoint (**messages/events**), which is compatible with [Event Hubs](../event-hubs/index.yml). If message routing is enabled, you can enable the fallback route capability. Once a route is created, data stops flowing to the built-in endpoint, unless a route is created to that endpoint. If there are no routes to the built-in endpoint and a fallback route is enabled, only messages that don't match any query conditions on routes will be sent to the built-in endpoint. Also, if all existing routes are deleted, the fallback route capability must be enabled to receive all data at the built-in endpoint.
+The fallback route sends all the messages that don't satisfy query conditions on any of the existing routes to the built-in endpoint (**messages/events**), which is compatible with [Event Hubs](../event-hubs/index.yml). If message routing is enabled, you can enable the fallback route capability. Once any route is created, data stops flowing to the built-in endpoint, unless a route is created to that endpoint. If there are no routes to the built-in endpoint and a fallback route is enabled, only messages that don't match any query conditions on routes will be sent to the built-in endpoint. Even if all existing routes are deleted, the fallback route capability must be enabled to receive all data at the built-in endpoint.
-You can enable or disable the fallback route in the Azure portal, from the **Message routing** blade. You can also use Azure Resource Manager for [FallbackRouteProperties](/rest/api/iothub/iothubresource/createorupdate#fallbackrouteproperties) to use a custom endpoint for the fallback route.
+You can enable or disable the fallback route in the Azure portal on the **Message routing** blade. You can also use Azure Resource Manager for [FallbackRouteProperties](/rest/api/iothub/iothubresource/createorupdate#fallbackrouteproperties) to use a custom endpoint for the fallback route.
## Non-telemetry events
In addition to device telemetry, message routing also enables sending non-teleme
* Digital twin change events * Device connection state events
-For example, if a route is created with the data source set to **Device Twin Change Events**, IoT Hub sends messages to the endpoint that contain the change in the device twin. Similarly, if a route is created with the data source set to **Device Lifecycle Events**, IoT Hub sends a message indicating whether the device or module was deleted or created. For more information about device lifecycle events, see [Device and module lifecycle notifications](./iot-hub-devguide-identity-registry.md#device-and-module-lifecycle-notifications). When using [Azure IoT Plug and Play](../iot/overview-iot-plug-and-play.md), a developer can create routes with the data source set to **Digital Twin Change Events** and IoT Hub sends messages whenever a digital twin property is set or changed, a digital twin is replaced, or when a change event happens for the underlying device twin. Finally, if a route is created with data source set to **Device Connection State Events**, IoT Hub sends a message indicating whether the device was connected or disconnected.
+For example, if a route is created with the data source set to **Device Twin Change Events**, IoT Hub sends messages to the endpoint that contain the change in the device twin. Similarly, if a route is created with the data source set to **Device Lifecycle Events**, IoT Hub sends a message indicating whether the device or module was deleted or created. For more information about device lifecycle events, see [Device and module lifecycle notifications](./iot-hub-devguide-identity-registry.md#device-and-module-lifecycle-notifications).
-[IoT Hub also integrates with Azure Event Grid](iot-hub-event-grid.md) to publish device events to support real-time integrations and automation of workflows based on these events. See key [differences between message routing and Event Grid](iot-hub-event-grid-routing-comparison.md) to learn which works best for your scenario.
+When using [Azure IoT Plug and Play](../iot/overview-iot-plug-and-play.md), a developer can create routes with the data source set to **Digital Twin Change Events** and IoT Hub sends messages whenever a digital twin property is set or changed, a digital twin is replaced, or when a change event happens for the underlying device twin. Finally, if a route is created with data source set to **Device Connection State Events**, IoT Hub sends a message indicating whether the device was connected or disconnected.
+
+IoT Hub also integrates with Azure Event Grid to publish device events to support real-time integrations and automation of workflows based on these events. See key [differences between message routing and Event Grid](iot-hub-event-grid-routing-comparison.md) to learn which works best for your scenario.
### Limitations for device connection state events
-Device connection state events are available for devices connecting using either the MQTT or AMQP protocol, or using either of these protocols over WebSockets. Requests made only with HTTPS won't trigger device connection state notifications. For IoT Hub to start sending device connection state events, after opening a connection a device must call either the *cloud-to-device receive message* operation or the *device-to-cloud send telemetry* operation. Outside of the Azure IoT SDKs, in MQTT these operations equate to SUBSCRIBE or PUBLISH operations on the appropriate messaging [topics](../iot/iot-mqtt-connect-to-iot-hub.md). Over AMQP these operations equate to attaching or transferring a message on the [appropriate link paths](iot-hub-amqp-support.md).
+Device connection state events are available for devices connecting using either the MQTT or AMQP protocol, or using either of these protocols over WebSockets. Requests made only with HTTPS won't trigger device connection state notifications. For IoT Hub to start sending device connection state events, after opening a connection a device must call either the *cloud-to-device receive message* operation or the *device-to-cloud send telemetry* operation. Outside of the Azure IoT SDKs, in MQTT these operations equate to SUBSCRIBE or PUBLISH operations on the appropriate messaging topics. Over AMQP these operations equate to attaching or transferring a message on the appropriate link paths. For more information, see the following articles:
+
+* [Communicate with IoT Hub using MQTT](../iot/iot-mqtt-connect-to-iot-hub.md)
+* [Communicate with IoT Hub using AMQP](iot-hub-amqp-support.md)
-IoT Hub doesn't report each individual device connect and disconnect, but rather publishes the current connection state taken at a periodic, 60-second snapshot. Receiving either the same connection state event with different sequence numbers or different connection state events both mean that there was a change in the device connection state during the 60-second window.
+IoT Hub doesn't report each individual device connect and disconnect event, but rather publishes the current connection state taken at a periodic, 60-second snapshot. Receiving either the same connection state event with different sequence numbers or different connection state events both mean that there was a change in the device connection state during the 60-second window.
## Test routes
When you create a new route or edit an existing route, you should test the route
## Latency
-When you route device-to-cloud telemetry messages using built-in endpoints, there's a slight increase in the end-to-end latency after the creation of the first route.
+When you route device-to-cloud telemetry messages, there's a slight increase in the end-to-end latency after the creation of the first route.
In most cases, the average increase in latency is less than 500 milliseconds. However, the latency you experience can vary and can be higher depending on the tier of your IoT hub and your solution architecture. You can monitor the latency using the **Routing: message latency for messages/events** or **d2c.endpoints.latency.builtIn.events** IoT Hub metrics. Creating or deleting any route after the first one doesn't impact the end-to-end latency. ## Monitor and troubleshoot
-IoT Hub provides several metrics related to routing and endpoints to give you an overview of the health of your hub and messages sent. For a list of all of the IoT Hub metrics broken out by functional category, see the [Metrics](monitor-iot-hub-reference.md#metrics) section of [Monitoring Azure IoT Hub data reference](monitor-iot-hub-reference.md). You can track errors that occur during evaluation of a routing query and endpoint health as perceived by IoT Hub with the [**routes** category in IoT Hub resource logs](monitor-iot-hub-reference.md#routes). To learn more about using metrics and resource logs with IoT Hub, see [Monitoring Azure IoT Hub](monitor-iot-hub.md).
+IoT Hub provides several metrics related to routing and endpoints to give you an overview of the health of your hub and messages sent. You also can track errors that occur during evaluation of a routing query and endpoint health as perceived by IoT Hub with the **routes** category in IoT Hub resource logs. To learn more about using metrics and resource logs with IoT Hub, see [Monitoring Azure IoT Hub](monitor-iot-hub.md).
-You can use the REST API [Get Endpoint Health](/rest/api/iothub/iothubresource/getendpointhealth#iothubresource_getendpointhealth) to get the [health status](iot-hub-devguide-endpoints.md#custom-endpoints) of the endpoints.
+You can use the REST API [Get Endpoint Health](/rest/api/iothub/iothubresource/getendpointhealth#iothubresource_getendpointhealth) to get the health status of endpoints.
Use the [troubleshooting guide for routing](troubleshoot-message-routing.md) for more details and support for troubleshooting routing.
-## Next steps
-
-To learn how to create message routes, see:
-
-* [Create and delete routes and endpoints by using the Azure portal](./how-to-routing-portal.md)
-* [Create and delete routes and endpoints by using the Azure CLI](./how-to-routing-azure-cli.md)
-
iot-hub Iot Hub Devguide Messages Read Builtin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-devguide-messages-read-builtin.md
By default, messages are routed to the built-in service-facing endpoint (**messages/events**) that is compatible with [Event Hubs](../event-hubs/index.yml). IoT Hub exposes the **messages/events** built-in endpoint for your back-end services to read the device-to-cloud messages received by your hub. This endpoint is Event Hubs-compatible, which enables you to use any of the mechanisms the Event Hubs service supports for reading messages.
-If you're using [message routing](iot-hub-devguide-messages-d2c.md) and the [fallback route](iot-hub-devguide-messages-d2c.md#fallback-route) is enabled, a message that doesn't match a query on any route goes to the built-in endpoint. If you disable this fallback route, a message that doesn't match any query is dropped.
+If you're using message routing and the [fallback route](iot-hub-devguide-messages-d2c.md#fallback-route) is enabled, a message that doesn't match a query on any route goes to the built-in endpoint. If you disable this fallback route, a message that doesn't match any query is dropped.
This endpoint is currently only exposed using the [AMQP](https://www.amqp.org/) protocol on port 5671 and [AMQP over WebSockets](http://docs.oasis-open.org/amqp-bindmap/amqp-wsb/v1.0/cs01/amqp-wsb-v1.0-cs01.html) on port 443. An IoT hub exposes the following properties to enable you to control the built-in Event Hub-compatible messaging endpoint **messages/events**.
iot-hub Iot Hub Devguide Messaging https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-devguide-messaging.md
Title: Understand Azure IoT Hub messaging
-description: This article describes device-to-cloud and cloud-to-device messaging with IoT Hub. Includes information about message formats and supported communications protocols.
+
+description: This article describes device-to-cloud and cloud-to-device messaging with IoT Hub, with information about message formats and supported communications protocols.
Previously updated : 12/20/2022 Last updated : 02/23/2024
-# Send device-to-cloud and cloud-to-device messages with IoT Hub
+# Send and receive messages with IoT Hub
-IoT Hub allows for bi-directional communication with your devices. Use IoT Hub messaging to communicate with your devices by sending messages from your devices to your IoT solution back end, and by sending messages from your IoT solution back end to your devices. For more information about working with IoT Hub messages, see [Create and read IoT Hub messages](iot-hub-devguide-messages-construct.md).
+IoT Hub enables bi-directional communication with your devices. Use IoT Hub messaging to communicate with your devices by sending messages from your devices to your IoT solution back end, and by sending messages from your IoT solution back end to your devices.
-## Sending device-to-cloud messages to IoT Hub
+## Send device-to-cloud messages to IoT Hub
-IoT Hub has a built-in service endpoint that can be used by back-end services to read telemetry messages from your devices. This endpoint is compatible with [Azure Event Hubs](../event-hubs/index.yml) and you can use standard IoT Hub SDKs to [read from this built-in endpoint](iot-hub-devguide-messages-read-builtin.md).
+IoT Hub has a built-in service endpoint that can be used by back-end services to read telemetry messages from your devices. This endpoint is compatible with [Azure Event Hubs](../event-hubs/index.yml) and you can use standard IoT Hub SDKs to read from this built-in endpoint.
-IoT Hub also supports [custom endpoints](iot-hub-devguide-endpoints.md#custom-endpoints) that can be defined by users to send device telemetry data and events to Azure services using [message routing](iot-hub-devguide-messages-d2c.md).
+IoT Hub also supports custom endpoints that can be defined by users to send device telemetry data and events to Azure services using message routing.
-## Sending cloud-to-device messages from IoT Hub
+Learn more about these topics:
-You can send [cloud-to-device](iot-hub-devguide-messages-c2d.md) messages from the IoT solution back end to your devices.
+* [Create and read IoT Hub messages](iot-hub-devguide-messages-construct.md).
+
+* [Read device-to-cloud messages from the built-in endpoint](iot-hub-devguide-messages-read-builtin.md)
+
+* [Understand IoT Hub endpoints](iot-hub-devguide-endpoints.md#custom-endpoints-for-message-routing)
+
+* [Use IoT Hub message routing to send device-to-cloud messages to different endponts](iot-hub-devguide-messages-d2c.md)
+
+## Send cloud-to-device messages from IoT Hub
+
+You can send cloud-to-device messages from the IoT solution back end to your devices.
[!INCLUDE [iot-hub-basic](../../includes/iot-hub-basic-partial.md)] Core properties of IoT Hub messaging functionality are the reliability and durability of messages. These properties enable resilience to intermittent connectivity on the device side, and to load spikes in event processing on the cloud side. IoT Hub implements *at least once* delivery guarantees for both device-to-cloud and cloud-to-device messaging.
-## Choosing the right type of IoT Hub messaging
+Learn more about these topics:
-Use device-to-cloud messages for sending time series telemetry and alerts from your device app, and cloud-to-device messages for one-way notifications to your device app.
+* [Send cloud-to-device messages from an IoT hub](iot-hub-devguide-messages-c2d.md)
-* For more information about choosing between device-to-cloud messages, reported properties, or file upload, see [Device-to-cloud communications guidance](./iot-hub-devguide-d2c-guidance.md).
+## Choose the right type of IoT Hub messaging
-* For more information about choosing between cloud-to-device messages, desired properties, or direct methods, see [Cloud-to-device communications guidance](./iot-hub-devguide-c2d-guidance.md).
+Use device-to-cloud messages for sending time series telemetry and alerts from your device app, and cloud-to-device messages for one-way notifications to your device app.
-## Next steps
+Learn more about these topics:
-* Learn about IoT Hub [message routing](iot-hub-devguide-messages-d2c.md).
+* Understand the use cases for device-to-cloud messages, reported properties, and file upload: [Device-to-cloud communications guidance](./iot-hub-devguide-d2c-guidance.md).
-* Learn about IoT Hub [cloud-to-device messaging](iot-hub-devguide-messages-c2d.md).
+* Understand the use cases for cloud-to-device messages, desired properties, and direct methods: [Cloud-to-device communications guidance](./iot-hub-devguide-c2d-guidance.md).
iot-hub Iot Hub Devguide Protocols https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-devguide-protocols.md
Consider the following points when you choose your protocol for device-side comm
* **Cloud-to-device pattern**. HTTPS doesn't have an efficient way to implement server push. As such, when you're using HTTPS, devices poll IoT Hub for cloud-to-device messages. This approach is inefficient for both the device and IoT Hub. Under current HTTPS guidelines, each device should poll for messages every 25 minutes or more. Issuing more HTTPS receives results in IoT Hub throttling the requests. MQTT and AMQP support server push when receiving cloud-to-device messages. They enable immediate pushes of messages from IoT Hub to the device. If delivery latency is a concern, MQTT or AMQP are the best protocols to use. For rarely connected devices, HTTPS works as well.
-* **Field gateways**. MQTT and HTTPS support only a single device identity (device ID plus credentials) per TLS connection. For this reason, these protocols aren't supported for [field gateway scenarios](iot-hub-devguide-endpoints.md#field-gateways) that require multiplexing messages, using multiple device identities, across either a single connection or a pool of upstream connections to IoT Hub. Such gateways can use a protocol that supports multiple device identities per connection, like AMQP, for their upstream traffic.
+* **Field gateways**. MQTT and HTTPS support only a single device identity (device ID plus credentials) per TLS connection. For this reason, these protocols aren't supported for field gateway scenarios that require multiplexing messages, using multiple device identities, across either a single connection or a pool of upstream connections to IoT Hub. Such gateways can use a protocol that supports multiple device identities per connection, like AMQP, for their upstream traffic.
* **Low resource devices**. The MQTT and HTTPS libraries have a smaller footprint than the AMQP libraries. As such, if the device has limited resources (for example, less than 1 MB of RAM), these protocols might be the only protocol implementation available.
iot-hub Iot Hub Ha Dr https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-ha-dr.md
Once the failover operation for the IoT hub completes, all operations from the d
> >* The Event Hubs-compatible name and endpoint of the IoT Hub built-in events endpoint change after failover. When receiving telemetry messages from the built-in endpoint using either the Event Hubs client or event processor host, you should [use the IoT hub connection string](iot-hub-devguide-messages-read-builtin.md#connect-to-the-built-in-endpoint) to establish the connection. This ensures that your back-end applications continue to work without requiring manual intervention post failover. If you use the Event Hub-compatible name and endpoint in your application directly, you will need to [fetch the new Event Hub-compatible endpoint](iot-hub-devguide-messages-read-builtin.md#connect-to-the-built-in-endpoint) after failover to continue operations. For more information, see [Manual failover and Event Hub](#manual-failover-and-event-hubs). >* If you use Azure Functions or Azure Stream Analytics to connect the built-in Events endpoint, you might need to perform a **Restart**. This is because during failover previous offsets are no longer valid.
->* When routing to storage, we recommend listing the blobs or files and then iterating over them, to ensure all blobs or files are read without making any assumptions of partition. The partition range could potentially change during a Microsoft-initiated failover or manual failover. You can use the [List Blobs API](/rest/api/storageservices/list-blobs) to enumerate the list of blobs or [List ADLS Gen2 API](/rest/api/storageservices/datalakestoragegen2/filesystem/list) for the list of files. To learn more, see [Azure Storage as a routing endpoint](iot-hub-devguide-messages-d2c.md#azure-storage-as-a-routing-endpoint).
+>* When routing to storage, we recommend listing the blobs or files and then iterating over them, to ensure all blobs or files are read without making any assumptions of partition. The partition range could potentially change during a Microsoft-initiated failover or manual failover. You can use the [List Blobs API](/rest/api/storageservices/list-blobs) to enumerate the list of blobs or [List ADLS Gen2 API](/rest/api/storageservices/datalakestoragegen2/filesystem/list) for the list of files. To learn more, see [Azure Storage as a routing endpoint](iot-hub-devguide-endpoints.md#azure-storage-as-a-routing-endpoint).
## Microsoft-initiated failover
iot-hub Iot Hub Query Avro Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-query-avro-data.md
This article discusses how to query Avro data to efficiently route messages from
The challenge has been that when Azure IoT Hub routes messages to Azure Blob storage, by default IoT Hub writes the content in Avro format, which has both a message body property and a message property. The Avro format isn't used for any other endpoints. Although the Avro format is great for data and message preservation, it's a challenge to use it to query data. In comparison, JSON or CSV format is easier for querying data. IoT Hub now supports writing data to Blob storage in JSON and AVRO.
-For more information, see [Using Azure Storage as a routing endpoint](iot-hub-devguide-messages-d2c.md#azure-storage-as-a-routing-endpoint).
+For more information, see [Using Azure Storage as a routing endpoint](iot-hub-devguide-endpoints.md#azure-storage-as-a-routing-endpoint).
To address non-relational big-data needs and formats and overcome this challenge, you can use many of the big-data patterns for both transforming and scaling data. One of the patterns, "pay per query", is Azure Data Lake Analytics, which is the focus of this article. Although you can easily execute the query in Hadoop or other solutions, Data Lake Analytics is often better suited for this "pay per query" approach.
iot-hub Troubleshoot Message Routing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/troubleshoot-message-routing.md
Observe the [**Routes** resource logs](monitor-iot-hub-reference.md#routes) to g
#### The health of the endpoint
-Use the REST API [Get Endpoint Health](/rest/api/iothub/iothubresource/getendpointhealth#iothubresource_getendpointhealth) to get [health status](iot-hub-devguide-endpoints.md#custom-endpoints) of the endpoints. The *Get Endpoint Health* API also provides information on the last time a message was successfully sent to the endpoint, the [last known error](#last-known-errors-for-iot-hub-routing-endpoints), last known error time and the last time a send attempt was made for this endpoint. Use the possible mitigation provided for the specific [last known error](#last-known-errors-for-iot-hub-routing-endpoints).
+Use the REST API [Get Endpoint Health](/rest/api/iothub/iothubresource/getendpointhealth#iothubresource_getendpointhealth) to get health status of the endpoints. The *Get Endpoint Health* API also provides information on the last time a message was successfully sent to the endpoint, the [last known error](#last-known-errors-for-iot-hub-routing-endpoints), last known error time and the last time a send attempt was made for this endpoint. Use the possible mitigation provided for the specific [last known error](#last-known-errors-for-iot-hub-routing-endpoints).
### I suddenly stopped getting messages at the built-in endpoint
iot-hub Tutorial Routing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/tutorial-routing.md
# Tutorial: Send device data to Azure Storage using IoT Hub message routing
-Use [message routing](iot-hub-devguide-messages-d2c.md) in Azure IoT Hub to send telemetry data from your IoT devices to Azure services such as blob storage, Service Bus Queues, Service Bus Topics, and Event Hubs. Every IoT hub has a default built-in endpoint that is compatible with Event Hubs. You can also create custom endpoints and route messages to other Azure services by defining [routing queries](iot-hub-devguide-routing-query-syntax.md). Each message that arrives at the IoT hub is routed to all endpoints whose routing queries it matches. If a message doesn't match any of the defined routing queries, it is routed to the default endpoint.
+Use message routing in Azure IoT Hub to send telemetry data from your IoT devices to Azure services such as blob storage, Service Bus Queues, Service Bus Topics, and Event Hubs. Every IoT hub has a default built-in endpoint that is compatible with Event Hubs. You can also create custom endpoints and route messages to other Azure services by defining routing queries. Each message that arrives at the IoT hub is routed to all endpoints whose routing queries it matches. If a message doesn't match any of the defined routing queries, it is routed to the default endpoint.
In this tutorial, you perform the following tasks:
machine-learning Concept Data Analysis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/concept-data-analysis.md
Previously updated : 11/09/2022 Last updated : 02/23/2024
machine-learning How To Manage Labeling Projects https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-manage-labeling-projects.md
Import from either a COCO file or an Azure MLTable data asset.
### Import options #### [Text projects](#tab/text)
machine-learning How To Troubleshoot Data Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-troubleshoot-data-access.md
Previously updated : 02/13/2023 Last updated : 02/23/2024
[!INCLUDE [sdk v2](includes/machine-learning-sdk-v2.md)]
-In this guide, learn how to identify and resolve known issues with data access with the [Azure Machine Learning SDK](https://aka.ms/sdk-v2-install).
+In this article, learn how to identify and resolve known data access issues with the [Azure Machine Learning SDK](https://aka.ms/sdk-v2-install).
## Error Codes
-Data access error codes are hierarchical. The full stop character `.` delimits error codes, and become more specific with more segments available.
+Data access error codes are hierarchical. The full stop character `.` delimits error codes, and these codes become more specific with more segments available.
## ScriptExecution.DatabaseConnection ### ScriptExecution.DatabaseConnection.NotFound
-The database or server defined in the datastore cannot be found, or no longer exists. Check if the database still exists in Azure portal, or if the Azure Machine Learning studio datastore details page links to it. If it doesn't exist, you will enable the existing datastore for use if you recreate it with the same name. To use a new server name or database, you must delete and recreate the datastore to use the new name.
+The database or server defined in the datastore can't be found, or no longer exists. Check if the database still exists in Azure portal, or if the Azure Machine Learning studio datastore details page links to it. If it doesn't exist, enable the existing datastore for use if you recreate it with the same name. To use a new server name or database, you must delete and recreate the datastore to use the new name.
### ScriptExecution.DatabaseConnection.Authentication
-The authentication failed while trying to connect to the database. The authentication method is stored inside the datastore, and supports SQL authentication, service principal, or no stored credential (identity based access). When previewing data in Azure Machine Learning studio, workspace MSI enabling makes the authentication use the workspace MSI. A SQL server user needs to be created for the service principal and workspace MSI (if applicable) and granted classic database permissions. More info can be found [here](/azure/azure-sql/database/authentication-aad-service-principal-tutorial#create-the-service-principal-user-in-azure-sql-database).
+The authentication failed while trying to connect to the database. The authentication method is stored inside the datastore, and it supports SQL authentication, service principal, or no stored credential (identity based access). When you preview data in Azure Machine Learning studio, enablement of workspace MSI makes the authentication use that workspace MSI. A SQL server user needs to be created for the service principal and workspace MSI (if applicable), and that user must be granted classic database permissions. For more information, visit [here](/azure/azure-sql/database/authentication-aad-service-principal-tutorial#create-the-service-principal-user).
Contact your data admin to verify or add the correct permissions to the service principal or user identity. Errors also include: - ScriptExecution.DatabaseConnection.Authentication.AzureIdentityAccessTokenResolution.InvalidResource
- - The server under the subscription and resource group couldn't be found. Check that the subscription ID and resource group defined in the datastore match those of the server, and update the values if necessary.
+ - The server under the subscription and resource group couldn't be found. Check that the subscription ID and resource group defined in the datastore match the corresponding values of the server, and update the datastore values if necessary.
> [!NOTE] > Use the subscription ID and resource group of the server, not of the workspace. If the datastore is cross subscription or cross resource group server, these will differ. - ScriptExecution.DatabaseConnection.Authentication.AzureIdentityAccessTokenResolution.FirewallSettingsResolutionFailure
- - The identity doesn't have permission to read the target server firewall settings. Contact your data admin for the workspace MSI Reader role.
+ - The identity doesn't have permission to read the target server firewall settings. Contact your data admin to obtain the MSI Reader role permission to the workspace MSI.
## ScriptExecution.DatabaseQuery ### ScriptExecution.DatabaseQuery.TimeoutExpired
-The executed SQL query took too long and timed out. You can specify the timeout at time of data asset creation. If a new timeout is needed, a new asset must be created, or a new version of the current asset must be created. In Azure Machine Learning studio SQL preview, there will have a fixed query timeout, but the defined value will always be honored for jobs.
+The executed SQL query took too long and timed out. You can specify the timeout value at time of data asset creation. If a new timeout is needed, a new asset must be created, or a new version of the current asset must be created. Azure Machine Learning studio SQL preview has a fixed query timeout value, but the defined value is always honored for jobs.
## ScriptExecution.StreamAccess ### ScriptExecution.StreamAccess.Authentication
-The authentication failed while trying to connect to the storage account. The authentication method is stored inside the datastore, and depending on the datastore type, it can support account key, SAS token, service principal or no stored credential (identity based access). When previewing data in Azure Machine Learning studio, workspace MSI enabling makes the authentication use the workspace MSI.
+The authentication failed while trying to connect to the storage account. The authentication method is stored inside the datastore, and depending on the datastore type, it can support account key, SAS token, service principal, or no stored credential (identity based access). When you preview data in Azure Machine Learning studio, enablement of workspace MSI makes the authentication use the workspace MSI.
Contact your data admin to verify or add the correct permissions to the service principal or user identity. > [!IMPORTANT]
-> If identity based access is used, the required RBAC role is Storage Blob Data Reader. If workspace MSI is used for Azure Machine Learning studio preview, the required RBAC roles are Storage Blob Data Reader and Reader.
+> If identity based access is used, the required RBAC role is Storage Blob Data Reader. If workspace MSI is used for Azure Machine Learning studio preview, the required RBAC roles are `Storage Blob Data Reader` and `Reader`.
Errors also include: - ScriptExecution.StreamAccess.Authentication.AzureIdentityAccessTokenResolution.FirewallSettingsResolutionFailure
- - The identity doesn't have permission to read firewall settings of the target storage account. Contact your data admin to the Reader role to the workspace MSI.
+ - The identity doesn't have permission to read the firewall settings of the target storage account. Contact your data admin to obtain the Reader role permission to the workspace MSI.
- ScriptExecution.StreamAccess.Authentication.AzureIdentityAccessTokenResolution.PrivateEndpointResolutionFailure
- - The target storage account uses a virtual network, but the logged-in session isn't connecting to the workspace via a private endpoint. Add a private endpoint to the workspace, and ensure that the storage virtual network settings allows the virtual network or subnet of the private endpoint. Add the logged in session's public IP to the storage firewall allowlist.
+ - The target storage account uses a virtual network, but the logged-in session isn't connecting to the workspace via a private endpoint. Add a private endpoint to the workspace, and ensure that the storage virtual network settings allows the virtual network or subnet of the private endpoint. Add the public IP of the logged-in session to the storage firewall allowlist.
- ScriptExecution.StreamAccess.Authentication.AzureIdentityAccessTokenResolution.NetworkIsolationViolated
- - The target storage account firewall settings don't permit this data access. Check that your logged in session falls within compatible network settings with the storage account. If Workspace MSI is used, check that it has Reader access to the storage account and to the private endpoints associated with the storage account.
+ - The target storage account firewall settings don't permit this data access. Check that your logged-in session falls within compatible network settings with the storage account. If Workspace MSI is used, check that it has Reader access to the storage account and to the private endpoints associated with the storage account.
- ScriptExecution.StreamAccess.Authentication.AzureIdentityAccessTokenResolution.InvalidResource
- - The storage account under the subscription and resource group couldn't be found. Check that the subscription ID and resource group defined in the datastore match those of the storage account, and update the values if needed.
+ - The storage account under the subscription and resource group couldn't be found. Check that the subscription ID and resource group defined in the datastore match the corresponding values of the server, and update the datastore values if necessary.
> [!NOTE] > Use the subscription ID and resource group of the server, and not of the workspace. These will be different for a cross subscription or cross resource group server. ### ScriptExecution.StreamAccess.NotFound
-The specified file or folder path doesn't exist. Check that the provided path exists in Azure portal, or if using a datastore, that the right datastore is used (including the datastore's account and container). If the storage account is an HNS enabled Blob storage, otherwise known as ADLS Gen2, or an `abfs[s]` URI, that storage ACLs may restrict particular folders or paths. This error will appear as a "NotFound" error instead of an "Authentication" error.
+The specified file or folder path doesn't exist. Check that the provided path exists in Azure portal, or if using a datastore, that the correct datastore is used (including the account and container of the datastore). If the storage account is an HNS enabled Blob storage (also known as ADLS Gen2), or an `abfs[s]` URI, that storage ACLs might restrict particular folders or paths. This error appears as a "NotFound" error instead of an "Authentication" error.
### ScriptExecution.StreamAccess.Validation
Errors also include:
## Next steps -- See more information on [data concepts in Azure Machine Learning](concept-data.md)
+- For more information about Azure Machine Learning data concepts, visit [Data concepts in Azure Machine Learning](concept-data.md)
- [Azure Machine Learning authentication to other services](how-to-identity-based-service-authentication.md). - [Create datastores](how-to-datastore.md)
openshift Howto Deploy Java Liberty App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/openshift/howto-deploy-java-liberty-app.md
Clone the sample code for this guide by using the following commands. The sample
```bash git clone https://github.com/Azure-Samples/open-liberty-on-aro.git
-cd open-liberty-on-aro/3-integration/connect-db/mssql
-git checkout 20240116
+cd open-liberty-on-aro
+export BASE_DIR=$PWD
+git checkout 20240223
+cd 3-integration/connect-db/mssql
``` If you see a message about being in "detached HEAD" state, this message is safe to ignore. It just means you checked out a tag.
In directory *liberty/config*, the *server.xml* file is used to configure the DB
Now that you gathered the necessary properties, you can build the application by using the following commands. The POM file for the project reads many variables from the environment. As part of the Maven build, these variables are used to populate values in the YAML files located in *src/main/aro*. You can do something similar for your application outside Maven if you prefer. ```bash
-cd <path-to-your-repo>/3-integration/connect-db/mssql
+cd ${BASE_DIR}/3-integration/connect-db/mssql
# The following variables are used for deployment file generation into target. export DB_SERVER_NAME=<server-name>.database.windows.net
You can now run and test the project locally before deploying to Azure by using
1. Start the application by using `liberty:run`, as shown in the following example. `liberty:run` also uses the environment variables defined in the previous section. ```bash
- cd <path-to-your-repo>/3-integration/connect-db/mssql
+ cd ${BASE_DIR}/3-integration/connect-db/mssql
mvn liberty:run ```
Next, use the following steps to containerize your project using Docker and run
1. Run the `docker build` command to build the image. ```bash
- cd <path-to-your-repo>/3-integration/connect-db/mssql/target
- docker build -t javaee-cafe:v1 --pull --file=Dockerfile .
+ cd ${BASE_DIR}/3-integration/connect-db/mssql/target
+ docker buildx build --platform linux/amd64 -t javaee-cafe:v1 --pull --file=Dockerfile .
``` 1. Run the image using the following command. Note we're using the environment variables defined previously.
When you're satisfied with the state of the application, you build the image rem
1. Use the following commands to identity the source directory and the Dockerfile: ```bash
- cd <path-to-your-repo>/3-integration/connect-db/mssql/target
+ cd ${BASE_DIR}/3-integration/connect-db/mssql/target
# If you are deploying the application with WebSphere Liberty Operator, the existing Dockerfile is ready for you
Use the following steps to deploy and test the application:
1. Use the following command to apply the DB secret: ```bash
- cd <path-to-your-repo>/3-integration/connect-db/mssql/target
+ cd ${BASE_DIR}/3-integration/connect-db/mssql/target
oc apply -f db-secret.yaml ```
operator-5g-core Concept Centralized Lifecycle Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/concept-centralized-lifecycle-management.md
+
+ Title: Centralized lifecycle management in Azure Operator 5G Core
+description: Outlines the benefit of Azure Operator 5G Core's centralized lifecycle management feature.
++++ Last updated : 02/21/2024+
+#CustomerIntent: As a <type of user>, I want <what?> so that <why?>.
+++
+# Centralized Lifecycle Management in Azure Operator 5G Core
+
+The Azure Operator 5G Core Resource Provider (RP) is responsible for the lifecycle management (LCM) of the following Azure Operator 5G Core network functions:
+- Access and Mobility Management Function (AMF)
+- Session Management Function (SMF)
+- User Plane Function (UPF)
+- Network Repository Function (NRF)
+- Network Slice Selection Function (NSSF)
+- Mobility Management Entity (MME)
+
+ > [!NOTE]
+> AMF and MME can be deployed as combined network functions by adjusting the helm manifests.
+
+Lifecycle Management consists of the following operations:
+- Instantiation
+- Upgrade (out of scope for Public Preview)
+- Termination
+
+The Azure Resource Manager (ARM) model that is used for lifecycle management is shown here:
+
+> [!NOTE]
+> The CNFs are included for Public Preview while the VNFs (VNFAgent and vMME) are targeted for GA release.
++
+Network function deployments require fully deployed local Platform as a Service (PaaS) components (provided by the ClusterServices resource). Any attempt to deploy a network function resource before the ClusterServices deployment fails. ARM templates are serial in nature and don't proceed until dependent templates are complete. This process prevents network function templates from being deployed before the ClusterServices template is complete. Observability deployments also fail if local PaaS deployment is incomplete.
+
+The deployments for cMME and AnyG are variations on the existing helm charts. Creation of these functions is a matter of specifying different input Helm values. The Azure Operator 5G Core RP uses the Network Function Manager (NFM) Resource Provider to perform this activity.
+
+Azure Operator 5G Core network function images and Helm charts are Azure-managed and accessed by the Azure Operator 5G Core Resource Provider for lifecycle management operations.
+
+## Local observability
+
+Local Observability is provided by Azure Operator 5G Core Observability components listed in the diagram. Because the Observability function is local, it also available in break-glass scenarios for Nexus where the interfaces can be accessed locally.
+
++
+## Next Step
+
+- [Quickstart: Get Access to Azure Operator 5G Core](quickstart-subscription.md)
operator-5g-core Concept Deployment Order https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/concept-deployment-order.md
+
+ Title: Azure Operator 5G Core Deployment ordering for clusters, network functions, and observability
+description: Outlines the deployment order for components on Azure Kubernetes Services or Nexus Azure Kubernetes Services
++++ Last updated : 02/21/2024+
+#CustomerIntent: As a <type of user>, I want <what?> so that <why?>.
++
+# Deployment order for clusters, network functions, and observability
+
+Mobile Packet Core resources have minimal ordering constraints. To bring up network functions, the cluster services must be already running successfully. The same set of cluster services can be reused for multiple network functions and the cluster services must be deployed on every cluster that hosts the network functions.
+
+## Azure CLI commands used to deploy resources
+
+Use the following Azure CLI commands to deploy resources.
+
+```azurecli
+{
+ [
+ Microsoft.MobilePacketCore/clusterServices
+ ],
+ [
+ Microsoft.MobilePacketCore/amfDeployments
+ Microsoft.MobilePacketCore/smfDeployments
+ Microsoft.MobilePacketCore/nrfDeployments
+ Microsoft.MobilePacketCore/nssfDeployments
+ Microsoft.MobilePacketCore/upfDeployments
+ Microsoft.MobilePacketCore/observabilityServices
+ ]
+```
+
+## Related content
+
+- [Complete the prerequisites to deploy Azure Operator 5G Core on Azure Kubernetes Service](how-to-complete-prerequisites-deploy-azure-kubernetes-service.md)
+- [Complete the prerequisites to deploy Azure Operator 5G Core on Nexus Azure Kubernetes Service](how-to-complete-prerequisites-deploy-nexus-azure-kubernetes-service.md)
+
operator-5g-core Concept Observability Analytics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/concept-observability-analytics.md
+
+ Title: Observability and analytics in Azure Operator 5G Core
+description: Learn how observability and analytics are used in Azure Operator 5G Core
++++ Last updated : 02/21/2024++++
+# Observability and analytics in Azure Operator 5G Core
+
+Observability has three pillars: metrics, tracing, and logs. AO5GC bundles these observability tools to help you identify, investigate, and resolve problems. In addition, AO5GC alerts provide notifications based on metrics and logs.
+
+## Observability overview
+
+The following components provide observability for Azure Operator 5G Core:
+
+ [:::image type="content" source="media/concept-observability-analytics/observability-overview.png" alt-text="Diagram of text boxes showing the components that support observability functions for Azure Operator 5G Core.":::](media/concept-observability-analytics/observability-overview-expanded.png#lightbox)
+
+### Observability open source components
+
+Azure Operator 5G Core uses the following open source components for observability functions.
+
+|Observability parameters |Open source components |
+|-|--|
+|Metrics |Prometheus, AlertManager, Grafana |
+|Logs |Elasticsearch, Fluentd, and Kibana (EFK); Elastalert |
+|Tracing |Jaeger, OpenTelemetry Collector |
+
+## EFK logging framework
+Elasticsearch, Fluentd, and Kibana (EFK) provide a distributed logging system used for collecting and visualizing the logs to troubleshoot microservices.
+
+### Architecture
+The following diagram shows EFK architecture:
+
+ [:::image type="content" source="media/concept-observability-analytics/elasticsearch-fluentd-kibana-architecture.png" alt-text="Diagram of text boxes showing the Elasticsearch, Fluentd, and Kibana (EFK) distributed logging system used to troubleshoot microservices in Azure Operator 5G Core.":::](media/concept-observability-analytics/elasticsearch-fluentd-kibana-architecture-expanded.png#lightbox)
+
+> [!NOTE]
+> The linked content is available only to customers with a current Affirmed Networks support agreement. To access the content, you must have Affirmed Networks login credentials. If you need assistance, please speak to the Affirmed Networks Support Team.
+
+The EFK logging framework includes the following components:
+
+- **Fluentd** - Fluentd is an open-source log collector. Fluentd allows you to unify data collection and consumption for better use and understanding of the data. Fluentd is deployed as a DaemonSet in the Kubernetes cluster. It collects the logs in each K8s node and streams the logs to Elasticsearch. See [Logs supported by Fluentd](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/Fluentd-logs-supported.htm).
+- **Elasticsearch** - Elasticsearch is an open source, distributed, real-time search back-end. Elasticsearch stores the logs securely and offers an HTTP web interface for log analysis.
+
+- **Kibana** - Kibana is used to visualize the logs stored in Elasticsearch. Kibana pulls the logs from Elasticsearch.
+
+ For more information about Elasticsearch and Kibana, see [Elastic documentation](https://www.elastic.co/guide/https://docsupdatetracker.net/index.html).
+
+- **ElastAlert** - ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. It works by combining Elasticsearch with two types of components: rule types and alerts. Elasticsearch is periodically queried and the data is passed to the rule type, which determines when a match is found. When a match occurs, one or more alerts are triggered based on the match.
+
+ For more information about ElastAlert, see [ElastAlert documentation](https://elastalert.readthedocs.io/en/latest/).
+
+### Features
+
+The EFK logging framework provides the following features:
+
+- **Log collection and streaming** - Fluentd collects and streams the logs to Elasticsearch.
+
+- **Audit logs support** - Fluentd reads Kube-Apiserver audit logs from the Kubernetes master node and write those logs to Elasticsearch. The `auditlogEnabled` flag provided in fed-paas-helpers is used to enable/disable reading of audit logs. If the auditlogEnabled flag is set to true, then Fluentd is also deployed on the master node along with the worker nodes.
+
+- **Event logging** - Fluentd creates a separate Elasticsearch index for all the event logs for a particular namespace. This helps to apply rules and search the event logs in a better way. The index starts with the prefix `fluentd-event`. All other regular debug logs go into a separate Elasticsearch index, prefixed with the string `fluentd-*`.
+
+- **Log storage and analysis** - Elasticsearch securely stores the logs and offers a query language to search for and analyze the logs.
+
+- **Log visualization** - Kibana pulls the logs from Elasticsearch and visualizes the logs. Kibana allows creating dashboards to visualize the logs.
+
+- **Alerting mechanism** - ElastAlert provides rules to query Elasticsearch for the logs. When a match occurs, alerts are triggered.
+
+### Helm customization
+
+Azure Operator 5G Core provides a default set of Helm values that you can use to deploy the EFK logging framework. You can customize these values to improve scalability and performance if needed.
+
+### Observability
+
+This section describes the observability features (dashboards, statistics, logs, and alarms) of the EFK logging framework.
+
+#### Dashboards
+
+EFK supports various dashboard options, including:
+
+- Grafana dashboards (see [Logging framework dashboards](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/EFK_Dashboards.htm))
+- Kibana dashboards (see [Kibana dashboard overview](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/Kibana_Dashboards.htm))
+- Grafana Kibana dashboards (see [Kibana Grafana dashboards](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/kibana_grafana_dashboards.md.html))
+- Fluentd Operator dashboard (see [Fluentd operator Grafana dashboard](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/fluentd_operator_grafana_dashboards.md.html))
+- Elasticsearch Grafana dashboard (see [Elasticsearch dashboard](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/elastic_grafana_dashboards.md.html))
+
+#### Statistics
+
+For information about supported statistics for EFK components, see:
+
+- [Elasticsearch statistics](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/stats_ElasticSearch.htm)
+- [Other Elasticsearch statistics](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/cna-elastic-elastic-prom.md.html)
+- [Fluentd operator statistics](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/cna-fluentd_operator-fluentd-prom.md.html)
+
+For information about metrics-based alerts, see:
+
+- [Fluentd operator metrics-based alerts](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/pod-fluentd_operator-metric_alert_rules.md.html)
+- [Elastic metric-based alerts](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/pod-elastic-metric_alert_rules.md.html)
+
+#### Events
+
+For information about Elastic events, see [Elastic events](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/EFK_logging_FrameWork/elastic_events.md.html).
+
+#### Log visualization
+
+The EFK framework aggregates logs from nodes and applications running inside your Azure Operator 5G Core installation. When logging is enabled, the EFK framework uses Fluentd to aggregate event logs from all applications and nodes into Elasticsearch. The EFK framework also provides a centralized Kibana web UI where users can view the logs or create rich visualizations and dashboards with the aggregated data.
+
+## Metrics framework
+
+The metrics framework consists of Prometheus, Grafana, and AlertManager.
+
+Prometheus (the main component) is an open-source, metrics-based monitoring system. It provides a data model and a query language to analyze how the applications and infrastructure are performing. Prometheus collects metrics from instrumented jobs directly and stores all scraped samples in local external storage. Based on defined rules, Prometheus either aggregates and records a new time series from existing data or generates alerts. The AlertManager handles the alerts sent by client applications by deduplicating, grouping, and routing them to the correct receiver integrations.
+
+Grafana provides dashboards to visualize the collected data.
+
+### Architecture
+
+The following diagram shows how the different components of the metrics framework interact with each other.
+
+ [:::image type="content" source="media/concept-observability-analytics/network-functions.png" alt-text="Diagram of text boxes showing interaction between metrics frameworks components in Azure Operator 5G Core.":::](media/concept-observability-analytics/network-functions-expanded.png#lightbox)
+
+The core components of the metrics framework are:
+
+- **Prometheus server** - The Prometheus server collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and triggers alerts if certain conditions are true. Azure Operator 5G Core supports integration with the Prometheus server out of the box, with minimal required configuration.
+- **Client libraries** - Client libraries instrument the application code.
+- **Alertmanager** - Alertmanager handles alerts sent by client applications such as the Prometheus server. It handles deduplicating, grouping, and routing alerts to the correct receiver integrations (email, slack, etc.). Alertmanager also supports silencing and inhibition of alerts.
+- **Grafana** - Grafana provides an out of the box set of dashboards rich with 3GPP and other KPIs to query, visualize, and understand the collected data.
+The Grafana audit feature provides a mechanism to restore or recreate dashboards in the Grafana server when Grafana server pod restarts. The audit feature also helps to delete any stale dashboards from the Grafana server.
+
+### Features
+
+The metrics framework supports the following features:
+
+- Multi-dimensional data model with time series data identified by metric name and key/value pairs.
+- PromQL, a flexible query language that uses the multi-dimensional data.
+- No reliance on distributed storage: single server nodes are autonomous.
+- Time series collection using a pull model over HTTP.
+- Targets are discovered via service discovery or static configuration.
+- Multiple modes of graphing and dashboarding support.
+
+For more information about Prometheus, see [Prometheus documentation](https://prometheus.io/docs/introduction/overview/).
+For more information about Grafana, see [Grafana open source documentation](https://grafana.com/docs/grafana/latest/)
+
+### Observability
+
+This section describes observability features (dashboards, statistics, logs, and alarms) provided by the metrics framework.
+
+#### Dashboards
+
+The metrics framework supports the following dashboards:
+
+- Grafana dashboards (see [Grafana dashboard](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/MetricsFrameWork/grafana_grafana_dashboards.md.html))
+- Prometheus Grafana dashboards (see [Prometheus Grafana dashboard](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/MetricsFrameWork/prometheus_grafana_dashboards.md.html))
+
+#### Statistics
+
+For information about supported statistics for metrics framework components, see:
+
+- [Grafana statistics](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/MetricsFrameWork/stats_Grafana.htm)
+- [Prometheus statistics](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/MetricsFrameWork/stats_Prometheus.htm)
+- [Prometheus server error statistics](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/MetricsFrameWork/cna-prometheus-prometheus-prom.md.html)
+
+For information about Prometheus metrics-based alerts, see [Prometheus metrics-based alerts.](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/MetricsFrameWork/pod-prometheus-metric_alert_rules.md.html)
+
+#### Events/Logs
+
+For information about metrics framework events, see:
+
+- [Prometheus events](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/PaaS_Components/MetricsFrameWork/prometheus_events.md.html)
+- [Infrastructure events](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/Microservices/Shared/Events/infra_events.htm)
+
+#### Metrics-based alerts for network/HTTP failures
+
+Prometheus alert rules generate alerts if HTTP/network failures are detected in the system. The following alerts are generated for network failures.
+
+**Application level global alerts:**
+
+- **IstioGlobalHTTP5xxRatePercentageHigh** - An application that is part of the Istio service mesh is responding with 5xx error and the error rate percentage is more than the &lt;configured value &gt; %
+- **IstioGlobalHTTP4xxRatePercentageHigh** - An application is responding with 4xx error and the error rate percentage is more than the &lt;configured_value&gt; %.
+IstioHTTPRequestLatencyTooHigh: Requests are taking more than the &lt;configured_value&gt; seconds.
+
+**Pod and container level alerts:**
+
+- **HTTPServerError5xxPercentageTooHigh** - HTTP server responds with 5xx error and the error percentage is more than the &lt;configured_value&gt; %.
+- **HTTPServerError4xxPercentageTooHigh** - HTTP server responds with 4xx error and the error percentage is more than the &lt;configured_value&gt; %.
+- **HTTPServerRequestRateTooHigh** - The total request received at the HTTP server is more than the &lt;configured_value&gt;.
+- **HTTPClientRespRcvd5xxPercentageTooHigh** - HTTP client response received with 5xx error and the received error percentage is more than the &lt;configured_value&gt; %.
+- **HTTPClientRespRcvd4xxPercentageTooHigh** - HTTP client response received with 4xx error and the received error percentage is more than the &lt;configured_value&gt; %.
+
+#### Jaeger tracing with OpenTelemetry Protocol
+
+Azure Operator 5G Core uses the OpenTelemetry Protocol (OTLP) in Jaeger tracing. OTLP replaces the Jaeger agent in fed-paas-helpers. Azure Operator 5G Core deploys the fed-otel_collector federation. The OpenTelemetry (OTEL) Collector runs as part of the fed-otel_collector namespace:
+
+ [:::image type="content" source="media/concept-observability-analytics/jaeger-components.png" alt-text="Diagram of text boxes showing Jaeger tracing and OpenTelemetry Protocol components in Azure Operator 5G Core.":::](media/concept-observability-analytics/jaeger-components-expanded.png#lightbox)
+
+Jaeger tracing uses the following workflow:
+
+1. The application with the OTLP client library sends traces to the OTEL Collector on the OTLP GRPC protocol. The OTEL Collector has three components: receivers, processors, and exporters.
+1. The OTLP GRPC receiver in the OTEL Collector receives traces and sends them to the Jaeger exporter.
+1. The Jaeger exporter sends traces to the Jaeger collector running as part of fed-jaeger.
+1. The Jaeger collector stores the traces in Elastic backend storage (fed-elastic).
+
+## Related content
+- [What is Azure Operator 5G Core?](overview-product.md)
+- [Quickstart: Deploy Azure Operator 5G Core observability on Azure Kubernetes Services (AKS)](quickstart-deploy-observability.md)
operator-5g-core Concept Security https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/concept-security.md
+
+ Title: Security in Azure Operator 5G Core
+description: Review the security features embedded in Azure Operator 5G Core
++++ Last updated : 02/21/2024++
+# Security in Azure Operator 5G Core
+
+Microsoft is built on Zero Trust security, including Azure Operator 5G Core. Rather than assuming that everything behind the corporate firewall is safe, Zero Trust assumes an open environment where trust must always be validated. Zero Trust is equally applied to all workload environments, both on Nexus and on Azure.
+
+ Zero Trust follows Azure Operator 5G Core from development through deployment and monitoring.
+
+## Development
+
+Azure Operator 5G Core software development incorporates processes and tools to ensure the software is secure and hardened to vulnerability. Security during development addresses the different product dimensions of application, container/VM, orchestration, and communication in the following ways:
+
+- Vulnerability scanning is performed at multiple stages in the development process (source scans, build scans, image scans) with multiple ADO tools.
+- Regular checkpoints are set on threat modeling, privacy, and crypto reviews.
+- Penetration testing is performed during development.
+
+## Deployment
+Azure Operator 5G Core is deployed based on a security blueprint that ensures the solution is hardened from external and internal attacks on the network. Security during deployment provides:
+
+- Secure access to software repositories.
+- Least access privilege based on Role-based Access Control (RBAC) methodology.
+- Centralized Identity / Privilege Management using Microsoft Entra ID.
+- Secure transport to Azure through Express Route.
+- Encryption of traffic within the NFs and between NFs (3GPP).
+- Secure storage of data at rest.
+
+## Monitoring
+Security monitoring of the application occurs through a combination of native alerting from the NF and Azure security applications. It includes:
+
+- Security Logging - Visibility for actions internal to the application.
+- Microsoft Defender ΓÇô Optional protection from cyber threats and vulnerabilities.
+
+## Related content
+- [What is Azure Operator 5G Core?](overview-product.md)
+- [Observability and analytics in Azure Operator 5G Core](concept-observability-analytics.md)
operator-5g-core How To Complete Prerequisites Deploy Azure Kubernetes Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/how-to-complete-prerequisites-deploy-azure-kubernetes-service.md
+
+ Title: Prerequisites to deploy Azure Operator 5G Core on Azure Kubernetes Service
+description: Learn how to complete the prerequisites necessary to deploy Azure Operator 5G Core on the Azure Kubernetes Service
++++ Last updated : 02/22/2024+++
+# Complete the prerequisites to deploy Azure Operator 5G Core on Azure Kubernetes Service
+
+This article shows you how to deploy Azure Operator 5G Core on the Azure Kubernetes Service. The first portion discusses the initial cluster creation; the second shows you how to modify the cluster to add the data plane ports.
+
+## Prerequisites
+
+To deploy on the Azure Kubernetes service, you must have the following configurations:
+
+- [Resource Group/Subscription](../cost-management-billing/manage/create-enterprise-subscription.md)
+- The [Azure Operator 5G Core release version and corresponding Kubernetes version](overview-product.md#compatibility)
+- [Networks created for network functions](#create-networks-for-network-functions)
+- Sizing (the number of worker nodes/VM sizes/flavors/subnet sizes)
+- Availability Zones
+- Federations installed
+- Appropriate [roles and permissions](../role-based-access-control/role-assignments-portal.md) in your Tenant to create the cluster, modify the Azure Virtual Machine Scale Sets, and [add user defined routes](../virtual-network/virtual-networks-udr-overview.md) to virtual network in case youΓÇÖre going to deploy UPF. Validation was done with Subscription level contributor access. However, access/ role requirements can change over time as code in Azure changes.
+
+
+## Create networks for network functions
+
+For SMF/AMF specifically, you must have the following frontend loopback IPs:
+
+- N2 secondary and primary
+- S1, S6, S11, S10
+- N26 AMF and MME
+
+Topology and quantity of Vnets and Subnets can differ based on your custom requirements. For more information, see Quickstart: Use the Azure portal to create a virtual network [this article](../virtual-network/quick-create-portal.md).
+
+A reference deployment of Azure Operator 5G Core, per cluster, has one virtual network and three constituent subnets, all part of the same virtual network.
+
+- One for Azure Kubernetes Services itself ΓÇô a /24
+- One for the loopback IPs that the Azure Kubernetes Services creates ΓÇô a /25
+- A utility subnet that points to the data plane ports - /26
+
+User defined routes (UDRs) are added to other virtual networks that point to this virtual network. Traffic is then pointed to the cluster for data plane and signaling traffic.
+
+> [!NOTE]
+> In a reference deployment, as more clusters are added, more subnets are added to the same vnet.
+
+## Create the initial cluster
+
+To deploy an AKS cluster, you should have a basic understanding of [Kubernetes concepts](../aks/concepts-clusters-workloads.md) and advanced knowledge of Azure networking, consistent with Azure Networking Certification.
+
+- If you don't have an [Azure subscription](../cost-management-billing/manage/create-enterprise-subscription.md), create an [Azure free account](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio) before you begin.
+- If you're unfamiliar with the Azure Cloud Shell, review [What is Azure Cloud Shell?](../cloud-shell/overview.md)
+- Make sure that the identity you use to create your cluster has the appropriate minimum permissions. For more details on access and identity for AKS, see [Access and identity options for Azure Kubernetes Service (AKS)](../aks/concepts-identity.md).
+
+1. Navigate and sign in to the [Azure portal](https://ms.portal.azure.com/).
+1. On the Azure portal home pages, select **Create a Resource**.
+1. In the **Categories** section, select **Containers** > **Azure Kubernetes Service (AKS)**.
+1. On the **Basics** tab:
+ - Enter the **Subscription**, **Resource Group**, **Cluster Name**, **Availability Zones**, and **Pricing Tier** based on your Azure Operator 5G Core requirements.
+ - Disable **Automatic upgrade**.
+ - Select **Local accounts with Kubernetes RBAC** for the **Authentication and Authorization** method.
+2. Navigate to the **Add a node pool** tab, then:
+ - Delete the sample node pools. Use the VM size based on your sizing, availability, and NFVI capacity requirements to create a new system node pool. Please note that cluster testing was performed using one GBPS dataplane performance.
+ - Enter and select **system2** for the **Node pool name** and **System** as the **Mode** type.
+ - Select **Azure Linux** as the **OS SKU**.
+ - Select **Availability zones**: **Zones 1,2,3** and leave the **Enable Azure Spot instances** field unmarked.
+ - Select **Manual** as the **Scale method**.
+ - Select **1** for the **Node count**.
+ - Select **250** as the **Max pods per node**, and don't mark to **Enable public IP per node**.
+ Use the default values for other settings.
+3. On the **Networking** tab, select Kubernetes from the **Networking Configuration** section. Then mark the box for **BYO vnet** and select the virtual network and subnet for your cluster's default network. Leave all other values as default.
+1. Unless you have a specific requirement to do otherwise, don't change any values on the **Integrations** tab.
+1. Turn **Azure monitor** to **off**.
+1. Navigate to the **Advanced** tab and mark the box for **Enable Secret Store CSI Driver**. Don't edit any other field.
+1. Note the name of the **Infrastructure Resource group** displayed. This name is required to modify the cluster and add data plane ports.
+1. Select **Review + Create** once validation completes.
+
+
+## Modify the cluster to add data plane ports
+
+1. Once you successfully created the cluster, navigate to the **settings** section of the AKS cluster and verify that the provisioning status of **Node pools** is **Succeeded**.
+1. Complete the steps to [Add system and user node pools to the cluster](#add-system-and-user-node-pools-to-the-cluster).
+1. Delete the **system2** node pool that you created in [Create the initial cluster](#create-the-initial-cluster).
+1. Navigate to the **Infrastructure Resource group** referenced in the cluster creation process.
+1. Select the **Virtual Machine Scale Set** resource named **aks-system-\<random-number>\-vmss**.
+1. Select **Scaling**. From the resulting screen, locate the **Manual Scale** section and change the **Instance Count** to **0**. Select **Save**.
+1. In the **Settings** section of the **VMSS** tab:
+ - Select **Instances**. The instances disappear as they're deleted.
+ - Select **Add network interface**. A **Create Network Interface** tab appears.
+1. On the **Create Network Interface** tab:
+ - Enter a **Name** for the network interface, mark the **NIC network security group** as **None**.
+ - Attach the network interface to your subnet based on your requirements, and select **Create**. Repeat this step for each data plane port required in the Virtual Machine Scale Set template.
+1. Open a separate window and navigate to the **Azure Resource Explorer**. On the left side of the screen, locate the **Subscription** for this cluster.
+1. In the Azure Resource Explorer, find the **Infrastructure Resource group** for the cluster. Select **providers** \> **Microsoft.Compute** \> **virtualMachineScaleSets** \> **\<your Azure Virtual Machine Scale Sets name\>**.
+1. Select the virtual machine scale set, then select and change from **Read Only** to **Read/Write**.
+1. Choose **Edit** from the **Data** section of the screen.
+1. For each of your data planes, ensure that the **enableAcceleratedNetworking** and the **enableIPForwarding** fields are set to **true**. If they're set to **false**:
+ 1. Remove the **ImageGalleriesSection** from the json file.
+ 1. Change the fields to **true** and select the green **Patch** button at the top of the screen.
+ 1. Return to the Azure portal. Navigate to the cluster resource in the original resource group and scale it up to the desired number of workers.
+
+### Add system and user node pools to the cluster
+
+Add System and User type node pools to the cluster with custom Linux configuration using the procedure described in [Customize node configuration for Azure Kubernetes Service (AKS) node pools](../aks/custom-node-configuration.md). Use the following values:
+
+|Setting |Value|
+|--||
+|node-count |1 |
+|os-sku |AzureLinux |
+|mode |Create one node pool of type **System** named **system** and a second node pool of type **User** named **dataplane** |
+|flavor |Specify per AO5GC certified sizing requirements |
+|vnet-subnet-id |Specify the subnet from input requirements |
+|max-pods |250 |
+|kubernetes-version |Specify the version corresponding to the AO5GC release version |
+|linuxkubeletconfig |"cpuManagerPolicy":"static". See Example ```linuxkubeletconfig.json``` contents |
+|linuxosconfig |"transparentHugePageEnabled: never". Configure **sysctls** settings as shown in Example ```linuxosconfig.json``` contents. |
+
+The following example command adds the **System** node pool to the cluster:
+
+```azurecli
+
+az aks nodepool add \
+ --name system \
+ --cluster-name ao5gce2e \
+ --resource-group AO5GC-E2E-SPE-2 \
+ --node-count 1 \
+ --node-vm-size Standard_D8s_v5 \
+ --os-type Linux \
+ --os-sku AzureLinux \
+ --mode System \
+ --max-pods 250 \
+ --kubernetes-version 1.27.3 \
+ --vnet-subnet-id /subscriptions/5a8f0890-0695-4567-ab87-85a76dd7868d/resourceGroups/AO5GC-E2E-SPE-2/providers/Microsoft.Network/virtualNetworks/ao5gce2enet/subnets/k8s-sn \
+ --kubelet-config ./linuxkubeletconfig.json \
+ --linux-os-config ./linuxosconfig.json
+```
+The following example command adds the **User** node pool to the cluster:
+
+```azurecli
+
+az aks nodepool add \
+ --name dataplane \
+ --cluster-name ao5gce2e \
+ --resource-group AO5GC-E2E-SPE-2 \
+ --node-count 1 \
+ --node-vm-size Standard_D16s_v5 \
+ --os-type Linux \
+ --os-sku AzureLinux \
+ --mode User \
+ --max-pods 250 \
+ --kubernetes-version 1.27.3 \
+ --vnet-subnet-id /subscriptions/5a8f0890-0695-4567-ab87-85a76dd7868d/resourceGroups/AO5GC-E2E-SPE-2/providers/Microsoft.Network/virtualNetworks/ao5gce2enet/subnets/k8s-sn \
+ --kubelet-config ./linuxkubeletconfig.json \
+ --linux-os-config ./linuxosconfig.json
+```
+Example ```linuxkubeletconfig.json``` contents:
+
+```json
+{
+"cpuManagerPolicy": "static",
+}
+```
+Example ```linuxosconfig.json``` contents:
+
+```json
+{
+"transparentHugePageEnabled": "never",
+"sysctls": {
+ "netCoreRmemDefault": 52428800,
+ "netCoreRmemMax": 52428800,
+ "netCoreSomaxconn": 3240000,
+ "netCoreWmemDefault": 52428800,
+ "netCoreWmemMax": 52428800,
+ "netCoreNetdevMaxBacklog": 3240000
+ }
+}
+```
+## Modify SMF or AMF network function
+
+For the VIP IPs for AMF from the previous section, depending on your network topology, create a single or multiple Azure LoadBalancer(s) of type **Microsoft.Network/loadBalancers** standard SKU, Regional.
+
+Frontend IP configuration for this LoadBalancer should come based on the ip configuration from the input requirements.
+
+### Backend LoadBalancer rules
+
+The backend of this load balancer should point to the data plane ports you created for the requisite networks you created. For instance, if you have a data plane port for n26 interface specifically, attach the load balancer backend address pool to that n26 data plane nic port. For example:
+
+```
+"frontendPort": 0,
+"backendPort": 0,
+"enableFloatingIP": true,
+"idleTimeoutInMinutes": 4,
+"protocol": "All",
+"enableTcpReset": false,
+"loadDistribution": "SourceIP",
+"disableOutboundSnat": true,
+```
+## Health probes
+
+For health probes, use the following settings:
+
+```
+Protocol: TCP, intervalInSeconds: 5, numberOfProbes: 1, probeThreshold: 1, ProbePort: 30100.
+```
+
+## Create a Network Function Service server
+
+Azure Operator 5G Core requires Network Function Service (NFS) storage. Follow [these instructions](../storage/files/storage-files-quick-create-use-linux.md) to create this storage.
+
+```azurecli
+$RG_NAME ΓÇô The name of your resource group
+$STORAGEACCOUNT-NAME ΓÇô A unique name for this storage account
+$VNET_NAME ΓÇô The name of your private vnet
+$CONNECTION_NAME ΓÇô A unique name for this private connection
+$SUBNET_NAME ΓÇô The name of your subnet thatΓÇÖs used to connect to your AKS
+$STORAGE_RESOURCE ΓÇô A unique name for this storage resource
+
+# Create Storage Account
+$ az storage account create --resource-group $RG_NAME --name $STORAGEACCOUNT_NAME --location $AZURE_REGION --sku Premium_LRS --kind FileStorage
+
+# Disable secure transfer
+$ az storage account update -g $RG_NAME -n $STORAGEACCOUNT_NAME--https-only false
+
+# Disable subnet polices
+$ az network vnet subnet update --name $SUBNET_NAME --resource-group $RG_NAME --vnet-name $VNET_NAME --disable-private-endpoint-network-policies true
+
+# Create private endpoint for NFS mount
+$ az network private-endpoint create --resource-group $RG_NAME --name $PRIVATE_ENDPOINT_NAME ΓÇôlocation $LOCATION --subnet $SUBNET_NAME--vnet-name $VNETNAME --private-connection-resource-id $STORAGE_RESOURCE
+
+--group-id "file" --connection-name snet1-cnct
+```
+
+## Related content
+
+- Learn about the [Deployment order on Azure Kubernetes Services](concept-deployment-order.md).
+- [Deploy Azure Operator 5G Core](how-to-deploy-5g-core.md).
+- [Deploy a network function](quickstart-deploy-network-functions.md).
operator-5g-core How To Complete Prerequisites Deploy Nexus Azure Kubernetes Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/how-to-complete-prerequisites-deploy-nexus-azure-kubernetes-service.md
+
+ Title: Prerequisites to deploy Azure Operator 5G Core on Nexus Azure Kubernetes Service
+description: Learn how to complete the prerequisites necessary to deploy Azure Operator 5G Core on the Nexus Azure Kubernetes Service.
++++ Last updated : 02/22/2024+
+#CustomerIntent: As a < type of user >, I want < what? > so that < why? >.
