Updates from: 02/05/2021 04:09:16
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c https://docs.microsoft.com/en-us/azure/active-directory-b2c/partner-trusona https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/partner-trusona.md
@@ -24,7 +24,7 @@ To get started, you'll need:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * [An Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
-* A [trial account](https://www.trusona.com/aadb2c) at Trusona
+* A [trial account](https://www.trusona.com/) at Trusona
## Scenario description
@@ -49,7 +49,7 @@ In this scenario, Trusona acts as an identity provider for Azure AD B2C to enabl
## Onboard with Trusona
-1. Fill out the [form](https://www.trusona.com/aadb2c) to create a Trusona account and get started.
+1. Fill out the [form](https://www.trusona.com/) to create a Trusona account and get started.
2. Download the Trusona mobile app from the app store. Install the app and register your email.
active-directory-domain-services https://docs.microsoft.com/en-us/azure/active-directory-domain-services/powershell-create-instance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-domain-services/powershell-create-instance.md
@@ -10,7 +10,7 @@
Previously updated : 10/02/2020 Last updated : 02/04/2021
@@ -38,14 +38,14 @@ To complete this article, you need the following resources:
## Create required Azure AD resources
-Azure AD DS requires a service principal and an Azure AD group. These resources let the Azure AD DS managed domain synchronize data, and define which users have administrative permissions in the managed domain.
+Azure AD DS requires a service principal to authenticate and communicate and an Azure AD group to define which users have administrative permissions in the managed domain.
-First, create an Azure AD service principal for Azure AD DS to communicate and authenticate itself. A specific application ID is used named *Domain Controller Services* with an ID of *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. Don't change this application ID.
+First, create an Azure AD service principal by using a specific application ID named *Domain Controller Services*. In public Azure, the ID value is *2565bd9d-da50-47d4-8b85-4c97f669dc36*. In other clouds, the value is *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. Don't change this application ID.
Create an Azure AD service principal using the [New-AzureADServicePrincipal][New-AzureADServicePrincipal] cmdlet: ```powershell
-New-AzureADServicePrincipal -AppId "6ba9a5d4-8456-4118-b521-9c5ca10cdf84"
+New-AzureADServicePrincipal -AppId "2565bd9d-da50-47d4-8b85-4c97f669dc36"
``` Now create an Azure AD group named *AAD DC Administrators*. Users added to this group are then granted permissions to perform administration tasks on the managed domain.
@@ -141,18 +141,6 @@ The following PowerShell cmdlets use [New-AzNetworkSecurityRuleConfig][New-AzNet
```powershell $NSGName = "aaddsNSG"
-# Create a rule to allow inbound TCP port 443 traffic for synchronization with Azure AD
-$nsg101 = New-AzNetworkSecurityRuleConfig `
- -Name AllowSyncWithAzureAD `
- -Access Allow `
- -Protocol Tcp `
- -Direction Inbound `
- -Priority 101 `
- -SourceAddressPrefix AzureActiveDirectoryDomainServices `
- -SourcePortRange * `
- -DestinationAddressPrefix * `
- -DestinationPortRange 443
- # Create a rule to allow inbound TCP port 3389 traffic from Microsoft secure access workstations for troubleshooting $nsg201 = New-AzNetworkSecurityRuleConfig -Name AllowRD ` -Access Allow `
@@ -179,7 +167,7 @@ $nsg301 = New-AzNetworkSecurityRuleConfig -Name AllowPSRemoting `
$nsg = New-AzNetworkSecurityGroup -Name $NSGName ` -ResourceGroupName $ResourceGroupName ` -Location $AzureLocation `
- -SecurityRules $nsg101,$nsg201,$nsg301
+ -SecurityRules $nsg201,$nsg301
# Get the existing virtual network resource objects and information $vnet = Get-AzVirtualNetwork -Name $VnetName -ResourceGroupName $ResourceGroupName
@@ -248,7 +236,7 @@ Connect-AzureAD
Connect-AzAccount # Create the service principal for Azure AD Domain Services.
-New-AzureADServicePrincipal -AppId "6ba9a5d4-8456-4118-b521-9c5ca10cdf84"
+New-AzureADServicePrincipal -AppId "2565bd9d-da50-47d4-8b85-4c97f669dc36"
# First, retrieve the object ID of the 'AAD DC Administrators' group. $GroupObjectId = Get-AzureADGroup `
@@ -303,18 +291,6 @@ $Vnet=New-AzVirtualNetwork `
$NSGName = "aaddsNSG"
-# Create a rule to allow inbound TCP port 443 traffic for synchronization with Azure AD
-$nsg101 = New-AzNetworkSecurityRuleConfig `
- -Name AllowSyncWithAzureAD `
- -Access Allow `
- -Protocol Tcp `
- -Direction Inbound `
- -Priority 101 `
- -SourceAddressPrefix AzureActiveDirectoryDomainServices `
- -SourcePortRange * `
- -DestinationAddressPrefix * `
- -DestinationPortRange 443
- # Create a rule to allow inbound TCP port 3389 traffic from Microsoft secure access workstations for troubleshooting $nsg201 = New-AzNetworkSecurityRuleConfig -Name AllowRD ` -Access Allow `
@@ -341,7 +317,7 @@ $nsg301 = New-AzNetworkSecurityRuleConfig -Name AllowPSRemoting `
$nsg = New-AzNetworkSecurityGroup -Name $NSGName ` -ResourceGroupName $ResourceGroupName ` -Location $AzureLocation `
- -SecurityRules $nsg101,$nsg201,$nsg301
+ -SecurityRules $nsg201,$nsg301
# Get the existing virtual network resource objects and information $vnet = Get-AzVirtualNetwork -Name $VnetName -ResourceGroupName $ResourceGroupName
active-directory https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/configure-automatic-user-provisioning-portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/configure-automatic-user-provisioning-portal.md
@@ -9,7 +9,7 @@
Previously updated : 11/25/2019 Last updated : 02/04/2020
@@ -58,7 +58,7 @@ Select **Test Connection** to test the credentials by having Azure AD attempt to
Expand **Mappings** to view and edit the user attributes that flow between Azure AD and the target application when user accounts are provisioned or updated.
-There's a preconfigured set of mappings between Azure AD user objects and each SaaS appΓÇÖs user objects. Some apps manage other types of objects, such as Groups or Contacts. Select a mapping in the table to open the mapping editor to the right, where you can view and customize them.
+There's a preconfigured set of mappings between Azure AD user objects and each SaaS appΓÇÖs user objects. Some apps also manage group objects. Select a mapping in the table to open the mapping editor to the right, where you can view and customize them.
![Shows the Attribute Mapping screen](./media/configure-automatic-user-provisioning-portal/enterprise-apps-provisioning-mapping.png)
@@ -80,4 +80,4 @@ If provisioning is being enabled for the first time for an application, turn on
Change the **Provisioning Status** to **Off** to pause the provisioning service. In this state, Azure doesn't create, update, or remove any user or group objects in the app. Change the state back to **On** and the service picks up where it left off.
-**Clear current state and restart synchronization** triggers an initial cycle. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine or you need to make a change to your attribute mappings. Note that the initial cycle takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here](application-provisioning-when-will-provisioning-finish-specific-user.md).
+**Clear current state and restart synchronization** triggers an initial cycle. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine or you need to make a change to your attribute mappings. Note that the initial cycle takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here](application-provisioning-when-will-provisioning-finish-specific-user.md).
active-directory https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-conditional-access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/app-protection-based-conditional-access.md
@@ -31,7 +31,7 @@ In the Conditional Access, these client apps are known to be protected with an a
> Not all applications are supported as approved applications or support application protection policies. For a list of eligible client apps, see [App protection policy requirement](concept-conditional-access-grant.md#require-app-protection-policy). > [!NOTE]
-> "Require one of the selected controls" under grant controls is like an OR clause. This is used within policy to enable users to utilize apps that support either the **Require app protection policy** or **Require approved client app** grant controls. **Require app protection policy** is enforced if an app is supported in both policies. For more information on which apps support the **Require app protection policy** grant control, see [App protection policy requirement](concept-conditional-access-grant.md#require-app-protection-policy).
+> "Require one of the selected controls" under grant controls is like an OR clause. This is used within policy to enable users to utilize apps that support either the **Require app protection policy** or **Require approved client app** grant controls. **Require app protection policy** is enforced when the app supports that grant control. For more information on which apps support the **Require app protection policy** grant control, see [App protection policy requirement](concept-conditional-access-grant.md#require-app-protection-policy).
## Scenario 1: Microsoft 365 apps require approved apps with app protection policies
active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/access-tokens.md
@@ -237,7 +237,7 @@ Your application's business logic will dictate this step, some common authorizat
* Validate the authentication status of the calling client using `appidacr` - it shouldn't be 0 if public clients aren't allowed to call your API. * Check against a list of past `nonce` claims to verify the token isn't being replayed. * Check that the `tid` matches a tenant that is allowed to call your API.
-* Use the `acr` claim to verify the user has performed MFA. This should be enforced using [Conditional Access](../conditional-access/overview.md).
+* Use the `amr` claim to verify the user has performed MFA. This should be enforced using [Conditional Access](../conditional-access/overview.md).
* If you've requested the `roles` or `groups` claims in the access token, verify that the user is in the group allowed to do this action. * For tokens retrieved using the implicit flow, you'll likely need to query the [Microsoft Graph](https://developer.microsoft.com/graph/) for this data, as it's often too large to fit in the token.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/devices/hybrid-azuread-join-plan.md
@@ -79,6 +79,8 @@ As a first planning step, you should review your environment and determine wheth
- Server Core OS doesn't support any type of device registration.
+- User State Migration Tool (USMT) doesn't work with device registration.
+ ### OS imaging considerations - If you are relying on the System Preparation Tool (Sysprep) and if you are using a **pre-Windows 10 1809** image for installation, make sure that image is not from a device that is already registered with Azure AD as Hybrid Azure AD join.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/external-identities/allow-deny-list https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/allow-deny-list.md
@@ -7,7 +7,7 @@
Previously updated : 07/15/2018 Last updated : 02/03/2021
@@ -25,7 +25,7 @@ You can use an allow list or a deny list to allow or block invitations to B2B us
- You can create either an allow list or a deny list. You can't set up both types of lists. By default, whatever domains are not in the allow list are on the deny list, and vice versa. - You can create only one policy per organization. You can update the policy to include more domains, or you can delete the policy to create a new one. -- The number of domains you can add to an allow list or deny list is limited only by the size of the policy. The maximum size of the entire policy is 25 KB (25,000 characters), which includes the allow list or deny list and any other parameters configured for other features.
+- The number of domains you can add to an allow list or deny list is limited only by the size of the policy. This limit applies to the number of characters, so you can have more shorter domains or fewer longer domains. The maximum size of the entire policy is 25 KB (25,000 characters), which includes the allow list or deny list and any other parameters configured for other features.
- This list works independently from OneDrive for Business and SharePoint Online allow/block lists. If you want to restrict individual file sharing in SharePoint Online, you need to set up an allow or deny list for OneDrive for Business and SharePoint Online. For more information, see [Restricted domains sharing in SharePoint Online and OneDrive for Business](https://support.office.com/article/restricted-domains-sharing-in-sharepoint-online-and-onedrive-for-business-5d7589cd-0997-4a00-a2ba-2320ec49c4e9). - The list does not apply to external users who have already redeemed the invitation. The list will be enforced after the list is set up. If a user invitation is in a pending state, and you set a policy that blocks their domain, the user's attempt to redeem the invitation will fail.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/external-identities/customize-invitation-api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/customize-invitation-api.md
@@ -6,12 +6,11 @@
Previously updated : 04/11/2017 Last updated : 02/03/2021 -
@@ -64,6 +63,16 @@ The API offers the following capabilities:
"invitedUserType": "Member" ```
+## Determine if a user was already invited to your directory
+
+You can use the invitation API to determine if a user already exists in your resource tenant. This can be useful when you're developing an app that uses the invitation API to invite a user. If the user already exists in your resource directory, they won't receive an invitation, so you can run a query first to determine whether the already email exists as a UPN or other sign-in property.
+
+1. Make sure the user's email domain isn't part of your resource tenant's verified domain.
+2. In the resource tenant, use the following get user query where {0} is the email address you're inviting:
+
+ ```
+ ΓÇ£userPrincipalName eq '{0}' or mail eq '{0}' or proxyAddresses/any(x:x eq 'SMTP:{0}') or signInNames/any(x:x eq '{0}') or otherMails/any(x:x eq '{0}')"
+ ```
## Authorization model
active-directory https://docs.microsoft.com/en-us/azure/active-directory/external-identities/hybrid-on-premises-to-cloud https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/hybrid-on-premises-to-cloud.md
@@ -23,7 +23,7 @@ Before Azure Active Directory (Azure AD), organizations with on-premises identit
If you create accounts for your external partners in your on-premises directory (for example, you create an account with a sign-in name of "wmoran" for an external user named Wendy Moran in your partners.contoso.com domain), you can now sync these accounts to the cloud. Specifically, you can use Azure AD Connect to sync the partner accounts to the cloud, which creates a user account with UserType = Guest. This enables your partner users to access cloud resources using the same credentials as their local accounts, without giving them more access than they need. > [!NOTE]
-> See also how to [invite internal users to B2B collaboration](invite-internal-users.md) (a public preview feature). With this feature, you can invite internal guest users to use B2B collaboration, regardless of whether you've synced their accounts from your on-premises directory to the cloud. Once the user accepts the invitation to use B2B collaboration, they'll be able to use their own identities and credentials to sign in to the resources you want them to access. You wonΓÇÖt need to maintain passwords or manage account lifecycles.
+> See also how to [invite internal users to B2B collaboration](invite-internal-users.md). With this feature, you can invite internal guest users to use B2B collaboration, regardless of whether you've synced their accounts from your on-premises directory to the cloud. Once the user accepts the invitation to use B2B collaboration, they'll be able to use their own identities and credentials to sign in to the resources you want them to access. You wonΓÇÖt need to maintain passwords or manage account lifecycles.
## Identify unique attributes for UserType
active-directory https://docs.microsoft.com/en-us/azure/active-directory/external-identities/invite-internal-users https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/invite-internal-users.md
@@ -6,37 +6,32 @@
Previously updated : 04/12/2020 Last updated : 02/03/2021 - # Invite internal users to B2B collaboration
-> [!NOTE]
-> Inviting internal users to use B2B collaboration is a public preview feature of Azure Active Directory. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+Before the availability of Azure AD B2B collaboration, organizations could collaborate with distributors, suppliers, vendors, and other guest users by setting up internal credentials for them. If you have internal guest users like these, you can invite them to use B2B collaboration instead. These B2B guest users will be able to use their own identities and credentials to sign in, and you wonΓÇÖt need to maintain passwords or manage account lifecycles.
-Before the availability of Azure AD B2B collaboration, organizations could collaborate with distributors, suppliers, vendors, and other guest users by setting up internal credentials for them. If you have internal guest users like this, you can invite them to use B2B collaboration so you can take advantage of Azure AD B2B benefits. Your B2B guest users will be able to use their own identities and credentials to sign in, and you wonΓÇÖt need to maintain passwords or manage account lifecycles.
+Sending an invitation to an existing internal account lets you retain that userΓÇÖs object ID, UPN, group memberships, and app assignments. You donΓÇÖt need to manually delete and re-invite the user or reassign resources. To invite the user, you use the invitation API to pass both the internal user object and the guest userΓÇÖs email address along with the invitation. When the user accepts the invitation, the B2B service changes the existing internal user object to a B2B user. Going forward, the user must sign in to cloud resources services using their B2B credentials.
-Sending an invitation to an existing internal account lets you retain that userΓÇÖs object ID, UPN, group memberships, and app assignments. You donΓÇÖt need to manually delete and re-invite the user or reassign resources. To invite the user, youΓÇÖll use the invitation API to pass both the internal user object and the guest userΓÇÖs email address along with the invitation. When the user accepts the invitation, the B2B service changes the existing internal user object to a B2B user. Going forward, the user must sign in to cloud resources services using their B2B credentials. They can still use their internal credentials to access on premises resources, but you can prevent this by resetting or changing the password on the internal account.
+## Things to consider
-> [!NOTE]
-> Invitation is one-way. You can invite internal users to use B2B collaboration, but you canΓÇÖt remove the B2B credentials once theyΓÇÖre added. To change the user back to an internal-only user, youΓÇÖll need to delete the user object and create a new one.
+- **Access to on-premises resources**: After the user is invited to B2B collaboration, they can still use their internal credentials to access on-premises resources. You can prevent this by resetting or changing the password on the internal account. The exception is [email one-time passcode authentication](one-time-passcode.md); if the user's authentication method is changed to one-time passcode, they won't be able to use their internal credentials anymore.
-While in public preview, the method described in this article for inviting internal users to B2B collaboration canΓÇÖt be used in these instances:
+- **Billing**: This feature doesn't change the UserType for the user, so it doesn't automatically switch the user's billing model to [External Identities monthly active user (MAU) pricing](external-identities-pricing.md). To activate MAU pricing for the user, change the UserType for the user to `guest`. Also note that your Azure AD tenant must be [linked to an Azure subscription](external-identities-pricing.md#link-your-azure-ad-tenant-to-a-subscription) to activate MAU billing.
-- The internal user has an assigned Exchange license.-- The user is from a domain that is set up for direct federation in your directory.-- The internal user is a cloud-only account, and their main account isn't in Azure AD.
+- **Invitation is one-way**: You can invite internal users to use B2B collaboration, but you canΓÇÖt remove the B2B credentials once theyΓÇÖre added. To change the user back to an internal-only user, youΓÇÖll need to delete the user object and create a new one.
-In these instances, if the internal user must be changed to a B2B user, you should delete the internal account and send the user an invitation for B2B collaboration.
+- **Teams**: When the user accesses Teams using their external credentials, their tenant won't be available initially in the Teams tenant picker. The user can access Teams using a URL that contains the tenant context, for example: `https://team.microsoft.com/?tenantId=<TenantId>`. After that, the tenant will become available in the Teams tenant picker.
-**On-premises synced users**: For user accounts that are synced between on-premises and the cloud, the on-premises directory remains the source of authority after theyΓÇÖre invited to use B2B collaboration. Any changes you make to the on-premises account will sync to the cloud account, including disabling or deleting the account. Therefore, you canΓÇÖt prevent the user from signing into their on-premises account while retaining their cloud account by simply deleting the on-premises account. Instead, you can set the on-premises account password to a random GUID or other unknown value.
+- **On-premises synced users**: For user accounts that are synced between on-premises and the cloud, the on-premises directory remains the source of authority after theyΓÇÖre invited to use B2B collaboration. Any changes you make to the on-premises account will sync to the cloud account, including disabling or deleting the account. Therefore, you canΓÇÖt prevent the user from signing into their on-premises account while retaining their cloud account by simply deleting the on-premises account. Instead, you can set the on-premises account password to a random GUID or other unknown value.
## How to invite internal users to B2B collaboration
@@ -48,15 +43,15 @@ You can use PowerShell or the invitation API to send a B2B invitation to the int
By default, the invitation will send the user an email letting them know theyΓÇÖve been invited, but you can suppress this email and send your own instead. > [!NOTE]
-> To send your own email or other communication, you can use New-AzureADMSInvitation with -SendInvitationMessage:$false to invite users silently, and then send your own email message to the converted user. See [Azure AD B2B collaboration API and customization](customize-invitation-api.md).
+> To send your own email or other communication, you can use `New-AzureADMSInvitation` with `-SendInvitationMessage:$false` to invite users silently, and then send your own email message to the converted user. See [Azure AD B2B collaboration API and customization](customize-invitation-api.md).
## Use PowerShell to send a B2B invitation
-Use the following command to invite the user to B2B collaboration:
+You'll need Azure AD PowerShell module version 2.0.2.130 or later. Use the following command to update to the latest AzureAD PowerShell module and invite the internal user to B2B collaboration:
```powershell
-Uninstall-Module AzureADPreview
-Install-Module AzureADPreview
+Uninstall-Module AzureAD
+Install-Module AzureAD
$ADGraphUser = Get-AzureADUser -objectID "UPN of Internal User" $msGraphUser = New-Object Microsoft.Open.MSGraph.Model.User -ArgumentList $ADGraphUser.ObjectId New-AzureADMSInvitation -InvitedUserEmailAddress <<external email>> -SendInvitationMessage $True -InviteRedirectUrl "http://myapps.microsoft.com" -InvitedUser $msGraphUser
@@ -93,7 +88,6 @@ ContentType: application/json
``` The response to the API is the same response you get when you invite a new guest user to the directory.- ## Next steps - [B2B collaboration invitation redemption](redemption-experience.md)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/external-identities/reset-redemption-status https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/reset-redemption-status.md
@@ -0,0 +1,77 @@
++
+ Title: Reset a guest user's redemption status - Azure AD
+description: Learn how to reset the invitation redemption status for an Azure Active Directory B2B guest users in Azure AD External Identities.
+++++ Last updated : 02/03/2021++++++++
+# Reset redemption status for a guest user
+
+After a guest user has redeemed your invitation for B2B collaboration, there might be times when you'll need to update their sign-in information, for example when:
+
+- The user wants to sign in using a different email and identity provider
+- The account for the user in their home tenant has been deleted and re-created
+- The user has moved to a different company, but they still need the same access to your resources
+- The userΓÇÖs responsibilities have been passed along to another user
+
+To manage these scenarios previously, you had to manually delete the guest userΓÇÖs account from your directory and reinvite the user. Now you can use PowerShell or the Microsoft Graph invitation API to reset the user's redemption status and reinvite the user while retaining the user's object ID, group memberships, and app assignments. When the user redeems the new invitation, the new email address becomes the user's UPN. The user can subsequently sign in using the new email or an email you've added to the `otherMails` property of the user object.
+
+## Use PowerShell to reset redemption status
+
+Install the latest AzureADPreview PowerShell module and create a new invitation with `InvitedUserEMailAddress` set to the new email address, and `ResetRedemption` set to `true`.
+
+```powershell
+Uninstall-Module AzureADPreview
+Install-Module AzureADPreview
+Connect-AzureAD
+$ADGraphUser = Get-AzureADUser -objectID "UPN of User to Reset"
+$msGraphUser = New-Object Microsoft.Open.MSGraph.Model.User -ArgumentList $ADGraphUser.ObjectId
+New-AzureADMSInvitation -InvitedUserEmailAddress <<external email>> -SendInvitationMessage $True -InviteRedirectUrl "http://myapps.microsoft.com" -InvitedUser $msGraphUser -ResetRedemption $True
+```
+
+## Use Microsoft Graph API to reset redemption status
+
+Using the [Microsoft Graph invitation API](/graph/api/resources/invitation?view=graph-rest-1.0), set the `resetRedemption` property to `true` and specify the new email address in the `invitedUserEmailAddress` property.
+
+```json
+POST https://graph.microsoft.com/beta/invitations
+Authorization: Bearer eyJ0eX...
+ContentType: application/json
+{
+ "invitedUserEmailAddress": "<<external email>>",
+ "sendInvitationMessage": true,
+ "invitedUserMessageInfo": {
+ "messageLanguage": "en-US",
+ "ccRecipients": [
+ {
+ "emailAddress": {
+ "name": null,
+ "address": "<<optional additional notification email>>"
+ }
+ }
+ ],
+ "customizedMessageBody": "<<custom message>>"
+},
+"inviteRedirectUrl": "https://myapps.microsoft.com?tenantId=",
+"invitedUser": {
+ "id": "<<ID for the user you want to reset>>"
+},
+"resetRedemption": true
+}
+```
+
+## Next steps
+
+- [Add Azure Active Directory B2B collaboration users by using PowerShell](customize-invitation-api.md#powershell)
+- [Properties of an Azure AD B2B guest user](user-properties.md)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-proxy-add-on-premises-application.md
@@ -1,5 +1,5 @@
Title: Tutorial - Add an on-premises app - Application Proxy in Azure AD
+ Title: Tutorial - Add an on-premises app - Application Proxy in Azure Active Directory
description: Azure Active Directory (Azure AD) has an Application Proxy service that enables users to access on-premises applications by signing in with their Azure AD account. This tutorial shows you how to prepare your environment for use with Application Proxy. Then, it uses the Azure portal to add an on-premises application to your Azure AD tenant.
@@ -8,7 +8,7 @@
Previously updated : 01/20/2021 Last updated : 02/04/2021
@@ -16,7 +16,7 @@
# Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory
-Azure Active Directory (Azure AD) has an Application Proxy service that enables users to access on-premises applications by signing in with their Azure AD account. This tutorial prepares your environment for use with Application Proxy. Once your environment is ready, you'll use the Azure portal to add an on-premises application to your Azure AD tenant.
+Azure Active Directory (Azure AD) has an Application Proxy service that enables users to access on-premises applications by signing in with their Azure AD account. This tutorial prepares your environment for use with Application Proxy. Once your environment is ready, you'll use the Azure portal to add an on-premises application to your Azure AD tenant. To **view your apps and get up to speed quickly** with App Management in Azure, be sure to check out the [Quickstart Series](view-applications-portal.md).
:::image type="content" source="./media/application-proxy-add-on-premises-application/app-proxy-diagram.png" alt-text="Application Proxy Overview Diagram" lightbox="./media/application-proxy-add-on-premises-application/app-proxy-diagram.png":::
active-directory https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/managed-identities-azure-resources/services-support-managed-identities.md
@@ -302,8 +302,8 @@ Managed identity type | All Generally Available<br>Global Azure Regions | Azure
|Managed identity type | All Generally Available<br>Global Azure Regions | Azure Government | Azure Germany | Azure China 21Vianet | | | :-: | :-: | :-: | :-: |
-| System assigned | ![Available][check] | ![Available][check] | Preview | ![Available][check] |
-| User assigned | ![Available][check] | ![Available][check] | Preview | ![Available][check] |
+| System assigned | ![Available][check] | ![Available][check] | ![Available][check] | ![Available][check] |
+| User assigned | ![Available][check] | ![Available][check] | ![Available][check] | ![Available][check] |
Refer to the following list to configure managed identity for Azure Virtual Machine Scale Sets (in regions where available):
@@ -319,8 +319,8 @@ Refer to the following list to configure managed identity for Azure Virtual Mach
| Managed identity type | All Generally Available<br>Global Azure Regions | Azure Government | Azure Germany | Azure China 21Vianet | | | :-: | :-: | :-: | :-: |
-| System assigned | ![Available][check] | ![Available][check] | Preview | ![Available][check] |
-| User assigned | ![Available][check] | ![Available][check] | Preview | ![Available][check] |
+| System assigned | ![Available][check] | ![Available][check] | ![Available][check] | ![Available][check] |
+| User assigned | ![Available][check] | ![Available][check] | ![Available][check] | ![Available][check] |
Refer to the following list to configure managed identity for Azure Virtual Machines (in regions where available):
active-directory https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/roles/permissions-reference.md
@@ -496,101 +496,106 @@ The following tables describe the specific permissions in Azure Active Directory
Can create and manage all aspects of app registrations and enterprise apps.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/Application/appProxyAuthentication/update | Update App Proxy authentication properties on service principals in Azure Active Directory. |
-| microsoft.directory/Application/appProxyUrlSettings/update | Update application proxy internal and external URLS in Azure Active Directory. |
-| microsoft.directory/applications/applicationProxy/read | Read all of App Proxy properties. |
-| microsoft.directory/applications/applicationProxy/update | Update all of App Proxy properties. |
-| microsoft.directory/applications/audience/update | Update applications.audience property in Azure Active Directory. |
-| microsoft.directory/applications/authentication/update | Update applications.authentication property in Azure Active Directory. |
-| microsoft.directory/applications/basic/update | Update basic properties on applications in Azure Active Directory. |
-| microsoft.directory/applications/create | Create applications in Azure Active Directory. |
-| microsoft.directory/applications/credentials/update | Update applications.credentials property in Azure Active Directory. |
-| microsoft.directory/applications/delete | Delete applications in Azure Active Directory. |
-| microsoft.directory/applications/owners/update | Update applications.owners property in Azure Active Directory. |
-| microsoft.directory/applications/permissions/update | Update applications.permissions property in Azure Active Directory. |
-| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/create | Create appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/read | Read appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/update | Update appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/delete | Delete appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/connectorGroups/allProperties/read | Read application proxy connector group properties in Azure Active Directory. |
-| microsoft.directory/connectorGroups/allProperties/update | Update all application proxy connector group properties in Azure Active Directory. |
-| microsoft.directory/connectorGroups/create | Create application proxy connector groups in Azure Active Directory. |
-| microsoft.directory/connectorGroups/delete | Delete application proxy connector groups in Azure Active Directory. |
-| microsoft.directory/connectors/allProperties/read | Read all application proxy connector properties in Azure Active Directory. |
-| microsoft.directory/connectors/create | Create application proxy connectors in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/basic/read | Read policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/basic/update | Update policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/create | Create policies in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/delete | Delete policies in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/owners/read | Read policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/owners/update | Update policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/policyAppliedTo/read | Read policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignments/update | Update servicePrincipals.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/delete | Delete servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/Application/appProxyAuthentication/update | Update App Proxy authentication properties on service principals in Azure Active Directory. |
+> | microsoft.directory/Application/appProxyUrlSettings/update | Update application proxy internal and external URLS in Azure Active Directory. |
+> | microsoft.directory/applications/applicationProxy/read | Read all of App Proxy properties. |
+> | microsoft.directory/applications/applicationProxy/update | Update all of App Proxy properties. |
+> | microsoft.directory/applications/audience/update | Update applications.audience property in Azure Active Directory. |
+> | microsoft.directory/applications/authentication/update | Update applications.authentication property in Azure Active Directory. |
+> | microsoft.directory/applications/basic/update | Update basic properties on applications in Azure Active Directory. |
+> | microsoft.directory/applications/create | Create applications in Azure Active Directory. |
+> | microsoft.directory/applications/credentials/update | Update applications.credentials property in Azure Active Directory. |
+> | microsoft.directory/applications/delete | Delete applications in Azure Active Directory. |
+> | microsoft.directory/applications/owners/update | Update applications.owners property in Azure Active Directory. |
+> | microsoft.directory/applications/permissions/update | Update applications.permissions property in Azure Active Directory. |
+> | microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/create | Create appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/read | Read appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/update | Update appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/delete | Delete appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/connectorGroups/allProperties/read | Read application proxy connector group properties in Azure Active Directory. |
+> | microsoft.directory/connectorGroups/allProperties/update | Update all application proxy connector group properties in Azure Active Directory. |
+> | microsoft.directory/connectorGroups/create | Create application proxy connector groups in Azure Active Directory. |
+> | microsoft.directory/connectorGroups/delete | Delete application proxy connector groups in Azure Active Directory. |
+> | microsoft.directory/connectors/allProperties/read | Read all application proxy connector properties in Azure Active Directory. |
+> | microsoft.directory/connectors/create | Create application proxy connectors in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/basic/read | Read policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/basic/update | Update policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/create | Create policies in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/delete | Delete policies in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/owners/read | Read policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/owners/update | Update policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/policyAppliedTo/read | Read policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignments/update | Update servicePrincipals.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/delete | Delete servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Application Developer permissions Can create application registrations independent of the 'Users can register applications' setting.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/applications/createAsOwner | Create applications in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
-| microsoft.directory/appRoleAssignments/createAsOwner | Create appRoleAssignments in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
-| microsoft.directory/oAuth2PermissionGrants/createAsOwner | Create oAuth2PermissionGrants in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
-| microsoft.directory/servicePrincipals/createAsOwner | Create servicePrincipals in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/applications/createAsOwner | Create applications in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
+> | microsoft.directory/appRoleAssignments/createAsOwner | Create appRoleAssignments in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
+> | microsoft.directory/oAuth2PermissionGrants/createAsOwner | Create oAuth2PermissionGrants in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
+> | microsoft.directory/servicePrincipals/createAsOwner | Create servicePrincipals in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
### Authentication Administrator permissions Allowed to view, set and reset authentication method information for any non-admin user.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
-| microsoft.directory/users/strongAuthentication/update | Update strong authentication properties like MFA credential information. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.directory/users/password/update | Update passwords for all users in the Microsoft 365 organization. See online documentation for more detail. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
+> | microsoft.directory/users/strongAuthentication/update | Update strong authentication properties like MFA credential information. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.directory/users/password/update | Update passwords for all users in the Microsoft 365 organization. See online documentation for more detail. |
### Attack Payload Author permissions Can create attack payloads that can be deployed by an administrator later.
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.protectionCenter/attackSimulator/payload/allProperties/allTasks | Create and manage attack payloads in Attack Simulator. |
-| microsoft.office365.protectionCenter/attackSimulator/reports/allProperties/read | Read reports of attack simulation, responses, and associated training. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.protectionCenter/attackSimulator/payload/allProperties/allTasks | Create and manage attack payloads in Attack Simulator. |
+> | microsoft.office365.protectionCenter/attackSimulator/reports/allProperties/read | Read reports of attack simulation, responses, and associated training. |
### Attack Simulation Administrator permissions Can create and manage all aspects of attack simulation campaigns.
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.protectionCenter/attackSimulator/payload/allProperties/allTasks | Create and manage attack payloads in Attack Simulator. |
-| microsoft.office365.protectionCenter/attackSimulator/reports/allProperties/read | Read reports of attack simulation, responses, and associated training. |
-| microsoft.office365.protectionCenter/attackSimulator/simulation/allProperties/allTasks | Create and manage attack simulation templates in Attack Simulator. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.protectionCenter/attackSimulator/payload/allProperties/allTasks | Create and manage attack payloads in Attack Simulator. |
+> | microsoft.office365.protectionCenter/attackSimulator/reports/allProperties/read | Read reports of attack simulation, responses, and associated training. |
+> | microsoft.office365.protectionCenter/attackSimulator/simulation/allProperties/allTasks | Create and manage attack simulation templates in Attack Simulator. |
### Azure DevOps Administrator permissions
@@ -598,12 +603,12 @@ Can manage Azure DevOps organization policy and settings.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see [role description](#azure-devops-administrator) above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.devOps/allEntities/allTasks | Read and configure Azure DevOps. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.devOps/allEntities/allTasks | Read and configure Azure DevOps. |
### Azure Information Protection Administrator permissions
@@ -611,33 +616,35 @@ Can manage all aspects of the Azure Information Protection service.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see [role description](#) above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.informationProtection/allEntities/allTasks | Manage all aspects of Azure Information Protection. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.informationProtection/allEntities/allTasks | Manage all aspects of Azure Information Protection. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### B2C IEF Keyset Administrator permissions Manage secrets for federation and encryption in the Identity Experience Framework.
-| **Actions** | **Description** |
-| | |
-| microsoft.aad.b2c/trustFramework/keySets/allTasks | Read and configure key sets in  Azure Active Directory B2C. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.aad.b2c/trustFramework/keySets/allTasks | Read and configure key sets in  Azure Active Directory B2C. |
### B2C IEF Policy Administrator permissions Create and manage trust framework policies in the Identity Experience Framework.
-| **Actions** | **Description** |
-| | |
-| microsoft.aad.b2c/trustFramework/policies/allTasks | Read and configure custom policies in  Azure Active Directory B2C. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.aad.b2c/trustFramework/policies/allTasks | Read and configure custom policies in  Azure Active Directory B2C. |
### Billing Administrator permissions
@@ -645,78 +652,80 @@ Can perform common billing related tasks like updating payment information.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/organization/basic/update | Update basic properties on organization in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.commerce.billing/allEntities/allTasks | Manage all aspects of billing. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/organization/basic/update | Update basic properties on organization in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.commerce.billing/allEntities/allTasks | Manage all aspects of billing. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Cloud Application Administrator permissions Can create and manage all aspects of app registrations and enterprise apps except App Proxy.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/applications/audience/update | Update applications.audience property in Azure Active Directory. |
-| microsoft.directory/applications/authentication/update | Update applications.authentication property in Azure Active Directory. |
-| microsoft.directory/applications/basic/update | Update basic properties on applications in Azure Active Directory. |
-| microsoft.directory/applications/create | Create applications in Azure Active Directory. |
-| microsoft.directory/applications/credentials/update | Update applications.credentials property in Azure Active Directory. |
-| microsoft.directory/applications/delete | Delete applications in Azure Active Directory. |
-| microsoft.directory/applications/owners/update | Update applications.owners property in Azure Active Directory. |
-| microsoft.directory/applications/permissions/update | Update applications.permissions property in Azure Active Directory. |
-| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/create | Create appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/update | Update appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/delete | Delete appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/create | Create policies in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/basic/read | Read policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/basic/update | Update policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/delete | Delete policies in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/owners/read | Read policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/owners/update | Update policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/policies/applicationConfiguration/policyAppliedTo/read | Read policies.applicationConfiguration property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignments/update | Update servicePrincipals.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/delete | Delete servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/applications/audience/update | Update applications.audience property in Azure Active Directory. |
+> | microsoft.directory/applications/authentication/update | Update applications.authentication property in Azure Active Directory. |
+> | microsoft.directory/applications/basic/update | Update basic properties on applications in Azure Active Directory. |
+> | microsoft.directory/applications/create | Create applications in Azure Active Directory. |
+> | microsoft.directory/applications/credentials/update | Update applications.credentials property in Azure Active Directory. |
+> | microsoft.directory/applications/delete | Delete applications in Azure Active Directory. |
+> | microsoft.directory/applications/owners/update | Update applications.owners property in Azure Active Directory. |
+> | microsoft.directory/applications/permissions/update | Update applications.permissions property in Azure Active Directory. |
+> | microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/create | Create appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/update | Update appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/delete | Delete appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/create | Create policies in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/basic/read | Read policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/basic/update | Update policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/delete | Delete policies in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/owners/read | Read policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/owners/update | Update policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/policies/applicationConfiguration/policyAppliedTo/read | Read policies.applicationConfiguration property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignments/update | Update servicePrincipals.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/delete | Delete servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Cloud Device Administrator permissions Full access to manage devices in Azure AD.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
-| microsoft.directory/devices/delete | Delete devices in Azure Active Directory. |
-| microsoft.directory/devices/disable | Disable devices in Azure Active Directory. |
-| microsoft.directory/devices/enable | Enable devices in Azure Active Directory. |
-| microsoft.directory/devices/extensionAttributes/update | Update all values for devices.extensionAttributes property in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
+> | microsoft.directory/devices/delete | Delete devices in Azure Active Directory. |
+> | microsoft.directory/devices/disable | Disable devices in Azure Active Directory. |
+> | microsoft.directory/devices/enable | Enable devices in Azure Active Directory. |
+> | microsoft.directory/devices/extensionAttributes/update | Update all values for devices.extensionAttributes property in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
### Global Administrator permissions
@@ -724,71 +733,71 @@ Can manage all aspects of Azure AD and Microsoft services that use Azure AD iden
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.aad.cloudAppSecurity/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.aad.cloudAppSecurity. |
-| microsoft.directory/administrativeUnits/allProperties/allTasks | Create and delete administrativeUnits, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/applications/allProperties/allTasks | Create and delete applications, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/allProperties/allTasks | Create and delete appRoleAssignments, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
-| microsoft.directory/contacts/allProperties/allTasks | Create and delete contacts, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/contracts/allProperties/allTasks | Create and delete contracts, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/devices/allProperties/allTasks | Create and delete devices, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/directoryRoles/allProperties/allTasks | Create and delete directoryRoles, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/directoryRoleTemplates/allProperties/allTasks | Create and delete directoryRoleTemplates, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/domains/allProperties/allTasks | Create and delete domains, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/entitlementManagement/allProperties/allTasks | Create and delete resources, and read and update all properties in Azure AD entitlement management. |
-| microsoft.directory/groups/allProperties/allTasks | Create and delete groups, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/groupsAssignableToRoles/allProperties/update | Update groups with isAssignableToRole property set to true in Azure Active Directory. |
-| microsoft.directory/groupsAssignableToRoles/create | Create groups with isAssignableToRole property set to true in Azure Active Directory. |
-| microsoft.directory/groupsAssignableToRoles/delete | Delete groups with isAssignableToRole property set to true in Azure Active Directory. |
-| microsoft.directory/groupSettings/allProperties/allTasks | Create and delete groupSettings, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/groupSettingTemplates/allProperties/allTasks | Create and delete groupSettingTemplates, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/loginTenantBranding/allProperties/allTasks | Create and delete loginTenantBranding, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks | Create and delete oAuth2PermissionGrants, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/organization/allProperties/allTasks | Create and delete organization, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/policies/allProperties/allTasks | Create and delete policies, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/roleAssignments/allProperties/allTasks | Create and delete roleAssignments, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/roleDefinitions/allProperties/allTasks | Create and delete roleDefinitions, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/scopedRoleMemberships/allProperties/allTasks | Create and delete scopedRoleMemberships, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/serviceAction/activateService | Can perform the Activateservice service action in Azure Active Directory |
-| microsoft.directory/serviceAction/disableDirectoryFeature | Can perform the Disabledirectoryfeature service action in Azure Active Directory |
-| microsoft.directory/serviceAction/enableDirectoryFeature | Can perform the Enabledirectoryfeature service action in Azure Active Directory |
-| microsoft.directory/serviceAction/getAvailableExtentionProperties | Can perform the Getavailableextentionproperties service action in Azure Active Directory |
-| microsoft.directory/servicePrincipals/allProperties/allTasks | Create and delete servicePrincipals, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.directory/subscribedSkus/allProperties/allTasks | Create and delete subscribedSkus, and read and update all properties in Azure Active Directory. |
-| microsoft.directory/users/allProperties/allTasks | Create and delete users, and read and update all properties in Azure Active Directory. |
-| microsoft.directorySync/allEntities/allTasks | Perform all actions in Azure AD Connect. |
-| microsoft.aad.identityProtection/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.aad.identityProtection. |
-| microsoft.aad.privilegedIdentityManagement/allEntities/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
-| microsoft.azure.advancedThreatProtection/allEntities/read | Read all resources in microsoft.azure.advancedThreatProtection. |
-| microsoft.azure.informationProtection/allEntities/allTasks | Manage all aspects of Azure Information Protection. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.commerce.billing/allEntities/allTasks | Manage all aspects of billing. |
-| microsoft.intune/allEntities/allTasks | Manage all aspects of Intune. |
-| microsoft.office365.complianceManager/allEntities/allTasks | Manage all aspects of Office 365 Compliance Manager |
-| microsoft.office365.desktopAnalytics/allEntities/allTasks | Manage all aspects of Desktop Analytics. |
-| microsoft.office365.exchange/allEntities/allTasks | Manage all aspects of Exchange Online. |
-| microsoft.office365.lockbox/allEntities/allTasks | Manage all aspects of Office 365 Customer Lockbox |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.messageCenter/securityMessages/read | Read securityMessages in microsoft.office365.messageCenter. |
-| microsoft.office365.protectionCenter/allEntities/allTasks | Manage all aspects of Office 365 Protection Center. |
-| microsoft.office365.securityComplianceCenter/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.office365.securityComplianceCenter. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.sharepoint/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.office365.sharepoint. |
-| microsoft.office365.skypeForBusiness/allEntities/allTasks | Manage all aspects of Skype for Business Online. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.powerApps.dynamics365/allEntities/allTasks | Manage all aspects of Dynamics 365. |
-| microsoft.powerApps.powerBI/allEntities/allTasks | Manage all aspects of Power BI. |
-| microsoft.windows.defenderAdvancedThreatProtection/allEntities/read | Read all resources in microsoft.windows.defenderAdvancedThreatProtection. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.aad.cloudAppSecurity/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.aad.cloudAppSecurity. |
+> | microsoft.directory/administrativeUnits/allProperties/allTasks | Create and delete administrativeUnits, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/applications/allProperties/allTasks | Create and delete applications, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/allProperties/allTasks | Create and delete appRoleAssignments, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
+> | microsoft.directory/contacts/allProperties/allTasks | Create and delete contacts, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/contracts/allProperties/allTasks | Create and delete contracts, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/devices/allProperties/allTasks | Create and delete devices, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/directoryRoles/allProperties/allTasks | Create and delete directoryRoles, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/directoryRoleTemplates/allProperties/allTasks | Create and delete directoryRoleTemplates, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/domains/allProperties/allTasks | Create and delete domains, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/entitlementManagement/allProperties/allTasks | Create and delete resources, and read and update all properties in Azure AD entitlement management. |
+> | microsoft.directory/groups/allProperties/allTasks | Create and delete groups, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/groupsAssignableToRoles/allProperties/update | Update groups with isAssignableToRole property set to true in Azure Active Directory. |
+> | microsoft.directory/groupsAssignableToRoles/create | Create groups with isAssignableToRole property set to true in Azure Active Directory. |
+> | microsoft.directory/groupsAssignableToRoles/delete | Delete groups with isAssignableToRole property set to true in Azure Active Directory. |
+> | microsoft.directory/groupSettings/allProperties/allTasks | Create and delete groupSettings, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/groupSettingTemplates/allProperties/allTasks | Create and delete groupSettingTemplates, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/loginTenantBranding/allProperties/allTasks | Create and delete loginTenantBranding, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks | Create and delete oAuth2PermissionGrants, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/organization/allProperties/allTasks | Create and delete organization, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/policies/allProperties/allTasks | Create and delete policies, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/roleAssignments/allProperties/allTasks | Create and delete roleAssignments, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/roleDefinitions/allProperties/allTasks | Create and delete roleDefinitions, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/scopedRoleMemberships/allProperties/allTasks | Create and delete scopedRoleMemberships, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/serviceAction/activateService | Can perform the Activateservice service action in Azure Active Directory |
+> | microsoft.directory/serviceAction/disableDirectoryFeature | Can perform the Disabledirectoryfeature service action in Azure Active Directory |
+> | microsoft.directory/serviceAction/enableDirectoryFeature | Can perform the Enabledirectoryfeature service action in Azure Active Directory |
+> | microsoft.directory/serviceAction/getAvailableExtentionProperties | Can perform the Getavailableextentionproperties service action in Azure Active Directory |
+> | microsoft.directory/servicePrincipals/allProperties/allTasks | Create and delete servicePrincipals, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.directory/subscribedSkus/allProperties/allTasks | Create and delete subscribedSkus, and read and update all properties in Azure Active Directory. |
+> | microsoft.directory/users/allProperties/allTasks | Create and delete users, and read and update all properties in Azure Active Directory. |
+> | microsoft.directorySync/allEntities/allTasks | Perform all actions in Azure AD Connect. |
+> | microsoft.aad.identityProtection/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.aad.identityProtection. |
+> | microsoft.aad.privilegedIdentityManagement/allEntities/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
+> | microsoft.azure.advancedThreatProtection/allEntities/read | Read all resources in microsoft.azure.advancedThreatProtection. |
+> | microsoft.azure.informationProtection/allEntities/allTasks | Manage all aspects of Azure Information Protection. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.commerce.billing/allEntities/allTasks | Manage all aspects of billing. |
+> | microsoft.intune/allEntities/allTasks | Manage all aspects of Intune. |
+> | microsoft.office365.complianceManager/allEntities/allTasks | Manage all aspects of Office 365 Compliance Manager |
+> | microsoft.office365.desktopAnalytics/allEntities/allTasks | Manage all aspects of Desktop Analytics. |
+> | microsoft.office365.exchange/allEntities/allTasks | Manage all aspects of Exchange Online. |
+> | microsoft.office365.lockbox/allEntities/allTasks | Manage all aspects of Office 365 Customer Lockbox |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.messageCenter/securityMessages/read | Read securityMessages in microsoft.office365.messageCenter. |
+> | microsoft.office365.protectionCenter/allEntities/allTasks | Manage all aspects of Office 365 Protection Center. |
+> | microsoft.office365.securityComplianceCenter/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.office365.securityComplianceCenter. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.sharepoint/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.office365.sharepoint. |
+> | microsoft.office365.skypeForBusiness/allEntities/allTasks | Manage all aspects of Skype for Business Online. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.powerApps.dynamics365/allEntities/allTasks | Manage all aspects of Dynamics 365. |
+> | microsoft.powerApps.powerBI/allEntities/allTasks | Manage all aspects of Power BI. |
+> | microsoft.windows.defenderAdvancedThreatProtection/allEntities/read | Read all resources in microsoft.windows.defenderAdvancedThreatProtection. |
### Compliance Administrator permissions
@@ -796,18 +805,18 @@ Can read and manage compliance configuration and reports in Azure AD and Microso
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
-| microsoft.office365.complianceManager/allEntities/allTasks | Manage all aspects of Office 365 Compliance Manager |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
+> | microsoft.office365.complianceManager/allEntities/allTasks | Manage all aspects of Office 365 Compliance Manager |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Compliance Data Administrator permissions
@@ -815,34 +824,35 @@ Creates and manages compliance content.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory.cloudAppSecurity/allEntities/allTasks | Read and configure Microsoft Cloud App Security. |
-| microsoft.azure.informationProtection/allEntities/allTasks | Manage all aspects of Azure Information Protection. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.complianceManager/allEntities/allTasks | Manage all aspects of Office 365 Compliance Manager |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory.cloudAppSecurity/allEntities/allTasks | Read and configure Microsoft Cloud App Security. |
+> | microsoft.azure.informationProtection/allEntities/allTasks | Manage all aspects of Azure Information Protection. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.complianceManager/allEntities/allTasks | Manage all aspects of Office 365 Compliance Manager |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Conditional Access Administrator permissions Can manage Conditional Access capabilities.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/policies/conditionalAccess/basic/read | Read policies.conditionalAccess property in Azure Active Directory. |
-| microsoft.directory/policies/conditionalAccess/basic/update | Update policies.conditionalAccess property in Azure Active Directory. |
-| microsoft.directory/policies/conditionalAccess/create | Create policies in Azure Active Directory. |
-| microsoft.directory/policies/conditionalAccess/delete | Delete policies in Azure Active Directory. |
-| microsoft.directory/policies/conditionalAccess/owners/read | Read policies.conditionalAccess property in Azure Active Directory. |
-| microsoft.directory/policies/conditionalAccess/owners/update | Update policies.conditionalAccess property in Azure Active Directory. |
-| microsoft.directory/policies/conditionalAccess/policiesAppliedTo/read | Read policies.conditionalAccess property in Azure Active Directory. |
-| microsoft.directory/policies/conditionalAccess/tenantDefault/update | Update policies.conditionalAccess property in Azure Active Directory. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/policies/conditionalAccess/basic/read | Read policies.conditionalAccess property in Azure Active Directory. |
+> | microsoft.directory/policies/conditionalAccess/basic/update | Update policies.conditionalAccess property in Azure Active Directory. |
+> | microsoft.directory/policies/conditionalAccess/create | Create policies in Azure Active Directory. |
+> | microsoft.directory/policies/conditionalAccess/delete | Delete policies in Azure Active Directory. |
+> | microsoft.directory/policies/conditionalAccess/owners/read | Read policies.conditionalAccess property in Azure Active Directory. |
+> | microsoft.directory/policies/conditionalAccess/owners/update | Update policies.conditionalAccess property in Azure Active Directory. |
+> | microsoft.directory/policies/conditionalAccess/policiesAppliedTo/read | Read policies.conditionalAccess property in Azure Active Directory. |
+> | microsoft.directory/policies/conditionalAccess/tenantDefault/update | Update policies.conditionalAccess property in Azure Active Directory. |
### CRM Service Administrator permissions
@@ -850,17 +860,17 @@ Can manage all aspects of the Dynamics 365 product.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.powerApps.dynamics365/allEntities/allTasks | Manage all aspects of Dynamics 365. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.powerApps.dynamics365/allEntities/allTasks | Manage all aspects of Dynamics 365. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Customer LockBox Access Approver permissions
@@ -868,13 +878,13 @@ Can approve Microsoft support requests to access customer organizational data.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.lockbox/allEntities/allTasks | Manage all aspects of Office 365 Customer Lockbox |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.lockbox/allEntities/allTasks | Manage all aspects of Office 365 Customer Lockbox |
### Desktop Analytics Administrator permissions
@@ -882,151 +892,155 @@ Can manage the Desktop Analytics and Office Customization & Policy services. For
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.desktopAnalytics/allEntities/allTasks | Manage all aspects of Desktop Analytics. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.desktopAnalytics/allEntities/allTasks | Manage all aspects of Desktop Analytics. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Device Administrators permissions Users assigned to this role are added to the local administrators group on Azure AD-joined devices.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/groupSettings/basic/read | Read basic properties on groupSettings in Azure Active Directory. |
-| microsoft.directory/groupSettingTemplates/basic/read | Read basic properties on groupSettingTemplates in Azure Active Directory. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/groupSettings/basic/read | Read basic properties on groupSettings in Azure Active Directory. |
+> | microsoft.directory/groupSettingTemplates/basic/read | Read basic properties on groupSettingTemplates in Azure Active Directory. |
### Directory Readers permissions Can read basic directory information. For granting access to applications, not intended for users.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/administrativeUnits/basic/read | Read basic properties on administrativeUnits in Azure Active Directory. |
-| microsoft.directory/administrativeUnits/members/read | Read administrativeUnits.members property in Azure Active Directory. |
-| microsoft.directory/applications/basic/read | Read basic properties on applications in Azure Active Directory. |
-| microsoft.directory/applications/owners/read | Read applications.owners property in Azure Active Directory. |
-| microsoft.directory/applications/policies/read | Read applications.policies property in Azure Active Directory. |
-| microsoft.directory/contacts/basic/read | Read basic properties on contacts in Azure Active Directory. |
-| microsoft.directory/contacts/memberOf/read | Read contacts.memberOf property in Azure Active Directory. |
-| microsoft.directory/contracts/basic/read | Read basic properties on contracts in Azure Active Directory. |
-| microsoft.directory/devices/basic/read | Read basic properties on devices in Azure Active Directory. |
-| microsoft.directory/devices/memberOf/read | Read devices.memberOf property in Azure Active Directory. |
-| microsoft.directory/devices/registeredOwners/read | Read devices.registeredOwners property in Azure Active Directory. |
-| microsoft.directory/devices/registeredUsers/read | Read devices.registeredUsers property in Azure Active Directory. |
-| microsoft.directory/directoryRoles/basic/read | Read basic properties on directoryRoles in Azure Active Directory. |