++
+# Complete the prerequisites to deploy Azure Operator 5G Core on Nexus Azure Kubernetes Service
+This article describes how to provision a Nexus Azure Kubernetes Service (NAKS) cluster by creating:
+
+- Network fabric (connectivity) resources
+- Network cloud (compute) resources
+
+> [!NOTE]
+> The example configuration in this article uses the Azure CLI. You can also create these resources using bicep scripts, terraform scripts, ARM templates, or custom programs that call relevant APIs directly.
+
+Commands used in this article refer to the following resource groups:
+
+- Infrastructure (managed) resource groups:
+ - Fabric - platform networking resources
+ - Undercloud - platform compute resources
+ - Managed resource group used to host Azure-ARC Kubernetes resources
+- Tenant resource groups:
+ - Fabric - tenant networking resources (such as networks)
+ - Compute - tenant compute resources (such as VMs, and Nexus AKS clusters)
++
+## Prerequisites
+
+Before provisioning a NAKS cluster:
+- Configure external networks between CEs and PEs (or Telco Edge) that allow connectivity with the provider edge. Configuring access to external services like firewalls and services hosted on Azure (tenant not platform) is outside of the scope of this article.
+- Configure elements on PEs/Telco Edge that aren't controlled by Nexus Network Fabric, such as Express Route Circuits configuration for tenant workloads connectivity to Azure.
+- Review the [Nexus Kubernetes release calendar](../operator-nexus/reference-nexus-kubernetes-cluster-supported-versions.md) to identify available releases and support plans.
+- Review the [Nexus Kubernetes Cluster Overview](../operator-nexus/concepts-nexus-kubernetes-cluster.md).
+- Review the [Network Fabric Overview](../operator-nexus/concepts-network-fabric.md).
+- Review the [Azure Isolation Domains How-To Guide](../operator-nexus/howto-configure-isolation-domain.md).
+- Review the [storage overview](../operator-nexus/concepts-storage.md).
+
+## Configure internal networks and protocols
+
+Complete these tasks to set up your internal network.
+
+### Create the isolation domain (L3ISD)
+
+Use the following Azure CLI commands to create the isolation domain (ISD):
+
+```azurecli
+export subscriptionId=ΓÇ¥<SUBSCRIPTION-ID>ΓÇ¥
+export rgManagedFabric=ΓÇ¥<RG-MANAGED-FABRIC>ΓÇ¥
+export nnfId=ΓÇ¥<NETWORK-FABRIC-ID>ΓÇ¥
+export rgFabric=ΓÇ¥<RG-FABRIC>ΓÇ¥
+export l3Isd=ΓÇ¥<ISD-NAME>ΓÇ¥
+export region=ΓÇ¥<REGION>ΓÇ¥
+
+az networkfabric l3domain create ΓÇôresource-name $l3Isd \
+--resource-group $rgFabric \
+--location $region \
+--nf-id ΓÇ£/subscriptions/$subscriptionId/resourceGroups/$rgManagedFabric/providers/Microsoft.ManagedNetworkFabric/networkFabrics/$nnfIdΓÇ¥ \
+--redistribute-connected-subnets ΓÇ£TrueΓÇ¥ \
+--redistribute-static-routes ΓÇ£TrueΓÇ¥ \
+--subscription ΓÇ£$subscriptionIdΓÇ¥
+```
+
+To view the new isolation domain in the Azure portal:
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+1. Navigate to for **Network Fabric (Operator Nexus)** resource.
+1. Select **network fabric** from the list.
+1. Select **Isolation Domain**.
+1. Select the relevant isolation domain (ISD).
+
+## Create the internal network
+
+Before creating or modifying the internal network, you must disable the ISD. Re-enable the ISD after making your changes.
+
+### Disable the isolation domain
+
+Use the following commands to disable the ISD:
+
+```azurecli
+export subscriptionId=ΓÇ¥<SUBSCRIPTION-ID>ΓÇ¥
+export rgFabric=ΓÇ¥<RG-FABRIC>ΓÇ¥
+export l3Isd=ΓÇ¥<ISD-NAME>ΓÇ¥
+
+# Disable ISD in order to create internal networks, wait for 5 minutes and check the status is Disabled
+
+az networkfabric l3domain update-admin-state ΓÇôresource-name ΓÇ£$l3IsdΓÇ¥ \
+--resource-group ΓÇ£$rgFabricΓÇ¥ \
+--subscription ΓÇ£$subscriptionIdΓÇ¥ \
+--state Disable
+
+# Check the status of the ISD
+
+az networkfabric l3domain show ΓÇôresource-name ΓÇ£$l3IsdΓÇ¥ \
+--resource-group ΓÇ£$rgFabricΓÇ¥ \
+--subscription ΓÇ£$subscriptionIdΓÇ¥
+```
+
+With the ISD disabled, you can add, modify, or remove the internal network. When you're finished making changes, re-enable ISD.
+
+## Create the default Azure Container Network Interface internal network
+
+Use the following commands to create the default Azure Container Network Interface (CNI) internal network:
+
+```azurecli
+export subscriptionId=ΓÇ¥<SUBSCRIPTION-ID>ΓÇ¥
+export intnwDefCni=ΓÇ¥<DEFAULT-CNI-NAME>ΓÇ¥
+export l3Isd=ΓÇ¥<ISD-NAME>ΓÇ¥
+export rgFabric=ΓÇ¥<RG-FABRIC>ΓÇ¥
+export vlan=<VLAN-ID>
+export peerAsn=<PEER-ASN>
+export ipv4ListenRangePrefix=ΓÇ¥<DEFAULT-CNI-IPV4-PREFIX>/<PREFIX-LEN>ΓÇ¥
+export mtu=9000
+
+az networkfabric internalnetwork create ΓÇôresource-name ΓÇ£$intnwDefCniΓÇ¥ \
+--resource-group ΓÇ£$rgFabricΓÇ¥ \
+--subscription ΓÇ£$subscriptionIdΓÇ¥ \
+--l3domain ΓÇ£$l3IsdΓÇ¥ \
+--vlan-id $vlan \
+--mtu $mtu \
+--connected-ipv4-subnets ΓÇ£[{prefix:$ipv4ListenRangePrefix}]ΓÇ¥ \
+--bgp-configuration
+```
+
+## Create internal networks for SMF ULB (S11/S5), UPF iPPE (N3, N6)
+
+When creating the SMF ULB and UPF iPPE internal networks, make sure to include IP-v6 addressing. You don't need to configure the BGP fabric-side ASN. ASN is included in network fabric resource creation. Use the following commands to create these internal networks:
+
+```azurecli
+export subscriptionId=ΓÇ¥<SUBSCRIPTION-ID>ΓÇ¥
+export intnwName=ΓÇ¥<INTNW-NAME>ΓÇ¥
+export l3Isd=ΓÇ¥<ISD-NAME>ΓÇ¥
+export rgFabric=ΓÇ¥<RG-FABRIC>ΓÇ¥
+export vlan=<VLAN-ID>
+export peerAsn=<PEER-ASN>
+export ipv4ListenRangePrefix=ΓÇ¥<IPV4-PREFIX>/<PREFIX-LEN>ΓÇ¥
+export ipv6ListenRangePrefix=ΓÇ¥<IPV6-PREFIX>/<PREFIX-LEN>ΓÇ¥
+export mtu=9000
+
+az networkfabric internalnetwork create ΓÇôresource-name ΓÇ£$intnwNameΓÇ¥ \
+--resource-group ΓÇ£$rgFabricΓÇ¥ \
+--subscription ΓÇ£$subscriptionIdΓÇ¥ \
+--l3domain ΓÇ£$l3IsdΓÇ¥ \
+--vlan-id $vlan \
+--mtu $mtu \
+--connected-ipv4-subnets ΓÇ£[{prefix:$ipv4ListenRangePrefix}]ΓÇ¥ \
+--connected-ipv6-subnets ΓÇ£[{prefix:ΓÇÖ$ipv6ListenRangePrefixΓÇÖ}]ΓÇ¥ \
+--bgp-configuration ΓÇ£{peerASN:$peerAsn,allowAS:0,defaultRouteOriginate:True,ipv4ListenRangePrefixes:[$ipv4ListenRangePrefix],ipv6ListenRangePrefixes:[ΓÇÿ$ipv6ListenRangePrefixΓÇÖ]}ΓÇ¥
+```
+
+To view the fabric ASN from the Azure portal:
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Search for the **Network Fabric (Operator Nexus)** resource.
+1. Select **network fabric** from the list.
+1. Review the ASN in properties ΓÇô **Fabric ASN** or in the **Internal Network** details.
+
+### Enable isolation domain
+
+Use the following commands to enable the ISD:
+
+```azurecli
+export subscriptionId=ΓÇ¥<SUBSCRIPTION-ID>ΓÇ¥
+export rgFabric=ΓÇ¥<RG-FABRIC>ΓÇ¥
+export l3Isd=ΓÇ¥<ISD-NAME>ΓÇ¥
+
+# Enable ISD, wait for 5 minutes and check the status is Enabled
+
+az networkfabric l3domain update-admin-state ΓÇôresource-name ΓÇ£$l3IsdΓÇ¥ \
+--resource-group ΓÇ£$rgFabricΓÇ¥ \
+--subscription ΓÇ£$subscriptionIdΓÇ¥ \
+--state Enable
+
+# Check the status of the ISD
+
+az networkfabric l3domain show ΓÇôresource-name ΓÇ£$l3IsdΓÇ¥ \
+--resource-group ΓÇ£$rgFabricΓÇ¥ \
+--subscription ΓÇ£$subscriptionIdΓÇ¥
+```
+
+### Recommended routing settings
+
+To configure BGP and BFD routing for internal networks, use the default settings. See [Nexus documentation](../operator-nexus/howto-configure-isolation-domain.md) for parameter descriptions.
+
+## Create L3 networks
+
+Before deploying the NAKS cluster, you must create NC L3 networking resources that map to network fabric (NF) resources.
+You must create L3 network NC resources for the default CNI interface, including the ISD/VLAN/IP prefix of a corresponding internal network. Attach these resources directly to VMs to perform VLAN tagging at the NIC (VF) level instead of the application level (access ports from application perspective) and/or if IP addresses are allocated by Nexus (using IP Address Management (ipam) functionality).
+An L3 network is used for the default CNI interface. Additional interfaces that require multiple VLANs per single interface must be trunk interfaces.
+
+Use the following commands to create the L3 network:
+
+```azurecli
+Export subscriptionId=ΓÇ¥<SUBSCRIPTION-ID>ΓÇ¥
+export rgManagedUndercloudCluster=ΓÇ¥<RG-MANAGED-UNDERCLOUD-CLUSTER>ΓÇ¥
+export undercloudCustLocationName=ΓÇ¥<UNDERCLOUD-CUST-LOCATION-NAME>ΓÇ¥
+export rgFabric=ΓÇ¥<RG-FABRIC>ΓÇ¥
+export rgCompute=ΓÇ¥<RG-COMPUTE>ΓÇ¥
+export l3Name=ΓÇ¥<L3-NET-NAME>ΓÇ¥
+export l3Isd=ΓÇ¥<ISD-NAME>ΓÇ¥
+export region=ΓÇ¥<REGION>ΓÇ¥
+export vlan=<VLAN-ID>
+export ipAllocationType=ΓÇ¥IPV4ΓÇ¥ // DualStack, IPV4, IPV6
+export ipv4ConnectedPrefix=ΓÇ¥<DEFAULT-CNI-IPV4-PREFIX>/<PREFIX-LEN>ΓÇ¥ // if IPV4 or DualStack
+export ipv6ConnectedPrefix=ΓÇ¥<DEFAULT-CNI-IPV6-PREFIX>/<PREFIX-LEN>ΓÇ¥ // if IPV6 or DualStack
+
+ az networkcloud l3network create ΓÇôl3-network-name $l3Name \
+--l3-isolation-domain-id ΓÇ£/subscriptions/$subscriptionId/resourceGroups/$rgFabric/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/$l3IsdΓÇ¥ \
+--vlan $vlan \
+--ip-allocation-type $ipAllocationType \
+--ipv4-connected-prefix $ipv4ConnectedPrefix \
+--extended-location name=ΓÇ¥/subscriptions/$subscriptionId/resourceGroups/$rgManagedUndercloudCluster/providers/Microsoft.ExtendedLocation/customLocations/$undercloudCustLocationNameΓÇ¥ type=ΓÇ¥CustomLocationΓÇ¥ \
+--resource-group $rgCompute \
+--location $region \
+--subscription $subscriptionId \
+--interface-name ΓÇ£vlan-$vlanΓÇ¥
+```
+
+### Trunked networks
+
+A `trunkednetwork` network cloud resource is required if a single port/interface connected to a virtual machine must carry multiple virtual local area networks (VLANs). Tagging is performed at the application layer instead of NIC. A trunk interface can carry VLANs that are a part of different ISDs.
+You must create a trunked network for both SMF ULB (S11/S5) and UPF iPPE (N3, N6).
+
+Use the following commands to create a trunked network:
+
+```azurecli
+export subscriptionId="<SUBSCRIPTION-ID>"
+export rgManagedUndercloudCluster="<RG-MANAGED-UNDERCLOUD-CLUSTER>"
+export undercloudCustLocationName="<UNDERCLOUD-CUST-LOCATION-NAME>"
+export rgFabric="<RG-FABRIC>"
+export rgCompute="<RG-COMPUTE>"
+export trunkName="<TRUNK-NAME>"
+export l3IsdUlb="<ISD-ULB-NAME>"
+export vlanUlb=<VLAN-ULB-ID>
+export region="<REGION>"
+
+az networkcloud trunkednetwork create --name $trunkName \
+--isolation-domain-ids "/subscriptions/$subscriptionId/resourceGroups/$rgFabric/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/$l3IsdUlb" \
+--vlans $vlanUlb \
+--extended-location name="/subscriptions/$subscriptionId/resourceGroups/$rgManagedUndercloudCluster/providers/Microsoft.ExtendedLocation/customLocations/$undercloudCustLocationName" type="CustomLocation" \
+--resource-group $rgCompute \
+--location $region \
+--interface-name "trunk-ulb" \
+--subscription $subscriptionId
+```
+
+## Configure the Cloud Services Network proxy and allowlisted domains
+
+A Cloud Services Network proxy (CSN proxy) is used to access Azure and internet destinations. You must explicitly add these domains to an allowlist in the CSN configuration for a NAKS cluster to access Azure services and for Arc integration.
+
+### Azure Operator Service Manager/Network Function Manager-based Cloud Services Networks endpoints
+
+Add the following egress points for AOSM/NFM based deployment support (HybridNetwork RP, CustomLocation RP reachability, ACR, Arc):
+
+```azurecli
+.azurecr.io / port 80
+.azurecr.io / port 443
+.mecdevice.azure.com / port 443
+eastus-prod.mecdevice.azure.com / port 443
+.microsoftmetrics.com / port 443
+crprivatemobilenetwork.azurecr.io / port 443
+.guestconfiguration.azure.com / port 443
+.kubernetesconfiguration.azure.com / port 443
+eastus.obo.arc.azure.com / port 8084
+.windows.net / port 80
+.windows.net / port 443
+.k8connecthelm.azureedge.net / port 80
+.k8connecthelm.azureedge.net / port 443
+.k8sconnectcsp.azureedge.net / port 80
+.k8sconnectcsp.azureedge.net / port 443
+.arc.azure.net / port 80
+.arc.azure.net / port 443
+```
+
+### Python Cloud Services Networks endpoints
+
+For python packages installation (part of fed-kube_addons pod-node_config command list used for NAKS), add the following commands:
+
+```python
+pypi.org / port 443
+files.pythonhosted.org / port 443
+```
+
+> [!NOTE]
+> Additional ADX endpoints may need to be included in the allowlist if there is a requirement to inject data into Azure ADX.
+
+### Optional Cloud Services Networks endpoints
+
+Use the following destination to run containers that have their endpoints stored in public container registries or to install more packages for the auxiliary virtual machines:
+
+```azurecli
+.ghcr.io / port 80
+.ghcr.io / port 443
+.k8s.gcr.io / port 80
+.k8s.gcr.io / port 443
+.k8s.io / port 80
+.k8s.io / port 443
+.docker.io / port 80
+.docker.io / port 443
+.docker.com / port 80
+.docker.com / port 443
+.pkg.dev / port 80
+.pkg.dev / port 443
+.ubuntu.com / port 80
+.ubuntu.com / port 443
+```
+
+## Create Cloud Services Networks
+
+You must create a separate CSN instance for each NAKS cluster when you deploy Azure Operator 5G Core on the Nexus platform.
+Adjust the additional-egress-endpoints list based on the previous description and lists.
+
+```azurecli
+export subscriptionId="<SUBSCRIPTION-ID>"
+export rgManagedUndercloudCluster="<RG-MANAGED-UNDERCLOUD-CLUSTER>"
+export undercloudCustLocationName="<UNDERCLOUD-CUST-LOCATION-NAME>"
+export rgCompute="<RG-COMPUTE>"
+export csnName="<CSN-NAME>"
+export region="<REGION>"
+
+az networkcloud cloudservicesnetwork create --cloud-services-network-name $csnName \
+--extended-location name="/subscriptions/$subscriptionId/resourceGroups/$rgManagedUndercloudCluster/providers/Microsoft.ExtendedLocation/customLocations/$undercloudCustLocationName" type="CustomLocation" \06- \
+--resource-group $rgCompute \
+--location $region \
+--enable-default-egress-endpoints True \
+--subscription $subscriptionId \
+--additional-egress-endpoints '[
+ {
+ "category": "common",
+ "endpoints": [
+ {
+ "domainName": ".io",
+ "port": 80
+ }
+ ]
+ },
+ {
+ "category": "common",
+ "endpoints": [
+ {
+ "domainName": ".io",
+ "port": 443
+ }
+ ]
+ }
+ ]' 07-
+```
+
+After you create the CSN, verify the `egress-endpoints` from the Azure portal. In the search bar, enter **Cloud Services Networks (Operator Nexus)** resource. Select **Overview**, then navigate to **Enabled egress endpoints** to see the list of endpoints you created.
+
+## Create a Nexus Azure Kubernetes Services Cluster
+
+Nexus related resource providers must deploy self-managed resource groups that are used to deploy the necessary resources created by customers. When Nexus AKS clusters are provisioned, they must be Arc-enabled. The Network Cloud resource provider creates its own managed resource group and deploys it in an Azure Arc Kubernetes cluster resource. Following this deployment, this cluster resource is linked to the NAKS cluster resource.
+
+> [!NOTE]
+> After the NAKS cluster deploys, and the managed resource group is created, you may need to grant privileges to all a user/entra group/service principal access to the managed resource group. This action is contingent upon the subscription level IAM settings.
+
+Use the following Azure CLI commands to create the NAKS cluster:
+
+```azurecli
+export subscriptionId="<SUBSCRIPTION-ID>"
+export rgManagedUndercloudCluster="<RG-MANAGED-UNDERCLOUD-CLUSTER>"
+export undercloudCustLocationName="<UNDERCLOUD-CUST-LOCATION-NAME>"
+export rgCompute="<RG-COMPUTE>"
+export rgNcManaged="<RG-NETWORK-CLOUD-MANAGED>"
+export csnName="<CSN-NAME>"
+export defCniL3Net="<L3-NET-FOR-DEF-CNI>"
+export trunkName="<TRUNK-NAME>"
+export naksName="<NAKS-NAME>"
+export k8sVer="<K8S-VER>"
+export region="<REGION>"
+export regionRgNcManaged="<REGION-RG-NETWORK-CLOUD-MANAGED>"
+export sshPubKeys="<SSH-PUB-KEYS>"
+export adminUser="<ADMIN-USER>" // e.g. "azureuser"
+export controlVmSku="<CONTROL-NODE-SKU>"
+export controlVmCount="<CONTROL-NODE-COUNT>"
+export workerVmSku="<WORKER-NODE-SKU>"
+export workerVmCount="<WORKER-NODE-COUNT>"
+export nodePoolName="<NODE-POOL-NAME>"
+export lbIpv4Pool="<LOADBALANCER-IPV4-POOL>"
+export hugePages2MCount=<HUGEPAGES-2M-COUNT>
+export aadAdminGroupObjectId="<AAD-GROUP-TO-ACCESS-NAKS>"
+export maxSurge=1 // number of nodes added to the cluster during upgrade e.g. 1 or percentage "10%"
+
+
+az networkcloud kubernetescluster create --name $naksName \
+--resource-group $rgCompute \
+--location $region \
+--kubernetes-version $k8sVer \
+--extended-location name="/subscriptions/$subscriptionId/resourceGroups/$rgManagedUndercloudCluster/providers/Microsoft.ExtendedLocation/customLocations/$undercloudCustLocationName" type="CustomLocation" \
+--admin-username $adminUser \
+--ssh-key-values "$sshPubKeys" \
+--initial-agent-pool-configurations "[{count:$workerVmCount,mode:'System',name:'$nodePoolName',vmSkuName:'$workerVmSku',agentOptions:{hugepagesCount:$hugePages2MCount,hugepagesSize:2M},upgradeSettings:{maxSurge:$maxSurge},adminUsername:'$adminUser',ssh-key-values:['$sshPubKeys']}]" \
+--control-plane-node-configuration count=$workerVmCount vmSkuName=$controlVmSku adminUsername=$adminUser ssh-key-values=['$sshPubKeys'] \
+--network-configuration cloud-services-network-id="/subscriptions/$subscriptionId/resourceGroups/$rgCompute/providers/Microsoft.NetworkCloud/cloudServicesNetworks/$csnName" cni-network-id="/subscriptions/$subscriptionId/resourceGroups/$rgCompute/providers/Microsoft.NetworkCloud/l3Networks/$defCniL3Net" pod-cidrs=["10.244.0.0/16"] service-cidrs=["10.96.0.0/16"] dns-service-ip="10.96.0.10" attached-network-configuration.trunked-networks="[{networkId:'/subscriptions/$subscriptionId/resourceGroups/$rgCompute/providers/Microsoft.NetworkCloud/trunkedNetworks/$trunkName',pluginType:'SRIOV'}]" bgp-service-load-balancer-configuration.fabric-peering-enabled="True" bgp-service-load-balancer-configuration.ip-address-pools="[{addresses:['$lbIpv4Pool'],autoAssign:'True',name:'pool1',onlyUseHostIps:'True'}]" \
+--managed-resource-group-configuration "{location:$regionRgNcManaged,name:$rgNcManaged}" \
+--aad-configuration admin-group-object-ids=[$aadAdminGroupObjectId] \
+--subscription $subscriptionId
+```
+
+After the cluster is created, you can enable the Network Function Manager (NFM) extension and set a custom location so the cluster can be deployed via Azure Operator Service Manager (AOSM) or NFM.
+
+## Access the Nexus Azure Kubernetes Services cluster
+
+ There are several ways to access the Tenant NAKS cluster's API server:
+- Directly from the IP address/port (from a jumpbox)
+- Use the Azure CLI and connectedk8s proxy option as described under the link to access clusters directly.
+ You must have a custom role assigned to the managed resource group created by the Network Cloud RP. One of the following actions must be enabled in this role:
+ - Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action
+ - A user or service provider as a contributor to the managed resource group
+
+## Prepare the cluster for workloads via AO5GC resource provider/Azure Operator Service Manager/Network Function Manager
+
+Before [Azure Operator Services Manager](https://azure.microsoft.com/products/operator-service-manager) (AOSM) and [Azure Network Function Manager](https://azure.microsoft.com/products/azure-network-function-manager) (NFM) can be used to deploy applications on top of Nexus Azure Kubernetes clusters, you must enable the Network Function Operator extension and set a custom location. For more information, see the following sections.
+
+### Enable the Network Function Operator extension
+
+You must enable the Network Function Operator Kubernetes Arc extension so that Azure NFM service can install workloads on top of NAKS clusters. Enable the extension at Azure Arc connected cluster level in the managed resource group created by Network Cloud RP.
+
+1. Enter the following Azure CLI commands to enable the NF Operator extension:
+
+ ```azurecli
+ az k8s-extension create -g <NAKS-MANAGED-RESOURCE-GRUP> \
+ -c <NAKS-ARC-CLUSTER-NAME> \
+ --cluster-type connectedClusters \
+ --cluster-resource-provider ΓÇ£Microsoft.Kubernetes/connectedClustersΓÇ¥ \
+ --name networkfunction-operator \
+ --extension-type Microsoft.Azure.HybridNetwork \
+ --auto-upgrade-minor-version true \
+ --scope cluster \
+ --release-namespace azurehybridnetwork \
+ --release-train preview \
+ --config Microsoft.CustomLocation.ServiceAccount=azurehybridnetwork-networkfunction-operator
+ ```
+
+1. Enter the following command and note the connected cluster ID:
+ `az connectedk8s show -n <NAKS-CLUSTER-NAME> -g <NAKS-RESOURCE-GRUP> --query id -o tsv`
+1. Enter the following command and note the cluster extension ID for which to enable the custom location:
+ `az k8s-extension show -c <NAKS-CLUSTER-NAME> -g <NAKS-RESOURCE-GRUP> -t connectedClusters -n networkfunction-operator`
+
+### Set the custom location
+
+A [custom location](/azure/azure-arc/kubernetes/conceptual-custom-locations) must be enabled for Nexus AKS clusters so that these clusters can be used as target locations for deploying Azure services instances.
+Refer to (link) to learn how to enable a customer location.
+
+> [!IMPORTANT]
+> A custom location must to be created in a resource group where NAKS cluster is created.
+
+Enter the following Azure CLI commands to set a custom location. Replace the connectedClusterID and clusterExtensionID variables with the names noted when you enabled the Network Function Operator extension.
+
+```azurecli
+az customlocation create -n <CUSTOM-LOCATION-NAME> \
+-g <NAKS-RESOURCE-GRUP> \
+-l eastus \
+--namespace azurehybridnetwork \
+--host-resource-id <CONNECTED-CLUSTER-ID> \
+--cluster-extension-ids <CLUSTER-EXTENSION-ID>
+```
+
+## Related content
+
+- Learn about the [Deployment order](concept-deployment-order.md).
+- [Deploy Azure Operator 5G Core](how-to-deploy-5g-core.md).
+- [Deploy a network function](quickstart-deploy-network-functions.md).
operator-5g-core How To Deploy 5G Core https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/how-to-deploy-5g-core.md
+
+ Title: How to Deploy Azure Operator 5G Core
+description: Learn how to deploy Azure Operator 5G core using Bicep Scripts, PowerShell, and Azure CLI.
++++ Last updated : 02/21/2024
+#CustomerIntent: As a < type of user >, I want < what? > so that < why? >.
++
+# Deploy Azure Operator 5G Core
+
+Azure Operator 5G Core is deployed using the Azure Operator 5G Core Resource Provider (RP). Bicep scripts are bundled along with empty parameter files for each Mobile Packet Core resource. These resources are:
+
+- Microsoft.MobilePacketCore/clusterServices - per cluster PaaS services
+- Microsoft.MobilePacketCore/amfDeployments - AMF/MME network function
+- Microsoft.MobilePacketCore/smfDeployments - SMF network function
+- Microsoft.MobilePacketCore/nrfDeployments - NRF network function
+- Microsoft.MobilePacketCore/nssfDeployments - NSSF network function
+- Microsoft.MobilePacketCore/upfDeployments - UPF network function
+- Microsoft.MobilePacketCore/observabilityServices - per cluster observability PaaS services (elastic/elastalert/kargo/kafka/etc)
+
+## Prerequisites
+
+Before you can successfully deploy Azure Operator 5G Core, you must:
+- [Register your resource provider](../azure-resource-manager/management/resource-providers-and-types.md) for the HybridNetwork and MobilePacketCore namespaces.
+
+Based on your deployment environments, complete one of the following:
+- [Prerequisites to deploy Azure Operator 5G Core on Azure Kubernetes Service](how-to-complete-prerequisites-deploy-azure-kubernetes-service.md).
+- [Prerequisites to deploy Azure Operator 5G Core on Nexus Azure Kubernetes Service](how-to-complete-prerequisites-deploy-nexus-azure-kubernetes-service.md)
++
+## Post cluster creation
+
+After you complete the prerequisite steps and create a cluster, you must enable resources used to deploy Azure Operator 5G Core. The Azure Operator 5G Core resource provider manages the remote cluster through line-of-sight communications via Azure ARC. Azure Operator 5G Core workload is deployed through helm operator services provided by the Network Function Manager (NFM). To enable these services, the cluster must be ARC enabled, the NFM Kubernetes extension must be installed, and an Azure custom location must be created. The following Azure CLI commands describe how to enable these services. Run the commands from any command prompt displayed when you sign in using the `az-login` command.
++
+## ARC-enable the cluster
+
+ARC is used to enable communication from the Azure Operator 5G Core resource provider to Kubernetes. You must have access to the cluster's kubeconfig file, or to Kubernetes API server to run the connectedK8s command. Refer to [Use Azure role-based access control to define access to the Kubernetes configuration file in Azure Kubernetes Service (AKS)](../aks/control-kubeconfig-access.md) for information.
+
+### ARC-enable the cluster for Azure Kubernetes Services
+
+Use the following Azure CLI command:
+
+`$ az connectedk8s connect --name <ARC NAME> --resource-group <RESOURCE GROUP> --custom-locations-oid <LOCATION> --kube-config <KUBECONFIG FILE>`
+
+### ARC-enable the cluster for Nexus Azure Kubernetes Services
+
+Retrieve the Nexus AKS connected cluster ID with the following command. You need this cluster ID to create the custom location.
+
+ `$ az connectedk8s show -n <NAKS-CLUSTER-NAME> -g <NAKS-RESOURCE-GRUP> --query id -o tsv`
+
+## Install the Network Function Manager Kubernetes extension
+
+Execute the following Azure CLI command to install the Network Function Manager (NFM) Kubernetes extension:
+
+`$ az k8s-extension create --name networkfunction-operator --cluster-name <ARC NAME> --resource-group <RESOURCE GROUP> --cluster-type connectedClusters --extension-type Microsoft.Azure.HybridNetwork --auto-upgrade-minor-version true --scope cluster --release-namespace azurehybridnetwork --release-train preview --config Microsoft.CustomLocation.ServiceAccount=azurehybridnetwork-networkfunction-operator`
+
+## Create an Azure custom location
+
+Enter the following Azure CLI command to create an Azure custom location:
+
+`$ az customlocation create -g <RESOURCE GROUP> -n <CUSTOM LOCATION NAME> --namespace azurehybridnetwork --host-resource-id /subscriptions/<SUBSCRIPTION>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Kubernetes/connectedClusters/<ARC NAME> --cluster-extension-ids /subscriptions/<SUBSCRIPTION>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Kubernetes/connectedClusters/<ARC NAME>/providers/Microsoft.KubernetesConfiguration/extensions/networkfunction-operator`
+
+ ## Populate the parameter files
+
+The empty parameter files that were bundled with the Bicep scripts must be populated with values suitable for the cluster being deployed. Open each parameter file and add IP addresses, subnets, and storage account information.
+
+You can also modify the parameterized values yaml file to change tuning parameters such as cpu, memory limits, and requests. You can also add new parameters manually.
+
+The Bicep scripts read these parameter files to produce a JSON object. The object is passed to Azure Resource Manager and used to deploy the Azure Operator 5G Core resource.
+
+> [!IMPORTANT]
+> Any new parameters must be added to both the parameters file and the Bicep script file.
+
+## Deploy Azure Operator 5G Core via Azure Resource Manager
+
+You can deploy Azure Operator 5G Core resources by using either Azure CLI or PowerShell.
+
+### Deploy using Azure CLI
+
+```azurecli
+az deployment group create \
+--name $deploymentName \
+--resource-group $resourceGroupName \
+--template-file $templateFile \
+--parameters $templateParamsFile
+```
+
+### Deploy using PowerShell
+
+```powershell
+New-AzResourceGroupDeployment `
+-Name $deploymentName `
+-ResourceGroupName $resourceGroupName `
+-TemplateFile $templateFile `
+-TemplateParameterFile $templateParamsFile `
+-resourceName $resourceName
+```
+## Next step
+
+- [Monitor the status of your Azure Operator 5G Core deployment](how-to-monitor-deployment-status.md)
operator-5g-core How To Monitor Deployment Status https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/how-to-monitor-deployment-status.md
+
+ Title: Monitoring the deployment status of Azure Operator 5G Core
+description: Monitor the deployment status of your Azure Operator 5G Core and its components
++++ Last updated : 02/21/2024++
+# Monitor the status of your Azure Operator 5G Core deployment
+
+Azure Operator 5G Core provides network function health check information using the Azure portal.
+
+## View health check information
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Navigate to the Network Functions Inventory & Health Checks screen. This screen lists all resources, along with the resource group, cluster, resource type and deployment status.
++
+You can also view the status of pods in each cluster.
++
+## Related content
+
+- [Observability and analytics in Azure Operator 5G Core](concept-observability-analytics.md)
+- [Perform health and configuration checks post-deployment in Azure Operator 5G Core](how-to-perform-checks-post-deployment.md)
operator-5g-core How To Perform Checks Post Deployment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/how-to-perform-checks-post-deployment.md
+
+ Title: Performing health checks post-deployment in Azure Operator 5G Core
+description: Learn how to ensure your deployment is running at its highest capacity by performing health checks post-deployment.
++++ Last updated : 02/21/2024++
+#CustomerIntent: As a < type of user >, I want < what? > so that < why? >.
+++
+# Perform health and configuration checks post-deployment in Azure Operator 5G Core
+
+After Azure Operator 5G Core is deployed, you can perform health and configuration checks on the deployment. You must enable an ARC extension to monitor your deployment.
+
+## Set up the Azure CLI
+
+1. Sign in using the `az login--use-device-code` command. Complete the sign in process with your user account.
+1. Set the subscription: `az account set -s <subscriptionName>`
+1. Run the following commands to install the CLI extensions:
+
+ `az extension add --yes --name connectedk8s`
+
+ `az extension add --yes --name k8s-configuration`
+
+ `az extension add --yes --name k8s-extension`
+
+## Configure ARC for the Kubernetes/Azure Kubernetes Services Cluster
+
+Enter the following command to configure the ARC:
+`az connectedk8s connect --name <ConnectedK8sName> --resource-group <ResourceGroupName>`
+
+## Deploy the Azure Operator 5G Core extension
+
+1. Enter the following commands to deploy the Azure Operator 5G Core extension:
+
+ ```azurecli
+ az k8s-extension create \
+ --name ao5gc-monitor \
+ --cluster-name <ConnectedK8sName> \
+ --resource-group <ResourceGroupName> \
+ --cluster-type connectedClusters \
+ --extension-type "Microsoft.AO5GC" \
+ --release-train <dev or preview or stable>\
+ --auto-upgrade true
+ ```
+
+2. Run the `kubectl label namespace ao5gc-monitor name=ao5gc-monitor` command to create a **name=ao5gc-monitor** label for the newly created **ao5gc-monitor** namespace.
+
+ The namespace and all necessary Azure Operator 5G Core extension pods, configuration maps, and services are created within the namespace.
+
+To delete the Azure Operator 5G Core extension, you can run the following command:
+
+```azurecli
+az k8s-extension delete \
+--name ao5gc-monitor \
+--cluster-name <ConnectedK8sName> \
+--resource-group <ResourceGroupName> \
+--cluster-type connectedClusters \
+```
+
+## Set permission for Azure Operator 5G Core extension to access metrics
+
+By default, the fed-prometheus cluster can be reached only from a small set of predefined namespaces. You must add the newly created **ao5gc-monitor** to the allowlist to obtain observability metrics.
+
+To add the namespace to fed-prometheus:
+
+1. Run the following command to add the helm values into a file for fed-prometheus:
+ `helm get values fed-prometheus -n fed-prometheus ΓÇôall> fed-prometheus_values.yaml`
+2. Add the **ao5gc-monitor** namespace under **ingressTrafficNamespaces** at the global level.
+1. Upgrade the fed-prometheus with the new helm values by running the following command:
+ `helm upgrade fed-prometheus -n fed-prometheus fed-prometheus-4.3.0-46-rel-4-3-0.tgz -f fed-prometheus_values.yaml`
+
+## Related content
+
+- [Monitor the status of your Azure Operator 5G Core deployment](how-to-monitor-deployment-status.md)
+- [Observability and analytics in Azure Operator 5G Core](concept-observability-analytics.md)
operator-5g-core Overview Product https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/overview-product.md
+
+ Title: What is Azure Operator 5G Core?
+description: Azure Operator 5G Core is a carrier-grade, Any-G, hybrid mobile packet core with fully integrated network functions that run both on-premises and in-cloud.
+++++ Last updated : 02/21/2024+++
+# What is Azure Operator 5G Core?
+
+Azure Operator 5G Core is a carrier-grade, Any-G, hybrid mobile packet core with fully integrated network functions that run both on-premises and in-cloud. Service providers can deploy resilient networks with high performance and at high capacity while maintaining low latency. Azure Operator 5G Core is ideal for Tier 1 consumer networks, mobile network operators (MNO), virtual network operators (MVNOs), enterprises, IoT, fixed wireless access (FWA), and satellite network operators (SNOs).
+
+The power of Azure's global footprint ensures global coverage and operating infrastructure at scale, coupled with MicrosoftΓÇÖs Zero Trust security framework to provide secure and reliable connectivity to cloud applications.ΓÇ»
+ΓÇ»
+Sophisticated management tools and automated lifecycle management simplify and streamline network operations. Operators can efficiently accelerate migration to 5G in standalone and nonstandalone architectures, while continuing to support all legacy mobile network access technologies (2G, 3G, & 4G).
+
+Streamlined in-service software upgrades at both the platform and application layer minimize downtime and complexity during version updates, and automated rollback mechanism ensures the system can revert to the previous stable state if needed. Preconfigured templates and blueprints simplify and standardize deployment.ΓÇ»
+ΓÇ»
+Azure Operator 5G Core's observability stack provides a rich set of insightful dashboards out-of-the-box. Operators can use their existing analytics solutions for further analysis or use Azure Operator Insights, which combines the power of Artificial Intelligence and Machine Learning to provide advanced analytics capabilities. Azure Operator 5G Core generates detailed Event Data Records, which provide operators with the insights to optimize network performance and improve subscriber Quality of Experience.
+ΓÇ»
+
+## Key Features and BenefitsΓÇ»
+
+Azure Operator 5G Core includes the following benefits for operating secure. Carrier-grade network functions at scale.ΓÇ»
+
+### Any-GΓÇ»
+
+Azure Operator 5G Core is a unified, ΓÇÿAny-GΓÇÖ packet core network solution that uses cloud native capabilities to address 2G/3G/4G and 5G functionalities. It allows operators to deploy network functions compatible with not only legacy technologies but also with the latest 5G networks, modernizing operator networks while operating on a single, consistent platform to minimize costs. ΓÇÿAny-GΓÇÖ offers the following features:ΓÇ»
+
+- Common anchor points (combination nodes) that allow seamless mobility across Radio Access Technologies (RAT).ΓÇ»
+- Common UPF instances that support all RAT types for mobility and footprint reduction.ΓÇ»
+- Control Plane and User Plane separation providing 5G and 4G CUPS standards.ΓÇ»
+- Consistent application of Value-added Services (VAS) regardless of the Radio Access Type.ΓÇ»
+- Integrated probing enabling an always-on capture of User Equipment/Session activities.ΓÇ»
+- Deployment options to use Diameter or Service-Based Interfaces (SBI), allowing operators to choose when to upgrade peer network functions.ΓÇ»
+- Slicing, which provides flexibility in customizing the treatment of a set of devices.  
+
+Azure Operator 5G Core offers the following network functions:ΓÇ»
+
+**5G SA:**
+- Access and Mobility Management Function (AMF)ΓÇ»
+- Session Management Function (SMF)ΓÇ»
+- User Plane Function (UPF)ΓÇ»
+- Network Slice Selection Function (NSSF)ΓÇ»
+- Network Repository Function (NRF)ΓÇ»
+
+**4G / 5G NSA:**ΓÇ»
+- Mobility Management Entity (MME)ΓÇ»
+- Packet Data Network (PDN) Gateway Control Plane Function (PGW-C)ΓÇ»
+- PDN Gateway User Plane Function (PGW-U)ΓÇ»
+- Serving Gateway Control Plane Function (SGW-C)ΓÇ»
+- Serving Gateway User Plane Function (SGW-U)ΓÇ»
+
+**2G / 3G:**ΓÇ»
+- Gateway GPRS Support Node (GGSN)ΓÇ»
+- Serving GPRS Support Node (SGSN)  
+
+ :::image type="content" source="media/overview-product/all-g-network.png" alt-text="Diagram of text boxes showing the network functions supported by the all-g network offering of Azure Operator 5G Core.":::
+
+Any-G is built on top of Azure Operator Nexus and Azure ΓÇô with flexible Network Function (NF) placement based on the operator use case. Different use cases drive NF deployment topologies. Network Functions can be placed geographically closer to the users for scenarios such as consumer, low latency, and MEC or centralized for machine to machine (Internet of Things) and enterprise scenarios. Deployment is API driven regardless of the placement of the network functions.
+ΓÇ»
+
+### ResiliencyΓÇ»
+
+Azure Operator 5G Core supports recovery mechanisms for failure scenarios such as single pod, multi-pod, VM, multi-VM within the same rack, and multi-VM spread across multiple racks. As the system scales to accommodate millions of subscribers, it requires mechanisms capable of addressing both internal and external faults, extending to the failure of an entire geographical location. To effectively mitigate potential disruptions and to ensure minimal impact, Azure Operator 5G Core incorporates Geographical Redundancy and In-Service Software Upgrade (ISSU) mechanisms.ΓÇ»
+
+### Orchestration
+
+Azure Operator 5G Core enables provisioning, configuration, management, and automation of complex services that span multiple NFs and analytics services in hybrid (on-premises and in-cloud) environments. This ensures consistent and efficient deployment. It supports ISSU and rollback to different versions while maintaining the baseline configuration across versions and without affecting the operations of the existing workloads.ΓÇ»
++
+Azure Operator 5G CoreΓÇÖs Resource Provider (RP) provides an inventory of the deployed resources and supports monitoring and health status of current and ongoing deployments.ΓÇ»
+
+### Observability
+
+Azure Operator 5G Core supports local observability with a small footprint per cluster for both platform and application level metrics, key performance indicators, logs, alerts, alarms, traces, and event data records. Observability data for most network functions are supported via the following industry-standard Platform as a Service (PaaS) components:  
+ΓÇ»
+- PrometheusΓÇ»
+- FluentdΓÇ»
+- ElasticΓÇ»
+- AlertaΓÇ»
+- JaegerΓÇ»
+- Kafka  
++
+Once deployed, Azure Operator 5G Core provides an inventory view of clusters and first-party network functions along with deployment and operational health status. Azure Operator 5G Core provides a rich set of out-of-the-box dashboards as well.ΓÇ»
+ΓÇ»
+Disconnected "break-glass" mode maintains data when connectivity between the Azure public cloud regions and local on-premises platforms is lost. Azure Operator 5G Core also allows operators to ingest the telemetry data into their chosen analytics solution for further analysis.ΓÇ»
+
+## Supported Regions
+
+Azure Operator 5G Core deployment is supported in:
+
+- East US
+- UAE North
+- South Central US
+- Northern Europe
+
+## Compatibility
+
+The table shows which versions of Azure Kubernetes/Nexus Azure Kubernetes K8s are compatible with the current Azure Operator 5G Core release. To use or update to the current version, these clusters need to be updated to the appropriate version.
++
+|Azure Operator 5G Core Version |AKS K8s Version |Nexus K8s Version |
+||||
+|2402.0 | 1.27.3 | 1.27.3 |
+++
+## Related content
+
+- [Centralized Lifecycle Management in Azure Operator 5G Core](concept-centralized-lifecycle-management.md)
operator-5g-core Quickstart Configure Network Function https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/quickstart-configure-network-function.md
+
+ Title: Configure a network function in Azure Operator 5G Core
+description: Learn the high-level process for configuring a network function.
++++ Last updated : 02/22/2024+++
+# Quickstart: Configure a network function in Azure Operator 5G Core
+
+Azure Operator 5G Core supports direct configuration of the first party packet core network functions deployed on Azure and Nexus by:
+
+ - enabling SSH access to port 22 of network configuration management pods directly.
+ - enabling configuration of network functions through CLI or by NETCONF to port 830, or by RESTCONF to port 443.
+
+Note that many concurrent configuration user sessions are supported.
+
+## Additional information
+
+For more information, see the documentation for the [Configuration Manager](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/Microservices/Shared/Microservices/Config_Manager.htm ).
+
+> [!NOTE]
+> The linked content is available only to customers with a current Affirmed Networks support agreement. To access the content, you must have Affirmed Networks login credentials. If you need assistance, please speak to the Affirmed Networks Support Team.
+
+## Next step
+
+Learn how to configure a specific network function in [Tutorial: Configure Network Functions](tutorial-configure-network-function.md).
operator-5g-core Quickstart Delete Network Function Cluster https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/quickstart-delete-network-function-cluster.md
+
+ Title: Delete a network function deployment and/or ClusterServices in Azure Operator 5G Core
+description: Learn the high-level process to delete a network function deployment and/or ClusterServices.
++++ Last updated : 02/21/2024++
+# Quickstart: Delete a network function deployment or ClusterServices in Azure Operator 5G Core
+
+This quickstart shows you the Azure CLI commands you can use to delete a network function deployment or ClusterServices.
+
+## Azure CLI commands
+
+Use the following Azure CLI commands to delete the Azure Operator 5G Core resources:
+
+`$ az resource delete --ids /subscriptions/${SUB}/resourceGroups/${RGName}/providers/Microsoft.MobilePacketCore/amfDeployments/${ResourceName}`
+
+`$ az resource delete --ids /subscriptions/${SUB}/resourceGroups/${RGName}/providers/Microsoft.MobilePacketCore/smfDeployments/${ResourceName}`
+
+`$ az resource delete --ids /subscriptions/${SUB}/resourceGroups/${RGName}/providers/Microsoft.MobilePacketCore/nrfDeployments/${ResourceName}`
+
+`$ az resource delete --ids /subscriptions/${SUB}/resourceGroups/${RGName}/providers/Microsoft.MobilePacketCore/upfDeployments/${ResourceName}`
+
+`$ az resource delete --ids /subscriptions/${SUB}/resourceGroups/${RGName}/providers/Microsoft.MobilePacketCore/nssfDeployments/${ResourceName}`
+
+`$ az resource delete --ids /subscriptions/${SUB}/resourceGroups/${RGName}/providers/Microsoft.MobilePacketCore/clusterServices/${ResourceName}`
+
+
+## Related content
+
+- [Deploy a network function](quickstart-deploy-network-functions.md)
operator-5g-core Quickstart Deploy Network Functions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/quickstart-deploy-network-functions.md
+
+ Title: Deploy a network function on Azure Kubernetes Services or Nexus Azure Kubernetes Services
+description: Learn the high-level process to deploy a network function on Azure Kubernetes services.
++++ Last updated : 02/21/2024+
+#CustomerIntent: As a < type of user >, I want < what? > so that < why? >.
++
+# Quickstart: Deploy a network function on Azure Kubernetes Services (AKS) or Nexus Azure Kubernetes Services (NAKS)
+
+This quickstart shows you how to deploy various network functions, including SMF, UPF, NRF, NSSF, AMF, MME, and a VNF_Agent in Azure Operator 5G Core.
+
+## Deploy network function using Azure CLI
+
+Use the following Azure CLI commands to deploy the network function:
+
+```azurecli
+New-AzResourceGroupDeployment `
+-Name <DEPLOYMENT NAME> `
+-ResourceGroupName <RESOURCE GROUP> `
+-TemplateFile ./releases/2311.0-1/AKS/bicep/<NF NAME>Template.bicep `
+-TemplateParameterFile ./releases/2311.0-1/AKS/params/<NF NAME>Params.json `
+-resourceName <RESOURCE NAME> ΓÇôVerbose
+```
+
+## Related content
+
+- [Quickstart: Monitor the status of your Azure Operator 5G Core deployment](how-to-monitor-deployment-status.md)
operator-5g-core Quickstart Deploy Observability https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/quickstart-deploy-observability.md
+
+ Title: Deploy Azure Operator 5G Core observability on Azure Kubernetes Services
+description: Learn the high-level process to deploy Azure Operator 5G Core observability on Azure Kubernetes Services.
++++ Last updated : 02/22/2024+
+#CustomerIntent: As a < type of user >, I want < what? > so that < why? >.
++
+# Quickstart: Deploy Azure Operator 5G Core observability on Azure Kubernetes Services (AKS) or Nexus Azure Kubernetes Services (NAKS)
+
+Use the following Azure CLI commands to deploy observability resources for Azure Operator 5G Core.
+
+## Deploy observability
++
+```azurecli
+New-AzResourceGroupDeployment `
+
+-Name <DEPLOYMENT NAME> `
+
+-ResourceGroupName <RESOURCE GROUP> `
+
+-TemplateFile ./releases/2311.0-1/AKS/bicep/obsvTemplate.bicep `
+
+-TemplateParameterFile ./releases/2311.0-1/AKS/params/obsvParams.json `
+
+-resourceName <RESOURCE NAME> ΓÇôVerbose
+```
+
+## Next step
+
+- [Deploy a network function on Azure Kubernetes Services (AKS)](quickstart-deploy-network-functions.md)
operator-5g-core Quickstart Subscription https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/quickstart-subscription.md
+
+ Title: Get access to Azure Operator 5G Core
+description: See the criteria to gain access to Azure Operator 5G Core subscription, and apply for access.
++++ Last updated : 02/22/2024+
+#CustomerIntent: As a < type of user >, I want < what? > so that < why? >.
++
+# Quickstart: Get Access to Azure Operator 5G Core
+
+Access is currently limited. For now, we're working with customers that have an existing technical partnership with Microsoft and that have targeted specific use cases. In addition to applying for initial access, all requests for Azure Operator 5G Core are required to go through a use case review.
++
+## Apply for access to Azure Operator 5G Core
+
+[Apply here](https://aka.ms/AO5GC-Activation-Request) for initial access.
+
+
+
+## Related content
+
+[What is Azure Operator 5G Core?](overview-product.md)
+[Deployment order for clusters, network functions, and observability](concept-deployment-order.md)
+[Deploy Azure Operator 5G Core](how-to-deploy-5g-core.md)
operator-5g-core Tutorial Configure Network Function https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-5g-core/tutorial-configure-network-function.md
+
+ Title: Configure network functions in Azure Operator 5G Core
+description: This tutorial outlines the process to configure specific network functions--including SMF, UPF, AMF, NRF, and NSSF--in Azure Operator 5G Core.
++++ Last updated : 02/22/2024+++
+# Tutorial: Configure Network Functions
+
+This article describes how to configure a network function following deployment. It contains links to configuration procedures for each network function type.
+
+> [!NOTE]
+> The linked content is available only to customers with a current Affirmed Networks support agreement. To access the content, you must have Affirmed Networks login credentials. If you need assistance, please speak to the Affirmed Networks Support Team.
++
+## Configure a Session Management Function (SMF)
+
+Use the procedures described in:
+- [SMF Configuration](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/NetworkFunctions/SMF/SMF_configuration.htm)
+- [Interface Manager Configuration](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/Microservices/SMF_Specific/Config/interface_mgr-cna-interface-mgr_config.html)
+
+## Configure a User Plane Function (UPF)
+
+Use the procedure described in [UPF Configuration](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/NetworkFunctions/UPF/Configuration.htm).
+
+## Configure an Access and Mobility Management Function (AMF)
+
+Use the procedure described in [AMF Configuration](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/NetworkFunctions/AMF/AMF_Configuration_Overview.htm ).
+
+## Configure a Network Repository Function (NRF)
+
+Use the procedure described in [NRF Configuration](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/NetworkFunctions/NRF/NRF_Functional_Overview.htm ). Refer to the section "Configuration Management."
+
+## Configure a Network Slice Selection Function (NSSF)
+
+Use the procedure described in [NSSF Configuration](https://manuals.metaswitch.com/UC/4.3.0/UnityCloud_Overview/Content/NetworkFunctions/NSSF/NSSF_Configuration_Overview.htm).
++
+## Related content
+
+- [Quickstart: Configure a network function in Azure Operator 5G Core](quickstart-configure-network-function.md)
+- [Quickstart: Deploy a network function on Azure Kubernetes Services (AKS)](quickstart-deploy-network-functions.md)
+
private-multi-access-edge-compute-mec Partner Programs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/private-multi-access-edge-compute-mec/partner-programs.md
Azure private MEC solution partners include technology partners, application ISV
- **Technology Partners** bring critical hardware and software components such as network functions, Radio Access Network (RAN) technologies, and SIMs to the Azure private MEC ecosystem. Customers can mix and match these components to meet their requirements. - **System Integrators and Operators** are responsible for planning, deployment, and operation of a customerΓÇÖs Azure private MEC implementation. These providers bring assets and expertise such as spectrum, RF planning, installation, maintenance, and support. System Integrators and Operators enable customers to rapidly deploy the Azure private MEC solution without requiring in-house expertise in complexities surrounding mobile network technologies.-- **Application ISV Partners** bring ready to deploy software solutions built for Azure private MEC. These applications leverage the low latency edge computing capabilities of Azure private MEC to enable a customerΓÇÖs specific use-cases within industries, including manufacturing, energy, and transportation.
+- **Application ISV Partners** bring ready to deploy software solutions built for Azure private MEC. These applications use the low latency edge computing capabilities of Azure private MEC to enable a customerΓÇÖs specific use-cases within industries, including manufacturing, energy, and transportation.
### System Integrators (SIs) Our system integrator partners include:
Our system integrator partners include:
|[Accenture](https://azuremarketplace.microsoft.com/en-us/marketplace/consulting-services/accenture1628868945076.acn-soln-area-15-5g-cloud-box-quality-inspection?exp=ubp8)||||[Tech Mahindra](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/techm.private_5g_network?exp=ubp8&tab=Overview) | ||||| [Accenture](https://azuremarketplace.microsoft.com/en-us/marketplace/consulting-services/accenture1628868945076.acn-soln-area-6-5g-edge?exp=ubp8) | ||||| Avanade |
+||||| BATS Wireless |
Our operator partners include: - [BT Group](https://azuremarketplace.microsoft.com/en-us/marketplace/consulting-services/britishtelecommunicationsplc1603355038257.0005_5g_private_network_bt_global-mpn1687281-preview?tab=Overview&flightCodes=bbaba195c14644e4aa5b4c7b6627ac7b)
Networking ISV partners include software vendors that provide network functions
| | [Versa Networks](https://aka.ms/versa) | ### SIM & RAN
-SIM partners provide wireless authentication technologies and embedded cellular modules. RAN partners deliver various hardware equipment (such as radios and antennas) necessary to deploy private mobile networks. The following partners have completed interop tests with Azure private MEC. Contact the partner representative for more details:
+SIM partners provide wireless authentication technologies and embedded cellular modules. RAN partners deliver various hardware equipment (such as radios and antennas) necessary to deploy private mobile networks. The following partners completed interop tests with Azure private MEC. Contact the partner representative for more details:
|SIM |RAN (hardware)| |||
SIM partners provide wireless authentication technologies and embedded cellular
### Application ISVs Microsoft partners with Application ISVs to make their software available through the Azure Marketplace. Our ISVs partners use a combination of private 5G and edge compute capabilities to create new experiences for customers.
-Applications that run on supported platforms can also deploy to Azure private MEC with few code changes required. This means that application ISV solutions for Azure Stack Edge, Azure Stack HCI, and Azure IoT Edge can also run on the Azure private MEC solution.
+Applications that run on supported platforms can also deploy to Azure private MEC with few code changes required. This means that application ISV solutions for Azure Stack Edge, and Azure IoT Edge can also run on the Azure private MEC solution.
Our application ISV partners include: - [Cognitiwe](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/cognitiweaio1670399502095.cognitiwe_hse_v1?exp=ubp8&tab=Overview)
+-[Fractal Analytics](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neal_analytics.stockview-retail?tab=Overview)
+-[Glartek](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/glarevisionsa1698227199975.glartek?tab=Overview)
- [iLink Systems](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/ilinksystems.samplemidasvm?exp=ubp8&tab=Overview)
+-[inVia Robotics](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/inviaroboticsinc1629911110634.inviarobotics1?tab=Overview)
- [Ipsotek](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/atosinternationalsas.ipsotek_vi_suite_bundles?exp=ubp8&tab=Overview)
+-[Nsion](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/nsionltd1591969784743.nsc3_saas?tab=Overview)
+-[MEEP](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/eepadvancedenterprisecommunicationltd1676190998651.synch-ptt?tab=overview)
- [Red Viking](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/redviking1587070336894.rv_argonaut_on_mec?exp=ubp8&tab=Overview)
+-[Scenera](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/scenerainc1695952178961.scenera-maistro-saas-1?tab=Overview)
- [Sensing Feeling](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/sensingfeelinglimited1671143541932.001?exp=ubp8)
+-[Tampnet](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/tampnetas1686124551117.azure_tampnet_private_network?tab=Overview)
+- Taqtile
+-[Trend Micro](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/trendmicro.mobile-network-security?tab=Overview)
+-[Trilogy Networks](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/trilogynetworksinc1688507869081.farmgrid-preview?tab=Overview&flightCodes=dec2dcd1-ef23-41d8-bf58-ce0c9d9b17c1)
+-[Unmanned Life](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/unmanned_life.robot-orchestration?tab=Overview)
- [Weavix](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/pksolutionsllc1654260389042.smart_radio_36_ms?exp=ubp8&tab=Overview)
+-[Zebra](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/zebratechnologiescorporation1702409620263.offer_2?tab=Overview)
## Next steps - To partner with Microsoft and deploy Azure private MEC solutions: - [Join the Azure private MEC Managed Solution Providers program](https://aka.ms/privateMECmsp) to get started if you're an operator and system integrator managed service providers. - [Contact the Azure private MEC team](https://aka.ms/privateMEC_ISV) if you're a Platform partner, such as a network function or hardware vendor.
- - Onboard your applications to the Azure Marketplace, and then [pre-register for the forthcoming Azure private MEC ISV or developer program](https://aka.ms/privateMECpartnerprogram).
+ - Onboard your applications to the Azure Marketplace, and then [preregister for the forthcoming Azure private MEC ISV or developer program](https://aka.ms/privateMECpartnerprogram).
programmable-connectivity Azure Programmable Connectivity Abstraction https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-abstraction.md
+
+ Title: API abstraction
+
+description: Azure Programmable Connectivity (APC) abstracts away the intricacies of interacting with different network APIs
++++ Last updated : 02/16/2024+++
+# API Abstraction
+
+Azure Programmable Connectivity (APC) provides developers with a unified standard interface that abstracts away the intricacies of interacting with different network APIs. This abstraction shields developers from the nuances of various operators and network configurations, enabling them to focus solely on building innovative applications without the burden of constantly adapting to underlying network changes.
+
+With APC, developers can ensure that their code remains resilient and adaptable, even in the face of evolving network landscapes. Applications built on the APC platform maintain their functionality and performance over time, without requiring extensive rewrites or modifications due to network updates.
programmable-connectivity Azure Programmable Connectivity Aggregation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-aggregation.md
+
+ Title: API aggregation
+
+description: Azure Programmable Connectivity simplifies the complexities associated with using Network APIs.
++++ Last updated : 02/16/2024+++
+# API Aggregation
+
+Azure Programmable Connectivity (APC) offers a seamless Azure experience by integrating a standardized interface across diverse operator networks worldwide, effectively simplifying the complexities associated with Network APIs.
+
+The APC Gateway autonomously manages API calls, credential handling, and ensures calls are accurately routed to the appropriate mobile operator.
programmable-connectivity Azure Programmable Connectivity Billing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-billing.md
+
+ Title: Azure Programmable Connectivity Billing
+description: Azure Programmable Connectivity provides a consolidated bill.
++++ Last updated : 02/16/2024+++
+# Consolidated Billing
+
+By serving as a centralized marketplace, APC simplifies the procurement process while ensuring an exceptional user experience. Developers can conveniently select and subscribe to the network APIs they need without the hassle of dealing with multiple providers or complex billing systems.
+
+One of the key advantages of APC is its ability to consolidate billing, enabling developers to receive a unified invoice from Azure for all their API plans, rather than managing separate bills from various operators. This streamlined approach not only reduces administrative overhead but also enhances cost transparency and efficiency in managing network resources.
programmable-connectivity Azure Programmable Connectivity Create Gateway https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-create-gateway.md
+
+ Title: Create an Azure Programmable Connectivity Gateway
+description: In this guide, learn how to create an APC gateway.
++++ Last updated : 02/08/2024+++
+# Quickstart: Create an APC gateway
+
+In this quickstart, you learn how to create an Azure Programmable Connectivity (APC) gateway and subscribe to API plans in the Azure portal.
+
+## Prerequisites
+
+- If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+### Sign in to the Azure portal
+
+Sign in to the [Azure portal](https://portal.azure.com).
+
+### Create a new APC gateway
+
+1. In the Azure portal, Search for **APC Gateways** and then select **Create**.
+
+ :::image type="content" source="media/search.jpg" alt-text="Screenshot of Azure portal showing the search box." lightbox="media/search.jpg":::
+
+1. Select the **Subscription**, **Resource Group** and **Region** for the gateway.
+
+ :::image type="content" source="media/create.jpg" alt-text="Screenshot of the create gateway page in Azure portal." lightbox="media/create.jpg":::
+
+1. Provide a **Name** for the gateway and click **Next**.
+
+### Select APIs
+
+1. Click on the API that you want to use.
+1. Select the country.
+1. **Add** the plans you want to subscribe to.
+
+ :::image type="content" source="media/select.jpg" alt-text="Screenshot of the select APIs page in the Azure portal." lightbox="media/select.jpg":::
+
+1. Click **Done**.
+1. Click **Next**.
+
+### Provide application details
+
+In order to use the operators API, you must provide extra details, which will be shared with the operator.
+
+1. Fill out the Application name, Application description, Legal entity, Tax number and the privacy manger's email address in the text boxes.
+
+ :::image type="content" source="media/app-details.jpg" alt-text="Screenshot of the application details page in the Azure portal." lightbox="media/app-details.jpg":::
+
+1. Click **Next**.
+
+### Agree to operators' terms and conditions
+
+On the **Terms and Conditions** page.
+
+1. Click **Awaiting input** and then **I Agree**.
+
+ :::image type="content" source="media/terms.jpg" alt-text="Screenshot of the terms and conditions page in the Azure portal." lightbox="media/terms.jpg":::
+
+1. Repeat the above step for each line.
+1. Click **Next**.
+
+### Verify details and create
+
+Once you see the **Validation passed** message, click **Create**.
+
+ :::image type="content" source="media/verify-create.jpg" alt-text="Screenshot of the verify and create page in Azure portal." lightbox="media/verify-create.jpg":::
programmable-connectivity Azure Programmable Connectivity Locations Partners https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-locations-partners.md
+
+ Title: Locations and partners
+
+description: Azure Programmable Connectivity is a cloud service that provides a simple and uniform way for developers to access programmable networks, regardless of substrate or location.
++++ Last updated : 01/31/2024+++
+# Azure Programmable Connectivity Partners and APIs
+
+## List of supported operators and APIs
+
+The table in this article provides detailed information about the availability of APC.
+
+| **Operator** | **Supported APIs** |
+| | |
+| Claro| Number Verify, SIM Swap |
+| Orange | Number Verify, SIM Swap |
+| Telefonica | Location, Number Verify, SIM Swap |
+| TIM | Location, SIM Swap |
+| Vivo | Location, Number Verify, SIM Swap |
++
+
+Currently, APC can be deployed in the following Azure regions:
++
+- Brazil South
+- East US
+- Germany West Central
+
+## Next steps
+* For more information about Azure Programmable Connectivity, see the [Overview](azure-programmable-connectivity-overview.md).
programmable-connectivity Azure Programmable Connectivity Network Apis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-network-apis.md
+
+ Title: What are network APIs?
+
+description: Network Application Programming Interfaces (APIs) can be utilized by software developers to build applications that can communicate with the underlying network.
++++ Last updated : 01/08/2024+++
+# What are network APIs?
+
+Network Application Programming Interfaces (APIs) can be utilized by software developers to build applications that can communicate with the underlying network. These APIs offer a uniform way for applications to access analytical and statistical data from networks, facilitating the implementation of customer experience based use cases. Network APIs can acquire network information and request configuration changes.
+
+Azure Programmable Connectivity (APC) uses these network APIs to provide a unified standard interface across multiple operator networks globally while abstracting the complexities inherent to network APIs.
+
+APC is now available in public preview with several APIs, including number verification, SIM swap and other capabilities.
+
+ :::image type="content" source="media/key-apis.jpg" alt-text="Diagram showing key network APIs." lightbox="media/key-apis.jpg":::
programmable-connectivity Azure Programmable Connectivity Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-overview.md
+
+ Title: What is Azure Programmable Connectivity?
+description: Azure Programmable Connectivity is a cloud service that provides a simple and uniform way for developers to access programmable networks, regardless of substrate or location.
++++ Last updated : 01/08/2024+++
+# What is Azure Programmable Connectivity?
+
+Azure Programmable Connectivity (APC) is a platform that revolutionizes how developers interact with Network API services from multiple mobile operators.
+
+APC ensures a smooth Azure experience by offering a single interface across different operator networks worldwide, hiding the complexities of Network APIs. This guarantees consistent and reliable code, regardless of network changes. Developers can concentrate on building apps without concerns about underlying network adjustments. With APC, networks change, but the code does not.