-| microsoft.directory/directoryRoles/eligibleMembers/read | Read directoryRoles.eligibleMembers property in Azure Active Directory. |
-| microsoft.directory/directoryRoles/members/read | Read directoryRoles.members property in Azure Active Directory. |
-| microsoft.directory/domains/basic/read | Read basic properties on domains in Azure Active Directory. |
-| microsoft.directory/groups/appRoleAssignments/read | Read groups.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/groups/basic/read | Read basic properties on groups in Azure Active Directory. |
-| microsoft.directory/groups/memberOf/read | Read groups.memberOf property in Azure Active Directory. |
-| microsoft.directory/groups/members/read | Read groups.members property in Azure Active Directory. |
-| microsoft.directory/groups/owners/read | Read groups.owners property in Azure Active Directory. |
-| microsoft.directory/groups/settings/read | Read groups.settings property in Azure Active Directory. |
-| microsoft.directory/groupSettings/basic/read | Read basic properties on groupSettings in Azure Active Directory. |
-| microsoft.directory/groupSettingTemplates/basic/read | Read basic properties on groupSettingTemplates in Azure Active Directory. |
-| microsoft.directory/oAuth2PermissionGrants/basic/read | Read basic properties on oAuth2PermissionGrants in Azure Active Directory. |
-| microsoft.directory/organization/basic/read | Read basic properties on organization in Azure Active Directory. |
-| microsoft.directory/organization/trustedCAsForPasswordlessAuth/read | Read organization.trustedCAsForPasswordlessAuth property in Azure Active Directory. |
-| microsoft.directory/roleAssignments/basic/read | Read basic properties on roleAssignments in Azure Active Directory. |
-| microsoft.directory/roleDefinitions/basic/read | Read basic properties on roleDefinitions in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/read | Read servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignments/read | Read servicePrincipals.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/basic/read | Read basic properties on servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/memberOf/read | Read servicePrincipals.memberOf property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/oAuth2PermissionGrants/basic/read | Read servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/ownedObjects/read | Read servicePrincipals.ownedObjects property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/owners/read | Read servicePrincipals.owners property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/policies/read | Read servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directory/subscribedSkus/basic/read | Read basic properties on subscribedSkus in Azure Active Directory. |
-| microsoft.directory/users/appRoleAssignments/read | Read users.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/users/basic/read | Read basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/directReports/read | Read users.directReports property in Azure Active Directory. |
-| microsoft.directory/users/manager/read | Read users.manager property in Azure Active Directory. |
-| microsoft.directory/users/memberOf/read | Read users.memberOf property in Azure Active Directory. |
-| microsoft.directory/users/oAuth2PermissionGrants/basic/read | Read users.oAuth2PermissionGrants property in Azure Active Directory. |
-| microsoft.directory/users/ownedDevices/read | Read users.ownedDevices property in Azure Active Directory. |
-| microsoft.directory/users/ownedObjects/read | Read users.ownedObjects property in Azure Active Directory. |
-| microsoft.directory/users/registeredDevices/read | Read users.registeredDevices property in Azure Active Directory. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/administrativeUnits/basic/read | Read basic properties on administrativeUnits in Azure Active Directory. |
+> | microsoft.directory/administrativeUnits/members/read | Read administrativeUnits.members property in Azure Active Directory. |
+> | microsoft.directory/applications/basic/read | Read basic properties on applications in Azure Active Directory. |
+> | microsoft.directory/applications/owners/read | Read applications.owners property in Azure Active Directory. |
+> | microsoft.directory/applications/policies/read | Read applications.policies property in Azure Active Directory. |
+> | microsoft.directory/contacts/basic/read | Read basic properties on contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/memberOf/read | Read contacts.memberOf property in Azure Active Directory. |
+> | microsoft.directory/contracts/basic/read | Read basic properties on contracts in Azure Active Directory. |
+> | microsoft.directory/devices/basic/read | Read basic properties on devices in Azure Active Directory. |
+> | microsoft.directory/devices/memberOf/read | Read devices.memberOf property in Azure Active Directory. |
+> | microsoft.directory/devices/registeredOwners/read | Read devices.registeredOwners property in Azure Active Directory. |
+> | microsoft.directory/devices/registeredUsers/read | Read devices.registeredUsers property in Azure Active Directory. |
+> | microsoft.directory/directoryRoles/basic/read | Read basic properties on directoryRoles in Azure Active Directory. |
+> | microsoft.directory/directoryRoles/eligibleMembers/read | Read directoryRoles.eligibleMembers property in Azure Active Directory. |
+> | microsoft.directory/directoryRoles/members/read | Read directoryRoles.members property in Azure Active Directory. |
+> | microsoft.directory/domains/basic/read | Read basic properties on domains in Azure Active Directory. |
+> | microsoft.directory/groups/appRoleAssignments/read | Read groups.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/groups/basic/read | Read basic properties on groups in Azure Active Directory. |
+> | microsoft.directory/groups/memberOf/read | Read groups.memberOf property in Azure Active Directory. |
+> | microsoft.directory/groups/members/read | Read groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups/owners/read | Read groups.owners property in Azure Active Directory. |
+> | microsoft.directory/groups/settings/read | Read groups.settings property in Azure Active Directory. |
+> | microsoft.directory/groupSettings/basic/read | Read basic properties on groupSettings in Azure Active Directory. |
+> | microsoft.directory/groupSettingTemplates/basic/read | Read basic properties on groupSettingTemplates in Azure Active Directory. |
+> | microsoft.directory/oAuth2PermissionGrants/basic/read | Read basic properties on oAuth2PermissionGrants in Azure Active Directory. |
+> | microsoft.directory/organization/basic/read | Read basic properties on organization in Azure Active Directory. |
+> | microsoft.directory/organization/trustedCAsForPasswordlessAuth/read | Read organization.trustedCAsForPasswordlessAuth property in Azure Active Directory. |
+> | microsoft.directory/roleAssignments/basic/read | Read basic properties on roleAssignments in Azure Active Directory. |
+> | microsoft.directory/roleDefinitions/basic/read | Read basic properties on roleDefinitions in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/read | Read servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignments/read | Read servicePrincipals.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/basic/read | Read basic properties on servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/memberOf/read | Read servicePrincipals.memberOf property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/oAuth2PermissionGrants/basic/read | Read servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/ownedObjects/read | Read servicePrincipals.ownedObjects property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/owners/read | Read servicePrincipals.owners property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/policies/read | Read servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directory/subscribedSkus/basic/read | Read basic properties on subscribedSkus in Azure Active Directory. |
+> | microsoft.directory/users/appRoleAssignments/read | Read users.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/users/basic/read | Read basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/directReports/read | Read users.directReports property in Azure Active Directory. |
+> | microsoft.directory/users/manager/read | Read users.manager property in Azure Active Directory. |
+> | microsoft.directory/users/memberOf/read | Read users.memberOf property in Azure Active Directory. |
+> | microsoft.directory/users/oAuth2PermissionGrants/basic/read | Read users.oAuth2PermissionGrants property in Azure Active Directory. |
+> | microsoft.directory/users/ownedDevices/read | Read users.ownedDevices property in Azure Active Directory. |
+> | microsoft.directory/users/ownedObjects/read | Read users.ownedObjects property in Azure Active Directory. |
+> | microsoft.directory/users/registeredDevices/read | Read users.registeredDevices property in Azure Active Directory. |
### Directory Synchronization Accounts permissions Only used by Azure AD Connect service.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/organization/dirSync/update | Update organization.dirSync property in Azure Active Directory. |
-| microsoft.directory/policies/create | Create policies in Azure Active Directory. |
-| microsoft.directory/policies/delete | Delete policies in Azure Active Directory. |
-| microsoft.directory/policies/basic/read | Read basic properties on policies in Azure Active Directory. |
-| microsoft.directory/policies/basic/update | Update basic properties on policies in Azure Active Directory. |
-| microsoft.directory/policies/owners/read | Read policies.owners property in Azure Active Directory. |
-| microsoft.directory/policies/owners/update | Update policies.owners property in Azure Active Directory. |
-| microsoft.directory/policies/policiesAppliedTo/read | Read policies.policiesAppliedTo property in Azure Active Directory. |
-| microsoft.directory/policies/tenantDefault/update | Update policies.tenantDefault property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/read | Read servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignments/read | Read servicePrincipals.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignments/update | Update servicePrincipals.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/basic/read | Read basic properties on servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/memberOf/read | Read servicePrincipals.memberOf property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/oAuth2PermissionGrants/basic/read | Read servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/owners/read | Read servicePrincipals.owners property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/ownedObjects/read | Read servicePrincipals.ownedObjects property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/policies/read | Read servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directorySync/allEntities/allTasks | Perform all actions in Azure AD Connect. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/organization/dirSync/update | Update organization.dirSync property in Azure Active Directory. |
+> | microsoft.directory/policies/create | Create policies in Azure Active Directory. |
+> | microsoft.directory/policies/delete | Delete policies in Azure Active Directory. |
+> | microsoft.directory/policies/basic/read | Read basic properties on policies in Azure Active Directory. |
+> | microsoft.directory/policies/basic/update | Update basic properties on policies in Azure Active Directory. |
+> | microsoft.directory/policies/owners/read | Read policies.owners property in Azure Active Directory. |
+> | microsoft.directory/policies/owners/update | Update policies.owners property in Azure Active Directory. |
+> | microsoft.directory/policies/policiesAppliedTo/read | Read policies.policiesAppliedTo property in Azure Active Directory. |
+> | microsoft.directory/policies/tenantDefault/update | Update policies.tenantDefault property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/read | Read servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignments/read | Read servicePrincipals.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignments/update | Update servicePrincipals.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/basic/read | Read basic properties on servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/memberOf/read | Read servicePrincipals.memberOf property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/oAuth2PermissionGrants/basic/read | Read servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/owners/read | Read servicePrincipals.owners property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/ownedObjects/read | Read servicePrincipals.ownedObjects property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/policies/read | Read servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directorySync/allEntities/allTasks | Perform all actions in Azure AD Connect. |
### Directory Writers permissions Can read & write basic directory information. For granting access to applications, not intended for users.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/groups/appRoleAssignments/update | Update groups.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/groups/assignLicense | Manage licenses on groups in Azure Active Directory. |
-| microsoft.directory/groups/basic/update | Update basic properties on groups in Azure Active Directory.  |
-| microsoft.directory/groups/classification/update | Update classification property of the group in Azure Active Directory. |
-| microsoft.directory/groups/create | Create groups in Azure Active Directory. |
-| microsoft.directory/groups/groupType/update | Update the groupType property of a group in Azure Active Directory. |
-| microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
-| microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
-| microsoft.directory/groups/reprocessLicenseAssignment | Reprocess license assignments for a group in Azure Active Directory. |
-| microsoft.directory/groups/securityEnabled/update | Update the secutiryEnabled property of a group in Azure Active Directory. |
-| microsoft.directory/groups/settings/update | Update groups.settings property in Azure Active Directory. |
-| microsoft.directory/groups/visibility/update | Update visibility property of the group |
-| microsoft.directory/groupSettings/basic/update | Update basic properties on groupSettings in Azure Active Directory. |
-| microsoft.directory/groupSettings/create | Create groupSettings in Azure Active Directory.. |
-| microsoft.directory/groupSettings/delete | Delete groupSettings in Azure Active Directory. |
-| microsoft.directory/oAuth2PermissionGrants/basic/update | Update basic properties of oAuth2PermissionGrants in Azure Active Directory. |
-| microsoft.directory/oAuth2PermissionGrants/create | Create oAuth2PermissionGrants in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/synchronizationCredentials/manage | Manage application provisioning secrets and credentials. |
-| microsoft.directory/servicePrincipals/synchronizationJobs/manage | Start, restart, and pause application provisioning synchronization jobs. |
-| microsoft.directory/servicePrincipals/synchronizationSchema/manage | Create and manage application provisioning synchronization jobs and schema. |
-| microsoft.directory/users/appRoleAssignments/update | Update users.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
-| microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/create | Create users in Azure Active Directory. |
-| microsoft.directory/users/disable | Disable a user account in Azure Active Directory. |
-| microsoft.directory/users/enable | Enable a user account in Azure Active Directory |
-| microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory, requiring users to re-authenticate on their next sign-in |
-| microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
-| microsoft.directory/users/reprocessLicenseAssignment | Reprocess license assignments for a user in Azure Active Directory. |
-| microsoft.directory/users/userPrincipalName /update | Update the users.userPrincipalName property in Azure Active Directory. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/groups/appRoleAssignments/update | Update groups.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/groups/assignLicense | Manage licenses on groups in Azure Active Directory. |
+> | microsoft.directory/groups/basic/update | Update basic properties on groups in Azure Active Directory.  |
+> | microsoft.directory/groups/classification/update | Update classification property of the group in Azure Active Directory. |
+> | microsoft.directory/groups/create | Create groups in Azure Active Directory. |
+> | microsoft.directory/groups/groupType/update | Update the groupType property of a group in Azure Active Directory. |
+> | microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
+> | microsoft.directory/groups/reprocessLicenseAssignment | Reprocess license assignments for a group in Azure Active Directory. |
+> | microsoft.directory/groups/securityEnabled/update | Update the secutiryEnabled property of a group in Azure Active Directory. |
+> | microsoft.directory/groups/settings/update | Update groups.settings property in Azure Active Directory. |
+> | microsoft.directory/groups/visibility/update | Update visibility property of the group |
+> | microsoft.directory/groupSettings/basic/update | Update basic properties on groupSettings in Azure Active Directory. |
+> | microsoft.directory/groupSettings/create | Create groupSettings in Azure Active Directory.. |
+> | microsoft.directory/groupSettings/delete | Delete groupSettings in Azure Active Directory. |
+> | microsoft.directory/oAuth2PermissionGrants/basic/update | Update basic properties of oAuth2PermissionGrants in Azure Active Directory. |
+> | microsoft.directory/oAuth2PermissionGrants/create | Create oAuth2PermissionGrants in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/synchronizationCredentials/manage | Manage application provisioning secrets and credentials. |
+> | microsoft.directory/servicePrincipals/synchronizationJobs/manage | Start, restart, and pause application provisioning synchronization jobs. |
+> | microsoft.directory/servicePrincipals/synchronizationSchema/manage | Create and manage application provisioning synchronization jobs and schema. |
+> | microsoft.directory/users/appRoleAssignments/update | Update users.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
+> | microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/create | Create users in Azure Active Directory. |
+> | microsoft.directory/users/disable | Disable a user account in Azure Active Directory. |
+> | microsoft.directory/users/enable | Enable a user account in Azure Active Directory |
+> | microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory, requiring users to re-authenticate on their next sign-in |
+> | microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
+> | microsoft.directory/users/reprocessLicenseAssignment | Reprocess license assignments for a user in Azure Active Directory. |
+> | microsoft.directory/users/userPrincipalName /update | Update the users.userPrincipalName property in Azure Active Directory. |
### Exchange Service Administrator permissions
@@ -1034,239 +1048,248 @@ Can manage all aspects of the Exchange product.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.directory/groups/hiddenMembers/read | Read hidden members of a group |
-| microsoft.directory/groups.unified/basic/update | Update basic properties of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/create | Create Microsoft 365 groups. |
-| microsoft.directory/groups.unified/delete | Delete Microsoft 365 groups. |
-| microsoft.directory/groups.unified/restore | Restore Microsoft 365 groups |
-| microsoft.directory/groups.unified/members/update | Update membership of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/owners/update | Update ownership of Microsoft 365 groups. |
-| microsoft.office365.exchange/allEntities/allTasks | Manage all aspects of Exchange Online. |
-| microsoft.office365.network/performance/allProperties/read | Read network performance pages in Microsoft 365 Admin Center. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/allProperties/read | Read Office 365 usage reports. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.directory/groups/hiddenMembers/read | Read hidden members of a group |
+> | microsoft.directory/groups.unified/basic/update | Update basic properties of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/create | Create Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/delete | Delete Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/restore | Restore Microsoft 365 groups |
+> | microsoft.directory/groups.unified/members/update | Update membership of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/owners/update | Update ownership of Microsoft 365 groups. |
+> | microsoft.office365.exchange/allEntities/allTasks | Manage all aspects of Exchange Online. |
+> | microsoft.office365.network/performance/allProperties/read | Read network performance pages in Microsoft 365 Admin Center. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.usageReports/allEntities/allProperties/read | Read Office 365 usage reports. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### External ID User Flow Administrator permissions Create and manage all aspects of user flows.
-| **Actions** | **Description** |
-| | |
-| microsoft.aad.b2c/userFlows/allTasks | Read and configure user flows in  Azure Active Directory B2C. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.aad.b2c/userFlows/allTasks | Read and configure user flows in  Azure Active Directory B2C. |
### External ID User Flow Attribute Administrator permissions Create and manage the attribute schema available to all user flows.
-| **Actions** | **Description** |
-| | |
-| microsoft.aad.b2c/userAttributes/allTasks | Read and configure user attributes in  Azure Active Directory B2C. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.aad.b2c/userAttributes/allTasks | Read and configure user attributes in  Azure Active Directory B2C. |
### External Identity Provider Administrator permissions Configure identity providers for use in direct federation.
-| **Actions** | **Description** |
-| | |
-| microsoft.aad.b2c/identityProviders/allTasks | Read and configure identity providers in  Azure Active Directory B2C. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.aad.b2c/identityProviders/allTasks | Read and configure identity providers in  Azure Active Directory B2C. |
### Global Reader permissions Can read everything that a Global Administrator can, but not edit anything. > [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see [role description](#global-reader) above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.commerce.billing/allEntities/read | Read all aspects of billing. |
-| microsoft.directory/administrativeUnits/basic/read | Read basic properties on administrativeUnits in Azure Active Directory. |
-| microsoft.directory/administrativeUnits/members/read | Read administrativeUnits.members property in Azure Active Directory. |
-| microsoft.directory/applications/basic/read | Read basic properties on applications in Azure Active Directory. |
-| microsoft.directory/applications/owners/read | Read applications.owners property in Azure Active Directory. |
-| microsoft.directory/applications/policies/read | Read applications.policies property in Azure Active Directory. |
-| microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
-| microsoft.directory/contacts/basic/read | Read basic properties on contacts in Azure Active Directory. |
-| microsoft.directory/contacts/memberOf/read | Read contacts.memberOf property in Azure Active Directory. |
-| microsoft.directory/contracts/basic/read | Read basic properties on contracts in Azure Active Directory. |
-| microsoft.directory/devices/basic/read | Read basic properties on devices in Azure Active Directory. |
-| microsoft.directory/devices/memberOf/read | Read devices.memberOf property in Azure Active Directory. |
-| microsoft.directory/devices/registeredOwners/read | Read devices.registeredOwners property in Azure Active Directory. |
-| microsoft.directory/devices/registeredUsers/read | Read devices.registeredUsers property in Azure Active Directory. |
-| microsoft.directory/directoryRoles/basic/read | Read basic properties on directoryRoles in Azure Active Directory. |
-| microsoft.directory/directoryRoles/eligibleMembers/read | Read directoryRoles.eligibleMembers property in Azure Active Directory. |
-| microsoft.directory/directoryRoles/members/read | Read directoryRoles.members property in Azure Active Directory. |
-| microsoft.directory/domains/basic/read | Read basic properties on domains in Azure Active Directory. |
-| microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
-| microsoft.directory/groups/appRoleAssignments/read | Read groups.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/groups/basic/read | Read basic properties on groups in Azure Active Directory. |
-| microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
-| microsoft.directory/groups/memberOf/read | Read groups.memberOf property in Azure Active Directory. |
-| microsoft.directory/groups/members/read | Read groups.members property in Azure Active Directory. |
-| microsoft.directory/groups/owners/read | Read groups.owners property in Azure Active Directory. |
-| microsoft.directory/groups/settings/read | Read groups.settings property in Azure Active Directory. |
-| microsoft.directory/groupSettings/basic/read | Read basic properties on groupSettings in Azure Active Directory. |
-| microsoft.directory/groupSettingTemplates/basic/read | Read basic properties on groupSettingTemplates in Azure Active Directory. |
-| microsoft.directory/oAuth2PermissionGrants/basic/read | Read basic properties on oAuth2PermissionGrants in Azure Active Directory. |
-| microsoft.directory/organization/basic/read | Read basic properties on organization in Azure Active Directory. |
-| microsoft.directory/organization/trustedCAsForPasswordlessAuth/read | Read organization.trustedCAsForPasswordlessAuth property in Azure Active Directory. |
-| microsoft.directory/policies/standard/read | Read standard policies in Azure Active Directory. |
-| microsoft.directory/roleAssignments/basic/read | Read basic properties on roleAssignments in Azure Active Directory. |
-| microsoft.directory/roleDefinitions/basic/read | Read basic properties on roleDefinitions in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/read | Read servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/appRoleAssignments/read | Read servicePrincipals.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/basic/read | Read basic properties on servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/memberOf/read | Read servicePrincipals.memberOf property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/oAuth2PermissionGrants/basic/read | Read servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/ownedObjects/read | Read servicePrincipals.ownedObjects property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/owners/read | Read servicePrincipals.owners property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/policies/read | Read servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.directory/subscribedSkus/basic/read | Read basic properties on subscribedSkus in Azure Active Directory. |
-| microsoft.directory/users/appRoleAssignments/read | Read users.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/users/basic/read | Read basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/directReports/read | Read users.directReports property in Azure Active Directory. |
-| microsoft.directory/users/manager/read | Read users.manager property in Azure Active Directory. |
-| microsoft.directory/users/memberOf/read | Read users.memberOf property in Azure Active Directory. |
-| microsoft.directory/users/oAuth2PermissionGrants/basic/read | Read users.oAuth2PermissionGrants property in Azure Active Directory. |
-| microsoft.directory/users/ownedDevices/read | Read users.ownedDevices property in Azure Active Directory. |
-| microsoft.directory/users/ownedObjects/read | Read users.ownedObjects property in Azure Active Directory. |
-| microsoft.directory/users/registeredDevices/read | Read users.registeredDevices property in Azure Active Directory. |
-| microsoft.directory/users/strongAuthentication/read | Read strong authentication properties like MFA credential information. |
-| microsoft.office365.exchange/allEntities/read | Read all aspects of Exchange Online. |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.messageCenter/securityMessages/read | Read securityMessages in microsoft.office365.messageCenter. |
-| microsoft.office365.network/performance/allProperties/read | Read network performance pages in Microsoft 365 Admin Center. |
-| microsoft.office365.protectionCenter/allEntities/read | Read all aspects of Office 365 Protection Center. |
-| microsoft.office365.securityComplianceCenter/allEntities/read | Read all standard properties in microsoft.office365.securityComplianceCenter. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read standard properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.commerce.billing/allEntities/read | Read all aspects of billing. |
+> | microsoft.directory/administrativeUnits/basic/read | Read basic properties on administrativeUnits in Azure Active Directory. |
+> | microsoft.directory/administrativeUnits/members/read | Read administrativeUnits.members property in Azure Active Directory. |
+> | microsoft.directory/applications/basic/read | Read basic properties on applications in Azure Active Directory. |
+> | microsoft.directory/applications/owners/read | Read applications.owners property in Azure Active Directory. |
+> | microsoft.directory/applications/policies/read | Read applications.policies property in Azure Active Directory. |
+> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
+> | microsoft.directory/contacts/basic/read | Read basic properties on contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/memberOf/read | Read contacts.memberOf property in Azure Active Directory. |
+> | microsoft.directory/contracts/basic/read | Read basic properties on contracts in Azure Active Directory. |
+> | microsoft.directory/devices/basic/read | Read basic properties on devices in Azure Active Directory. |
+> | microsoft.directory/devices/memberOf/read | Read devices.memberOf property in Azure Active Directory. |
+> | microsoft.directory/devices/registeredOwners/read | Read devices.registeredOwners property in Azure Active Directory. |
+> | microsoft.directory/devices/registeredUsers/read | Read devices.registeredUsers property in Azure Active Directory. |
+> | microsoft.directory/directoryRoles/basic/read | Read basic properties on directoryRoles in Azure Active Directory. |
+> | microsoft.directory/directoryRoles/eligibleMembers/read | Read directoryRoles.eligibleMembers property in Azure Active Directory. |
+> | microsoft.directory/directoryRoles/members/read | Read directoryRoles.members property in Azure Active Directory. |
+> | microsoft.directory/domains/basic/read | Read basic properties on domains in Azure Active Directory. |
+> | microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
+> | microsoft.directory/groups/appRoleAssignments/read | Read groups.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/groups/basic/read | Read basic properties on groups in Azure Active Directory. |
+> | microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
+> | microsoft.directory/groups/memberOf/read | Read groups.memberOf property in Azure Active Directory. |
+> | microsoft.directory/groups/members/read | Read groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups/owners/read | Read groups.owners property in Azure Active Directory. |
+> | microsoft.directory/groups/settings/read | Read groups.settings property in Azure Active Directory. |
+> | microsoft.directory/groupSettings/basic/read | Read basic properties on groupSettings in Azure Active Directory. |
+> | microsoft.directory/groupSettingTemplates/basic/read | Read basic properties on groupSettingTemplates in Azure Active Directory. |
+> | microsoft.directory/oAuth2PermissionGrants/basic/read | Read basic properties on oAuth2PermissionGrants in Azure Active Directory. |
+> | microsoft.directory/organization/basic/read | Read basic properties on organization in Azure Active Directory. |
+> | microsoft.directory/organization/trustedCAsForPasswordlessAuth/read | Read organization.trustedCAsForPasswordlessAuth property in Azure Active Directory. |
+> | microsoft.directory/policies/standard/read | Read standard policies in Azure Active Directory. |
+> | microsoft.directory/roleAssignments/basic/read | Read basic properties on roleAssignments in Azure Active Directory. |
+> | microsoft.directory/roleDefinitions/basic/read | Read basic properties on roleDefinitions in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/read | Read servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/appRoleAssignments/read | Read servicePrincipals.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/basic/read | Read basic properties on servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/memberOf/read | Read servicePrincipals.memberOf property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/oAuth2PermissionGrants/basic/read | Read servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/ownedObjects/read | Read servicePrincipals.ownedObjects property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/owners/read | Read servicePrincipals.owners property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/policies/read | Read servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.directory/subscribedSkus/basic/read | Read basic properties on subscribedSkus in Azure Active Directory. |
+> | microsoft.directory/users/appRoleAssignments/read | Read users.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/users/basic/read | Read basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/directReports/read | Read users.directReports property in Azure Active Directory. |
+> | microsoft.directory/users/manager/read | Read users.manager property in Azure Active Directory. |
+> | microsoft.directory/users/memberOf/read | Read users.memberOf property in Azure Active Directory. |
+> | microsoft.directory/users/oAuth2PermissionGrants/basic/read | Read users.oAuth2PermissionGrants property in Azure Active Directory. |
+> | microsoft.directory/users/ownedDevices/read | Read users.ownedDevices property in Azure Active Directory. |
+> | microsoft.directory/users/ownedObjects/read | Read users.ownedObjects property in Azure Active Directory. |
+> | microsoft.directory/users/registeredDevices/read | Read users.registeredDevices property in Azure Active Directory. |
+> | microsoft.directory/users/strongAuthentication/read | Read strong authentication properties like MFA credential information. |
+> | microsoft.office365.exchange/allEntities/read | Read all aspects of Exchange Online. |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.messageCenter/securityMessages/read | Read securityMessages in microsoft.office365.messageCenter. |
+> | microsoft.office365.network/performance/allProperties/read | Read network performance pages in Microsoft 365 Admin Center. |
+> | microsoft.office365.protectionCenter/allEntities/read | Read all aspects of Office 365 Protection Center. |
+> | microsoft.office365.securityComplianceCenter/allEntities/read | Read all standard properties in microsoft.office365.securityComplianceCenter. |
+> | microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read standard properties on all resources in microsoft.office365.webPortal. |
### Groups Administrator permissions Can manage all aspects of groups and group settings like naming and expiration policies.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/groups/basic/read | Read standard properties on Groups in Azure Active Directory.ΓÇ» |
-| microsoft.directory/groups/basic/update | Update basic properties on groups in Azure Active Directory.ΓÇ»|
-| microsoft.directory/groups/create | Create groups in Azure Active Directory. |
-| microsoft.directory/groups/createAsOwner | Create groups in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
-| microsoft.directory/groups/delete | Delete groups in Azure Active Directory. |
-| microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
-| microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
-| microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
-| microsoft.directory/groups/restore | Restore groups in Azure Active Directory. |
-| microsoft.directory/groups/settings/update | Update groups.settings property in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/groups/basic/read | Read standard properties on Groups in Azure Active Directory.ΓÇ» |
+> | microsoft.directory/groups/basic/update | Update basic properties on groups in Azure Active Directory.ΓÇ»|
+> | microsoft.directory/groups/create | Create groups in Azure Active Directory. |
+> | microsoft.directory/groups/createAsOwner | Create groups in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
+> | microsoft.directory/groups/delete | Delete groups in Azure Active Directory. |
+> | microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
+> | microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
+> | microsoft.directory/groups/restore | Restore groups in Azure Active Directory. |
+> | microsoft.directory/groups/settings/update | Update groups.settings property in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Guest Inviter permissions Can invite guest users independent of the 'members can invite guests' setting.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/users/appRoleAssignments/read | Read users.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/users/basic/read | Read basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/directReports/read | Read users.directReports property in Azure Active Directory. |
-| microsoft.directory/users/inviteGuest | Invite guest users in Azure Active Directory. |
-| microsoft.directory/users/manager/read | Read users.manager property in Azure Active Directory. |
-| microsoft.directory/users/memberOf/read | Read users.memberOf property in Azure Active Directory. |
-| microsoft.directory/users/oAuth2PermissionGrants/basic/read | Read users.oAuth2PermissionGrants property in Azure Active Directory. |
-| microsoft.directory/users/ownedDevices/read | Read users.ownedDevices property in Azure Active Directory. |
-| microsoft.directory/users/ownedObjects/read | Read users.ownedObjects property in Azure Active Directory. |
-| microsoft.directory/users/registeredDevices/read | Read users.registeredDevices property in Azure Active Directory. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/users/appRoleAssignments/read | Read users.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/users/basic/read | Read basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/directReports/read | Read users.directReports property in Azure Active Directory. |
+> | microsoft.directory/users/inviteGuest | Invite guest users in Azure Active Directory. |
+> | microsoft.directory/users/manager/read | Read users.manager property in Azure Active Directory. |
+> | microsoft.directory/users/memberOf/read | Read users.memberOf property in Azure Active Directory. |
+> | microsoft.directory/users/oAuth2PermissionGrants/basic/read | Read users.oAuth2PermissionGrants property in Azure Active Directory. |
+> | microsoft.directory/users/ownedDevices/read | Read users.ownedDevices property in Azure Active Directory. |
+> | microsoft.directory/users/ownedObjects/read | Read users.ownedObjects property in Azure Active Directory. |
+> | microsoft.directory/users/registeredDevices/read | Read users.registeredDevices property in Azure Active Directory. |
### Helpdesk Administrator permissions Can reset passwords for non-administrators and Helpdesk Administrators.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/devices/bitLockerRecoveryKeys/read | Read devices.bitLockerRecoveryKeys property in Azure Active Directory. |
-| microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
-| microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/devices/bitLockerRecoveryKeys/read | Read devices.bitLockerRecoveryKeys property in Azure Active Directory. |
+> | microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
+> | microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Hybrid Identity Administrator permissions Can manage AD to Azure AD cloud provisioning and federation settings.
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.directory/applications/audience/update | Update applications.audience property in Azure Active Directory. |
-| microsoft.directory/applications/authentication/update | Update applications.authentication property in Azure Active Directory. |
-| microsoft.directory/applications/basic/update | Update basic properties on applications in Azure Active Directory. |
-| microsoft.directory/applications/create | Create applications in Azure Active Directory. |
-| microsoft.directory/applications/credentials/update | Update applications.credentials property in Azure Active Directory. |
-| microsoft.directory/applications/delete | Delete applications in Azure Active Directory. |
-| microsoft.directory/applications/owners/update | Update applications.owners property in Azure Active Directory. |
-| microsoft.directory/applications/permissions/update | Update applications.permissions property in Azure Active Directory. |
-| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
-| microsoft.directory/applicationTemplates/instantiate | Instantiate gallery applications from application templates. |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/cloudProvisioning/allProperties/allTasks | Read and configure all properties of Azure AD Cloud Provisioning service. |
-| microsoft.directory/domains/allProperties/read | Read all properties of domains. |
-| microsoft.directory/domains/federation/update | Update federation property of domains. |
-| microsoft.directory/organization/dirSync/update | Update organization.dirSync property in Azure Active Directory. |
-| microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs. |
-| microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/delete | Delete servicePrincipals in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/synchronizationJobs/manage | Manage all aspects of synchronization jobs in Azure AD. |
-| microsoft.directory/servicePrincipals/synchronizationSchema/manage | Manage all aspects of synchronization schema in Azure AD. |
-| microsoft.directory/servicePrincipals/synchronizationCredentials/manage | Manage all aspects of synchronization credentials in Azure AD. |
-| microsoft.directory/servicePrincipals/tag/update | Update servicePrincipals.tag property in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.directory/applications/audience/update | Update applications.audience property in Azure Active Directory. |
+> | microsoft.directory/applications/authentication/update | Update applications.authentication property in Azure Active Directory. |
+> | microsoft.directory/applications/basic/update | Update basic properties on applications in Azure Active Directory. |
+> | microsoft.directory/applications/create | Create applications in Azure Active Directory. |
+> | microsoft.directory/applications/credentials/update | Update applications.credentials property in Azure Active Directory. |
+> | microsoft.directory/applications/delete | Delete applications in Azure Active Directory. |
+> | microsoft.directory/applications/owners/update | Update applications.owners property in Azure Active Directory. |
+> | microsoft.directory/applications/permissions/update | Update applications.permissions property in Azure Active Directory. |
+> | microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
+> | microsoft.directory/applicationTemplates/instantiate | Instantiate gallery applications from application templates. |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/cloudProvisioning/allProperties/allTasks | Read and configure all properties of Azure AD Cloud Provisioning service. |
+> | microsoft.directory/domains/allProperties/read | Read all properties of domains. |
+> | microsoft.directory/domains/federation/update | Update federation property of domains. |
+> | microsoft.directory/organization/dirSync/update | Update organization.dirSync property in Azure Active Directory. |
+> | microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs. |
+> | microsoft.directory/servicePrincipals/audience/update | Update servicePrincipals.audience property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/authentication/update | Update servicePrincipals.authentication property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/basic/update | Update basic properties on servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/create | Create servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/credentials/update | Update servicePrincipals.credentials property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/delete | Delete servicePrincipals in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/owners/update | Update servicePrincipals.owners property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/permissions/update | Update servicePrincipals.permissions property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/synchronizationJobs/manage | Manage all aspects of synchronization jobs in Azure AD. |
+> | microsoft.directory/servicePrincipals/synchronizationSchema/manage | Manage all aspects of synchronization schema in Azure AD. |
+> | microsoft.directory/servicePrincipals/synchronizationCredentials/manage | Manage all aspects of synchronization credentials in Azure AD. |
+> | microsoft.directory/servicePrincipals/tag/update | Update servicePrincipals.tag property in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Insights Administrator permissions Has administrative access in the Microsoft 365 Insights app.
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.insights/allEntities/allTasks | Manage all aspects of Insights. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.insights/allEntities/allTasks | Manage all aspects of Insights. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Insights Business Leader permissions Can view and share dashboards and insights via the M365 Insights app.
-| **Actions** | **Description** |
-| | |
-| microsoft.insights/reports/read | View reports and dashboard in Insights app. |
-| microsoft.insights/programs/update | Deploy and manage programs in Insights app. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.insights/reports/read | View reports and dashboard in Insights app. |
+> | microsoft.insights/programs/update | Deploy and manage programs in Insights app. |
### Intune Service Administrator permissions
@@ -1274,41 +1297,41 @@ Can manage all aspects of the Intune product.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
-| microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
-| microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
-| microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
-| microsoft.directory/devices/basic/update | Update basic properties on devices in Azure Active Directory. |
-| microsoft.directory/devices/create | Create devices in Azure Active Directory. |
-| microsoft.directory/devices/delete | Delete devices in Azure Active Directory. |
-| microsoft.directory/devices/disable | Disable devices in Azure Active Directory. |
-| microsoft.directory/devices/enable | Enable devices in Azure Active Directory. |
-| microsoft.directory/devices/extensionAttributes/update | Update all values for devices.extensionAttributes property in Azure Active Directory. |
-| microsoft.directory/devices/registeredOwners/update | Update devices.registeredOwners property in Azure Active Directory. |
-| microsoft.directory/devices/registeredUsers/update | Update devices.registeredUsers property in Azure Active Directory. |
-| microsoft.directory/deviceManagementPolicies/standard/read | Read standard properties on device management application policies |
-| microsoft.directory/deviceRegistrationPolicy/standard/read | Read standard properties on device registration policies |
-| microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
-| microsoft.directory/groups.security/basic/update | Update basic properties on groups in Azure Active Directory. |
-| microsoft.directory/groups.security/classification/update | Update classification property of the Security groups with the exclusion of role-assignable groups |
-| microsoft.directory/groups.security/create | Create groups in Azure Active Directory. |
-| microsoft.directory/groups.security/delete | Delete groups in Azure Active Directory. |
-| microsoft.directory/groups.security/dynamicMembershipRule/update | Update dynamicMembershipRule property of the Security groups with the exclusion of role-assignable groups |
-| microsoft.directory/groups.security/groupType/update | Update group type property of the Security groups with the exclusion of role-assignable groups |
-| microsoft.directory/groups.security/members/update | Update groups.members property in Azure Active Directory. |
-| microsoft.directory/groups.security/owners/update | Update groups.owners property in Azure Active Directory. |
-| microsoft.directory/groups.security/visibility/update | Update visibility property of the Security groups with the exclusion of role-assignable groups |
-| microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.intune/allEntities/allTasks | Manage all aspects of Intune. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
+> | microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
+> | microsoft.directory/devices/basic/update | Update basic properties on devices in Azure Active Directory. |
+> | microsoft.directory/devices/create | Create devices in Azure Active Directory. |
+> | microsoft.directory/devices/delete | Delete devices in Azure Active Directory. |
+> | microsoft.directory/devices/disable | Disable devices in Azure Active Directory. |
+> | microsoft.directory/devices/enable | Enable devices in Azure Active Directory. |
+> | microsoft.directory/devices/extensionAttributes/update | Update all values for devices.extensionAttributes property in Azure Active Directory. |
+> | microsoft.directory/devices/registeredOwners/update | Update devices.registeredOwners property in Azure Active Directory. |
+> | microsoft.directory/devices/registeredUsers/update | Update devices.registeredUsers property in Azure Active Directory. |
+> | microsoft.directory/deviceManagementPolicies/standard/read | Read standard properties on device management application policies |
+> | microsoft.directory/deviceRegistrationPolicy/standard/read | Read standard properties on device registration policies |
+> | microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
+> | microsoft.directory/groups.security/basic/update | Update basic properties on groups in Azure Active Directory. |
+> | microsoft.directory/groups.security/classification/update | Update classification property of the Security groups with the exclusion of role-assignable groups |
+> | microsoft.directory/groups.security/create | Create groups in Azure Active Directory. |
+> | microsoft.directory/groups.security/delete | Delete groups in Azure Active Directory. |
+> | microsoft.directory/groups.security/dynamicMembershipRule/update | Update dynamicMembershipRule property of the Security groups with the exclusion of role-assignable groups |
+> | microsoft.directory/groups.security/groupType/update | Update group type property of the Security groups with the exclusion of role-assignable groups |
+> | microsoft.directory/groups.security/members/update | Update groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups.security/owners/update | Update groups.owners property in Azure Active Directory. |
+> | microsoft.directory/groups.security/visibility/update | Update visibility property of the Security groups with the exclusion of role-assignable groups |
+> | microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.intune/allEntities/allTasks | Manage all aspects of Intune. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Kaizala Administrator permissions
@@ -1316,26 +1339,27 @@ Can manage settings for Microsoft Kaizala.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read Microsoft 365 admin center. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read Microsoft 365 admin center. |
### License Administrator permissions Can manage product licenses on users and groups.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
-| microsoft.directory/users/usageLocation/update | Update users.usageLocation property in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
+> | microsoft.directory/users/usageLocation/update | Update users.usageLocation property in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
### Lync Service Administrator permissions
@@ -1343,18 +1367,18 @@ Can manage all aspects of the Skype for Business product.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.skypeForBusiness/allEntities/allTasks | Manage all aspects of Skype for Business Online. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.skypeForBusiness/allEntities/allTasks | Manage all aspects of Skype for Business Online. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Message Center Privacy Reader permissions
@@ -1363,42 +1387,42 @@ Can read Message Center posts, data privacy messages, groups, domains and subscr
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.messageCenter/securityMessages/read | Read securityMessages in microsoft.office365.messageCenter. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.messageCenter/securityMessages/read | Read securityMessages in microsoft.office365.messageCenter. |
### Message Center Reader permissions Can read messages and updates for their organization in Message Center only. > [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
### Modern Commerce User permissions Can manage commercial purchases for a company, department or team. > [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.commerce.billing/partners/read | Read partner property of Microsoft 365 Billing. |
-| microsoft.commerce.volumeLicenseServiceCenter/allEntities/allTasks | Manage all aspects of Volume Licensing Service Center. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and view own Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.commerce.billing/partners/read | Read partner property of Microsoft 365 Billing. |
+> | microsoft.commerce.volumeLicenseServiceCenter/allEntities/allTasks | Manage all aspects of Volume Licensing Service Center. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and view own Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Network Administrator permissions
@@ -1406,31 +1430,31 @@ Can manage network locations and review enterprise network design insights for M
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.network/performance/allProperties/read | Read network performance pages in M365 Admin Center. |
-| microsoft.office365.network/locations/allProperties/allTasks | Read and configure network locations properties for each location. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.network/performance/allProperties/read | Read network performance pages in M365 Admin Center. |
+> | microsoft.office365.network/locations/allProperties/allTasks | Read and configure network locations properties for each location. |
### Office Apps Administrator permissions Can manage Office apps' cloud services, including policy and settings management, and manage the ability to select, unselect and publish "what's new" feature content to end-user's devices. > [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.userCommunication/allEntities/allTasks | Read and update What's New messages visibility. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.userCommunication/allEntities/allTasks | Read and update What's New messages visibility. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Partner Tier1 Support permissions
@@ -1438,45 +1462,45 @@ Do not use - not intended for general use.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/applications/appRoles/update | Manage app roles and request delegated permissions for applications. |
-| microsoft.directory/applications/audience/update | Update audience on all types of applications. |
-| microsoft.directory/applications/authentication/update | Update authentication on all types of applications. |
-| microsoft.directory/applications/basic/update | Update basic properties on all types of applications. |
-| microsoft.directory/applications/credentials/update | Update credentials on all types of applications. |
-| microsoft.directory/applications/owners/update | Update owners on all types of applications. |
-| microsoft.directory/applications/permissions/update | Update exposed permissions and required permissions on all types of applications. |
-| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
-| microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
-| microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
-| microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
-| microsoft.directory/groups/create | Create groups in Azure Active Directory. |
-| microsoft.directory/groups/delete | Delete groups, excluding role-assignable group |
-| microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
-| microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
-| microsoft.directory/groups/restore | Restore deleted groups |
-| microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks | Create and delete OAuth 2.0 permission grants, and read and update all properties |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update service principal role assignments |
-| microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
-| microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/create | Add users |
-| microsoft.directory/users/delete | Delete users in Azure Active Directory. |
-| microsoft.directory/users/disable | Disable users |
-| microsoft.directory/users/enable | Enable users |
-| microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
-| microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
-| microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
-| microsoft.directory/users/restore | Restore deleted users in Azure Active Directory. |
-| microsoft.directory/users/userPrincipalName/update | Update users.userPrincipalName property in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/applications/appRoles/update | Manage app roles and request delegated permissions for applications. |
+> | microsoft.directory/applications/audience/update | Update audience on all types of applications. |
+> | microsoft.directory/applications/authentication/update | Update authentication on all types of applications. |
+> | microsoft.directory/applications/basic/update | Update basic properties on all types of applications. |
+> | microsoft.directory/applications/credentials/update | Update credentials on all types of applications. |
+> | microsoft.directory/applications/owners/update | Update owners on all types of applications. |
+> | microsoft.directory/applications/permissions/update | Update exposed permissions and required permissions on all types of applications. |
+> | microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
+> | microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
+> | microsoft.directory/groups/create | Create groups in Azure Active Directory. |
+> | microsoft.directory/groups/delete | Delete groups, excluding role-assignable group |
+> | microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
+> | microsoft.directory/groups/restore | Restore deleted groups |
+> | microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks | Create and delete OAuth 2.0 permission grants, and read and update all properties |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update service principal role assignments |
+> | microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
+> | microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/create | Add users |
+> | microsoft.directory/users/delete | Delete users in Azure Active Directory. |
+> | microsoft.directory/users/disable | Disable users |
+> | microsoft.directory/users/enable | Enable users |
+> | microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
+> | microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
+> | microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
+> | microsoft.directory/users/restore | Restore deleted users in Azure Active Directory. |
+> | microsoft.directory/users/userPrincipalName/update | Update users.userPrincipalName property in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Partner Tier2 Support permissions
@@ -1484,60 +1508,61 @@ Do not use - not intended for general use.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/applications/appRoles/update | Manage app roles and request delegated permissions for applications. |
-| microsoft.directory/applications/audience/update | Update audience on all types of applications. |
-| microsoft.directory/applications/authentication/update | Update authentication on all types of applications. |
-| microsoft.directory/applications/basic/update | Update basic properties on all types of applications. |
-| microsoft.directory/applications/credentials/update | Update credentials on all types of applications. |
-| microsoft.directory/applications/owners/update | Update owners on all types of applications. |
-| microsoft.directory/applications/permissions/update | Update exposed permissions and required permissions on all types of applications. |
-| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
-| microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
-| microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
-| microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
-| microsoft.directory/domains/basic/allTasks | Create and delete domains, and read and update standard properties in Azure Active Directory. |
-| microsoft.directory/groups/create | Create groups in Azure Active Directory. |
-| microsoft.directory/groups/delete | Delete groups in Azure Active Directory. |
-| microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
-| microsoft.directory/groups/owners/update | Update owners of groups, excluding role-assignable groups |
-| microsoft.directory/groups/restore | Restore groups in Azure Active Directory. |
-| microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks | Create and delete OAuth 2.0 permission grants, and read and update all properties |
-| microsoft.directory/organization/basic/update | Update basic properties on organization in Azure Active Directory. |
-| microsoft.directory/roleAssignments/allProperties/allTasks | Create and delete role assignments, and read and update all role assignment properties |
-| microsoft.directory/roleDefinitions/allProperties/allTasks | Create and delete role definitions, and read and update all properties |
-| microsoft.directory/scopedRoleMemberships/allProperties/allTasks | Create and delete scopedRoleMemberships, and read and update all properties |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update service principal role assignments |
-| microsoft.directory/subscribedSkus/standard/read | Read basic properties on subscriptions |
-| microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
-| microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/create | Add users |
-| microsoft.directory/users/delete | Delete users in Azure Active Directory. |
-| microsoft.directory/users/disable | Disable users |
-| microsoft.directory/users/enable | Enable users |
-| microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
-| microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
-| microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
-| microsoft.directory/users/restore | Restore deleted users in Azure Active Directory. |
-| microsoft.directory/users/userPrincipalName/update | Update users.userPrincipalName property in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/applications/appRoles/update | Manage app roles and request delegated permissions for applications. |
+> | microsoft.directory/applications/audience/update | Update audience on all types of applications. |
+> | microsoft.directory/applications/authentication/update | Update authentication on all types of applications. |
+> | microsoft.directory/applications/basic/update | Update basic properties on all types of applications. |
+> | microsoft.directory/applications/credentials/update | Update credentials on all types of applications. |
+> | microsoft.directory/applications/owners/update | Update owners on all types of applications. |
+> | microsoft.directory/applications/permissions/update | Update exposed permissions and required permissions on all types of applications. |
+> | microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
+> | microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
+> | microsoft.directory/domains/basic/allTasks | Create and delete domains, and read and update standard properties in Azure Active Directory. |
+> | microsoft.directory/groups/create | Create groups in Azure Active Directory. |
+> | microsoft.directory/groups/delete | Delete groups in Azure Active Directory. |
+> | microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups/owners/update | Update owners of groups, excluding role-assignable groups |
+> | microsoft.directory/groups/restore | Restore groups in Azure Active Directory. |
+> | microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks | Create and delete OAuth 2.0 permission grants, and read and update all properties |
+> | microsoft.directory/organization/basic/update | Update basic properties on organization in Azure Active Directory. |
+> | microsoft.directory/roleAssignments/allProperties/allTasks | Create and delete role assignments, and read and update all role assignment properties |
+> | microsoft.directory/roleDefinitions/allProperties/allTasks | Create and delete role definitions, and read and update all properties |
+> | microsoft.directory/scopedRoleMemberships/allProperties/allTasks | Create and delete scopedRoleMemberships, and read and update all properties |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update service principal role assignments |
+> | microsoft.directory/subscribedSkus/standard/read | Read basic properties on subscriptions |
+> | microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
+> | microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/create | Add users |
+> | microsoft.directory/users/delete | Delete users in Azure Active Directory. |
+> | microsoft.directory/users/disable | Disable users |
+> | microsoft.directory/users/enable | Enable users |
+> | microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
+> | microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
+> | microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
+> | microsoft.directory/users/restore | Restore deleted users in Azure Active Directory. |
+> | microsoft.directory/users/userPrincipalName/update | Update users.userPrincipalName property in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Password Administrator permissions Can reset passwords for non-administrators and Password administrators.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Power BI Service Administrator permissions
@@ -1545,16 +1570,16 @@ Can manage all aspects of the Power BI product.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.powerApps.powerBI/allEntities/allTasks | Manage all aspects of Power BI. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.powerApps.powerBI/allEntities/allTasks | Manage all aspects of Power BI. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Power Platform Administrator permissions
@@ -1563,18 +1588,18 @@ Can create and manage all aspects of Microsoft Dynamics 365, PowerApps and Power
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.dynamics365/allEntities/allTasks | Manage all aspects of Dynamics 365. |
-| microsoft.flow/allEntities/allTasks | Manage all aspects of Power Automate. |
-| microsoft.powerApps/allEntities/allTasks | Manage all aspects of PowerApps. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.dynamics365/allEntities/allTasks | Manage all aspects of Dynamics 365. |
+> | microsoft.flow/allEntities/allTasks | Manage all aspects of Power Automate. |
+> | microsoft.powerApps/allEntities/allTasks | Manage all aspects of PowerApps. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### Printer Administrator permissions
@@ -1582,11 +1607,11 @@ Can manage all aspects of printers and printer connectors.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.print/allEntities/allProperties/allTasks | Create and delete printers and connectors, and read and update all properties in Microsoft Print. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.print/allEntities/allProperties/allTasks | Create and delete printers and connectors, and read and update all properties in Microsoft Print. |
### Printer Technician permissions
@@ -1594,30 +1619,31 @@ Can register and unregister printers and update printer status.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.print/connectors/allProperties/read | Read all properties of connectors in Microsoft Print. |
-| microsoft.azure.print/printers/allProperties/read | Read all properties of printers in Microsoft Print. |
-| microsoft.azure.print/printers/basic/update | Update basic properties of printers in Microsoft Print. |
-| microsoft.azure.print/printers/register | Register printers in Microsoft Print. |
-| microsoft.azure.print/printers/unregister | Unregister printers in Microsoft Print. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.print/connectors/allProperties/read | Read all properties of connectors in Microsoft Print. |
+> | microsoft.azure.print/printers/allProperties/read | Read all properties of printers in Microsoft Print. |
+> | microsoft.azure.print/printers/basic/update | Update basic properties of printers in Microsoft Print. |
+> | microsoft.azure.print/printers/register | Register printers in Microsoft Print. |
+> | microsoft.azure.print/printers/unregister | Unregister printers in Microsoft Print. |
### Privileged Authentication Administrator permissions Allowed to view, set and reset authentication method information for any user (admin or non-admin).