+
+ :::image type="content" source="media/apc.jpg" alt-text="Graphic showing APC architerture." lightbox="media/apc.jpg":::
+
+The APC Gateway handles API calls and credentials, ensuring they're directed to the right mobile operator. Its user-friendly interface lets developers easily select and subscribe to network APIs from various operators and regions. This makes APC a convenient marketplace that streamlines procurement without sacrificing user experience.
+
+APC is currently in public preview, offering various APIs such as number verification, SIM swap, and location services. Azure is working closely with global operators to incorporate their network APIs into APC, creating a robust partner network. Presently, this ecosystem includes AT&T, BT, Claro, Deutsche Telekom, Orange, Rogers, SingTel, Telefonica, T-Mobile, TIM Brasil, Verizon, and Vivo. APC is dedicated to expanding its global presence by partnering with more operators in the future.
+
+To sign up for the preview, please visit https://aka.ms/apcpublicpreview.
programmable-connectivity Azure Programmable Connectivity Security Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-security-overview.md
+
+ Title: Overview of Security for Azure Programmable Connectivity
+description: Azure Programmable Connectivity is a cloud service that provides a simple and uniform way for developers to access programmable networks, regardless of substrate or location.
++++ Last updated : 01/08/2024+++
+# Overview of Security for Azure Programmable Connectivity
+
+This article provides an overview of how encryption is used in Azure Programmable Connectivity. It covers the major areas of encryption, including encryption at rest and encryption in transit.
+
+## Encryption at rest
+
+Azure Programmable Connectivity (APC) stores all data at rest securely, including any temporary customer data. Azure Programmable Connectivity uses standard Azure infrastructure, with platform-managed encryption keys, to provide server-side encryption compliant with a range of security standards. For more information, see [encryption of data at rest.](../security/fundamentals/encryption-overview.md)
+
+Azure Programmable Connectivity doesn't store any Customer Data or End-User Identifiable Information.
+
+## Encryption in transit
+
+All traffic handled by Azure Programmable Connectivity is encrypted. This encryption covers all internal communication and calls made to Operator premises.
+
+HTTP traffic is encrypted using TLS, minimum version 1.2.
+
+## Private connectivity
+
+Currently Azure Programmable Connectivity doesn't offer the ability to call APC APIs completely within a private network. Azure Private Link integration is planned in future.
+
+## Audit logging
+
+There are two types of logs that are available to customers to audit their Azure Programmable Connectivity instances:
+- Management logs
+- Data plane logs
+
+Management logs are the logs of management operations performed on Azure resources such as creation or deletion of APC gateway instances, adding new Operator API Connections and other.
+To review actions performed on these resources, go to the corresponding resource page in Azure and select 'Activity log' in the left menu.
+
+Data plane logs are the logs of actions that happen when any calls are made to the APC Gateway API, such as 'sim-swap:verify'. To request these logs a support request needs to be raised. Follow the standard Azure support flow selecting the gateway, which has the logs of interest. Choose 'Using Network APIs' for problem type, and 'Calling APIs' for problem sub-type. In the problem description, indicate that you'd like to request data plane audit logs.
programmable-connectivity Azure Programmable Connectivity Using Network Apis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/programmable-connectivity/azure-programmable-connectivity-using-network-apis.md
+
+ Title: Using network APIs with Azure Programmable Connectivity
+
+description: Quick start guide to use the APIs exposed by APC.
++++ Last updated : 02/13/2024+++
+# How to use network APIs with Azure Programmable Connectivity
+
+In this guide, you learn how to use Network APIs exposed by Azure Programmable Connectivity.
+
+## Prerequisites
+
+Create an APC Gateway, following instructions in [Create an APC Gateway](azure-programmable-connectivity-create-gateway.md).
+
+- Obtain the Resource ID of your APC Gateway. This can be found by navigating to the APC Gateway in the Azure portal, clicking `JSON View` in the top right, and copying the value of `Resource ID`. Note this as `APC_IDENTIFIER`.
+- Obtain the URL of your APC Gateway. This can be found by navigating to the APC Gateway in the Azure portal, and obtaining the `Gateway base URL` under Properties. Note this as `APC_URL`.
+
+## Obtain an authentication token
+
+1. Follow the instructions at [How to create a Service Principal](/entra/identity-platform/howto-create-service-principal-portal) to create an App Registration that can be used to access your APC Gateway.
+ - For the step "Assign a role to the application", go to the APC Gateway in the Azure portal and follow the instructions from `3. Select Access Control (IAM)` onwards. Assign the new App registration `Azure Programmable Connectivity Gateway User` and `Contributor` roles.
+ - At the step "Set up authentication", select "Option 3: Create a new client secret". Note the value of the secret as `CLIENT_SECRET`, and store it securely (for example in an Azure Key Vault).
+ - After you have created the App registration, copy the value of Client ID from the Overview page, and note it as `CLIENT_ID`.
+2. Navigate to "Tenant Properties" in the Azure portal. Copy the value of Tenant ID, and note it as `TENANT`.
+3. Obtain a token from your App Registration. This can be done using an HTTP request, following the instructions in the [documentation](/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret). Alternatively, you can use an SDK (such as those for [Python](/entra/msal/python/), [.NET](/entra/msal/dotnet/), and [Java](/entra/msal/java/)).
+ - When asked for `client_id`, `client_secret`, and `tenant`, use the values obtained in this process. Use `https://management.azure.com//.default` as the scope.
+4. Note the value of the token you have obtained as `APC_AUTH_TOKEN`.
+
+## Use an API
+
+### Common attributes
+
+#### Definitions
+
+- Phone number: a phone number in E.164 format (starting with country code), optionally prefixed with '+'.
+- Hashed phone number: the SHA-256 hash, in hexadecimal representation, of a phone number
+
+#### Headers
+
+All requests must contain the following headers:
+
+- `Authorization`: This must have the value of `<APC_AUTH_TOKEN>` obtained in [Obtain an authentication token](#obtain-an-authentication-token).
+- `apc-gateway-id`: This must have the value of `<APC_IDENTIFIER>` obtained in [Prerequisites](#prerequisites).
+
+Requests may also contain the following optional header:
+
+- `x-ms-client-request-id`: This is a unique ID to identify the specific request. This is useful for diagnosing and fixing errors.
+
+#### Network identifier
+
+Each request body contains the field `networkIdentifier`. This object contains the fields `identifierType` and `identifier`. These values are used to identify which Network a request should be routed to.
+
+APC can identify the correct Network in one of three ways:
+- Using the `IPv4` address of the device. Set `identifierType` to `IPv4`, and `identifier` to the IPv4 address of the relevant device.
+- Using the `IPv6` address of the device. Set `identifierType` to `IPv6`, and `identifier` to the IPv6 address of the relevant device.
+- Using a Network Code to route to a specific Network. Set `identifierType` to `NetworkCode`, and `identifier` to a Network Code. Network Codes can be obtained using the [`Network` endpoint](#obtain-the-network-of-a-device), or chosen from the following table:
+
+| Operator | NetworkCode |
+| -- | -- |
+| Claro Brazil | Claro_Brazil |
+| Telefonica Brazil | Telefonica_Brazil |
+| TIM Brazil | Tim_Brazil |
+| Orange Spain | Orange_Spain |
+| Telefonica Spain | Telefonica_Spain |
+
+### Retrieve the last time that a SIM card was changed
+
+Make a POST request to the endpoint `https://<APC_URL>/sim-swap/sim-swap:verify`.
+
+It must contain all common headers specified in [Headers](#headers).
+
+The body of the request must take the following form. Replace the example values with real values.
+
+```json
+{
+ "phoneNumber": "+123456789",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ }
+}
+```
+
+Set `phoneNumber` to the phone number of the SIM you want to check.
+
+Set the `networkIdentifier` block according to instructions in [Network identifier](#network-identifier).
+
+The response is of the form:
+
+```json
+{
+ "date": "2023-07-03T14:27:08.312+02:00"
+}
+```
+
+`date` contains the timestamp of the most recent SIM swap in the `date-time` format defined in [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6). `date` may be `null`: this means that the SIM has never been swapped, or has not been swapped within the timeframe that the Operator maintains data for.
+
+### Verify that a SIM card has been swapped in a certain time frame
+
+Make a POST request to the endpoint `https://<APC_URL>/sim-swap/sim-swap:retrieve`.
+
+It must contain all common headers specified in [Headers](#headers).
+
+The body of the request must take the following form. Replace the example values with real values.
+
+```json
+{
+ "phoneNumber": "+123456789",
+ "maxAgeHours": "24",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ }
+}
+```
+
+Set `phoneNumber` to the phone number of the SIM you want to check.
+
+Set `maxAgeHours` to the length of time in hours before the present that you want to check for a SIM swap.
+
+Set the `networkIdentifier` block according to instructions in [Network identifier](#network-identifier).
+
+The response is of the form:
+
+```json
+{
+ "verificationResult": true
+}
+```
+
+`verificationResult` is a boolean, which is true if the SIM has been swapped in the specified time period, and false otherwise.
+
+### Verify the location of a device
+
+Make a POST request to the endpoint `https://<APC_URL>/device-location/location:verify`.
+
+It must contain all common headers specified in [Headers](#headers).
+
+The body of the request must take one of the following forms, which vary on the format used to identify the device. Replace the example values with real values.
+
+Option 1: use the device's IPv4 address and port:
+
+```json
+{
+ "device": {
+ "ipv4Address": {
+ "ipv4": "127.127.127.127",
+ "port": "1234"
+ }
+ },
+ "latitude": "51.501476",
+ "longitude": "-0.140634",
+ "accuracy": "5",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ }
+}
+```
+
+Option 2: use the device's IPv6 address and port:
+
+```json
+{
+ "device": {
+ "ipv6Address": {
+ "ipv6": "fc00:fc00::",
+ "port": "1234"
+ }
+ },
+ "latitude": "51.501476",
+ "longitude": "-0.140634",
+ "accuracy": "5",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ }
+}
+```
+
+Option 3: use the device's phone number:
+
+```json
+{
+ "device": {
+ "phoneNumber": "+123456789"
+ },
+ "latitude": "51.501476",
+ "longitude": "-0.140634",
+ "accuracy": "5",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ }
+}
+```
+
+Option 4: use the device's Network Access Identifier:
+
+```json
+{
+ "device": {
+ "networkAccessIdentifier": "123456789@example.com"
+ },
+ "latitude": "51.501476",
+ "longitude": "-0.140634",
+ "accuracy": "5",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ }
+}
+```
+
+Set `latitude` and `longitude` to the coordinates of the location you want to verify, using signed values. `latitude` is a number between -90 and 90; `longitude` is a number between -180 and 180.
+
+Set `accuracy` to the maximum distance in kilometers from the specified location that you want to check for.
+
+Set the `networkIdentifier` block according to instructions in [Network identifier](#network-identifier).
+
+The response is of the form:
+
+```json
+{
+ "verificationResult": true
+}
+```
+
+`verificationResult` is a boolean, which is true if the device is within a certain distance (given by `accuracy`) of the given location, and false otherwise.
+
+### Verify the number of a device
+
+Number verification is different to other APIs, as it requires interaction with a frontend application (i.e. an application running on a device) to verify the number of that device, as part of a flow referred to as "frontend authorization". This means two separate calls to APC must be made: the first to trigger frontend authorization, and the second to request the desired information.
+
+To use number verification functionality, you must expose an endpoint on the backend of your application that is accessible from your application's frontend. This endpoint is used to pass the result of frontend authorization to the backend of your application. Note the full URL to this endpoint as `REDIRECT_URI`.
+
+#### Call 1
+
+Make a POST request to the endpoint `https://<APC_URL>/number-verification/number:verify`.
+
+It must contain all common headers specified in [Headers](#headers).
+
+The body of the request must take one of the following forms. Replace the example values with real values.
+
+Option 1: use the device's phone number:
+
+```json
+{
+ "phoneNumber": "+123456789",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ },
+ "redirectUri": "https://example.com/apcauthcallback"
+}
+```
+
+Option 2: use the device's hashed phone number:
+
+```json
+{
+ "hashedPhoneNumber": "b49f9168e8a886ffd61a090b51a26e117717f5f6fa804af49ea67043a2bfa4f0",
+ "networkIdentifier": {
+ "identifierType": "NetworkCode",
+ "identifier": "Some_Network"
+ },
+ "redirectUri": "https://example.com/apcauthcallback"
+}
+```
+
+The response to this call is a 302 redirect. It has a header `location`, which contains a URL.
+
+Follow the URL from the frontend of your application. This triggers an authorization flow between the device running the frontend and the Network specified using the `networkIdentifier` block.
+
+At the end of the authorization flow, the Network returns a 302 redirect. This redirect:
+- Redirects to the `redirectUri` you sent in your request to APC
+- Contains the parameter `apcCode`
+
+The frontend of your application must follow this `redirectUri`. This delivers the `apcCode` to your application's backend.
+
+#### Call 2
+
+At the end of Call 1, your frontend made a request to the endpoint exposed at `redirectUri` with a parameter `apcCode`. Your backend must obtain the value of `apcCode` and use it in the second call to APC.
+
+Make a POST request to the endpoint `https://<APC_URL>/number-verification/number:verify`.
+
+It must contain all common headers specified in [Headers](#headers).
+
+The body of the request must take the following form. Replace the value of `apcCode` with the value obtained as a result of the authorization flow.
+
+```json
+{
+ "apcCode": "12345"
+}
+```
+
+The response is of the form:
+
+```json
+{
+ "verificationResult": true
+}
+```
+
+`verificationResult` is a boolean, which is true if the device has the number (or hashed number) specified in Call 1, and false otherwise.
+
+### Obtain the Network of a device
+
+Make a POST request to the endpoint `https://<APC_URL>/device-network/network:retrieve`.
+
+It must contain all common headers specified in [Headers](#headers).
+
+The body of the request must take the following form. Replace the example values with real values.
+
+```json
+{
+ "identifierType": "IPv4",
+ "identifier": "127.127.127.127"
+}
+```
+
+Set the fields according to instructions in [Network identifier](#network-identifier).
+
+Note that if you set `identifierType` to `NetworkCode`, you receive the same Network Code in response.
+
+The response is of the form:
+
+```json
+{
+ "networkCode": "Some_Network"
+}
+```
+
+`networkCode` contains a Network Code that can be used as the Network Identifier for any other API.
role-based-access-control Built In Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles.md
The following table provides a brief description of each built-in role. Click th
> | <a name='media-services-media-operator'></a>[Media Services Media Operator](./built-in-roles/web-and-mobile.md#media-services-media-operator) | Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources. | e4395492-1534-4db2-bedf-88c14621589c | > | <a name='media-services-policy-administrator'></a>[Media Services Policy Administrator](./built-in-roles/web-and-mobile.md#media-services-policy-administrator) | Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources. | c4bba371-dacd-4a26-b320-7250bca963ae | > | <a name='media-services-streaming-endpoints-administrator'></a>[Media Services Streaming Endpoints Administrator](./built-in-roles/web-and-mobile.md#media-services-streaming-endpoints-administrator) | Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources. | 99dba123-b5fe-44d5-874c-ced7199a5804 |
-> | <a name='search-index-data-contributor'></a>[Search Index Data Contributor](./built-in-roles/web-and-mobile.md#search-index-data-contributor) | Grants full access to Azure Cognitive Search index data. | 8ebe5a00-799e-43f5-93ac-243d3dce84a7 |
-> | <a name='search-index-data-reader'></a>[Search Index Data Reader](./built-in-roles/web-and-mobile.md#search-index-data-reader) | Grants read access to Azure Cognitive Search index data. | 1407120a-92aa-4202-b7e9-c0e197c71c8f |
-> | <a name='search-service-contributor'></a>[Search Service Contributor](./built-in-roles/web-and-mobile.md#search-service-contributor) | Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba0 |
> | <a name='signalr-accesskey-reader'></a>[SignalR AccessKey Reader](./built-in-roles/web-and-mobile.md#signalr-accesskey-reader) | Read SignalR Service Access Keys | 04165923-9d83-45d5-8227-78b77b0a687e | > | <a name='signalr-app-server'></a>[SignalR App Server](./built-in-roles/web-and-mobile.md#signalr-app-server) | Lets your app server access SignalR Service with AAD auth options. | 420fcaa2-552c-430f-98ca-3264be4806c7 | > | <a name='signalr-rest-api-owner'></a>[SignalR REST API Owner](./built-in-roles/web-and-mobile.md#signalr-rest-api-owner) | Full access to Azure SignalR Service REST APIs | fd53cd77-2268-407a-8f46-7e7863d0f521 |
The following table provides a brief description of each built-in role. Click th
> | <a name='cognitive-services-qna-maker-reader'></a>[Cognitive Services QnA Maker Reader](./built-in-roles/ai-machine-learning.md#cognitive-services-qna-maker-reader) | Let's you read and test a KB only. | 466ccd10-b268-4a11-b098-b4849f024126 | > | <a name='cognitive-services-usages-reader'></a>[Cognitive Services Usages Reader](./built-in-roles/ai-machine-learning.md#cognitive-services-usages-reader) | Minimal permission to view Cognitive Services usages. | bba48692-92b0-4667-a9ad-c31c7b334ac2 | > | <a name='cognitive-services-user'></a>[Cognitive Services User](./built-in-roles/ai-machine-learning.md#cognitive-services-user) | Lets you read and list keys of Cognitive Services. | a97b65f3-24c7-4388-baec-2e87135dc908 |
+> | <a name='search-index-data-contributor'></a>[Search Index Data Contributor](./built-in-roles/ai-machine-learning.md#search-index-data-contributor) | Grants full access to Azure Cognitive Search index data. | 8ebe5a00-799e-43f5-93ac-243d3dce84a7 |
+> | <a name='search-index-data-reader'></a>[Search Index Data Reader](./built-in-roles/ai-machine-learning.md#search-index-data-reader) | Grants read access to Azure Cognitive Search index data. | 1407120a-92aa-4202-b7e9-c0e197c71c8f |
+> | <a name='search-service-contributor'></a>[Search Service Contributor](./built-in-roles/ai-machine-learning.md#search-service-contributor) | Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba0 |
## Internet of Things
The following table provides a brief description of each built-in role. Click th
> | <a name='policy-insights-data-writer-preview'></a>[Policy Insights Data Writer (Preview)](./built-in-roles/management-and-governance.md#policy-insights-data-writer-preview) | Allows read access to resource policies and write access to resource component policy events. | 66bb4e9e-b016-4a94-8249-4c0511c2be84 | > | <a name='quota-request-operator'></a>[Quota Request Operator](./built-in-roles/management-and-governance.md#quota-request-operator) | Read and create quota requests, get quota request status, and create support tickets. | 0e5f05e5-9ab9-446b-b98d-1e2157c94125 | > | <a name='reservation-purchaser'></a>[Reservation Purchaser](./built-in-roles/management-and-governance.md#reservation-purchaser) | Lets you purchase reservations | f7b75c60-3036-4b75-91c3-6b41c27c1689 |
+> | <a name='reservations-administrator'></a>[Reservations Administrator](./built-in-roles/management-and-governance.md#reservations-administrator) | Lets one read and manage all the reservations in a tenant | a8889054-8d42-49c9-bc1c-52486c10e7cd |
+> | <a name='reservations-reader'></a>[Reservations Reader](./built-in-roles/management-and-governance.md#reservations-reader) | Lets one read all the reservations in a tenant | 582fc458-8989-419f-a480-75249bc5db7e |
> | <a name='resource-policy-contributor'></a>[Resource Policy Contributor](./built-in-roles/management-and-governance.md#resource-policy-contributor) | Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | 36243c78-bf99-498c-9df9-86d9f8d28608 | > | <a name='site-recovery-contributor'></a>[Site Recovery Contributor](./built-in-roles/management-and-governance.md#site-recovery-contributor) | Lets you manage Site Recovery service except vault creation and role assignment | 6670b86e-a3f7-4917-ac9b-5d6ab1be4567 | > | <a name='site-recovery-operator'></a>[Site Recovery Operator](./built-in-roles/management-and-governance.md#site-recovery-operator) | Lets you failover and failback but not perform other Site Recovery management operations | 494ae006-db33-4328-bf46-533a6560a3ca |
role-based-access-control Ai Machine Learning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/ai-machine-learning.md
Lets you create, read, update, delete and manage keys of Cognitive Services.
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/logDefinitions/read | Read log definitions | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricdefinitions/read | Read metric definitions | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metrics/read | Read metrics |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/operations/read | Gets or lists deployment operations. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/operationresults/read | Get the subscription operation results. |
Lets you read and list keys of Cognitive Services.
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/logDefinitions/read | Read log definitions | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricdefinitions/read | Read metric definitions | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metrics/read | Read metrics |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/operations/read | Gets or lists deployment operations. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/operationresults/read | Get the subscription operation results. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/read | Gets the list of subscriptions. |
Lets you read and list keys of Cognitive Services.
} ```
+## Search Index Data Contributor
+
+Grants full access to Azure Cognitive Search index data.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | *none* | |
+> | **NotActions** | |
+> | *none* | |
+> | **DataActions** | |
+> | [Microsoft.Search](../permissions/ai-machine-learning.md#microsoftsearch)/searchServices/indexes/documents/* | |
+> | **NotDataActions** | |
+> | *none* | |
+
+```json
+{
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "Grants full access to Azure Cognitive Search index data.",
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
+ "name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
+ "permissions": [
+ {
+ "actions": [],
+ "notActions": [],
+ "dataActions": [
+ "Microsoft.Search/searchServices/indexes/documents/*"
+ ],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Search Index Data Contributor",
+ "roleType": "BuiltInRole",
+ "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
+## Search Index Data Reader
+
+Grants read access to Azure Cognitive Search index data.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | *none* | |
+> | **NotActions** | |
+> | *none* | |
+> | **DataActions** | |
+> | [Microsoft.Search](../permissions/ai-machine-learning.md#microsoftsearch)/searchServices/indexes/documents/read | Read documents or suggested query terms from an index. |
+> | **NotDataActions** | |
+> | *none* | |
+
+```json
+{
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "Grants read access to Azure Cognitive Search index data.",
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
+ "name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
+ "permissions": [
+ {
+ "actions": [],
+ "notActions": [],
+ "dataActions": [
+ "Microsoft.Search/searchServices/indexes/documents/read"
+ ],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Search Index Data Reader",
+ "roleType": "BuiltInRole",
+ "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
+## Search Service Contributor
+
+Lets you manage Search services, but not access to them.
+
+[Learn more](/azure/search/search-security-rbac)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
+> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
+> | [Microsoft.Search](../permissions/ai-machine-learning.md#microsoftsearch)/searchServices/* | Create and manage search services |
+> | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
+> | **NotActions** | |
+> | *none* | |
+> | **DataActions** | |
+> | *none* | |
+> | **NotDataActions** | |
+> | *none* | |
+
+```json
+{
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "Lets you manage Search services, but not access to them.",
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
+ "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Insights/alertRules/*",
+ "Microsoft.ResourceHealth/availabilityStatuses/read",
+ "Microsoft.Resources/deployments/*",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.Search/searchServices/*",
+ "Microsoft.Support/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Search Service Contributor",
+ "roleType": "BuiltInRole",
+ "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+ ## Next steps - [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)
role-based-access-control Analytics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/analytics.md
Allows for full access to Azure Event Hubs resources.
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/* | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/* | |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/* | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/* | |
> | **NotDataActions** | | > | *none* | |
Allows receive access to Azure Event Hubs resources.
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/eventhubs/consumergroups/read | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/eventhubs/consumergroups/read | |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/receive/action | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/receive/action | |
> | **NotDataActions** | | > | *none* | |
Allows send access to Azure Event Hubs resources.
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/eventhubs/read | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/eventhubs/read | |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/send/action | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/send/action | |
> | **NotDataActions** | | > | *none* | |
Create and manage data factories, as well as child resources within them.
> | Actions | Description | > | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
-> | [Microsoft.DataFactory](../permissions/databases.md#microsoftdatafactory)/dataFactories/* | Create and manage data factories, and child resources within them. |
-> | [Microsoft.DataFactory](../permissions/databases.md#microsoftdatafactory)/factories/* | Create and manage data factories, and child resources within them. |
+> | [Microsoft.DataFactory](../permissions/analytics.md#microsoftdatafactory)/dataFactories/* | Create and manage data factories, and child resources within them. |
+> | [Microsoft.DataFactory](../permissions/analytics.md#microsoftdatafactory)/factories/* | Create and manage data factories, and child resources within them. |
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Read, write, and delete Schema Registry groups and schemas.
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemagroups/* | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemagroups/* | |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemas/* | |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemas/* | |
> | **NotDataActions** | | > | *none* | |
Read and list Schema Registry groups and schemas.
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemagroups/read | Get list of SchemaGroup Resource Descriptions |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemagroups/read | Get list of SchemaGroup Resource Descriptions |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemas/read | Retrieve schemas |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemas/read | Retrieve schemas |
> | **NotDataActions** | | > | *none* | |
Lets you perform query testing without creating a stream analytics job first
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/TestQuery/action | Test Query for Stream Analytics Resource Provider |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/OperationResults/read | Read Stream Analytics Operation Result |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/SampleInput/action | Sample Input for Stream Analytics Resource Provider |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/CompileQuery/action | Compile Query for Stream Analytics Resource Provider |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/TestQuery/action | Test Query for Stream Analytics Resource Provider |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/OperationResults/read | Read Stream Analytics Operation Result |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/SampleInput/action | Sample Input for Stream Analytics Resource Provider |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/CompileQuery/action | Compile Query for Stream Analytics Resource Provider |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
role-based-access-control Compute https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/compute.md
Lets you manage classic virtual machines, but not access to them, and not the vi
> | [Microsoft.ClassicStorage](../permissions/storage.md#microsoftclassicstorage)/storageAccounts/listKeys/action | Lists the access keys for the storage accounts. | > | [Microsoft.ClassicStorage](../permissions/storage.md#microsoftclassicstorage)/storageAccounts/read | Return the storage account with the given account. | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Create and manage virtual machines, manage disks, install and run software, rese
> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/read | The Get Vault operation gets an object representing the Azure resource of type 'vault' | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/usages/read | Returns usage details for a Recovery Services Vault. | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/write | Create Vault operation creates an Azure resource of type 'vault' |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | Microsoft.SerialConsole/serialPorts/connect/action | Connect to a serial port |
role-based-access-control Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/containers.md
List cluster user credentials action.
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/operationresults/read | Get the subscription operation results. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/read | Gets the list of subscriptions. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/listClusterUserCredentials/action | List clusterUser credential(preview) |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/listClusterUserCredentials/action | List clusterUser credential(preview) |
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/listClusterUserCredential/action | List clusterUser credential |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/listClusterUserCredential/action | List clusterUser credential |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
Lets you manage all resources under cluster/namespace, except update or delete r
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/daemonsets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/deployments/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/replicasets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/statefulsets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write | Writes localsubjectaccessreviews |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/autoscaling/horizontalpodautoscalers/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/batch/cronjobs/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/batch/jobs/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/configmaps/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/endpoints/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/events.k8s.io/events/read | Reads events |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/events/read | Reads events |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/daemonsets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/deployments/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/ingresses/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/networkpolicies/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/replicasets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/limitranges/read | Reads limitranges |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/namespaces/read | Reads namespaces |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/ingresses/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/networkpolicies/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/persistentvolumeclaims/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/pods/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/policy/poddisruptionbudgets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/rbac.authorization.k8s.io/rolebindings/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/rbac.authorization.k8s.io/roles/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/resourcequotas/read | Reads resourcequotas |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/secrets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/serviceaccounts/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/services/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/daemonsets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/deployments/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/replicasets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/statefulsets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write | Writes localsubjectaccessreviews |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/autoscaling/horizontalpodautoscalers/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/batch/cronjobs/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/batch/jobs/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/configmaps/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/endpoints/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/events.k8s.io/events/read | Reads events |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/events/read | Reads events |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/daemonsets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/deployments/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/ingresses/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/networkpolicies/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/replicasets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/limitranges/read | Reads limitranges |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/namespaces/read | Reads namespaces |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/ingresses/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/networkpolicies/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/persistentvolumeclaims/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/pods/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/policy/poddisruptionbudgets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/rbac.authorization.k8s.io/rolebindings/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/rbac.authorization.k8s.io/roles/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/resourcequotas/read | Reads resourcequotas |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/secrets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/serviceaccounts/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/services/* | |
> | **NotDataActions** | | > | *none* | |
Lets you manage all resources in the cluster.
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/* | |
> | **NotDataActions** | | > | *none* | |
Lets you view all resources in cluster/namespace, except secrets.
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/daemonsets/read | Reads daemonsets |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/deployments/read | Reads deployments |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/replicasets/read | Reads replicasets |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/statefulsets/read | Reads statefulsets |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/autoscaling/horizontalpodautoscalers/read | Reads horizontalpodautoscalers |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/batch/cronjobs/read | Reads cronjobs |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/batch/jobs/read | Reads jobs |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/configmaps/read | Reads configmaps |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/endpoints/read | Reads endpoints |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/events.k8s.io/events/read | Reads events |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/events/read | Reads events |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/daemonsets/read | Reads daemonsets |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/deployments/read | Reads deployments |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/ingresses/read | Reads ingresses |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/networkpolicies/read | Reads networkpolicies |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/replicasets/read | Reads replicasets |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/limitranges/read | Reads limitranges |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/namespaces/read | Reads namespaces |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/ingresses/read | Reads ingresses |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/networkpolicies/read | Reads networkpolicies |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/persistentvolumeclaims/read | Reads persistentvolumeclaims |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/pods/read | Reads pods |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/policy/poddisruptionbudgets/read | Reads poddisruptionbudgets |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/read | Reads replicationcontrollers |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/read | Reads replicationcontrollers |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/resourcequotas/read | Reads resourcequotas |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/serviceaccounts/read | Reads serviceaccounts |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/services/read | Reads services |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/daemonsets/read | Reads daemonsets |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/deployments/read | Reads deployments |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/replicasets/read | Reads replicasets |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/statefulsets/read | Reads statefulsets |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/autoscaling/horizontalpodautoscalers/read | Reads horizontalpodautoscalers |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/batch/cronjobs/read | Reads cronjobs |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/batch/jobs/read | Reads jobs |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/configmaps/read | Reads configmaps |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/endpoints/read | Reads endpoints |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/events.k8s.io/events/read | Reads events |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/events/read | Reads events |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/daemonsets/read | Reads daemonsets |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/deployments/read | Reads deployments |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/ingresses/read | Reads ingresses |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/networkpolicies/read | Reads networkpolicies |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/replicasets/read | Reads replicasets |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/limitranges/read | Reads limitranges |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/namespaces/read | Reads namespaces |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/ingresses/read | Reads ingresses |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/networkpolicies/read | Reads networkpolicies |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/persistentvolumeclaims/read | Reads persistentvolumeclaims |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/pods/read | Reads pods |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/policy/poddisruptionbudgets/read | Reads poddisruptionbudgets |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/read | Reads replicationcontrollers |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/read | Reads replicationcontrollers |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/resourcequotas/read | Reads resourcequotas |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/serviceaccounts/read | Reads serviceaccounts |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/services/read | Reads services |
> | **NotDataActions** | | > | *none* | |
Lets you update everything in cluster/namespace, except (cluster)roles and (clus
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/daemonsets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/deployments/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/replicasets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/apps/statefulsets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/autoscaling/horizontalpodautoscalers/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/batch/cronjobs/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/batch/jobs/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/configmaps/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/endpoints/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/events.k8s.io/events/read | Reads events |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/events/read | Reads events |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/daemonsets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/deployments/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/ingresses/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/networkpolicies/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/extensions/replicasets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/limitranges/read | Reads limitranges |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/namespaces/read | Reads namespaces |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/ingresses/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/networkpolicies/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/persistentvolumeclaims/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/pods/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/policy/poddisruptionbudgets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/resourcequotas/read | Reads resourcequotas |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/secrets/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/serviceaccounts/* | |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/services/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/daemonsets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/deployments/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/replicasets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/apps/statefulsets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/autoscaling/horizontalpodautoscalers/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/batch/cronjobs/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/batch/jobs/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/configmaps/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/endpoints/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/events.k8s.io/events/read | Reads events |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/events/read | Reads events |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/daemonsets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/deployments/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/ingresses/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/networkpolicies/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/extensions/replicasets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/limitranges/read | Reads limitranges |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/namespaces/read | Reads namespaces |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/ingresses/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/networking.k8s.io/networkpolicies/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/persistentvolumeclaims/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/pods/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/policy/poddisruptionbudgets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/replicationcontrollers/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/resourcequotas/read | Reads resourcequotas |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/secrets/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/serviceaccounts/* | |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/services/* | |
> | **NotDataActions** | | > | *none* | |
Role definition to authorize any user/service to create connectedClusters resour
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/operationresults/read | Get the subscription operation results. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/read | Gets the list of subscriptions. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/Write | Writes connectedClusters |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/connectedClusters/read | Read connectedClusters |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/Write | Writes connectedClusters |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/read | Read connectedClusters |
> | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket | > | **NotActions** | | > | *none* | |
Can create, update, get, list and delete Kubernetes Extensions, and get extensio
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/write | Creates or updates extension resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/delete | Deletes extension instance resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/operations/read | Gets Async Operation status. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/write | Creates or updates extension resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/delete | Deletes extension instance resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/operations/read | Gets Async Operation status. |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
role-based-access-control Databases https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/databases.md
Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents
> | [Microsoft.DocumentDb](../permissions/databases.md#microsoftdocumentdb)/databaseAccounts/* | | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Can manage Azure Cosmos DB accounts. Azure Cosmos DB is formerly known as Docume
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.DocumentDb](../permissions/databases.md#microsoftdocumentdb)/databaseAccounts/* | Create and manage Azure Cosmos DB accounts | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage Redis caches, but not access to them.
> | [Microsoft.Cache](../permissions/databases.md#microsoftcache)/register/action | Registers the 'Microsoft.Cache' resource provider with a subscription | > | [Microsoft.Cache](../permissions/databases.md#microsoftcache)/redis/* | Create and manage Redis caches | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage SQL databases, but not access to them. Also, you can't manage th
> | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Sql](../permissions/databases.md#microsoftsql)/locations/*/read | |
Lets you manage SQL Managed Instances and required network configuration, but ca
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/networkSecurityGroups/* | |
Lets you manage the security-related policies of SQL servers and databases, but
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/virtualNetworks/subnets/joinViaServiceEndpoint/action | Joins resource such as storage account or SQL database to a subnet. Not alertable. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Sql](../permissions/databases.md#microsoftsql)/locations/administratorAzureAsyncOperation/read | Gets the Managed instance azure async administrator operations result. |
Lets you manage SQL servers and databases, but not access to them, and not their
> | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Sql](../permissions/databases.md#microsoftsql)/locations/*/read | |
role-based-access-control General https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/general.md
Grants full access to manage all resources, but does not allow you to assign rol
> | [Microsoft.Blueprint](../permissions/management-and-governance.md#microsoftblueprint)/blueprintAssignments/write | Create or update any blueprint assignments | > | [Microsoft.Blueprint](../permissions/management-and-governance.md#microsoftblueprint)/blueprintAssignments/delete | Delete any blueprint assignments | > | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/galleries/share/action | Shares a Gallery to different scopes |
-> | [Microsoft.Purview](../permissions/management-and-governance.md#microsoftpurview)/consents/write | Create or Update a Consent Resource. |
-> | [Microsoft.Purview](../permissions/management-and-governance.md#microsoftpurview)/consents/delete | Delete the Consent Resource. |
+> | [Microsoft.Purview](../permissions/analytics.md#microsoftpurview)/consents/write | Create or Update a Consent Resource. |
+> | [Microsoft.Purview](../permissions/analytics.md#microsoftpurview)/consents/delete | Delete the Consent Resource. |
> | **DataActions** | | > | *none* | | > | **NotDataActions** | |
role-based-access-control Hybrid Multicloud https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/hybrid-multicloud.md
Grants full access to the cluster and its resources, including the ability to re
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/write | Creates or updates an deployment. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/operations/read | Gets or lists deployment operations. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/operationstatuses/read | Gets or lists deployment operation statuses. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/read | Gets the list of subscriptions. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/operationresults/read | Get the subscription operation results. | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/read | Read any Azure Arc machines |
Grants full access to the cluster and its resources, including the ability to re
> | Microsoft.ExtendedLocation/customLocations/delete | Deletes Custom Location resource | > | Microsoft.EdgeMarketplace/offers/read | Get a Offer | > | Microsoft.EdgeMarketplace/publishers/read | Get a Publisher |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/register/action | Registers Subscription with Microsoft.Kubernetes resource provider |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/register/action | Registers subscription to Microsoft.KubernetesConfiguration resource provider. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/write | Creates or updates extension resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/delete | Deletes extension instance resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/operations/read | Gets Async Operation status. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/namespaces/read | Get Namespace Resource |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/operations/read | Gets available operations of the Microsoft.KubernetesConfiguration resource provider. |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/register/action | Registers Subscription with Microsoft.Kubernetes resource provider |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/register/action | Registers subscription to Microsoft.KubernetesConfiguration resource provider. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/write | Creates or updates extension resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/delete | Deletes extension instance resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/operations/read | Gets Async Operation status. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/namespaces/read | Get Namespace Resource |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/operations/read | Gets available operations of the Microsoft.KubernetesConfiguration resource provider. |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/StorageContainers/Write | Creates/Updates storage containers resource | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/StorageContainers/Read | Gets/Lists storage containers resource |
Grants permissions to perform all VM actions
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/write | Creates or updates an deployment. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/operations/read | Gets or lists deployment operations. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/operationstatuses/read | Gets or lists deployment operation statuses. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/read | Gets the list of subscriptions. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
Grants permissions to perform all VM actions
> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/licenses/delete | Deletes an Azure Arc licenses | > | Microsoft.ExtendedLocation/customLocations/Read | Gets an Custom Location resource | > | Microsoft.ExtendedLocation/customLocations/deploy/action | Deploy permissions to a Custom Location resource |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
Grants permissions to view VMs
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/read | Gets or lists deployments. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/operations/read | Gets or lists deployment operations. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourcegroups/deployments/operationstatuses/read | Gets or lists deployment operation statuses. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/read | Gets the list of subscriptions. | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
role-based-access-control Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/integration.md
Can manage service and the APIs
> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/* | Create and manage API Management service | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Can manage service but not the APIs
> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/write | Create or Update API Management Service instance | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Read-only access to service and APIs
> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/read | Read metadata for an API Management Service instance | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage BizTalk services, but not access to them.
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | Microsoft.BizTalkServices/BizTalk/* | Create and manage BizTalk services | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage Intelligent Systems accounts, but not access to them.
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | Microsoft.IntelligentSystems/accounts/* | Create and manage intelligent systems accounts |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage Scheduler job collections, but not access to them.
> | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | Microsoft.Scheduler/jobcollections/* | Create and manage job collections |
role-based-access-control Management And Governance https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/management-and-governance.md
Automation Operators are able to start, stop, suspend, and resume jobs
> | [Microsoft.Automation](../permissions/management-and-governance.md#microsoftautomation)/automationAccounts/schedules/read | Gets an Azure Automation schedule asset | > | [Microsoft.Automation](../permissions/management-and-governance.md#microsoftautomation)/automationAccounts/schedules/write | Creates or updates an Azure Automation schedule asset | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Automation](../permissions/management-and-governance.md#microsoftautomation)/automationAccounts/jobs/output/read | Gets the output of a job | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
Azure Resource Bridge Deployment Role
> | Microsoft.ExtendedLocation/customLocations/write | Creates or Updates Custom Location resource | > | Microsoft.ExtendedLocation/customLocations/delete | Deletes Custom Location resource | > | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/register/action | Register the subscription for Microsoft.HybridConnectivity |
-> | [Microsoft.Kubernetes](../permissions/containers.md#microsoftkubernetes)/register/action | Registers Subscription with Microsoft.Kubernetes resource provider |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/register/action | Registers subscription to Microsoft.KubernetesConfiguration resource provider. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/write | Creates or updates extension resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/delete | Deletes extension instance resource. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/extensions/operations/read | Gets Async Operation status. |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/namespaces/read | Get Namespace Resource |
-> | [Microsoft.KubernetesConfiguration](../permissions/containers.md#microsoftkubernetesconfiguration)/operations/read | Gets available operations of the Microsoft.KubernetesConfiguration resource provider. |
+> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/register/action | Registers Subscription with Microsoft.Kubernetes resource provider |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/register/action | Registers subscription to Microsoft.KubernetesConfiguration resource provider. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/write | Creates or updates extension resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/read | Gets extension instance resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/delete | Deletes extension instance resource. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/extensions/operations/read | Gets Async Operation status. |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/namespaces/read | Get Namespace Resource |
+> | [Microsoft.KubernetesConfiguration](../permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration)/operations/read | Gets available operations of the Microsoft.KubernetesConfiguration resource provider. |
> | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/read | Get guest configuration assignment. | > | Microsoft.HybridContainerService/register/action | Register the subscription for Microsoft.HybridContainerService | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
Allows read access to billing data
> | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Billing](../permissions/management-and-governance.md#microsoftbilling)/*/read | Read Billing information |
-> | [Microsoft.Commerce](../permissions/management-and-governance.md#microsoftcommerce)/*/read | |
+> | [Microsoft.Commerce](../permissions/general.md#microsoftcommerce)/*/read | |
> | [Microsoft.Consumption](../permissions/management-and-governance.md#microsoftconsumption)/*/read | | > | [Microsoft.Management](../permissions/management-and-governance.md#microsoftmanagement)/managementGroups/read | List management groups for the authenticated user. | > | [Microsoft.CostManagement](../permissions/management-and-governance.md#microsoftcostmanagement)/*/read | |
Lets you manage New Relic Application Performance Management accounts and applic
> | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Read and create quota requests, get quota request status, and create support tic
> [!div class="mx-tableFixed"] > | Actions | Description | > | | |
-> | [Microsoft.Capacity](../permissions/management-and-governance.md#microsoftcapacity)/resourceProviders/locations/serviceLimits/read | Get the current service limit or quota of the specified resource and location |
-> | [Microsoft.Capacity](../permissions/management-and-governance.md#microsoftcapacity)/resourceProviders/locations/serviceLimits/write | Create service limit or quota for the specified resource and location |
-> | [Microsoft.Capacity](../permissions/management-and-governance.md#microsoftcapacity)/resourceProviders/locations/serviceLimitsRequests/read | Get any service limit request for the specified resource and location |
-> | [Microsoft.Capacity](../permissions/management-and-governance.md#microsoftcapacity)/register/action | Registers the Capacity resource provider and enables the creation of Capacity resources. |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/resourceProviders/locations/serviceLimits/read | Get the current service limit or quota of the specified resource and location |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/resourceProviders/locations/serviceLimits/write | Create service limit or quota for the specified resource and location |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/resourceProviders/locations/serviceLimitsRequests/read | Get any service limit request for the specified resource and location |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/register/action | Registers the Capacity resource provider and enables the creation of Capacity resources. |
> | [Microsoft.Quota](../permissions/general.md#microsoftquota)/usages/read | Get the usages for resource providers | > | [Microsoft.Quota](../permissions/general.md#microsoftquota)/quotas/read | Get the current Service limit or quota of the specified resource | > | [Microsoft.Quota](../permissions/general.md#microsoftquota)/quotas/write | Creates the service limit or quota request for the specified resource |
Lets you purchase reservations
> | Actions | Description | > | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/read | Get information about a role assignment. |
-> | [Microsoft.Capacity](../permissions/management-and-governance.md#microsoftcapacity)/catalogs/read | Read catalog of Reservation |
-> | [Microsoft.Capacity](../permissions/management-and-governance.md#microsoftcapacity)/register/action | Registers the Capacity resource provider and enables the creation of Capacity resources. |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/catalogs/read | Read catalog of Reservation |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/register/action | Registers the Capacity resource provider and enables the creation of Capacity resources. |
> | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/register/action | Registers Subscription with Microsoft.Compute resource provider | > | [Microsoft.Consumption](../permissions/management-and-governance.md#microsoftconsumption)/register/action | Register to Consumption RP | > | [Microsoft.Consumption](../permissions/management-and-governance.md#microsoftconsumption)/reservationRecommendationDetails/read | List Reservation Recommendation Details |
Lets you purchase reservations
} ```
+## Reservations Administrator
+
+Lets one read and manage all the reservations in a tenant
+
+[Learn more](/azure/cost-management-billing/reservations/view-reservations)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/*/read | |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/*/action | |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/*/write | |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/read | Get information about a role assignment. |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleDefinitions/read | Get information about a role definition. |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/write | Create a role assignment at the specified scope. |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/delete | Delete a role assignment at the specified scope. |
+> | **NotActions** | |
+> | *none* | |
+> | **DataActions** | |
+> | *none* | |
+> | **NotDataActions** | |
+> | *none* | |
+
+```json
+{
+ "assignableScopes": [
+ "/providers/Microsoft.Capacity"
+ ],
+ "description": "Lets one read and manage all the reservations in a tenant",
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/a8889054-8d42-49c9-bc1c-52486c10e7cd",
+ "name": "a8889054-8d42-49c9-bc1c-52486c10e7cd",
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Capacity/*/read",
+ "Microsoft.Capacity/*/action",
+ "Microsoft.Capacity/*/write",
+ "Microsoft.Authorization/roleAssignments/read",
+ "Microsoft.Authorization/roleDefinitions/read",
+ "Microsoft.Authorization/roleAssignments/write",
+ "Microsoft.Authorization/roleAssignments/delete"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Reservations Administrator",
+ "roleType": "BuiltInRole",
+ "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
+## Reservations Reader
+
+Lets one read all the reservations in a tenant
+
+[Learn more](/azure/cost-management-billing/reservations/view-reservations)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | [Microsoft.Capacity](../permissions/general.md#microsoftcapacity)/*/read | |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/read | Get information about a role assignment. |
+> | **NotActions** | |
+> | *none* | |
+> | **DataActions** | |
+> | *none* | |
+> | **NotDataActions** | |
+> | *none* | |
+
+```json
+{
+ "assignableScopes": [
+ "/providers/Microsoft.Capacity"
+ ],
+ "description": "Lets one read all the reservations in a tenant",
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/582fc458-8989-419f-a480-75249bc5db7e",
+ "name": "582fc458-8989-419f-a480-75249bc5db7e",
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Capacity/*/read",
+ "Microsoft.Authorization/roleAssignments/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Reservations Reader",
+ "roleType": "BuiltInRole",
+ "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+ ## Resource Policy Contributor Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
Lets you manage Site Recovery service except vault creation and role assignment
> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/vaultTokens/read | The Vault Token operation can be used to get Vault Token for vault level backend operations. | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/monitoringAlerts/* | Read alerts for the Recovery services vault | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/monitoringConfigurations/notificationConfiguration/read | |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/read | Returns the list of storage accounts or gets the properties for the specified storage account. |
Lets you failover and failback but not perform other Site Recovery management op
> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/tokenInfo/read | | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/usages/read | Returns usage details for a Recovery Services Vault. | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/vaultTokens/read | The Vault Token operation can be used to get Vault Token for vault level backend operations. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/read | Returns the list of storage accounts or gets the properties for the specified storage account. |
role-based-access-control Monitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/monitor.md
Can manage Application Insights components
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/topology/read | Read Topology | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/transactions/read | Read Transactions | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/webtests/* | Create and manage Insights web tests |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
role-based-access-control Networking https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/networking.md
Lets you manage classic networks, but not access to them.
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.ClassicNetwork](../permissions/networking.md#microsoftclassicnetwork)/* | Create and manage classic networks | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage DNS zones and record sets in Azure DNS, but does not let you con
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/dnsZones/* | Create and manage DNS zones and records |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage networks, but not access to them.
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/* | Create and manage networks |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage Traffic Manager profiles, but does not let you control who has a
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/trafficManagerProfiles/* | |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
role-based-access-control Security https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/security.md
This is a legacy role. Please use Security Admin instead.
> | [Microsoft.ClassicCompute](../permissions/compute.md#microsoftclassiccompute)/virtualMachines/*/write | Write configuration for classic virtual machines | > | [Microsoft.ClassicNetwork](../permissions/networking.md#microsoftclassicnetwork)/*/read | Read configuration information about classic network | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Security](../permissions/security.md#microsoftsecurity)/* | Create and manage security components and policies |
role-based-access-control Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/storage.md
Lets you manage backup service, but can't create vaults and give access to other
> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/locations/operationStatus/read | Gets Operation Status for a given Operation | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupProtectionIntents/read | List all backup Protection Intents | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/getBackupStatus/action | Check Backup Status for Recovery Services Vaults |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/write | Creates a Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/delete | Deletes the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/undelete/action | Perform undelete of soft-deleted Backup Instance. Backup Instance moves from SoftDeleted to ProtectionStopped state. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Triggers cross region restore operation on given backup instance. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Performs validations for cross region restore operation. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/write | Creates Backup Policy |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/delete | Deletes the Backup Policy |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/write | Update BackupVault operation updates an Azure resource of type 'Backup Vault' |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/checkNameAvailability/action | Checks if the requested BackupVault Name is Available |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/checkFeatureSupport/action | Validates if a feature is supported |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/operations/read | Operation returns the list of Operations for a Resource Provider |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/getBackupStatus/action | Check Backup Status for Recovery Services Vaults |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/write | Creates a Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/delete | Deletes the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/undelete/action | Perform undelete of soft-deleted Backup Instance. Backup Instance moves from SoftDeleted to ProtectionStopped state. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Triggers cross region restore operation on given backup instance. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Performs validations for cross region restore operation. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/write | Creates Backup Policy |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/delete | Deletes the Backup Policy |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/write | Update BackupVault operation updates an Azure resource of type 'Backup Vault' |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/checkNameAvailability/action | Checks if the requested BackupVault Name is Available |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/checkFeatureSupport/action | Validates if a feature is supported |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/operations/read | Operation returns the list of Operations for a Resource Provider |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
Lets you manage backup services, except removal of backup, vault creation and gi
> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/locations/operationStatus/read | Gets Operation Status for a given Operation | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupProtectionIntents/read | List all backup Protection Intents | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/operations/read | Operation returns the list of Operations for a Resource Provider |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Triggers cross region restore operation on given backup instance. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Performs validations for cross region restore operation. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/checkFeatureSupport/action | Validates if a feature is supported |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/operations/read | Operation returns the list of Operations for a Resource Provider |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Triggers cross region restore operation on given backup instance. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Performs validations for cross region restore operation. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/checkFeatureSupport/action | Validates if a feature is supported |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
Can view backup services, but can't make changes
> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/locations/backupCrrJob/action | Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault. | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/locations/backupCrrOperationResults/read | Returns CRR Operation Result for Recovery Services Vault. | > | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/locations/backupCrrOperationsStatus/read | Returns CRR Operation Status for Recovery Services Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/getBackupStatus/action | Check Backup Status for Recovery Services Vaults |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/write | Creates a Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/operations/read | Operation returns the list of Operations for a Resource Provider |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
-> | [Microsoft.DataProtection](../permissions/management-and-governance.md#microsoftdataprotection)/locations/checkFeatureSupport/action | Validates if a feature is supported |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/getBackupStatus/action | Check Backup Status for Recovery Services Vaults |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/write | Creates a Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/operations/read | Operation returns the list of Operations for a Resource Provider |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/checkFeatureSupport/action | Validates if a feature is supported |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
Lets you manage classic storage accounts, but not access to them.
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.ClassicStorage](../permissions/storage.md#microsoftclassicstorage)/storageAccounts/* | Create and manage storage accounts | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Lets you manage everything under Data Box Service except giving access to others
> | Actions | Description | > | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/* | |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/* | |
> | **NotActions** | | > | *none* | | > | **DataActions** | |
Lets you manage Data Box Service except creating order or editing order details
> | Actions | Description | > | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/*/read | |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/jobs/listsecrets/action | |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/jobs/listcredentials/action | Lists the unencrypted credentials related to the order. |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/locations/availableSkus/action | This method returns the list of available skus. |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/locations/validateInputs/action | This method does all type of validations. |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/locations/regionConfiguration/action | This method returns the configurations for the region. |
-> | [Microsoft.Databox](../permissions/storage.md#microsoftdatabox)/locations/validateAddress/action | Validates the shipping address and provides alternate addresses if any. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/*/read | |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/jobs/listsecrets/action | |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/jobs/listcredentials/action | Lists the unencrypted credentials related to the order. |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/locations/availableSkus/action | This method returns the list of available skus. |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/locations/validateInputs/action | This method does all type of validations. |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/locations/regionConfiguration/action | This method returns the configurations for the region. |
+> | [Microsoft.Databox](../permissions/migration.md#microsoftdatabox)/locations/validateAddress/action | Validates the shipping address and provides alternate addresses if any. |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket | > | **NotActions** | | > | *none* | |
Lets you submit, monitor, and manage your own jobs but not create or delete Data
> | Microsoft.BigAnalytics/accounts/* | | > | [Microsoft.DataLakeAnalytics](../permissions/analytics.md#microsoftdatalakeanalytics)/accounts/* | | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Allows for full access to all resources under Azure Elastic SAN including changi
> | Actions | Description | > | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.ElasticSan](../permissions/storage.md#microsoftelasticsan)/elasticSans/* | |
Allows for control path read access to Azure Elastic SAN
> | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/read | Get information about a role assignment. | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleDefinitions/read | Get information about a role definition. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.ElasticSan](../permissions/storage.md#microsoftelasticsan)/elasticSans/*/read | | > | **NotActions** | |
Permits management of storage accounts. Provides access to the account key, whic
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/diagnosticSettings/* | Creates, updates, or reads the diagnostic setting for Analysis Server | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/virtualNetworks/subnets/joinViaServiceEndpoint/action | Joins resource such as storage account or SQL database to a subnet. Not alertable. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/* | Create and manage storage accounts |
Permits listing and regenerating storage account access keys.
## Storage Blob Data Contributor
-Read, write, and delete Azure Storage containers and blobs. To learn which actions are required for a given data operation, see [Permissions for calling blob and queue data operations](/rest/api/storageservices/authenticate-with-azure-active-directory#permissions-for-calling-blob-and-queue-data-operations).
+Read, write, and delete Azure Storage containers and blobs. To learn which actions are required for a given data operation, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
[Learn more](/azure/storage/common/storage-auth-aad-rbac-portal)
Read, write, and delete Azure Storage containers and blobs. To learn which actio
## Storage Blob Data Owner
-Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. To learn which actions are required for a given data operation, see [Permissions for calling blob and queue data operations](/rest/api/storageservices/authenticate-with-azure-active-directory#permissions-for-calling-blob-and-queue-data-operations).
+Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. To learn which actions are required for a given data operation, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
[Learn more](/azure/storage/common/storage-auth-aad-rbac-portal)
Provides full access to Azure Storage blob containers and data, including assign
## Storage Blob Data Reader
-Read and list Azure Storage containers and blobs. To learn which actions are required for a given data operation, see [Permissions for calling blob and queue data operations](/rest/api/storageservices/authenticate-with-azure-active-directory#permissions-for-calling-blob-and-queue-data-operations).
+Read and list Azure Storage containers and blobs. To learn which actions are required for a given data operation, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
[Learn more](/azure/storage/common/storage-auth-aad-rbac-portal)
Allows for read access on files/directories in Azure file shares. This role is e
## Storage Queue Data Contributor
-Read, write, and delete Azure Storage queues and queue messages. To learn which actions are required for a given data operation, see [Permissions for calling blob and queue data operations](/rest/api/storageservices/authenticate-with-azure-active-directory#permissions-for-calling-blob-and-queue-data-operations).
+Read, write, and delete Azure Storage queues and queue messages. To learn which actions are required for a given data operation, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
[Learn more](/azure/storage/common/storage-auth-aad-rbac-portal)
Read, write, and delete Azure Storage queues and queue messages. To learn which
## Storage Queue Data Message Processor
-Peek, retrieve, and delete a message from an Azure Storage queue. To learn which actions are required for a given data operation, see [Permissions for calling blob and queue data operations](/rest/api/storageservices/authenticate-with-azure-active-directory#permissions-for-calling-blob-and-queue-data-operations).
+Peek, retrieve, and delete a message from an Azure Storage queue. To learn which actions are required for a given data operation, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
[Learn more](/azure/storage/common/storage-auth-aad-rbac-portal)
Peek, retrieve, and delete a message from an Azure Storage queue. To learn which
## Storage Queue Data Message Sender
-Add messages to an Azure Storage queue. To learn which actions are required for a given data operation, see [Permissions for calling blob and queue data operations](/rest/api/storageservices/authenticate-with-azure-active-directory#permissions-for-calling-blob-and-queue-data-operations).
+Add messages to an Azure Storage queue. To learn which actions are required for a given data operation, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
[Learn more](/azure/storage/common/storage-auth-aad-rbac-portal)
Add messages to an Azure Storage queue. To learn which actions are required for
## Storage Queue Data Reader
-Read and list Azure Storage queues and queue messages. To learn which actions are required for a given data operation, see [Permissions for calling blob and queue data operations](/rest/api/storageservices/authenticate-with-azure-active-directory#permissions-for-calling-blob-and-queue-data-operations).
+Read and list Azure Storage queues and queue messages. To learn which actions are required for a given data operation, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
[Learn more](/azure/storage/common/storage-auth-aad-rbac-portal)
role-based-access-control Web And Mobile https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/web-and-mobile.md
Allow read, write and delete access to Azure Spring Cloud Config Server
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/configService/write | Write config server content for a specific Azure Spring Apps service instance |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/configService/delete | Delete config server content for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/configService/write | Write config server content for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/configService/delete | Delete config server content for a specific Azure Spring Apps service instance |
> | **NotDataActions** | | > | *none* | |
Allow read access to Azure Spring Cloud Config Server
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |
> | **NotDataActions** | | > | *none* | |
Allow read access to Azure Spring Cloud Data
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/*/read | |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/*/read | |
> | **NotDataActions** | | > | *none* | |
Allow read, write and delete access to Azure Spring Cloud Service Registry
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/eurekaService/write | Write the user app(s) registration information for a specific Azure Spring Apps service instance |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/eurekaService/delete | Delete the user app registration information for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/eurekaService/write | Write the user app(s) registration information for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/eurekaService/delete | Delete the user app registration information for a specific Azure Spring Apps service instance |
> | **NotDataActions** | | > | *none* | |
Allow read access to Azure Spring Cloud Service Registry
> | **NotActions** | | > | *none* | | > | **DataActions** | |
-> | [Microsoft.AppPlatform](../permissions/web-and-mobile.md#microsoftappplatform)/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |
+> | [Microsoft.AppPlatform](../permissions/compute.md#microsoftappplatform)/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |
> | **NotDataActions** | | > | *none* | |
Create, read, modify, and delete Media Services accounts; read-only access to ot
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricDefinitions/read | Read metric definitions | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/*/read | | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/assets/listStreamingLocators/action | List Streaming Locators for Asset | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/streamingLocators/listPaths/action | List Paths |
Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streami
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricDefinitions/read | Read metric definitions | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/*/read | | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/assets/* | | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/assets/assetfilters/* | |
Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricDefinitions/read | Read metric definitions | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/*/read | | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/assets/* | | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/assets/assetfilters/* | |
Create, read, modify, and delete Account Filters, Streaming Policies, Content Ke
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricDefinitions/read | Read metric definitions | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/*/read | | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/assets/listStreamingLocators/action | List Streaming Locators for Asset | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/streamingLocators/listPaths/action | List Paths |
Create, read, modify, and delete Streaming Endpoints; read-only access to other
> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricDefinitions/read | Read metric definitions | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/*/read | | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/assets/listStreamingLocators/action | List Streaming Locators for Asset | > | [Microsoft.Media](../permissions/web-and-mobile.md#microsoftmedia)/mediaservices/streamingLocators/listPaths/action | List Paths |
Create, read, modify, and delete Streaming Endpoints; read-only access to other
} ```
-## Search Index Data Contributor
-
-Grants full access to Azure Cognitive Search index data.
-
-> [!div class="mx-tableFixed"]
-> | Actions | Description |
-> | | |
-> | *none* | |
-> | **NotActions** | |
-> | *none* | |
-> | **DataActions** | |
-> | [Microsoft.Search](../permissions/web-and-mobile.md#microsoftsearch)/searchServices/indexes/documents/* | |
-> | **NotDataActions** | |
-> | *none* | |
-
-```json
-{
- "assignableScopes": [
- "/"
- ],
- "description": "Grants full access to Azure Cognitive Search index data.",
- "id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
- "name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
- "permissions": [
- {
- "actions": [],
- "notActions": [],
- "dataActions": [
- "Microsoft.Search/searchServices/indexes/documents/*"
- ],
- "notDataActions": []
- }
- ],
- "roleName": "Search Index Data Contributor",
- "roleType": "BuiltInRole",
- "type": "Microsoft.Authorization/roleDefinitions"
-}
-```
-
-## Search Index Data Reader
-
-Grants read access to Azure Cognitive Search index data.
-
-> [!div class="mx-tableFixed"]
-> | Actions | Description |
-> | | |
-> | *none* | |
-> | **NotActions** | |
-> | *none* | |
-> | **DataActions** | |
-> | [Microsoft.Search](../permissions/web-and-mobile.md#microsoftsearch)/searchServices/indexes/documents/read | Read documents or suggested query terms from an index. |
-> | **NotDataActions** | |
-> | *none* | |
-
-```json
-{
- "assignableScopes": [
- "/"
- ],
- "description": "Grants read access to Azure Cognitive Search index data.",
- "id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
- "name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
- "permissions": [
- {
- "actions": [],
- "notActions": [],
- "dataActions": [
- "Microsoft.Search/searchServices/indexes/documents/read"
- ],
- "notDataActions": []
- }
- ],
- "roleName": "Search Index Data Reader",
- "roleType": "BuiltInRole",
- "type": "Microsoft.Authorization/roleDefinitions"
-}
-```
-
-## Search Service Contributor
-
-Lets you manage Search services, but not access to them.
-
-[Learn more](/azure/search/search-security-rbac)
-
-> [!div class="mx-tableFixed"]
-> | Actions | Description |
-> | | |
-> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
-> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
-> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |
-> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
-> | [Microsoft.Search](../permissions/web-and-mobile.md#microsoftsearch)/searchServices/* | Create and manage search services |
-> | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
-> | **NotActions** | |
-> | *none* | |
-> | **DataActions** | |
-> | *none* | |
-> | **NotDataActions** | |
-> | *none* | |
-
-```json
-{
- "assignableScopes": [
- "/"
- ],
- "description": "Lets you manage Search services, but not access to them.",
- "id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
- "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
- "permissions": [
- {
- "actions": [
- "Microsoft.Authorization/*/read",
- "Microsoft.Insights/alertRules/*",
- "Microsoft.ResourceHealth/availabilityStatuses/read",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Resources/subscriptions/resourceGroups/read",
- "Microsoft.Search/searchServices/*",
- "Microsoft.Support/*"
- ],
- "notActions": [],
- "dataActions": [],
- "notDataActions": []
- }
- ],
- "roleName": "Search Service Contributor",
- "roleType": "BuiltInRole",
- "type": "Microsoft.Authorization/roleDefinitions"
-}
-```
- ## SignalR AccessKey Reader Read SignalR Service Access Keys
Manage the web plans for websites. Does not allow you to assign roles in Azure R
> | | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
Manage websites, but not web plans. Does not allow you to assign roles in Azure
> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/components/* | Create and manage Insights components |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
role-based-access-control Ai Machine Learning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/ai-machine-learning.md
This article lists the permissions for the Azure resource providers in the AI +
## Microsoft.BotService
+Intelligent, serverless bot service that scales on demand.
+ Azure service: [Azure Bot Service](/azure/bot-service/) > [!div class="mx-tableFixed"]
Azure service: [Azure Bot Service](/azure/bot-service/)
## Microsoft.CognitiveServices
+Add smart API capabilities to enable contextual interactions.
+ Azure service: [Cognitive Services](/azure/cognitive-services/) > [!div class="mx-tableFixed"]
Azure service: [Cognitive Services](/azure/cognitive-services/)
## Microsoft.MachineLearning
+Access and manage the predictive models that you created and deployed as web services.
+ Azure service: [Machine Learning Studio (classic)](/azure/machine-learning/classic/) [!INCLUDE [ML Studio (classic) retirement](../../../includes/machine-learning-studio-classic-deprecation.md)]
Azure service: [Machine Learning Studio (classic)](/azure/machine-learning/class
## Microsoft.MachineLearningServices
+Enterprise-grade machine learning service to build and deploy models faster.
+ Azure service: [Machine Learning](/azure/machine-learning/) > [!div class="mx-tableFixed"]
Azure service: [Machine Learning](/azure/machine-learning/)
> | Microsoft.MachineLearningServices/workspaces/services/aks/delete | Deletes AKS services in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/services/aks/score/action | Retrieve auth token or keys to score AKS services in Machine Learning Services Workspace(s) |
+## Microsoft.Search
+
+Leverage search services and get comprehensive results.