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
-| microsoft.directory/users/strongAuthentication/update | Update strong authentication properties like MFA credential information. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.directory/users/password/update | Update passwords for all users in the Microsoft 365 organization. See online documentation for more detail. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
+> | microsoft.directory/users/strongAuthentication/update | Update strong authentication properties like MFA credential information. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.directory/users/password/update | Update passwords for all users in the Microsoft 365 organization. See online documentation for more detail. |
### Privileged Role Administrator permissions
@@ -1625,20 +1651,20 @@ Can manage role assignments in Azure AD,and all aspects of Privileged Identity M
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/groupsAssignableToRoles/allProperties/update | Update groups with isAssignableToRole property set to true in Azure Active Directory. |
-| microsoft.directory/groupsAssignableToRoles/create | Create groups with isAssignableToRole property set to true in Azure Active Directory. |
-| microsoft.directory/groupsAssignableToRoles/delete | Delete groups with isAssignableToRole property set to true in Azure Active Directory. |
-| microsoft.directory/privilegedIdentityManagement/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.aad.privilegedIdentityManagement. |
-| microsoft.directory/servicePrincipals/appRoleAssignedTo/allTasks | Read and configure servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
-| microsoft.directory/servicePrincipals/oAuth2PermissionGrants/allTasks | Read and configure servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
-| microsoft.directory/administrativeUnits/allProperties/allTasks | Create and manage administrative units (including members) |
-| microsoft.directory/roleAssignments/allProperties/allTasks | Create and manage role assignments. |
-| microsoft.directory/roleDefinitions/allProperties/allTasks | Create and manage role definitions. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/groupsAssignableToRoles/allProperties/update | Update groups with isAssignableToRole property set to true in Azure Active Directory. |
+> | microsoft.directory/groupsAssignableToRoles/create | Create groups with isAssignableToRole property set to true in Azure Active Directory. |
+> | microsoft.directory/groupsAssignableToRoles/delete | Delete groups with isAssignableToRole property set to true in Azure Active Directory. |
+> | microsoft.directory/privilegedIdentityManagement/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.aad.privilegedIdentityManagement. |
+> | microsoft.directory/servicePrincipals/appRoleAssignedTo/allTasks | Read and configure servicePrincipals.appRoleAssignedTo property in Azure Active Directory. |
+> | microsoft.directory/servicePrincipals/oAuth2PermissionGrants/allTasks | Read and configure servicePrincipals.oAuth2PermissionGrants property in Azure Active Directory. |
+> | microsoft.directory/administrativeUnits/allProperties/allTasks | Create and manage administrative units (including members) |
+> | microsoft.directory/roleAssignments/allProperties/allTasks | Create and manage role assignments. |
+> | microsoft.directory/roleDefinitions/allProperties/allTasks | Create and manage role definitions. |
### Reports Reader permissions
@@ -1646,15 +1672,15 @@ Can read sign-in and audit reports.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
### Search Administrator permissions
@@ -1662,16 +1688,16 @@ Can create and manage all aspects of Microsoft Search settings.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.search/allEntities/allProperties/allTasks | Create and delete all resources, and read and update all properties in microsoft.office365.search. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.search/allEntities/allProperties/allTasks | Create and delete all resources, and read and update all properties in microsoft.office365.search. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Search Editor permissions
@@ -1679,13 +1705,13 @@ Can create and manage the editorial content such as bookmarks, Q and As, locatio
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
-| microsoft.office365.search/content/allProperties/allTasks | Create and delete content, and read and update all properties in microsoft.office365.search. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
+> | microsoft.office365.search/content/allProperties/allTasks | Create and delete content, and read and update all properties in microsoft.office365.search. |
### Security Administrator permissions
@@ -1693,32 +1719,32 @@ Can read security information and reports,and manage configuration in Azure AD a
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
-| microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
-| microsoft.directory/identityProtection/allProperties/read | Read all resources in microsoft.aad.identityProtection. |
-| microsoft.directory/identityProtection/allProperties/update | Update all resources in microsoft.aad.identityProtection. |
-| microsoft.directory/policies/basic/update | Update basic properties on policies in Azure Active Directory. |
-| microsoft.directory/policies/create | Create policies in Azure Active Directory. |
-| microsoft.directory/policies/delete | Delete policies in Azure Active Directory. |
-| microsoft.directory/policies/owners/update | Update policies.owners property in Azure Active Directory. |
-| microsoft.directory/policies/tenantDefault/update | Update policies.tenantDefault property in Azure Active Directory. |
-| microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
-| microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.office365.protectionCenter/allEntities/read | Read all aspects of Office 365 Protection Center. |
-| microsoft.office365.protectionCenter/allEntities/update | Update all resources in microsoft.office365.protectionCenter. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.directory/applications/policies/update | Update applications.policies property in Azure Active Directory. |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
+> | microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
+> | microsoft.directory/identityProtection/allProperties/read | Read all resources in microsoft.aad.identityProtection. |
+> | microsoft.directory/identityProtection/allProperties/update | Update all resources in microsoft.aad.identityProtection. |
+> | microsoft.directory/policies/basic/update | Update basic properties on policies in Azure Active Directory. |
+> | microsoft.directory/policies/create | Create policies in Azure Active Directory. |
+> | microsoft.directory/policies/delete | Delete policies in Azure Active Directory. |
+> | microsoft.directory/policies/owners/update | Update policies.owners property in Azure Active Directory. |
+> | microsoft.directory/policies/tenantDefault/update | Update policies.tenantDefault property in Azure Active Directory. |
+> | microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
+> | microsoft.directory/servicePrincipals/policies/update | Update servicePrincipals.policies property in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.office365.protectionCenter/allEntities/read | Read all aspects of Office 365 Protection Center. |
+> | microsoft.office365.protectionCenter/allEntities/update | Update all resources in microsoft.office365.protectionCenter. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Security Operator permissions
@@ -1726,21 +1752,21 @@ Creates and manages security events.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.advancedThreatProtection/allEntities/read | Read and configure Azure AD Advanced Threat Protection. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.directory/cloudAppSecurity/allProperties/allTasks | Read and configure Microsoft Cloud App Security. |
-| microsoft.directory/identityProtection/allProperties/read | Read all resources in microsoft.aad.identityProtection. |
-| microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
-| microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs. |
-| microsoft.intune/allEntities/allTasks | Manage all aspects of Intune. |
-| microsoft.office365.securityComplianceCenter/allEntities/allTasks | Read and configure Security & Compliance Center. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.windows.defenderAdvancedThreatProtection/allEntities/read | Read and configure Windows Defender Advanced Threat Protection. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.advancedThreatProtection/allEntities/read | Read and configure Azure AD Advanced Threat Protection. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.directory/cloudAppSecurity/allProperties/allTasks | Read and configure Microsoft Cloud App Security. |
+> | microsoft.directory/identityProtection/allProperties/read | Read all resources in microsoft.aad.identityProtection. |
+> | microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
+> | microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs. |
+> | microsoft.intune/allEntities/allTasks | Manage all aspects of Intune. |
+> | microsoft.office365.securityComplianceCenter/allEntities/allTasks | Read and configure Security & Compliance Center. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.windows.defenderAdvancedThreatProtection/allEntities/read | Read and configure Windows Defender Advanced Threat Protection. |
### Security Reader permissions
@@ -1749,22 +1775,22 @@ Can read security information and reports in Azure AD and Microsoft 365.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
-| microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
-| microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
-| microsoft.directory/policies/conditionalAccess/basic/read | Read policies.conditionalAccess property in Azure Active Directory. |
-| microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
-| microsoft.aad.identityProtection/allEntities/read | Read all resources in microsoft.aad.identityProtection. |
-| microsoft.aad.privilegedIdentityManagement/allEntities/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.protectionCenter/allEntities/read | Read all aspects of Office 365 Protection Center. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/auditLogs/allProperties/read | Read all properties (including privileged properties) on auditLogs in Azure Active Directory. |
+> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker key objects and properties (including recovery key) in Azure Active Directory. |
+> | microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management. |
+> | microsoft.directory/policies/conditionalAccess/basic/read | Read policies.conditionalAccess property in Azure Active Directory. |
+> | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on signInReports in Azure Active Directory. |
+> | microsoft.aad.identityProtection/allEntities/read | Read all resources in microsoft.aad.identityProtection. |
+> | microsoft.aad.privilegedIdentityManagement/allEntities/read | Read all resources in microsoft.aad.privilegedIdentityManagement. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.protectionCenter/allEntities/read | Read all aspects of Office 365 Protection Center. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
### Service Support Administrator permissions
@@ -1772,16 +1798,16 @@ Can read service health information and manage support tickets.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
### SharePoint Service Administrator permissions
@@ -1789,25 +1815,25 @@ Can manage all aspects of the SharePoint service.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.directory/groups.unified/basic/update | Update basic properties of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/create | Create Microsoft 365 groups. |
-| microsoft.directory/groups.unified/delete | Delete Microsoft 365 groups. |
-| microsoft.directory/groups.unified/members/update | Update membership of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/owners/update | Update ownership of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/restore | Restore Microsoft 365 groups |
-| microsoft.office365.network/performance/allProperties/read | Read network performance pages in M365 Admin Center. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.sharepoint/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.office365.sharepoint. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/allProperties/read | Read Office 365 usage reports. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.directory/groups.unified/basic/update | Update basic properties of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/create | Create Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/delete | Delete Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/members/update | Update membership of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/owners/update | Update ownership of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/restore | Restore Microsoft 365 groups |
+> | microsoft.office365.network/performance/allProperties/read | Read network performance pages in M365 Admin Center. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.sharepoint/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.office365.sharepoint. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.usageReports/allEntities/allProperties/read | Read Office 365 usage reports. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
### Teams Communications Administrator permissions
@@ -1815,20 +1841,20 @@ Can manage calling and meetings features within the Microsoft Teams service.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
-| microsoft.teams/meetings/allProperties/allTasks | Manage meetings, including meeting policies, configurations, and conference bridges. |
-| microsoft.teams/voice/allProperties/allTasks | Manage voice, including calling policies and phone number inventory and assignment. |
-| microsoft.teams/callQuality/allProperties/read | Read all data in Call Quality Dashboard (CQD). |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
+> | microsoft.teams/meetings/allProperties/allTasks | Manage meetings, including meeting policies, configurations, and conference bridges. |
+> | microsoft.teams/voice/allProperties/allTasks | Manage voice, including calling policies and phone number inventory and assignment. |
+> | microsoft.teams/callQuality/allProperties/read | Read all data in Call Quality Dashboard (CQD). |
### Teams Communications Support Engineer permissions
@@ -1836,15 +1862,15 @@ Can troubleshoot communications issues within Teams using advanced tools.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.teams/callQuality/allProperties/read | Read all data in Call Quality Dashboard (CQD). |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.teams/callQuality/allProperties/read | Read all data in Call Quality Dashboard (CQD). |
### Teams Communications Support Specialist permissions
@@ -1852,15 +1878,15 @@ Can troubleshoot communications issues within Teams using basic tools.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.teams/callQuality/basic/read | Read basic data in Call Quality Dashboard (CQD). |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.teams/callQuality/basic/read | Read basic data in Call Quality Dashboard (CQD). |
### Teams Devices Administrator permissions
@@ -1868,13 +1894,13 @@ Can perform management related tasks on Teams certified devices.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.teams/devices/basic/read | Manage all aspects of Teams-certified devices including configuration policies. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.teams/devices/basic/read | Manage all aspects of Teams-certified devices including configuration policies. |
### Teams Service Administrator permissions
@@ -1882,75 +1908,77 @@ Can manage the Microsoft Teams service.
> [!NOTE] > This role has additional permissions outside of Azure Active Directory. For more information, see role description above.
->
->
-| **Actions** | **Description** |
-| | |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
-| microsoft.directory/groups/unified/appRoleAssignments/update | Update groups.unified property in Azure Active Directory. |
-| microsoft.directory/groups.unified/basic/update | Update basic properties of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/create | Create Microsoft 365 groups. |
-| microsoft.directory/groups.unified/delete | Delete Microsoft 365 groups. |
-| microsoft.directory/groups.unified/members/update | Update membership of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/owners/update | Update ownership of Microsoft 365 groups. |
-| microsoft.directory/groups.unified/restore | Restore Microsoft 365 groups |
-| microsoft.directory/servicePrincipals/managePermissionGrantsForGroup.microsoft-all-application-permissions | Grant consent to delegated permissions on behalf of a group |
-| microsoft.office365.network/performance/allProperties/read | Read network performance pages in M365 Admin Center. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.skypeForBusiness/allEntities/allTasks | Manage all aspects of Skype for Business Online |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/allProperties/read | Read Office 365 usage reports. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.teams/allEntities/allProperties/allTasks | Manage all resources in Teams. |
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
+> | microsoft.directory/groups/unified/appRoleAssignments/update | Update groups.unified property in Azure Active Directory. |
+> | microsoft.directory/groups.unified/basic/update | Update basic properties of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/create | Create Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/delete | Delete Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/members/update | Update membership of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/owners/update | Update ownership of Microsoft 365 groups. |
+> | microsoft.directory/groups.unified/restore | Restore Microsoft 365 groups |
+> | microsoft.directory/servicePrincipals/managePermissionGrantsForGroup.microsoft-all-application-permissions | Grant consent to delegated permissions on behalf of a group |
+> | microsoft.office365.network/performance/allProperties/read | Read network performance pages in M365 Admin Center. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.skypeForBusiness/allEntities/allTasks | Manage all aspects of Skype for Business Online |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> | microsoft.office365.usageReports/allEntities/allProperties/read | Read Office 365 usage reports. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.teams/allEntities/allProperties/allTasks | Manage all resources in Teams. |
### Usage Summary Reports Reader permissions Can see only tenant level aggregates in M365 Usage Analytics and Productivity Score.
-| **Actions** | **Description** |
-| | |
-| microsoft.office365.usageReports/allEntities/standard/read | Read tenant-level aggregated Office 365 usage reports. |
-| microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal.|
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.office365.usageReports/allEntities/standard/read | Read tenant-level aggregated Office 365 usage reports. |
+> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in microsoft.office365.webPortal.|
### User Administrator permissions Can manage all aspects of users and groups, including resetting passwords for limited admins.
-| **Actions** | **Description** |
-| | |
-| microsoft.directory/appRoleAssignments/create | Create appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/delete | Delete appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/appRoleAssignments/update | Update appRoleAssignments in Azure Active Directory. |
-| microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
-| microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
-| microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
-| microsoft.directory/entitlementManagement/allProperties/allTasks | Create and delete resources, and read and update all properties in Azure AD entitlement management. |
-| microsoft.directory/groups/appRoleAssignments/update | Update groups.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/groups/basic/update | Update basic properties on groups in Azure Active Directory. |
-| microsoft.directory/groups/create | Create groups in Azure Active Directory. |
-| microsoft.directory/groups/createAsOwner | Create groups in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
-| microsoft.directory/groups/delete | Delete groups in Azure Active Directory. |
-| microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
-| microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
-| microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
-| microsoft.directory/groups/restore | Restore groups in Azure Active Directory. |
-| microsoft.directory/groups/settings/update | Update groups.settings property in Azure Active Directory. |
-| microsoft.directory/users/appRoleAssignments/update | Update users.appRoleAssignments property in Azure Active Directory. |
-| microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
-| microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
-| microsoft.directory/users/create | Create users in Azure Active Directory. |
-| microsoft.directory/users/delete | Delete users in Azure Active Directory. |
-| microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
-| microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
-| microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
-| microsoft.directory/users/restore | Restore deleted users in Azure Active Directory. |
-| microsoft.directory/users/userPrincipalName/update | Update users.userPrincipalName property in Azure Active Directory. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
-| microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
-| microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | | |
+> | microsoft.directory/appRoleAssignments/create | Create appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/delete | Delete appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/appRoleAssignments/update | Update appRoleAssignments in Azure Active Directory. |
+> | microsoft.directory/contacts/basic/update | Update basic properties on contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/create | Create contacts in Azure Active Directory. |
+> | microsoft.directory/contacts/delete | Delete contacts in Azure Active Directory. |
+> | microsoft.directory/entitlementManagement/allProperties/allTasks | Create and delete resources, and read and update all properties in Azure AD entitlement management. |
+> | microsoft.directory/groups/appRoleAssignments/update | Update groups.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/groups/basic/update | Update basic properties on groups in Azure Active Directory. |
+> | microsoft.directory/groups/create | Create groups in Azure Active Directory. |
+> | microsoft.directory/groups/createAsOwner | Create groups in Azure Active Directory. Creator is added as the first owner, and the created object counts against the creator's 250 created objects quota. |
+> | microsoft.directory/groups/delete | Delete groups in Azure Active Directory. |
+> | microsoft.directory/groups/hiddenMembers/read | Read groups.hiddenMembers property in Azure Active Directory. |
+> | microsoft.directory/groups/members/update | Update groups.members property in Azure Active Directory. |
+> | microsoft.directory/groups/owners/update | Update groups.owners property in Azure Active Directory. |
+> | microsoft.directory/groups/restore | Restore groups in Azure Active Directory. |
+> | microsoft.directory/groups/settings/update | Update groups.settings property in Azure Active Directory. |
+> | microsoft.directory/users/appRoleAssignments/update | Update users.appRoleAssignments property in Azure Active Directory. |
+> | microsoft.directory/users/assignLicense | Manage licenses on users in Azure Active Directory. |
+> | microsoft.directory/users/basic/update | Update basic properties on users in Azure Active Directory. |
+> | microsoft.directory/users/create | Create users in Azure Active Directory. |
+> | microsoft.directory/users/delete | Delete users in Azure Active Directory. |
+> | microsoft.directory/users/invalidateAllRefreshTokens | Invalidate all user refresh tokens in Azure Active Directory. |
+> | microsoft.directory/users/manager/update | Update users.manager property in Azure Active Directory. |
+> | microsoft.directory/users/password/update | Update passwords for all users in Azure Active Directory. See online documentation for more detail. |
+> | microsoft.directory/users/restore | Restore deleted users in Azure Active Directory. |
+> | microsoft.directory/users/userPrincipalName/update | Update users.userPrincipalName property in Azure Active Directory. |
+> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets for directory-level services. |
+> | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+> | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Microsoft 365 Service Health. |
+> | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
## Role template IDs
@@ -2025,7 +2053,7 @@ Teams Communications Administrator | Teams Communications Administrator | baf37b
Teams Communications Support Engineer | Teams Communications Support Engineer | f70938a0-fc10-4177-9e90-2178f8765737 Teams Communications Support Specialist | Teams Communications Support Specialist | fcf91098-03e3-41a9-b5ba-6f0ec8188a12 Teams Devices Administrator | Teams Devices Administrator | 3d762c5a-1b6c-493f-843e-55a3b42923d4
-Teams Administrator | Teams Administrator | 69091246-20e8-4a56-aa4d-066075b2a7a8
+Teams Service Administrator | Teams Service Administrator | 69091246-20e8-4a56-aa4d-066075b2a7a8
Usage Summary Reports Reader | Usage summary reports reader | 75934031-6c7e-415a-99d7-48dbd49e875e User | Not shown because it can't be used | a0b1b346-4d3e-4e8b-98f8-753987be4970 User Administrator | User administrator | fe930be7-5e62-47db-91af-98c3a49a38b1
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/atea-provisioning-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/atea-provisioning-tutorial.md
@@ -44,7 +44,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
## Step 2. Configure Atea to support provisioning with Azure AD
-To configure Iris Intranet to support provisioning with Azure AD one needs to get the **Tenant URL** and **Secret Token** by dropping a mail to [Atea support team](mailto:servicedesk@atea.dk). These values will be entered in the **Secret Token** and **Tenant URL** field in the Provisioning tab of your Atea's application in Azure portal.
+To configure Atea to support provisioning with Azure AD - please write an email to Atea support team <SSO.Support@atea.com>
## Step 3. Add Atea from the Azure AD application gallery
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/fortes-change-cloud-provisioning-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/fortes-change-cloud-provisioning-tutorial.md
@@ -46,11 +46,11 @@ The scenario outlined in this tutorial assumes that you already have the followi
## Step 2. Configure Fortes Change Cloud to support provisioning with Azure AD
-1. Login with your admin account to Fortes Change Cloud. Click on the **Settings icon** and then navigate to **SCIM Settings**.
+1. Login with your admin account to Fortes Change Cloud. Click on the **Settings icon** and then navigate to **User Provisioning (SCIM)**.
[ ![The Fortes Change Cloud SCIM Setting](media/fortes-change-cloud-provisioning-tutorial/scim-settings.png) ](media/fortes-change-cloud-provisioning-tutorial/scim-settings.png#lightbox)
-2. In the new window, copy and save the **Primary token**. This value will be entered in the Secret Token field in the Provisioning tab of your Fortes Change Cloud application in the Azure portal.
+2. In the new window, copy and save the **Tenant URL** and the **Primary token**. The Tenant URL will be entered in the **Tenant URL** * field and primary token will be entered in the **Secret** * Token field in the Provisioning tab of your Fortes Change Cloud application in the Azure portal.
[ ![The Fortes Change Cloud primary token](media/fortes-change-cloud-provisioning-tutorial/primary-token.png)](media/fortes-change-cloud-provisioning-tutorial/primary-token.png#lightbox)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/getabstract-provisioning-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/getabstract-provisioning-tutorial.md
@@ -0,0 +1,174 @@
+
+ Title: 'Tutorial: Configure getAbstract for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to getAbstract.
+
+documentationcenter: ''
+
+writer: Zhchia
++
+ms.assetid: bd8898f9-7a01-4e85-9dd4-61ae4b01ab5b
+++
+ na
+ms.devlang: na
+ Last updated : 01/25/2021+++
+# Tutorial: Configure getAbstract for automatic user provisioning
+
+This tutorial describes the steps you need to perform in both getAbstract and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [getAbstract](https://www.getabstract.com) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
++
+## Capabilities Supported
+> [!div class="checklist"]
+> * Create users in getAbstract.
+> * Remove users in getAbstract when they do not require access anymore.
+> * Keep user attributes synchronized between Azure AD and getAbstract.
+> * Provision groups and group memberships in getAbstract.
+> * [Single sign-on](getabstract-tutorial.md) to getAbstract (recommended)
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* [An Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+* A user account in Azure AD with [permission](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* A getAbstract tenant (getAbstract Corporate license).
+* SSO enabled on Azure AD tenant and getAbstract tenant.
+* Approval and SCIM enabling for getAbstract (send email to b2b.itsupport@getabstract.com).
+
+## Step 1. Plan your provisioning deployment
+1. Learn about [how the provisioning service works](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning).
+2. Determine who will be in [scope for provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+3. Determine what data to [map between Azure AD and getAbstract](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes).
+
+## Step 2. Configure getAbstract to support provisioning with Azure AD
+1. Sign into getAbstract
+2. Click on the settings icon located in the upper right hand corner and click on the **My Central Admin** option,
+
+ ![getAbstract My Central Admin](media/getabstract-provisioning-tutorial/my-account.png)
+
+3. Locate and click on the **SCIM Admin** option
+
+ ![getAbstract SCIM Admin](media/getabstract-provisioning-tutorial/scim-admin.png)
+
+4. Click on the **Go** button
+
+ ![getAbstract SCIM Client Id](media/getabstract-provisioning-tutorial/scim-client-go.png)
+
+5. Click on the **Generate new token**
+
+ ![getAbstract SCIM Token 1](media/getabstract-provisioning-tutorial/scim-generate-token-step-2.png)
+
+6. If you are sure then click on the **Generate new token** button. Otherwise, click on **Cancel** button
+
+ ![getAbstract SCIM Token 2](media/getabstract-provisioning-tutorial/scim-generate-token-step-1.png)
+
+7. Lastly, you can either click on the copy to clipboard icon or select the whole token and copy it. Also make a note that Tenant/Base URL is `https://www.getabstract.com/api/scim/v2`. These values will be entered in the **Secret Token** * and **Tenant URL** * field in the Provisioning tab of your getAbstract's application in the Azure portal.
+
+ ![getAbstract SCIM Token 3](media/getabstract-provisioning-tutorial/scim-generate-token-step-3.png)
++
+## Step 3. Add getAbstract from the Azure AD application gallery
+
+Add getAbstract from the Azure AD application gallery to start managing provisioning to getAbstract. If you have previously setup getAbstract for SSO you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](https://docs.microsoft.com/azure/active-directory/manage-apps/add-gallery-app).
+
+## Step 4. Define who will be in scope for provisioning
+
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+
+* When assigning users and groups to getAbstract, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) to add additional roles.
+
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
++
+## Step 5. Configure automatic user provisioning to getAbstract
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in TestApp based on user and/or group assignments in Azure AD.
+
+### To configure automatic user provisioning for getAbstract in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+ ![Enterprise applications blade](common/enterprise-applications.png)
+
+2. In the applications list, select **getAbstract**.
+
+ ![The getAbstract link in the Applications list](common/all-applications.png)
+
+3. Select the **Provisioning** tab.
+
+ ![Provisioning tab](common/provisioning.png)
+
+4. Set the **Provisioning Mode** to **Automatic**.
+
+ ![Provisioning tab automatic](common/provisioning-automatic.png)
+
+5. Under the **Admin Credentials** section, input your getAbstract Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to getAbstract. If the connection fails, ensure your getAbstract account has Admin permissions and try again.
+
+ ![Token](common/provisioning-testconnection-tenanturltoken.png)
+
+6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
+
+ ![Notification Email](common/provisioning-notification-email.png)
+
+7. Select **Save**.
+
+8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to getAbstract**.
+
+9. Review the user attributes that are synchronized from Azure AD to getAbstract in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in getAbstract for update operations. If you choose to change the [matching target attribute](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes), you will need to ensure that the getAbstract API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |userName|String|&check;|
+ |active|Boolean|
+ |emails[type eq "work"].value|String|
+ |name.givenName|String|
+ |name.familyName|String|
+ |externalId|String|
+ |preferredLanguage|String|
+
+10. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to getAbstract**.
+
+11. Review the group attributes that are synchronized from Azure AD to getAbstract in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in getAbstract for update operations. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |displayName|String|&check;|
+ |externalId|String|
+ |members|Reference|
+12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+
+13. To enable the Azure AD provisioning service for getAbstract, change the **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+14. Define the users and/or groups that you would like to provision to getAbstract by choosing the desired values in **Scope** in the **Settings** section.
+
+ ![Provisioning Scope](common/provisioning-scope.png)
+
+15. When you are ready to provision, click **Save**.
+
+ ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
+
+## Step 6. Monitor your deployment
+Once you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs) to determine which users have been provisioned successfully or unsuccessfully
+* Check the [progress bar](https://docs.microsoft.com/azure/active-directory/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user) to see the status of the provisioning cycle and how close it is to completion
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-quarantine-status).
+
+## Additional resources
+
+* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/m-files-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/m-files-tutorial.md
@@ -125,7 +125,7 @@ To configure Azure AD single sign-on with M-Files, perform the following steps:
>[!NOTE] >Follow the next steps if you want to configure SSO for you M-File desktop application. No extra steps are required if you only want to configure SSO for M-Files web version.
-1. Follow the next steps to configure the M-File desktop application to enable SSO with Azure AD. To download M-Files, go to [M-Files download](https://www.m-files.com/en/download-latest-version) page.
+1. Follow the next steps to configure the M-File desktop application to enable SSO with Azure AD. To download M-Files, go to [M-Files download](https://www.m-files.com/customers/product-downloads/download-update-links/) page.
1. Open the **M-Files Desktop Settings** window. Then, click **Add**.
active-directory https://docs.microsoft.com/en-us/azure/active-directory/user-help/my-account-find-administrator https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-find-administrator.md
@@ -0,0 +1,59 @@
+
+ Title: Find an administrator for My Account - Azure AD
+description: How to find the Azure AD administrator in your organization, for My Account users
+++++++++ Last updated : 07/29/2020+++
+# Find an administrator to change my information in My Account
+
+Your IT or human resources department may keep some of your profile information in separate systems; for example, your profile photo or your name or title. If you're not allowed to change this information yourself, contact your human resources department or admin to have them change it for you.
+
+## Why can't you just give me the name of who to contact?
+
+We would have liked to give you the name or the email address of who to contact, but Microsoft doesn't have this information. In this article are some suggestions that may help you find out who your admin is.
+
+## How do I find out who my admin is?
+
+When looking for your My Account admin to update certain information, reset your password, delete an account, or do other tasks, here's some pointers to who you should contact:
+
+- Universities and schools: Contact your technical support team. Usually you can find a link on your university site. At smaller schools, there may be just a couple technical people who have admin permissions.
+
+- Large businesses: Contact your organization's internal help desk or technical support.
+
+- Small businesses: Contact the business owner or co-owner. Often they give admin permissions to their IT consultant who does all the computer maintenance work for their business.
+
+If you don't know who to contact at your work or school for help, try asking the person who gave you your My Account user account and password.
+
+## Next steps
+
+- Select to view or manage your [security info](./security-info-setup-signin.md)
+
+- View or manage your connected [devices](my-account-portal-devices-page.md)
+
+- View and manage your [organizations](my-account-portal-organizations-page.md)
+
+- View your [sign-in activity](my-account-portal-sign-ins-page.md)
+
+- View how your organization [uses your privacy-related data](my-account-portal-privacy-page.md)
+
+- Change your [My Account portal settings](my-account-portal-settings.md)
+
+## Related Microsoft Office content
+
+- [Sign in to manage your Office product](https://support.office.com/article/sign-in-to-manage-your-office-product-959ac957-8d37-4ae4-b1b6-d6e4874e013f)
+
+- [Go to the Office **My Account** page](https://portal.office.com/account/)
+
+- [Go to the Office **My installs** page](https://portal.office.com/account/#installs)
+
+- [Go to the Office **Subscriptions** page](https://portal.office.com/account/#subscriptions)
aks https://docs.microsoft.com/en-us/azure/aks/availability-zones https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/availability-zones.md
@@ -30,9 +30,11 @@ AKS clusters can currently be created using availability zones in the following
* East US * East US 2 * France Central
+* Germany West Central
* Japan East * North Europe * Southeast Asia
+* South Central US
* UK South * West Europe * West US 2
aks https://docs.microsoft.com/en-us/azure/aks/custom-node-configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/custom-node-configuration.md
@@ -161,7 +161,7 @@ Create a `linuxosconfig.json` file with the following contents:
} ```
-Create a new cluster specifying the kublet and OS configurations using the JSON files created in the previous step.
+Create a new cluster specifying the kubelet and OS configurations using the JSON files created in the previous step.
> [!NOTE] > When you create a cluster, you can specify the kubelet configuration, OS configuration, or both. If you specify a configuration when creating a cluster, only the nodes in the initial node pool will have that configuration applied. Any settings not configured in the JSON file will retain the default value.
@@ -215,4 +215,4 @@ az aks nodepool add --name mynodepool1 --cluster-name myAKSCluster --resource-gr
[az-aks-nodepool-update]: https://github.com/Azure/azure-cli-extensions/tree/master/src/aks-preview#enable-cluster-auto-scaler-for-a-node-pool [autoscaler-scaledown]: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-types-of-pods-can-prevent-ca-from-removing-a-node [autoscaler-parameters]: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-the-parameters-to-ca
-[kubernetes-faq]: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#ca-doesnt-work-but-it-used-to-work-yesterday-why
+[kubernetes-faq]: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#ca-doesnt-work-but-it-used-to-work-yesterday-why
aks https://docs.microsoft.com/en-us/azure/aks/managed-aad https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/managed-aad.md
@@ -3,8 +3,8 @@ Title: Use Azure AD in Azure Kubernetes Service
description: Learn how to use Azure AD in Azure Kubernetes Service (AKS) Previously updated : 08/26/2020- Last updated : 02/1/2021+ # AKS-managed Azure Active Directory integration
aks https://docs.microsoft.com/en-us/azure/aks/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Kubernetes Service description: Lists Azure Policy built-in policy definitions for Azure Kubernetes Service. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
aks https://docs.microsoft.com/en-us/azure/aks/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS) description: Lists Azure Policy Regulatory Compliance controls available for Azure Kubernetes Service (AKS). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
aks https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/use-azure-ad-pod-identity.md
@@ -11,6 +11,9 @@ Last updated 12/01/2020
Azure Active Directory pod-managed identities uses Kubernetes primitives to associate [managed identities for Azure resources][az-managed-identities] and identities in Azure Active Directory (AAD) with pods. Administrators create identities and bindings as Kubernetes primitives that allow pods to access Azure resources that rely on AAD as an identity provider.
+> [!NOTE]
+> If you have an existing installation of AADPODIDENTITY, you must remove the existing installation. Enabling this feature means that the MIC component isn't needed.
+ [!INCLUDE [preview features callout](./includes/preview/preview-callout.md)] ## Before you begin
analysis-services https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-server-admins https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/analysis-services/analysis-services-server-admins.md
@@ -4,7 +4,7 @@ description: This article describes how to manage server administrators for an A
Previously updated : 11/30/2020 Last updated : 2/4/2021
@@ -15,6 +15,8 @@ Server administrators must be a valid user, service principal, or security group
When adding a **security group**, use `obj:groupid@tenantid`. Service principals are not supported in security groups added to the server administrator role.
+To learn more about adding a service principal to the server admin role, see [Add a service principal to the server administrator role](analysis-services-addservprinc-admins.md).
+ If server firewall is enabled, server administrator client computer IP addresses must be included in a firewall rule. To learn more, see [Configure server firewall](analysis-services-qs-firewall.md). ## To add server administrators by using Azure portal
api-management https://docs.microsoft.com/en-us/azure/api-management/api-management-dapr-policies https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-dapr-policies.md
@@ -106,7 +106,7 @@ The policy assumes that Dapr runtime is running in a sidecar container in the sa
### Policy statement ```xml
-<publish-to-dapr pubsub-name="pubsub-name" topic=ΓÇ¥topic-nameΓÇ¥ ignore-error="false|true" response-variable-name="resp-var-name" timeout="in seconds" template=ΓÇ¥LiquidΓÇ¥ content-type="application/json">
+<publish-to-dapr pubsub-name="pubsub-name" topic="topic-name" ignore-error="false|true" response-variable-name="resp-var-name" timeout="in seconds" template="Liquid" content-type="application/json">
<!-- message content --> </publish-to-dapr> ```
@@ -178,9 +178,9 @@ The policy assumes that Dapr runtime is running in a sidecar container in the sa
### Policy statement ```xml
-<invoke-dapr-binding name=ΓÇ¥bind-name" operation="op-name" ignore-error="false|true" response-variable-name="resp-var-name" timeout="in seconds" template=ΓÇ¥Liquid content-type="application/json">
+<invoke-dapr-binding name="bind-name" operation="op-name" ignore-error="false|true" response-variable-name="resp-var-name" timeout="in seconds" template="Liquid" content-type="application/json">
<metadata>
- <item key=ΓÇ¥item-nameΓÇ¥><!-- item-value --></item>
+ <item key="item-name"><!-- item-value --></item>
</metadata> <data> <!-- message content -->
api-management https://docs.microsoft.com/en-us/azure/api-management/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure API Management description: Lists Azure Policy built-in policy definitions for Azure API Management. These built-in policy definitions provide approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
api-management https://docs.microsoft.com/en-us/azure/api-management/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure API Management description: Lists Azure Policy Regulatory Compliance controls available for Azure API Management. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
app-service https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/app-service-hybrid-connections.md
@@ -5,7 +5,7 @@
ms.assetid: 66774bde-13f5-45d0-9a70-4e9536a4f619 Previously updated : 06/08/2020 Last updated : 02/04/2020
@@ -38,7 +38,7 @@ There are a number of benefits to the Hybrid Connections capability, including:
- It normally does not require firewall holes. The connections are all outbound over standard web ports. - Because the feature is network level, it is agnostic to the language used by your app and the technology used by the endpoint. - It can be used to provide access in multiple networks from a single app. -- It is supported in GA for Windows native apps and is in preview for Linux apps. It is not supported for Windows container apps.
+- It is supported in GA for Windows apps and Linux apps. It is not supported for Windows container apps.
### Things you cannot do with Hybrid Connections ###
app-service https://docs.microsoft.com/en-us/azure/app-service/monitor-instances-health-check https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/monitor-instances-health-check.md
@@ -13,7 +13,7 @@
![Health check failure][2]
-This article uses Health check in the Azure portal to monitor App Service instances. Health check increases your application's availability by removing unhealthy instances. Your [App Service plan](/overview-hosting-plans) should be scaled to two or more instances to use Health check. The Health check path should check critical components of your application. For example, if your application depends on a database and a messaging system, the Health check endpoint should connect to those components. If the application cannot connect to a critical component, then the path should return a 500-level response code to indicate the app is unhealthy.
+This article uses Health check in the Azure portal to monitor App Service instances. Health check increases your application's availability by removing unhealthy instances. Your [App Service plan](/azure/app-service/overview-hosting-plans) should be scaled to two or more instances to use Health check. The Health check path should check critical components of your application. For example, if your application depends on a database and a messaging system, the Health check endpoint should connect to those components. If the application cannot connect to a critical component, then the path should return a 500-level response code to indicate the app is unhealthy.
## What App Service does with Health checks
app-service https://docs.microsoft.com/en-us/azure/app-service/overview-manage-costs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/overview-manage-costs.md
@@ -121,7 +121,7 @@ If you plan to utilize a known minimum number of compute instances for one year
The reserved instance pricing applies to the applicable instances in your subscription, up to the number of instances that you reserve. The reserved instances are a billing matter and are not tied to specific compute instances. If you run fewer instances than you reserve at any point during the reservation period, you still pay for the reserved instances. If you run more instances than you reserve at any point during the reservation period, you pay the normal accrued cost for the additional instances.
-The **Isolated** tier (App Service environment) also supports 1-year and 3-year reservations at reduced pricing. For more information, see [How reservation discounts apply to Azure App Service Isolated Stamps](../cost-management-billing/reservations/reservation-discount-app-service-isolated-stamp.md).
+The **Isolated** tier (App Service environment) also supports 1-year and 3-year reservations at reduced pricing. For more information, see [How reservation discounts apply to Azure App Service](../cost-management-billing/reservations/reservation-discount-app-service.md).
## Monitor costs
app-service https://docs.microsoft.com/en-us/azure/app-service/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure App Service description: Lists Azure Policy built-in policy definitions for Azure App Service. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
app-service https://docs.microsoft.com/en-us/azure/app-service/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure App Service description: Lists Azure Policy Regulatory Compliance controls available for Azure App Service. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
app-service https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/troubleshoot-diagnostic-logs.md
@@ -166,7 +166,7 @@ For Windows apps, the ZIP file contains the contents of the *D:\Home\LogFiles* d
| **Application logs** |*/LogFiles/Application/* | Contains one or more text files. The format of the log messages depends on the logging provider you use. | | **Failed Request Traces** | */LogFiles/W3SVC#########/* | Contains XML files, and an XSL file. You can view the formatted XML files in the browser. | | **Detailed Error Logs** | */LogFiles/DetailedErrors/* | Contains HTM error files. You can view the HTM files in the browser.<br/>Another way to view the failed request traces is to navigate to your app page in the portal. From the left menu, select **Diagnose and solve problems**, then search for **Failed Request Tracing Logs**, then click the icon to browse and view the trace you want. |
-| **Web Server Logs** | */LogFiles/http/RawLogs/* | Contains text files formatted using the [W3C extended log file format](/windows/desktop/Http/w3c-logging). This information can be read using a text editor or a utility like [Log Parser](https://go.microsoft.com/fwlink/?LinkId=246619).<br/>App Service doesn't support the `s-computername`, `s-ip`, or `cs-version` fields. |
+| **Web Server Logs** | */LogFiles/http/RawLogs/* | Contains text files formatted using the [W3C extended log file format](/windows/desktop/Http/w3c-logging). This information can be read using a text editor or a utility like [Log Parser](https://www.iis.net/downloads/community/2010/04/log-parser-22).<br/>App Service doesn't support the `s-computername`, `s-ip`, or `cs-version` fields. |
| **Deployment logs** | */LogFiles/Git/* and */deployments/* | Contain logs generated by the internal deployment processes, as well as logs for Git deployments. | ## Send logs to Azure Monitor (preview)
app-service https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-dotnet-visual-studio https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/troubleshoot-dotnet-visual-studio.md
@@ -464,7 +464,7 @@ Any logs that you can monitor in the **Output** window can also be downloaded as
:::image type="content" source="./media/web-sites-dotnet-troubleshoot-visual-studio/tws-logfilefolders.png" alt-text="Screenshot of the .zip file folder structure after the file has been extracted."::: * Application tracing logs are in *.txt* files in the *LogFiles\Application* folder.
- * Web server logs are in *.log* files in the *LogFiles\http\RawLogs* folder. You can use a tool such as [Log Parser](https://www.microsoft.com/download/details.aspx?displaylang=en&id=24659) to view and manipulate these files.
+ * Web server logs are in *.log* files in the *LogFiles\http\RawLogs* folder. You can use a tool such as [Log Parser](https://www.iis.net/downloads/community/2010/04/log-parser-22) to view and manipulate these files.
* Detailed error message logs are in *.html* files in the *LogFiles\DetailedErrors* folder. (The *deployments* folder is for files created by source control publishing; it doesn't have anything related to Visual Studio publishing. The *Git* folder is for traces related to source control publishing and the log file streaming service.)
@@ -673,7 +673,7 @@ Also, you don't need to use ASP.NET or `System.Diagnostics` tracing to get strea
### Analyzing web server logs For more information about analyzing web server logs, see the following resources:
-* [LogParser](https://www.microsoft.com/download/details.aspx?id=24659)<br/>
+* [LogParser](https://www.iis.net/downloads/community/2010/04/log-parser-22)<br/>
A tool for viewing data in web server logs (*.log* files). * [Troubleshooting IIS Performance Issues or Application Errors using LogParser](https://www.iis.net/learn/troubleshoot/performance-issues/troubleshooting-iis-performance-issues-or-application-errors-using-logparser)<br/> An introduction to the Log Parser tool that you can use to analyze web server logs.
app-service https://docs.microsoft.com/en-us/azure/app-service/tutorial-python-postgresql-app https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/tutorial-python-postgresql-app.md
@@ -391,7 +391,7 @@ Open an SSH session again in the browser by navigating to `https://<app-name>.sc
``` cd $APP_PATH source /antenv/bin/activate
-pip instal -r requirements.txt
+pip install -r requirements.txt
python manage.py migrate ```
application-gateway https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/rewrite-http-headers.md
@@ -64,21 +64,21 @@ Application gateway supports these server variables:
| client_port | The client port. | | client_tcp_rtt | Information about the client TCP connection. Available on systems that support the TCP_INFO socket option. | | client_user | When HTTP authentication is used, the user name supplied for authentication. |
-| host | In this order of precedence: the host name from the request line, the host name from the Host request header field, or the server name matching a request. Example: in the request *http://contoso.com:8080/article.aspx?id=123&title=fabrikam*, host value will be is *contoso.com* |
+| host | In this order of precedence: the host name from the request line, the host name from the Host request header field, or the server name matching a request. Example: in the request `http://contoso.com:8080/article.aspx?id=123&title=fabrikam`, host value will be is *contoso.com* |
| cookie_*name* | The *name* cookie. | | http_method | The method used to make the URL request. For example, GET or POST. | | http_status | The session status. For example, 200, 400, or 403. | | http_version | The request protocol. Usually HTTP/1.0, HTTP/1.1, or HTTP/2.0. |
-| query_string | The list of variable/value pairs that follows the "?" in the requested URL. Example: in the request *http://contoso.com:8080/article.aspx?id=123&title=fabrikam*, query_string value will be *id=123&title=fabrikam* |
+| query_string | The list of variable/value pairs that follows the "?" in the requested URL. Example: in the request `http://contoso.com:8080/article.aspx?id=123&title=fabrikam`, query_string value will be *id=123&title=fabrikam* |
| received_bytes | The length of the request (including the request line, header, and request body). | | request_query | The arguments in the request line. | | request_scheme | The request scheme: http or https. |
-| request_uri | The full original request URI (with arguments). Example: in the request *http://contoso.com:8080/article.aspx?id=123&title=fabrikam*, request_uri value will be */article.aspx?id=123&title=fabrikam* |
+| request_uri | The full original request URI (with arguments). Example: in the request `http://contoso.com:8080/article.aspx?id=123&title=fabrikam`, request_uri value will be */article.aspx?id=123&title=fabrikam* |
| sent_bytes | The number of bytes sent to a client. | | server_port | The port of the server that accepted a request. | | ssl_connection_protocol | The protocol of an established TLS connection. | | ssl_enabled | ΓÇ£OnΓÇ¥ if the connection operates in TLS mode. Otherwise, an empty string. |
-| uri_path | Identifies the specific resource in the host that the web client wants to access. This is the part of the request URI without the arguments. Example: in the request *http://contoso.com:8080/article.aspx?id=123&title=fabrikam*, uri_path value will be */article.aspx* |
+| uri_path | Identifies the specific resource in the host that the web client wants to access. This is the part of the request URI without the arguments. Example: in the request `http://contoso.com:8080/article.aspx?id=123&title=fabrikam`, uri_path value will be */article.aspx* |
## Rewrite configuration
automanage https://docs.microsoft.com/en-us/azure/automanage/automanage-virtual-machines https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automanage/automanage-virtual-machines.md
@@ -37,7 +37,6 @@ Lastly, the experience is incredibly simple.
There are several prerequisites to consider before trying to enable Azure Automanage on your virtual machines. - Windows Server VMs only-- VMs must be running - VMs must be in a supported region (see paragraph below) - User must have correct permissions (see paragraph below) - Automanage does not support Sandbox subscriptions at this time
automation https://docs.microsoft.com/en-us/azure/automation/automation-create-standalone-account https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/automation-create-standalone-account.md
@@ -99,4 +99,4 @@ Classic Run As accounts are not created by default when you create an Azure Auto
* To get started with PowerShell runbooks, see [Tutorial: Create a PowerShell runbook](learn/automation-tutorial-runbook-textual-powershell.md). * To get started with PowerShell Workflow runbooks, see [Tutorial: Create a PowerShell workflow runbook](learn/automation-tutorial-runbook-textual.md). * To get started with Python 3 runbooks, see [Tutorial: Create a Python 3 runbook](learn/automation-tutorial-runbook-textual-python-3.md).
-* For a PowerShell cmdlet reference, see [Az.Automation](/powershell/module/az.automation&preserve-view=true#automation).
+* For a PowerShell cmdlet reference, see [Az.Automation](/powershell/module/az.automation).
automation https://docs.microsoft.com/en-us/azure/automation/automation-use-azure-ad https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/automation-use-azure-ad.md
@@ -45,7 +45,7 @@ Before installing the Azure AD modules on your computer:
1. Ensure that the Microsoft .NET Framework 3.5.x feature is enabled on your computer. It's likely that your computer has a newer version installed, but backward compatibility with older versions of the .NET Framework can be enabled or disabled.
-2. Install the 64-bit version of the [Microsoft Online Services Sign-in Assistant](https://www.microsoft.com/download/details.aspx?id=41950).
+2. Install the 64-bit version of the [Microsoft Online Services Sign-in Assistant](https://www.microsoft.com/Download/details.aspx?id=28177).
3. Run Windows PowerShell as an administrator to create an elevated Windows PowerShell command prompt.
automation https://docs.microsoft.com/en-us/azure/automation/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Automation description: Lists Azure Policy built-in policy definitions for Azure Automation. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
automation https://docs.microsoft.com/en-us/azure/automation/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Automation description: Lists Azure Policy Regulatory Compliance controls available for Azure Automation. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
automation https://docs.microsoft.com/en-us/azure/automation/shared-resources/modules https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/shared-resources/modules.md
@@ -3,7 +3,7 @@ Title: Manage modules in Azure Automation
description: This article tells how to use PowerShell modules to enable cmdlets in runbooks and DSC resources in DSC configurations. Previously updated : 01/25/2021 Last updated : 02/01/2021
@@ -35,7 +35,11 @@ These are known limitations with the sandbox. The recommended workaround is to d
## Default modules
-The following table lists modules that Azure Automation imports by default when you create your Automation account. Automation can import newer versions of these modules. However, you can't remove the original version from your Automation account, even if you delete a newer version. Note that these default modules include several AzureRM modules.
+The following table lists modules that Azure Automation imports by default when you create your Automation account. Automation can import newer versions of these modules. However, you can't remove the original version from your Automation account, even if you delete a newer version. Note that these default modules include several AzureRM modules.
+
+The default modules are also known as global modules. In the Azure portal, the **Global module** property will be **true** when viewing a module that was imported when the account was created.
+
+![Screenshot of global module property in Azure Portal](../media/modules/automation-global-modules.png)
Automation doesn't import the root Az module automatically into any new or existing Automation accounts. For more about working with these modules, see [Migrating to Az modules](#migrate-to-az-modules).
azure-app-configuration https://docs.microsoft.com/en-us/azure/azure-app-configuration/concept-app-configuration-event https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/concept-app-configuration-event.md
@@ -15,11 +15,11 @@
Azure App Configuration events enable applications to react to changes in key-values. This is done without the need for complicated code or expensive and inefficient polling services. Instead, events are pushed through [Azure Event Grid](https://azure.microsoft.com/services/event-grid/) to subscribers such as [Azure Functions](https://azure.microsoft.com/services/functions/), [Azure Logic Apps](https://azure.microsoft.com/services/logic-apps/), or even to your own custom http listener. Critically, you only pay for what you use.
-Azure App Configuration events are sent to the Azure Event Grid which provides reliable delivery services to your applications through rich retry policies and dead-letter delivery. To learn more, see [Event Grid message delivery and retry](../event-grid/delivery-and-retry.md).
+Azure App Configuration events are sent to the Azure Event Grid, which provides reliable delivery services to your applications through rich retry policies and dead-letter delivery. To learn more, see [Event Grid message delivery and retry](../event-grid/delivery-and-retry.md).
Common App Configuration event scenarios include refreshing application configuration, triggering deployments, or any configuration-oriented workflow. When changes are infrequent, but your scenario requires immediate responsiveness, event-based architecture can be especially efficient.
-Take a look at [Route Azure App Configuration events to a custom web endpoint - CLI](./howto-app-configuration-event.md) for a quick example.
+Take a look at [Use Event Grid for data change notifications](./howto-app-configuration-event.md) for a quick example.
![Event Grid Model](./media/event-grid-functional-model.png)
@@ -84,4 +84,4 @@ Applications that handle App Configuration events should follow these recommende
Learn more about Event Grid and give Azure App Configuration events a try: - [About Event Grid](../event-grid/overview.md)-- [Route Azure App Configuration events to a custom web endpoint](./howto-app-configuration-event.md)
+- [How to use Event Grid for data change notifications](./howto-app-configuration-event.md)
azure-app-configuration https://docs.microsoft.com/en-us/azure/azure-app-configuration/howto-app-configuration-event https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/howto-app-configuration-event.md
@@ -1,6 +1,6 @@
Title: Send Events to a web endpoint using Azure App Configuration
-description: Learn to use Azure App Configuration event subscriptions to send key-value modification events to a web endpoint
+ Title: Use Event Grid for App Configuration data change notifications
+description: Learn how to use Azure App Configuration event subscriptions to send key-value modification events to a web endpoint
ms.assetid:
@@ -15,7 +15,7 @@
#Customer intent: I want to be notified or trigger a workload when a key-value is modified.
-# Route Azure App Configuration events to a web endpoint with Azure CLI
+# Use Event Grid for App Configuration data change notifications
In this article, you learn how to set up Azure App Configuration event subscriptions to send key-value modification events to a web endpoint. Azure App Configuration users can subscribe to events emitted whenever key-values are modified. These events can trigger web hooks, Azure Functions, Azure Storage Queues, or any other event handler that is supported by Azure Event Grid. Typically, you send events to an endpoint that processes the event data and takes actions. However, to simplify this article, you send the events to a web app that collects and displays the messages.
azure-app-configuration https://docs.microsoft.com/en-us/azure/azure-app-configuration/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure App Configuration description: Lists Azure Policy built-in policy definitions for Azure App Configuration. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-app-configuration https://docs.microsoft.com/en-us/azure/azure-app-configuration/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure App Configuration description: Lists Azure Policy Regulatory Compliance controls available for Azure App Configuration. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-arc https://docs.microsoft.com/en-us/azure/azure-arc/kubernetes/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/kubernetes/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Arc enabled Kubernetes description: Lists Azure Policy built-in policy definitions for Azure Arc enabled Kubernetes. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021 #
azure-arc https://docs.microsoft.com/en-us/azure/azure-arc/servers/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Arc enabled servers description: Lists Azure Policy built-in policy definitions for Azure Arc enabled servers (preview). These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-arc https://docs.microsoft.com/en-us/azure/azure-arc/servers/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Arc enabled servers (preview) description: Lists Azure Policy Regulatory Compliance controls available for Azure Arc enabled servers (preview). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-cache-for-redis https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Cache for Redis description: Lists Azure Policy built-in policy definitions for Azure Cache for Redis. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-cache-for-redis https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Cache for Redis description: Lists Azure Policy Regulatory Compliance controls available for Azure Cache for Redis. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/analyze-telemetry-data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/analyze-telemetry-data.md
@@ -135,6 +135,18 @@ The following telemetry queries are specific to metrics that impact the cost of
[!INCLUDE [functions-consumption-metrics-queries](../../includes/functions-consumption-metrics-queries.md)]
+## Azure Monitor metrics
+
+In addition to telemetry data collected by Application Insights, you can also get data about how the function app is running from [Azure Monitor Metrics](../azure-monitor/platform/data-platform-metrics.md). Along with the usual [metrics available to App Service apps](../app-service/web-sites-monitor.md#understand-metrics), there are two metrics specific to Functions that are of interest:
+
+| Metric | Description |
+| - | - |
+| **FunctionExecutionCount** | Function execution count indicates the number of times your function app has executed. This correlates to the number of times a function runs in your app. This metric isn't currently supported for Premium and Dedicated (App Service) plans running on Linux. |
+| **FunctionExecutionUnits** | Function execution units are a combination of execution time and your memory usage. Memory data isn't a metric currently available through Azure Monitor. However, if you want to optimize the memory usage of your app, can use the performance counter data collected by Application Insights. This metric isn't currently supported for Premium and Dedicated (App Service) plans running on Linux.|
+
+To learn more about calculating costs for a Consumption plan using Application Insights data, see [Estimating Consumption plan costs](functions-consumption-costs.md). To learn more about using Monitor Explorer to view metrics, see [Getting started with Azure Metrics Explorer](../azure-monitor/platform/metrics-getting-started.md).