+
+Azure service: [Azure AI Search](/azure/search/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.Search/register/action | Registers the subscription for the search resource provider and enables the creation of search services. |
+> | Microsoft.Search/checkNameAvailability/action | Checks availability of the service name. |
+> | Microsoft.Search/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/write | Check if the configuration of the Network Security Perimeter needs updating. |
+> | Microsoft.Search/operations/read | Lists all of the available operations of the Microsoft.Search provider. |
+> | Microsoft.Search/searchServices/write | Creates or updates the search service. |
+> | Microsoft.Search/searchServices/read | Reads the search service. |
+> | Microsoft.Search/searchServices/delete | Deletes the search service. |
+> | Microsoft.Search/searchServices/start/action | Starts the search service. |
+> | Microsoft.Search/searchServices/stop/action | Stops the search service. |
+> | Microsoft.Search/searchServices/listAdminKeys/action | Reads the admin keys. |
+> | Microsoft.Search/searchServices/regenerateAdminKey/action | Regenerates the admin key. |
+> | Microsoft.Search/searchServices/listQueryKeys/action | Returns the list of query API keys for the given Azure Search service. |
+> | Microsoft.Search/searchServices/createQueryKey/action | Creates the query key. |
+> | Microsoft.Search/searchServices/privateEndpointConnectionsApproval/action | Approve Private Endpoint Connection |
+> | Microsoft.Search/searchServices/dataSources/read | Return a data source or a list of data sources. |
+> | Microsoft.Search/searchServices/dataSources/write | Create a data source or modify its properties. |
+> | Microsoft.Search/searchServices/dataSources/delete | Delete a data source. |
+> | Microsoft.Search/searchServices/debugSessions/read | Return a debug session or a list of debug sessions. |
+> | Microsoft.Search/searchServices/debugSessions/write | Create a debug session or modify its properties. |
+> | Microsoft.Search/searchServices/debugSessions/delete | Delete a debug session. |
+> | Microsoft.Search/searchServices/debugSessions/execute/action | Use a debug session, get execution data, or evaluate expressions on it. |
+> | Microsoft.Search/searchServices/deleteQueryKey/delete | Deletes the query key. |
+> | Microsoft.Search/searchServices/diagnosticSettings/read | Gets the diganostic setting read for the resource |
+> | Microsoft.Search/searchServices/diagnosticSettings/write | Creates or updates the diganostic setting for the resource |
+> | Microsoft.Search/searchServices/indexers/read | Return an indexer or its status, or return a list of indexers or their statuses. |
+> | Microsoft.Search/searchServices/indexers/write | Create an indexer, modify its properties, or manage its execution. |
+> | Microsoft.Search/searchServices/indexers/delete | Delete an indexer. |
+> | Microsoft.Search/searchServices/indexes/read | Return an index or its statistics, return a list of indexes or their statistics, or test the lexical analysis components of an index. |
+> | Microsoft.Search/searchServices/indexes/write | Create an index or modify its properties. |
+> | Microsoft.Search/searchServices/indexes/delete | Delete an index. |
+> | Microsoft.Search/searchServices/logDefinitions/read | Gets the available logs for the search service |
+> | Microsoft.Search/searchServices/metricDefinitions/read | Gets the available metrics for the search service |
+> | Microsoft.Search/searchServices/networkSecurityPerimeterAssociationProxies/delete | Delete an association proxy to a Network Security Perimeter resource of Microsoft.Network provider. |
+> | Microsoft.Search/searchServices/networkSecurityPerimeterAssociationProxies/read | Delete an association proxy to a Network Security Perimeter resource of Microsoft.Network provider. |
+> | Microsoft.Search/searchServices/networkSecurityPerimeterAssociationProxies/write | Change the state of an association to a Network Security Perimeter resource of Microsoft.Network provider |
+> | Microsoft.Search/searchServices/networkSecurityPerimeterConfigurations/read | Read the Network Security Perimeter configuration. |
+> | Microsoft.Search/searchServices/networkSecurityPerimeterConfigurations/reconcile/action | Reconcile the Network Security Perimeter configuration with NRP's (Microsoft.Network Resource Provider) copy. |
+> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/validate/action | Validates a private endpoint connection create call from NRP side |
+> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/write | Creates a private endpoint connection proxy with the specified parameters or updates the properties or tags for the specified private endpoint connection proxy |
+> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/read | Returns the list of private endpoint connection proxies or gets the properties for the specified private endpoint connection proxy |
+> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/delete | Deletes an existing private endpoint connection proxy |
+> | Microsoft.Search/searchServices/privateEndpointConnections/write | Creates a private endpoint connections with the specified parameters or updates the properties or tags for the specified private endpoint connections |
+> | Microsoft.Search/searchServices/privateEndpointConnections/read | Returns the list of private endpoint connections or gets the properties for the specified private endpoint connections |
+> | Microsoft.Search/searchServices/privateEndpointConnections/delete | Deletes an existing private endpoint connections |
+> | Microsoft.Search/searchServices/sharedPrivateLinkResources/write | Creates a new shared private link resource with the specified parameters or updates the properties for the specified shared private link resource |
+> | Microsoft.Search/searchServices/sharedPrivateLinkResources/read | Returns the list of shared private link resources or gets the properties for the specified shared private link resource |
+> | Microsoft.Search/searchServices/sharedPrivateLinkResources/delete | Deletes an existing shared private link resource |
+> | Microsoft.Search/searchServices/sharedPrivateLinkResources/operationStatuses/read | Get the details of a long running shared private link resource operation |
+> | Microsoft.Search/searchServices/skillsets/read | Return a skillset or a list of skillsets. |
+> | Microsoft.Search/searchServices/skillsets/write | Create a skillset or modify its properties. |
+> | Microsoft.Search/searchServices/skillsets/delete | Delete a skillset. |
+> | Microsoft.Search/searchServices/synonymMaps/read | Return a synonym map or a list of synonym maps. |
+> | Microsoft.Search/searchServices/synonymMaps/write | Create a synonym map or modify its properties. |
+> | Microsoft.Search/searchServices/synonymMaps/delete | Delete a synonym map. |
+> | **DataAction** | **Description** |
+> | Microsoft.Search/searchServices/indexes/documents/read | Read documents or suggested query terms from an index. |
+> | Microsoft.Search/searchServices/indexes/documents/write | Upload documents to an index or modify existing documents. |
+> | Microsoft.Search/searchServices/indexes/documents/delete | Delete documents from an index. |
+ ## Next steps - [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types)
role-based-access-control Analytics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/analytics.md
This article lists the permissions for the Azure resource providers in the Analy
## Microsoft.AnalysisServices
+Enterprise-grade analytics engine as a service.
+ Azure service: [Azure Analysis Services](/azure/analysis-services/index) > [!div class="mx-tableFixed"]
Azure service: [Azure Analysis Services](/azure/analysis-services/index)
## Microsoft.Databricks
+Fast, easy, and collaborative Apache Spark-based analytics platform.
+ Azure service: [Azure Databricks](/azure/databricks/) > [!div class="mx-tableFixed"]
Azure service: [Azure Databricks](/azure/databricks/)
> | Microsoft.Databricks/workspaces/virtualNetworkPeerings/write | Add or modify virtual network peering | > | Microsoft.Databricks/workspaces/virtualNetworkPeerings/delete | Deletes a virtual network peering |
+## Microsoft.DataCatalog
+
+Get more value from your enterprise data assets.
+
+Azure service: [Data Catalog](/azure/data-catalog/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.DataCatalog/checkNameAvailability/action | Checks catalog name availability for tenant. |
+> | Microsoft.DataCatalog/register/action | Registers subscription with Microsoft.DataCatalog resource provider. |
+> | Microsoft.DataCatalog/unregister/action | Unregisters subscription from Microsoft.DataCatalog resource provider. |
+> | Microsoft.DataCatalog/catalogs/read | Get properties for catalog or catalogs under subscription or resource group. |
+> | Microsoft.DataCatalog/catalogs/write | Creates catalog or updates the tags and properties for the catalog. |
+> | Microsoft.DataCatalog/catalogs/delete | Deletes the catalog. |
+> | Microsoft.DataCatalog/operations/read | Lists operations available on Microsoft.DataCatalog resource provider. |
+
+## Microsoft.DataFactory
+
+Hybrid data integration at enterprise scale, made easy.
+
+Azure service: [Data Factory](/azure/data-factory/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.DataFactory/register/action | Registers the subscription for the Data Factory Resource Provider. |
+> | Microsoft.DataFactory/unregister/action | Unregisters the subscription for the Data Factory Resource Provider. |
+> | Microsoft.DataFactory/checkazuredatafactorynameavailability/read | Checks if the Data Factory Name is available to use. |
+> | Microsoft.DataFactory/datafactories/read | Reads the Data Factory. |
+> | Microsoft.DataFactory/datafactories/write | Creates or Updates the Data Factory. |
+> | Microsoft.DataFactory/datafactories/delete | Deletes the Data Factory. |
+> | Microsoft.DataFactory/datafactories/activitywindows/read | Reads Activity Windows in the Data Factory with specified parameters. |
+> | Microsoft.DataFactory/datafactories/datapipelines/read | Reads any Pipeline. |
+> | Microsoft.DataFactory/datafactories/datapipelines/delete | Deletes any Pipeline. |
+> | Microsoft.DataFactory/datafactories/datapipelines/pause/action | Pauses any Pipeline. |
+> | Microsoft.DataFactory/datafactories/datapipelines/resume/action | Resumes any Pipeline. |
+> | Microsoft.DataFactory/datafactories/datapipelines/update/action | Updates any Pipeline. |
+> | Microsoft.DataFactory/datafactories/datapipelines/write | Creates or Updates any Pipeline. |
+> | Microsoft.DataFactory/datafactories/datapipelines/activities/activitywindows/read | Reads Activity Windows for the Pipeline Activity with specified parameters. |
+> | Microsoft.DataFactory/datafactories/datapipelines/activitywindows/read | Reads Activity Windows for the Pipeline with specified parameters. |
+> | Microsoft.DataFactory/datafactories/datasets/read | Reads any Dataset. |
+> | Microsoft.DataFactory/datafactories/datasets/delete | Deletes any Dataset. |
+> | Microsoft.DataFactory/datafactories/datasets/write | Creates or Updates any Dataset. |
+> | Microsoft.DataFactory/datafactories/datasets/activitywindows/read | Reads Activity Windows for the Dataset with specified parameters. |
+> | Microsoft.DataFactory/datafactories/datasets/sliceruns/read | Reads the Data Slice Run for the given dataset with the given start time. |
+> | Microsoft.DataFactory/datafactories/datasets/slices/read | Gets the Data Slices in the given period. |
+> | Microsoft.DataFactory/datafactories/datasets/slices/write | Update the Status of the Data Slice. |
+> | Microsoft.DataFactory/datafactories/gateways/read | Reads any Gateway. |
+> | Microsoft.DataFactory/datafactories/gateways/write | Creates or Updates any Gateway. |
+> | Microsoft.DataFactory/datafactories/gateways/delete | Deletes any Gateway. |
+> | Microsoft.DataFactory/datafactories/gateways/connectioninfo/action | Reads the Connection Info for any Gateway. |
+> | Microsoft.DataFactory/datafactories/gateways/listauthkeys/action | Lists the Authentication Keys for any Gateway. |
+> | Microsoft.DataFactory/datafactories/gateways/regenerateauthkey/action | Regenerates the Authentication Keys for any Gateway. |
+> | Microsoft.DataFactory/datafactories/linkedServices/read | Reads any Linked Service. |
+> | Microsoft.DataFactory/datafactories/linkedServices/delete | Deletes any Linked Service. |
+> | Microsoft.DataFactory/datafactories/linkedServices/write | Creates or Updates any Linked Service. |
+> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for datafactories |
+> | Microsoft.DataFactory/datafactories/runs/loginfo/read | Reads a SAS URI to a blob container containing the logs. |
+> | Microsoft.DataFactory/datafactories/tables/read | Reads any Dataset. |
+> | Microsoft.DataFactory/datafactories/tables/delete | Deletes any Dataset. |
+> | Microsoft.DataFactory/datafactories/tables/write | Creates or Updates any Dataset. |
+> | Microsoft.DataFactory/factories/read | Reads Data Factory. |
+> | Microsoft.DataFactory/factories/write | Create or Update Data Factory |
+> | Microsoft.DataFactory/factories/delete | Deletes Data Factory. |
+> | Microsoft.DataFactory/factories/createdataflowdebugsession/action | Creates a Data Flow debug session. |
+> | Microsoft.DataFactory/factories/startdataflowdebugsession/action | Starts a Data Flow debug session. |
+> | Microsoft.DataFactory/factories/addDataFlowToDebugSession/action | Add Data Flow to debug session for preview. |
+> | Microsoft.DataFactory/factories/executeDataFlowDebugCommand/action | Execute Data Flow debug command. |
+> | Microsoft.DataFactory/factories/deletedataflowdebugsession/action | Deletes a Data Flow debug session. |
+> | Microsoft.DataFactory/factories/querydataflowdebugsessions/action | Queries a Data Flow debug session. |
+> | Microsoft.DataFactory/factories/cancelpipelinerun/action | Cancels the pipeline run specified by the run ID. |
+> | Microsoft.DataFactory/factories/cancelSandboxPipelineRun/action | Cancels a debug run for the Pipeline. |
+> | Microsoft.DataFactory/factories/sandboxpipelineruns/action | Queries the Debug Pipeline Runs. |
+> | Microsoft.DataFactory/factories/querytriggers/action | Queries the Triggers. |
+> | Microsoft.DataFactory/factories/getFeatureValue/action | Get exposure control feature value for the specific location. |
+> | Microsoft.DataFactory/factories/queryFeaturesValue/action | Get exposure control feature values for a list of features |
+> | Microsoft.DataFactory/factories/getDataPlaneAccess/action | Gets access to ADF DataPlane service. |
+> | Microsoft.DataFactory/factories/getGitHubAccessToken/action | Gets GitHub access token. |
+> | Microsoft.DataFactory/factories/querytriggerruns/action | Queries the Trigger Runs. |
+> | Microsoft.DataFactory/factories/querypipelineruns/action | Queries the Pipeline Runs. |
+> | Microsoft.DataFactory/factories/querydebugpipelineruns/action | Queries the Debug Pipeline Runs. |
+> | Microsoft.DataFactory/factories/adfcdcs/read | Reads ADF Change data capture. |
+> | Microsoft.DataFactory/factories/adfcdcs/delete | Deletes ADF Change data capture. |
+> | Microsoft.DataFactory/factories/adfcdcs/write | Create or update ADF Change data capture. |
+> | Microsoft.DataFactory/factories/adflinkconnections/read | Reads ADF Link Connection. |
+> | Microsoft.DataFactory/factories/adflinkconnections/delete | Deletes ADF Link Connection. |
+> | Microsoft.DataFactory/factories/adflinkconnections/write | Create or update ADF Link Connection |
+> | Microsoft.DataFactory/factories/credentials/read | Reads any Credential. |
+> | Microsoft.DataFactory/factories/credentials/write | Writes any Credential. |
+> | Microsoft.DataFactory/factories/credentials/delete | Deletes any Credential. |
+> | Microsoft.DataFactory/factories/dataflows/read | Reads Data Flow. |
+> | Microsoft.DataFactory/factories/dataflows/delete | Deletes Data Flow. |
+> | Microsoft.DataFactory/factories/dataflows/write | Create or update Data Flow |
+> | Microsoft.DataFactory/factories/dataMappers/read | Reads Data Mapping. |
+> | Microsoft.DataFactory/factories/dataMappers/delete | Deletes Data Mapping. |
+> | Microsoft.DataFactory/factories/dataMappers/write | Create or update Data Mapping |
+> | Microsoft.DataFactory/factories/datasets/read | Reads any Dataset. |
+> | Microsoft.DataFactory/factories/datasets/delete | Deletes any Dataset. |
+> | Microsoft.DataFactory/factories/datasets/write | Creates or Updates any Dataset. |
+> | Microsoft.DataFactory/factories/debugpipelineruns/cancel/action | Cancels a debug run for the Pipeline. |
+> | Microsoft.DataFactory/factories/getDataPlaneAccess/read | Reads access to ADF DataPlane service. |
+> | Microsoft.DataFactory/factories/getFeatureValue/read | Reads exposure control feature value for the specific location. |
+> | Microsoft.DataFactory/factories/globalParameters/read | Reads GlobalParameter. |
+> | Microsoft.DataFactory/factories/globalParameters/delete | Deletes GlobalParameter. |
+> | Microsoft.DataFactory/factories/globalParameters/write | Create or Update GlobalParameter. |
+> | Microsoft.DataFactory/factories/integrationruntimes/read | Reads any Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/write | Creates or Updates any Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/delete | Deletes any Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/start/action | Starts any Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/stop/action | Stops any Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/getconnectioninfo/action | Reads Integration Runtime Connection Info. |
+> | Microsoft.DataFactory/factories/integrationruntimes/listauthkeys/action | Lists the Authentication Keys for any Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/synccredentials/action | Syncs the Credentials for the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/upgrade/action | Upgrades the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/createexpressshirinstalllink/action | Create express install link for self hosted Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/regenerateauthkey/action | Regenerates the Authentication Keys for the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/removelinks/action | Removes Linked Integration Runtime References from the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/linkedIntegrationRuntime/action | Create Linked Integration Runtime Reference on the Specified Shared Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/getObjectMetadata/action | Get SSIS Integration Runtime metadata for the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/refreshObjectMetadata/action | Refresh SSIS Integration Runtime metadata for the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/enableInteractiveQuery/action | Enable interactive authoring session. |
+> | Microsoft.DataFactory/factories/integrationruntimes/disableInteractiveQuery/action | Disable interactive authoring session. |
+> | Microsoft.DataFactory/factories/integrationruntimes/getstatus/read | Reads Integration Runtime Status. |
+> | Microsoft.DataFactory/factories/integrationruntimes/monitoringdata/read | Gets the Monitoring Data for any Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/nodes/read | Reads the Node for the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/nodes/delete | Deletes the Node for the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/nodes/write | Updates a self-hosted Integration Runtime Node. |
+> | Microsoft.DataFactory/factories/integrationruntimes/nodes/ipAddress/action | Returns the IP Address for the specified node of the Integration Runtime. |
+> | Microsoft.DataFactory/factories/integrationruntimes/outboundNetworkDependenciesEndpoints/read | Get Azure-SSIS Integration Runtime outbound network dependency endpoints for the specified Integration Runtime. |
+> | Microsoft.DataFactory/factories/linkedServices/read | Reads Linked Service. |
+> | Microsoft.DataFactory/factories/linkedServices/delete | Deletes Linked Service. |
+> | Microsoft.DataFactory/factories/linkedServices/write | Create or Update Linked Service |
+> | Microsoft.DataFactory/factories/managedVirtualNetworks/read | Read Managed Virtual Network. |
+> | Microsoft.DataFactory/factories/managedVirtualNetworks/write | Create or Update Managed Virtual Network. |
+> | Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/read | Read Managed Private Endpoint. |
+> | Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/write | Create or Update Managed Private Endpoint. |
+> | Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/delete | Delete Managed Private Endpoint. |
+> | Microsoft.DataFactory/factories/operationResults/read | Gets operation results. |
+> | Microsoft.DataFactory/factories/pipelineruns/read | Reads the Pipeline Runs. |
+> | Microsoft.DataFactory/factories/pipelineruns/cancel/action | Cancels the pipeline run specified by the run ID. |
+> | Microsoft.DataFactory/factories/pipelineruns/queryactivityruns/action | Queries the activity runs for the specified pipeline run ID. |
+> | Microsoft.DataFactory/factories/pipelineruns/activityruns/read | Reads the activity runs for the specified pipeline run ID. |
+> | Microsoft.DataFactory/factories/pipelineruns/queryactivityruns/read | Reads the result of query activity runs for the specified pipeline run ID. |
+> | Microsoft.DataFactory/factories/pipelines/read | Reads Pipeline. |
+> | Microsoft.DataFactory/factories/pipelines/delete | Deletes Pipeline. |
+> | Microsoft.DataFactory/factories/pipelines/write | Create or Update Pipeline |
+> | Microsoft.DataFactory/factories/pipelines/createrun/action | Creates a run for the Pipeline. |
+> | Microsoft.DataFactory/factories/pipelines/sandbox/action | Creates a debug run environment for the Pipeline. |
+> | Microsoft.DataFactory/factories/pipelines/pipelineruns/read | Reads the Pipeline Run. |
+> | Microsoft.DataFactory/factories/pipelines/pipelineruns/activityruns/progress/read | Gets the Progress of Activity Runs. |
+> | Microsoft.DataFactory/factories/pipelines/sandbox/create/action | Creates a debug run environment for the Pipeline. |
+> | Microsoft.DataFactory/factories/pipelines/sandbox/run/action | Creates a debug run for the Pipeline. |
+> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/read | Read Private Endpoint Connection Proxy. |
+> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/write | Create or Update private Endpoint Connection Proxy. |
+> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection Proxy. |
+> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/validate/action | Validate a Private Endpoint Connection Proxy. |
+> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationresults/read | Read the results of creating a Private Endpoint Connection Proxy. |
+> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationstatuses/read | Read the status of creating a Private Endpoint Connection Proxy. |
+> | Microsoft.DataFactory/factories/privateEndpointConnections/read | Read Private Endpoint Connection. |
+> | Microsoft.DataFactory/factories/privateEndpointConnections/write | Create or Update Private Endpoint Connection. |
+> | Microsoft.DataFactory/factories/privateEndpointConnections/delete | Delete Private Endpoint Connection. |
+> | Microsoft.DataFactory/factories/privateLinkResources/read | Read Private Link Resource. |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for factories |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for factories |
+> | Microsoft.DataFactory/factories/queryFeaturesValue/read | Reads exposure control feature values for a list of features. |
+> | Microsoft.DataFactory/factories/querypipelineruns/read | Reads the Result of Query Pipeline Runs. |
+> | Microsoft.DataFactory/factories/querytriggerruns/read | Reads the Result of Trigger Runs. |
+> | Microsoft.DataFactory/factories/sandboxpipelineruns/read | Gets the debug run info for the Pipeline. |
+> | Microsoft.DataFactory/factories/sandboxpipelineruns/sandboxActivityRuns/read | Gets the debug run info for the Activity. |
+> | Microsoft.DataFactory/factories/sessions/write | Writes any Session. |
+> | Microsoft.DataFactory/factories/triggerruns/read | Reads the Trigger Runs. |
+> | Microsoft.DataFactory/factories/triggers/read | Reads any Trigger. |
+> | Microsoft.DataFactory/factories/triggers/write | Creates or Updates any Trigger. |
+> | Microsoft.DataFactory/factories/triggers/delete | Deletes any Trigger. |
+> | Microsoft.DataFactory/factories/triggers/subscribetoevents/action | Subscribe to Events. |
+> | Microsoft.DataFactory/factories/triggers/geteventsubscriptionstatus/action | Event Subscription Status. |
+> | Microsoft.DataFactory/factories/triggers/unsubscribefromevents/action | Unsubscribe from Events. |
+> | Microsoft.DataFactory/factories/triggers/querysubscriptionevents/action | Query subscription events. |
+> | Microsoft.DataFactory/factories/triggers/deletequeuedsubscriptionevents/action | Delete queued subscription events. |
+> | Microsoft.DataFactory/factories/triggers/start/action | Starts any Trigger. |
+> | Microsoft.DataFactory/factories/triggers/stop/action | Stops any Trigger. |
+> | Microsoft.DataFactory/factories/triggers/triggerruns/read | Reads the Trigger Runs. |
+> | Microsoft.DataFactory/factories/triggers/triggerruns/cancel/action | Cancel the Trigger Run with the given trigger run id. |
+> | Microsoft.DataFactory/factories/triggers/triggerruns/rerun/action | Rerun the Trigger Run with the given trigger run id. |
+> | Microsoft.DataFactory/locations/configureFactoryRepo/action | Configures the repository for the factory. |
+> | Microsoft.DataFactory/locations/getFeatureValue/action | Get exposure control feature value for the specific location. |
+> | Microsoft.DataFactory/locations/getFeatureValue/read | Reads exposure control feature value for the specific location. |
+> | Microsoft.DataFactory/operations/read | Reads all Operations in Microsoft Data Factory Provider. |
+> | **DataAction** | **Description** |
+> | Microsoft.DataFactory/factories/credentials/useSecrets/action | Uses any Credential Secret. |
+ ## Microsoft.DataLakeAnalytics
+Distributed analytics service that makes big data easy.
+ Azure service: [Data Lake Analytics](/azure/data-lake-analytics/) > [!div class="mx-tableFixed"]
Azure service: [Data Lake Analytics](/azure/data-lake-analytics/)
## Microsoft.DataLakeStore
-Azure service: [Azure Data Lake Store](/azure/storage/blobs/data-lake-storage-introduction)
+Highly scalable and cost-effective data lake solution for big data analytics.
+
+Azure service: [Azure Data Lake Storage Gen2](/azure/storage/blobs/data-lake-storage-introduction)
> [!div class="mx-tableFixed"] > | Action | Description |
Azure service: [Azure Data Lake Store](/azure/storage/blobs/data-lake-storage-in
> | Microsoft.DataLakeStore/locations/usages/read | Get quota usages information of a subscription regarding using DataLakeStore. | > | Microsoft.DataLakeStore/operations/read | Get available operations of DataLakeStore. |
-## Microsoft.EventHub
-
-Azure service: [Event Hubs](/azure/event-hubs/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.EventHub/checkNamespaceAvailability/action | Checks availability of namespace under given subscription. This API is deprecated please use CheckNameAvailability instead. |
-> | Microsoft.EventHub/checkNameAvailability/action | Checks availability of namespace under given subscription. |
-> | Microsoft.EventHub/register/action | Registers the subscription for the EventHub resource provider and enables the creation of EventHub resources |
-> | Microsoft.EventHub/unregister/action | Registers the EventHub Resource Provider |
-> | Microsoft.EventHub/availableClusterRegions/read | Read operation to list available pre-provisioned clusters by Azure region. |
-> | Microsoft.EventHub/clusters/read | Gets the Cluster Resource Description |
-> | Microsoft.EventHub/clusters/write | Creates or modifies an existing Cluster resource. |
-> | Microsoft.EventHub/clusters/delete | Deletes an existing Cluster resource. |
-> | Microsoft.EventHub/clusters/namespaces/read | List namespace Azure Resource Manager IDs for namespaces within a cluster. |
-> | Microsoft.EventHub/clusters/operationresults/read | Get the status of an asynchronous cluster operation. |
-> | Microsoft.EventHub/clusters/providers/Microsoft.Insights/metricDefinitions/read | Get list of Cluster metrics Resource Descriptions |
-> | Microsoft.EventHub/locations/deleteVirtualNetworkOrSubnets/action | Deletes the VNet rules in EventHub Resource Provider for the specified VNet |
-> | Microsoft.EventHub/namespaces/write | Create a Namespace Resource and Update its properties. Tags and Capacity of the Namespace are the properties which can be updated. |
-> | Microsoft.EventHub/namespaces/read | Get the list of Namespace Resource Description |
-> | Microsoft.EventHub/namespaces/Delete | Delete Namespace Resource |
-> | Microsoft.EventHub/namespaces/authorizationRules/action | Updates Namespace Authorization Rule. This API is deprecated. Please use a PUT call to update the Namespace Authorization Rule instead.. This operation is not supported on API version 2017-04-01. |
-> | Microsoft.EventHub/namespaces/removeAcsNamepsace/action | Remove ACS namespace |
-> | Microsoft.EventHub/namespaces/updateState/action | UpdateNamespaceState |
-> | Microsoft.EventHub/namespaces/privateEndpointConnectionsApproval/action | Approve Private Endpoint Connection |
-> | Microsoft.EventHub/namespaces/joinPerimeter/action | Action to Join the Network Security Perimeter. This action is used to perform linked access by NSP RP. |
-> | Microsoft.EventHub/namespaces/authorizationRules/read | Get the list of Namespaces Authorization Rules description. |
-> | Microsoft.EventHub/namespaces/authorizationRules/write | Create a Namespace level Authorization Rules and update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated. |
-> | Microsoft.EventHub/namespaces/authorizationRules/delete | Delete Namespace Authorization Rule. The Default Namespace Authorization Rule cannot be deleted. |
-> | Microsoft.EventHub/namespaces/authorizationRules/listkeys/action | Get the Connection String to the Namespace |
-> | Microsoft.EventHub/namespaces/authorizationRules/regenerateKeys/action | Regenerate the Primary or Secondary key to the Resource |
-> | Microsoft.EventHub/namespaces/disasterrecoveryconfigs/checkNameAvailability/action | Checks availability of namespace alias under given subscription. |
-> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/write | Creates or Updates the Disaster Recovery configuration associated with the namespace. |
-> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/read | Gets the Disaster Recovery configuration associated with the namespace. |
-> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/delete | Deletes the Disaster Recovery configuration associated with the namespace. This operation can only be invoked via the primary namespace. |
-> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/breakPairing/action | Disables Disaster Recovery and stops replicating changes from primary to secondary namespaces. |
-> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/failover/action | Invokes a GEO DR failover and reconfigures the namespace alias to point to the secondary namespace. |
-> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/authorizationRules/read | Get Disaster Recovery Primary Namespace's Authorization Rules |
-> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/authorizationRules/listkeys/action | Gets the authorization rules keys for the Disaster Recovery primary namespace |
-> | Microsoft.EventHub/namespaces/eventhubs/write | Create or Update EventHub properties. |
-> | Microsoft.EventHub/namespaces/eventhubs/read | Get list of EventHub Resource Descriptions |
-> | Microsoft.EventHub/namespaces/eventhubs/Delete | Operation to delete EventHub Resource |
-> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/action | Operation to update EventHub. This operation is not supported on API version 2017-04-01. Authorization Rules. Please use a PUT call to update Authorization Rule. |
-> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/read | Get the list of EventHub Authorization Rules |
-> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/write | Create EventHub Authorization Rules and Update its properties. The Authorization Rules Access Rights can be updated. |
-> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/delete | Operation to delete EventHub Authorization Rules |
-> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/listkeys/action | Get the Connection String to EventHub |
-> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/regenerateKeys/action | Regenerate the Primary or Secondary key to the Resource |
-> | Microsoft.EventHub/namespaces/eventHubs/consumergroups/write | Create or Update ConsumerGroup properties. |
-> | Microsoft.EventHub/namespaces/eventHubs/consumergroups/read | Get list of ConsumerGroup Resource Descriptions |
-> | Microsoft.EventHub/namespaces/eventHubs/consumergroups/Delete | Operation to delete ConsumerGroup Resource |
-> | Microsoft.EventHub/namespaces/ipFilterRules/read | Get IP Filter Resource |
-> | Microsoft.EventHub/namespaces/ipFilterRules/write | Create IP Filter Resource |
-> | Microsoft.EventHub/namespaces/ipFilterRules/delete | Delete IP Filter Resource |
-> | Microsoft.EventHub/namespaces/messagingPlan/read | Gets the Messaging Plan for a namespace.<br>This API is deprecated.<br>Properties exposed via the MessagingPlan resource are moved to the (parent) Namespace resource in later API versions..<br>This operation is not supported on API version 2017-04-01. |
-> | Microsoft.EventHub/namespaces/messagingPlan/write | Updates the Messaging Plan for a namespace.<br>This API is deprecated.<br>Properties exposed via the MessagingPlan resource are moved to the (parent) Namespace resource in later API versions..<br>This operation is not supported on API version 2017-04-01. |
-> | Microsoft.EventHub/namespaces/networkruleset/read | Gets NetworkRuleSet Resource |
-> | Microsoft.EventHub/namespaces/networkruleset/write | Create VNET Rule Resource |
-> | Microsoft.EventHub/namespaces/networkruleset/delete | Delete VNET Rule Resource |
-> | Microsoft.EventHub/namespaces/networkrulesets/read | Gets NetworkRuleSet Resource |
-> | Microsoft.EventHub/namespaces/networkrulesets/write | Create VNET Rule Resource |
-> | Microsoft.EventHub/namespaces/networkrulesets/delete | Delete VNET Rule Resource |
-> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/write | Create NetworkSecurityPerimeterAssociationProxies |
-> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/read | Get NetworkSecurityPerimeterAssociationProxies |
-> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/delete | Delete NetworkSecurityPerimeterAssociationProxies |
-> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/reconcile/action | Reconcile NetworkSecurityPerimeterAssociationProxies |
-> | Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations/read | Get Network Security Perimeter Configurations |
-> | Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations/reconcile/action | Reconcile Network Security Perimeter Configurations |
-> | Microsoft.EventHub/namespaces/operationresults/read | Get the status of Namespace operation |
-> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/validate/action | Validate Private Endpoint Connection Proxy |
-> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/read | Get Private Endpoint Connection Proxy |
-> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/write | Create Private Endpoint Connection Proxy |
-> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection Proxy |
-> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/operationstatus/read | Get the status of an asynchronous private endpoint operation |
-> | Microsoft.EventHub/namespaces/privateEndpointConnections/read | Get Private Endpoint Connection |
-> | Microsoft.EventHub/namespaces/privateEndpointConnections/write | Create or Update Private Endpoint Connection |
-> | Microsoft.EventHub/namespaces/privateEndpointConnections/delete | Removes Private Endpoint Connection |
-> | Microsoft.EventHub/namespaces/privateEndpointConnections/operationstatus/read | Get the status of an asynchronous private endpoint operation |
-> | Microsoft.EventHub/namespaces/privateLinkResources/read | Gets the resource types that support private endpoint connections |
-> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/diagnosticSettings/read | Get list of Namespace diagnostic settings Resource Descriptions |
-> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/diagnosticSettings/write | Get list of Namespace diagnostic settings Resource Descriptions |
-> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/logDefinitions/read | Get list of Namespace logs Resource Descriptions |
-> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/metricDefinitions/read | Get list of Namespace metrics Resource Descriptions |
-> | Microsoft.EventHub/namespaces/schemagroups/write | Create or Update SchemaGroup properties. |
-> | Microsoft.EventHub/namespaces/schemagroups/read | Get list of SchemaGroup Resource Descriptions |
-> | Microsoft.EventHub/namespaces/schemagroups/delete | Operation to delete SchemaGroup Resource |
-> | Microsoft.EventHub/namespaces/virtualNetworkRules/read | Gets VNET Rule Resource |
-> | Microsoft.EventHub/namespaces/virtualNetworkRules/write | Create VNET Rule Resource |
-> | Microsoft.EventHub/namespaces/virtualNetworkRules/delete | Delete VNET Rule Resource |
-> | Microsoft.EventHub/operations/read | Get Operations |
-> | Microsoft.EventHub/sku/read | Get list of Sku Resource Descriptions |
-> | Microsoft.EventHub/sku/regions/read | Get list of SkuRegions Resource Descriptions |
-> | **DataAction** | **Description** |
-> | Microsoft.EventHub/namespaces/messages/send/action | Send messages |
-> | Microsoft.EventHub/namespaces/messages/receive/action | Receive messages |
-> | Microsoft.EventHub/namespaces/schemas/read | Retrieve schemas |
-> | Microsoft.EventHub/namespaces/schemas/write | Write schemas |
-> | Microsoft.EventHub/namespaces/schemas/delete | Delete schemas |
- ## Microsoft.HDInsight
+Provision cloud Hadoop, Spark, R Server, HBase, and Storm clusters.
+ Azure service: [HDInsight](/azure/hdinsight/) > [!div class="mx-tableFixed"]
Azure service: [HDInsight](/azure/hdinsight/)
## Microsoft.Kusto
+Service for storing and running interactive analytics over Big Data.
+ Azure service: [Azure Data Explorer](/azure/data-explorer/) > [!div class="mx-tableFixed"]
Azure service: [Azure Data Explorer](/azure/data-explorer/)
## Microsoft.PowerBIDedicated
+Manage Power BI Premium dedicated capacities for exclusive use by an organization.
+ Azure service: [Power BI Embedded](/azure/power-bi-embedded/) > [!div class="mx-tableFixed"]
Azure service: [Power BI Embedded](/azure/power-bi-embedded/)
> | Microsoft.PowerBIDedicated/skus/read | Retrieves the information of Skus | > | Microsoft.PowerBIDedicated/skus/read | Retrieves the information of Skus |
-## Microsoft.StreamAnalytics
+## Microsoft.Purview
-Azure service: [Stream Analytics](/azure/stream-analytics/)
+Azure service: [Microsoft Purview](/purview/)
> [!div class="mx-tableFixed"] > | Action | Description | > | | |
-> | Microsoft.StreamAnalytics/Register/action | Register subscription with Stream Analytics Resource Provider |
-> | Microsoft.StreamAnalytics/clusters/Delete | Delete Stream Analytics Cluster |
-> | Microsoft.StreamAnalytics/clusters/ListStreamingJobs/action | List streaming jobs for Stream Analytics Cluster |
-> | Microsoft.StreamAnalytics/clusters/Read | Read Stream Analytics Cluster |
-> | Microsoft.StreamAnalytics/clusters/Write | Write Stream Analytics Cluster |
-> | Microsoft.StreamAnalytics/clusters/operationresults/Read | Read operation results for Stream Analytics Cluster |
-> | Microsoft.StreamAnalytics/clusters/privateEndpoints/Delete | Delete Stream Analytics Cluster Private Endpoint |
-> | Microsoft.StreamAnalytics/clusters/privateEndpoints/Read | Read Stream Analytics Cluster Private Endpoint |
-> | Microsoft.StreamAnalytics/clusters/privateEndpoints/Write | Write Stream Analytics Cluster Private Endpoint |
-> | Microsoft.StreamAnalytics/clusters/privateEndpoints/operationresults/Read | Read operation results for Stream Analytics Cluster Private Endpoint |
-> | Microsoft.StreamAnalytics/locations/CompileQuery/action | Compile Query for Stream Analytics Resource Provider |
-> | Microsoft.StreamAnalytics/locations/SampleInput/action | Sample Input for Stream Analytics Resource Provider |
-> | Microsoft.StreamAnalytics/locations/TestInput/action | Test Input for Stream Analytics Resource Provider |
-> | Microsoft.StreamAnalytics/locations/TestOutput/action | Test Output for Stream Analytics Resource Provider |
-> | Microsoft.StreamAnalytics/locations/TestQuery/action | Test Query for Stream Analytics Resource Provider |
-> | Microsoft.StreamAnalytics/locations/operationresults/Read | Read Stream Analytics Operation Result |
-> | Microsoft.StreamAnalytics/locations/quotas/Read | Read Stream Analytics Subscription Quota |
-> | Microsoft.StreamAnalytics/operations/Read | Read Stream Analytics Operations |
-> | Microsoft.StreamAnalytics/streamingjobs/CompileQuery/action | Compile Query for Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/Delete | Delete Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/DownloadDiagram/action | Download job diagrams for Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/GenerateTopologies/action | Generate topologies for Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/PublishEdgePackage/action | Publish edge package for Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/Read | Read Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/Scale/action | Scale Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/Start/action | Start Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/Stop/action | Stop Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/TestQuery/action | Test Query for Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/Write | Write Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/functions/Delete | Delete Stream Analytics Job Function |
-> | Microsoft.StreamAnalytics/streamingjobs/functions/Read | Read Stream Analytics Job Function |
-> | Microsoft.StreamAnalytics/streamingjobs/functions/RetrieveDefaultDefinition/action | Retrieve Default Definition of a Stream Analytics Job Function |
-> | Microsoft.StreamAnalytics/streamingjobs/functions/Test/action | Test Stream Analytics Job Function |
-> | Microsoft.StreamAnalytics/streamingjobs/functions/Write | Write Stream Analytics Job Function |
-> | Microsoft.StreamAnalytics/streamingjobs/functions/operationresults/Read | Read operation results for Stream Analytics Job Function |
-> | Microsoft.StreamAnalytics/streamingjobs/inputs/Delete | Delete Stream Analytics Job Input |
-> | Microsoft.StreamAnalytics/streamingjobs/inputs/Read | Read Stream Analytics Job Input |
-> | Microsoft.StreamAnalytics/streamingjobs/inputs/Sample/action | Sample Stream Analytics Job Input |
-> | Microsoft.StreamAnalytics/streamingjobs/inputs/Test/action | Test Stream Analytics Job Input |
-> | Microsoft.StreamAnalytics/streamingjobs/inputs/Write | Write Stream Analytics Job Input |
-> | Microsoft.StreamAnalytics/streamingjobs/inputs/operationresults/Read | Read operation results for Stream Analytics Job Input |
-> | Microsoft.StreamAnalytics/streamingjobs/metricdefinitions/Read | Read Metric Definitions |
-> | Microsoft.StreamAnalytics/streamingjobs/operationresults/Read | Read operation results for Stream Analytics Job |
-> | Microsoft.StreamAnalytics/streamingjobs/outputs/Delete | Delete Stream Analytics Job Output |
-> | Microsoft.StreamAnalytics/streamingjobs/outputs/Read | Read Stream Analytics Job Output |
-> | Microsoft.StreamAnalytics/streamingjobs/outputs/Test/action | Test Stream Analytics Job Output |
-> | Microsoft.StreamAnalytics/streamingjobs/outputs/Write | Write Stream Analytics Job Output |
-> | Microsoft.StreamAnalytics/streamingjobs/outputs/operationresults/Read | Read operation results for Stream Analytics Job Output |
-> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/diagnosticSettings/read | Read diagnostic setting. |
-> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/diagnosticSettings/write | Write diagnostic setting. |
-> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for streamingjobs |
-> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for streamingjobs |
-> | Microsoft.StreamAnalytics/streamingjobs/Skus/Read | Read Stream Analytics Job SKUs |
-> | Microsoft.StreamAnalytics/streamingjobs/transformations/Delete | Delete Stream Analytics Job Transformation |
-> | Microsoft.StreamAnalytics/streamingjobs/transformations/Read | Read Stream Analytics Job Transformation |
-> | Microsoft.StreamAnalytics/streamingjobs/transformations/Write | Write Stream Analytics Job Transformation |
+> | Microsoft.Purview/register/action | Register the subscription for Microsoft Purview provider. |
+> | Microsoft.Purview/unregister/action | Unregister the subscription for Microsoft Purview provider. |
+> | Microsoft.Purview/setDefaultAccount/action | Sets the default account for the scope. |
+> | Microsoft.Purview/removeDefaultAccount/action | Removes the default account for the scope. |
+> | Microsoft.Purview/accounts/read | Read account resource for Microsoft Purview provider. |
+> | Microsoft.Purview/accounts/write | Write account resource for Microsoft Purview provider. |
+> | Microsoft.Purview/accounts/delete | Delete account resource for Microsoft Purview provider. |
+> | Microsoft.Purview/accounts/listkeys/action | List keys on the account resource for Microsoft Purview provider. |
+> | Microsoft.Purview/accounts/addrootcollectionadmin/action | Add root collection admin to account resource for Microsoft Purview provider. |
+> | Microsoft.Purview/accounts/move/action | Move account resource for Microsoft Purview provider. |
+> | Microsoft.Purview/accounts/PrivateEndpointConnectionsApproval/action | Approve Private Endpoint Connection. |
+> | Microsoft.Purview/accounts/kafkaConfigurations/read | Read Kafka Configurations. |
+> | Microsoft.Purview/accounts/kafkaConfigurations/write | Create or update Kafka Configurations. |
+> | Microsoft.Purview/accounts/kafkaConfigurations/delete | Delete Kafka Configurations. |
+> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/read | Read Account Private Endpoint Connection Proxy. |
+> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/write | Write Account Private Endpoint Connection Proxy. |
+> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/delete | Delete Account Private Endpoint Connection Proxy. |
+> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/validate/action | Validate Account Private Endpoint Connection Proxy. |
+> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/operationResults/read | Monitor Private Endpoint Connection Proxy async operations. |
+> | Microsoft.Purview/accounts/privateEndpointConnections/read | Read Private Endpoint Connection. |
+> | Microsoft.Purview/accounts/privateEndpointConnections/write | Create or update Private Endpoint Connection. |
+> | Microsoft.Purview/accounts/privateEndpointConnections/delete | Delete Private Endpoint Connection. |
+> | Microsoft.Purview/accounts/privatelinkresources/read | Read Account Link Resources. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the catalog. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for the catalog. |
+> | Microsoft.Purview/checkConsent/read | Resolve the scope the Consent is granted. |
+> | Microsoft.Purview/checknameavailability/read | Check if name of purview account resource is available for Microsoft Purview provider. |
+> | Microsoft.Purview/consents/read | Read Consent Resource. |
+> | Microsoft.Purview/consents/write | Create or Update a Consent Resource. |
+> | Microsoft.Purview/consents/delete | Delete the Consent Resource. |
+> | Microsoft.Purview/getDefaultAccount/read | Gets the default account for the scope. |
+> | Microsoft.Purview/locations/operationResults/read | Monitor async operations. |
+> | Microsoft.Purview/operations/read | Reads all available operations for Microsoft Purview provider. |
+> | Microsoft.Purview/policies/read | Read Policy Resource. |
+> | **DataAction** | **Description** |
+> | Microsoft.Purview/accounts/data/read | Permission is deprecated. |
+> | Microsoft.Purview/accounts/data/write | Permission is deprecated. |
+> | Microsoft.Purview/accounts/scan/read | Permission is deprecated. |
+> | Microsoft.Purview/accounts/scan/write | Permission is deprecated. |
+> | Microsoft.Purview/attributeBlobs/read | Read Attribute Blob. |
+> | Microsoft.Purview/attributeBlobs/write | Write Attribute Blob. |
+> | Microsoft.Purview/policyElements/read | Read Policy Element. |
+> | Microsoft.Purview/policyElements/write | Create or update Policy Element. |
+> | Microsoft.Purview/policyElements/delete | Delete Policy Element. |
+> | Microsoft.Purview/purviewAccountBindings/read | Read Account Binding. |
+> | Microsoft.Purview/purviewAccountBindings/write | Create or update Account Binding. |
+> | Microsoft.Purview/purviewAccountBindings/delete | Delete Account Binding. |
## Microsoft.Synapse
role-based-access-control Compute https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/compute.md
Azure service: [Azure Container Apps](/azure/container-apps/)
> | microsoft.app/sessionpools/interpreters/execute/action | Execute Code | > | microsoft.app/sessionpools/interpreters/read | Read interpreter resources |
+## Microsoft.AppPlatform
+
+A fully managed Spring Cloud service, built and operated with Pivotal.
+
+Azure service: [Azure Spring Apps](/azure/spring-apps/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.AppPlatform/register/action | Register the subscription to the Microsoft.AppPlatform resource provider |
+> | Microsoft.AppPlatform/unregister/action | Unregister the subscription from the Microsoft.AppPlatform resource provider |
+> | Microsoft.AppPlatform/locations/checkNameAvailability/action | Check resource name availability |
+> | Microsoft.AppPlatform/locations/operationResults/Spring/read | Read resource operation result |
+> | Microsoft.AppPlatform/locations/operationStatus/operationId/read | Read resource operation status |
+> | Microsoft.AppPlatform/operations/read | List available operations of Microsoft Azure Spring Apps |
+> | Microsoft.AppPlatform/runtimeVersions/read | Get runtime versions of Microsoft Azure Spring Apps |
+> | Microsoft.AppPlatform/skus/read | List available skus of Microsoft Azure Spring Apps |
+> | Microsoft.AppPlatform/Spring/write | Create or Update a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/delete | Delete a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/read | Get Azure Spring Apps service instance(s) |
+> | Microsoft.AppPlatform/Spring/listTestKeys/action | List test keys for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/regenerateTestKey/action | Regenerate test key for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/disableTestEndpoint/action | Disable test endpoint functionality for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/enableTestEndpoint/action | Enable test endpoint functionality for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/stop/action | Stop a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/start/action | Start a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configServers/action | Validate the config server settings for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/enableApmGlobally/action | Enable APM globally for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/disableApmGlobally/action | Disable APM globally for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/listGloballyEnabledApms/action | List globally enabled APMs for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apiPortals/read | Get the API portal for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apiPortals/write | Create or update the API portal for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apiPortals/delete | Delete the API portal for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apiPortals/validateDomain/action | Validate the API portal domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apiPortals/domains/read | Get the API portal domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apiPortals/domains/write | Create or update the API portal domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apiPortals/domains/delete | Delete the API portal domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apms/read | Get the APM for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apms/write | Create or update the APM for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apms/delete | Delete the APM for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apms/listSecretKeys/action | List the secret keys for a specific Azure Spring Apps service instance APM |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/read | Get the Application Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/write | Create or update Application Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/delete | Delete Application Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/read | Get the Customized Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/write | Create or update Customized Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/delete | Delete Customized Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/validate/action | Validate Customized Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/predefinedAccelerators/read | Get the Predefined Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/predefinedAccelerators/disable/action | Disable Predefined Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationAccelerators/predefinedAccelerators/enable/action | Enable Predefined Accelerator for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationLiveViews/read | Get the Application Live View for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationLiveViews/write | Create or update Application Live View for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/applicationLiveViews/delete | Delete Application Live View for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apps/write | Create or update the application for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apps/delete | Delete the application for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apps/read | Get the applications for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action | Get the resource upload URL of a specific Microsoft Azure Spring Apps application |
+> | Microsoft.AppPlatform/Spring/apps/validateDomain/action | Validate the custom domain for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/setActiveDeployments/action | Set active deployments for a specific Microsoft Azure Spring Apps application |
+> | Microsoft.AppPlatform/Spring/apps/validate/action | Validate the container registry for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apps/bindings/write | Create or update the binding for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/bindings/delete | Delete the binding for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/bindings/read | Get the bindings for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/connectorProps/read | Get the service connectors for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/connectorProps/write | Create or update the service connector for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/connectorProps/delete | Delete the service connector for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/write | Create or update the deployment for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/delete | Delete the deployment for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/read | Get the deployments for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/start/action | Start the deployment for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/stop/action | Stop the deployment for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/restart/action | Restart the deployment for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action | Get the log file URL of a specific Microsoft Azure Spring Apps application deployment |
+> | Microsoft.AppPlatform/Spring/apps/deployments/generateHeapDump/action | Generate heap dump for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/generateThreadDump/action | Generate thread dump for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/startJFR/action | Start JFR for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/enableRemoteDebugging/action | Enable remote debugging for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/disableRemoteDebugging/action | Disable remote debugging for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/getRemoteDebuggingConfig/action | Get remote debugging configuration for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/connectorProps/read | Get the service connectors for a specific deployment |
+> | Microsoft.AppPlatform/Spring/apps/deployments/connectorProps/write | Create or update the service connector for a specific deployment |
+> | Microsoft.AppPlatform/Spring/apps/deployments/connectorProps/delete | Delete the service connector for a specific deployment |
+> | Microsoft.AppPlatform/Spring/apps/deployments/operationResults/read | Read resource operation result |
+> | Microsoft.AppPlatform/Spring/apps/deployments/operationStatuses/read | Read resource operation Status |
+> | Microsoft.AppPlatform/Spring/apps/deployments/skus/read | List available skus of an application deployment |
+> | Microsoft.AppPlatform/Spring/apps/domains/write | Create or update the custom domain for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/domains/delete | Delete the custom domain for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/domains/read | Get the custom domains for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/operationResults/read | Read resource operation result |
+> | Microsoft.AppPlatform/Spring/apps/operationStatuses/read | Read resource operation Status |
+> | Microsoft.AppPlatform/Spring/buildpackBindings/read | Get the BuildpackBinding for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/read | Get the Build Services for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/getResourceUploadUrl/action | Get the Upload URL of a specific Microsoft Azure Spring Apps build |
+> | Microsoft.AppPlatform/Spring/buildServices/write | Create or Update the Build Services for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/agentPools/read | Get the Agent Pools for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/agentPools/write | Create or update the Agent Pools for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builders/read | Get the Builders for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builders/write | Create or update the Builders for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builders/delete | Delete the Builders for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builders/listUsingDeployments/action | List deployments using the Builders for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/read | Get the BuildpackBinding for a specific Azure Spring Apps service instance Builder |
+> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/write | Create or update the BuildpackBinding for a specific Azure Spring Apps service instance Builder |
+> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/delete | Delete the BuildpackBinding for a specific Azure Spring Apps service instance Builder |
+> | Microsoft.AppPlatform/Spring/buildServices/builds/read | Get the Builds for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builds/write | Create or update the Builds for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builds/delete | Delete the Builds for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builds/results/read | Get the Build Results for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/builds/results/getLogFileUrl/action | Get the Log File URL of a specific Microsoft Azure Spring Apps build result |
+> | Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks/read | Get the Supported Buildpacks for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/buildServices/supportedStacks/read | Get the Supported Stacks for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/certificates/write | Create or update the certificate for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/certificates/delete | Delete the certificate for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/certificates/read | Get the certificates for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configServers/read | Get the config server for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configServers/write | Create or update the config server for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configServers/operationResults/read | Read resource operation result |
+> | Microsoft.AppPlatform/Spring/configServers/operationStatuses/read | Read resource operation Status |
+> | Microsoft.AppPlatform/Spring/configurationServices/read | Get the Application Configuration Services for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configurationServices/write | Create or update the Application Configuration Service for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configurationServices/delete | Delete the Application Configuration Service for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configurationServices/validate/action | Validate the settings for a specific Application Configuration Service |
+> | Microsoft.AppPlatform/Spring/configurationServices/validateResource/action | Validate the resource for a specific Application Configuration Service |
+> | Microsoft.AppPlatform/Spring/containerRegistries/read | Get the container registry for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/containerRegistries/write | Create or update the container registry for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/containerRegistries/delete | Delete the container registry for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/deployments/read | Get the deployments for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/detectors/read | Get the detectors for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/devToolPortals/read | Get the Dev Tool Portal for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/devToolPortals/write | Create or update Dev Tool Portal for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/devToolPortals/delete | Delete Dev Tool Portal for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/read | Get the Spring Cloud Gateways for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/write | Create or update the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/delete | Delete the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/validateDomain/action | Validate the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/listEnvSecrets/action | List environment variables secret of the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/restart/action | Restart the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/domains/read | Get the Spring Cloud Gateways domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/domains/write | Create or update the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/domains/delete | Delete the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/read | Get the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/write | Create or update the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/delete | Delete the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/monitoringSettings/read | Get the monitoring setting for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/monitoringSettings/write | Create or update the monitoring setting for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/operationResults/read | Read resource operation result |
+> | Microsoft.AppPlatform/Spring/operationStatuses/read | Read resource operation Status |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/logDefinitions/read | Get definitions of logs from Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/metricDefinitions/read | Get definitions of metrics from Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/serviceRegistries/read | Get the Service Registrys for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/serviceRegistries/write | Create or update the Service Registry for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/serviceRegistries/delete | Delete the Service Registry for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/storages/write | Create or update the storage for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/storages/delete | Delete the storage for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/storages/read | Get storage for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/supportedApmTypes/read | List the supported APM types for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/supportedServerVersions/read | List the supported server versions for a specific Azure Spring Apps service instance |
+> | **DataAction** | **Description** |
+> | Microsoft.AppPlatform/Spring/ApplicationConfigurationService/logstream/action | Read the streaming log of all subcomponents in Application Configuration Service from a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/apps/deployments/remotedebugging/action | Remote debugging app instance for a specific application |
+> | Microsoft.AppPlatform/Spring/apps/deployments/connect/action | Connect to an instance for a specific application |
+> | Microsoft.AppPlatform/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configService/write | Write config server content for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/configService/delete | Delete config server content for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/eurekaService/write | Write the user app(s) registration information for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/eurekaService/delete | Delete the user app registration information for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/logstreamService/read | Read the streaming log of user app for a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/managedComponents/logstream/action | Read the streaming log of all managed components (e.g. Application Configuration Service, Spring Cloud Gateway) from a specific Azure Spring Apps service instance |
+> | Microsoft.AppPlatform/Spring/SpringCloudGateway/logstream/action | Read the streaming log of Spring Cloud Gateway from a specific Azure Spring Apps service instance |
+
+## Microsoft.AVS
+
+Azure service: [Azure VMware Solution](/azure/azure-vmware/introduction)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.AVS/register/action | Register Subscription for Microsoft.AVS resource provider. |
+> | Microsoft.AVS/unregister/action | Unregister Subscription for Microsoft.AVS resource provider. |
+> | Microsoft.AVS/checkNameAvailability/read | Checks if the privateCloud Name is available |
+> | Microsoft.AVS/locations/checkNameAvailability/read | Checks if the privateCloud Name is available |
+> | Microsoft.AVS/locations/checkQuotaAvailability/read | Checks if quota is available for the subscription |
+> | Microsoft.AVS/locations/checkTrialAvailability/read | Checks if trial is available for the subscription |
+> | Microsoft.AVS/operations/read | Lists operations available on Microsoft.AVS resource provider. |
+> | Microsoft.AVS/privateClouds/register/action | Registers the Microsoft Microsoft.AVS resource provider and enables creation of Private Clouds. |
+> | Microsoft.AVS/privateClouds/write | Creates or updates a PrivateCloud resource. |
+> | Microsoft.AVS/privateClouds/read | Gets the settings for the specified PrivateCloud. |
+> | Microsoft.AVS/privateClouds/delete | Delete a specific PrivateCloud. |
+> | Microsoft.AVS/privateClouds/addOns/read | Read addOns. |
+> | Microsoft.AVS/privateClouds/addOns/write | Write addOns. |
+> | Microsoft.AVS/privateClouds/addOns/delete | Delete addOns. |
+> | Microsoft.AVS/privateClouds/addOns/operationStatuses/read | Read addOns operationStatuses. |
+> | Microsoft.AVS/privateClouds/authorizations/read | Gets the authorization settings for a PrivateCloud cluster. |
+> | Microsoft.AVS/privateClouds/authorizations/write | Create or update a PrivateCloud authorization resource. |
+> | Microsoft.AVS/privateClouds/authorizations/delete | Delete a specific PrivateCloud authorization. |
+> | Microsoft.AVS/privateClouds/clusters/read | Gets the cluster settings for a PrivateCloud cluster. |
+> | Microsoft.AVS/privateClouds/clusters/write | Create or update a PrivateCloud cluster resource. |
+> | Microsoft.AVS/privateClouds/clusters/delete | Delete a specific PrivateCloud cluster. |
+> | Microsoft.AVS/privateClouds/clusters/datastores/read | Get the datastore properties in a private cloud cluster. |
+> | Microsoft.AVS/privateClouds/clusters/datastores/write | Create or update datastore in private cloud cluster. |
+> | Microsoft.AVS/privateClouds/clusters/datastores/delete | Delete datastore in private cloud cluster. |
+> | Microsoft.AVS/privateclouds/clusters/datastores/operationresults/read | Read privateClouds/clusters/datastores operationresults. |
+> | Microsoft.AVS/privateClouds/clusters/datastores/operationstatuses/read | Read privateClouds/clusters/datastores operationstatuses. |
+> | Microsoft.AVS/privateclouds/clusters/operationresults/read | Reads privateClouds/clusters operationresults. |
+> | Microsoft.AVS/privateClouds/clusters/operationstatuses/read | Reads privateClouds/clusters operationstatuses. |
+> | Microsoft.AVS/privateClouds/globalReachConnections/delete | Delete globalReachConnections. |
+> | Microsoft.AVS/privateClouds/globalReachConnections/write | Write globalReachConnections. |
+> | Microsoft.AVS/privateClouds/globalReachConnections/read | Read globalReachConnections. |
+> | Microsoft.AVS/privateClouds/globalReachConnections/operationStatuses/read | Read globalReachConnections operationStatuses. |
+> | Microsoft.AVS/privateClouds/hcxEnterpriseSites/read | Gets the hcxEnterpriseSites for a PrivateCloud. |
+> | Microsoft.AVS/privateClouds/hcxEnterpriseSites/write | Create or update a hcxEnterpriseSites. |
+> | Microsoft.AVS/privateClouds/hcxEnterpriseSites/delete | Delete a specific hcxEnterpriseSites. |
+> | Microsoft.AVS/privateClouds/hostInstances/read | Gets the hostInstances for a PrivateCloud. |
+> | Microsoft.AVS/privateClouds/hostInstances/write | Create or update a hostInstances. |
+> | Microsoft.AVS/privateClouds/hostInstances/delete | Delete a specific hostInstances. |
+> | Microsoft.AVS/privateClouds/operationresults/read | Reads privateClouds operationresults. |
+> | Microsoft.AVS/privateClouds/operationstatuses/read | Reads privateClouds operationstatuses. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/delete | Delete dhcpConfigurations. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/write | Write dhcpConfigurations. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/read | Read dhcpConfigurations. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/operationStatuses/read | Read dhcpConfigurations operationStatuses. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/delete | Delete dnsServices. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/write | Write dnsServices. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/read | Read dnsServices. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/operationStatuses/read | Read dnsServices operationStatuses. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/delete | Delete dnsZones. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/write | Write dnsZones. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/read | Read dnsZones. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/operationStatuses/read | Read dnsZones operationStatuses. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/gateways/read | Read gateways. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/delete | Delete portMirroringProfiles. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/write | Write portMirroringProfiles. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/read | Read portMirroringProfiles. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/operationStatuses/read | Read portMirroringProfiles operationStatuses. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/segments/delete | Delete segments. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/segments/write | Write segments. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/segments/read | Read segments. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/segments/operationStatuses/read | Read segments operationStatuses. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/virtualMachines/read | Read virtualMachines. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/delete | Delete vmGroups. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/write | Write vmGroups. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/read | Read vmGroups. |
+> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/operationStatuses/read | Read vmGroups operationStatuses. |
+> | **DataAction** | **Description** |
+> | Microsoft.AVS/privateClouds/listAdminCredentials/action | Lists the AdminCredentials for privateClouds. |
+> | Microsoft.AVS/privateClouds/rotateVcenterPassword/action | Rotate Vcenter password for the PrivateCloud. |
+> | Microsoft.AVS/privateClouds/rotateNsxtPassword/action | Rotate Nsxt CloudAdmin password for the PrivateCloud. |
+> | Microsoft.AVS/privateClouds/rotateNsxtCloudAdminPassword/action | Rotate Nsxt CloudAdmin password for the PrivateCloud. |
+
+## Microsoft.Batch
+
+Cloud-scale job scheduling and compute management.
+
+Azure service: [Batch](/azure/batch/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.Batch/register/action | Registers the subscription for the Batch Resource Provider and enables the creation of Batch accounts |
+> | Microsoft.Batch/unregister/action | Unregisters the subscription for the Batch Resource Provider preventing the creation of Batch accounts |
+> | Microsoft.Batch/batchAccounts/read | Lists Batch accounts or gets the properties of a Batch account |
+> | Microsoft.Batch/batchAccounts/write | Creates a new Batch account or updates an existing Batch account |
+> | Microsoft.Batch/batchAccounts/delete | Deletes a Batch account |
+> | Microsoft.Batch/batchAccounts/listkeys/action | Lists access keys for a Batch account |
+> | Microsoft.Batch/batchAccounts/regeneratekeys/action | Regenerates access keys for a Batch account |
+> | Microsoft.Batch/batchAccounts/syncAutoStorageKeys/action | Synchronizes access keys for the auto storage account configured for a Batch account |
+> | Microsoft.Batch/batchAccounts/applications/read | Lists applications or gets the properties of an application |
+> | Microsoft.Batch/batchAccounts/applications/write | Creates a new application or updates an existing application |
+> | Microsoft.Batch/batchAccounts/applications/delete | Deletes an application |
+> | Microsoft.Batch/batchAccounts/applications/versions/read | Gets the properties of an application package |
+> | Microsoft.Batch/batchAccounts/applications/versions/write | Creates a new application package or updates an existing application package |
+> | Microsoft.Batch/batchAccounts/applications/versions/delete | Deletes an application package |
+> | Microsoft.Batch/batchAccounts/applications/versions/activate/action | Activates an application package |
+> | Microsoft.Batch/batchAccounts/certificateOperationResults/read | Gets the results of a long running certificate operation on a Batch account |
+> | Microsoft.Batch/batchAccounts/certificates/read | Lists certificates on a Batch account or gets the properties of a certificate |
+> | Microsoft.Batch/batchAccounts/certificates/write | Creates a new certificate on a Batch account or updates an existing certificate |
+> | Microsoft.Batch/batchAccounts/certificates/delete | Deletes a certificate from a Batch account |
+> | Microsoft.Batch/batchAccounts/certificates/cancelDelete/action | Cancels the failed deletion of a certificate on a Batch account |
+> | Microsoft.Batch/batchAccounts/detectors/read | Gets AppLens Detector or Lists AppLens Detectors on a Batch account |
+> | Microsoft.Batch/batchAccounts/operationResults/read | Gets the results of a long running Batch account operation |
+> | Microsoft.Batch/batchAccounts/outboundNetworkDependenciesEndpoints/read | Lists the outbound network dependency endpoints for a Batch account |
+> | Microsoft.Batch/batchAccounts/poolOperationResults/read | Gets the results of a long running pool operation on a Batch account |
+> | Microsoft.Batch/batchAccounts/pools/read | Lists pools on a Batch account or gets the properties of a pool |
+> | Microsoft.Batch/batchAccounts/pools/write | Creates a new pool on a Batch account or updates an existing pool |
+> | Microsoft.Batch/batchAccounts/pools/delete | Deletes a pool from a Batch account |
+> | Microsoft.Batch/batchAccounts/pools/stopResize/action | Stops an ongoing resize operation on a Batch account pool |
+> | Microsoft.Batch/batchAccounts/pools/disableAutoscale/action | Disables automatic scaling for a Batch account pool |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/validate/action | Validates a Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/write | Create a new Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/read | Gets Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/delete | Delete a Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxyResults/read | Gets the results of a long running Batch account private endpoint connection proxy operation |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionResults/read | Gets the results of a long running Batch account private endpoint connection operation |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnections/write | Update an existing Private endpoint connection on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnections/read | Gets Private endpoint connection or Lists Private endpoint connections on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnections/delete | Delete a Private endpoint connection on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateLinkResources/read | Gets the properties of a Private link resource or Lists Private link resources on a Batch account |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the Batch service |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for the Batch service |
+> | Microsoft.Batch/deployments/preflight/action | Runs Preflight validation for resources included in the request |
+> | Microsoft.Batch/locations/checkNameAvailability/action | Checks that the account name is valid and not in use. |
+> | Microsoft.Batch/locations/accountOperationResults/read | Gets the results of a long running Batch account operation |
+> | Microsoft.Batch/locations/cloudServiceSkus/read | Lists available Batch supported Cloud Service VM sizes at the given location |
+> | Microsoft.Batch/locations/quotas/read | Gets Batch quotas of the specified subscription at the specified Azure region |
+> | Microsoft.Batch/locations/virtualMachineSkus/read | Lists available Batch supported Virtual Machine VM sizes at the given location |
+> | Microsoft.Batch/operations/read | Lists operations available on Microsoft.Batch resource provider |
+> | **DataAction** | **Description** |
+> | Microsoft.Batch/batchAccounts/jobs/read | Lists jobs on a Batch account or gets the properties of a job |
+> | Microsoft.Batch/batchAccounts/jobs/write | Creates a new job on a Batch account or updates an existing job |
+> | Microsoft.Batch/batchAccounts/jobs/delete | Deletes a job from a Batch account |
+> | Microsoft.Batch/batchAccounts/jobSchedules/read | Lists job schedules on a Batch account or gets the properties of a job schedule |
+> | Microsoft.Batch/batchAccounts/jobSchedules/write | Creates a new job schedule on a Batch account or updates an existing job schedule |
+> | Microsoft.Batch/batchAccounts/jobSchedules/delete | Deletes a job schedule from a Batch account |
+ ## Microsoft.ClassicCompute Azure service: Classic deployment model virtual machine
Azure service: Classic deployment model virtual machine
## Microsoft.Compute
+Access cloud compute capacity and scale on demand (such as virtual machines) and only pay for the resources you use.
+ Azure service: [Virtual Machines](/azure/virtual-machines/), [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/) > [!div class="mx-tableFixed"]
Azure service: [Virtual Machines](/azure/virtual-machines/), [Virtual Machine Sc
## Microsoft.DesktopVirtualization
+The best virtual desktop experience, delivered on Azure.
+ Azure service: [Azure Virtual Desktop](/azure/virtual-desktop/) > [!div class="mx-tableFixed"]
Azure service: [Azure Virtual Desktop](/azure/virtual-desktop/)
## Microsoft.ServiceFabric
+Develop microservices and orchestrate containers on Windows or Linux.
+ Azure service: [Service Fabric](/azure/service-fabric/) > [!div class="mx-tableFixed"]
role-based-access-control Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/containers.md
This article lists the permissions for the Azure resource providers in the Conta
## Microsoft.ContainerInstance
+Easily run containers on Azure without managing servers.
+ Azure service: [Container Instances](/azure/container-instances/) > [!div class="mx-tableFixed"]
Azure service: [Container Instances](/azure/container-instances/)
## Microsoft.ContainerRegistry
+Store and manage container images across all types of Azure deployments.
+ Azure service: [Container Registry](/azure/container-registry/) > [!div class="mx-tableFixed"]
Azure service: [Container Registry](/azure/container-registry/)
## Microsoft.ContainerService
+Accelerate your containerized application development without compromising security.
+ Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/) > [!div class="mx-tableFixed"]
Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/)
> | Microsoft.ContainerService/managedClusters/users/impersonate/action | Impersonate users | > | Microsoft.ContainerService/managedClusters/version/read | Reads version |
-## Microsoft.Kubernetes
-
-Azure service: [Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/overview)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Kubernetes/register/action | Registers Subscription with Microsoft.Kubernetes resource provider |
-> | Microsoft.Kubernetes/unregister/action | Un-Registers Subscription with Microsoft.Kubernetes resource provider |
-> | Microsoft.Kubernetes/connectedClusters/Read | Read connectedClusters |
-> | Microsoft.Kubernetes/connectedClusters/Write | Writes connectedClusters |
-> | Microsoft.Kubernetes/connectedClusters/Delete | Deletes connectedClusters |
-> | Microsoft.Kubernetes/connectedClusters/listClusterUserCredentials/action | List clusterUser credential(preview) |
-> | Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action | List clusterUser credential |
-> | Microsoft.Kubernetes/locations/operationstatuses/read | Read Operation Statuses |
-> | Microsoft.Kubernetes/locations/operationstatuses/write | Write Operation Statuses |
-> | Microsoft.Kubernetes/operations/read | Lists operations available on Microsoft.Kubernetes resource provider |
-> | Microsoft.Kubernetes/RegisteredSubscriptions/read | Reads registered subscriptions |
-> | **DataAction** | **Description** |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/initializerconfigurations/read | Reads initializerconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/initializerconfigurations/write | Writes initializerconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/initializerconfigurations/delete | Deletes initializerconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/mutatingwebhookconfigurations/read | Reads mutatingwebhookconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/mutatingwebhookconfigurations/write | Writes mutatingwebhookconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/mutatingwebhookconfigurations/delete | Deletes mutatingwebhookconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/validatingwebhookconfigurations/read | Reads validatingwebhookconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/validatingwebhookconfigurations/write | Writes validatingwebhookconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/validatingwebhookconfigurations/delete | Deletes validatingwebhookconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/api/read | Reads api |
-> | Microsoft.Kubernetes/connectedClusters/api/v1/read | Reads api/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apiextensions.k8s.io/customresourcedefinitions/read | Reads customresourcedefinitions |
-> | Microsoft.Kubernetes/connectedClusters/apiextensions.k8s.io/customresourcedefinitions/write | Writes customresourcedefinitions |
-> | Microsoft.Kubernetes/connectedClusters/apiextensions.k8s.io/customresourcedefinitions/delete | Deletes customresourcedefinitions |
-> | Microsoft.Kubernetes/connectedClusters/apiregistration.k8s.io/apiservices/read | Reads apiservices |
-> | Microsoft.Kubernetes/connectedClusters/apiregistration.k8s.io/apiservices/write | Writes apiservices |
-> | Microsoft.Kubernetes/connectedClusters/apiregistration.k8s.io/apiservices/delete | Deletes apiservices |
-> | Microsoft.Kubernetes/connectedClusters/apis/read | Reads apis |
-> | Microsoft.Kubernetes/connectedClusters/apis/admissionregistration.k8s.io/read | Reads admissionregistration.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/admissionregistration.k8s.io/v1/read | Reads admissionregistration.k8s.io/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/admissionregistration.k8s.io/v1beta1/read | Reads admissionregistration.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/apiextensions.k8s.io/read | Reads apiextensions.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/apiextensions.k8s.io/v1/read | Reads apiextensions.k8s.io/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/apiextensions.k8s.io/v1beta1/read | Reads apiextensions.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/apiregistration.k8s.io/read | Reads apiregistration.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/apiregistration.k8s.io/v1/read | Reads apiregistration.k8s.io/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/apiregistration.k8s.io/v1beta1/read | Reads apiregistration.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/apps/read | Reads apps |
-> | Microsoft.Kubernetes/connectedClusters/apis/apps/v1beta1/read | Reads apps/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/apps/v1beta2/read | Reads v1beta2 |
-> | Microsoft.Kubernetes/connectedClusters/apis/authentication.k8s.io/read | Reads authentication.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/authentication.k8s.io/v1/read | Reads authentication.k8s.io/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/authentication.k8s.io/v1beta1/read | Reads authentication.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/authorization.k8s.io/read | Reads authorization.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/authorization.k8s.io/v1/read | Reads authorization.k8s.io/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/authorization.k8s.io/v1beta1/read | Reads authorization.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/read | Reads autoscaling |
-> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/v1/read | Reads autoscaling/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/v2beta1/read | Reads autoscaling/v2beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/v2beta2/read | Reads autoscaling/v2beta2 |
-> | Microsoft.Kubernetes/connectedClusters/apis/batch/read | Reads batch |
-> | Microsoft.Kubernetes/connectedClusters/apis/batch/v1/read | Reads batch/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/batch/v1beta1/read | Reads batch/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/certificates.k8s.io/read | Reads certificates.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/certificates.k8s.io/v1beta1/read | Reads certificates.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/coordination.k8s.io/read | Reads coordination.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/coordination.k8s.io/v1/read | Reads coordination/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/coordination.k8s.io/v1beta1/read | Reads coordination.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/events.k8s.io/read | Reads events.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/events.k8s.io/v1beta1/read | Reads events.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/extensions/read | Reads extensions |
-> | Microsoft.Kubernetes/connectedClusters/apis/extensions/v1beta1/read | Reads extensions/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/metrics.k8s.io/read | Reads metrics.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/metrics.k8s.io/v1beta1/read | Reads metrics.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/networking.k8s.io/read | Reads networking.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/networking.k8s.io/v1/read | Reads networking/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/networking.k8s.io/v1beta1/read | Reads networking.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/node.k8s.io/read | Reads node.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/node.k8s.io/v1beta1/read | Reads node.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/policy/read | Reads policy |
-> | Microsoft.Kubernetes/connectedClusters/apis/policy/v1beta1/read | Reads policy/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/rbac.authorization.k8s.io/read | Reads rbac.authorization.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/rbac.authorization.k8s.io/v1/read | Reads rbac.authorization/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/rbac.authorization.k8s.io/v1beta1/read | Reads rbac.authorization.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/scheduling.k8s.io/read | Reads scheduling.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/scheduling.k8s.io/v1/read | Reads scheduling/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/scheduling.k8s.io/v1beta1/read | Reads scheduling.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/storage.k8s.io/read | Reads storage.k8s.io |
-> | Microsoft.Kubernetes/connectedClusters/apis/storage.k8s.io/v1/read | Reads storage/v1 |
-> | Microsoft.Kubernetes/connectedClusters/apis/storage.k8s.io/v1beta1/read | Reads storage.k8s.io/v1beta1 |
-> | Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
-> | Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/write | Writes controllerrevisions |
-> | Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/delete | Deletes controllerrevisions |
-> | Microsoft.Kubernetes/connectedClusters/apps/daemonsets/read | Reads daemonsets |
-> | Microsoft.Kubernetes/connectedClusters/apps/daemonsets/write | Writes daemonsets |
-> | Microsoft.Kubernetes/connectedClusters/apps/daemonsets/delete | Deletes daemonsets |
-> | Microsoft.Kubernetes/connectedClusters/apps/deployments/read | Reads deployments |
-> | Microsoft.Kubernetes/connectedClusters/apps/deployments/write | Writes deployments |
-> | Microsoft.Kubernetes/connectedClusters/apps/deployments/delete | Deletes deployments |
-> | Microsoft.Kubernetes/connectedClusters/apps/replicasets/read | Reads replicasets |
-> | Microsoft.Kubernetes/connectedClusters/apps/replicasets/write | Writes replicasets |
-> | Microsoft.Kubernetes/connectedClusters/apps/replicasets/delete | Deletes replicasets |
-> | Microsoft.Kubernetes/connectedClusters/apps/statefulsets/read | Reads statefulsets |
-> | Microsoft.Kubernetes/connectedClusters/apps/statefulsets/write | Writes statefulsets |
-> | Microsoft.Kubernetes/connectedClusters/apps/statefulsets/delete | Deletes statefulsets |
-> | Microsoft.Kubernetes/connectedClusters/authentication.k8s.io/tokenreviews/write | Writes tokenreviews |
-> | Microsoft.Kubernetes/connectedClusters/authentication.k8s.io/userextras/impersonate/action | Impersonate userextras |
-> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write | Writes localsubjectaccessreviews |
-> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/selfsubjectaccessreviews/write | Writes selfsubjectaccessreviews |
-> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/selfsubjectrulesreviews/write | Writes selfsubjectrulesreviews |
-> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/subjectaccessreviews/write | Writes subjectaccessreviews |
-> | Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/read | Reads horizontalpodautoscalers |
-> | Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/write | Writes horizontalpodautoscalers |
-> | Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/delete | Deletes horizontalpodautoscalers |
-> | Microsoft.Kubernetes/connectedClusters/batch/cronjobs/read | Reads cronjobs |
-> | Microsoft.Kubernetes/connectedClusters/batch/cronjobs/write | Writes cronjobs |
-> | Microsoft.Kubernetes/connectedClusters/batch/cronjobs/delete | Deletes cronjobs |
-> | Microsoft.Kubernetes/connectedClusters/batch/jobs/read | Reads jobs |
-> | Microsoft.Kubernetes/connectedClusters/batch/jobs/write | Writes jobs |
-> | Microsoft.Kubernetes/connectedClusters/batch/jobs/delete | Deletes jobs |
-> | Microsoft.Kubernetes/connectedClusters/bindings/write | Writes bindings |
-> | Microsoft.Kubernetes/connectedClusters/certificates.k8s.io/certificatesigningrequests/read | Reads certificatesigningrequests |
-> | Microsoft.Kubernetes/connectedClusters/certificates.k8s.io/certificatesigningrequests/write | Writes certificatesigningrequests |
-> | Microsoft.Kubernetes/connectedClusters/certificates.k8s.io/certificatesigningrequests/delete | Deletes certificatesigningrequests |
-> | Microsoft.Kubernetes/connectedClusters/componentstatuses/read | Reads componentstatuses |
-> | Microsoft.Kubernetes/connectedClusters/componentstatuses/write | Writes componentstatuses |
-> | Microsoft.Kubernetes/connectedClusters/componentstatuses/delete | Deletes componentstatuses |
-> | Microsoft.Kubernetes/connectedClusters/configmaps/read | Reads configmaps |
-> | Microsoft.Kubernetes/connectedClusters/configmaps/write | Writes configmaps |
-> | Microsoft.Kubernetes/connectedClusters/configmaps/delete | Deletes configmaps |
-> | Microsoft.Kubernetes/connectedClusters/coordination.k8s.io/leases/read | Reads leases |
-> | Microsoft.Kubernetes/connectedClusters/coordination.k8s.io/leases/write | Writes leases |
-> | Microsoft.Kubernetes/connectedClusters/coordination.k8s.io/leases/delete | Deletes leases |
-> | Microsoft.Kubernetes/connectedClusters/discovery.k8s.io/endpointslices/read | Reads endpointslices |
-> | Microsoft.Kubernetes/connectedClusters/discovery.k8s.io/endpointslices/write | Writes endpointslices |
-> | Microsoft.Kubernetes/connectedClusters/discovery.k8s.io/endpointslices/delete | Deletes endpointslices |
-> | Microsoft.Kubernetes/connectedClusters/endpoints/read | Reads endpoints |
-> | Microsoft.Kubernetes/connectedClusters/endpoints/write | Writes endpoints |
-> | Microsoft.Kubernetes/connectedClusters/endpoints/delete | Deletes endpoints |
-> | Microsoft.Kubernetes/connectedClusters/events/read | Reads events |
-> | Microsoft.Kubernetes/connectedClusters/events/write | Writes events |
-> | Microsoft.Kubernetes/connectedClusters/events/delete | Deletes events |
-> | Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read | Reads events |
-> | Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/write | Writes events |
-> | Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/delete | Deletes events |
-> | Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/read | Reads daemonsets |
-> | Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/write | Writes daemonsets |
-> | Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/delete | Deletes daemonsets |
-> | Microsoft.Kubernetes/connectedClusters/extensions/deployments/read | Reads deployments |
-> | Microsoft.Kubernetes/connectedClusters/extensions/deployments/write | Writes deployments |
-> | Microsoft.Kubernetes/connectedClusters/extensions/deployments/delete | Deletes deployments |
-> | Microsoft.Kubernetes/connectedClusters/extensions/ingresses/read | Reads ingresses |
-> | Microsoft.Kubernetes/connectedClusters/extensions/ingresses/write | Writes ingresses |
-> | Microsoft.Kubernetes/connectedClusters/extensions/ingresses/delete | Deletes ingresses |
-> | Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/read | Reads networkpolicies |
-> | Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/write | Writes networkpolicies |
-> | Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/delete | Deletes networkpolicies |
-> | Microsoft.Kubernetes/connectedClusters/extensions/podsecuritypolicies/read | Reads podsecuritypolicies |
-> | Microsoft.Kubernetes/connectedClusters/extensions/podsecuritypolicies/write | Writes podsecuritypolicies |
-> | Microsoft.Kubernetes/connectedClusters/extensions/podsecuritypolicies/delete | Deletes podsecuritypolicies |
-> | Microsoft.Kubernetes/connectedClusters/extensions/replicasets/read | Reads replicasets |
-> | Microsoft.Kubernetes/connectedClusters/extensions/replicasets/write | Writes replicasets |
-> | Microsoft.Kubernetes/connectedClusters/extensions/replicasets/delete | Deletes replicasets |
-> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/flowschemas/read | Reads flowschemas |
-> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/flowschemas/write | Writes flowschemas |
-> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/flowschemas/delete | Deletes flowschemas |
-> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/prioritylevelconfigurations/read | Reads prioritylevelconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/prioritylevelconfigurations/write | Writes prioritylevelconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/prioritylevelconfigurations/delete | Deletes prioritylevelconfigurations |
-> | Microsoft.Kubernetes/connectedClusters/groups/impersonate/action | Impersonate groups |
-> | Microsoft.Kubernetes/connectedClusters/healthz/read | Reads healthz |
-> | Microsoft.Kubernetes/connectedClusters/healthz/autoregister-completion/read | Reads autoregister-completion |
-> | Microsoft.Kubernetes/connectedClusters/healthz/etcd/read | Reads etcd |
-> | Microsoft.Kubernetes/connectedClusters/healthz/log/read | Reads log |
-> | Microsoft.Kubernetes/connectedClusters/healthz/ping/read | Reads ping |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/apiservice-openapi-controller/read | Reads apiservice-openapi-controller |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/apiservice-registration-controller/read | Reads apiservice-registration-controller |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/apiservice-status-available-controller/read | Reads apiservice-status-available-controller |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/bootstrap-controller/read | Reads bootstrap-controller |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/ca-registration/read | Reads ca-registration |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/crd-informer-synced/read | Reads crd-informer-synced |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/generic-apiserver-start-informers/read | Reads generic-apiserver-start-informers |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/kube-apiserver-autoregistration/read | Reads kube-apiserver-autoregistration |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/rbac/bootstrap-roles/read | Reads bootstrap-roles |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/scheduling/bootstrap-system-priority-classes/read | Reads bootstrap-system-priority-classes |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-apiextensions-controllers/read | Reads start-apiextensions-controllers |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-apiextensions-informers/read | Reads start-apiextensions-informers |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-kube-aggregator-informers/read | Reads start-kube-aggregator-informers |
-> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-kube-apiserver-admission-initializer/read | Reads start-kube-apiserver-admission-initializer |
-> | Microsoft.Kubernetes/connectedClusters/limitranges/read | Reads limitranges |
-> | Microsoft.Kubernetes/connectedClusters/limitranges/write | Writes limitranges |
-> | Microsoft.Kubernetes/connectedClusters/limitranges/delete | Deletes limitranges |
-> | Microsoft.Kubernetes/connectedClusters/livez/read | Reads livez |
-> | Microsoft.Kubernetes/connectedClusters/livez/autoregister-completion/read | Reads autoregister-completion |
-> | Microsoft.Kubernetes/connectedClusters/livez/etcd/read | Reads etcd |
-> | Microsoft.Kubernetes/connectedClusters/livez/log/read | Reads log |
-> | Microsoft.Kubernetes/connectedClusters/livez/ping/read | Reads ping |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/apiservice-openapi-controller/read | Reads apiservice-openapi-controller |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/apiservice-registration-controller/read | Reads apiservice-registration-controller |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/apiservice-status-available-controller/read | Reads apiservice-status-available-controller |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/bootstrap-controller/read | Reads bootstrap-controller |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/ca-registration/read | Reads ca-registration |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/crd-informer-synced/read | Reads crd-informer-synced |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/generic-apiserver-start-informers/read | Reads generic-apiserver-start-informers |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/kube-apiserver-autoregistration/read | Reads kube-apiserver-autoregistration |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/rbac/bootstrap-roles/read | Reads bootstrap-roles |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/scheduling/bootstrap-system-priority-classes/read | Reads bootstrap-system-priority-classes |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-apiextensions-controllers/read | Reads start-apiextensions-controllers |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-apiextensions-informers/read | Reads start-apiextensions-informers |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-kube-aggregator-informers/read | Reads start-kube-aggregator-informers |
-> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-kube-apiserver-admission-initializer/read | Reads start-kube-apiserver-admission-initializer |
-> | Microsoft.Kubernetes/connectedClusters/logs/read | Reads logs |
-> | Microsoft.Kubernetes/connectedClusters/metrics/read | Reads metrics |
-> | Microsoft.Kubernetes/connectedClusters/metrics.k8s.io/nodes/read | Reads nodes |
-> | Microsoft.Kubernetes/connectedClusters/metrics.k8s.io/pods/read | Reads pods |
-> | Microsoft.Kubernetes/connectedClusters/namespaces/read | Reads namespaces |
-> | Microsoft.Kubernetes/connectedClusters/namespaces/write | Writes namespaces |
-> | Microsoft.Kubernetes/connectedClusters/namespaces/delete | Deletes namespaces |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingressclasses/read | Reads ingressclasses |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingressclasses/write | Writes ingressclasses |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingressclasses/delete | Deletes ingressclasses |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/read | Reads ingresses |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/write | Writes ingresses |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/delete | Deletes ingresses |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/read | Reads networkpolicies |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/write | Writes networkpolicies |
-> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/delete | Deletes networkpolicies |
-> | Microsoft.Kubernetes/connectedClusters/node.k8s.io/runtimeclasses/read | Reads runtimeclasses |
-> | Microsoft.Kubernetes/connectedClusters/node.k8s.io/runtimeclasses/write | Writes runtimeclasses |
-> | Microsoft.Kubernetes/connectedClusters/node.k8s.io/runtimeclasses/delete | Deletes runtimeclasses |
-> | Microsoft.Kubernetes/connectedClusters/nodes/read | Reads nodes |
-> | Microsoft.Kubernetes/connectedClusters/nodes/write | Writes nodes |
-> | Microsoft.Kubernetes/connectedClusters/nodes/delete | Deletes nodes |
-> | Microsoft.Kubernetes/connectedClusters/openapi/v2/read | Reads v2 |
-> | Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/read | Reads persistentvolumeclaims |
-> | Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/write | Writes persistentvolumeclaims |
-> | Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/delete | Deletes persistentvolumeclaims |
-> | Microsoft.Kubernetes/connectedClusters/persistentvolumes/read | Reads persistentvolumes |
-> | Microsoft.Kubernetes/connectedClusters/persistentvolumes/write | Writes persistentvolumes |
-> | Microsoft.Kubernetes/connectedClusters/persistentvolumes/delete | Deletes persistentvolumes |
-> | Microsoft.Kubernetes/connectedClusters/pods/read | Reads pods |
-> | Microsoft.Kubernetes/connectedClusters/pods/write | Writes pods |
-> | Microsoft.Kubernetes/connectedClusters/pods/delete | Deletes pods |
-> | Microsoft.Kubernetes/connectedClusters/pods/exec/action | Exec into a pod |
-> | Microsoft.Kubernetes/connectedClusters/podtemplates/read | Reads podtemplates |
-> | Microsoft.Kubernetes/connectedClusters/podtemplates/write | Writes podtemplates |
-> | Microsoft.Kubernetes/connectedClusters/podtemplates/delete | Deletes podtemplates |
-> | Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/read | Reads poddisruptionbudgets |
-> | Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/write | Writes poddisruptionbudgets |
-> | Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/delete | Deletes poddisruptionbudgets |
-> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/read | Reads podsecuritypolicies |
-> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/write | Writes podsecuritypolicies |
-> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/delete | Deletes podsecuritypolicies |
-> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/use/action | Use action on podsecuritypolicies |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterrolebindings/read | Reads clusterrolebindings |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterrolebindings/write | Writes clusterrolebindings |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterrolebindings/delete | Deletes clusterrolebindings |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/read | Reads clusterroles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/write | Writes clusterroles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/delete | Deletes clusterroles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/bind/action | Binds clusterroles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/escalate/action | Escalates |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/read | Reads rolebindings |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/write | Writes rolebindings |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/delete | Deletes rolebindings |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/read | Reads roles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/write | Writes roles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/delete | Deletes roles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/bind/action | Binds roles |
-> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/escalate/action | Escalates roles |
-> | Microsoft.Kubernetes/connectedClusters/readyz/read | Reads readyz |
-> | Microsoft.Kubernetes/connectedClusters/readyz/autoregister-completion/read | Reads autoregister-completion |
-> | Microsoft.Kubernetes/connectedClusters/readyz/etcd/read | Reads etcd |
-> | Microsoft.Kubernetes/connectedClusters/readyz/log/read | Reads log |
-> | Microsoft.Kubernetes/connectedClusters/readyz/ping/read | Reads ping |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/apiservice-openapi-controller/read | Reads apiservice-openapi-controller |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/apiservice-registration-controller/read | Reads apiservice-registration-controller |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/apiservice-status-available-controller/read | Reads apiservice-status-available-controller |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/bootstrap-controller/read | Reads bootstrap-controller |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/ca-registration/read | Reads ca-registration |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/crd-informer-synced/read | Reads crd-informer-synced |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/generic-apiserver-start-informers/read | Reads generic-apiserver-start-informers |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/kube-apiserver-autoregistration/read | Reads kube-apiserver-autoregistration |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/rbac/bootstrap-roles/read | Reads bootstrap-roles |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/scheduling/bootstrap-system-priority-classes/read | Reads bootstrap-system-priority-classes |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-apiextensions-controllers/read | Reads start-apiextensions-controllers |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-apiextensions-informers/read | Reads start-apiextensions-informers |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-kube-aggregator-informers/read | Reads start-kube-aggregator-informers |
-> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-kube-apiserver-admission-initializer/read | Reads start-kube-apiserver-admission-initializer |
-> | Microsoft.Kubernetes/connectedClusters/readyz/shutdown/read | Reads shutdown |
-> | Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read | Reads replicationcontrollers |
-> | Microsoft.Kubernetes/connectedClusters/replicationcontrollers/write | Writes replicationcontrollers |
-> | Microsoft.Kubernetes/connectedClusters/replicationcontrollers/delete | Deletes replicationcontrollers |
-> | Microsoft.Kubernetes/connectedClusters/resetMetrics/read | Reads resetMetrics |
-> | Microsoft.Kubernetes/connectedClusters/resourcequotas/read | Reads resourcequotas |
-> | Microsoft.Kubernetes/connectedClusters/resourcequotas/write | Writes resourcequotas |
-> | Microsoft.Kubernetes/connectedClusters/resourcequotas/delete | Deletes resourcequotas |
-> | Microsoft.Kubernetes/connectedClusters/scheduling.k8s.io/priorityclasses/read | Reads priorityclasses |
-> | Microsoft.Kubernetes/connectedClusters/scheduling.k8s.io/priorityclasses/write | Writes priorityclasses |
-> | Microsoft.Kubernetes/connectedClusters/scheduling.k8s.io/priorityclasses/delete | Deletes priorityclasses |
-> | Microsoft.Kubernetes/connectedClusters/secrets/read | Reads secrets |
-> | Microsoft.Kubernetes/connectedClusters/secrets/write | Writes secrets |
-> | Microsoft.Kubernetes/connectedClusters/secrets/delete | Deletes secrets |
-> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/read | Reads serviceaccounts |
-> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/write | Writes serviceaccounts |
-> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/delete | Deletes serviceaccounts |
-> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/impersonate/action | Impersonate serviceaccounts |
-> | Microsoft.Kubernetes/connectedClusters/services/read | Reads services |
-> | Microsoft.Kubernetes/connectedClusters/services/write | Writes services |
-> | Microsoft.Kubernetes/connectedClusters/services/delete | Deletes services |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csidrivers/read | Reads csidrivers |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csidrivers/write | Writes csidrivers |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csidrivers/delete | Deletes csidrivers |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csinodes/read | Reads csinodes |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csinodes/write | Writes csinodes |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csinodes/delete | Deletes csinodes |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csistoragecapacities/read | Reads csistoragecapacities |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csistoragecapacities/write | Writes csistoragecapacities |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csistoragecapacities/delete | Deletes csistoragecapacities |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/storageclasses/read | Reads storageclasses |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/storageclasses/write | Writes storageclasses |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/storageclasses/delete | Deletes storageclasses |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/volumeattachments/read | Reads volumeattachments |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/volumeattachments/write | Writes volumeattachments |
-> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/volumeattachments/delete | Deletes volumeattachments |
-> | Microsoft.Kubernetes/connectedClusters/swagger-api/read | Reads swagger-api |
-> | Microsoft.Kubernetes/connectedClusters/swagger-ui/read | Reads swagger-ui |
-> | Microsoft.Kubernetes/connectedClusters/ui/read | Reads ui |
-> | Microsoft.Kubernetes/connectedClusters/users/impersonate/action | Impersonate users |
-> | Microsoft.Kubernetes/connectedClusters/version/read | Reads version |
-
-## Microsoft.KubernetesConfiguration
-
-Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.KubernetesConfiguration/register/action | Registers subscription to Microsoft.KubernetesConfiguration resource provider. |
-> | Microsoft.KubernetesConfiguration/unregister/action | Unregisters subscription from Microsoft.KubernetesConfiguration resource provider. |
-> | Microsoft.KubernetesConfiguration/extensions/write | Creates or updates extension resource. |
-> | Microsoft.KubernetesConfiguration/extensions/read | Gets extension instance resource. |
-> | Microsoft.KubernetesConfiguration/extensions/delete | Deletes extension instance resource. |
-> | Microsoft.KubernetesConfiguration/extensions/operations/read | Gets Async Operation status. |
-> | Microsoft.KubernetesConfiguration/extensionTypes/read | Gets extension type. |
-> | Microsoft.KubernetesConfiguration/fluxConfigurations/write | Creates or updates flux configuration. |
-> | Microsoft.KubernetesConfiguration/fluxConfigurations/read | Gets flux configuration. |
-> | Microsoft.KubernetesConfiguration/fluxConfigurations/delete | Deletes flux configuration. |
-> | Microsoft.KubernetesConfiguration/fluxConfigurations/operations/read | Gets Async Operation status for flux configuration. |
-> | Microsoft.KubernetesConfiguration/namespaces/read | Get Namespace Resource |
-> | Microsoft.KubernetesConfiguration/namespaces/listUserCredential/action | Get User Credentials for the parent cluster of the namespace resource. |
-> | Microsoft.KubernetesConfiguration/operations/read | Gets available operations of the Microsoft.KubernetesConfiguration resource provider. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/write | Creates or updates private link scope. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/delete | Deletes private link scope. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/read | Gets private link scope |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/write | Creates or updates private endpoint connection proxy. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/delete | Deletes private endpoint connection proxy |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/read | Gets private endpoint connection proxy. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/validate/action | Validates private endpoint connection proxy object. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/updatePrivateEndpointProperties/action | Updates patch on private endpoint connection proxy. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/operations/read | Gets private endpoint connection proxies operation. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections/write | Creates or updates private endpoint connection. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections/delete | Deletes private endpoint connection. |
-> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections/read | Gets private endpoint connection. |
-> | Microsoft.KubernetesConfiguration/sourceControlConfigurations/write | Creates or updates source control configuration. |
-> | Microsoft.KubernetesConfiguration/sourceControlConfigurations/read | Gets source control configuration. |
-> | Microsoft.KubernetesConfiguration/sourceControlConfigurations/delete | Deletes source control configuration. |
- ## Microsoft.RedHatOpenShift Azure service: [Azure Red Hat OpenShift](/azure/openshift/)
role-based-access-control Databases https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/databases.md
This article lists the permissions for the Azure resource providers in the Datab
## Microsoft.Cache
+Power applications with high-throughput, low-latency data access.
+ Azure service: [Azure Cache for Redis](/azure/azure-cache-for-redis/) > [!div class="mx-tableFixed"]
Azure service: [Azure Cache for Redis](/azure/azure-cache-for-redis/)
> | Microsoft.Cache/redisEnterprise/privateLinkResources/read | Read 'groupId' of redis subresource that a private link can be connected to | > | Microsoft.Cache/redisEnterprise/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for a Redis Enterprise Cache |
-## Microsoft.DataFactory
-
-Azure service: [Data Factory](/azure/data-factory/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.DataFactory/register/action | Registers the subscription for the Data Factory Resource Provider. |
-> | Microsoft.DataFactory/unregister/action | Unregisters the subscription for the Data Factory Resource Provider. |
-> | Microsoft.DataFactory/checkazuredatafactorynameavailability/read | Checks if the Data Factory Name is available to use. |
-> | Microsoft.DataFactory/datafactories/read | Reads the Data Factory. |
-> | Microsoft.DataFactory/datafactories/write | Creates or Updates the Data Factory. |
-> | Microsoft.DataFactory/datafactories/delete | Deletes the Data Factory. |
-> | Microsoft.DataFactory/datafactories/activitywindows/read | Reads Activity Windows in the Data Factory with specified parameters. |
-> | Microsoft.DataFactory/datafactories/datapipelines/read | Reads any Pipeline. |
-> | Microsoft.DataFactory/datafactories/datapipelines/delete | Deletes any Pipeline. |
-> | Microsoft.DataFactory/datafactories/datapipelines/pause/action | Pauses any Pipeline. |
-> | Microsoft.DataFactory/datafactories/datapipelines/resume/action | Resumes any Pipeline. |
-> | Microsoft.DataFactory/datafactories/datapipelines/update/action | Updates any Pipeline. |
-> | Microsoft.DataFactory/datafactories/datapipelines/write | Creates or Updates any Pipeline. |
-> | Microsoft.DataFactory/datafactories/datapipelines/activities/activitywindows/read | Reads Activity Windows for the Pipeline Activity with specified parameters. |
-> | Microsoft.DataFactory/datafactories/datapipelines/activitywindows/read | Reads Activity Windows for the Pipeline with specified parameters. |
-> | Microsoft.DataFactory/datafactories/datasets/read | Reads any Dataset. |
-> | Microsoft.DataFactory/datafactories/datasets/delete | Deletes any Dataset. |
-> | Microsoft.DataFactory/datafactories/datasets/write | Creates or Updates any Dataset. |
-> | Microsoft.DataFactory/datafactories/datasets/activitywindows/read | Reads Activity Windows for the Dataset with specified parameters. |
-> | Microsoft.DataFactory/datafactories/datasets/sliceruns/read | Reads the Data Slice Run for the given dataset with the given start time. |
-> | Microsoft.DataFactory/datafactories/datasets/slices/read | Gets the Data Slices in the given period. |
-> | Microsoft.DataFactory/datafactories/datasets/slices/write | Update the Status of the Data Slice. |
-> | Microsoft.DataFactory/datafactories/gateways/read | Reads any Gateway. |
-> | Microsoft.DataFactory/datafactories/gateways/write | Creates or Updates any Gateway. |
-> | Microsoft.DataFactory/datafactories/gateways/delete | Deletes any Gateway. |
-> | Microsoft.DataFactory/datafactories/gateways/connectioninfo/action | Reads the Connection Info for any Gateway. |
-> | Microsoft.DataFactory/datafactories/gateways/listauthkeys/action | Lists the Authentication Keys for any Gateway. |
-> | Microsoft.DataFactory/datafactories/gateways/regenerateauthkey/action | Regenerates the Authentication Keys for any Gateway. |
-> | Microsoft.DataFactory/datafactories/linkedServices/read | Reads any Linked Service. |
-> | Microsoft.DataFactory/datafactories/linkedServices/delete | Deletes any Linked Service. |
-> | Microsoft.DataFactory/datafactories/linkedServices/write | Creates or Updates any Linked Service. |
-> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
-> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
-> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for datafactories |
-> | Microsoft.DataFactory/datafactories/runs/loginfo/read | Reads a SAS URI to a blob container containing the logs. |
-> | Microsoft.DataFactory/datafactories/tables/read | Reads any Dataset. |
-> | Microsoft.DataFactory/datafactories/tables/delete | Deletes any Dataset. |
-> | Microsoft.DataFactory/datafactories/tables/write | Creates or Updates any Dataset. |
-> | Microsoft.DataFactory/factories/read | Reads Data Factory. |
-> | Microsoft.DataFactory/factories/write | Create or Update Data Factory |
-> | Microsoft.DataFactory/factories/delete | Deletes Data Factory. |
-> | Microsoft.DataFactory/factories/createdataflowdebugsession/action | Creates a Data Flow debug session. |
-> | Microsoft.DataFactory/factories/startdataflowdebugsession/action | Starts a Data Flow debug session. |
-> | Microsoft.DataFactory/factories/addDataFlowToDebugSession/action | Add Data Flow to debug session for preview. |
-> | Microsoft.DataFactory/factories/executeDataFlowDebugCommand/action | Execute Data Flow debug command. |
-> | Microsoft.DataFactory/factories/deletedataflowdebugsession/action | Deletes a Data Flow debug session. |
-> | Microsoft.DataFactory/factories/querydataflowdebugsessions/action | Queries a Data Flow debug session. |
-> | Microsoft.DataFactory/factories/cancelpipelinerun/action | Cancels the pipeline run specified by the run ID. |
-> | Microsoft.DataFactory/factories/cancelSandboxPipelineRun/action | Cancels a debug run for the Pipeline. |
-> | Microsoft.DataFactory/factories/sandboxpipelineruns/action | Queries the Debug Pipeline Runs. |
-> | Microsoft.DataFactory/factories/querytriggers/action | Queries the Triggers. |
-> | Microsoft.DataFactory/factories/getFeatureValue/action | Get exposure control feature value for the specific location. |
-> | Microsoft.DataFactory/factories/queryFeaturesValue/action | Get exposure control feature values for a list of features |
-> | Microsoft.DataFactory/factories/getDataPlaneAccess/action | Gets access to ADF DataPlane service. |
-> | Microsoft.DataFactory/factories/getGitHubAccessToken/action | Gets GitHub access token. |
-> | Microsoft.DataFactory/factories/querytriggerruns/action | Queries the Trigger Runs. |
-> | Microsoft.DataFactory/factories/querypipelineruns/action | Queries the Pipeline Runs. |
-> | Microsoft.DataFactory/factories/querydebugpipelineruns/action | Queries the Debug Pipeline Runs. |
-> | Microsoft.DataFactory/factories/adfcdcs/read | Reads ADF Change data capture. |
-> | Microsoft.DataFactory/factories/adfcdcs/delete | Deletes ADF Change data capture. |
-> | Microsoft.DataFactory/factories/adfcdcs/write | Create or update ADF Change data capture. |
-> | Microsoft.DataFactory/factories/adflinkconnections/read | Reads ADF Link Connection. |
-> | Microsoft.DataFactory/factories/adflinkconnections/delete | Deletes ADF Link Connection. |
-> | Microsoft.DataFactory/factories/adflinkconnections/write | Create or update ADF Link Connection |
-> | Microsoft.DataFactory/factories/credentials/read | Reads any Credential. |
-> | Microsoft.DataFactory/factories/credentials/write | Writes any Credential. |
-> | Microsoft.DataFactory/factories/credentials/delete | Deletes any Credential. |
-> | Microsoft.DataFactory/factories/dataflows/read | Reads Data Flow. |
-> | Microsoft.DataFactory/factories/dataflows/delete | Deletes Data Flow. |
-> | Microsoft.DataFactory/factories/dataflows/write | Create or update Data Flow |
-> | Microsoft.DataFactory/factories/dataMappers/read | Reads Data Mapping. |
-> | Microsoft.DataFactory/factories/dataMappers/delete | Deletes Data Mapping. |
-> | Microsoft.DataFactory/factories/dataMappers/write | Create or update Data Mapping |
-> | Microsoft.DataFactory/factories/datasets/read | Reads any Dataset. |
-> | Microsoft.DataFactory/factories/datasets/delete | Deletes any Dataset. |
-> | Microsoft.DataFactory/factories/datasets/write | Creates or Updates any Dataset. |
-> | Microsoft.DataFactory/factories/debugpipelineruns/cancel/action | Cancels a debug run for the Pipeline. |
-> | Microsoft.DataFactory/factories/getDataPlaneAccess/read | Reads access to ADF DataPlane service. |
-> | Microsoft.DataFactory/factories/getFeatureValue/read | Reads exposure control feature value for the specific location. |
-> | Microsoft.DataFactory/factories/globalParameters/read | Reads GlobalParameter. |
-> | Microsoft.DataFactory/factories/globalParameters/delete | Deletes GlobalParameter. |
-> | Microsoft.DataFactory/factories/globalParameters/write | Create or Update GlobalParameter. |
-> | Microsoft.DataFactory/factories/integrationruntimes/read | Reads any Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/write | Creates or Updates any Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/delete | Deletes any Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/start/action | Starts any Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/stop/action | Stops any Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/getconnectioninfo/action | Reads Integration Runtime Connection Info. |
-> | Microsoft.DataFactory/factories/integrationruntimes/listauthkeys/action | Lists the Authentication Keys for any Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/synccredentials/action | Syncs the Credentials for the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/upgrade/action | Upgrades the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/createexpressshirinstalllink/action | Create express install link for self hosted Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/regenerateauthkey/action | Regenerates the Authentication Keys for the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/removelinks/action | Removes Linked Integration Runtime References from the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/linkedIntegrationRuntime/action | Create Linked Integration Runtime Reference on the Specified Shared Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/getObjectMetadata/action | Get SSIS Integration Runtime metadata for the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/refreshObjectMetadata/action | Refresh SSIS Integration Runtime metadata for the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/enableInteractiveQuery/action | Enable interactive authoring session. |
-> | Microsoft.DataFactory/factories/integrationruntimes/disableInteractiveQuery/action | Disable interactive authoring session. |
-> | Microsoft.DataFactory/factories/integrationruntimes/getstatus/read | Reads Integration Runtime Status. |
-> | Microsoft.DataFactory/factories/integrationruntimes/monitoringdata/read | Gets the Monitoring Data for any Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/nodes/read | Reads the Node for the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/nodes/delete | Deletes the Node for the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/nodes/write | Updates a self-hosted Integration Runtime Node. |
-> | Microsoft.DataFactory/factories/integrationruntimes/nodes/ipAddress/action | Returns the IP Address for the specified node of the Integration Runtime. |
-> | Microsoft.DataFactory/factories/integrationruntimes/outboundNetworkDependenciesEndpoints/read | Get Azure-SSIS Integration Runtime outbound network dependency endpoints for the specified Integration Runtime. |
-> | Microsoft.DataFactory/factories/linkedServices/read | Reads Linked Service. |
-> | Microsoft.DataFactory/factories/linkedServices/delete | Deletes Linked Service. |
-> | Microsoft.DataFactory/factories/linkedServices/write | Create or Update Linked Service |
-> | Microsoft.DataFactory/factories/managedVirtualNetworks/read | Read Managed Virtual Network. |
-> | Microsoft.DataFactory/factories/managedVirtualNetworks/write | Create or Update Managed Virtual Network. |
-> | Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/read | Read Managed Private Endpoint. |
-> | Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/write | Create or Update Managed Private Endpoint. |
-> | Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/delete | Delete Managed Private Endpoint. |
-> | Microsoft.DataFactory/factories/operationResults/read | Gets operation results. |
-> | Microsoft.DataFactory/factories/pipelineruns/read | Reads the Pipeline Runs. |
-> | Microsoft.DataFactory/factories/pipelineruns/cancel/action | Cancels the pipeline run specified by the run ID. |
-> | Microsoft.DataFactory/factories/pipelineruns/queryactivityruns/action | Queries the activity runs for the specified pipeline run ID. |
-> | Microsoft.DataFactory/factories/pipelineruns/activityruns/read | Reads the activity runs for the specified pipeline run ID. |
-> | Microsoft.DataFactory/factories/pipelineruns/queryactivityruns/read | Reads the result of query activity runs for the specified pipeline run ID. |
-> | Microsoft.DataFactory/factories/pipelines/read | Reads Pipeline. |
-> | Microsoft.DataFactory/factories/pipelines/delete | Deletes Pipeline. |
-> | Microsoft.DataFactory/factories/pipelines/write | Create or Update Pipeline |
-> | Microsoft.DataFactory/factories/pipelines/createrun/action | Creates a run for the Pipeline. |
-> | Microsoft.DataFactory/factories/pipelines/sandbox/action | Creates a debug run environment for the Pipeline. |
-> | Microsoft.DataFactory/factories/pipelines/pipelineruns/read | Reads the Pipeline Run. |
-> | Microsoft.DataFactory/factories/pipelines/pipelineruns/activityruns/progress/read | Gets the Progress of Activity Runs. |
-> | Microsoft.DataFactory/factories/pipelines/sandbox/create/action | Creates a debug run environment for the Pipeline. |
-> | Microsoft.DataFactory/factories/pipelines/sandbox/run/action | Creates a debug run for the Pipeline. |
-> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/read | Read Private Endpoint Connection Proxy. |
-> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/write | Create or Update private Endpoint Connection Proxy. |
-> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection Proxy. |
-> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/validate/action | Validate a Private Endpoint Connection Proxy. |
-> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationresults/read | Read the results of creating a Private Endpoint Connection Proxy. |
-> | Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationstatuses/read | Read the status of creating a Private Endpoint Connection Proxy. |
-> | Microsoft.DataFactory/factories/privateEndpointConnections/read | Read Private Endpoint Connection. |
-> | Microsoft.DataFactory/factories/privateEndpointConnections/write | Create or Update Private Endpoint Connection. |
-> | Microsoft.DataFactory/factories/privateEndpointConnections/delete | Delete Private Endpoint Connection. |
-> | Microsoft.DataFactory/factories/privateLinkResources/read | Read Private Link Resource. |
-> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
-> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
-> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for factories |
-> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for factories |
-> | Microsoft.DataFactory/factories/queryFeaturesValue/read | Reads exposure control feature values for a list of features. |
-> | Microsoft.DataFactory/factories/querypipelineruns/read | Reads the Result of Query Pipeline Runs. |
-> | Microsoft.DataFactory/factories/querytriggerruns/read | Reads the Result of Trigger Runs. |
-> | Microsoft.DataFactory/factories/sandboxpipelineruns/read | Gets the debug run info for the Pipeline. |
-> | Microsoft.DataFactory/factories/sandboxpipelineruns/sandboxActivityRuns/read | Gets the debug run info for the Activity. |
-> | Microsoft.DataFactory/factories/sessions/write | Writes any Session. |
-> | Microsoft.DataFactory/factories/triggerruns/read | Reads the Trigger Runs. |
-> | Microsoft.DataFactory/factories/triggers/read | Reads any Trigger. |
-> | Microsoft.DataFactory/factories/triggers/write | Creates or Updates any Trigger. |
-> | Microsoft.DataFactory/factories/triggers/delete | Deletes any Trigger. |
-> | Microsoft.DataFactory/factories/triggers/subscribetoevents/action | Subscribe to Events. |
-> | Microsoft.DataFactory/factories/triggers/geteventsubscriptionstatus/action | Event Subscription Status. |
-> | Microsoft.DataFactory/factories/triggers/unsubscribefromevents/action | Unsubscribe from Events. |
-> | Microsoft.DataFactory/factories/triggers/querysubscriptionevents/action | Query subscription events. |
-> | Microsoft.DataFactory/factories/triggers/deletequeuedsubscriptionevents/action | Delete queued subscription events. |
-> | Microsoft.DataFactory/factories/triggers/start/action | Starts any Trigger. |
-> | Microsoft.DataFactory/factories/triggers/stop/action | Stops any Trigger. |
-> | Microsoft.DataFactory/factories/triggers/triggerruns/read | Reads the Trigger Runs. |
-> | Microsoft.DataFactory/factories/triggers/triggerruns/cancel/action | Cancel the Trigger Run with the given trigger run id. |
-> | Microsoft.DataFactory/factories/triggers/triggerruns/rerun/action | Rerun the Trigger Run with the given trigger run id. |
-> | Microsoft.DataFactory/locations/configureFactoryRepo/action | Configures the repository for the factory. |
-> | Microsoft.DataFactory/locations/getFeatureValue/action | Get exposure control feature value for the specific location. |
-> | Microsoft.DataFactory/locations/getFeatureValue/read | Reads exposure control feature value for the specific location. |
-> | Microsoft.DataFactory/operations/read | Reads all Operations in Microsoft Data Factory Provider. |
-> | **DataAction** | **Description** |
-> | Microsoft.DataFactory/factories/credentials/useSecrets/action | Uses any Credential Secret. |
-
-## Microsoft.DataMigration
-
-Azure service: [Azure Database Migration Service](/azure/dms/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.DataMigration/register/action | Registers the subscription with the Azure Database Migration Service provider |
-> | Microsoft.DataMigration/databaseMigrations/write | Create or Update Database Migration resource |
-> | Microsoft.DataMigration/databaseMigrations/delete | Delete Database Migration resource |
-> | Microsoft.DataMigration/databaseMigrations/read | Retrieve the Database Migration resource |
-> | Microsoft.DataMigration/databaseMigrations/cancel/action | Stop ongoing migration for the database |
-> | Microsoft.DataMigration/databaseMigrations/cutover/action | Cutover online migration operation for the database |
-> | Microsoft.DataMigration/locations/migrationServiceOperationResults/read | Retrieve Service Operation Results |
-> | Microsoft.DataMigration/locations/operationResults/read | Get the status of a long-running operation related to a 202 Accepted response |
-> | Microsoft.DataMigration/locations/operationStatuses/read | Get the status of a long-running operation related to a 202 Accepted response |
-> | Microsoft.DataMigration/locations/sqlMigrationServiceOperationResults/read | Retrieve Service Operation Results |
-> | Microsoft.DataMigration/migrationServices/write | Create a new or change properties of existing Service |
-> | Microsoft.DataMigration/migrationServices/delete | Delete existing Service |
-> | Microsoft.DataMigration/migrationServices/read | Retrieve details of Migration Service |
-> | Microsoft.DataMigration/migrationServices/read | Retrieve details of Migration Services in a Resource Group |
-> | Microsoft.DataMigration/migrationServices/read | Retrieve all services in the Subscription |
-> | Microsoft.DataMigration/migrationServices/listMigrations/read | |
-> | Microsoft.DataMigration/operations/read | Get all REST Operations |
-> | Microsoft.DataMigration/services/read | Read information about resources |
-> | Microsoft.DataMigration/services/write | Create or update resources and their properties |
-> | Microsoft.DataMigration/services/delete | Deletes a resource and all of its children |
-> | Microsoft.DataMigration/services/stop/action | Stop the Azure Database Migration Service to minimize its cost |
-> | Microsoft.DataMigration/services/start/action | Start the Azure Database Migration Service to allow it to process migrations again |
-> | Microsoft.DataMigration/services/checkStatus/action | Check whether the service is deployed and running |
-> | Microsoft.DataMigration/services/configureWorker/action | Configures an Azure Database Migration Service worker to the Service's availiable workers |
-> | Microsoft.DataMigration/services/addWorker/action | Adds an Azure Database Migration Service worker to the Service's availiable workers |
-> | Microsoft.DataMigration/services/removeWorker/action | Removes an Azure Database Migration Service worker to the Service's availiable workers |
-> | Microsoft.DataMigration/services/updateAgentConfig/action | Updates Azure Database Migration Service agent configuration with provided values. |
-> | Microsoft.DataMigration/services/getHybridDownloadLink/action | Gets an Azure Database Migration Service worker package download link from RP Blob Storage. |
-> | Microsoft.DataMigration/services/projects/read | Read information about resources |
-> | Microsoft.DataMigration/services/projects/write | Run tasks Azure Database Migration Service tasks |
-> | Microsoft.DataMigration/services/projects/delete | Deletes a resource and all of its children |
-> | Microsoft.DataMigration/services/projects/accessArtifacts/action | Generate a URL that can be used to GET or PUT project artifacts |
-> | Microsoft.DataMigration/services/projects/tasks/read | Read information about resources |
-> | Microsoft.DataMigration/services/projects/tasks/write | Run tasks Azure Database Migration Service tasks |
-> | Microsoft.DataMigration/services/projects/tasks/delete | Deletes a resource and all of its children |
-> | Microsoft.DataMigration/services/projects/tasks/cancel/action | Cancel the task if it's currently running |
-> | Microsoft.DataMigration/services/serviceTasks/read | Read information about resources |
-> | Microsoft.DataMigration/services/serviceTasks/write | Run tasks Azure Database Migration Service tasks |
-> | Microsoft.DataMigration/services/serviceTasks/delete | Deletes a resource and all of its children |
-> | Microsoft.DataMigration/services/serviceTasks/cancel/action | Cancel the task if it's currently running |
-> | Microsoft.DataMigration/services/slots/read | Read information about resources |
-> | Microsoft.DataMigration/services/slots/write | Create or update resources and their properties |
-> | Microsoft.DataMigration/services/slots/delete | Deletes a resource and all of its children |
-> | Microsoft.DataMigration/skus/read | Get a list of SKUs supported by Azure Database Migration Service resources. |
-> | Microsoft.DataMigration/sqlMigrationServices/write | Create a new or change properties of existing Service |
-> | Microsoft.DataMigration/sqlMigrationServices/delete | Delete existing Service |
-> | Microsoft.DataMigration/sqlMigrationServices/read | Retrieve details of Migration Service |
-> | Microsoft.DataMigration/sqlMigrationServices/read | Retrieve details of Migration Services in a Resource Group |
-> | Microsoft.DataMigration/sqlMigrationServices/listAuthKeys/action | Retrieve the List of Authentication Keys |
-> | Microsoft.DataMigration/sqlMigrationServices/regenerateAuthKeys/action | Regenerate the Authentication Keys |
-> | Microsoft.DataMigration/sqlMigrationServices/deleteNode/action | |
-> | Microsoft.DataMigration/sqlMigrationServices/listMonitoringData/action | Retrieve the Monitoring Data |
-> | Microsoft.DataMigration/sqlMigrationServices/validateIR/action | |
-> | Microsoft.DataMigration/sqlMigrationServices/read | Retrieve all services in the Subscription |
-> | Microsoft.DataMigration/sqlMigrationServices/listMigrations/read | |
-> | Microsoft.DataMigration/sqlMigrationServices/MonitoringData/read | Retrieve the Monitoring Data |
-> | Microsoft.DataMigration/sqlMigrationServices/tasks/write | Create or Update Migration Service task |
-> | Microsoft.DataMigration/sqlMigrationServices/tasks/delete | |
-> | Microsoft.DataMigration/sqlMigrationServices/tasks/read | Get Migration Service task details |
- ## Microsoft.DBforMariaDB
+Managed MariaDB database service for app developers.
+ Azure service: [Azure Database for MariaDB](/azure/mariadb/) > [!div class="mx-tableFixed"]
Azure service: [Azure Database for MariaDB](/azure/mariadb/)
## Microsoft.DBforMySQL
+Managed MySQL database service for app developers.
+ Azure service: [Azure Database for MySQL](/azure/mysql/) > [!div class="mx-tableFixed"]
Azure service: [Azure Database for MySQL](/azure/mysql/)
## Microsoft.DBforPostgreSQL
+Managed PostgreSQL database service for app developers.
+ Azure service: [Azure Database for PostgreSQL](/azure/postgresql/) > [!div class="mx-tableFixed"]
Azure service: [Azure Database for PostgreSQL](/azure/postgresql/)
## Microsoft.DocumentDB
+A NoSQL document database-as-a-service.
+ Azure service: [Azure Cosmos DB](/azure/cosmos-db/) > [!div class="mx-tableFixed"]
Azure service: [Azure Cosmos DB](/azure/cosmos-db/)
## Microsoft.Sql
+Managed, intelligent SQL in the cloud.
+ Azure service: [Azure SQL Database](/azure/azure-sql/database/index), [Azure SQL Managed Instance](/azure/azure-sql/managed-instance/index), [Azure Synapse Analytics](/azure/synapse-analytics/) > [!div class="mx-tableFixed"]
Azure service: [Azure SQL Database](/azure/azure-sql/database/index), [Azure SQL
## Microsoft.SqlVirtualMachine
+Host enterprise SQL Server apps in the cloud.
+ Azure service: [SQL Server on Azure Virtual Machines](/azure/azure-sql/virtual-machines/windows/sql-server-on-azure-vm-iaas-what-is-overview) > [!div class="mx-tableFixed"]
role-based-access-control Devops https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/devops.md
Azure service: [Azure Chaos Studio](/azure/chaos-studio/)
## Microsoft.DevTestLab
+Quickly create environments using reusable templates and artifacts.
+ Azure service: [Azure Lab Services](/azure/lab-services/) > [!div class="mx-tableFixed"]
Azure service: [Azure Lab Services](/azure/lab-services/)
## Microsoft.LabServices
+Set up labs for classrooms, trials, development and testing, and other scenarios.
+ Azure service: [Azure Lab Services](/azure/lab-services/) > [!div class="mx-tableFixed"]
Azure service: [Microsoft Defender for Cloud](/azure/defender-for-cloud/)
## Microsoft.VisualStudio
+The powerful and flexible environment for developing applications in the cloud.
+ Azure service: [Azure DevOps](/azure/devops/) > [!div class="mx-tableFixed"]
role-based-access-control General https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/general.md
Azure service: core
> | Microsoft.Addons/supportProviders/supportPlanTypes/write | Adds the Canonical support plan type specified. | > | Microsoft.Addons/supportProviders/supportPlanTypes/delete | Removes the specified Canonical support plan |
+## Microsoft.Capacity
+
+Azure service: core
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.Capacity/calculateprice/action | Calculate any Reservation Price |
+> | Microsoft.Capacity/checkoffers/action | Check any Subscription Offers |
+> | Microsoft.Capacity/checkscopes/action | Check any Subscription |
+> | Microsoft.Capacity/validatereservationorder/action | Validate any Reservation |
+> | Microsoft.Capacity/reservationorders/action | Update any Reservation |
+> | Microsoft.Capacity/register/action | Registers the Capacity resource provider and enables the creation of Capacity resources. |
+> | Microsoft.Capacity/unregister/action | Unregister any Tenant |
+> | Microsoft.Capacity/calculateexchange/action | Computes the exchange amount and price of new purchase and returns policy Errors. |
+> | Microsoft.Capacity/exchange/action | Exchange any Reservation |
+> | Microsoft.Capacity/listSkus/action | Lists SKUs with filters and without any restrictions |
+> | Microsoft.Capacity/appliedreservations/read | Read All Reservations |
+> | Microsoft.Capacity/catalogs/read | Read catalog of Reservation |
+> | Microsoft.Capacity/commercialreservationorders/read | Get Reservation Orders created in any Tenant |
+> | Microsoft.Capacity/operations/read | Read any Operation |
+> | Microsoft.Capacity/reservationorders/changedirectory/action | Change directory of any reservation |
+> | Microsoft.Capacity/reservationorders/availablescopes/action | Find any Available Scope |
+> | Microsoft.Capacity/reservationorders/read | Read All Reservations |
+> | Microsoft.Capacity/reservationorders/write | Create any Reservation |
+> | Microsoft.Capacity/reservationorders/delete | Delete any Reservation |
+> | Microsoft.Capacity/reservationorders/reservations/action | Update any Reservation |
+> | Microsoft.Capacity/reservationorders/return/action | Return any Reservation |
+> | Microsoft.Capacity/reservationorders/swap/action | Swap any Reservation |
+> | Microsoft.Capacity/reservationorders/split/action | Split any Reservation |
+> | Microsoft.Capacity/reservationorders/changeBilling/action | Reservation billing change |
+> | Microsoft.Capacity/reservationorders/merge/action | Merge any Reservation |
+> | Microsoft.Capacity/reservationorders/calculaterefund/action | Computes the refund amount and price of new purchase and returns policy Errors. |
+> | Microsoft.Capacity/reservationorders/changebillingoperationresults/read | Poll any Reservation billing change operation |
+> | Microsoft.Capacity/reservationorders/mergeoperationresults/read | Poll any merge operation |
+> | Microsoft.Capacity/reservationorders/reservations/availablescopes/action | Find any Available Scope |
+> | Microsoft.Capacity/reservationorders/reservations/read | Read All Reservations |
+> | Microsoft.Capacity/reservationorders/reservations/write | Create any Reservation |
+> | Microsoft.Capacity/reservationorders/reservations/delete | Delete any Reservation |
+> | Microsoft.Capacity/reservationorders/reservations/archive/action | Archive a reservation which is in a terminal state like Expired, Split etc. |
+> | Microsoft.Capacity/reservationorders/reservations/unarchive/action | Unarchive a Reservation which was previously archived |
+> | Microsoft.Capacity/reservationorders/reservations/revisions/read | Read All Reservations |
+> | Microsoft.Capacity/reservationorders/splitoperationresults/read | Poll any split operation |
+> | Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | Get the current service limit or quota of the specified resource and location |
+> | Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | Create service limit or quota for the specified resource and location |
+> | Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | Get any service limit request for the specified resource and location |
+> | Microsoft.Capacity/tenants/register/action | Register any Tenant |
+
+## Microsoft.Commerce
+
+Azure service: core
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.Commerce/register/action | Register Subscription for Microsoft Commerce UsageAggregate |
+> | Microsoft.Commerce/unregister/action | Unregister Subscription for Microsoft Commerce UsageAggregate |
+> | Microsoft.Commerce/RateCard/read | Returns offer data, resource/meter metadata and rates for the given subscription. |
+> | Microsoft.Commerce/UsageAggregates/read | Retrieves Microsoft Azure's consumption by a subscription. The result contains aggregates usage data, subscription and resource related information, on a particular time range. |
+ ## Microsoft.Marketplace Azure service: core
Azure service: [Azure Quotas](/azure/quotas/quotas-overview)
> | Microsoft.Quota/quotas/write | Creates the service limit or quota request for the specified resource | > | Microsoft.Quota/usages/read | Get the usages for resource providers |
-## Microsoft.ResourceHealth
+## Microsoft.Subscription
-Azure service: [Azure Service Health](/azure/service-health/)
+Azure service: core
> [!div class="mx-tableFixed"] > | Action | Description | > | | |
-> | Microsoft.ResourceHealth/events/action | Endpoint to fetch details for event |
-> | Microsoft.ResourceHealth/register/action | Registers the subscription for the Microsoft ResourceHealth |
-> | Microsoft.ResourceHealth/unregister/action | Unregisters the subscription for the Microsoft ResourceHealth |
-> | Microsoft.Resourcehealth/healthevent/action | Denotes the change in health state for the specified resource |
-> | Microsoft.ResourceHealth/AvailabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
-> | Microsoft.ResourceHealth/AvailabilityStatuses/current/read | Gets the availability status for the specified resource |
-> | Microsoft.ResourceHealth/emergingissues/read | Get Azure services' emerging issues |
-> | Microsoft.ResourceHealth/events/read | Get Service Health Events for given subscription |
-> | Microsoft.ResourceHealth/events/fetchEventDetails/action | Endpoint to fetch details for event |
-> | Microsoft.ResourceHealth/events/listSecurityAdvisoryImpactedResources/action | Get Impacted Resources for a given event of type SecurityAdvisory |
-> | Microsoft.ResourceHealth/events/impactedResources/read | Get Impacted Resources for a given event |
-> | Microsoft.Resourcehealth/healthevent/Activated/action | Denotes the change in health state for the specified resource |
-> | Microsoft.Resourcehealth/healthevent/Updated/action | Denotes the change in health state for the specified resource |
-> | Microsoft.Resourcehealth/healthevent/Resolved/action | Denotes the change in health state for the specified resource |
-> | Microsoft.Resourcehealth/healthevent/InProgress/action | Denotes the change in health state for the specified resource |
-> | Microsoft.Resourcehealth/healthevent/Pending/action | Denotes the change in health state for the specified resource |
-> | Microsoft.ResourceHealth/impactedResources/read | Get Impacted Resources for given subscription |
-> | Microsoft.ResourceHealth/metadata/read | Gets Metadata |
-> | Microsoft.ResourceHealth/Notifications/read | Receives Azure Resource Manager notifications |
-> | Microsoft.ResourceHealth/Operations/read | Get the operations available for the Microsoft ResourceHealth |
-> | Microsoft.ResourceHealth/potentialoutages/read | Get Potential Outages for given subscription |
+> | Microsoft.Subscription/cancel/action | Cancels the Subscription |
+> | Microsoft.Subscription/rename/action | Renames the Subscription |
+> | Microsoft.Subscription/enable/action | Reactivates the Subscription |
+> | Microsoft.Subscription/aliases/write | Create subscription alias |
+> | Microsoft.Subscription/aliases/read | Get subscription alias |
+> | Microsoft.Subscription/aliases/delete | Delete subscription alias |
+> | Microsoft.Subscription/Policies/write | Create tenant policy |
+> | Microsoft.Subscription/Policies/default/read | Get tenant policy |
+> | Microsoft.Subscription/subscriptions/acceptOwnership/action | Accept ownership of Subscription |
+> | Microsoft.Subscription/subscriptions/acceptOwnershipStatus/read | Get the status of accepting ownership of Subscription |
## Microsoft.Support
role-based-access-control Hybrid Multicloud https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/hybrid-multicloud.md
This article lists the permissions for the Azure resource providers in the Hybri
## Microsoft.AzureStack
+Build and run innovative hybrid applications across cloud boundaries.