++ ## Next steps Learn more about monitoring Azure Functions:
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/disable-function https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/disable-function.md
@@ -2,7 +2,7 @@
Title: How to disable functions in Azure Functions description: Learn how to disable and enable functions in Azure Functions. Previously updated : 04/08/2020 Last updated : 02/03/2021
@@ -10,7 +10,7 @@
This article explains how to disable a function in Azure Functions. To *disable* a function means to make the runtime ignore the automatic trigger that's defined for the function. This lets you prevent a specific function from running without stopping the entire function app.
-The recommended way to disable a function is with an app setting in the format `AzureWebJobs.<FUNCTION_NAME>.Disabled` set to `true`. You can create and modify this application setting in a number of ways, including by using the [Azure CLI](/cli/azure/) and from your function's **Manage** tab in the [Azure portal](https://portal.azure.com).
+The recommended way to disable a function is with an app setting in the format `AzureWebJobs.<FUNCTION_NAME>.Disabled` set to `true`. You can create and modify this application setting in a number of ways, including by using the [Azure CLI](/cli/azure/) and from your function's **Overview** tab in the [Azure portal](https://portal.azure.com).
> [!NOTE] > When you disable an HTTP triggered function by using the methods described in this article, the endpoint may still by accessible when running on your local computer.
@@ -35,10 +35,12 @@ az functionapp config appsettings set --name <myFunctionApp> \
## Use the Portal
-You can also use the **Enable** and **Disable** buttons on the function's **Overview** page. These buttons work by changing the value of the `AzureWebJobs.<FUNCTION_NAME>.Disabled` app setting. This function-specific setting is created the first time it's disabled.
+You can also use the **Enable** and **Disable** buttons on the function's **Overview** page. These buttons work by changing the value of the `AzureWebJobs.<FUNCTION_NAME>.Disabled` app setting. This function-specific setting is created the first time it's disabled.
![Function state switch](media/disable-function/function-state-switch.png)
+Even when you publish to your function app from a local project, you can still use the portal to disable functions in the function app.
+ > [!NOTE] > The portal-integrated testing functionality ignores the `Disabled` setting. This means that a disabled function still runs when started from the **Test** window in the portal.
@@ -52,7 +54,7 @@ Functions can be disabled in the same way when running locally. To disable a fun
"Values": { "FUNCTIONS_WORKER_RUNTIME": "python", "AzureWebJobsStorage": "UseDevelopmentStorage=true",
- "AzureWebJobs.HttpExample.Disabled": "true"
+ "AzureWebJobs.HttpExample.Disabled": "true"
} } ```
@@ -63,23 +65,7 @@ While the application setting method is recommended for all languages and all ru
### C# class libraries
-In a class library function, you can also use the `Disable` attribute to prevent the function from being triggered. You can use the attribute without a constructor parameter, as shown in the following example:
-
-```csharp
-public static class QueueFunctions
-{
- [Disable]
- [FunctionName("QueueTrigger")]
- public static void QueueTrigger(
- [QueueTrigger("myqueue-items")] string myQueueItem,
- TraceWriter log)
- {
- log.Info($"C# function processed: {myQueueItem}");
- }
-}
-```
-
-The attribute without a constructor parameter requires that you recompile and redeploy the project to change the function's disabled state. A more flexible way to use the attribute is to include a constructor parameter that refers to a Boolean app setting, as shown in the following example:
+In a class library function, you can also use the `Disable` attribute to prevent the function from being triggered. This attribute lets you customize the name of the setting used to disable the function. Use the version of the attribute that lets you define a constructor parameter that refers to a Boolean app setting, as shown in the following example:
```csharp public static class QueueFunctions
@@ -97,12 +83,7 @@ public static class QueueFunctions
This method lets you enable and disable the function by changing the app setting, without recompiling or redeploying. Changing an app setting causes the function app to restart, so the disabled state change is recognized immediately.
-> [!IMPORTANT]
-> The `Disabled` attribute is the only way to disable a class library function. The generated *function.json* file for a class library function is not meant to be edited directly. If you edit that file, whatever you do to the `disabled` property will have no effect.
->
-> The same goes for the **Function state** switch on the **Manage** tab, since it works by changing the *function.json* file.
->
-> Also, note that the portal may indicate the function is disabled when it isn't.
+There's also a constructor for the parameter that doesn't accept a string for the setting name. This version of the attribute isn't recommended. If you use this version, you must recompile and redeploy the project to change the function's disabled state.
### Functions 1.x - scripting languages
@@ -134,7 +115,7 @@ or
In the second example, the function is disabled when there is an app setting that is named IS_DISABLED and is set to `true` or 1. >[!IMPORTANT]
->The portal now uses application settings to disable v1.x functions. When an application setting conflicts with the function.json file, an error can occur. You should remove the `disabled` property from the function.json file to prevent errors.
+>The portal uses application settings to disable v1.x functions. When an application setting conflicts with the function.json file, an error can occur. You should remove the `disabled` property from the function.json file to prevent errors.
## Next steps
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-external-events https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/durable/durable-functions-external-events.md
@@ -15,7 +15,7 @@ Orchestrator functions have the ability to wait and listen for external events.
## Wait for events
-The [WaitForExternalEvent](https://azure.github.io/azure-functions-durable-extension/api/Microsoft.Azure.WebJobs.DurableOrchestrationContext.html#Microsoft_Azure_WebJobs_DurableOrchestrationContext_WaitForExternalEvent_) (.NET), `waitForExternalEvent` (JavaScript), and `wait_for_external_event` (Python) methods of the [orchestration trigger binding](durable-functions-bindings.md#orchestration-trigger) allow an orchestrator function to asynchronously wait and listen for an external event. The listening orchestrator function declares the *name* of the event and the *shape of the data* it expects to receive.
+The [WaitForExternalEvent](/dotnet/api/microsoft.azure.webjobs.durableorchestrationcontextbase.waitforexternalevent?view=azure-dotnet-legacy) (.NET), `waitForExternalEvent` (JavaScript), and `wait_for_external_event` (Python) methods of the [orchestration trigger binding](durable-functions-bindings.md#orchestration-trigger) allow an orchestrator function to asynchronously wait and listen for an external event. The listening orchestrator function declares the *name* of the event and the *shape of the data* it expects to receive.
# [C#](#tab/csharp)
@@ -225,7 +225,7 @@ main = df.Orchestrator.create(orchestrator_function)
## Send events
-You can use the [RaiseEventAsync](https://azure.github.io/azure-functions-durable-extension/api/Microsoft.Azure.WebJobs.DurableOrchestrationClient.html#Microsoft_Azure_WebJobs_DurableOrchestrationClient_RaiseEventAsync_) (.NET) or `raiseEventAsync` (JavaScript) methods to send an external event to an orchestration. These methods are exposed by the [orchestration client](durable-functions-bindings.md#orchestration-client) binding. You can also use the built-in [raise event HTTP API](durable-functions-http-api.md#raise-event) to send an external event to an orchestration.
+You can use the [RaiseEventAsync](/dotnet/api/microsoft.azure.webjobs.durableorchestrationclientbase.raiseeventasync?view=azure-dotnet-legacy) (.NET) or `raiseEventAsync` (JavaScript) methods to send an external event to an orchestration. These methods are exposed by the [orchestration client](durable-functions-bindings.md#orchestration-client) binding. You can also use the built-in [raise event HTTP API](durable-functions-http-api.md#raise-event) to send an external event to an orchestration.
A raised event includes an *instance ID*, an *eventName*, and *eventData* as parameters. Orchestrator functions handle these events using the `WaitForExternalEvent` (.NET) or `waitForExternalEvent` (JavaScript) APIs. The *eventName* must match on both the sending and receiving ends in order for the event to be processed. The event data must also be JSON-serializable.
azure-functions https://docs.microsoft.com/en-us/azure/azure-functions/functions-monitoring https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-monitoring.md
@@ -85,6 +85,10 @@ See the developer guide for your language to learn more about writing logs from
+ [PowerShell](functions-reference-powershell.md#logging) + [Python](functions-reference-python.md#logging)
+## Analyze data
+
+By default, the data collected from your function app is stored in Application Insights. In the [Azure portal](https://portal.azure.com), Application Insights provides an extensive set of visualizations of your telemetry data. You can drill into error logs and query events and metrics. To learn more, including basic examples of how to view and query your collected data, see [Analyze Azure Functions telemetry in Application Insights](analyze-telemetry-data.md).
+ ## Streaming Logs While developing an application, you often want to see what's being written to the logs in near real time when running in Azure.
azure-government https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-csp-list https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-government/documentation-government-csp-list.md
@@ -168,7 +168,7 @@ Below you can find a list of all the authorized Cloud Solution Providers, AOS-G
|[Gov4Miles](https://www.milestechnologies.com)| |Gravity Pro Consulting| |[Green House Data](https://www.greenhousedata.com/)|
-|[Hanu Software Solutions Inc.](https://www.hanusoftware.com/contact)|
+|[Hanu Software Solutions Inc.](https://www.hanusoftware.com/hanu/#contact)|
|[Harmonia Holdings Group LLC](https://www.harmonia.com)| |[HCL Technologies](https://www.hcltech.com/aerospace-and-defense)| |[HD Dynamics](https://www.hddynamics.com/)|
@@ -207,7 +207,7 @@ Below you can find a list of all the authorized Cloud Solution Providers, AOS-G
|[Jacobs Technolgy Inc.](https://www.jacobs.com/)| |[Jadex Strategic Group](https://jadexstrategic.com)| |[Jasper Solutions Inc.](https://jaspersolutions.com/)|
-|[JHC Technology, Inc.](https://www.jhctechnology.com/)|
+|[JHC Technology, Inc.](https://www.effectual.com/jhc-technology/)|
|[Quiet Professionals](https://quietprofessionalsllc.com)| |[Quzara LLC](https://www.quzara.com)| |[Karpel Solutions](https://www.karpel.com/)|
@@ -283,7 +283,7 @@ Below you can find a list of all the authorized Cloud Solution Providers, AOS-G
|[Perspecta](https://perspecta.com/)| |[Phacil](https://www.phacil.com/)| |[Pharicode LLC](https://pharicode.com)|
-|[Picis Envision](https://www.picis.com/solution/analytics-suite/)|
+|[Picis Envision](https://www.picis.com/en/)|
|[Pinao Consulting LLC](https://www.pcg-msp.com)| |[Pitech Solutions Inc](https://www.pitechsol.com/)| |[Planet Technologies](https://go-planet.com)|
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/app/change-analysis https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/change-analysis.md
@@ -25,6 +25,17 @@ The following diagram illustrates the architecture of Change Analysis:
![Architecture diagram of how Change Analysis gets change data and provides it to client tools](./media/change-analysis/overview.png)
+## Supported resource types
+
+Application Change Analysis service supports resource property level changes in all Azure resource types, including common resources like:
+- Virtual Machine
+- Virtual machine scale set
+- App Service
+- Azure Kubernetes service
+- Azure Function
+- Networking resources: i.e. Network Security Group, Virtual Network, Application Gateway, etc.
+- Data
+ ## Data sources Application change analysis queries for Azure Resource Manager tracked properties, proxied configurations and web app in-guest changes. In addition, the service tracks resource dependency changes to diagnose and monitor an application end-to-end.
@@ -45,18 +56,30 @@ Change Analysis captures the deployment and configuration state of an applicatio
### Dependency changes
-Changes to resource dependencies can also cause issues in a web app. For example, if a web app calls into a Redis cache, the Redis cache SKU could affect the web app performance. To detect changes in dependencies, Change Analysis checks the web app's DNS record. In this way, it identifies changes in all app components that could cause issues.
-Currently the following dependencies are supported:
+Changes to resource dependencies can also cause issues in a resource. For example, if a web app calls into a Redis cache, the Redis cache SKU could affect the web app performance. Another example is if port 22 was closed in a Virtual Machine's Network Security Group, it will cause connectivity errors.
+
+#### Web App diagnose and solve problems navigator (Preview)
+To detect changes in dependencies, Change Analysis checks the web app's DNS record. In this way, it identifies changes in all app components that could cause issues.
+Currently the following dependencies are supported in **Web App Diagnose and solve problems | Navigator (Preview)**:
- Web Apps - Azure Storage - Azure SQL
-## Application Change Analysis service
+#### Related resources
+Application Change Analysis detects related resources. Common examples are Network Security Group, Virtual Network, Application Gateway and Load Balancer related to a Virtual Machine.
+The network resources are usually automatically provisioned in the same resource group as the resources using it, so filtering the changes by resource group will show all changes for the Virtual Machine and related networking resources.
+
+![Screenshot of Networking changes](./media/change-analysis/network-changes.png)
+
+## Application Change Analysis service enablement
The Application Change Analysis service computes and aggregates change data from the data sources mentioned above. It provides a set of analytics for users to easily navigate through all resource changes and to identify which change is relevant in the troubleshooting or monitoring context.
-"Microsoft.ChangeAnalysis" resource provider needs to be registered with a subscription for the Azure Resource Manager tracked properties and proxied settings change data to be available. As you enter the Web App diagnose and solve problems tool or bring up the Change Analysis standalone tab, this resource provider is automatically registered. It does not have any performance or cost implementations for your subscription. When you enable Change Analysis for web apps (or enable the Diagnose and Solve problems tool), it will have negligible performance impact on the web app and no billing cost.
+"Microsoft.ChangeAnalysis" resource provider needs to be registered with a subscription for the Azure Resource Manager tracked properties and proxied settings change data to be available. As you enter the Web App diagnose and solve problems tool or bring up the Change Analysis standalone tab, this resource provider is automatically registered.
For web app in-guest changes, separate enablement is required for scanning code files within a web app. For more information, see [Change Analysis in the Diagnose and solve problems tool](#application-change-analysis-in-the-diagnose-and-solve-problems-tool) section later in this article for more details.
+## Cost
+Application Change Analysis is a free service - it does not incur any billing cost to subscriptions with it enabled. The service also does not have any performance impact for scanning Azure Resource properties changes. When you enable Change Analysis for web apps in-guest file changes (or enable the Diagnose and Solve problems tool), it will have negligible performance impact on the web app and no billing cost.
+ ## Visualizations for Application Change Analysis ### Standalone UI
@@ -79,6 +102,11 @@ For any feedback, use the send feedback button in the blade or email changeanaly
![Screenshot of feedback button in Change Analysis blade](./media/change-analysis/change-analysis-feedback.png)
+#### Multiple subscription support
+The UI supports selecting multiple subscriptions to view resource changes. Use the subscription filter:
+
+![Screenshot of subscription filter that supports selecting multiple subscriptions](./media/change-analysis/multiple-subscriptions-support.png)
+ ### Web App Diagnose and Solve Problems In Azure Monitor, Change Analysis is also built into the self-service **Diagnose and solve problems** experience. Access this experience from the **Overview** page of your App Service application.
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/app/pricing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/pricing.md
@@ -182,7 +182,7 @@ The volume of data you send can be managed using the following techniques:
* **Sampling**: You can use sampling to reduce the amount of telemetry that's sent from your server and client apps, with minimal distortion of metrics. Sampling is the primary tool you can use to tune the amount of data you send. Learn more about [sampling features](./sampling.md).
-* **Limit Ajax calls**: You can [limit the number of Ajax calls that can be reported](./javascript.md#configuration) in every page view, or switch off Ajax reporting.
+* **Limit Ajax calls**: You can [limit the number of Ajax calls that can be reported](./javascript.md#configuration) in every page view, or switch off Ajax reporting. Note that disabling Ajax calls will disable [JavaScript correlation](./javascript.md#enable-correlation).
* **Disable unneeded modules**: [Edit ApplicationInsights.config](./configuration-with-applicationinsights-config.md) to turn off collection modules that you don't need. For example, you might decide that performance counters or dependency data are inessential.
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-connections-servicenow https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/platform/itsmc-connections-servicenow.md
@@ -119,7 +119,7 @@ Use the following procedure to create a ServiceNow connection.
| | | | **Connection Name** | Enter a name for the ServiceNow instance that you want to connect with ITSMC. You use this name later in Log Analytics when you configure ITSM work items and view detailed analytics. | | **Partner Type** | Select **ServiceNow**. |
- | **Server Url** | Enter the URL of the ServiceNow instance that you want to connect to ITSMC. The URL should point to a supported SaaS version with the suffix *.servicenow.com* (for example https://XXXXX.service-now.com/).|
+ | **Server Url** | Enter the URL of the ServiceNow instance that you want to connect to ITSMC. The URL should point to a supported SaaS version with the suffix *.servicenow.com* (for example `https://XXXXX.service-now.com/`).|
| **Username** | Enter the integration username that you created in the ServiceNow app to support the connection to ITSMC.| | **Password** | Enter the password associated with this username. **Note**: The username and password are used for generating authentication tokens only. They're not stored anywhere within the ITSMC service. | | **Client Id** | Enter the client ID that you want to use for OAuth2 authentication, which you generated earlier. For more information on generating a client ID and a secret, see [Set up OAuth](https://old.wiki/index.php/OAuth_Setup). |
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/platform/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/platform/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Monitor description: Lists Azure Policy Regulatory Compliance controls available for Azure Monitor. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/samples/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/samples/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Monitor description: Lists Azure Policy built-in policy definitions for Azure Monitor. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-portal https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-video-series https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-portal/azure-portal-video-series.md
@@ -12,17 +12,17 @@ The Azure portal how-to video series showcases how to work with Azure services i
## Featured video
-In this featured video, we show you how to get started in Azure using the Azure Quickstart Center.
+In this featured video, we show you how to use Azure Cost Management views.
-> [!VIDEO https://www.youtube.com/embed/mb5k9nXMtBM]
+> [!VIDEO https://www.youtube.com/embed/VRJA5bn2VH0]
-[How to get started in Azure using the Azure Quickstart Center](https://www.youtube.com/watch?v=mb5k9nXMtBM)
+[How to use Azure Cost Management views](https://www.youtube.com/watch?v=VRJA5bn2VH0)
Catch up on these recent videos you may have missed:
-| [How to manage applications in Azure Kubernetes Service](https://www.youtube.com/watch?v=YfARHb52Bp4) | [How to build Azure Workbooks using logs and parameters](https://www.youtube.com/watch?v=EC7n1Oo6D-o) | [How to add and secure a custom domain on your App Service web app](https://www.youtube.com/watch?v=bXP6IvNYISw) |
+| [How to use pills to filter in the Azure portal](https://www.youtube.com/watch?v=XyKh_3NxUlM) | [How to get a visualization view of your resources](https://www.youtube.com/watch?v=wudqkkJd5E4) | [How to pin content to your Azure portal dashboard](https://www.youtube.com/watch?v=eyOJkhYItSg) |
| | | |
-| [![Image of YouTube video about how to manage applications in Azure Kubernetes Service](https://i.ytimg.com/vi/YfARHb52Bp4/hqdefault.jpg)](https://www.youtube.com/watch?YfARHb52Bp4) | [![Image of YouTube video about how to build Azure Workbooks using logs and parameters](https://i.ytimg.com/vi/EC7n1Oo6D-o/hqdefault.jpg)](http://www.youtube.com/watch?v=EC7n1Oo6D-o) | [![Image of YouTube video about how to add and secure a custom domain on your App Service web app](https://i.ytimg.com/vi/bXP6IvNYISw/hqdefault.jpg)](http://www.youtube.com/watch?v=bXP6IvNYISw) |
+| [![Image of YouTube video about how to use pills to filter in the Azure portal](https://i.ytimg.com/vi/XyKh_3NxUlM/hqdefault.jpg)](https://www.youtube.com/watch?XyKh_3NxUlM) | [![Image of YouTube video about how to get a visualization view of your resources](https://i.ytimg.com/vi/wudqkkJd5E4/hqdefault.jpg)](http://www.youtube.com/watch?v=wudqkkJd5E4) | [![Image of YouTube video about how to pin content to your Azure portal dashboard](https://i.ytimg.com/vi/eyOJkhYItSg/hqdefault.jpg)](http://www.youtube.com/watch?v=eyOJkhYItSg) |
## Video playlist
azure-portal https://docs.microsoft.com/en-us/azure/azure-portal/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-portal/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure portal description: Lists Azure Policy built-in policy definitions for Azure portal. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-resource-manager https://docs.microsoft.com/en-us/azure/azure-resource-manager/custom-providers/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/custom-providers/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Custom Resource Providers description: Lists Azure Policy built-in policy definitions for Azure Custom Resource Providers. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-resource-manager https://docs.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/managed-applications/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Managed Applications description: Lists Azure Policy built-in policy definitions for Azure Managed Applications. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-resource-manager https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Resource Manager description: Lists Azure Policy built-in policy definitions for Azure Resource Manager. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-resource-manager https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Resource Manager description: Lists Azure Policy Regulatory Compliance controls available for Azure Resource Manager. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-resource-manager https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/convert-to-template-spec https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/convert-to-template-spec.md
@@ -2,25 +2,15 @@
Title: Convert portal template to template spec description: Describes how to convert an existing template in the Azure portal gallery to a template specs. Previously updated : 01/22/2021 Last updated : 02/04/2021 # Convert template gallery in portal to template specs
-The Azure portal provides a way to store Azure Resource Manager templates (ARM templates) in your account. **This feature is being deprecated.** To continue using templates in this gallery, convert them to [template specs](template-specs.md).
+The Azure portal provides a way to store Azure Resource Manager templates (ARM templates) in your account. However, [template specs](template-specs.md) offers an easier way to share your templates with users in your organization, and link with other templates. This article shows how to convert existing templates in the template gallery to template specs.
-This article shows how to convert existing templates in the template gallery to template specs.
-
-In the portal, the feature being deprecated is called **Templates (Preview)**. To see if you have any templates to convert, view the [template gallery in the portal](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Gallery%2Fmyareas%2Fgalleryitems). These templates have the resource type `Microsoft.Gallery/myareas/galleryitems`.
-
-## Deprecation of portal feature
-
-The template gallery in the portal is being deprecated on January 21, 2021. You can continue using it until February 21. Starting on February 22, you can't create new templates in the portal gallery but you can still view and deploy existing templates.
-
-On June 22, the feature will be removed from the portal and all API operations will be blocked. You'll not be able to view or deploy any templates from the gallery.
-
-Before June 22, you should migrate any templates that you want to continue using. You can use one of the methods shown in this article to migrate the templates. After the feature has been removed, you'll need to open a support case to get any templates that you've not migrated.
+To see if you have any templates to convert, view the [template gallery in the portal](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Gallery%2Fmyareas%2Fgalleryitems). These templates have the resource type `Microsoft.Gallery/myareas/galleryitems`.
## Convert with PowerShell script
azure-signalr https://docs.microsoft.com/en-us/azure/azure-signalr/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-signalr/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure SignalR description: Lists Azure Policy built-in policy definitions for Azure SignalR. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-signalr https://docs.microsoft.com/en-us/azure/azure-signalr/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-signalr/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure SignalR description: Lists Azure Policy Regulatory Compliance controls available for Azure SignalR. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/azure-sql-iaas-vs-paas-what-is-overview.md
@@ -47,7 +47,7 @@ Spend more time innovating and less time patching, updating, and backing up your
Azure constantly monitors your data for threats. With Azure SQL, you can: -- Remediate potential threats in real time with intelligent [advanced threat detection](../security/fundamentals/threat-detection.md#advanced-threat-detection-features-other-azure-services) and proactive vulnerability assessment alerts.
+- Remediate potential threats in real time with intelligent [advanced threat detection](../security/fundamentals/threat-detection.md#threat-protection-features-other-azure-services) and proactive vulnerability assessment alerts.
- Get industry-leading, multi-layered protection with [built-in security controls](https://azure.microsoft.com/overview/security/) including T-SQL, authentication, networking, and key management. - Take advantage of the most comprehensive [compliance](https://azure.microsoft.com/overview/trusted-cloud/compliance/) coverage of any cloud database service.
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/connect-query-php https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/connect-query-php.md
@@ -48,7 +48,7 @@ To complete this quickstart, you need:
- **Linux**, install PHP, the ODBC driver, then install the PHP Driver for SQL Server. See [Step 1, 2, and 3](/sql/connect/php/installation-tutorial-linux-mac).
- - **Windows**, install PHP for IIS Express and Chocolatey, then install the ODBC driver and SQLCMD. See [Step 1.2 and 1.3](https://www.microsoft.com/sql-server/developer-get-started/php/windows/).
+ - **Windows**, install PHP and PHP Drivers, then install the ODBC driver and SQLCMD. See [Step 1.2 and 1.3](https://www.microsoft.com/sql-server/developer-get-started/php/windows/).
## Get server connection information
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/connectivity-architecture.md
@@ -86,7 +86,7 @@ Details of how traffic shall be migrated to new Gateways in specific regions are
| East US | 40.121.158.30, 40.79.153.12, 191.238.6.43, 40.78.225.32 | | East US 2 | 40.79.84.180, 52.177.185.181, 52.167.104.0, 191.239.224.107, 104.208.150.3 | | France Central | 40.79.137.0, 40.79.129.1, 40.79.137.8, 40.79.145.12 |
-| France South | 40.79.177.10 ,40.79.177.12 |
+| France South | 40.79.177.0, 40.79.177.10 ,40.79.177.12 |
| Germany Central | 51.4.144.100 | | Germany North East | 51.5.144.179 | | Germany West Central | 51.116.240.0, 51.116.248.0, 51.116.152.0 |
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/gateway-migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/gateway-migration.md
@@ -16,7 +16,9 @@ Last updated 07/01/2019
As Azure infrastructure improves, Microsoft will periodically refresh hardware to ensure we provide the best possible customer experience. In the coming months, we plan to add gateways built on newer hardware generations, migrate traffic to them, and eventually decommission gateways built on older hardware in some regions.