+ Azure service: [Azure Stack](/azure-stack/) > [!div class="mx-tableFixed"]
Azure service: Microsoft.HybridConnectivity
> | Microsoft.HybridConnectivity/solutionTypes/read | Retrieve the list of available solution types. | > | Microsoft.HybridConnectivity/solutionTypes/read | Retrieve the solution type by provided solution type. |
+## Microsoft.Kubernetes
+
+Azure service: [Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/overview)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.Kubernetes/register/action | Registers Subscription with Microsoft.Kubernetes resource provider |
+> | Microsoft.Kubernetes/unregister/action | Un-Registers Subscription with Microsoft.Kubernetes resource provider |
+> | Microsoft.Kubernetes/connectedClusters/Read | Read connectedClusters |
+> | Microsoft.Kubernetes/connectedClusters/Write | Writes connectedClusters |
+> | Microsoft.Kubernetes/connectedClusters/Delete | Deletes connectedClusters |
+> | Microsoft.Kubernetes/connectedClusters/listClusterUserCredentials/action | List clusterUser credential(preview) |
+> | Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action | List clusterUser credential |
+> | Microsoft.Kubernetes/locations/operationstatuses/read | Read Operation Statuses |
+> | Microsoft.Kubernetes/locations/operationstatuses/write | Write Operation Statuses |
+> | Microsoft.Kubernetes/operations/read | Lists operations available on Microsoft.Kubernetes resource provider |
+> | Microsoft.Kubernetes/RegisteredSubscriptions/read | Reads registered subscriptions |
+> | **DataAction** | **Description** |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/initializerconfigurations/read | Reads initializerconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/initializerconfigurations/write | Writes initializerconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/initializerconfigurations/delete | Deletes initializerconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/mutatingwebhookconfigurations/read | Reads mutatingwebhookconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/mutatingwebhookconfigurations/write | Writes mutatingwebhookconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/mutatingwebhookconfigurations/delete | Deletes mutatingwebhookconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/validatingwebhookconfigurations/read | Reads validatingwebhookconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/validatingwebhookconfigurations/write | Writes validatingwebhookconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/admissionregistration.k8s.io/validatingwebhookconfigurations/delete | Deletes validatingwebhookconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/api/read | Reads api |
+> | Microsoft.Kubernetes/connectedClusters/api/v1/read | Reads api/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apiextensions.k8s.io/customresourcedefinitions/read | Reads customresourcedefinitions |
+> | Microsoft.Kubernetes/connectedClusters/apiextensions.k8s.io/customresourcedefinitions/write | Writes customresourcedefinitions |
+> | Microsoft.Kubernetes/connectedClusters/apiextensions.k8s.io/customresourcedefinitions/delete | Deletes customresourcedefinitions |
+> | Microsoft.Kubernetes/connectedClusters/apiregistration.k8s.io/apiservices/read | Reads apiservices |
+> | Microsoft.Kubernetes/connectedClusters/apiregistration.k8s.io/apiservices/write | Writes apiservices |
+> | Microsoft.Kubernetes/connectedClusters/apiregistration.k8s.io/apiservices/delete | Deletes apiservices |
+> | Microsoft.Kubernetes/connectedClusters/apis/read | Reads apis |
+> | Microsoft.Kubernetes/connectedClusters/apis/admissionregistration.k8s.io/read | Reads admissionregistration.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/admissionregistration.k8s.io/v1/read | Reads admissionregistration.k8s.io/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/admissionregistration.k8s.io/v1beta1/read | Reads admissionregistration.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/apiextensions.k8s.io/read | Reads apiextensions.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/apiextensions.k8s.io/v1/read | Reads apiextensions.k8s.io/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/apiextensions.k8s.io/v1beta1/read | Reads apiextensions.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/apiregistration.k8s.io/read | Reads apiregistration.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/apiregistration.k8s.io/v1/read | Reads apiregistration.k8s.io/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/apiregistration.k8s.io/v1beta1/read | Reads apiregistration.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/apps/read | Reads apps |
+> | Microsoft.Kubernetes/connectedClusters/apis/apps/v1beta1/read | Reads apps/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/apps/v1beta2/read | Reads v1beta2 |
+> | Microsoft.Kubernetes/connectedClusters/apis/authentication.k8s.io/read | Reads authentication.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/authentication.k8s.io/v1/read | Reads authentication.k8s.io/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/authentication.k8s.io/v1beta1/read | Reads authentication.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/authorization.k8s.io/read | Reads authorization.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/authorization.k8s.io/v1/read | Reads authorization.k8s.io/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/authorization.k8s.io/v1beta1/read | Reads authorization.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/read | Reads autoscaling |
+> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/v1/read | Reads autoscaling/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/v2beta1/read | Reads autoscaling/v2beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/autoscaling/v2beta2/read | Reads autoscaling/v2beta2 |
+> | Microsoft.Kubernetes/connectedClusters/apis/batch/read | Reads batch |
+> | Microsoft.Kubernetes/connectedClusters/apis/batch/v1/read | Reads batch/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/batch/v1beta1/read | Reads batch/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/certificates.k8s.io/read | Reads certificates.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/certificates.k8s.io/v1beta1/read | Reads certificates.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/coordination.k8s.io/read | Reads coordination.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/coordination.k8s.io/v1/read | Reads coordination/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/coordination.k8s.io/v1beta1/read | Reads coordination.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/events.k8s.io/read | Reads events.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/events.k8s.io/v1beta1/read | Reads events.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/extensions/read | Reads extensions |
+> | Microsoft.Kubernetes/connectedClusters/apis/extensions/v1beta1/read | Reads extensions/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/metrics.k8s.io/read | Reads metrics.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/metrics.k8s.io/v1beta1/read | Reads metrics.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/networking.k8s.io/read | Reads networking.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/networking.k8s.io/v1/read | Reads networking/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/networking.k8s.io/v1beta1/read | Reads networking.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/node.k8s.io/read | Reads node.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/node.k8s.io/v1beta1/read | Reads node.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/policy/read | Reads policy |
+> | Microsoft.Kubernetes/connectedClusters/apis/policy/v1beta1/read | Reads policy/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/rbac.authorization.k8s.io/read | Reads rbac.authorization.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/rbac.authorization.k8s.io/v1/read | Reads rbac.authorization/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/rbac.authorization.k8s.io/v1beta1/read | Reads rbac.authorization.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/scheduling.k8s.io/read | Reads scheduling.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/scheduling.k8s.io/v1/read | Reads scheduling/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/scheduling.k8s.io/v1beta1/read | Reads scheduling.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/storage.k8s.io/read | Reads storage.k8s.io |
+> | Microsoft.Kubernetes/connectedClusters/apis/storage.k8s.io/v1/read | Reads storage/v1 |
+> | Microsoft.Kubernetes/connectedClusters/apis/storage.k8s.io/v1beta1/read | Reads storage.k8s.io/v1beta1 |
+> | Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read | Reads controllerrevisions |
+> | Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/write | Writes controllerrevisions |
+> | Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/delete | Deletes controllerrevisions |
+> | Microsoft.Kubernetes/connectedClusters/apps/daemonsets/read | Reads daemonsets |
+> | Microsoft.Kubernetes/connectedClusters/apps/daemonsets/write | Writes daemonsets |
+> | Microsoft.Kubernetes/connectedClusters/apps/daemonsets/delete | Deletes daemonsets |
+> | Microsoft.Kubernetes/connectedClusters/apps/deployments/read | Reads deployments |
+> | Microsoft.Kubernetes/connectedClusters/apps/deployments/write | Writes deployments |
+> | Microsoft.Kubernetes/connectedClusters/apps/deployments/delete | Deletes deployments |
+> | Microsoft.Kubernetes/connectedClusters/apps/replicasets/read | Reads replicasets |
+> | Microsoft.Kubernetes/connectedClusters/apps/replicasets/write | Writes replicasets |
+> | Microsoft.Kubernetes/connectedClusters/apps/replicasets/delete | Deletes replicasets |
+> | Microsoft.Kubernetes/connectedClusters/apps/statefulsets/read | Reads statefulsets |
+> | Microsoft.Kubernetes/connectedClusters/apps/statefulsets/write | Writes statefulsets |
+> | Microsoft.Kubernetes/connectedClusters/apps/statefulsets/delete | Deletes statefulsets |
+> | Microsoft.Kubernetes/connectedClusters/authentication.k8s.io/tokenreviews/write | Writes tokenreviews |
+> | Microsoft.Kubernetes/connectedClusters/authentication.k8s.io/userextras/impersonate/action | Impersonate userextras |
+> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write | Writes localsubjectaccessreviews |
+> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/selfsubjectaccessreviews/write | Writes selfsubjectaccessreviews |
+> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/selfsubjectrulesreviews/write | Writes selfsubjectrulesreviews |
+> | Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/subjectaccessreviews/write | Writes subjectaccessreviews |
+> | Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/read | Reads horizontalpodautoscalers |
+> | Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/write | Writes horizontalpodautoscalers |
+> | Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/delete | Deletes horizontalpodautoscalers |
+> | Microsoft.Kubernetes/connectedClusters/batch/cronjobs/read | Reads cronjobs |
+> | Microsoft.Kubernetes/connectedClusters/batch/cronjobs/write | Writes cronjobs |
+> | Microsoft.Kubernetes/connectedClusters/batch/cronjobs/delete | Deletes cronjobs |
+> | Microsoft.Kubernetes/connectedClusters/batch/jobs/read | Reads jobs |
+> | Microsoft.Kubernetes/connectedClusters/batch/jobs/write | Writes jobs |
+> | Microsoft.Kubernetes/connectedClusters/batch/jobs/delete | Deletes jobs |
+> | Microsoft.Kubernetes/connectedClusters/bindings/write | Writes bindings |
+> | Microsoft.Kubernetes/connectedClusters/certificates.k8s.io/certificatesigningrequests/read | Reads certificatesigningrequests |
+> | Microsoft.Kubernetes/connectedClusters/certificates.k8s.io/certificatesigningrequests/write | Writes certificatesigningrequests |
+> | Microsoft.Kubernetes/connectedClusters/certificates.k8s.io/certificatesigningrequests/delete | Deletes certificatesigningrequests |
+> | Microsoft.Kubernetes/connectedClusters/componentstatuses/read | Reads componentstatuses |
+> | Microsoft.Kubernetes/connectedClusters/componentstatuses/write | Writes componentstatuses |
+> | Microsoft.Kubernetes/connectedClusters/componentstatuses/delete | Deletes componentstatuses |
+> | Microsoft.Kubernetes/connectedClusters/configmaps/read | Reads configmaps |
+> | Microsoft.Kubernetes/connectedClusters/configmaps/write | Writes configmaps |
+> | Microsoft.Kubernetes/connectedClusters/configmaps/delete | Deletes configmaps |
+> | Microsoft.Kubernetes/connectedClusters/coordination.k8s.io/leases/read | Reads leases |
+> | Microsoft.Kubernetes/connectedClusters/coordination.k8s.io/leases/write | Writes leases |
+> | Microsoft.Kubernetes/connectedClusters/coordination.k8s.io/leases/delete | Deletes leases |
+> | Microsoft.Kubernetes/connectedClusters/discovery.k8s.io/endpointslices/read | Reads endpointslices |
+> | Microsoft.Kubernetes/connectedClusters/discovery.k8s.io/endpointslices/write | Writes endpointslices |
+> | Microsoft.Kubernetes/connectedClusters/discovery.k8s.io/endpointslices/delete | Deletes endpointslices |
+> | Microsoft.Kubernetes/connectedClusters/endpoints/read | Reads endpoints |
+> | Microsoft.Kubernetes/connectedClusters/endpoints/write | Writes endpoints |
+> | Microsoft.Kubernetes/connectedClusters/endpoints/delete | Deletes endpoints |
+> | Microsoft.Kubernetes/connectedClusters/events/read | Reads events |
+> | Microsoft.Kubernetes/connectedClusters/events/write | Writes events |
+> | Microsoft.Kubernetes/connectedClusters/events/delete | Deletes events |
+> | Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read | Reads events |
+> | Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/write | Writes events |
+> | Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/delete | Deletes events |
+> | Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/read | Reads daemonsets |
+> | Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/write | Writes daemonsets |
+> | Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/delete | Deletes daemonsets |
+> | Microsoft.Kubernetes/connectedClusters/extensions/deployments/read | Reads deployments |
+> | Microsoft.Kubernetes/connectedClusters/extensions/deployments/write | Writes deployments |
+> | Microsoft.Kubernetes/connectedClusters/extensions/deployments/delete | Deletes deployments |
+> | Microsoft.Kubernetes/connectedClusters/extensions/ingresses/read | Reads ingresses |
+> | Microsoft.Kubernetes/connectedClusters/extensions/ingresses/write | Writes ingresses |
+> | Microsoft.Kubernetes/connectedClusters/extensions/ingresses/delete | Deletes ingresses |
+> | Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/read | Reads networkpolicies |
+> | Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/write | Writes networkpolicies |
+> | Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/delete | Deletes networkpolicies |
+> | Microsoft.Kubernetes/connectedClusters/extensions/podsecuritypolicies/read | Reads podsecuritypolicies |
+> | Microsoft.Kubernetes/connectedClusters/extensions/podsecuritypolicies/write | Writes podsecuritypolicies |
+> | Microsoft.Kubernetes/connectedClusters/extensions/podsecuritypolicies/delete | Deletes podsecuritypolicies |
+> | Microsoft.Kubernetes/connectedClusters/extensions/replicasets/read | Reads replicasets |
+> | Microsoft.Kubernetes/connectedClusters/extensions/replicasets/write | Writes replicasets |
+> | Microsoft.Kubernetes/connectedClusters/extensions/replicasets/delete | Deletes replicasets |
+> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/flowschemas/read | Reads flowschemas |
+> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/flowschemas/write | Writes flowschemas |
+> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/flowschemas/delete | Deletes flowschemas |
+> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/prioritylevelconfigurations/read | Reads prioritylevelconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/prioritylevelconfigurations/write | Writes prioritylevelconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/flowcontrol.apiserver.k8s.io/prioritylevelconfigurations/delete | Deletes prioritylevelconfigurations |
+> | Microsoft.Kubernetes/connectedClusters/groups/impersonate/action | Impersonate groups |
+> | Microsoft.Kubernetes/connectedClusters/healthz/read | Reads healthz |
+> | Microsoft.Kubernetes/connectedClusters/healthz/autoregister-completion/read | Reads autoregister-completion |
+> | Microsoft.Kubernetes/connectedClusters/healthz/etcd/read | Reads etcd |
+> | Microsoft.Kubernetes/connectedClusters/healthz/log/read | Reads log |
+> | Microsoft.Kubernetes/connectedClusters/healthz/ping/read | Reads ping |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/apiservice-openapi-controller/read | Reads apiservice-openapi-controller |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/apiservice-registration-controller/read | Reads apiservice-registration-controller |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/apiservice-status-available-controller/read | Reads apiservice-status-available-controller |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/bootstrap-controller/read | Reads bootstrap-controller |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/ca-registration/read | Reads ca-registration |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/crd-informer-synced/read | Reads crd-informer-synced |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/generic-apiserver-start-informers/read | Reads generic-apiserver-start-informers |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/kube-apiserver-autoregistration/read | Reads kube-apiserver-autoregistration |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/rbac/bootstrap-roles/read | Reads bootstrap-roles |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/scheduling/bootstrap-system-priority-classes/read | Reads bootstrap-system-priority-classes |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-apiextensions-controllers/read | Reads start-apiextensions-controllers |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-apiextensions-informers/read | Reads start-apiextensions-informers |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-kube-aggregator-informers/read | Reads start-kube-aggregator-informers |
+> | Microsoft.Kubernetes/connectedClusters/healthz/poststarthook/start-kube-apiserver-admission-initializer/read | Reads start-kube-apiserver-admission-initializer |
+> | Microsoft.Kubernetes/connectedClusters/limitranges/read | Reads limitranges |
+> | Microsoft.Kubernetes/connectedClusters/limitranges/write | Writes limitranges |
+> | Microsoft.Kubernetes/connectedClusters/limitranges/delete | Deletes limitranges |
+> | Microsoft.Kubernetes/connectedClusters/livez/read | Reads livez |
+> | Microsoft.Kubernetes/connectedClusters/livez/autoregister-completion/read | Reads autoregister-completion |
+> | Microsoft.Kubernetes/connectedClusters/livez/etcd/read | Reads etcd |
+> | Microsoft.Kubernetes/connectedClusters/livez/log/read | Reads log |
+> | Microsoft.Kubernetes/connectedClusters/livez/ping/read | Reads ping |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/apiservice-openapi-controller/read | Reads apiservice-openapi-controller |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/apiservice-registration-controller/read | Reads apiservice-registration-controller |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/apiservice-status-available-controller/read | Reads apiservice-status-available-controller |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/bootstrap-controller/read | Reads bootstrap-controller |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/ca-registration/read | Reads ca-registration |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/crd-informer-synced/read | Reads crd-informer-synced |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/generic-apiserver-start-informers/read | Reads generic-apiserver-start-informers |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/kube-apiserver-autoregistration/read | Reads kube-apiserver-autoregistration |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/rbac/bootstrap-roles/read | Reads bootstrap-roles |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/scheduling/bootstrap-system-priority-classes/read | Reads bootstrap-system-priority-classes |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-apiextensions-controllers/read | Reads start-apiextensions-controllers |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-apiextensions-informers/read | Reads start-apiextensions-informers |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-kube-aggregator-informers/read | Reads start-kube-aggregator-informers |
+> | Microsoft.Kubernetes/connectedClusters/livez/poststarthook/start-kube-apiserver-admission-initializer/read | Reads start-kube-apiserver-admission-initializer |
+> | Microsoft.Kubernetes/connectedClusters/logs/read | Reads logs |
+> | Microsoft.Kubernetes/connectedClusters/metrics/read | Reads metrics |
+> | Microsoft.Kubernetes/connectedClusters/metrics.k8s.io/nodes/read | Reads nodes |
+> | Microsoft.Kubernetes/connectedClusters/metrics.k8s.io/pods/read | Reads pods |
+> | Microsoft.Kubernetes/connectedClusters/namespaces/read | Reads namespaces |
+> | Microsoft.Kubernetes/connectedClusters/namespaces/write | Writes namespaces |
+> | Microsoft.Kubernetes/connectedClusters/namespaces/delete | Deletes namespaces |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingressclasses/read | Reads ingressclasses |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingressclasses/write | Writes ingressclasses |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingressclasses/delete | Deletes ingressclasses |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/read | Reads ingresses |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/write | Writes ingresses |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/delete | Deletes ingresses |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/read | Reads networkpolicies |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/write | Writes networkpolicies |
+> | Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/delete | Deletes networkpolicies |
+> | Microsoft.Kubernetes/connectedClusters/node.k8s.io/runtimeclasses/read | Reads runtimeclasses |
+> | Microsoft.Kubernetes/connectedClusters/node.k8s.io/runtimeclasses/write | Writes runtimeclasses |
+> | Microsoft.Kubernetes/connectedClusters/node.k8s.io/runtimeclasses/delete | Deletes runtimeclasses |
+> | Microsoft.Kubernetes/connectedClusters/nodes/read | Reads nodes |
+> | Microsoft.Kubernetes/connectedClusters/nodes/write | Writes nodes |
+> | Microsoft.Kubernetes/connectedClusters/nodes/delete | Deletes nodes |
+> | Microsoft.Kubernetes/connectedClusters/openapi/v2/read | Reads v2 |
+> | Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/read | Reads persistentvolumeclaims |
+> | Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/write | Writes persistentvolumeclaims |
+> | Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/delete | Deletes persistentvolumeclaims |
+> | Microsoft.Kubernetes/connectedClusters/persistentvolumes/read | Reads persistentvolumes |
+> | Microsoft.Kubernetes/connectedClusters/persistentvolumes/write | Writes persistentvolumes |
+> | Microsoft.Kubernetes/connectedClusters/persistentvolumes/delete | Deletes persistentvolumes |
+> | Microsoft.Kubernetes/connectedClusters/pods/read | Reads pods |
+> | Microsoft.Kubernetes/connectedClusters/pods/write | Writes pods |
+> | Microsoft.Kubernetes/connectedClusters/pods/delete | Deletes pods |
+> | Microsoft.Kubernetes/connectedClusters/pods/exec/action | Exec into a pod |
+> | Microsoft.Kubernetes/connectedClusters/podtemplates/read | Reads podtemplates |
+> | Microsoft.Kubernetes/connectedClusters/podtemplates/write | Writes podtemplates |
+> | Microsoft.Kubernetes/connectedClusters/podtemplates/delete | Deletes podtemplates |
+> | Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/read | Reads poddisruptionbudgets |
+> | Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/write | Writes poddisruptionbudgets |
+> | Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/delete | Deletes poddisruptionbudgets |
+> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/read | Reads podsecuritypolicies |
+> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/write | Writes podsecuritypolicies |
+> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/delete | Deletes podsecuritypolicies |
+> | Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/use/action | Use action on podsecuritypolicies |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterrolebindings/read | Reads clusterrolebindings |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterrolebindings/write | Writes clusterrolebindings |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterrolebindings/delete | Deletes clusterrolebindings |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/read | Reads clusterroles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/write | Writes clusterroles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/delete | Deletes clusterroles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/bind/action | Binds clusterroles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/escalate/action | Escalates |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/read | Reads rolebindings |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/write | Writes rolebindings |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/delete | Deletes rolebindings |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/read | Reads roles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/write | Writes roles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/delete | Deletes roles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/bind/action | Binds roles |
+> | Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/escalate/action | Escalates roles |
+> | Microsoft.Kubernetes/connectedClusters/readyz/read | Reads readyz |
+> | Microsoft.Kubernetes/connectedClusters/readyz/autoregister-completion/read | Reads autoregister-completion |
+> | Microsoft.Kubernetes/connectedClusters/readyz/etcd/read | Reads etcd |
+> | Microsoft.Kubernetes/connectedClusters/readyz/log/read | Reads log |
+> | Microsoft.Kubernetes/connectedClusters/readyz/ping/read | Reads ping |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/apiservice-openapi-controller/read | Reads apiservice-openapi-controller |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/apiservice-registration-controller/read | Reads apiservice-registration-controller |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/apiservice-status-available-controller/read | Reads apiservice-status-available-controller |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/bootstrap-controller/read | Reads bootstrap-controller |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/ca-registration/read | Reads ca-registration |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/crd-informer-synced/read | Reads crd-informer-synced |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/generic-apiserver-start-informers/read | Reads generic-apiserver-start-informers |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/kube-apiserver-autoregistration/read | Reads kube-apiserver-autoregistration |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/rbac/bootstrap-roles/read | Reads bootstrap-roles |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/scheduling/bootstrap-system-priority-classes/read | Reads bootstrap-system-priority-classes |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-apiextensions-controllers/read | Reads start-apiextensions-controllers |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-apiextensions-informers/read | Reads start-apiextensions-informers |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-kube-aggregator-informers/read | Reads start-kube-aggregator-informers |
+> | Microsoft.Kubernetes/connectedClusters/readyz/poststarthook/start-kube-apiserver-admission-initializer/read | Reads start-kube-apiserver-admission-initializer |
+> | Microsoft.Kubernetes/connectedClusters/readyz/shutdown/read | Reads shutdown |
+> | Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read | Reads replicationcontrollers |
+> | Microsoft.Kubernetes/connectedClusters/replicationcontrollers/write | Writes replicationcontrollers |
+> | Microsoft.Kubernetes/connectedClusters/replicationcontrollers/delete | Deletes replicationcontrollers |
+> | Microsoft.Kubernetes/connectedClusters/resetMetrics/read | Reads resetMetrics |
+> | Microsoft.Kubernetes/connectedClusters/resourcequotas/read | Reads resourcequotas |
+> | Microsoft.Kubernetes/connectedClusters/resourcequotas/write | Writes resourcequotas |
+> | Microsoft.Kubernetes/connectedClusters/resourcequotas/delete | Deletes resourcequotas |
+> | Microsoft.Kubernetes/connectedClusters/scheduling.k8s.io/priorityclasses/read | Reads priorityclasses |
+> | Microsoft.Kubernetes/connectedClusters/scheduling.k8s.io/priorityclasses/write | Writes priorityclasses |
+> | Microsoft.Kubernetes/connectedClusters/scheduling.k8s.io/priorityclasses/delete | Deletes priorityclasses |
+> | Microsoft.Kubernetes/connectedClusters/secrets/read | Reads secrets |
+> | Microsoft.Kubernetes/connectedClusters/secrets/write | Writes secrets |
+> | Microsoft.Kubernetes/connectedClusters/secrets/delete | Deletes secrets |
+> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/read | Reads serviceaccounts |
+> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/write | Writes serviceaccounts |
+> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/delete | Deletes serviceaccounts |
+> | Microsoft.Kubernetes/connectedClusters/serviceaccounts/impersonate/action | Impersonate serviceaccounts |
+> | Microsoft.Kubernetes/connectedClusters/services/read | Reads services |
+> | Microsoft.Kubernetes/connectedClusters/services/write | Writes services |
+> | Microsoft.Kubernetes/connectedClusters/services/delete | Deletes services |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csidrivers/read | Reads csidrivers |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csidrivers/write | Writes csidrivers |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csidrivers/delete | Deletes csidrivers |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csinodes/read | Reads csinodes |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csinodes/write | Writes csinodes |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csinodes/delete | Deletes csinodes |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csistoragecapacities/read | Reads csistoragecapacities |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csistoragecapacities/write | Writes csistoragecapacities |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/csistoragecapacities/delete | Deletes csistoragecapacities |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/storageclasses/read | Reads storageclasses |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/storageclasses/write | Writes storageclasses |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/storageclasses/delete | Deletes storageclasses |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/volumeattachments/read | Reads volumeattachments |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/volumeattachments/write | Writes volumeattachments |
+> | Microsoft.Kubernetes/connectedClusters/storage.k8s.io/volumeattachments/delete | Deletes volumeattachments |
+> | Microsoft.Kubernetes/connectedClusters/swagger-api/read | Reads swagger-api |
+> | Microsoft.Kubernetes/connectedClusters/swagger-ui/read | Reads swagger-ui |
+> | Microsoft.Kubernetes/connectedClusters/ui/read | Reads ui |
+> | Microsoft.Kubernetes/connectedClusters/users/impersonate/action | Impersonate users |
+> | Microsoft.Kubernetes/connectedClusters/version/read | Reads version |
+
+## Microsoft.KubernetesConfiguration
+
+Azure service: [Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/overview)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.KubernetesConfiguration/register/action | Registers subscription to Microsoft.KubernetesConfiguration resource provider. |
+> | Microsoft.KubernetesConfiguration/unregister/action | Unregisters subscription from Microsoft.KubernetesConfiguration resource provider. |
+> | Microsoft.KubernetesConfiguration/extensions/write | Creates or updates extension resource. |
+> | Microsoft.KubernetesConfiguration/extensions/read | Gets extension instance resource. |
+> | Microsoft.KubernetesConfiguration/extensions/delete | Deletes extension instance resource. |
+> | Microsoft.KubernetesConfiguration/extensions/operations/read | Gets Async Operation status. |
+> | Microsoft.KubernetesConfiguration/extensionTypes/read | Gets extension type. |
+> | Microsoft.KubernetesConfiguration/fluxConfigurations/write | Creates or updates flux configuration. |
+> | Microsoft.KubernetesConfiguration/fluxConfigurations/read | Gets flux configuration. |
+> | Microsoft.KubernetesConfiguration/fluxConfigurations/delete | Deletes flux configuration. |
+> | Microsoft.KubernetesConfiguration/fluxConfigurations/operations/read | Gets Async Operation status for flux configuration. |
+> | Microsoft.KubernetesConfiguration/namespaces/read | Get Namespace Resource |
+> | Microsoft.KubernetesConfiguration/namespaces/listUserCredential/action | Get User Credentials for the parent cluster of the namespace resource. |
+> | Microsoft.KubernetesConfiguration/operations/read | Gets available operations of the Microsoft.KubernetesConfiguration resource provider. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/write | Creates or updates private link scope. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/delete | Deletes private link scope. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/read | Gets private link scope |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/write | Creates or updates private endpoint connection proxy. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/delete | Deletes private endpoint connection proxy |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/read | Gets private endpoint connection proxy. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/validate/action | Validates private endpoint connection proxy object. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/updatePrivateEndpointProperties/action | Updates patch on private endpoint connection proxy. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies/operations/read | Gets private endpoint connection proxies operation. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections/write | Creates or updates private endpoint connection. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections/delete | Deletes private endpoint connection. |
+> | Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections/read | Gets private endpoint connection. |
+> | Microsoft.KubernetesConfiguration/sourceControlConfigurations/write | Creates or updates source control configuration. |
+> | Microsoft.KubernetesConfiguration/sourceControlConfigurations/read | Gets source control configuration. |
+> | Microsoft.KubernetesConfiguration/sourceControlConfigurations/delete | Deletes source control configuration. |
+ ## Next steps - [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types)
role-based-access-control Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/identity.md
This article lists the permissions for the Azure resource providers in the Ident
## Microsoft.AAD
+Join Azure virtual machines to a domain without domain controllers.
+ Azure service: [Microsoft Entra Domain Services](/entra/identity/domain-services/) > [!div class="mx-tableFixed"]
Azure service: Azure Active Directory
## Microsoft.ADHybridHealthService
+Robust monitoring of your on-premises identity infrastructure.
+ Azure service: [Microsoft Entra ID](/entra/identity/) > [!div class="mx-tableFixed"]
Azure service: [Microsoft Entra ID](/entra/identity/)
## Microsoft.AzureActiveDirectory
+Synchronize on-premises directories and enable single sign-on.
+ Azure service: [Azure Active Directory B2C](/azure/active-directory-b2c/) > [!div class="mx-tableFixed"]
Azure service: [Azure Active Directory B2C](/azure/active-directory-b2c/)
## Microsoft.ManagedIdentity
+An automatically managed identity in Microsoft Entra ID that authenticates to any service that supports Microsoft Entra
+ Azure service: [Managed identities for Azure resources](/azure/active-directory/managed-identities-azure-resources/) > [!div class="mx-tableFixed"]
role-based-access-control Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/integration.md
This article lists the permissions for the Azure resource providers in the Integ
## Microsoft.ApiManagement
+Easily build and consume Cloud APIs.
+ Azure service: [API Management](/azure/api-management/) > [!div class="mx-tableFixed"]
Azure service: [API Management](/azure/api-management/)
## Microsoft.AppConfiguration
-Azure service: core
+Fast, scalable parameter storage for app configuration.
+
+Azure service: [Azure App Configuration](/azure/azure-app-configuration/)
> [!div class="mx-tableFixed"] > | Action | Description |
Azure service: core
> | Microsoft.AppConfiguration/configurationStores/snapshots/write | Creates or updates a snapshot in the configuration store. | > | Microsoft.AppConfiguration/configurationStores/snapshots/archive/action | Modifies archival state for an existing snapshot in the configuration store. |
-## Microsoft.AVS
-
-Azure service: [Azure VMware Solution](/azure/azure-vmware/introduction)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.AVS/register/action | Register Subscription for Microsoft.AVS resource provider. |
-> | Microsoft.AVS/unregister/action | Unregister Subscription for Microsoft.AVS resource provider. |
-> | Microsoft.AVS/checkNameAvailability/read | Checks if the privateCloud Name is available |
-> | Microsoft.AVS/locations/checkNameAvailability/read | Checks if the privateCloud Name is available |
-> | Microsoft.AVS/locations/checkQuotaAvailability/read | Checks if quota is available for the subscription |
-> | Microsoft.AVS/locations/checkTrialAvailability/read | Checks if trial is available for the subscription |
-> | Microsoft.AVS/operations/read | Lists operations available on Microsoft.AVS resource provider. |
-> | Microsoft.AVS/privateClouds/register/action | Registers the Microsoft Microsoft.AVS resource provider and enables creation of Private Clouds. |
-> | Microsoft.AVS/privateClouds/write | Creates or updates a PrivateCloud resource. |
-> | Microsoft.AVS/privateClouds/read | Gets the settings for the specified PrivateCloud. |
-> | Microsoft.AVS/privateClouds/delete | Delete a specific PrivateCloud. |
-> | Microsoft.AVS/privateClouds/addOns/read | Read addOns. |
-> | Microsoft.AVS/privateClouds/addOns/write | Write addOns. |
-> | Microsoft.AVS/privateClouds/addOns/delete | Delete addOns. |
-> | Microsoft.AVS/privateClouds/addOns/operationStatuses/read | Read addOns operationStatuses. |
-> | Microsoft.AVS/privateClouds/authorizations/read | Gets the authorization settings for a PrivateCloud cluster. |
-> | Microsoft.AVS/privateClouds/authorizations/write | Create or update a PrivateCloud authorization resource. |
-> | Microsoft.AVS/privateClouds/authorizations/delete | Delete a specific PrivateCloud authorization. |
-> | Microsoft.AVS/privateClouds/clusters/read | Gets the cluster settings for a PrivateCloud cluster. |
-> | Microsoft.AVS/privateClouds/clusters/write | Create or update a PrivateCloud cluster resource. |
-> | Microsoft.AVS/privateClouds/clusters/delete | Delete a specific PrivateCloud cluster. |
-> | Microsoft.AVS/privateClouds/clusters/datastores/read | Get the datastore properties in a private cloud cluster. |
-> | Microsoft.AVS/privateClouds/clusters/datastores/write | Create or update datastore in private cloud cluster. |
-> | Microsoft.AVS/privateClouds/clusters/datastores/delete | Delete datastore in private cloud cluster. |
-> | Microsoft.AVS/privateclouds/clusters/datastores/operationresults/read | Read privateClouds/clusters/datastores operationresults. |
-> | Microsoft.AVS/privateClouds/clusters/datastores/operationstatuses/read | Read privateClouds/clusters/datastores operationstatuses. |
-> | Microsoft.AVS/privateclouds/clusters/operationresults/read | Reads privateClouds/clusters operationresults. |
-> | Microsoft.AVS/privateClouds/clusters/operationstatuses/read | Reads privateClouds/clusters operationstatuses. |
-> | Microsoft.AVS/privateClouds/globalReachConnections/delete | Delete globalReachConnections. |
-> | Microsoft.AVS/privateClouds/globalReachConnections/write | Write globalReachConnections. |
-> | Microsoft.AVS/privateClouds/globalReachConnections/read | Read globalReachConnections. |
-> | Microsoft.AVS/privateClouds/globalReachConnections/operationStatuses/read | Read globalReachConnections operationStatuses. |
-> | Microsoft.AVS/privateClouds/hcxEnterpriseSites/read | Gets the hcxEnterpriseSites for a PrivateCloud. |
-> | Microsoft.AVS/privateClouds/hcxEnterpriseSites/write | Create or update a hcxEnterpriseSites. |
-> | Microsoft.AVS/privateClouds/hcxEnterpriseSites/delete | Delete a specific hcxEnterpriseSites. |
-> | Microsoft.AVS/privateClouds/hostInstances/read | Gets the hostInstances for a PrivateCloud. |
-> | Microsoft.AVS/privateClouds/hostInstances/write | Create or update a hostInstances. |
-> | Microsoft.AVS/privateClouds/hostInstances/delete | Delete a specific hostInstances. |
-> | Microsoft.AVS/privateClouds/operationresults/read | Reads privateClouds operationresults. |
-> | Microsoft.AVS/privateClouds/operationstatuses/read | Reads privateClouds operationstatuses. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/delete | Delete dhcpConfigurations. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/write | Write dhcpConfigurations. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/read | Read dhcpConfigurations. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations/operationStatuses/read | Read dhcpConfigurations operationStatuses. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/delete | Delete dnsServices. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/write | Write dnsServices. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/read | Read dnsServices. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsServices/operationStatuses/read | Read dnsServices operationStatuses. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/delete | Delete dnsZones. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/write | Write dnsZones. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/read | Read dnsZones. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/dnsZones/operationStatuses/read | Read dnsZones operationStatuses. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/gateways/read | Read gateways. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/delete | Delete portMirroringProfiles. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/write | Write portMirroringProfiles. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/read | Read portMirroringProfiles. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles/operationStatuses/read | Read portMirroringProfiles operationStatuses. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/segments/delete | Delete segments. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/segments/write | Write segments. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/segments/read | Read segments. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/segments/operationStatuses/read | Read segments operationStatuses. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/virtualMachines/read | Read virtualMachines. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/delete | Delete vmGroups. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/write | Write vmGroups. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/read | Read vmGroups. |
-> | Microsoft.AVS/privateClouds/workloadNetworks/vmGroups/operationStatuses/read | Read vmGroups operationStatuses. |
-> | **DataAction** | **Description** |
-> | Microsoft.AVS/privateClouds/listAdminCredentials/action | Lists the AdminCredentials for privateClouds. |
-> | Microsoft.AVS/privateClouds/rotateVcenterPassword/action | Rotate Vcenter password for the PrivateCloud. |
-> | Microsoft.AVS/privateClouds/rotateNsxtPassword/action | Rotate Nsxt CloudAdmin password for the PrivateCloud. |
-> | Microsoft.AVS/privateClouds/rotateNsxtCloudAdminPassword/action | Rotate Nsxt CloudAdmin password for the PrivateCloud. |
-
-## Microsoft.DataCatalog
+## Microsoft.Communication
-Azure service: [Data Catalog](/azure/data-catalog/)
+Azure service: [Azure Communication Services](/azure/communication-services/overview)
> [!div class="mx-tableFixed"] > | Action | Description | > | | |
-> | Microsoft.DataCatalog/checkNameAvailability/action | Checks catalog name availability for tenant. |
-> | Microsoft.DataCatalog/register/action | Registers subscription with Microsoft.DataCatalog resource provider. |
-> | Microsoft.DataCatalog/unregister/action | Unregisters subscription from Microsoft.DataCatalog resource provider. |
-> | Microsoft.DataCatalog/catalogs/read | Get properties for catalog or catalogs under subscription or resource group. |
-> | Microsoft.DataCatalog/catalogs/write | Creates catalog or updates the tags and properties for the catalog. |
-> | Microsoft.DataCatalog/catalogs/delete | Deletes the catalog. |
-> | Microsoft.DataCatalog/operations/read | Lists operations available on Microsoft.DataCatalog resource provider. |
+> | Microsoft.Communication/Register/Action | Registers Microsoft.Communication resource provider |
+> | Microsoft.Communication/Unregister/Action | Unregisters Microsoft.Communication resource provider |
+> | Microsoft.Communication/CheckNameAvailability/action | Checks if a name is available |
+> | Microsoft.Communication/CommunicationServices/Read | Reads communication services |
+> | Microsoft.Communication/CommunicationServices/Write | Writes communication services |
+> | Microsoft.Communication/CommunicationServices/Delete | Deletes communication services |
+> | Microsoft.Communication/CommunicationServices/ListKeys/action | Reads the keys for a communication service |
+> | Microsoft.Communication/CommunicationServices/RegenerateKey/action | Regenerates the primary or secondary key for a communication service |
+> | Microsoft.Communication/CommunicationServices/LinkNotificationHub/action | Links an Azure Notification Hub to the communication service |
+> | Microsoft.Communication/CommunicationServices/EventGridFilters/Read | Reads EventGrid filters on communication services |
+> | Microsoft.Communication/CommunicationServices/EventGridFilters/Write | Writes EventGrid filters on communication services |
+> | Microsoft.Communication/CommunicationServices/EventGridFilters/Delete | Removes an EventGrid filter on communication services |
+> | Microsoft.Communication/EmailServices/read | Get the EmailService and its properties. |
+> | Microsoft.Communication/EmailServices/write | Get the EmailService and its properties. |
+> | Microsoft.Communication/EmailServices/delete | Operation to delete a EmailService. |
+> | Microsoft.Communication/EmailServices/verifiedExchangeOnlineDomains/action | List Verified Domains from the exchange online tenant. |
+> | Microsoft.Communication/EmailServices/Domains/read | Get the email Domain and its properties. |
+> | Microsoft.Communication/EmailServices/Domains/write | Add a new Domain under the parent EmailService resource or update an existing Domain resource. |
+> | Microsoft.Communication/EmailServices/Domains/delete | Operation to delete a Domain resource. |
+> | Microsoft.Communication/EmailServices/Domains/InitiateVerification/action | Initiate verification of Dns record. |
+> | Microsoft.Communication/EmailServices/Domains/CancelVerification/action | Cancel verification of Dns record. |
+> | Microsoft.Communication/EmailServices/Domains/RevokeVerification/action | Revoke existing verified status of a Dns record. |
+> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/read | List all valid sender usernames for a domains resource. |
+> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/read | Get the email SenderUsername and its properties. |
+> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/write | Add a new SenderUsername under the parent Domain resource or update an existing SenderUsername resource. |
+> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/delete | Operation to delete a SenderUsername resource. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/read | List all suppression lists for a domains resource. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/read | Get the suppression list and its properties. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/write | Add a new suppression list under the parent Domain resource or update an existing suppression list. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/delete | Operation to delete a suppressio lists. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/read | Get all the addresses in a suppression list. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/read | Get all the addresses in a suppression list. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/write | Add a new suppression list under the parent Domain resource or update an existing suppression list. |
+> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/delete | Operation to delete an address from a suppression list. |
+> | Microsoft.Communication/Locations/OperationStatuses/read | Reads the status of an async operation |
+> | Microsoft.Communication/Locations/OperationStatuses/write | Writes the status of an async operation |
+> | Microsoft.Communication/Operations/read | Reads operations |
+> | Microsoft.Communication/RegisteredSubscriptions/read | Reads registered subscriptions |
## Microsoft.EventGrid
+Get reliable event delivery at massive scale.
+ Azure service: [Event Grid](/azure/event-grid/) > [!div class="mx-tableFixed"]
Azure service: [Event Grid](/azure/event-grid/)
> | Microsoft.EventGrid/topicSpaces/subscribe/action | Subscribe to a topic space | > | Microsoft.EventGrid/topicSpaces/publish/action | Publish to a topic space |
+## Microsoft.EventHub
+
+Receive telemetry from millions of devices.
+
+Azure service: [Event Hubs](/azure/event-hubs/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.EventHub/checkNamespaceAvailability/action | Checks availability of namespace under given subscription. This API is deprecated please use CheckNameAvailability instead. |
+> | Microsoft.EventHub/checkNameAvailability/action | Checks availability of namespace under given subscription. |
+> | Microsoft.EventHub/register/action | Registers the subscription for the EventHub resource provider and enables the creation of EventHub resources |
+> | Microsoft.EventHub/unregister/action | Registers the EventHub Resource Provider |
+> | Microsoft.EventHub/availableClusterRegions/read | Read operation to list available pre-provisioned clusters by Azure region. |
+> | Microsoft.EventHub/clusters/read | Gets the Cluster Resource Description |
+> | Microsoft.EventHub/clusters/write | Creates or modifies an existing Cluster resource. |
+> | Microsoft.EventHub/clusters/delete | Deletes an existing Cluster resource. |
+> | Microsoft.EventHub/clusters/namespaces/read | List namespace Azure Resource Manager IDs for namespaces within a cluster. |
+> | Microsoft.EventHub/clusters/operationresults/read | Get the status of an asynchronous cluster operation. |
+> | Microsoft.EventHub/clusters/providers/Microsoft.Insights/metricDefinitions/read | Get list of Cluster metrics Resource Descriptions |
+> | Microsoft.EventHub/locations/deleteVirtualNetworkOrSubnets/action | Deletes the VNet rules in EventHub Resource Provider for the specified VNet |
+> | Microsoft.EventHub/namespaces/write | Create a Namespace Resource and Update its properties. Tags and Capacity of the Namespace are the properties which can be updated. |
+> | Microsoft.EventHub/namespaces/read | Get the list of Namespace Resource Description |
+> | Microsoft.EventHub/namespaces/Delete | Delete Namespace Resource |
+> | Microsoft.EventHub/namespaces/authorizationRules/action | Updates Namespace Authorization Rule. This API is deprecated. Please use a PUT call to update the Namespace Authorization Rule instead.. This operation is not supported on API version 2017-04-01. |
+> | Microsoft.EventHub/namespaces/removeAcsNamepsace/action | Remove ACS namespace |
+> | Microsoft.EventHub/namespaces/updateState/action | UpdateNamespaceState |
+> | Microsoft.EventHub/namespaces/privateEndpointConnectionsApproval/action | Approve Private Endpoint Connection |
+> | Microsoft.EventHub/namespaces/joinPerimeter/action | Action to Join the Network Security Perimeter. This action is used to perform linked access by NSP RP. |
+> | Microsoft.EventHub/namespaces/authorizationRules/read | Get the list of Namespaces Authorization Rules description. |
+> | Microsoft.EventHub/namespaces/authorizationRules/write | Create a Namespace level Authorization Rules and update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated. |
+> | Microsoft.EventHub/namespaces/authorizationRules/delete | Delete Namespace Authorization Rule. The Default Namespace Authorization Rule cannot be deleted. |
+> | Microsoft.EventHub/namespaces/authorizationRules/listkeys/action | Get the Connection String to the Namespace |
+> | Microsoft.EventHub/namespaces/authorizationRules/regenerateKeys/action | Regenerate the Primary or Secondary key to the Resource |
+> | Microsoft.EventHub/namespaces/disasterrecoveryconfigs/checkNameAvailability/action | Checks availability of namespace alias under given subscription. |
+> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/write | Creates or Updates the Disaster Recovery configuration associated with the namespace. |
+> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/read | Gets the Disaster Recovery configuration associated with the namespace. |
+> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/delete | Deletes the Disaster Recovery configuration associated with the namespace. This operation can only be invoked via the primary namespace. |
+> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/breakPairing/action | Disables Disaster Recovery and stops replicating changes from primary to secondary namespaces. |
+> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/failover/action | Invokes a GEO DR failover and reconfigures the namespace alias to point to the secondary namespace. |
+> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/authorizationRules/read | Get Disaster Recovery Primary Namespace's Authorization Rules |
+> | Microsoft.EventHub/namespaces/disasterRecoveryConfigs/authorizationRules/listkeys/action | Gets the authorization rules keys for the Disaster Recovery primary namespace |
+> | Microsoft.EventHub/namespaces/eventhubs/write | Create or Update EventHub properties. |
+> | Microsoft.EventHub/namespaces/eventhubs/read | Get list of EventHub Resource Descriptions |
+> | Microsoft.EventHub/namespaces/eventhubs/Delete | Operation to delete EventHub Resource |
+> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/action | Operation to update EventHub. This operation is not supported on API version 2017-04-01. Authorization Rules. Please use a PUT call to update Authorization Rule. |
+> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/read | Get the list of EventHub Authorization Rules |
+> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/write | Create EventHub Authorization Rules and Update its properties. The Authorization Rules Access Rights can be updated. |
+> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/delete | Operation to delete EventHub Authorization Rules |
+> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/listkeys/action | Get the Connection String to EventHub |
+> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/regenerateKeys/action | Regenerate the Primary or Secondary key to the Resource |
+> | Microsoft.EventHub/namespaces/eventHubs/consumergroups/write | Create or Update ConsumerGroup properties. |
+> | Microsoft.EventHub/namespaces/eventHubs/consumergroups/read | Get list of ConsumerGroup Resource Descriptions |
+> | Microsoft.EventHub/namespaces/eventHubs/consumergroups/Delete | Operation to delete ConsumerGroup Resource |
+> | Microsoft.EventHub/namespaces/ipFilterRules/read | Get IP Filter Resource |
+> | Microsoft.EventHub/namespaces/ipFilterRules/write | Create IP Filter Resource |
+> | Microsoft.EventHub/namespaces/ipFilterRules/delete | Delete IP Filter Resource |
+> | Microsoft.EventHub/namespaces/messagingPlan/read | Gets the Messaging Plan for a namespace.<br>This API is deprecated.<br>Properties exposed via the MessagingPlan resource are moved to the (parent) Namespace resource in later API versions..<br>This operation is not supported on API version 2017-04-01. |
+> | Microsoft.EventHub/namespaces/messagingPlan/write | Updates the Messaging Plan for a namespace.<br>This API is deprecated.<br>Properties exposed via the MessagingPlan resource are moved to the (parent) Namespace resource in later API versions..<br>This operation is not supported on API version 2017-04-01. |
+> | Microsoft.EventHub/namespaces/networkruleset/read | Gets NetworkRuleSet Resource |
+> | Microsoft.EventHub/namespaces/networkruleset/write | Create VNET Rule Resource |
+> | Microsoft.EventHub/namespaces/networkruleset/delete | Delete VNET Rule Resource |
+> | Microsoft.EventHub/namespaces/networkrulesets/read | Gets NetworkRuleSet Resource |
+> | Microsoft.EventHub/namespaces/networkrulesets/write | Create VNET Rule Resource |
+> | Microsoft.EventHub/namespaces/networkrulesets/delete | Delete VNET Rule Resource |
+> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/write | Create NetworkSecurityPerimeterAssociationProxies |
+> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/read | Get NetworkSecurityPerimeterAssociationProxies |
+> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/delete | Delete NetworkSecurityPerimeterAssociationProxies |
+> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/reconcile/action | Reconcile NetworkSecurityPerimeterAssociationProxies |
+> | Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations/read | Get Network Security Perimeter Configurations |
+> | Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations/reconcile/action | Reconcile Network Security Perimeter Configurations |
+> | Microsoft.EventHub/namespaces/operationresults/read | Get the status of Namespace operation |
+> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/validate/action | Validate Private Endpoint Connection Proxy |
+> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/read | Get Private Endpoint Connection Proxy |
+> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/write | Create Private Endpoint Connection Proxy |
+> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection Proxy |
+> | Microsoft.EventHub/namespaces/privateEndpointConnectionProxies/operationstatus/read | Get the status of an asynchronous private endpoint operation |
+> | Microsoft.EventHub/namespaces/privateEndpointConnections/read | Get Private Endpoint Connection |
+> | Microsoft.EventHub/namespaces/privateEndpointConnections/write | Create or Update Private Endpoint Connection |
+> | Microsoft.EventHub/namespaces/privateEndpointConnections/delete | Removes Private Endpoint Connection |
+> | Microsoft.EventHub/namespaces/privateEndpointConnections/operationstatus/read | Get the status of an asynchronous private endpoint operation |
+> | Microsoft.EventHub/namespaces/privateLinkResources/read | Gets the resource types that support private endpoint connections |
+> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/diagnosticSettings/read | Get list of Namespace diagnostic settings Resource Descriptions |
+> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/diagnosticSettings/write | Get list of Namespace diagnostic settings Resource Descriptions |
+> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/logDefinitions/read | Get list of Namespace logs Resource Descriptions |
+> | Microsoft.EventHub/namespaces/providers/Microsoft.Insights/metricDefinitions/read | Get list of Namespace metrics Resource Descriptions |
+> | Microsoft.EventHub/namespaces/schemagroups/write | Create or Update SchemaGroup properties. |
+> | Microsoft.EventHub/namespaces/schemagroups/read | Get list of SchemaGroup Resource Descriptions |
+> | Microsoft.EventHub/namespaces/schemagroups/delete | Operation to delete SchemaGroup Resource |
+> | Microsoft.EventHub/namespaces/virtualNetworkRules/read | Gets VNET Rule Resource |
+> | Microsoft.EventHub/namespaces/virtualNetworkRules/write | Create VNET Rule Resource |
+> | Microsoft.EventHub/namespaces/virtualNetworkRules/delete | Delete VNET Rule Resource |
+> | Microsoft.EventHub/operations/read | Get Operations |
+> | Microsoft.EventHub/sku/read | Get list of Sku Resource Descriptions |
+> | Microsoft.EventHub/sku/regions/read | Get list of SkuRegions Resource Descriptions |
+> | **DataAction** | **Description** |
+> | Microsoft.EventHub/namespaces/messages/send/action | Send messages |
+> | Microsoft.EventHub/namespaces/messages/receive/action | Receive messages |
+> | Microsoft.EventHub/namespaces/schemas/read | Retrieve schemas |
+> | Microsoft.EventHub/namespaces/schemas/write | Write schemas |
+> | Microsoft.EventHub/namespaces/schemas/delete | Delete schemas |
+ ## Microsoft.HealthcareApis Azure service: [Azure API for FHIR](/azure/healthcare-apis/azure-api-for-fhir/)
Azure service: [Azure API for FHIR](/azure/healthcare-apis/azure-api-for-fhir/)
## Microsoft.Logic
+Automate the access and use of data across clouds without writing code.
+ Azure service: [Logic Apps](/azure/logic-apps/) > [!div class="mx-tableFixed"]
Azure service: [Logic Apps](/azure/logic-apps/)
> | Microsoft.Logic/workflows/versions/read | Reads the workflow version. | > | Microsoft.Logic/workflows/versions/triggers/listCallbackUrl/action | Gets the callback URL for trigger. |
+## Microsoft.NotificationHubs
+
+Send push notifications to any platform from any back end.
+
+Azure service: [Notification Hubs](/azure/notification-hubs/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.NotificationHubs/register/action | Registers the subscription for the NotificationHubs resource provider and enables the creation of Namespaces and NotificationHubs |
+> | Microsoft.NotificationHubs/unregister/action | Unregisters the subscription for the NotificationHubs resource provider and enables the creation of Namespaces and NotificationHubs |
+> | Microsoft.NotificationHubs/CheckNamespaceAvailability/action | Checks whether or not a given Namespace resource name is available within the NotificationHub service. |
+> | Microsoft.NotificationHubs/CheckNamespaceAvailability/read | Checks whether or not a given Namespace resource name is available within the NotificationHub service. |
+> | Microsoft.NotificationHubs/Namespaces/write | Create a Namespace Resource and Update its properties. Tags and Capacity of the Namespace are the properties which can be updated. |
+> | Microsoft.NotificationHubs/Namespaces/read | Get the list of Namespace Resource Description |
+> | Microsoft.NotificationHubs/Namespaces/delete | Delete Namespace Resource |
+> | Microsoft.NotificationHubs/Namespaces/authorizationRules/action | Get the list of Namespaces Authorization Rules description. |
+> | Microsoft.NotificationHubs/Namespaces/CheckNotificationHubAvailability/action | Checks whether or not a given NotificationHub name is available inside a Namespace. |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionsApproval/action | Approve Private Endpoint Connection |
+> | Microsoft.NotificationHubs/Namespaces/authorizationRules/write | Create a Namespace level Authorization Rules and update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated. |
+> | Microsoft.NotificationHubs/Namespaces/authorizationRules/read | Get the list of Namespaces Authorization Rules description. |
+> | Microsoft.NotificationHubs/Namespaces/authorizationRules/delete | Delete Namespace Authorization Rule. The Default Namespace Authorization Rule cannot be deleted. |
+> | Microsoft.NotificationHubs/Namespaces/authorizationRules/listkeys/action | Get the Connection String to the Namespace |
+> | Microsoft.NotificationHubs/Namespaces/authorizationRules/regenerateKeys/action | Namespace Authorization Rule Regenerate Primary/SecondaryKey, Specify the Key that needs to be regenerated |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/write | Create a Notification Hub and Update its properties. Its properties mainly include PNS Credentials. Authorization Rules and TTL |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/read | Get list of Notification Hub Resource Descriptions |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/delete | Delete Notification Hub Resource |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/action | Get the list of Notification Hub Authorization Rules |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/pnsCredentials/action | Get All Notification Hub PNS Credentials. This includes, WNS, MPNS, APNS, GCM and Baidu credentials |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/debugSend/action | Send a test push notification to 10 matched devices. |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/write | Create Notification Hub Authorization Rules and Update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated. |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/read | Get the list of Notification Hub Authorization Rules |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/delete | Delete Notification Hub Authorization Rules |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/listkeys/action | Get the Connection String to the Notification Hub |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/regenerateKeys/action | Notification Hub Authorization Rule Regenerate Primary/SecondaryKey, Specify the Key that needs to be regenerated |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/metricDefinitions/read | Get list of Namespace metrics Resource Descriptions |
+> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/vapidkeys/read | Get new pair of VAPID keys for a Notification Hub |
+> | Microsoft.NotificationHubs/Namespaces/operations/read | Returns a list of supported operations for Notification Hubs namespaces provider |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/validate/action | Validate Private Endpoint Connection Proxy |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/read | Get Private Endpoint Connection Proxy |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/write | Create Private Endpoint Connection Proxy |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection Proxy |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/operationstatus/read | Get the status of an asynchronous private endpoint operation |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/read | Get Private Endpoint Connection |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/write | Create or Update Private Endpoint Connection |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/delete | Removes Private Endpoint Connection |
+> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/operationstatus/read | Removes Private Endpoint Connection |
+> | Microsoft.NotificationHubs/namespaces/providers/Microsoft.Insights/diagnosticSettings/read | Get Namespace diagnostic settings |
+> | Microsoft.NotificationHubs/namespaces/providers/Microsoft.Insights/diagnosticSettings/write | Create or Update Namespace diagnostic settings |
+> | Microsoft.NotificationHubs/namespaces/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Namespace |
+> | Microsoft.NotificationHubs/operationResults/read | Returns operation results for Notification Hubs provider |
+> | Microsoft.NotificationHubs/operations/read | Returns a list of supported operations for Notification Hubs provider |
+> | Microsoft.NotificationHubs/resourceTypes/read | Gets a list of the resource types for Notification Hubs |
+ ## Microsoft.Relay
+Expose services that run in your corporate network to the public cloud.
+ Azure service: [Azure Relay](/azure/azure-relay/relay-what-is-it) > [!div class="mx-tableFixed"]
Azure service: [Azure Relay](/azure/azure-relay/relay-what-is-it)
## Microsoft.ServiceBus
+Connect across private and public cloud environments.
+ Azure service: [Service Bus](/azure/service-bus-messaging/) > [!div class="mx-tableFixed"]
role-based-access-control Internet Of Things https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/internet-of-things.md
This article lists the permissions for the Azure resource providers in the Internet of Things category. You can use these permissions in your own [Azure custom roles](/azure/role-based-access-control/custom-roles) to provide granular access control to resources in Azure. Permission strings have the following format: `{Company}.{ProviderName}/{resourceType}/{action}`
-## Microsoft.DataBoxEdge
-
-Azure service: [Azure Stack Edge](/azure/databox-online/azure-stack-edge-overview)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.DataBoxEdge/availableSkus/read | Lists or gets the available skus |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/deviceCapacityCheck/action | Performs Device Capacity Check and Returns Feasibility |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/write | Creates or updates the Data Box Edge devices |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/read | Lists or gets the Data Box Edge devices |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/delete | Deletes the Data Box Edge devices |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/getExtendedInformation/action | Retrieves resource extended information |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/updateExtendedInformation/action | Updates resource extended information |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/scanForUpdates/action | Scan for updates |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/downloadUpdates/action | Download Updates in device |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/installUpdates/action | Install Updates on device |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/uploadCertificate/action | Upload certificate for device registration |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/generateCertificate/action | Generate certificate |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggerSupportPackage/action | Trigger Support Package |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/alerts/read | Lists or gets the alerts |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/read | Lists or gets the bandwidth schedules |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/write | Creates or updates the bandwidth schedules |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/delete | Deletes the bandwidth schedules |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/deviceCapacityCheck/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/deviceCapacityInfo/read | Lists or gets the device capacity information |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/diagnosticProactiveLogCollectionSettings/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/diagnosticRemoteSupportSettings/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/jobs/read | Lists or gets the jobs |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/networkSettings/read | Lists or gets the Device network settings |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/nodes/read | Lists or gets the nodes |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/operationsStatus/read | Lists or gets the operation status |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/read | Lists or gets the orders |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/write | Creates or updates the orders |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/delete | Deletes the orders |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/listDCAccessCode/action | Lists or gets the data center access code |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostics setting for the resource |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/metricDefinitions/read | Gets the available Data Box Edge device level metrics |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/publishers/offers/skus/versions/generatesastoken/action | Gets the SAS Token for a specific image |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/publishers/offers/skus/versions/generatesastoken/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/read | Lists or gets the roles |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/migrate/action | Migrates the IoT role to ASE Kubernetes role |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/write | Creates or updates the roles |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/delete | Deletes the roles |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/read | Lists or gets the addons |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/write | Creates or updates the addons |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/delete | Deletes the addons |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/migrate/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/write | Creates or updates the monitoring configuration |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/delete | Deletes the monitoring configuration |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/read | Lists or gets the monitoring configuration |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/securitySettings/update/action | Update security settings |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/securitySettings/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/read | Lists or gets the shares |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/write | Creates or updates the shares |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/refresh/action | Refresh the share metadata with the data from the cloud |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/delete | Deletes the shares |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/write | Creates or updates the storage account credentials |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/read | Lists or gets the storage account credentials |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/delete | Deletes the storage account credentials |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/read | Lists or gets the Storage Accounts |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/write | Creates or updates the Storage Accounts |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/delete | Deletes the Storage Accounts |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/read | Lists or gets the Containers |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/write | Creates or updates the Containers |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/delete | Deletes the Containers |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/refresh/action | Refresh the container metadata with the data from the cloud |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/read | Lists or gets the triggers |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/write | Creates or updates the triggers |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/delete | Deletes the triggers |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggerSupportPackage/operationResults/read | Lists or gets the operation result |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/updateSummary/read | Lists or gets the update summary |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/read | Lists or gets the share users |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/write | Creates or updates the share users |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/delete | Deletes the share users |
-> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/operationResults/read | Lists or gets the operation result |
- ## Microsoft.Devices
+Ensure that your users are accessing your resources from devices that meet your standards for security and compliance.
+ Azure service: [IoT Hub](/azure/iot-hub/), [IoT Hub Device Provisioning Service](/azure/iot-dps/) > [!div class="mx-tableFixed"]
Azure service: [Azure Digital Twins](/azure/digital-twins/)
## Microsoft.IoTCentral
+Experience the simplicity of SaaS for IoT, with no cloud expertise required.
+ Azure service: [IoT Central](/azure/iot-central/) > [!div class="mx-tableFixed"]
Azure service: [IoT security](/azure/iot/iot-security-architecture)
> | Microsoft.IoTSecurity/onPremiseSensors/listDiagnosticsUploadDetails/action | Get details required to upload sensor diagnostics data | > | Microsoft.IoTSecurity/sensors/read | Gets IoT Sensors |
-## Microsoft.NotificationHubs
+## Microsoft.StreamAnalytics
-Azure service: [Notification Hubs](/azure/notification-hubs/)
+Real-time data stream processing from millions of IoT devices.
+
+Azure service: [Stream Analytics](/azure/stream-analytics/)
> [!div class="mx-tableFixed"] > | Action | Description | > | | |
-> | Microsoft.NotificationHubs/register/action | Registers the subscription for the NotificationHubs resource provider and enables the creation of Namespaces and NotificationHubs |
-> | Microsoft.NotificationHubs/unregister/action | Unregisters the subscription for the NotificationHubs resource provider and enables the creation of Namespaces and NotificationHubs |
-> | Microsoft.NotificationHubs/CheckNamespaceAvailability/action | Checks whether or not a given Namespace resource name is available within the NotificationHub service. |
-> | Microsoft.NotificationHubs/CheckNamespaceAvailability/read | Checks whether or not a given Namespace resource name is available within the NotificationHub service. |
-> | Microsoft.NotificationHubs/Namespaces/write | Create a Namespace Resource and Update its properties. Tags and Capacity of the Namespace are the properties which can be updated. |
-> | Microsoft.NotificationHubs/Namespaces/read | Get the list of Namespace Resource Description |
-> | Microsoft.NotificationHubs/Namespaces/delete | Delete Namespace Resource |
-> | Microsoft.NotificationHubs/Namespaces/authorizationRules/action | Get the list of Namespaces Authorization Rules description. |
-> | Microsoft.NotificationHubs/Namespaces/CheckNotificationHubAvailability/action | Checks whether or not a given NotificationHub name is available inside a Namespace. |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionsApproval/action | Approve Private Endpoint Connection |
-> | Microsoft.NotificationHubs/Namespaces/authorizationRules/write | Create a Namespace level Authorization Rules and update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated. |
-> | Microsoft.NotificationHubs/Namespaces/authorizationRules/read | Get the list of Namespaces Authorization Rules description. |
-> | Microsoft.NotificationHubs/Namespaces/authorizationRules/delete | Delete Namespace Authorization Rule. The Default Namespace Authorization Rule cannot be deleted. |
-> | Microsoft.NotificationHubs/Namespaces/authorizationRules/listkeys/action | Get the Connection String to the Namespace |
-> | Microsoft.NotificationHubs/Namespaces/authorizationRules/regenerateKeys/action | Namespace Authorization Rule Regenerate Primary/SecondaryKey, Specify the Key that needs to be regenerated |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/write | Create a Notification Hub and Update its properties. Its properties mainly include PNS Credentials. Authorization Rules and TTL |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/read | Get list of Notification Hub Resource Descriptions |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/delete | Delete Notification Hub Resource |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/action | Get the list of Notification Hub Authorization Rules |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/pnsCredentials/action | Get All Notification Hub PNS Credentials. This includes, WNS, MPNS, APNS, GCM and Baidu credentials |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/debugSend/action | Send a test push notification to 10 matched devices. |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/write | Create Notification Hub Authorization Rules and Update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated. |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/read | Get the list of Notification Hub Authorization Rules |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/delete | Delete Notification Hub Authorization Rules |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/listkeys/action | Get the Connection String to the Notification Hub |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/authorizationRules/regenerateKeys/action | Notification Hub Authorization Rule Regenerate Primary/SecondaryKey, Specify the Key that needs to be regenerated |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/metricDefinitions/read | Get list of Namespace metrics Resource Descriptions |
-> | Microsoft.NotificationHubs/Namespaces/NotificationHubs/vapidkeys/read | Get new pair of VAPID keys for a Notification Hub |
-> | Microsoft.NotificationHubs/Namespaces/operations/read | Returns a list of supported operations for Notification Hubs namespaces provider |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/validate/action | Validate Private Endpoint Connection Proxy |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/read | Get Private Endpoint Connection Proxy |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/write | Create Private Endpoint Connection Proxy |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection Proxy |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnectionProxies/operationstatus/read | Get the status of an asynchronous private endpoint operation |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/read | Get Private Endpoint Connection |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/write | Create or Update Private Endpoint Connection |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/delete | Removes Private Endpoint Connection |
-> | Microsoft.NotificationHubs/namespaces/privateEndpointConnections/operationstatus/read | Removes Private Endpoint Connection |
-> | Microsoft.NotificationHubs/namespaces/providers/Microsoft.Insights/diagnosticSettings/read | Get Namespace diagnostic settings |
-> | Microsoft.NotificationHubs/namespaces/providers/Microsoft.Insights/diagnosticSettings/write | Create or Update Namespace diagnostic settings |
-> | Microsoft.NotificationHubs/namespaces/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Namespace |
-> | Microsoft.NotificationHubs/operationResults/read | Returns operation results for Notification Hubs provider |
-> | Microsoft.NotificationHubs/operations/read | Returns a list of supported operations for Notification Hubs provider |
-> | Microsoft.NotificationHubs/resourceTypes/read | Gets a list of the resource types for Notification Hubs |
+> | Microsoft.StreamAnalytics/Register/action | Register subscription with Stream Analytics Resource Provider |
+> | Microsoft.StreamAnalytics/clusters/Delete | Delete Stream Analytics Cluster |
+> | Microsoft.StreamAnalytics/clusters/ListStreamingJobs/action | List streaming jobs for Stream Analytics Cluster |
+> | Microsoft.StreamAnalytics/clusters/Read | Read Stream Analytics Cluster |
+> | Microsoft.StreamAnalytics/clusters/Write | Write Stream Analytics Cluster |
+> | Microsoft.StreamAnalytics/clusters/operationresults/Read | Read operation results for Stream Analytics Cluster |
+> | Microsoft.StreamAnalytics/clusters/privateEndpoints/Delete | Delete Stream Analytics Cluster Private Endpoint |
+> | Microsoft.StreamAnalytics/clusters/privateEndpoints/Read | Read Stream Analytics Cluster Private Endpoint |
+> | Microsoft.StreamAnalytics/clusters/privateEndpoints/Write | Write Stream Analytics Cluster Private Endpoint |
+> | Microsoft.StreamAnalytics/clusters/privateEndpoints/operationresults/Read | Read operation results for Stream Analytics Cluster Private Endpoint |
+> | Microsoft.StreamAnalytics/locations/CompileQuery/action | Compile Query for Stream Analytics Resource Provider |
+> | Microsoft.StreamAnalytics/locations/SampleInput/action | Sample Input for Stream Analytics Resource Provider |
+> | Microsoft.StreamAnalytics/locations/TestInput/action | Test Input for Stream Analytics Resource Provider |
+> | Microsoft.StreamAnalytics/locations/TestOutput/action | Test Output for Stream Analytics Resource Provider |
+> | Microsoft.StreamAnalytics/locations/TestQuery/action | Test Query for Stream Analytics Resource Provider |
+> | Microsoft.StreamAnalytics/locations/operationresults/Read | Read Stream Analytics Operation Result |
+> | Microsoft.StreamAnalytics/locations/quotas/Read | Read Stream Analytics Subscription Quota |
+> | Microsoft.StreamAnalytics/operations/Read | Read Stream Analytics Operations |
+> | Microsoft.StreamAnalytics/streamingjobs/CompileQuery/action | Compile Query for Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/Delete | Delete Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/DownloadDiagram/action | Download job diagrams for Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/GenerateTopologies/action | Generate topologies for Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/PublishEdgePackage/action | Publish edge package for Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/Read | Read Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/Scale/action | Scale Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/Start/action | Start Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/Stop/action | Stop Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/TestQuery/action | Test Query for Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/Write | Write Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/functions/Delete | Delete Stream Analytics Job Function |
+> | Microsoft.StreamAnalytics/streamingjobs/functions/Read | Read Stream Analytics Job Function |
+> | Microsoft.StreamAnalytics/streamingjobs/functions/RetrieveDefaultDefinition/action | Retrieve Default Definition of a Stream Analytics Job Function |
+> | Microsoft.StreamAnalytics/streamingjobs/functions/Test/action | Test Stream Analytics Job Function |
+> | Microsoft.StreamAnalytics/streamingjobs/functions/Write | Write Stream Analytics Job Function |
+> | Microsoft.StreamAnalytics/streamingjobs/functions/operationresults/Read | Read operation results for Stream Analytics Job Function |
+> | Microsoft.StreamAnalytics/streamingjobs/inputs/Delete | Delete Stream Analytics Job Input |
+> | Microsoft.StreamAnalytics/streamingjobs/inputs/Read | Read Stream Analytics Job Input |
+> | Microsoft.StreamAnalytics/streamingjobs/inputs/Sample/action | Sample Stream Analytics Job Input |
+> | Microsoft.StreamAnalytics/streamingjobs/inputs/Test/action | Test Stream Analytics Job Input |
+> | Microsoft.StreamAnalytics/streamingjobs/inputs/Write | Write Stream Analytics Job Input |
+> | Microsoft.StreamAnalytics/streamingjobs/inputs/operationresults/Read | Read operation results for Stream Analytics Job Input |
+> | Microsoft.StreamAnalytics/streamingjobs/metricdefinitions/Read | Read Metric Definitions |
+> | Microsoft.StreamAnalytics/streamingjobs/operationresults/Read | Read operation results for Stream Analytics Job |
+> | Microsoft.StreamAnalytics/streamingjobs/outputs/Delete | Delete Stream Analytics Job Output |
+> | Microsoft.StreamAnalytics/streamingjobs/outputs/Read | Read Stream Analytics Job Output |
+> | Microsoft.StreamAnalytics/streamingjobs/outputs/Test/action | Test Stream Analytics Job Output |
+> | Microsoft.StreamAnalytics/streamingjobs/outputs/Write | Write Stream Analytics Job Output |
+> | Microsoft.StreamAnalytics/streamingjobs/outputs/operationresults/Read | Read operation results for Stream Analytics Job Output |
+> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/diagnosticSettings/read | Read diagnostic setting. |
+> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/diagnosticSettings/write | Write diagnostic setting. |
+> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for streamingjobs |
+> | Microsoft.StreamAnalytics/streamingjobs/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for streamingjobs |
+> | Microsoft.StreamAnalytics/streamingjobs/Skus/Read | Read Stream Analytics Job SKUs |
+> | Microsoft.StreamAnalytics/streamingjobs/transformations/Delete | Delete Stream Analytics Job Transformation |
+> | Microsoft.StreamAnalytics/streamingjobs/transformations/Read | Read Stream Analytics Job Transformation |
+> | Microsoft.StreamAnalytics/streamingjobs/transformations/Write | Write Stream Analytics Job Transformation |
## Microsoft.TimeSeriesInsights
+Explore and analyze time-series data from IoT devices.
+ Azure service: [Time Series Insights](/azure/time-series-insights/) > [!div class="mx-tableFixed"]
role-based-access-control Management And Governance https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/management-and-governance.md
This article lists the permissions for the Azure resource providers in the Manag
## Microsoft.Advisor
+Your personalized Azure best practices recommendation engine.
+ Azure service: [Azure Advisor](/azure/advisor/) > [!div class="mx-tableFixed"]
Azure service: [Azure Policy](/azure/governance/policy/overview), [Azure RBAC](/
## Microsoft.Automation
+Simplify cloud management with process automation.
+ Azure service: [Automation](/azure/automation/) > [!div class="mx-tableFixed"]
Azure service: [Automation](/azure/automation/)
> | Microsoft.Automation/deletedAutomationAccounts/read | Gets an Azure Automation deleted account | > | Microsoft.Automation/operations/read | Gets Available Operations for Azure Automation resources |
-## Microsoft.Batch
-
-Azure service: [Batch](/azure/batch/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Batch/register/action | Registers the subscription for the Batch Resource Provider and enables the creation of Batch accounts |
-> | Microsoft.Batch/unregister/action | Unregisters the subscription for the Batch Resource Provider preventing the creation of Batch accounts |
-> | Microsoft.Batch/batchAccounts/read | Lists Batch accounts or gets the properties of a Batch account |
-> | Microsoft.Batch/batchAccounts/write | Creates a new Batch account or updates an existing Batch account |
-> | Microsoft.Batch/batchAccounts/delete | Deletes a Batch account |
-> | Microsoft.Batch/batchAccounts/listkeys/action | Lists access keys for a Batch account |
-> | Microsoft.Batch/batchAccounts/regeneratekeys/action | Regenerates access keys for a Batch account |
-> | Microsoft.Batch/batchAccounts/syncAutoStorageKeys/action | Synchronizes access keys for the auto storage account configured for a Batch account |
-> | Microsoft.Batch/batchAccounts/applications/read | Lists applications or gets the properties of an application |
-> | Microsoft.Batch/batchAccounts/applications/write | Creates a new application or updates an existing application |
-> | Microsoft.Batch/batchAccounts/applications/delete | Deletes an application |
-> | Microsoft.Batch/batchAccounts/applications/versions/read | Gets the properties of an application package |
-> | Microsoft.Batch/batchAccounts/applications/versions/write | Creates a new application package or updates an existing application package |
-> | Microsoft.Batch/batchAccounts/applications/versions/delete | Deletes an application package |
-> | Microsoft.Batch/batchAccounts/applications/versions/activate/action | Activates an application package |
-> | Microsoft.Batch/batchAccounts/certificateOperationResults/read | Gets the results of a long running certificate operation on a Batch account |
-> | Microsoft.Batch/batchAccounts/certificates/read | Lists certificates on a Batch account or gets the properties of a certificate |
-> | Microsoft.Batch/batchAccounts/certificates/write | Creates a new certificate on a Batch account or updates an existing certificate |
-> | Microsoft.Batch/batchAccounts/certificates/delete | Deletes a certificate from a Batch account |
-> | Microsoft.Batch/batchAccounts/certificates/cancelDelete/action | Cancels the failed deletion of a certificate on a Batch account |
-> | Microsoft.Batch/batchAccounts/detectors/read | Gets AppLens Detector or Lists AppLens Detectors on a Batch account |
-> | Microsoft.Batch/batchAccounts/operationResults/read | Gets the results of a long running Batch account operation |
-> | Microsoft.Batch/batchAccounts/outboundNetworkDependenciesEndpoints/read | Lists the outbound network dependency endpoints for a Batch account |
-> | Microsoft.Batch/batchAccounts/poolOperationResults/read | Gets the results of a long running pool operation on a Batch account |
-> | Microsoft.Batch/batchAccounts/pools/read | Lists pools on a Batch account or gets the properties of a pool |
-> | Microsoft.Batch/batchAccounts/pools/write | Creates a new pool on a Batch account or updates an existing pool |
-> | Microsoft.Batch/batchAccounts/pools/delete | Deletes a pool from a Batch account |
-> | Microsoft.Batch/batchAccounts/pools/stopResize/action | Stops an ongoing resize operation on a Batch account pool |
-> | Microsoft.Batch/batchAccounts/pools/disableAutoscale/action | Disables automatic scaling for a Batch account pool |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/validate/action | Validates a Private endpoint connection proxy on a Batch account |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/write | Create a new Private endpoint connection proxy on a Batch account |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/read | Gets Private endpoint connection proxy on a Batch account |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/delete | Delete a Private endpoint connection proxy on a Batch account |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxyResults/read | Gets the results of a long running Batch account private endpoint connection proxy operation |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnectionResults/read | Gets the results of a long running Batch account private endpoint connection operation |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnections/write | Update an existing Private endpoint connection on a Batch account |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnections/read | Gets Private endpoint connection or Lists Private endpoint connections on a Batch account |
-> | Microsoft.Batch/batchAccounts/privateEndpointConnections/delete | Delete a Private endpoint connection on a Batch account |
-> | Microsoft.Batch/batchAccounts/privateLinkResources/read | Gets the properties of a Private link resource or Lists Private link resources on a Batch account |
-> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
-> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
-> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the Batch service |
-> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for the Batch service |
-> | Microsoft.Batch/deployments/preflight/action | Runs Preflight validation for resources included in the request |
-> | Microsoft.Batch/locations/checkNameAvailability/action | Checks that the account name is valid and not in use. |
-> | Microsoft.Batch/locations/accountOperationResults/read | Gets the results of a long running Batch account operation |
-> | Microsoft.Batch/locations/cloudServiceSkus/read | Lists available Batch supported Cloud Service VM sizes at the given location |
-> | Microsoft.Batch/locations/quotas/read | Gets Batch quotas of the specified subscription at the specified Azure region |
-> | Microsoft.Batch/locations/virtualMachineSkus/read | Lists available Batch supported Virtual Machine VM sizes at the given location |
-> | Microsoft.Batch/operations/read | Lists operations available on Microsoft.Batch resource provider |
-> | **DataAction** | **Description** |
-> | Microsoft.Batch/batchAccounts/jobs/read | Lists jobs on a Batch account or gets the properties of a job |
-> | Microsoft.Batch/batchAccounts/jobs/write | Creates a new job on a Batch account or updates an existing job |
-> | Microsoft.Batch/batchAccounts/jobs/delete | Deletes a job from a Batch account |
-> | Microsoft.Batch/batchAccounts/jobSchedules/read | Lists job schedules on a Batch account or gets the properties of a job schedule |
-> | Microsoft.Batch/batchAccounts/jobSchedules/write | Creates a new job schedule on a Batch account or updates an existing job schedule |
-> | Microsoft.Batch/batchAccounts/jobSchedules/delete | Deletes a job schedule from a Batch account |
- ## Microsoft.Billing
+Manage your subscriptions and see usage and billing.
+ Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > [!div class="mx-tableFixed"]
Azure service: [Cost Management + Billing](/azure/cost-management-billing/)
## Microsoft.Blueprint
+Enabling quick, repeatable creation of governed environments.
+ Azure service: [Azure Blueprints](/azure/governance/blueprints/) > [!div class="mx-tableFixed"]
Azure service: [Azure Blueprints](/azure/governance/blueprints/)
> | Microsoft.Blueprint/blueprints/versions/delete | Delete any blueprints | > | Microsoft.Blueprint/blueprints/versions/artifacts/read | Read any blueprint artifacts |
-## Microsoft.Capacity
-
-Azure service: core
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Capacity/calculateprice/action | Calculate any Reservation Price |
-> | Microsoft.Capacity/checkoffers/action | Check any Subscription Offers |
-> | Microsoft.Capacity/checkscopes/action | Check any Subscription |
-> | Microsoft.Capacity/validatereservationorder/action | Validate any Reservation |
-> | Microsoft.Capacity/reservationorders/action | Update any Reservation |
-> | Microsoft.Capacity/register/action | Registers the Capacity resource provider and enables the creation of Capacity resources. |
-> | Microsoft.Capacity/unregister/action | Unregister any Tenant |
-> | Microsoft.Capacity/calculateexchange/action | Computes the exchange amount and price of new purchase and returns policy Errors. |
-> | Microsoft.Capacity/exchange/action | Exchange any Reservation |
-> | Microsoft.Capacity/listSkus/action | Lists SKUs with filters and without any restrictions |
-> | Microsoft.Capacity/appliedreservations/read | Read All Reservations |
-> | Microsoft.Capacity/catalogs/read | Read catalog of Reservation |
-> | Microsoft.Capacity/commercialreservationorders/read | Get Reservation Orders created in any Tenant |
-> | Microsoft.Capacity/operations/read | Read any Operation |
-> | Microsoft.Capacity/reservationorders/changedirectory/action | Change directory of any reservation |
-> | Microsoft.Capacity/reservationorders/availablescopes/action | Find any Available Scope |
-> | Microsoft.Capacity/reservationorders/read | Read All Reservations |
-> | Microsoft.Capacity/reservationorders/write | Create any Reservation |
-> | Microsoft.Capacity/reservationorders/delete | Delete any Reservation |
-> | Microsoft.Capacity/reservationorders/reservations/action | Update any Reservation |
-> | Microsoft.Capacity/reservationorders/return/action | Return any Reservation |
-> | Microsoft.Capacity/reservationorders/swap/action | Swap any Reservation |
-> | Microsoft.Capacity/reservationorders/split/action | Split any Reservation |
-> | Microsoft.Capacity/reservationorders/changeBilling/action | Reservation billing change |
-> | Microsoft.Capacity/reservationorders/merge/action | Merge any Reservation |
-> | Microsoft.Capacity/reservationorders/calculaterefund/action | Computes the refund amount and price of new purchase and returns policy Errors. |
-> | Microsoft.Capacity/reservationorders/changebillingoperationresults/read | Poll any Reservation billing change operation |
-> | Microsoft.Capacity/reservationorders/mergeoperationresults/read | Poll any merge operation |
-> | Microsoft.Capacity/reservationorders/reservations/availablescopes/action | Find any Available Scope |
-> | Microsoft.Capacity/reservationorders/reservations/read | Read All Reservations |
-> | Microsoft.Capacity/reservationorders/reservations/write | Create any Reservation |
-> | Microsoft.Capacity/reservationorders/reservations/delete | Delete any Reservation |
-> | Microsoft.Capacity/reservationorders/reservations/archive/action | Archive a reservation which is in a terminal state like Expired, Split etc. |
-> | Microsoft.Capacity/reservationorders/reservations/unarchive/action | Unarchive a Reservation which was previously archived |
-> | Microsoft.Capacity/reservationorders/reservations/revisions/read | Read All Reservations |
-> | Microsoft.Capacity/reservationorders/splitoperationresults/read | Poll any split operation |
-> | Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | Get the current service limit or quota of the specified resource and location |
-> | Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | Create service limit or quota for the specified resource and location |
-> | Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | Get any service limit request for the specified resource and location |
-> | Microsoft.Capacity/tenants/register/action | Register any Tenant |
-
-## Microsoft.Commerce
-
-Azure service: core
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Commerce/register/action | Register Subscription for Microsoft Commerce UsageAggregate |
-> | Microsoft.Commerce/unregister/action | Unregister Subscription for Microsoft Commerce UsageAggregate |
-> | Microsoft.Commerce/RateCard/read | Returns offer data, resource/meter metadata and rates for the given subscription. |
-> | Microsoft.Commerce/UsageAggregates/read | Retrieves Microsoft Azure's consumption by a subscription. The result contains aggregates usage data, subscription and resource related information, on a particular time range. |
- ## Microsoft.Consumption
+Programmatic access to cost and usage data for your Azure resources.
+ Azure service: [Cost Management](/azure/cost-management-billing/) > [!div class="mx-tableFixed"]
Azure service: [Cost Management](/azure/cost-management-billing/)
## Microsoft.CostManagement
+Optimize what you spend on the cloud, while maximizing cloud potential.
+ Azure service: [Cost Management](/azure/cost-management-billing/) > [!div class="mx-tableFixed"]
Azure service: [Cost Management](/azure/cost-management-billing/)
> | Microsoft.CostManagement/views/delete | Delete saved views. | > | Microsoft.CostManagement/views/write | Update view. |
-## Microsoft.DataProtection
-
-Azure service: Microsoft.DataProtection
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.DataProtection/register/action | Registers subscription for given Resource Provider |
-> | Microsoft.DataProtection/unregister/action | Unregisters subscription for given Resource Provider |
-> | Microsoft.DataProtection/backupVaults/write | Create BackupVault operation creates an Azure resource of type 'Backup Vault' |
-> | Microsoft.DataProtection/backupVaults/write | Update BackupVault operation updates an Azure resource of type 'Backup Vault' |
-> | Microsoft.DataProtection/backupVaults/read | The Get Backup Vault operation gets an object representing the Azure resource of type 'Backup Vault' |
-> | Microsoft.DataProtection/backupVaults/read | Gets list of Backup Vaults in a Subscription |
-> | Microsoft.DataProtection/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
-> | Microsoft.DataProtection/backupVaults/delete | The Delete Vault operation deletes the specified Azure resource of type 'Backup Vault' |
-> | Microsoft.DataProtection/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/write | Creates a Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/validateForModifyBackup/action | Validates for modification of Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/delete | Deletes the Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/read | Returns details of the Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/read | Returns all Backup Instances |
-> | Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/sync/action | Sync operation retries last failed operation on backup instance to bring it to a valid state. |
-> | Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
-> | Microsoft.DataProtection/backupVaults/backupInstances/stopProtection/action | Stop Protection operation stops both backup and retention schedules of backup instance. Existing data will be retained forever. |
-> | Microsoft.DataProtection/backupVaults/backupInstances/suspendBackups/action | Suspend Backups operation stops only backups of backup instance. Retention activities will continue and hence data will be ratained as per policy. |
-> | Microsoft.DataProtection/backupVaults/backupInstances/resumeProtection/action | Resume protection of a ProtectionStopped BI. |
-> | Microsoft.DataProtection/backupVaults/backupInstances/resumeBackups/action | Resume Backups for a BackupsSuspended BI. |
-> | Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
-> | Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Returns Backup Operation Result for Backup Vault. |
-> | Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returns details of the Recovery Point |
-> | Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
-> | Microsoft.DataProtection/backupVaults/backupJobs/read | Get Jobs list |
-> | Microsoft.DataProtection/backupVaults/backupJobs/enableProgress/action | Get Job details |
-> | Microsoft.DataProtection/backupVaults/backupPolicies/write | Creates Backup Policy |
-> | Microsoft.DataProtection/backupVaults/backupPolicies/delete | Deletes the Backup Policy |
-> | Microsoft.DataProtection/backupVaults/backupPolicies/read | Returns details of the Backup Policy |
-> | Microsoft.DataProtection/backupVaults/backupPolicies/read | Returns all Backup Policies |
-> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Get the list of ResourceGuard proxies for a resource |
-> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy' |
-> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' |
-> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' |
-> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation |
-> | Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action | Perform undelete of soft-deleted Backup Instance. Backup Instance moves from SoftDeleted to ProtectionStopped state. |
-> | Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Get soft-deleted Backup Instance in a Backup Vault by name |
-> | Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
-> | Microsoft.DataProtection/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
-> | Microsoft.DataProtection/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | Microsoft.DataProtection/locations/checkNameAvailability/action | Checks if the requested BackupVault Name is Available |
-> | Microsoft.DataProtection/locations/getBackupStatus/action | Check Backup Status for Recovery Services Vaults |
-> | Microsoft.DataProtection/locations/checkFeatureSupport/action | Validates if a feature is supported |
-> | Microsoft.DataProtection/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
-> | Microsoft.DataProtection/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | Microsoft.DataProtection/operations/read | Operation returns the list of Operations for a Resource Provider |
-> | Microsoft.DataProtection/subscriptions/providers/resourceGuards/read | Gets list of ResourceGuards in a Subscription |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Triggers cross region restore operation on given backup instance. |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Performs validations for cross region restore operation. |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write | Create ResourceGuard operation creates an Azure resource of type 'ResourceGuard' |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read | The Get ResourceGuard operation gets an object representing the Azure resource of type 'ResourceGuard' |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete | The Delete ResourceGuard operation deletes the specified Azure resource of type 'ResourceGuard' |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read | Gets list of ResourceGuards in a Resource Group |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write | Update ResouceGuard operation updates an Azure resource of type 'ResourceGuard' |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | Gets ResourceGuard operation request info |
-> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | Gets ResourceGuard default operation request info |
- ## Microsoft.Features Azure service: [Azure Resource Manager](/azure/azure-resource-manager/)
Azure service: [Azure Resource Manager](/azure/azure-resource-manager/)
## Microsoft.GuestConfiguration
+Audit settings inside a machine using Azure Policy.
+ Azure service: [Azure Policy](/azure/governance/policy/) > [!div class="mx-tableFixed"]
Azure service: [Azure Policy](/azure/governance/policy/)
## Microsoft.Intune
+Enable your workforce to be productive on all their devices, while keeping your organization's information protected.
+ Azure service: Microsoft Monitoring Insights > [!div class="mx-tableFixed"]
Azure service: [Azure Lighthouse](/azure/lighthouse/)
## Microsoft.Management
+Use management groups to efficiently apply governance controls and manage groups of Azure subscriptions.
+ Azure service: [Management Groups](/azure/governance/management-groups/) > [!div class="mx-tableFixed"]
Azure service: [Management Groups](/azure/governance/management-groups/)
## Microsoft.PolicyInsights
+Summarize policy states for the subscription level policy definition.
+ Azure service: [Azure Policy](/azure/governance/policy/) > [!div class="mx-tableFixed"]
Azure service: [Azure Policy](/azure/governance/policy/)
## Microsoft.Portal
+Build, manage, and monitor all Azure products in a single, unified console.
+ Azure service: [Azure portal](/azure/azure-portal/) > [!div class="mx-tableFixed"]
Azure service: [Azure portal](/azure/azure-portal/)
> | Microsoft.Portal/usersettings/write | Create or update Cloud Shell user setting. | > | Microsoft.Portal/usersettings/read | Reads the Cloud Shell user settings. |
-## Microsoft.Purview
-
-Azure service: [Microsoft Purview](/purview/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Purview/register/action | Register the subscription for Microsoft Purview provider. |
-> | Microsoft.Purview/unregister/action | Unregister the subscription for Microsoft Purview provider. |
-> | Microsoft.Purview/setDefaultAccount/action | Sets the default account for the scope. |
-> | Microsoft.Purview/removeDefaultAccount/action | Removes the default account for the scope. |
-> | Microsoft.Purview/accounts/read | Read account resource for Microsoft Purview provider. |
-> | Microsoft.Purview/accounts/write | Write account resource for Microsoft Purview provider. |
-> | Microsoft.Purview/accounts/delete | Delete account resource for Microsoft Purview provider. |
-> | Microsoft.Purview/accounts/listkeys/action | List keys on the account resource for Microsoft Purview provider. |
-> | Microsoft.Purview/accounts/addrootcollectionadmin/action | Add root collection admin to account resource for Microsoft Purview provider. |
-> | Microsoft.Purview/accounts/move/action | Move account resource for Microsoft Purview provider. |
-> | Microsoft.Purview/accounts/PrivateEndpointConnectionsApproval/action | Approve Private Endpoint Connection. |
-> | Microsoft.Purview/accounts/kafkaConfigurations/read | Read Kafka Configurations. |
-> | Microsoft.Purview/accounts/kafkaConfigurations/write | Create or update Kafka Configurations. |
-> | Microsoft.Purview/accounts/kafkaConfigurations/delete | Delete Kafka Configurations. |
-> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/read | Read Account Private Endpoint Connection Proxy. |
-> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/write | Write Account Private Endpoint Connection Proxy. |
-> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/delete | Delete Account Private Endpoint Connection Proxy. |
-> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/validate/action | Validate Account Private Endpoint Connection Proxy. |
-> | Microsoft.Purview/accounts/privateEndpointConnectionProxies/operationResults/read | Monitor Private Endpoint Connection Proxy async operations. |
-> | Microsoft.Purview/accounts/privateEndpointConnections/read | Read Private Endpoint Connection. |
-> | Microsoft.Purview/accounts/privateEndpointConnections/write | Create or update Private Endpoint Connection. |
-> | Microsoft.Purview/accounts/privateEndpointConnections/delete | Delete Private Endpoint Connection. |
-> | Microsoft.Purview/accounts/privatelinkresources/read | Read Account Link Resources. |
-> | Microsoft.Purview/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
-> | Microsoft.Purview/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
-> | Microsoft.Purview/accounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the catalog. |
-> | Microsoft.Purview/accounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for the catalog. |
-> | Microsoft.Purview/checkConsent/read | Resolve the scope the Consent is granted. |
-> | Microsoft.Purview/checknameavailability/read | Check if name of purview account resource is available for Microsoft Purview provider. |
-> | Microsoft.Purview/consents/read | Read Consent Resource. |
-> | Microsoft.Purview/consents/write | Create or Update a Consent Resource. |
-> | Microsoft.Purview/consents/delete | Delete the Consent Resource. |
-> | Microsoft.Purview/getDefaultAccount/read | Gets the default account for the scope. |
-> | Microsoft.Purview/locations/operationResults/read | Monitor async operations. |
-> | Microsoft.Purview/operations/read | Reads all available operations for Microsoft Purview provider. |
-> | Microsoft.Purview/policies/read | Read Policy Resource. |
-> | **DataAction** | **Description** |
-> | Microsoft.Purview/accounts/data/read | Permission is deprecated. |
-> | Microsoft.Purview/accounts/data/write | Permission is deprecated. |
-> | Microsoft.Purview/accounts/scan/read | Permission is deprecated. |
-> | Microsoft.Purview/accounts/scan/write | Permission is deprecated. |
-> | Microsoft.Purview/attributeBlobs/read | Read Attribute Blob. |
-> | Microsoft.Purview/attributeBlobs/write | Write Attribute Blob. |
-> | Microsoft.Purview/policyElements/read | Read Policy Element. |
-> | Microsoft.Purview/policyElements/write | Create or update Policy Element. |
-> | Microsoft.Purview/policyElements/delete | Delete Policy Element. |
-> | Microsoft.Purview/purviewAccountBindings/read | Read Account Binding. |
-> | Microsoft.Purview/purviewAccountBindings/write | Create or update Account Binding. |
-> | Microsoft.Purview/purviewAccountBindings/delete | Delete Account Binding. |
- ## Microsoft.RecoveryServices
+Hold and organize backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases.
+ Azure service: [Site Recovery](/azure/site-recovery/) > [!div class="mx-tableFixed"]
Azure service: [Site Recovery](/azure/site-recovery/)
## Microsoft.ResourceGraph
+Powerful tool to query, explore, and analyze your cloud resources at scale.
+ Azure service: [Azure Resource Graph](/azure/governance/resource-graph/) > [!div class="mx-tableFixed"]
Azure service: [Azure Resource Graph](/azure/governance/resource-graph/)
> | Microsoft.ResourceGraph/resources/read | Submits a query on resources within specified subscriptions, management groups or tenant scope | > | Microsoft.ResourceGraph/resourcesHistory/read | List all snapshots of resources history within specified subscriptions, management groups or tenant scope |
+## Microsoft.ResourceHealth
+
+Diagnose and get support for service problems that affect your Azure resources.
+
+Azure service: [Azure Service Health](/azure/service-health/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.ResourceHealth/events/action | Endpoint to fetch details for event |
+> | Microsoft.ResourceHealth/register/action | Registers the subscription for the Microsoft ResourceHealth |
+> | Microsoft.ResourceHealth/unregister/action | Unregisters the subscription for the Microsoft ResourceHealth |
+> | Microsoft.Resourcehealth/healthevent/action | Denotes the change in health state for the specified resource |
+> | Microsoft.ResourceHealth/AvailabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | Microsoft.ResourceHealth/AvailabilityStatuses/current/read | Gets the availability status for the specified resource |
+> | Microsoft.ResourceHealth/emergingissues/read | Get Azure services' emerging issues |
+> | Microsoft.ResourceHealth/events/read | Get Service Health Events for given subscription |
+> | Microsoft.ResourceHealth/events/fetchEventDetails/action | Endpoint to fetch details for event |
+> | Microsoft.ResourceHealth/events/listSecurityAdvisoryImpactedResources/action | Get Impacted Resources for a given event of type SecurityAdvisory |
+> | Microsoft.ResourceHealth/events/impactedResources/read | Get Impacted Resources for a given event |
+> | Microsoft.Resourcehealth/healthevent/Activated/action | Denotes the change in health state for the specified resource |
+> | Microsoft.Resourcehealth/healthevent/Updated/action | Denotes the change in health state for the specified resource |
+> | Microsoft.Resourcehealth/healthevent/Resolved/action | Denotes the change in health state for the specified resource |
+> | Microsoft.Resourcehealth/healthevent/InProgress/action | Denotes the change in health state for the specified resource |
+> | Microsoft.Resourcehealth/healthevent/Pending/action | Denotes the change in health state for the specified resource |
+> | Microsoft.ResourceHealth/impactedResources/read | Get Impacted Resources for given subscription |
+> | Microsoft.ResourceHealth/metadata/read | Gets Metadata |
+> | Microsoft.ResourceHealth/Notifications/read | Receives Azure Resource Manager notifications |
+> | Microsoft.ResourceHealth/Operations/read | Get the operations available for the Microsoft ResourceHealth |
+> | Microsoft.ResourceHealth/potentialoutages/read | Get Potential Outages for given subscription |
+ ## Microsoft.Resources
+Deployment and management service for Azure that enables you to create, update, and delete resources in your Azure subscription.
+ Azure service: [Azure Resource Manager](/azure/azure-resource-manager/) > [!div class="mx-tableFixed"]
Azure service: [Azure Resource Manager](/azure/azure-resource-manager/)
## Microsoft.Solutions
+Find the solution to meet the needs of your application or business.
+ Azure service: [Azure Managed Applications](/azure/azure-resource-manager/managed-applications/) > [!div class="mx-tableFixed"]
Azure service: [Azure Managed Applications](/azure/azure-resource-manager/manage
> | Microsoft.Solutions/locations/operationstatuses/write | write operationstatuses | > | Microsoft.Solutions/operations/read | read operations |
-## Microsoft.Subscription
-
-Azure service: core
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Subscription/cancel/action | Cancels the Subscription |
-> | Microsoft.Subscription/rename/action | Renames the Subscription |
-> | Microsoft.Subscription/enable/action | Reactivates the Subscription |
-> | Microsoft.Subscription/aliases/write | Create subscription alias |
-> | Microsoft.Subscription/aliases/read | Get subscription alias |
-> | Microsoft.Subscription/aliases/delete | Delete subscription alias |
-> | Microsoft.Subscription/Policies/write | Create tenant policy |
-> | Microsoft.Subscription/Policies/default/read | Get tenant policy |
-> | Microsoft.Subscription/subscriptions/acceptOwnership/action | Accept ownership of Subscription |
-> | Microsoft.Subscription/subscriptions/acceptOwnershipStatus/read | Get the status of accepting ownership of Subscription |
- ## Next steps - [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types)
role-based-access-control Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/migration.md
This article lists the permissions for the Azure resource providers in the Migration category. You can use these permissions in your own [Azure custom roles](/azure/role-based-access-control/custom-roles) to provide granular access control to resources in Azure. Permission strings have the following format: `{Company}.{ProviderName}/{resourceType}/{action}`
+## Microsoft.DataBox
+
+Move stored or in-flight data to Azure quickly and cost-effectively.
+
+Azure service: [Azure Data Box](/azure/databox/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.DataBox/register/action | Register Provider Microsoft.Databox |
+> | Microsoft.DataBox/unregister/action | Un-Register Provider Microsoft.Databox |
+> | Microsoft.DataBox/jobs/cancel/action | Cancels an order in progress. |
+> | Microsoft.DataBox/jobs/bookShipmentPickUp/action | Allows to book a pick up for return shipments. |
+> | Microsoft.DataBox/jobs/mitigate/action | This method helps in performing mitigation action on a job with a resolution code |
+> | Microsoft.DataBox/jobs/markDevicesShipped/action | |
+> | Microsoft.DataBox/jobs/read | List or get the Orders |
+> | Microsoft.DataBox/jobs/delete | Delete the Orders |
+> | Microsoft.DataBox/jobs/write | Create or update the Orders |
+> | Microsoft.DataBox/jobs/listCredentials/action | Lists the unencrypted credentials related to the order. |
+> | Microsoft.DataBox/jobs/eventGridFilters/write | Create or update the Event Grid Subscription Filter |
+> | Microsoft.DataBox/jobs/eventGridFilters/read | List or get the Event Grid Subscription Filter |
+> | Microsoft.DataBox/jobs/eventGridFilters/delete | Delete the Event Grid Subscription Filter |
+> | Microsoft.DataBox/locations/validateInputs/action | This method does all type of validations. |
+> | Microsoft.DataBox/locations/validateAddress/action | Validates the shipping address and provides alternate addresses if any. |
+> | Microsoft.DataBox/locations/availableSkus/action | This method returns the list of available skus. |
+> | Microsoft.DataBox/locations/regionConfiguration/action | This method returns the configurations for the region. |
+> | Microsoft.DataBox/locations/availableSkus/read | List or get the Available Skus |
+> | Microsoft.DataBox/locations/operationResults/read | List or get the Operation Results |
+> | Microsoft.DataBox/operations/read | List or get the Operations |
+> | Microsoft.DataBox/subscriptions/resourceGroups/moveResources/action | This method performs the resource move. |
+> | Microsoft.DataBox/subscriptions/resourceGroups/validateMoveResources/action | This method validates whether resource move is allowed or not. |
+
+## Microsoft.DataBoxEdge
+
+Appliances and solutions for data transfer to Azure and edge compute.
+
+Azure service: [Azure Stack Edge](/azure/databox-online/azure-stack-edge-overview)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.DataBoxEdge/availableSkus/read | Lists or gets the available skus |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/deviceCapacityCheck/action | Performs Device Capacity Check and Returns Feasibility |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/write | Creates or updates the Data Box Edge devices |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/read | Lists or gets the Data Box Edge devices |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/delete | Deletes the Data Box Edge devices |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/getExtendedInformation/action | Retrieves resource extended information |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/updateExtendedInformation/action | Updates resource extended information |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/scanForUpdates/action | Scan for updates |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/downloadUpdates/action | Download Updates in device |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/installUpdates/action | Install Updates on device |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/uploadCertificate/action | Upload certificate for device registration |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/generateCertificate/action | Generate certificate |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggerSupportPackage/action | Trigger Support Package |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/alerts/read | Lists or gets the alerts |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/read | Lists or gets the bandwidth schedules |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/write | Creates or updates the bandwidth schedules |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/delete | Deletes the bandwidth schedules |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/bandwidthSchedules/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/deviceCapacityCheck/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/deviceCapacityInfo/read | Lists or gets the device capacity information |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/diagnosticProactiveLogCollectionSettings/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/diagnosticRemoteSupportSettings/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/jobs/read | Lists or gets the jobs |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/networkSettings/read | Lists or gets the Device network settings |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/nodes/read | Lists or gets the nodes |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/operationsStatus/read | Lists or gets the operation status |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/read | Lists or gets the orders |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/write | Creates or updates the orders |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/delete | Deletes the orders |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/listDCAccessCode/action | Lists or gets the data center access code |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostics setting for the resource |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/metricDefinitions/read | Gets the available Data Box Edge device level metrics |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/publishers/offers/skus/versions/generatesastoken/action | Gets the SAS Token for a specific image |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/publishers/offers/skus/versions/generatesastoken/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/read | Lists or gets the roles |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/migrate/action | Migrates the IoT role to ASE Kubernetes role |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/write | Creates or updates the roles |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/delete | Deletes the roles |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/read | Lists or gets the addons |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/write | Creates or updates the addons |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/delete | Deletes the addons |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/addons/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/migrate/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/write | Creates or updates the monitoring configuration |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/delete | Deletes the monitoring configuration |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/read | Lists or gets the monitoring configuration |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/monitoringConfig/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/securitySettings/update/action | Update security settings |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/securitySettings/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/read | Lists or gets the shares |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/write | Creates or updates the shares |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/refresh/action | Refresh the share metadata with the data from the cloud |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/delete | Deletes the shares |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/shares/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/write | Creates or updates the storage account credentials |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/read | Lists or gets the storage account credentials |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/delete | Deletes the storage account credentials |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccountCredentials/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/read | Lists or gets the Storage Accounts |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/write | Creates or updates the Storage Accounts |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/delete | Deletes the Storage Accounts |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/read | Lists or gets the Containers |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/write | Creates or updates the Containers |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/delete | Deletes the Containers |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/refresh/action | Refresh the container metadata with the data from the cloud |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/containers/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/storageAccounts/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/read | Lists or gets the triggers |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/write | Creates or updates the triggers |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/delete | Deletes the triggers |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggers/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/triggerSupportPackage/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/updateSummary/read | Lists or gets the update summary |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/read | Lists or gets the share users |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/write | Creates or updates the share users |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/delete | Deletes the share users |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/users/operationResults/read | Lists or gets the operation result |
+
+## Microsoft.DataMigration
+
+Simplify on-premises database migration to the cloud.
+
+Azure service: [Azure Database Migration Service](/azure/dms/)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.DataMigration/register/action | Registers the subscription with the Azure Database Migration Service provider |
+> | Microsoft.DataMigration/databaseMigrations/write | Create or Update Database Migration resource |
+> | Microsoft.DataMigration/databaseMigrations/delete | Delete Database Migration resource |
+> | Microsoft.DataMigration/databaseMigrations/read | Retrieve the Database Migration resource |
+> | Microsoft.DataMigration/databaseMigrations/cancel/action | Stop ongoing migration for the database |
+> | Microsoft.DataMigration/databaseMigrations/cutover/action | Cutover online migration operation for the database |
+> | Microsoft.DataMigration/locations/migrationServiceOperationResults/read | Retrieve Service Operation Results |
+> | Microsoft.DataMigration/locations/operationResults/read | Get the status of a long-running operation related to a 202 Accepted response |
+> | Microsoft.DataMigration/locations/operationStatuses/read | Get the status of a long-running operation related to a 202 Accepted response |
+> | Microsoft.DataMigration/locations/sqlMigrationServiceOperationResults/read | Retrieve Service Operation Results |
+> | Microsoft.DataMigration/migrationServices/write | Create a new or change properties of existing Service |
+> | Microsoft.DataMigration/migrationServices/delete | Delete existing Service |
+> | Microsoft.DataMigration/migrationServices/read | Retrieve details of Migration Service |
+> | Microsoft.DataMigration/migrationServices/read | Retrieve details of Migration Services in a Resource Group |
+> | Microsoft.DataMigration/migrationServices/read | Retrieve all services in the Subscription |
+> | Microsoft.DataMigration/migrationServices/listMigrations/read | |
+> | Microsoft.DataMigration/operations/read | Get all REST Operations |
+> | Microsoft.DataMigration/services/read | Read information about resources |
+> | Microsoft.DataMigration/services/write | Create or update resources and their properties |
+> | Microsoft.DataMigration/services/delete | Deletes a resource and all of its children |
+> | Microsoft.DataMigration/services/stop/action | Stop the Azure Database Migration Service to minimize its cost |
+> | Microsoft.DataMigration/services/start/action | Start the Azure Database Migration Service to allow it to process migrations again |
+> | Microsoft.DataMigration/services/checkStatus/action | Check whether the service is deployed and running |
+> | Microsoft.DataMigration/services/configureWorker/action | Configures an Azure Database Migration Service worker to the Service's availiable workers |
+> | Microsoft.DataMigration/services/addWorker/action | Adds an Azure Database Migration Service worker to the Service's availiable workers |
+> | Microsoft.DataMigration/services/removeWorker/action | Removes an Azure Database Migration Service worker to the Service's availiable workers |
+> | Microsoft.DataMigration/services/updateAgentConfig/action | Updates Azure Database Migration Service agent configuration with provided values. |
+> | Microsoft.DataMigration/services/getHybridDownloadLink/action | Gets an Azure Database Migration Service worker package download link from RP Blob Storage. |
+> | Microsoft.DataMigration/services/projects/read | Read information about resources |
+> | Microsoft.DataMigration/services/projects/write | Run tasks Azure Database Migration Service tasks |
+> | Microsoft.DataMigration/services/projects/delete | Deletes a resource and all of its children |
+> | Microsoft.DataMigration/services/projects/accessArtifacts/action | Generate a URL that can be used to GET or PUT project artifacts |
+> | Microsoft.DataMigration/services/projects/tasks/read | Read information about resources |
+> | Microsoft.DataMigration/services/projects/tasks/write | Run tasks Azure Database Migration Service tasks |
+> | Microsoft.DataMigration/services/projects/tasks/delete | Deletes a resource and all of its children |
+> | Microsoft.DataMigration/services/projects/tasks/cancel/action | Cancel the task if it's currently running |
+> | Microsoft.DataMigration/services/serviceTasks/read | Read information about resources |
+> | Microsoft.DataMigration/services/serviceTasks/write | Run tasks Azure Database Migration Service tasks |
+> | Microsoft.DataMigration/services/serviceTasks/delete | Deletes a resource and all of its children |
+> | Microsoft.DataMigration/services/serviceTasks/cancel/action | Cancel the task if it's currently running |
+> | Microsoft.DataMigration/services/slots/read | Read information about resources |
+> | Microsoft.DataMigration/services/slots/write | Create or update resources and their properties |
+> | Microsoft.DataMigration/services/slots/delete | Deletes a resource and all of its children |
+> | Microsoft.DataMigration/skus/read | Get a list of SKUs supported by Azure Database Migration Service resources. |
+> | Microsoft.DataMigration/sqlMigrationServices/write | Create a new or change properties of existing Service |
+> | Microsoft.DataMigration/sqlMigrationServices/delete | Delete existing Service |
+> | Microsoft.DataMigration/sqlMigrationServices/read | Retrieve details of Migration Service |
+> | Microsoft.DataMigration/sqlMigrationServices/read | Retrieve details of Migration Services in a Resource Group |
+> | Microsoft.DataMigration/sqlMigrationServices/listAuthKeys/action | Retrieve the List of Authentication Keys |
+> | Microsoft.DataMigration/sqlMigrationServices/regenerateAuthKeys/action | Regenerate the Authentication Keys |
+> | Microsoft.DataMigration/sqlMigrationServices/deleteNode/action | |
+> | Microsoft.DataMigration/sqlMigrationServices/listMonitoringData/action | Retrieve the Monitoring Data |
+> | Microsoft.DataMigration/sqlMigrationServices/validateIR/action | |
+> | Microsoft.DataMigration/sqlMigrationServices/read | Retrieve all services in the Subscription |
+> | Microsoft.DataMigration/sqlMigrationServices/listMigrations/read | |
+> | Microsoft.DataMigration/sqlMigrationServices/MonitoringData/read | Retrieve the Monitoring Data |
+> | Microsoft.DataMigration/sqlMigrationServices/tasks/write | Create or Update Migration Service task |
+> | Microsoft.DataMigration/sqlMigrationServices/tasks/delete | |
+> | Microsoft.DataMigration/sqlMigrationServices/tasks/read | Get Migration Service task details |
+ ## Microsoft.Migrate
+Easily discover, assess, right-size, and migrate your on-premises VMs to Azure.
+ Azure service: [Azure Migrate](/azure/migrate/migrate-services-overview) > [!div class="mx-tableFixed"]
role-based-access-control Mixed Reality https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/mixed-reality.md
This article lists the permissions for the Azure resource providers in the Mixed
## Microsoft.MixedReality
+Blend your physical and digital worlds to create immersive, collaborative experiences.
+ Azure service: [Azure Spatial Anchors](/azure/spatial-anchors/) > [!div class="mx-tableFixed"]
role-based-access-control Monitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/monitor.md
This article lists the permissions for the Azure resource providers in the Monit
## Microsoft.AlertsManagement
+Analyze all of the alerts in your Log Analytics repository.
+ Azure service: [Azure Monitor](/azure/azure-monitor/) > [!div class="mx-tableFixed"]
Azure service: [Azure Managed Grafana](/azure/managed-grafana/)
## Microsoft.Insights
+Full observability into your applications, infrastructure, and network.
+ Azure service: [Azure Monitor](/azure/azure-monitor/) > [!div class="mx-tableFixed"]
Azure service: [Azure Monitor](/azure/azure-monitor/)
## Microsoft.OperationsManagement
+A simplified management solution for any enterprise.
+ Azure service: [Azure Monitor](/azure/azure-monitor/) > [!div class="mx-tableFixed"]
role-based-access-control Networking https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/networking.md
This article lists the permissions for the Azure resource providers in the Netwo
## Microsoft.Cdn
+Ensure secure, reliable content delivery with broad global reach.
+ Azure service: [Content Delivery Network](/azure/cdn/) > [!div class="mx-tableFixed"]
Azure service: Classic deployment model virtual network
## Microsoft.MobileNetwork
-Azure service: [Mobile networks](/azure/private-5g-core/)
+Azure service: [Azure Private 5G Core](/azure/private-5g-core/)
> [!div class="mx-tableFixed"] > | Action | Description |
Azure service: [Mobile networks](/azure/private-5g-core/)
## Microsoft.Network
-Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastion](/azure/bastion/), [Azure DDoS Protection](/azure/ddos-protection/ddos-protection-overview), [Azure DNS](/azure/dns/), [Azure ExpressRoute](/azure/expressroute/), [Azure Firewall](/azure/firewall/), [Azure Front Door Service](/azure/frontdoor/), [Azure Private Link](/azure/private-link/), [Load Balancer](/azure/load-balancer/), [Network Watcher](/azure/network-watcher/), [Traffic Manager](/azure/traffic-manager/), [Virtual Network](/azure/virtual-network/), [Virtual WAN](/azure/virtual-wan/), [VPN Gateway](/azure/vpn-gateway/)
+Connect cloud and on-premises infrastructure and services to provide your customers and users the best possible experience.
+
+Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastion](/azure/bastion/), [Azure DDoS Protection](/azure/ddos-protection/ddos-protection-overview), [Azure DNS](/azure/dns/), [Azure ExpressRoute](/azure/expressroute/), [Azure Firewall](/azure/firewall/), [Azure Front Door Service](/azure/frontdoor/), [Azure Private Link](/azure/private-link/), [Azure Route Server](/azure/route-server/), [Load Balancer](/azure/load-balancer/), [Network Watcher](/azure/network-watcher/), [Traffic Manager](/azure/traffic-manager/), [Virtual Network](/azure/virtual-network/), [Virtual Network NAT](/azure/nat-gateway/nat-overview), [Virtual Network Manager](/azure/virtual-network-manager/overview), [Virtual WAN](/azure/virtual-wan/), [VPN Gateway](/azure/vpn-gateway/)
> [!div class="mx-tableFixed"] > | Action | Description |
role-based-access-control Security https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/security.md
Azure service: [App Compliance Automation Tool for Microsoft 365](/microsoft-365
> | Microsoft.AppComplianceAutomation/reports/webhooks/delete | Delete an AppComplianceAutomation webhook. | > | Microsoft.AppComplianceAutomation/reports/webhooks/write | Update an exiting AppComplianceAutomation webhook. |
+## Microsoft.DataProtection
+
+Azure service: Data Protection
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | | |
+> | Microsoft.DataProtection/register/action | Registers subscription for given Resource Provider |
+> | Microsoft.DataProtection/unregister/action | Unregisters subscription for given Resource Provider |
+> | Microsoft.DataProtection/backupVaults/write | Create BackupVault operation creates an Azure resource of type 'Backup Vault' |
+> | Microsoft.DataProtection/backupVaults/write | Update BackupVault operation updates an Azure resource of type 'Backup Vault' |
+> | Microsoft.DataProtection/backupVaults/read | The Get Backup Vault operation gets an object representing the Azure resource of type 'Backup Vault' |
+> | Microsoft.DataProtection/backupVaults/read | Gets list of Backup Vaults in a Subscription |
+> | Microsoft.DataProtection/backupVaults/read | Gets list of Backup Vaults in a Resource Group |
+> | Microsoft.DataProtection/backupVaults/delete | The Delete Vault operation deletes the specified Azure resource of type 'Backup Vault' |
+> | Microsoft.DataProtection/backupVaults/validateForBackup/action | Validates for backup of Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/write | Creates a Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/validateForModifyBackup/action | Validates for modification of Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/delete | Deletes the Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/read | Returns details of the Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/read | Returns all Backup Instances |
+> | Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Performs Backup on the Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/sync/action | Sync operation retries last failed operation on backup instance to bring it to a valid state. |
+> | Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Triggers restore on the Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Validates for Restore of the Backup Instance |
+> | Microsoft.DataProtection/backupVaults/backupInstances/stopProtection/action | Stop Protection operation stops both backup and retention schedules of backup instance. Existing data will be retained forever. |
+> | Microsoft.DataProtection/backupVaults/backupInstances/suspendBackups/action | Suspend Backups operation stops only backups of backup instance. Retention activities will continue and hence data will be ratained as per policy. |
+> | Microsoft.DataProtection/backupVaults/backupInstances/resumeProtection/action | Resume protection of a ProtectionStopped BI. |
+> | Microsoft.DataProtection/backupVaults/backupInstances/resumeBackups/action | Resume Backups for a BackupsSuspended BI. |
+> | Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |
+> | Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Returns Backup Operation Result for Backup Vault. |
+> | Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returns details of the Recovery Point |
+> | Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |
+> | Microsoft.DataProtection/backupVaults/backupJobs/read | Get Jobs list |
+> | Microsoft.DataProtection/backupVaults/backupJobs/enableProgress/action | Get Job details |
+> | Microsoft.DataProtection/backupVaults/backupPolicies/write | Creates Backup Policy |
+> | Microsoft.DataProtection/backupVaults/backupPolicies/delete | Deletes the Backup Policy |
+> | Microsoft.DataProtection/backupVaults/backupPolicies/read | Returns details of the Backup Policy |
+> | Microsoft.DataProtection/backupVaults/backupPolicies/read | Returns all Backup Policies |
+> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Get the list of ResourceGuard proxies for a resource |
+> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy' |
+> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' |
+> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' |
+> | Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation |
+> | Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action | Perform undelete of soft-deleted Backup Instance. Backup Instance moves from SoftDeleted to ProtectionStopped state. |
+> | Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Get soft-deleted Backup Instance in a Backup Vault by name |
+> | Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. |
+> | Microsoft.DataProtection/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault |
+> | Microsoft.DataProtection/backupVaults/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | Microsoft.DataProtection/locations/checkNameAvailability/action | Checks if the requested BackupVault Name is Available |
+> | Microsoft.DataProtection/locations/getBackupStatus/action | Check Backup Status for Recovery Services Vaults |
+> | Microsoft.DataProtection/locations/checkFeatureSupport/action | Validates if a feature is supported |
+> | Microsoft.DataProtection/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. |
+> | Microsoft.DataProtection/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | Microsoft.DataProtection/operations/read | Operation returns the list of Operations for a Resource Provider |
+> | Microsoft.DataProtection/subscriptions/providers/resourceGuards/read | Gets list of ResourceGuards in a Subscription |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Triggers cross region restore operation on given backup instance. |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Performs validations for cross region restore operation. |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | List cross region restore jobs of backup instance from secondary region. |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read | Returns Backup Operation Status for Backup Vault. |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write | Create ResourceGuard operation creates an Azure resource of type 'ResourceGuard' |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read | The Get ResourceGuard operation gets an object representing the Azure resource of type 'ResourceGuard' |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete | The Delete ResourceGuard operation deletes the specified Azure resource of type 'ResourceGuard' |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read | Gets list of ResourceGuards in a Resource Group |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write | Update ResouceGuard operation updates an Azure resource of type 'ResourceGuard' |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | Gets ResourceGuard operation request info |
+> | Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | Gets ResourceGuard default operation request info |
+ ## Microsoft.KeyVault
+Safeguard and maintain control of keys and other secrets.
+ Azure service: [Key Vault](/azure/key-vault/) > [!div class="mx-tableFixed"]
Azure service: [Key Vault](/azure/key-vault/)
## Microsoft.Security
+Protect your enterprise from advanced threats across hybrid cloud workloads.
+ Azure service: [Security Center](/azure/security-center/) > [!div class="mx-tableFixed"]
role-based-access-control Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/storage.md
Azure service: Classic deployment model storage
> | Microsoft.ClassicStorage/storageAccounts/vmImages/operationstatuses/read | Gets a given virtual machine image operation status. | > | Microsoft.ClassicStorage/vmImages/read | Lists virtual machine images. |
-## Microsoft.DataBox
-
-Azure service: [Azure Data Box](/azure/databox/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.DataBox/register/action | Register Provider Microsoft.Databox |
-> | Microsoft.DataBox/unregister/action | Un-Register Provider Microsoft.Databox |
-> | Microsoft.DataBox/jobs/cancel/action | Cancels an order in progress. |
-> | Microsoft.DataBox/jobs/bookShipmentPickUp/action | Allows to book a pick up for return shipments. |
-> | Microsoft.DataBox/jobs/mitigate/action | This method helps in performing mitigation action on a job with a resolution code |
-> | Microsoft.DataBox/jobs/markDevicesShipped/action | |
-> | Microsoft.DataBox/jobs/read | List or get the Orders |
-> | Microsoft.DataBox/jobs/delete | Delete the Orders |
-> | Microsoft.DataBox/jobs/write | Create or update the Orders |
-> | Microsoft.DataBox/jobs/listCredentials/action | Lists the unencrypted credentials related to the order. |
-> | Microsoft.DataBox/jobs/eventGridFilters/write | Create or update the Event Grid Subscription Filter |
-> | Microsoft.DataBox/jobs/eventGridFilters/read | List or get the Event Grid Subscription Filter |
-> | Microsoft.DataBox/jobs/eventGridFilters/delete | Delete the Event Grid Subscription Filter |
-> | Microsoft.DataBox/locations/validateInputs/action | This method does all type of validations. |
-> | Microsoft.DataBox/locations/validateAddress/action | Validates the shipping address and provides alternate addresses if any. |
-> | Microsoft.DataBox/locations/availableSkus/action | This method returns the list of available skus. |
-> | Microsoft.DataBox/locations/regionConfiguration/action | This method returns the configurations for the region. |
-> | Microsoft.DataBox/locations/availableSkus/read | List or get the Available Skus |
-> | Microsoft.DataBox/locations/operationResults/read | List or get the Operation Results |
-> | Microsoft.DataBox/operations/read | List or get the Operations |
-> | Microsoft.DataBox/subscriptions/resourceGroups/moveResources/action | This method performs the resource move. |
-> | Microsoft.DataBox/subscriptions/resourceGroups/validateMoveResources/action | This method validates whether resource move is allowed or not. |
- ## Microsoft.DataShare
+A simple and safe service for sharing big data with external organizations.
+ Azure service: [Azure Data Share](/azure/data-share/) > [!div class="mx-tableFixed"]
Azure service: [Azure Elastic SAN](/azure/storage/elastic-san/)
## Microsoft.NetApp
+Enterprise-grade Azure file shares, powered by NetApp.
+ Azure service: [Azure NetApp Files](/azure/azure-netapp-files/) > [!div class="mx-tableFixed"]
Azure service: [Azure NetApp Files](/azure/azure-netapp-files/)
## Microsoft.Storage
+Get secure, massively scalable cloud storage for your data, apps, and workloads.
+ Azure service: [Storage](/azure/storage/) > [!div class="mx-tableFixed"]
Azure service: [Storage](/azure/storage/)
## Microsoft.StorageCache
+File caching for high-performance computing (HPC).
+ Azure service: [Azure HPC Cache](/azure/hpc-cache/) > [!div class="mx-tableFixed"]
role-based-access-control Web And Mobile https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/web-and-mobile.md
This article lists the permissions for the Azure resource providers in the Web and Mobile category. You can use these permissions in your own [Azure custom roles](/azure/role-based-access-control/custom-roles) to provide granular access control to resources in Azure. Permission strings have the following format: `{Company}.{ProviderName}/{resourceType}/{action}`
-## Microsoft.AppPlatform
-
-Azure service: [Azure Spring Apps](/azure/spring-apps/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.AppPlatform/register/action | Register the subscription to the Microsoft.AppPlatform resource provider |
-> | Microsoft.AppPlatform/unregister/action | Unregister the subscription from the Microsoft.AppPlatform resource provider |
-> | Microsoft.AppPlatform/locations/checkNameAvailability/action | Check resource name availability |
-> | Microsoft.AppPlatform/locations/operationResults/Spring/read | Read resource operation result |
-> | Microsoft.AppPlatform/locations/operationStatus/operationId/read | Read resource operation status |
-> | Microsoft.AppPlatform/operations/read | List available operations of Microsoft Azure Spring Apps |
-> | Microsoft.AppPlatform/runtimeVersions/read | Get runtime versions of Microsoft Azure Spring Apps |
-> | Microsoft.AppPlatform/skus/read | List available skus of Microsoft Azure Spring Apps |
-> | Microsoft.AppPlatform/Spring/write | Create or Update a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/delete | Delete a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/read | Get Azure Spring Apps service instance(s) |
-> | Microsoft.AppPlatform/Spring/listTestKeys/action | List test keys for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/regenerateTestKey/action | Regenerate test key for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/disableTestEndpoint/action | Disable test endpoint functionality for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/enableTestEndpoint/action | Enable test endpoint functionality for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/stop/action | Stop a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/start/action | Start a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configServers/action | Validate the config server settings for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/enableApmGlobally/action | Enable APM globally for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/disableApmGlobally/action | Disable APM globally for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/listGloballyEnabledApms/action | List globally enabled APMs for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apiPortals/read | Get the API portal for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apiPortals/write | Create or update the API portal for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apiPortals/delete | Delete the API portal for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apiPortals/validateDomain/action | Validate the API portal domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apiPortals/domains/read | Get the API portal domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apiPortals/domains/write | Create or update the API portal domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apiPortals/domains/delete | Delete the API portal domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apms/read | Get the APM for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apms/write | Create or update the APM for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apms/delete | Delete the APM for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apms/listSecretKeys/action | List the secret keys for a specific Azure Spring Apps service instance APM |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/read | Get the Application Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/write | Create or update Application Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/delete | Delete Application Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/read | Get the Customized Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/write | Create or update Customized Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/delete | Delete Customized Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators/validate/action | Validate Customized Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/predefinedAccelerators/read | Get the Predefined Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/predefinedAccelerators/disable/action | Disable Predefined Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationAccelerators/predefinedAccelerators/enable/action | Enable Predefined Accelerator for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationLiveViews/read | Get the Application Live View for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationLiveViews/write | Create or update Application Live View for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/applicationLiveViews/delete | Delete Application Live View for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apps/write | Create or update the application for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apps/delete | Delete the application for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apps/read | Get the applications for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action | Get the resource upload URL of a specific Microsoft Azure Spring Apps application |
-> | Microsoft.AppPlatform/Spring/apps/validateDomain/action | Validate the custom domain for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/setActiveDeployments/action | Set active deployments for a specific Microsoft Azure Spring Apps application |
-> | Microsoft.AppPlatform/Spring/apps/validate/action | Validate the container registry for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apps/bindings/write | Create or update the binding for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/bindings/delete | Delete the binding for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/bindings/read | Get the bindings for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/connectorProps/read | Get the service connectors for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/connectorProps/write | Create or update the service connector for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/connectorProps/delete | Delete the service connector for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/write | Create or update the deployment for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/delete | Delete the deployment for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/read | Get the deployments for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/start/action | Start the deployment for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/stop/action | Stop the deployment for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/restart/action | Restart the deployment for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action | Get the log file URL of a specific Microsoft Azure Spring Apps application deployment |
-> | Microsoft.AppPlatform/Spring/apps/deployments/generateHeapDump/action | Generate heap dump for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/generateThreadDump/action | Generate thread dump for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/startJFR/action | Start JFR for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/enableRemoteDebugging/action | Enable remote debugging for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/disableRemoteDebugging/action | Disable remote debugging for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/getRemoteDebuggingConfig/action | Get remote debugging configuration for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/connectorProps/read | Get the service connectors for a specific deployment |
-> | Microsoft.AppPlatform/Spring/apps/deployments/connectorProps/write | Create or update the service connector for a specific deployment |
-> | Microsoft.AppPlatform/Spring/apps/deployments/connectorProps/delete | Delete the service connector for a specific deployment |
-> | Microsoft.AppPlatform/Spring/apps/deployments/operationResults/read | Read resource operation result |
-> | Microsoft.AppPlatform/Spring/apps/deployments/operationStatuses/read | Read resource operation Status |
-> | Microsoft.AppPlatform/Spring/apps/deployments/skus/read | List available skus of an application deployment |
-> | Microsoft.AppPlatform/Spring/apps/domains/write | Create or update the custom domain for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/domains/delete | Delete the custom domain for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/domains/read | Get the custom domains for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/operationResults/read | Read resource operation result |
-> | Microsoft.AppPlatform/Spring/apps/operationStatuses/read | Read resource operation Status |
-> | Microsoft.AppPlatform/Spring/buildpackBindings/read | Get the BuildpackBinding for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/read | Get the Build Services for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/getResourceUploadUrl/action | Get the Upload URL of a specific Microsoft Azure Spring Apps build |
-> | Microsoft.AppPlatform/Spring/buildServices/write | Create or Update the Build Services for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/agentPools/read | Get the Agent Pools for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/agentPools/write | Create or update the Agent Pools for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builders/read | Get the Builders for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builders/write | Create or update the Builders for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builders/delete | Delete the Builders for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builders/listUsingDeployments/action | List deployments using the Builders for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/read | Get the BuildpackBinding for a specific Azure Spring Apps service instance Builder |
-> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/write | Create or update the BuildpackBinding for a specific Azure Spring Apps service instance Builder |
-> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/delete | Delete the BuildpackBinding for a specific Azure Spring Apps service instance Builder |
-> | Microsoft.AppPlatform/Spring/buildServices/builds/read | Get the Builds for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builds/write | Create or update the Builds for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builds/delete | Delete the Builds for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builds/results/read | Get the Build Results for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/builds/results/getLogFileUrl/action | Get the Log File URL of a specific Microsoft Azure Spring Apps build result |
-> | Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks/read | Get the Supported Buildpacks for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/buildServices/supportedStacks/read | Get the Supported Stacks for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/certificates/write | Create or update the certificate for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/certificates/delete | Delete the certificate for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/certificates/read | Get the certificates for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configServers/read | Get the config server for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configServers/write | Create or update the config server for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configServers/operationResults/read | Read resource operation result |
-> | Microsoft.AppPlatform/Spring/configServers/operationStatuses/read | Read resource operation Status |
-> | Microsoft.AppPlatform/Spring/configurationServices/read | Get the Application Configuration Services for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configurationServices/write | Create or update the Application Configuration Service for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configurationServices/delete | Delete the Application Configuration Service for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configurationServices/validate/action | Validate the settings for a specific Application Configuration Service |
-> | Microsoft.AppPlatform/Spring/configurationServices/validateResource/action | Validate the resource for a specific Application Configuration Service |
-> | Microsoft.AppPlatform/Spring/containerRegistries/read | Get the container registry for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/containerRegistries/write | Create or update the container registry for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/containerRegistries/delete | Delete the container registry for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/deployments/read | Get the deployments for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/detectors/read | Get the detectors for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/devToolPortals/read | Get the Dev Tool Portal for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/devToolPortals/write | Create or update Dev Tool Portal for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/devToolPortals/delete | Delete Dev Tool Portal for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/read | Get the Spring Cloud Gateways for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/write | Create or update the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/delete | Delete the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/validateDomain/action | Validate the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/listEnvSecrets/action | List environment variables secret of the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/restart/action | Restart the Spring Cloud Gateway for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/domains/read | Get the Spring Cloud Gateways domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/domains/write | Create or update the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/domains/delete | Delete the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/read | Get the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/write | Create or update the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/delete | Delete the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/monitoringSettings/read | Get the monitoring setting for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/monitoringSettings/write | Create or update the monitoring setting for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/operationResults/read | Read resource operation result |
-> | Microsoft.AppPlatform/Spring/operationStatuses/read | Read resource operation Status |
-> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/logDefinitions/read | Get definitions of logs from Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/metricDefinitions/read | Get definitions of metrics from Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/serviceRegistries/read | Get the Service Registrys for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/serviceRegistries/write | Create or update the Service Registry for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/serviceRegistries/delete | Delete the Service Registry for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/storages/write | Create or update the storage for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/storages/delete | Delete the storage for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/storages/read | Get storage for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/supportedApmTypes/read | List the supported APM types for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/supportedServerVersions/read | List the supported server versions for a specific Azure Spring Apps service instance |
-> | **DataAction** | **Description** |
-> | Microsoft.AppPlatform/Spring/ApplicationConfigurationService/logstream/action | Read the streaming log of all subcomponents in Application Configuration Service from a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/apps/deployments/remotedebugging/action | Remote debugging app instance for a specific application |
-> | Microsoft.AppPlatform/Spring/apps/deployments/connect/action | Connect to an instance for a specific application |
-> | Microsoft.AppPlatform/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configService/write | Write config server content for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/configService/delete | Delete config server content for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/eurekaService/write | Write the user app(s) registration information for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/eurekaService/delete | Delete the user app registration information for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/logstreamService/read | Read the streaming log of user app for a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/managedComponents/logstream/action | Read the streaming log of all managed components (e.g. Application Configuration Service, Spring Cloud Gateway) from a specific Azure Spring Apps service instance |
-> | Microsoft.AppPlatform/Spring/SpringCloudGateway/logstream/action | Read the streaming log of Spring Cloud Gateway from a specific Azure Spring Apps service instance |
- ## Microsoft.CertificateRegistration
+Allow an application to use its own credentials for authentication.
+ Azure service: [App Service Certificates](/azure/app-service/configure-ssl-certificate#buy-and-import-app-service-certificate) > [!div class="mx-tableFixed"]
Azure service: [App Service Certificates](/azure/app-service/configure-ssl-certi
> | Microsoft.CertificateRegistration/certificateOrders/certificates/Read | Get the list of certificates | > | Microsoft.CertificateRegistration/operations/Read | List all operations from app service certificate registration |
-## Microsoft.Communication
-
-Azure service: [Azure Communication Services](/azure/communication-services/overview)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Communication/Register/Action | Registers Microsoft.Communication resource provider |
-> | Microsoft.Communication/Unregister/Action | Unregisters Microsoft.Communication resource provider |
-> | Microsoft.Communication/CheckNameAvailability/action | Checks if a name is available |
-> | Microsoft.Communication/CommunicationServices/Read | Reads communication services |
-> | Microsoft.Communication/CommunicationServices/Write | Writes communication services |
-> | Microsoft.Communication/CommunicationServices/Delete | Deletes communication services |
-> | Microsoft.Communication/CommunicationServices/ListKeys/action | Reads the keys for a communication service |
-> | Microsoft.Communication/CommunicationServices/RegenerateKey/action | Regenerates the primary or secondary key for a communication service |
-> | Microsoft.Communication/CommunicationServices/LinkNotificationHub/action | Links an Azure Notification Hub to the communication service |
-> | Microsoft.Communication/CommunicationServices/EventGridFilters/Read | Reads EventGrid filters on communication services |
-> | Microsoft.Communication/CommunicationServices/EventGridFilters/Write | Writes EventGrid filters on communication services |
-> | Microsoft.Communication/CommunicationServices/EventGridFilters/Delete | Removes an EventGrid filter on communication services |
-> | Microsoft.Communication/EmailServices/read | Get the EmailService and its properties. |
-> | Microsoft.Communication/EmailServices/write | Get the EmailService and its properties. |
-> | Microsoft.Communication/EmailServices/delete | Operation to delete a EmailService. |
-> | Microsoft.Communication/EmailServices/verifiedExchangeOnlineDomains/action | List Verified Domains from the exchange online tenant. |
-> | Microsoft.Communication/EmailServices/Domains/read | Get the email Domain and its properties. |
-> | Microsoft.Communication/EmailServices/Domains/write | Add a new Domain under the parent EmailService resource or update an existing Domain resource. |
-> | Microsoft.Communication/EmailServices/Domains/delete | Operation to delete a Domain resource. |
-> | Microsoft.Communication/EmailServices/Domains/InitiateVerification/action | Initiate verification of Dns record. |
-> | Microsoft.Communication/EmailServices/Domains/CancelVerification/action | Cancel verification of Dns record. |
-> | Microsoft.Communication/EmailServices/Domains/RevokeVerification/action | Revoke existing verified status of a Dns record. |
-> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/read | List all valid sender usernames for a domains resource. |
-> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/read | Get the email SenderUsername and its properties. |
-> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/write | Add a new SenderUsername under the parent Domain resource or update an existing SenderUsername resource. |
-> | Microsoft.Communication/EmailServices/Domains/SenderUsernames/delete | Operation to delete a SenderUsername resource. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/read | List all suppression lists for a domains resource. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/read | Get the suppression list and its properties. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/write | Add a new suppression list under the parent Domain resource or update an existing suppression list. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/delete | Operation to delete a suppressio lists. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/read | Get all the addresses in a suppression list. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/read | Get all the addresses in a suppression list. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/write | Add a new suppression list under the parent Domain resource or update an existing suppression list. |
-> | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/delete | Operation to delete an address from a suppression list. |
-> | Microsoft.Communication/Locations/OperationStatuses/read | Reads the status of an async operation |
-> | Microsoft.Communication/Locations/OperationStatuses/write | Writes the status of an async operation |
-> | Microsoft.Communication/Operations/read | Reads operations |
-> | Microsoft.Communication/RegisteredSubscriptions/read | Reads registered subscriptions |
- ## Microsoft.DomainRegistration Azure service: [App Service](/azure/app-service/)
Azure service: [App Service](/azure/app-service/)
## Microsoft.Maps
+Simple and secure location APIs provide geospatial context to data.
+ Azure service: [Azure Maps](/azure/azure-maps/) > [!div class="mx-tableFixed"]
Azure service: [Azure Maps](/azure/azure-maps/)
## Microsoft.Media
+Encode, store, and stream video and audio at scale.
+ Azure service: [Media Services](/azure/media-services/) > [!div class="mx-tableFixed"]
Azure service: [Media Services](/azure/media-services/)
> | Microsoft.Media/videoAnalyzers/videos/listStreamingToken/action | Generates a streaming token which can be used for video playback | > | Microsoft.Media/videoAnalyzers/videos/listContentToken/action | Generates a content token which can be used for video playback |
-## Microsoft.Search
-
-Azure service: [Azure Search](/azure/search/)
-
-> [!div class="mx-tableFixed"]
-> | Action | Description |
-> | | |
-> | Microsoft.Search/register/action | Registers the subscription for the search resource provider and enables the creation of search services. |
-> | Microsoft.Search/checkNameAvailability/action | Checks availability of the service name. |
-> | Microsoft.Search/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/write | Check if the configuration of the Network Security Perimeter needs updating. |
-> | Microsoft.Search/operations/read | Lists all of the available operations of the Microsoft.Search provider. |
-> | Microsoft.Search/searchServices/write | Creates or updates the search service. |
-> | Microsoft.Search/searchServices/read | Reads the search service. |
-> | Microsoft.Search/searchServices/delete | Deletes the search service. |
-> | Microsoft.Search/searchServices/start/action | Starts the search service. |
-> | Microsoft.Search/searchServices/stop/action | Stops the search service. |
-> | Microsoft.Search/searchServices/listAdminKeys/action | Reads the admin keys. |
-> | Microsoft.Search/searchServices/regenerateAdminKey/action | Regenerates the admin key. |
-> | Microsoft.Search/searchServices/listQueryKeys/action | Returns the list of query API keys for the given Azure Search service. |
-> | Microsoft.Search/searchServices/createQueryKey/action | Creates the query key. |
-> | Microsoft.Search/searchServices/privateEndpointConnectionsApproval/action | Approve Private Endpoint Connection |
-> | Microsoft.Search/searchServices/dataSources/read | Return a data source or a list of data sources. |
-> | Microsoft.Search/searchServices/dataSources/write | Create a data source or modify its properties. |
-> | Microsoft.Search/searchServices/dataSources/delete | Delete a data source. |
-> | Microsoft.Search/searchServices/debugSessions/read | Return a debug session or a list of debug sessions. |
-> | Microsoft.Search/searchServices/debugSessions/write | Create a debug session or modify its properties. |
-> | Microsoft.Search/searchServices/debugSessions/delete | Delete a debug session. |
-> | Microsoft.Search/searchServices/debugSessions/execute/action | Use a debug session, get execution data, or evaluate expressions on it. |
-> | Microsoft.Search/searchServices/deleteQueryKey/delete | Deletes the query key. |
-> | Microsoft.Search/searchServices/diagnosticSettings/read | Gets the diganostic setting read for the resource |
-> | Microsoft.Search/searchServices/diagnosticSettings/write | Creates or updates the diganostic setting for the resource |
-> | Microsoft.Search/searchServices/indexers/read | Return an indexer or its status, or return a list of indexers or their statuses. |
-> | Microsoft.Search/searchServices/indexers/write | Create an indexer, modify its properties, or manage its execution. |
-> | Microsoft.Search/searchServices/indexers/delete | Delete an indexer. |
-> | Microsoft.Search/searchServices/indexes/read | Return an index or its statistics, return a list of indexes or their statistics, or test the lexical analysis components of an index. |
-> | Microsoft.Search/searchServices/indexes/write | Create an index or modify its properties. |
-> | Microsoft.Search/searchServices/indexes/delete | Delete an index. |
-> | Microsoft.Search/searchServices/logDefinitions/read | Gets the available logs for the search service |
-> | Microsoft.Search/searchServices/metricDefinitions/read | Gets the available metrics for the search service |
-> | Microsoft.Search/searchServices/networkSecurityPerimeterAssociationProxies/delete | Delete an association proxy to a Network Security Perimeter resource of Microsoft.Network provider. |
-> | Microsoft.Search/searchServices/networkSecurityPerimeterAssociationProxies/read | Delete an association proxy to a Network Security Perimeter resource of Microsoft.Network provider. |
-> | Microsoft.Search/searchServices/networkSecurityPerimeterAssociationProxies/write | Change the state of an association to a Network Security Perimeter resource of Microsoft.Network provider |
-> | Microsoft.Search/searchServices/networkSecurityPerimeterConfigurations/read | Read the Network Security Perimeter configuration. |
-> | Microsoft.Search/searchServices/networkSecurityPerimeterConfigurations/reconcile/action | Reconcile the Network Security Perimeter configuration with NRP's (Microsoft.Network Resource Provider) copy. |
-> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/validate/action | Validates a private endpoint connection create call from NRP side |
-> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/write | Creates a private endpoint connection proxy with the specified parameters or updates the properties or tags for the specified private endpoint connection proxy |
-> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/read | Returns the list of private endpoint connection proxies or gets the properties for the specified private endpoint connection proxy |
-> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/delete | Deletes an existing private endpoint connection proxy |
-> | Microsoft.Search/searchServices/privateEndpointConnections/write | Creates a private endpoint connections with the specified parameters or updates the properties or tags for the specified private endpoint connections |
-> | Microsoft.Search/searchServices/privateEndpointConnections/read | Returns the list of private endpoint connections or gets the properties for the specified private endpoint connections |
-> | Microsoft.Search/searchServices/privateEndpointConnections/delete | Deletes an existing private endpoint connections |
-> | Microsoft.Search/searchServices/sharedPrivateLinkResources/write | Creates a new shared private link resource with the specified parameters or updates the properties for the specified shared private link resource |
-> | Microsoft.Search/searchServices/sharedPrivateLinkResources/read | Returns the list of shared private link resources or gets the properties for the specified shared private link resource |
-> | Microsoft.Search/searchServices/sharedPrivateLinkResources/delete | Deletes an existing shared private link resource |
-> | Microsoft.Search/searchServices/sharedPrivateLinkResources/operationStatuses/read | Get the details of a long running shared private link resource operation |
-> | Microsoft.Search/searchServices/skillsets/read | Return a skillset or a list of skillsets. |
-> | Microsoft.Search/searchServices/skillsets/write | Create a skillset or modify its properties. |
-> | Microsoft.Search/searchServices/skillsets/delete | Delete a skillset. |
-> | Microsoft.Search/searchServices/synonymMaps/read | Return a synonym map or a list of synonym maps. |
-> | Microsoft.Search/searchServices/synonymMaps/write | Create a synonym map or modify its properties. |
-> | Microsoft.Search/searchServices/synonymMaps/delete | Delete a synonym map. |
-> | **DataAction** | **Description** |
-> | Microsoft.Search/searchServices/indexes/documents/read | Read documents or suggested query terms from an index. |
-> | Microsoft.Search/searchServices/indexes/documents/write | Upload documents to an index or modify existing documents. |
-> | Microsoft.Search/searchServices/indexes/documents/delete | Delete documents from an index. |
- ## Microsoft.SignalRService
+Add real-time web functionalities easily.
+ Azure service: [Azure SignalR Service](/azure/azure-signalr/) > [!div class="mx-tableFixed"]
Azure service: [Azure SignalR Service](/azure/azure-signalr/)
## microsoft.web
+Quickly create and deploy mission critical web apps at scale.
+ Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azure-functions/) > [!div class="mx-tableFixed"]
role-based-access-control Resource Provider Operations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/resource-provider-operations.md
This article lists the permissions for Azure resource providers, which are used
Click the resource provider name in the following list to see the list of permissions.
-<a name='microsoftresourcehealth'></a>
<a name='microsoftsupport'></a> ## General -- [Microsoft.Addons](./permissions/general.md#microsoftaddons)-- [Microsoft.Marketplace](./permissions/general.md#microsoftmarketplace)-- [Microsoft.MarketplaceOrdering](./permissions/general.md#microsoftmarketplaceordering)-- [Microsoft.Quota](./permissions/general.md#microsoftquota)-- [Microsoft.ResourceHealth](./permissions/general.md#microsoftresourcehealth)-- [Microsoft.Support](./permissions/general.md#microsoftsupport)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.Addons](./permissions/general.md#microsoftaddons) | | core |
+> | [Microsoft.Capacity](./permissions/general.md#microsoftcapacity) | | core |
+> | [Microsoft.Commerce](./permissions/general.md#microsoftcommerce) | | core |
+> | [Microsoft.Marketplace](./permissions/general.md#microsoftmarketplace) | | core |
+> | [Microsoft.MarketplaceOrdering](./permissions/general.md#microsoftmarketplaceordering) | | core |
+> | [Microsoft.Quota](./permissions/general.md#microsoftquota) | | [Azure Quotas](/azure/quotas/quotas-overview) |
+> | [Microsoft.Subscription](./permissions/general.md#microsoftsubscription) | | core |
+> | [Microsoft.Support](./permissions/general.md#microsoftsupport) | | core |
## Compute -- [microsoft.app](./permissions/compute.md#microsoftapp)-- [Microsoft.ClassicCompute](./permissions/compute.md#microsoftclassiccompute)-- [Microsoft.Compute](./permissions/compute.md#microsoftcompute)-- [Microsoft.DesktopVirtualization](./permissions/compute.md#microsoftdesktopvirtualization)-- [Microsoft.ServiceFabric](./permissions/compute.md#microsoftservicefabric)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [microsoft.app](./permissions/compute.md#microsoftapp) | | [Azure Container Apps](/azure/container-apps/) |
+> | [Microsoft.AppPlatform](./permissions/compute.md#microsoftappplatform) | A fully managed Spring Cloud service, built and operated with Pivotal. | [Azure Spring Apps](/azure/spring-apps/) |
+> | [Microsoft.AVS](./permissions/compute.md#microsoftavs) | | [Azure VMware Solution](/azure/azure-vmware/introduction) |
+> | [Microsoft.Batch](./permissions/compute.md#microsoftbatch) | Cloud-scale job scheduling and compute management. | [Batch](/azure/batch/) |
+> | [Microsoft.ClassicCompute](./permissions/compute.md#microsoftclassiccompute) | | Classic deployment model virtual machine |
+> | [Microsoft.Compute](./permissions/compute.md#microsoftcompute) | Access cloud compute capacity and scale on demand (such as virtual machines) and only pay for the resources you use. | [Virtual Machines](/azure/virtual-machines/)<br/>[Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/) |
+> | [Microsoft.DesktopVirtualization](./permissions/compute.md#microsoftdesktopvirtualization) | The best virtual desktop experience, delivered on Azure. | [Azure Virtual Desktop](/azure/virtual-desktop/) |
+> | [Microsoft.ServiceFabric](./permissions/compute.md#microsoftservicefabric) | Develop microservices and orchestrate containers on Windows or Linux. | [Service Fabric](/azure/service-fabric/) |
<a name='microsoftnetwork'></a> ## Networking -- [Microsoft.Cdn](./permissions/networking.md#microsoftcdn)-- [Microsoft.ClassicNetwork](./permissions/networking.md#microsoftclassicnetwork)-- [Microsoft.MobileNetwork](./permissions/networking.md#microsoftmobilenetwork)-- [Microsoft.Network](./permissions/networking.md#microsoftnetwork)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.Cdn](./permissions/networking.md#microsoftcdn) | Ensure secure, reliable content delivery with broad global reach. | [Content Delivery Network](/azure/cdn/) |
+> | [Microsoft.ClassicNetwork](./permissions/networking.md#microsoftclassicnetwork) | | Classic deployment model virtual network |
+> | [Microsoft.MobileNetwork](./permissions/networking.md#microsoftmobilenetwork) | | [Azure Private 5G Core](/azure/private-5g-core/) |
+> | [Microsoft.Network](./permissions/networking.md#microsoftnetwork) | Connect cloud and on-premises infrastructure and services to provide your customers and users the best possible experience. | [Application Gateway](/azure/application-gateway/)<br />[Azure Bastion](/azure/bastion/)<br />[Azure DDoS Protection](/azure/ddos-protection/ddos-protection-overview)<br />[Azure DNS](/azure/dns/)<br />[Azure ExpressRoute](/azure/expressroute/)<br />[Azure Firewall](/azure/firewall/)<br />[Azure Front Door Service](/azure/frontdoor/)<br />[Azure Private Link](/azure/private-link/)<br />[Azure Route Server](/azure/route-server/)<br />[Load Balancer](/azure/load-balancer/)<br />[Network Watcher](/azure/network-watcher/)<br />[Traffic Manager](/azure/traffic-manager/)<br />[Virtual Network](/azure/virtual-network/)<br />[Virtual Network NAT](/azure/nat-gateway/nat-overview)<br />[Virtual Network Manager](/azure/virtual-network-manager/overview)<br />[Virtual WAN](/azure/virtual-wan/)<br />[VPN Gateway](/azure/vpn-gateway/) |
<a name='microsoftdatashare'></a> <a name='microsoftelasticsan'></a>
Click the resource provider name in the following list to see the list of permis
## Storage -- [Microsoft.ClassicStorage](./permissions/storage.md#microsoftclassicstorage)-- [Microsoft.DataBox](./permissions/storage.md#microsoftdatabox)-- [Microsoft.DataShare](./permissions/storage.md#microsoftdatashare)-- [Microsoft.ElasticSan](./permissions/storage.md#microsoftelasticsan)-- [Microsoft.NetApp](./permissions/storage.md#microsoftnetapp)-- [Microsoft.Storage](./permissions/storage.md#microsoftstorage)-- [Microsoft.StorageCache](./permissions/storage.md#microsoftstoragecache)-- [Microsoft.StorageSync](./permissions/storage.md#microsoftstoragesync)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.ClassicStorage](./permissions/storage.md#microsoftclassicstorage) | | Classic deployment model storage |
+> | [Microsoft.DataShare](./permissions/storage.md#microsoftdatashare) | A simple and safe service for sharing big data with external organizations. | [Azure Data Share](/azure/data-share/) |
+> | [Microsoft.ElasticSan](./permissions/storage.md#microsoftelasticsan) | | [Azure Elastic SAN](/azure/storage/elastic-san/) |
+> | [Microsoft.NetApp](./permissions/storage.md#microsoftnetapp) | Enterprise-grade Azure file shares, powered by NetApp. | [Azure NetApp Files](/azure/azure-netapp-files/) |
+> | [Microsoft.Storage](./permissions/storage.md#microsoftstorage) | Get secure, massively scalable cloud storage for your data, apps, and workloads. | [Storage](/azure/storage/) |
+> | [Microsoft.StorageCache](./permissions/storage.md#microsoftstoragecache) | File caching for high-performance computing (HPC). | [Azure HPC Cache](/azure/hpc-cache/) |
+> | [Microsoft.StorageSync](./permissions/storage.md#microsoftstoragesync) | | [Storage](/azure/storage/) |
-<a name='microsoftsearch'></a>
<a name='microsoftweb'></a> ## Web and Mobile -- [Microsoft.AppPlatform](./permissions/web-and-mobile.md#microsoftappplatform)-- [Microsoft.CertificateRegistration](./permissions/web-and-mobile.md#microsoftcertificateregistration)-- [Microsoft.Communication](./permissions/web-and-mobile.md#microsoftcommunication)-- [Microsoft.DomainRegistration](./permissions/web-and-mobile.md#microsoftdomainregistration)-- [Microsoft.Maps](./permissions/web-and-mobile.md#microsoftmaps)-- [Microsoft.Media](./permissions/web-and-mobile.md#microsoftmedia)-- [Microsoft.Search](./permissions/web-and-mobile.md#microsoftsearch)-- [Microsoft.SignalRService](./permissions/web-and-mobile.md#microsoftsignalrservice)-- [microsoft.web](./permissions/web-and-mobile.md#microsoftweb)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.CertificateRegistration](./permissions/web-and-mobile.md#microsoftcertificateregistration) | Allow an application to use its own credentials for authentication. | [App Service Certificates](/azure/app-service/configure-ssl-certificate#buy-and-import-app-service-certificate) |
+> | [Microsoft.DomainRegistration](./permissions/web-and-mobile.md#microsoftdomainregistration) | | [App Service](/azure/app-service/) |
+> | [Microsoft.Maps](./permissions/web-and-mobile.md#microsoftmaps) | Simple and secure location APIs provide geospatial context to data. | [Azure Maps](/azure/azure-maps/) |
+> | [Microsoft.Media](./permissions/web-and-mobile.md#microsoftmedia) | Encode, store, and stream video and audio at scale. | [Media Services](/azure/media-services/) |
+> | [Microsoft.SignalRService](./permissions/web-and-mobile.md#microsoftsignalrservice) | Add real-time web functionalities easily. | [Azure SignalR Service](/azure/azure-signalr/) |
+> | [microsoft.web](./permissions/web-and-mobile.md#microsoftweb) | Quickly create and deploy mission critical web apps at scale. | [App Service](/azure/app-service/)<br/>[Azure Functions](/azure/azure-functions/) |
<a name='microsoftcontainerinstance'></a> <a name='microsoftcontainerregistry'></a> <a name='microsoftcontainerservice'></a>
-<a name='microsoftkubernetes'></a>
## Containers -- [Microsoft.ContainerInstance](./permissions/containers.md#microsoftcontainerinstance)-- [Microsoft.ContainerRegistry](./permissions/containers.md#microsoftcontainerregistry)-- [Microsoft.ContainerService](./permissions/containers.md#microsoftcontainerservice)-- [Microsoft.Kubernetes](./permissions/containers.md#microsoftkubernetes)-- [Microsoft.KubernetesConfiguration](./permissions/containers.md#microsoftkubernetesconfiguration)-- [Microsoft.RedHatOpenShift](./permissions/containers.md#microsoftredhatopenshift)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.ContainerInstance](./permissions/containers.md#microsoftcontainerinstance) | Easily run containers on Azure without managing servers. | [Container Instances](/azure/container-instances/) |
+> | [Microsoft.ContainerRegistry](./permissions/containers.md#microsoftcontainerregistry) | Store and manage container images across all types of Azure deployments. | [Container Registry](/azure/container-registry/) |
+> | [Microsoft.ContainerService](./permissions/containers.md#microsoftcontainerservice) | Accelerate your containerized application development without compromising security. | [Azure Kubernetes Service (AKS)](/azure/aks/) |
+> | [Microsoft.RedHatOpenShift](./permissions/containers.md#microsoftredhatopenshift) | | [Azure Red Hat OpenShift](/azure/openshift/) |
-<a name='microsoftdatafactory'></a>
<a name='microsoftdocumentdb'></a> ## Databases -- [Microsoft.Cache](./permissions/databases.md#microsoftcache)-- [Microsoft.DataFactory](./permissions/databases.md#microsoftdatafactory)-- [Microsoft.DataMigration](./permissions/databases.md#microsoftdatamigration)-- [Microsoft.DBforMariaDB](./permissions/databases.md#microsoftdbformariadb)-- [Microsoft.DBforMySQL](./permissions/databases.md#microsoftdbformysql)-- [Microsoft.DBforPostgreSQL](./permissions/databases.md#microsoftdbforpostgresql)-- [Microsoft.DocumentDB](./permissions/databases.md#microsoftdocumentdb)-- [Microsoft.Sql](./permissions/databases.md#microsoftsql)-- [Microsoft.SqlVirtualMachine](./permissions/databases.md#microsoftsqlvirtualmachine)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.Cache](./permissions/databases.md#microsoftcache) | Power applications with high-throughput, low-latency data access. | [Azure Cache for Redis](/azure/azure-cache-for-redis/) |
+> | [Microsoft.DBforMariaDB](./permissions/databases.md#microsoftdbformariadb) | Managed MariaDB database service for app developers. | [Azure Database for MariaDB](/azure/mariadb/) |
+> | [Microsoft.DBforMySQL](./permissions/databases.md#microsoftdbformysql) | Managed MySQL database service for app developers. | [Azure Database for MySQL](/azure/mysql/) |
+> | [Microsoft.DBforPostgreSQL](./permissions/databases.md#microsoftdbforpostgresql) | Managed PostgreSQL database service for app developers. | [Azure Database for PostgreSQL](/azure/postgresql/) |
+> | [Microsoft.DocumentDB](./permissions/databases.md#microsoftdocumentdb) | A NoSQL document database-as-a-service. | [Azure Cosmos DB](/azure/cosmos-db/) |
+> | [Microsoft.Sql](./permissions/databases.md#microsoftsql) | Managed, intelligent SQL in the cloud. | [Azure SQL Database](/azure/azure-sql/database/index)<br/>[Azure SQL Managed Instance](/azure/azure-sql/managed-instance/index)<br/>[Azure Synapse Analytics](/azure/synapse-analytics/) |
+> | [Microsoft.SqlVirtualMachine](./permissions/databases.md#microsoftsqlvirtualmachine) | Host enterprise SQL Server apps in the cloud. | [SQL Server on Azure Virtual Machines](/azure/azure-sql/virtual-machines/windows/sql-server-on-azure-vm-iaas-what-is-overview) |
+
+<a name='microsoftdatafactory'></a>
## Analytics -- [Microsoft.AnalysisServices](./permissions/analytics.md#microsoftanalysisservices)-- [Microsoft.Databricks](./permissions/analytics.md#microsoftdatabricks)-- [Microsoft.DataLakeAnalytics](./permissions/analytics.md#microsoftdatalakeanalytics)-- [Microsoft.DataLakeStore](./permissions/analytics.md#microsoftdatalakestore)-- [Microsoft.EventHub](./permissions/analytics.md#microsofteventhub)-- [Microsoft.HDInsight](./permissions/analytics.md#microsofthdinsight)-- [Microsoft.Kusto](./permissions/analytics.md#microsoftkusto)-- [Microsoft.PowerBIDedicated](./permissions/analytics.md#microsoftpowerbidedicated)-- [Microsoft.StreamAnalytics](./permissions/analytics.md#microsoftstreamanalytics)-- [Microsoft.Synapse](./permissions/analytics.md#microsoftsynapse)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.AnalysisServices](./permissions/analytics.md#microsoftanalysisservices) | Enterprise-grade analytics engine as a service. | [Azure Analysis Services](/azure/analysis-services/index) |
+> | [Microsoft.Databricks](./permissions/analytics.md#microsoftdatabricks) | Fast, easy, and collaborative Apache Spark-based analytics platform. | [Azure Databricks](/azure/databricks/) |
+> | [Microsoft.DataCatalog](./permissions/analytics.md#microsoftdatacatalog) | Get more value from your enterprise data assets. | [Data Catalog](/azure/data-catalog/) |
+> | [Microsoft.DataFactory](./permissions/analytics.md#microsoftdatafactory) | Hybrid data integration at enterprise scale, made easy. | [Data Factory](/azure/data-factory/) |
+> | [Microsoft.DataLakeAnalytics](./permissions/analytics.md#microsoftdatalakeanalytics) | Distributed analytics service that makes big data easy. | [Data Lake Analytics](/azure/data-lake-analytics/) |
+> | [Microsoft.DataLakeStore](./permissions/analytics.md#microsoftdatalakestore) | Highly scalable and cost-effective data lake solution for big data analytics. | [Azure Data Lake Storage Gen2](/azure/storage/blobs/data-lake-storage-introduction) |
+> | [Microsoft.HDInsight](./permissions/analytics.md#microsofthdinsight) | Provision cloud Hadoop, Spark, R Server, HBase, and Storm clusters. | [HDInsight](/azure/hdinsight/) |
+> | [Microsoft.Kusto](./permissions/analytics.md#microsoftkusto) | Service for storing and running interactive analytics over Big Data. | [Azure Data Explorer](/azure/data-explorer/) |
+> | [Microsoft.PowerBIDedicated](./permissions/analytics.md#microsoftpowerbidedicated) | Manage Power BI Premium dedicated capacities for exclusive use by an organization. | [Power BI Embedded](/azure/power-bi-embedded/) |
+> | [Microsoft.Purview](./permissions/analytics.md#microsoftpurview) | | [Microsoft Purview](/purview/) |
+> | [Microsoft.Synapse](./permissions/analytics.md#microsoftsynapse) | | [Azure Synapse Analytics](/azure/synapse-analytics/) |
+
+<a name='microsoftsearch'></a>
## AI + machine learning -- [Microsoft.BotService](./permissions/ai-machine-learning.md#microsoftbotservice)-- [Microsoft.CognitiveServices](./permissions/ai-machine-learning.md#microsoftcognitiveservices)-- [Microsoft.MachineLearning](./permissions/ai-machine-learning.md#microsoftmachinelearning)-- [Microsoft.MachineLearningServices](./permissions/ai-machine-learning.md#microsoftmachinelearningservices)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.BotService](./permissions/ai-machine-learning.md#microsoftbotservice) | Intelligent, serverless bot service that scales on demand. | [Azure Bot Service](/azure/bot-service/) |
+> | [Microsoft.CognitiveServices](./permissions/ai-machine-learning.md#microsoftcognitiveservices) | Add smart API capabilities to enable contextual interactions. | [Cognitive Services](/azure/cognitive-services/) |
+> | [Microsoft.MachineLearning](./permissions/ai-machine-learning.md#microsoftmachinelearning) | Access and manage the predictive models that you created and deployed as web services. | [Machine Learning Studio (classic)](/azure/machine-learning/classic/) |
+> | [Microsoft.MachineLearningServices](./permissions/ai-machine-learning.md#microsoftmachinelearningservices) | Enterprise-grade machine learning service to build and deploy models faster. | [Machine Learning](/azure/machine-learning/) |
+> | [Microsoft.Search](./permissions/ai-machine-learning.md#microsoftsearch) | Leverage search services and get comprehensive results. | [Azure AI Search](/azure/search/) |
## Internet of Things -- [Microsoft.DataBoxEdge](./permissions/internet-of-things.md#microsoftdataboxedge)-- [Microsoft.Devices](./permissions/internet-of-things.md#microsoftdevices)-- [Microsoft.DeviceUpdate](./permissions/internet-of-things.md#microsoftdeviceupdate)-- [Microsoft.DigitalTwins](./permissions/internet-of-things.md#microsoftdigitaltwins)-- [Microsoft.IoTCentral](./permissions/internet-of-things.md#microsoftiotcentral)-- [Microsoft.IoTSecurity](./permissions/internet-of-things.md#microsoftiotsecurity)-- [Microsoft.NotificationHubs](./permissions/internet-of-things.md#microsoftnotificationhubs)-- [Microsoft.TimeSeriesInsights](./permissions/internet-of-things.md#microsofttimeseriesinsights)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.Devices](./permissions/internet-of-things.md#microsoftdevices) | Ensure that your users are accessing your resources from devices that meet your standards for security and compliance. | [IoT Hub](/azure/iot-hub/)<br/>[IoT Hub Device Provisioning Service](/azure/iot-dps/) |
+> | [Microsoft.DeviceUpdate](./permissions/internet-of-things.md#microsoftdeviceupdate) | | [Device Update for IoT Hub](/azure/iot-hub-device-update/) |
+> | [Microsoft.DigitalTwins](./permissions/internet-of-things.md#microsoftdigitaltwins) | | [Azure Digital Twins](/azure/digital-twins/) |
+> | [Microsoft.IoTCentral](./permissions/internet-of-things.md#microsoftiotcentral) | Experience the simplicity of SaaS for IoT, with no cloud expertise required. | [IoT Central](/azure/iot-central/) |
+> | [Microsoft.IoTSecurity](./permissions/internet-of-things.md#microsoftiotsecurity) | | [IoT security](/azure/iot/iot-security-architecture) |
+> | [Microsoft.StreamAnalytics](./permissions/internet-of-things.md#microsoftstreamanalytics) | Real-time data stream processing from millions of IoT devices. | [Stream Analytics](/azure/stream-analytics/) |
+> | [Microsoft.TimeSeriesInsights](./permissions/internet-of-things.md#microsofttimeseriesinsights) | Explore and analyze time-series data from IoT devices. | [Time Series Insights](/azure/time-series-insights/) |
## Mixed reality -- [Microsoft.MixedReality](./permissions/mixed-reality.md#microsoftmixedreality)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.MixedReality](./permissions/mixed-reality.md#microsoftmixedreality) | Blend your physical and digital worlds to create immersive, collaborative experiences. | [Azure Spatial Anchors](/azure/spatial-anchors/) |
<a name='microsoftapimanagement'></a> ## Integration -- [Microsoft.ApiManagement](./permissions/integration.md#microsoftapimanagement)-- [Microsoft.AppConfiguration](./permissions/integration.md#microsoftappconfiguration)-- [Microsoft.AVS](./permissions/integration.md#microsoftavs)-- [Microsoft.DataCatalog](./permissions/integration.md#microsoftdatacatalog)-- [Microsoft.EventGrid](./permissions/integration.md#microsofteventgrid)-- [Microsoft.HealthcareApis](./permissions/integration.md#microsofthealthcareapis)-- [Microsoft.Logic](./permissions/integration.md#microsoftlogic)-- [Microsoft.Relay](./permissions/integration.md#microsoftrelay)-- [Microsoft.ServiceBus](./permissions/integration.md#microsoftservicebus)-- [Microsoft.ServicesHub](./permissions/integration.md#microsoftserviceshub)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.ApiManagement](./permissions/integration.md#microsoftapimanagement) | Easily build and consume Cloud APIs. | [API Management](/azure/api-management/) |
+> | [Microsoft.AppConfiguration](./permissions/integration.md#microsoftappconfiguration) | Fast, scalable parameter storage for app configuration. | [Azure App Configuration](/azure/azure-app-configuration/) |
+> | [Microsoft.Communication](./permissions/integration.md#microsoftcommunication) | | [Azure Communication Services](/azure/communication-services/overview) |
+> | [Microsoft.EventGrid](./permissions/integration.md#microsofteventgrid) | Get reliable event delivery at massive scale. | [Event Grid](/azure/event-grid/) |
+> | [Microsoft.EventHub](./permissions/integration.md#microsofteventhub) | Receive telemetry from millions of devices. | [Event Hubs](/azure/event-hubs/) |
+> | [Microsoft.HealthcareApis](./permissions/integration.md#microsofthealthcareapis) | | [Azure API for FHIR](/azure/healthcare-apis/azure-api-for-fhir/) |
+> | [Microsoft.Logic](./permissions/integration.md#microsoftlogic) | Automate the access and use of data across clouds without writing code. | [Logic Apps](/azure/logic-apps/) |
+> | [Microsoft.NotificationHubs](./permissions/integration.md#microsoftnotificationhubs) | Send push notifications to any platform from any back end. | [Notification Hubs](/azure/notification-hubs/) |
+> | [Microsoft.Relay](./permissions/integration.md#microsoftrelay) | Expose services that run in your corporate network to the public cloud. | [Azure Relay](/azure/azure-relay/relay-what-is-it) |
+> | [Microsoft.ServiceBus](./permissions/integration.md#microsoftservicebus) | Connect across private and public cloud environments. | [Service Bus](/azure/service-bus-messaging/) |
+> | [Microsoft.ServicesHub](./permissions/integration.md#microsoftserviceshub) | | [Services Hub](/services-hub/) |
## Identity -- [Microsoft.AAD](./permissions/identity.md#microsoftaad)-- [microsoft.aadiam](./permissions/identity.md#microsoftaadiam)-- [Microsoft.ADHybridHealthService](./permissions/identity.md#microsoftadhybridhealthservice)-- [Microsoft.AzureActiveDirectory](./permissions/identity.md#microsoftazureactivedirectory)-- [Microsoft.ManagedIdentity](./permissions/identity.md#microsoftmanagedidentity)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.AAD](./permissions/identity.md#microsoftaad) | Join Azure virtual machines to a domain without domain controllers. | [Microsoft Entra Domain Services](/entra/identity/domain-services/) |
+> | [microsoft.aadiam](./permissions/identity.md#microsoftaadiam) | | |
+> | [Microsoft.ADHybridHealthService](./permissions/identity.md#microsoftadhybridhealthservice) | Robust monitoring of your on-premises identity infrastructure. | [Microsoft Entra ID](/entra/identity/) |
+> | [Microsoft.AzureActiveDirectory](./permissions/identity.md#microsoftazureactivedirectory) | Synchronize on-premises directories and enable single sign-on. | [Azure Active Directory B2C](/azure/active-directory-b2c/) |
+> | [Microsoft.ManagedIdentity](./permissions/identity.md#microsoftmanagedidentity) | An automatically managed identity in Microsoft Entra ID that authenticates to any service that supports Microsoft Entra | [Managed identities for Azure resources](/azure/active-directory/managed-identities-azure-resources/) |
<a name='microsoftsecurityinsights'></a> ## Security -- [Microsoft.AppComplianceAutomation](./permissions/security.md#microsoftappcomplianceautomation)-- [Microsoft.KeyVault](./permissions/security.md#microsoftkeyvault)-- [Microsoft.Security](./permissions/security.md#microsoftsecurity)-- [Microsoft.SecurityGraph](./permissions/security.md#microsoftsecuritygraph)-- [Microsoft.SecurityInsights](./permissions/security.md#microsoftsecurityinsights)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.AppComplianceAutomation](./permissions/security.md#microsoftappcomplianceautomation) | | [App Compliance Automation Tool for Microsoft 365](/microsoft-365-app-certification/docs/acat-overview) |
+> | [Microsoft.DataProtection](./permissions/security.md#microsoftdataprotection) | | Data Protection |
+> | [Microsoft.KeyVault](./permissions/security.md#microsoftkeyvault) | Safeguard and maintain control of keys and other secrets. | [Key Vault](/azure/key-vault/) |
+> | [Microsoft.Security](./permissions/security.md#microsoftsecurity) | Protect your enterprise from advanced threats across hybrid cloud workloads. | [Security Center](/azure/security-center/) |
+> | [Microsoft.SecurityGraph](./permissions/security.md#microsoftsecuritygraph) | | |
+> | [Microsoft.SecurityInsights](./permissions/security.md#microsoftsecurityinsights) | | [Microsoft Sentinel](/azure/sentinel/) |
## DevOps -- [Microsoft.Chaos](./permissions/devops.md#microsoftchaos)-- [Microsoft.DevTestLab](./permissions/devops.md#microsoftdevtestlab)-- [Microsoft.LabServices](./permissions/devops.md#microsoftlabservices)-- [Microsoft.LoadTestService](./permissions/devops.md#microsoftloadtestservice)-- [Microsoft.SecurityDevOps](./permissions/devops.md#microsoftsecuritydevops)-- [Microsoft.VisualStudio](./permissions/devops.md#microsoftvisualstudio)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.Chaos](./permissions/devops.md#microsoftchaos) | | [Azure Chaos Studio](/azure/chaos-studio/) |
+> | [Microsoft.DevTestLab](./permissions/devops.md#microsoftdevtestlab) | Quickly create environments using reusable templates and artifacts. | [Azure Lab Services](/azure/lab-services/) |
+> | [Microsoft.LabServices](./permissions/devops.md#microsoftlabservices) | Set up labs for classrooms, trials, development and testing, and other scenarios. | [Azure Lab Services](/azure/lab-services/) |
+> | [Microsoft.LoadTestService](./permissions/devops.md#microsoftloadtestservice) | | [Azure Load Testing](/azure/load-testing/) |
+> | [Microsoft.SecurityDevOps](./permissions/devops.md#microsoftsecuritydevops) | | [Microsoft Defender for Cloud](/azure/defender-for-cloud/) |
+> | [Microsoft.VisualStudio](./permissions/devops.md#microsoftvisualstudio) | The powerful and flexible environment for developing applications in the cloud. | [Azure DevOps](/azure/devops/) |
## Migration -- [Microsoft.Migrate](./permissions/migration.md#microsoftmigrate)-- [Microsoft.OffAzure](./permissions/migration.md#microsoftoffazure)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.DataBox](./permissions/migration.md#microsoftdatabox) | Move stored or in-flight data to Azure quickly and cost-effectively. | [Azure Data Box](/azure/databox/) |
+> | [Microsoft.DataBoxEdge](./permissions/migration.md#microsoftdataboxedge) | Appliances and solutions for data transfer to Azure and edge compute. | [Azure Stack Edge](/azure/databox-online/azure-stack-edge-overview) |
+> | [Microsoft.DataMigration](./permissions/migration.md#microsoftdatamigration) | Simplify on-premises database migration to the cloud. | [Azure Database Migration Service](/azure/dms/) |
+> | [Microsoft.Migrate](./permissions/migration.md#microsoftmigrate) | Easily discover, assess, right-size, and migrate your on-premises VMs to Azure. | [Azure Migrate](/azure/migrate/migrate-services-overview) |
+> | [Microsoft.OffAzure](./permissions/migration.md#microsoftoffazure) | | [Azure Migrate](/azure/migrate/migrate-services-overview) |
<a name='microsoftoperationalinsights'></a> ## Monitor -- [Microsoft.AlertsManagement](./permissions/monitor.md#microsoftalertsmanagement)-- [Microsoft.Dashboard](./permissions/monitor.md#microsoftdashboard)-- [Microsoft.Insights](./permissions/monitor.md#microsoftinsights)-- [Microsoft.Monitor](./permissions/monitor.md#microsoftmonitor)-- [Microsoft.OperationalInsights](./permissions/monitor.md#microsoftoperationalinsights)-- [Microsoft.OperationsManagement](./permissions/monitor.md#microsoftoperationsmanagement)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.AlertsManagement](./permissions/monitor.md#microsoftalertsmanagement) | Analyze all of the alerts in your Log Analytics repository. | [Azure Monitor](/azure/azure-monitor/) |
+> | [Microsoft.Dashboard](./permissions/monitor.md#microsoftdashboard) | | [Azure Managed Grafana](/azure/managed-grafana/) |
+> | [Microsoft.Insights](./permissions/monitor.md#microsoftinsights) | Full observability into your applications, infrastructure, and network. | [Azure Monitor](/azure/azure-monitor/) |
+> | [Microsoft.Monitor](./permissions/monitor.md#microsoftmonitor) | | [Azure Monitor](/azure/azure-monitor/) |
+> | [Microsoft.OperationalInsights](./permissions/monitor.md#microsoftoperationalinsights) | | [Azure Monitor](/azure/azure-monitor/) |
+> | [Microsoft.OperationsManagement](./permissions/monitor.md#microsoftoperationsmanagement) | A simplified management solution for any enterprise. | [Azure Monitor](/azure/azure-monitor/) |
<a name='microsoftauthorization'></a> <a name='microsoftautomation'></a> <a name='microsoftcostmanagement'></a> <a name='microsoftpolicyinsights'></a>
+<a name='microsoftresourcehealth'></a>
## Management and governance -- [Microsoft.Advisor](./permissions/management-and-governance.md#microsoftadvisor)-- [Microsoft.Authorization](./permissions/management-and-governance.md#microsoftauthorization)-- [Microsoft.Automation](./permissions/management-and-governance.md#microsoftautomation)-- [Microsoft.Batch](./permissions/management-and-governance.md#microsoftbatch)-- [Microsoft.Billing](./permissions/management-and-governance.md#microsoftbilling)-- [Microsoft.Blueprint](./permissions/management-and-governance.md#microsoftblueprint)-- [Microsoft.Capacity](./permissions/management-and-governance.md#microsoftcapacity)-- [Microsoft.Commerce](./permissions/management-and-governance.md#microsoftcommerce)-- [Microsoft.Consumption](./permissions/management-and-governance.md#microsoftconsumption)-- [Microsoft.CostManagement](./permissions/management-and-governance.md#microsoftcostmanagement)-- [Microsoft.DataProtection](./permissions/management-and-governance.md#microsoftdataprotection)-- [Microsoft.Features](./permissions/management-and-governance.md#microsoftfeatures)-- [Microsoft.GuestConfiguration](./permissions/management-and-governance.md#microsoftguestconfiguration)-- [Microsoft.Intune](./permissions/management-and-governance.md#microsoftintune)-- [Microsoft.ManagedServices](./permissions/management-and-governance.md#microsoftmanagedservices)-- [Microsoft.Management](./permissions/management-and-governance.md#microsoftmanagement)-- [Microsoft.PolicyInsights](./permissions/management-and-governance.md#microsoftpolicyinsights)-- [Microsoft.Portal](./permissions/management-and-governance.md#microsoftportal)-- [Microsoft.Purview](./permissions/management-and-governance.md#microsoftpurview)-- [Microsoft.RecoveryServices](./permissions/management-and-governance.md#microsoftrecoveryservices)-- [Microsoft.ResourceGraph](./permissions/management-and-governance.md#microsoftresourcegraph)-- [Microsoft.Resources](./permissions/management-and-governance.md#microsoftresources)-- [Microsoft.Solutions](./permissions/management-and-governance.md#microsoftsolutions)-- [Microsoft.Subscription](./permissions/management-and-governance.md#microsoftsubscription)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.Advisor](./permissions/management-and-governance.md#microsoftadvisor) | Your personalized Azure best practices recommendation engine. | [Azure Advisor](/azure/advisor/) |
+> | [Microsoft.Authorization](./permissions/management-and-governance.md#microsoftauthorization) | | [Azure Policy](/azure/governance/policy/overview)<br/>[Azure RBAC](/azure/role-based-access-control/overview)<br/>[Azure Resource Manager](/azure/azure-resource-manager/) |
+> | [Microsoft.Automation](./permissions/management-and-governance.md#microsoftautomation) | Simplify cloud management with process automation. | [Automation](/azure/automation/) |
+> | [Microsoft.Billing](./permissions/management-and-governance.md#microsoftbilling) | Manage your subscriptions and see usage and billing. | [Cost Management + Billing](/azure/cost-management-billing/) |
+> | [Microsoft.Blueprint](./permissions/management-and-governance.md#microsoftblueprint) | Enabling quick, repeatable creation of governed environments. | [Azure Blueprints](/azure/governance/blueprints/) |
+> | [Microsoft.Consumption](./permissions/management-and-governance.md#microsoftconsumption) | Programmatic access to cost and usage data for your Azure resources. | [Cost Management](/azure/cost-management-billing/) |
+> | [Microsoft.CostManagement](./permissions/management-and-governance.md#microsoftcostmanagement) | Optimize what you spend on the cloud, while maximizing cloud potential. | [Cost Management](/azure/cost-management-billing/) |
+> | [Microsoft.Features](./permissions/management-and-governance.md#microsoftfeatures) | | [Azure Resource Manager](/azure/azure-resource-manager/) |
+> | [Microsoft.GuestConfiguration](./permissions/management-and-governance.md#microsoftguestconfiguration) | Audit settings inside a machine using Azure Policy. | [Azure Policy](/azure/governance/policy/) |
+> | [Microsoft.Intune](./permissions/management-and-governance.md#microsoftintune) | Enable your workforce to be productive on all their devices, while keeping your organization's information protected. | |
+> | [Microsoft.ManagedServices](./permissions/management-and-governance.md#microsoftmanagedservices) | | [Azure Lighthouse](/azure/lighthouse/) |
+> | [Microsoft.Management](./permissions/management-and-governance.md#microsoftmanagement) | Use management groups to efficiently apply governance controls and manage groups of Azure subscriptions. | [Management Groups](/azure/governance/management-groups/) |
+> | [Microsoft.PolicyInsights](./permissions/management-and-governance.md#microsoftpolicyinsights) | Summarize policy states for the subscription level policy definition. | [Azure Policy](/azure/governance/policy/) |
+> | [Microsoft.Portal](./permissions/management-and-governance.md#microsoftportal) | Build, manage, and monitor all Azure products in a single, unified console. | [Azure portal](/azure/azure-portal/) |
+> | [Microsoft.RecoveryServices](./permissions/management-and-governance.md#microsoftrecoveryservices) | Hold and organize backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. | [Site Recovery](/azure/site-recovery/) |
+> | [Microsoft.ResourceGraph](./permissions/management-and-governance.md#microsoftresourcegraph) | Powerful tool to query, explore, and analyze your cloud resources at scale. | [Azure Resource Graph](/azure/governance/resource-graph/) |
+> | [Microsoft.ResourceHealth](./permissions/management-and-governance.md#microsoftresourcehealth) | Diagnose and get support for service problems that affect your Azure resources. | [Azure Service Health](/azure/service-health/) |
+> | [Microsoft.Resources](./permissions/management-and-governance.md#microsoftresources) | Deployment and management service for Azure that enables you to create, update, and delete resources in your Azure subscription. | [Azure Resource Manager](/azure/azure-resource-manager/) |
+> | [Microsoft.Solutions](./permissions/management-and-governance.md#microsoftsolutions) | Find the solution to meet the needs of your application or business. | [Azure Managed Applications](/azure/azure-resource-manager/managed-applications/) |
+
+<a name='microsoftkubernetes'></a>
## Hybrid + multicloud -- [Microsoft.AzureStack](./permissions/hybrid-multicloud.md#microsoftazurestack)-- [Microsoft.AzureStackHCI](./permissions/hybrid-multicloud.md#microsoftazurestackhci)-- [Microsoft.HybridCompute](./permissions/hybrid-multicloud.md#microsofthybridcompute)-- [Microsoft.HybridConnectivity](./permissions/hybrid-multicloud.md#microsofthybridconnectivity)
+> [!div class="mx-tableFixed"]
+> | Resource provider | Description | Azure service |
+> | | | |
+> | [Microsoft.AzureStack](./permissions/hybrid-multicloud.md#microsoftazurestack) | Build and run innovative hybrid applications across cloud boundaries. | [Azure Stack](/azure-stack/) |
+> | [Microsoft.AzureStackHCI](./permissions/hybrid-multicloud.md#microsoftazurestackhci) | | [Azure Stack HCI](/azure-stack/hci/) |
+> | [Microsoft.HybridCompute](./permissions/hybrid-multicloud.md#microsofthybridcompute) | | [Azure Arc](/azure/azure-arc/) |
+> | [Microsoft.HybridConnectivity](./permissions/hybrid-multicloud.md#microsofthybridconnectivity) | | |
+> | [Microsoft.Kubernetes](./permissions/hybrid-multicloud.md#microsoftkubernetes) | | [Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/overview) |
+> | [Microsoft.KubernetesConfiguration](./permissions/hybrid-multicloud.md#microsoftkubernetesconfiguration) | | [Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/overview) |
## Next steps
search Search Get Started Portal Import Vectors https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/search-get-started-portal-import-vectors.md
Get started with [integrated vectorization (preview)](vector-search-integrated-v
In this preview version of the wizard: + Source data is blob only, using the default parsing mode (one search document per blob).
-+ Index schema is nonconfigurable. Source fields include `content` (chunked and vectorized), `metadata_storage_name` for title, and a `metadata_storage_path` for the document key.
++ Index schema is nonconfigurable. Source fields include `content` (chunked and vectorized), `metadata_storage_name` for title, and a `metadata_storage_path` for the document key which is populated as `parent_id` in the Index. + Vectorization is Azure OpenAI only (text-embedding-ada-002), using the [HNSW](vector-search-ranking.md) algorithm with defaults. + Chunking is nonconfigurable. The effective settings are:
sentinel Entities Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/entities-reference.md
Learn more about [strong and weak identifiers](entities.md#strong-and-weak-ident
| [**Host**](#host) | DnsDomain<br>NTDomain<br>HostName<br>*FullName \**<br>NetBiosName<br>AzureID<br>OMSAgentID<br>OSFamily<br>OSVersion<br>IsDomainJoined | HostName+NTDomain<br>HostName+DnsDomain<br>NetBiosName+NTDomain<br>NetBiosName+DnsDomain<br>AzureID<br>OMSAgentID | HostName<br>NetBiosName | | [**IP**](#ip) | Address<br>AddressScope | Address [\*\*](#strong-identifiers-of-an-ip-entity)<br>Address+AddressScope [\*\*](#strong-identifiers-of-an-ip-entity) | | | [**URL**](#url) | Url | Url *(if absolute URL)* [\*\*](#strong-identifiers-of-a-url-entity) | Url *(if relative URL)* [\*\*](#strong-identifiers-of-a-url-entity) |
-| [**AzureResource**](#azure-resource) | ResourceId | ResourceId | |
+| [**Azure resource**](#azure-resource)<br>*(AzureResource)* | ResourceId | ResourceId | |
| [**Cloud application**](#cloud-application)<br>*(CloudApplication)* | AppId<br>Name<br>InstanceName | AppId<br>Name<br>AppId+InstanceName<br>Name+InstanceName | |
-| [**DNS Resolution**](#dns-resolution) | DomainName | DomainName+*DnsServerIp*+*HostIpAddress* | DomainName+*HostIpAddress* |
+| [**DNS resolution**](#dns-resolution)<br>*(DNS)* | DomainName | DomainName+*DnsServerIp*+*HostIpAddress* | DomainName+*HostIpAddress* |
| [**File**](#file) | Directory<br>Name | Directory+Name | | | [**File hash**](#file-hash)<br>*(FileHash)* | Algorithm<br>Value | Algorithm+Value | | | [**Malware**](#malware) | Name<br>Category | Name+Category | | | [**Process**](#process) | ProcessId<br>CommandLine<br>ElevationToken<br>CreationTimeUtc | *Host*+ProcessID+CreationTimeUtc<br>*Host*+*ParentProcessId*+<br>&nbsp;&nbsp;&nbsp;CreationTimeUtc+CommandLine<br>*Host*+ProcessId+<br>&nbsp;&nbsp;&nbsp;CreationTimeUtc+*ImageFile*<br>*Host*+ProcessId+<br>&nbsp;&nbsp;&nbsp;CreationTimeUtc+*ImageFile*+<br>&nbsp;&nbsp;&nbsp;*FileHash* | ProcessId+CreationTimeUtc+<br>&nbsp;&nbsp;&nbsp;CommandLine (no Host)<br>ProcessId+CreationTimeUtc+<br>&nbsp;&nbsp;&nbsp;*ImageFile* (no Host) |
-| [**Registry key**](#registry-key) | Hive<br>Key | Hive+Key | |
-| [**Registry value**](#registry-value) | Name<br>Value<br>ValueType<br> | *Key*+Name | Name (no Key) |
-| [**Security group**](#security-group) | DistinguishedName<br>SID<br>ObjectGuid | DistinguishedName<br>SID<br>ObjectGuid | |
+| [**Registry key**](#registry-key)<br>*(RegistryKey)* | Hive<br>Key | Hive+Key | |
+| [**Registry value**](#registry-value)<br>*(RegistryValue)* | Name<br>Value<br>ValueType<br> | *Key*+Name | Name (no Key) |
+| [**Security group**](#security-group)<br>*(SecurityGroup)* | DistinguishedName<br>SID<br>ObjectGuid | DistinguishedName<br>SID<br>ObjectGuid | |
| [**Mailbox**](#mailbox) | MailboxPrimaryAddress<br>DisplayName<br>Upn<br>ExternalDirectoryObjectId<br>RiskLevel | MailboxPrimaryAddress | |
-| [**Mail cluster**](#mail-cluster) | NetworkMessageIds<br>CountByDeliveryStatus<br>CountByThreatType<br>CountByProtectionStatus<br>Threats<br>Query<br>QueryTime<br>MailCount<br>IsVolumeAnomaly<br>Source<br>*ClusterSourceIdentifier \**<br>*ClusterSourceType \**<br>*ClusterQueryStartTime \**<br>*ClusterQueryEndTime \**<br>*ClusterGroup \** | Query+Source | |
-| [**Mail message**](#mail-message) | Recipient<br>Urls<br>Threats<br>Sender<br>*P1Sender \**<br>*P1SenderDisplayName \**<br>*P1SenderDomain \**<br>SenderIP<br>*P2Sender \**<br>*P2SenderDisplayName \**<br>*P2SenderDomain \**<br>ReceivedDate<br>NetworkMessageId<br>InternetMessageId<br>Subject<br>*BodyFingerprintBin1 \**<br>*BodyFingerprintBin2 \**<br>*BodyFingerprintBin3 \**<br>*BodyFingerprintBin4 \**<br>*BodyFingerprintBin5 \**<br>AntispamDirection<br>DeliveryAction<br>DeliveryLocation<br>*Language \**<br>*ThreatDetectionMethods \** | NetworkMessageId+Recipient | |
-| [**Submission mail**](#submission-mail) | NetworkMessageId<br>Timestamp<br>Recipient<br>Sender<br>SenderIp<br>Subject<br>ReportType<br>SubmissionId<br>SubmissionDate<br>Submitter | SubmissionId+NetworkMessageId+<br>&nbsp;&nbsp;&nbsp;Recipient+Submitter | |
+| [**Mail cluster**](#mail-cluster)<br>*(MailCluster)* | NetworkMessageIds<br>CountByDeliveryStatus<br>CountByThreatType<br>CountByProtectionStatus<br>Threats<br>Query<br>QueryTime<br>MailCount<br>IsVolumeAnomaly<br>Source<br>*ClusterSourceIdentifier \**<br>*ClusterSourceType \**<br>*ClusterQueryStartTime \**<br>*ClusterQueryEndTime \**<br>*ClusterGroup \** | Query+Source | |
+| [**Mail message**](#mail-message)<br>*(MailMessage)* | Recipient<br>Urls<br>Threats<br>Sender<br>*P1Sender \**<br>*P1SenderDisplayName \**<br>*P1SenderDomain \**<br>SenderIP<br>*P2Sender \**<br>*P2SenderDisplayName \**<br>*P2SenderDomain \**<br>ReceivedDate<br>NetworkMessageId<br>InternetMessageId<br>Subject<br>*BodyFingerprintBin1 \**<br>*BodyFingerprintBin2 \**<br>*BodyFingerprintBin3 \**<br>*BodyFingerprintBin4 \**<br>*BodyFingerprintBin5 \**<br>AntispamDirection<br>DeliveryAction<br>DeliveryLocation<br>*Language \**<br>*ThreatDetectionMethods \** | NetworkMessageId+Recipient | |
+| [**Submission mail**](#submission-mail)<br>*(SubmissionMail)* | NetworkMessageId<br>Timestamp<br>Recipient<br>Sender<br>SenderIp<br>Subject<br>ReportType<br>SubmissionId<br>SubmissionDate<br>Submitter | SubmissionId+NetworkMessageId+<br>&nbsp;&nbsp;&nbsp;Recipient+Submitter | |
| [**Sentinel entities**](#sentinel-entities) | Entities | Entities | | **Table footnotes:**
The following section contains a more in-depth look at the full schemas of each
- [Process](#process) - [Cloud application](#cloud-application) - [DNS resolution](#dns-resolution)-- [AzureResource](#azure-resource)
+- [Azure resource](#azure-resource)
- [File hash](#file-hash) - [Registry key](#registry-key) - [Registry value](#registry-value)
The following section contains a more in-depth look at the full schemas of each
### IP
+*Entity name: IP*
+ | Field | Type | Description | | -- | - | -- | | **Type** | String | 'ip' |
storage Data Lake Storage Query Acceleration How To https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/data-lake-storage-query-acceleration-how-to.md
Query acceleration enables applications and analytics frameworks to dramatically
- A **general-purpose v2** storage account. see [Create a storage account](../common/storage-account-create.md).
+- Double encryption is not supported.
+- If you are querying a JSON file, each record size in this file should be smaller than 1MB.
- Choose a tab to view any SDK-specific prerequisites. ### [PowerShell](#tab/azure-powershell)
time-series-insights Breaking Changes Long Data Type https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/time-series-insights/breaking-changes-long-data-type.md
Depending on your IoT solution and constraints, you might not have visibility in
- You can preemptively make the recommended changes for all numeric tags. - You can temporarily route a subset of events to storage to better understand and explore your schema.
-To store events, turn on [event capture](../event-hubs/event-hubs-capture-overview.md) for Azure Event Hubs, or [route](../iot-hub/iot-hub-devguide-messages-d2c.md#azure-storage-as-a-routing-endpoint) from your IoT Hub to Azure Blob storage.
+To store events, turn on [event capture](../event-hubs/event-hubs-capture-overview.md) for Azure Event Hubs, or [route](../iot-hub/iot-hub-devguide-messages-d2c.md) from your IoT Hub to Azure Blob storage.
Data can also be observed through the [Event Hub Explorer](https://marketplace.visualstudio.com/items?itemName=Summer.azure-event-hub-explorer), or by using the [Event Processor Host](../event-hubs/event-hubs-dotnet-standard-getstarted-send.md#receive-events-from-the-event-hub).
virtual-machines Dcesv5 Dcedsv5 Series https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/dcesv5-dcedsv5-series.md
These machines are powered by Intel® 4th Generation Xeon® Scalable processors
Featuring [Intel® Trust Domain Extensions (TDX)](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html), these VMs are hardened from the cloud virtualized environment by denying the hypervisor, other host management code and administrators access to the VM memory and state. It helps to protect VMs against a broad range of sophisticated [hardware and software attacks](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html).
-These VMs have native support for [confidential disk encryption](disk-encryption-overview.md) meaning organizations can encrypt their VM disks at boot with either a customer-managed key (CMK), or platform-managed key (PMK). This feature is fully integrated with [Azure KeyVault](../key-vault/general/overview.md) or [Azure Managed HSM](../key-vault/managed-hsm/overview.md) with validation for FIPS 140-2 Level 3. For organizations wanting further separation of duties for flexibility over key management, attestation, and disk encryption, these VMs also provide this experience.
+These VMs have native support for [confidential disk encryption](disk-encryption-overview.md) meaning organizations can encrypt their VM disks at boot with either a customer-managed key (CMK), or platform-managed key (PMK). This feature is fully integrated with [Azure KeyVault](../key-vault/general/overview.md) or [Azure Managed HSM](../key-vault/managed-hsm/overview.md) with validation for FIPS 140-2 Level 3.
> [!NOTE] > There are some [pricing differences based on your encryption settings](../confidential-computing/confidential-vm-overview.md#encryption-pricing-differences) for confidential VMs.
virtual-machines Ecesv5 Ecedsv5 Series https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/ecesv5-ecedsv5-series.md
These machines are powered by Intel® 4th Generation Xeon® Scalable processors
Featuring [Intel® Trust Domain Extensions (TDX)](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html), these VMs are hardened from the cloud virtualized environment by denying the hypervisor, other host management code and administrators access to the VM memory and state. It helps to protect VMs against a broad range of sophisticated [hardware and software attacks](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html).
-These VMs have native support for [confidential disk encryption](disk-encryption-overview.md) meaning organizations can encrypt their VM disks at boot with either a customer-managed key (CMK), or platform-managed key (PMK). This feature is fully integrated with [Azure KeyVault](../key-vault/general/overview.md) or [Azure Managed HSM](../key-vault/managed-hsm/overview.md) with validation for FIPS 140-2 Level 3. For organizations wanting further separation of duties for flexibility over key management, attestation, and disk encryption, these VMs also provide this experience.
+These VMs have native support for [confidential disk encryption](disk-encryption-overview.md) meaning organizations can encrypt their VM disks at boot with either a customer-managed key (CMK), or platform-managed key (PMK). This feature is fully integrated with [Azure KeyVault](../key-vault/general/overview.md) or [Azure Managed HSM](../key-vault/managed-hsm/overview.md) with validation for FIPS 140-2 Level 3.
> [!NOTE] > There are some [pricing differences based on your encryption settings](../confidential-computing/confidential-vm-overview.md#encryption-pricing-differences) for confidential VMs.
virtual-machines Download Vhd https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/windows/download-vhd.md
az disk grant-access --duration-in-seconds 86400 --access-level Read --name your
> [!NOTE]
-> The expiration time is increased from the default to provide enough time to download the large VHD file for a Windows Server operating system. Large VHDs can take up to several hours to download depending on your connection and the size of the VM.
+> The expiration time is increased from the default to provide enough time to download the large VHD file for a Windows Server operating system. Large VHDs can take up to several hours to download depending on your connection and the size of the VM.
+>
+> While the SAS URL is active, attempting to start the VM will result in the error **There is an active shared access signature outstanding for disk** *diskname*. You can revoke the SAS URL by selecting **Cancel export** on the **Disk Export** page.
## Download VHD