-Customers will be notified via email and in the Azure portal well in advance of any change to gateways available in each region. The most up-to-date information will be maintained in the [Azure SQL Database gateway IP addresses](connectivity-architecture.md#gateway-ip-addresses) table.
+Customers will be notified via service health notifications well in advance of any change to gateways available in each region. Customers can [use the Azure portal to set up activity log alerts](https://docs.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal).
+
+The most up-to-date information will be maintained in the [Azure SQL Database gateway IP addresses](connectivity-architecture.md#gateway-ip-addresses) table.
## Status updates
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure SQL Database description: Lists Azure Policy built-in policy definitions for Azure SQL Database and SQL Managed Instance. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure SQL Database description: Lists Azure Policy Regulatory Compliance controls available for Azure SQL Database and SQL Managed Instance. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
azure-vmware https://docs.microsoft.com/en-us/azure/azure-vmware/deploy-vm-content-library https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/deploy-vm-content-library.md
@@ -2,7 +2,7 @@
Title: Create a content library to deploy VMs in Azure VMware Solution description: Create a content library to deploy a VM in an Azure VMware Solution private cloud. Previously updated : 09/21/2020 Last updated : 02/03/2021 # Create a content library to deploy VMs in Azure VMware Solution
@@ -87,7 +87,10 @@ Now that the content library has been created, you can add an ISO image to deplo
## Next steps
-If you plan to use VMware HCX to migrate VM workloads to your private cloud, use the [Deploy and configure VMware HCX](tutorial-deploy-vmware-hcx.md) procedure.
+Now that you've covered creating a content library to deploy VMs in Azure VMware Solution, you may want to learn about:
+
+- [Deploying and configuring VMware HCX](tutorial-deploy-vmware-hcx.md) to migrate VM workloads to your private cloud.
+- [Lifecycle management of Azure VMware Solution VMs](lifecycle-management-of-azure-vmware-solution-vms.md).
<!-- LINKS - external-->
azure-vmware https://docs.microsoft.com/en-us/azure/azure-vmware/github-enterprise-server https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/github-enterprise-server.md
@@ -2,12 +2,12 @@
Title: Set up GitHub Enterprise Server on your Azure VMware Solution private cloud description: Learn how to Set up GitHub Enterprise Server on your Azure VMware Solution private cloud. Previously updated : 09/22/2020 Last updated : 02/03/2021 # Set up GitHub Enterprise Server on your Azure VMware Solution private cloud
-In this article, we walk through the steps to setup GitHub Enterprise Server, the "on-premises" version of [GitHub.com](https://github.com/), on your Azure VMware Solution private cloud. The scenario covered in this walk-through is for a GitHub Enterprise Server instance capable of serving up to 3,000 developers running up to 25 jobs per minute on GitHub Actions. It includes the setup of (at time of writing) *preview* features, such as GitHub Actions. To customize the setup for your particular needs, review the requirements listed in [Installing GitHub Enterprise Server on VMware](https://docs.github.com/en/enterprise/admin/installation/installing-github-enterprise-server-on-vmware#hardware-considerations).
+In this article, we walk through the steps to set up GitHub Enterprise Server, the "on-premises" version of [GitHub.com](https://github.com/), on your Azure VMware Solution private cloud. The scenario covered in this walk-through is for a GitHub Enterprise Server instance capable of serving up to 3,000 developers running up to 25 jobs per minute on GitHub Actions. It includes the setup of (at time of writing) *preview* features, such as GitHub Actions. To customize the setup for your particular needs, review the requirements listed in [Installing GitHub Enterprise Server on VMware](https://docs.github.com/en/enterprise/admin/installation/installing-github-enterprise-server-on-vmware#hardware-considerations).
## Before you begin
@@ -56,7 +56,7 @@ Apply your settings. While the instance restarts, you can continue with the nex
Once the instance restarts, create a new admin account on the instance. Be sure to make a note of this user's password as well.
-### Additional configuration steps
+### Other configuration steps
To harden your instance for production use, the following optional setup steps are recommended:
@@ -177,7 +177,7 @@ Here we will make it available to all organizations, but you can also limit acce
## (Optional) Configuring GitHub Connect
-Although this step is optional, we recommend it if you plan to consume open source actions available on GitHub.com. This allows you to build on the work of others by referencing these reusable actions in your workflows.
+Although this step is optional, we recommend it if you plan to consume open-source actions available on GitHub.com. It allows you to build on the work of others by referencing these reusable actions in your workflows.
To enable GitHub Connect, follow the steps in [Enabling automatic access to GitHub.com actions using GitHub Connect](https://docs.github.com/en/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect).
@@ -218,14 +218,12 @@ If everything ran successfully, you should see a new issue in your repo, entitle
Congratulations! You just completed your first Actions workflow on GitHub Enterprise Server, running on your Azure VMware Solution private cloud.
-We are just scratching the surface of what you can do with GitHub Actions. For more inspiration, checkout the list of Actions on [GitHub's Marketplace](https://github.com/marketplace), or [create your own](https://docs.github.com/en/actions/creating-actions).
+In this article, we set up a new instance of GitHub Enterprise Server, the self-hosted equivalent of GitHub.com, on top of your Azure VMware Solution private cloud. This instance includes support for GitHub Actions and uses Azure Blob Storage for persistence of logs and artifacts. But we are just scratching the surface of what you can do with GitHub Actions. Check out the list of Actions on [GitHub's Marketplace](https://github.com/marketplace), or [create your own](https://docs.github.com/en/actions/creating-actions).
## Next steps
-In this article, we set up a new instance of GitHub Enterprise Server, the self-hosted equivalent of GitHub.com, on top of your Azure VMware Solution private cloud. This instance includes support for GitHub Actions and uses Azure Blob Storage for persistence of logs and artifacts. This is a great combination for a modern, collaborative, and secure software development experience. It builds on a solid foundation of Azure VMware Solution, allowing you to leverage cloud resources in a familiar setting.
+Now that you've seen how to set up GitHub Enterprise Server on your Azure VMware Solution private cloud, you may want to learn about:
-For further information, see the following resources:
--- [Getting started with GitHub Actions](https://docs.github.com/en/actions)-- [Join the beta program](https://resources.github.com/beta-signup/)-- [Learn more about the administration of GitHub Enterprise Server](https://githubtraining.github.io/admin-training/#/00_getting_started)
+- [Getting started with GitHub Actions](https://docs.github.com/en/actions).
+- [Joining the beta program](https://resources.github.com/beta-signup/).
+- [Administration of GitHub Enterprise Server](https://githubtraining.github.io/admin-training/#/00_getting_started).
azure-vmware https://docs.microsoft.com/en-us/azure/azure-vmware/reserved-instance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/reserved-instance.md
@@ -2,7 +2,7 @@
Title: Save costs with Azure VMware Solution reserved instance description: Learn how to buy a reserved instance for Azure VMware Solution. Previously updated : 11/12/2020 Last updated : 02/03/2021 # Save costs with Azure VMware Solution
@@ -126,4 +126,13 @@ For details about CSP-managed reservations, see [Sell Microsoft Azure reservatio
You can cancel, exchange, or refund reservations with certain limitations. For more information, see [Self-service exchanges and refunds for Azure Reservations](../cost-management-billing/reservations/exchange-and-refund-azure-reservations.md).
-CSPs can cancel, exchange, or refund reservations, with certain limitations, purchased for their customer. For more information, see [Manage, cancel, exchange, or refund Microsoft Azure reservations for customers](/partner-center/azure-reservations-manage).
+CSPs can cancel, exchange, or refund reservations, with certain limitations, purchased for their customer. For more information, see [Manage, cancel, exchange, or refund Microsoft Azure reservations for customers](/partner-center/azure-reservations-manage).
+
+## Next steps
+
+Now that you've covered buying a reserved instance of Azure VMware Solution, you may want to learn about:
+
+- [Creating an Azure VMware Solution assessment](../migrate/how-to-create-azure-vmware-solution-assessment.md).
+- [Managing DHCP for Azure VMware Solution](manage-dhcp.md).
+- [Lifecycle management of Azure VMware Solution VMs](lifecycle-management-of-azure-vmware-solution-vms.md).
+
backup https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-built-in-monitor https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-monitoring-built-in-monitor.md
@@ -12,6 +12,17 @@ Azure Backup provides multiple backup solutions based on the backup requirement
[!INCLUDE [backup-center.md](../../includes/backup-center.md)]
+## Backup Items in Recovery Services vault
+
+You can monitor all your backup items via a Recovery Services vault. Navigating to the **Backup Items** section in the vault opens up a view that provides the number of backup items of each workload type associated with the vault. Clicking on any row opens up a detailed view listing all backup items of the given workload type, with information on the last backup status for each item, latest restore point available, and so on.
+
+![RS vault backup items](media/backup-azure-monitoring-laworkspace/backup-items-view.png)
+
+> [!NOTE]
+> For items backed up to Azure using DPM, the list will show all the data sources protected (both disk and online) using the DPM server. If the protection is stopped for the datasource with backup data retained, the datasource will be still listed in the portal. You can go to the details of the data source to see if the recovery points are present in disk, online or both. Also, datasources for which the online protection is stopped but data is retained, billing for the online recovery points continue until the data is completely deleted.
+>
+> The DPM version must be DPM 1807 (5.1.378.0) or DPM 2019 ( version 10.19.58.0 or above), for the backup items to be visible in the Recovery Services vault portal.
+ ## Backup Jobs in Recovery Services vault Azure Backup provides in-built monitoring and alerting capabilities for workloads being protected by Azure Backup. In the Recovery Services vault settings, the **Monitoring** section provides in-built jobs and alerts.
backup https://docs.microsoft.com/en-us/azure/backup/backup-sql-server-azure-troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-sql-server-azure-troubleshoot.md
@@ -198,17 +198,24 @@ Operation is blocked as you have reached the limit on number of operations permi
|||| Operation is blocked as the vault has reached its maximum limit for such operations permitted in a span of 24 hours. | When you've reached the maximum permissible limit for an operation in a span of 24 hours, this error appears. This error usually appears when there are at-scale operations such as modify policy or auto-protection. Unlike the case of CloudDosAbsoluteLimitReached, there isn't much you can do to resolve this state. In fact, Azure Backup service will retry the operations internally for all the items in question.<br> For example: If you have a large number of datasources protected with a policy and you try to modify that policy, it will trigger configure protection jobs for each of the protected items and sometimes may hit the maximum limit permissible for such operations per day.| Azure Backup service will automatically retry this operation after 24 hours.
+### WorkloadExtensionNotReachable
+
+| Error message | Possible causes | Recommended action |
+||||
+AzureBackup workload extension operation failed. | The VM is shut down, or the VM can't contact the Azure Backup service because of internet connectivity issues.| <li> Ensure the VM is up and running and has internet connectivity.<li> [Re-register extension on the SQL Server VM](manage-monitor-sql-database-backup.md#re-register-extension-on-the-sql-server-vm).
++ ### UserErrorVMInternetConnectivityIssue | Error message | Possible causes | Recommended action | ||||
-The VM is not able to contact Azure Backup service due to internet connectivity issues. | The VM needs outbound connectivity to Azure Backup Service, Azure Storage, or Azure Active Directory services.| - If you use NSG to restrict connectivity, then you should use the *AzureBackup* service tag to allows outbound access to Azure Backup Service, and similarly for the Azure AD (*AzureActiveDirectory*) and Azure Storage(*Storage*) services. Follow these [steps](./backup-sql-server-database-azure-vms.md#nsg-tags) to grant access.<br>- Ensure DNS is resolving Azure endpoints.<br>- Check if the VM is behind a load balancer blocking internet access. By assigning public IP to the VMs, discovery will work.<br>- Verify there's no firewall/antivirus/proxy that are blocking calls to the above three target services.
+The VM is not able to contact Azure Backup service due to internet connectivity issues. | The VM needs outbound connectivity to Azure Backup Service, Azure Storage, or Azure Active Directory services.| <li> If you use NSG to restrict connectivity, then you should use the *AzureBackup* service tag to allows outbound access to Azure Backup Service, and similarly for the Azure AD (*AzureActiveDirectory*) and Azure Storage(*Storage*) services. Follow these [steps](./backup-sql-server-database-azure-vms.md#nsg-tags) to grant access. <li> Ensure DNS is resolving Azure endpoints. <li> Check if the VM is behind a load balancer blocking internet access. By assigning public IP to the VMs, discovery will work. <li> Verify there's no firewall/antivirus/proxy that are blocking calls to the above three target services.
## Re-registration failures Check for one or more of the following symptoms before you trigger the re-register operation: -- All operations (such as backup, restore, and configure backup) are failing on the VM with one of the following error codes: **WorkloadExtensionNotReachable**, **UserErrorWorkloadExtensionNotInstalled**, **WorkloadExtensionNotPresent**, **WorkloadExtensionDidntDequeueMsg**.
+- All operations (such as backup, restore, and configure backup) are failing on the VM with one of the following error codes: **[WorkloadExtensionNotReachable](#workloadextensionnotreachable)**, **UserErrorWorkloadExtensionNotInstalled**, **WorkloadExtensionNotPresent**, **WorkloadExtensionDidntDequeueMsg**.
- If the **Backup Status** area for the backup item is showing **Not reachable**, rule out all the other causes that might result in the same status: - Lack of permission to perform backup-related operations on the VM.
backup https://docs.microsoft.com/en-us/azure/backup/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Backup description: Lists Azure Policy built-in policy definitions for Azure Backup. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
backup https://docs.microsoft.com/en-us/azure/backup/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Backup description: Lists Azure Policy Regulatory Compliance controls available for Azure Backup. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
batch https://docs.microsoft.com/en-us/azure/batch/batch-pool-node-error-checking https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/batch-pool-node-error-checking.md
@@ -3,23 +3,23 @@ Title: Check for pool and node errors
description: This article covers the background operations that can occur, along with errors to check for and how to avoid them when creating pools and nodes. Previously updated : 08/23/2019 Last updated : 02/03/2020 # Check for pool and node errors
-When you're creating and managing Azure Batch pools, some operations happen immediately. However, some operations are asynchronous and run in the background, taking several minutes to complete.
+When you're creating and managing Azure Batch pools, some operations happen immediately. Detecting failures for these operations is usually straightforward, because they are returned immediately by the API, CLI, or UI. However, some operations are asynchronous and run in the background, taking several minutes to complete.
-Detecting failures for operations that take place immediately is straightforward because any failures are returned immediately by the API, CLI, or UI.
+Check that you've set your applications to implement comprehensive error checking, especially for asynchronous operations. This can help you promptly identify and diagnose issues.
-This article covers the background operations that can occur for pools and pool nodes. It specifies how you can detect and avoid failures.
+This article describes ways to detect and avoid failures in the background operations that can occur for pools and pool nodes.
## Pool errors ### Resize timeout or failure
-When creating a new pool or resizing an existing pool, you specify the target number of nodes. The create or resize operation completes immediately, but the actual allocation of new nodes or the removal of existing nodes might take several minutes. You specify the resize timeout in the [create](/rest/api/batchservice/pool/add) or [resize](/rest/api/batchservice/pool/resize) API. If Batch can't obtain the target number of nodes during the resize timeout period the pool goes into a steady state and reports resize errors.
+When creating a new pool or resizing an existing pool, you specify the target number of nodes. The create or resize operation completes immediately, but the actual allocation of new nodes or the removal of existing nodes might take several minutes. You can specify the resize timeout in the [create](/rest/api/batchservice/pool/add) or [resize](/rest/api/batchservice/pool/resize) API. If Batch can't obtain the target number of nodes during the resize timeout period, the pool goes into a steady state and reports resize errors.
The [ResizeError](/rest/api/batchservice/pool/get#resizeerror) property for the most recent evaluation lists the errors that occurred.
@@ -39,23 +39,25 @@ Common causes for resize errors include:
### Automatic scaling failures
-You can also set Azure Batch to automatically scale the number of nodes in a pool. You define the parameters for the [automatic scaling formula for a pool](./batch-automatic-scaling.md). The Batch service uses the formula to periodically evaluate the number of nodes in the pool and set a new target number. The following types of issues can occur:
+You can set Azure Batch to automatically scale the number of nodes in a pool. You define the parameters for the [automatic scaling formula for a pool](./batch-automatic-scaling.md). The Batch service will then use the formula to periodically evaluate the number of nodes in the pool and set a new target number.
+
+The following types of issues can occur when using automatic scaling:
- The automatic scaling evaluation fails. - The resulting resize operation fails and times out. - A problem with the automatic scaling formula leads to incorrect node target values. The resize either works or times out.
-You can get information about the last automatic scaling evaluation by using the [autoScaleRun](/rest/api/batchservice/pool/get#autoscalerun) property. This property reports the evaluation time, the values and result, and any performance errors.
+To get information about the last automatic scaling evaluation, use the [autoScaleRun](/rest/api/batchservice/pool/get#autoscalerun) property. This property reports the evaluation time, the values and result, and any performance errors.
The [pool resize complete event](./batch-pool-resize-complete-event.md) captures information about all evaluations.
-### Delete
+### Pool deletion failures
-When you delete a pool that contains nodes, first Batch deletes the nodes. Then it deletes the pool object itself. It can take a few minutes for the pool nodes to be deleted.
+When you delete a pool that contains nodes, first Batch deletes the nodes. This can take several minutes to complete. After that, Batch deletes the pool object itself.
Batch sets the [pool state](/rest/api/batchservice/pool/get#poolstate) to **deleting** during the deletion process. The calling application can detect if the pool deletion is taking too long by using the **state** and **stateTransitionTime** properties.
-## Pool compute node errors
+## Node errors
Even when Batch successfully allocates nodes in a pool, various issues can cause some of the nodes to be unhealthy and unable to run tasks. These nodes still incur charges, so it's important to detect problems to avoid paying for nodes that can't be used. In addition to common node errors, knowing the current [job state](/rest/api/batchservice/job/get#jobstate) is useful for troubleshooting.
@@ -69,7 +71,7 @@ You can detect start task failures by using the [result](/rest/api/batchservice/
A failed start task also causes Batch to set the node [state](/rest/api/batchservice/computenode/get#computenodestate) to **starttaskfailed** if **waitForSuccess** was set to **true**.
-As with any task, there can be many causes for the start task failing. To troubleshoot, check the stdout, stderr, and any further task-specific log files.
+As with any task, there can be many causes for a start task failure. To troubleshoot, check the stdout, stderr, and any further task-specific log files.
Start tasks must be re-entrant, as it is possible the start task is run multiple times on the same node; the start task is run when a node is reimaged or rebooted. In rare cases, a start task will be run after an event caused a node reboot, where one of the operating system or ephemeral disks was reimaged while the other wasn't. Since Batch start tasks (like all Batch tasks) run from the ephemeral disk, this is not normally a problem, but in some instances where the start task is installing an application to the operating system disk and keeping other data on the ephemeral disk, this can cause problems because things are out of sync. Protect your application accordingly if you are using both disks.
@@ -83,6 +85,10 @@ The node [errors](/rest/api/batchservice/computenode/get#computenodeerror) prope
You can specify one or more container references on a pool. Batch downloads the specified containers to each node. The node [errors](/rest/api/batchservice/computenode/get#computenodeerror) property reports a failure to download a container and sets the node state to **unusable**.
+### Node OS updates
+
+For Windows pools, `enableAutomaticUpdates` is set to `true` by default. Allowing automatic updates is recommended, but they can can interrupt task progress, especially if the tasks are long-running. You can set this value to `false` if you need to ensure that an OS update doesn't happen unexpectedly.
+ ### Node in unusable state Azure Batch might set the [node state](/rest/api/batchservice/computenode/get#computenodestate) to **unusable** for many reasons. With the node state set to **unusable**, tasks can't be scheduled to the node, but it still incurs charges.
@@ -111,7 +117,7 @@ The Batch agent process that runs on each pool node can provide log files that m
### Node disk full
-The temporary drive for a pool node VM is used by Batch for job files, task files, and shared files.
+The temporary drive for a pool node VM is used by Batch for job files, task files, and shared files, such as the following:
- Application packages files - Task resource files
@@ -130,23 +136,17 @@ The size of the temporary drive depends on the VM size. One consideration when p
For files written out by each task, a retention time can be specified for each task that determines how long the task files are kept before being automatically cleaned up. The retention time can be reduced to lower the storage requirements. - If the temporary disk runs out of space (or is very close to running out of space), the node will move to [Unusable](/rest/api/batchservice/computenode/get#computenodestate) state and a node error will be reported saying that the disk is full.
-### What to do when a disk is full
-
-Determine why the disk is full: If you're not sure what is taking up space on the node, it is recommended to remote to the node and investigate manually where the space has gone. You can also make use of the [Batch List Files API](/rest/api/batchservice/file/listfromcomputenode) to examine files in Batch managed folders (for example, task outputs). Note that this API only lists files in the Batch managed directories and if your tasks created files elsewhere you will not see them.
-
-Make sure that any data you need has been retrieved from the node or uploaded to a durable store. All mitigation of the disk-full issue involve deleting data to free up space.
-
-### Recovering the node
+If you're not sure what is taking up space on the node, try remoting to the node and investigating manually where the space has gone. You can also make use of the [Batch List Files API](/rest/api/batchservice/file/listfromcomputenode) to examine files in Batch managed folders (for example, task outputs). Note that this API only lists files in the Batch managed directories. If your tasks created files elsewhere, you won't see them.
-1. If your pool is a [C.loudServiceConfiguration](/rest/api/batchservice/pool/add#cloudserviceconfiguration) pool, you can re-image the node via the [Batch re-image API](/rest/api/batchservice/computenode/reimage).This will clean the entire disk. Re-image is not currently supported for [VirtualMachineConfiguration](/rest/api/batchservice/pool/add#virtualmachineconfiguration) pools.
+Make sure that any data you need has been retrieved from the node or uploaded to a durable store, then delete data as needed to free up space.
-2. If your pool is a [VirtualMachineConfiguration](/rest/api/batchservice/pool/add#virtualmachineconfiguration), you can remove the node from the pool using the [remove nodes API](/rest/api/batchservice/pool/removenodes). Then, you can grow the pool again to replace the bad node with a fresh one.
+You can delete old completed jobs or old completed tasks whose task data is still on the nodes. Look in the [RecentTasks collection](/rest/api/batchservice/computenode/get#taskinformation) on the node, or at the [files on the node](/rest/api/batchservice/file/listfromcomputenode). Deleting a job will delete all the tasks in the job; deleting the tasks in the job will trigger data in the task directories on the node to be deleted, thus freeing up space. Once you've freed up enough space, reboot the node and it should move out of "Unusable" state and into "Idle" again.
-3. Delete old completed jobs or old completed tasks whose task data is still on the nodes. For a hint at what jobs/tasks data is on the nodes you can look in the [RecentTasks collection](/rest/api/batchservice/computenode/get#taskinformation) on the node, or at the [files on the node](/rest/api/batchservice/file/listfromcomputenode). Deleting the job will delete all the tasks in the job, and deleting the tasks in the job will trigger data in the task directories on the node to be deleted, thus freeing up space. Once you've freed up enough space, reboot the node and it should move out of "Unusable" state and into "Idle" again.
+To recover an unusable node in [VirtualMachineConfiguration](/rest/api/batchservice/pool/add#virtualmachineconfiguration) pools, you can remove a node from the pool using the [remove nodes API](/rest/api/batchservice/pool/removenodes). Then, you can grow the pool again to replace the bad node with a fresh one. For [CloudServiceConfiguration](/rest/api/batchservice/pool/add#cloudserviceconfiguration) pools, you can re-image the node via the [Batch re-image API](/rest/api/batchservice/computenode/reimage). This will clean the entire disk. Re-image is not currently supported for [VirtualMachineConfiguration](/rest/api/batchservice/pool/add#virtualmachineconfiguration) pools.
## Next steps
-Check that you've set your application to implement comprehensive error checking, especially for asynchronous operations. It can be critical to promptly detect and diagnose issues.
+- Learn about [job and task error checking](batch-job-task-error-checking.md).
+- Learn about [best practices](best-practices.md) for working with Azure Batch.
batch https://docs.microsoft.com/en-us/azure/batch/batch-pool-vm-sizes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/batch-pool-vm-sizes.md
@@ -25,7 +25,7 @@ Batch pools in the Virtual Machine configuration support almost all [VM sizes](.
| VM series | Supported sizes | ||| | Basic A | All sizes *except* Basic_A0 (A0) |
-| A | All sizes *except* Standard_A0 |
+| A | All sizes *except* Standard_A0, Standard_A8, Standard_A9, Standard_A10, Standard_A11 |
| Av2 | All sizes | | B | Not supported | | DC | Not supported |
batch https://docs.microsoft.com/en-us/azure/batch/best-practices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/best-practices.md
@@ -1,7 +1,7 @@
Title: Best practices description: Learn best practices and useful tips for developing your Azure Batch solutions. Previously updated : 12/18/2020 Last updated : 02/03/2020
@@ -168,6 +168,8 @@ If you notice a problem involving the behavior of a node or tasks running on a n
For user subscription mode Batch accounts, automated OS upgrades can interrupt task progress, especially if the tasks are long-running. [Building idempotent tasks](#build-durable-tasks) can help to reduce errors caused by these interruptions. We also recommend [scheduling OS image upgrades for times where tasks aren't expected to run](../virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade.md#manually-trigger-os-image-upgrades).
+For Windows pools, `enableAutomaticUpdates` is set to `true` by default. Allowing automatic updates is recommended, but you can set this value to `false` if you need to ensure that an OS update doesn't happen unexpectedly.
+ ## Isolation security For the purposes of isolation, if your scenario requires isolating jobs from each other, do so by having them in separate pools. A pool is the security isolation boundary in Batch, and by default, two pools are not visible or able to communicate with each other. Avoid using separate Batch accounts as a means of isolation.
@@ -188,29 +190,19 @@ Review the following guidance related to connectivity in your Batch solutions.
### Network Security Groups (NSGs) and User Defined Routes (UDRs)
-When provisioning [Batch pools in a virtual network](batch-virtual-network.md), ensure that you are closely following
-the guidelines regarding the use of the `BatchNodeManagement` service tag, ports, protocols and direction of the rule.
-Use of the service tag is highly recommended, rather than using the underlying Batch service IP addresses. This is because the IP addresses can change over time. Using Batch service IP addresses directly can cause instability, interruptions, or outages for your Batch pools.
+When provisioning [Batch pools in a virtual network](batch-virtual-network.md), ensure that you are closely following the guidelines regarding the use of the `BatchNodeManagement` service tag, ports, protocols and direction of the rule. Use of the service tag is highly recommended, rather than using the underlying Batch service IP addresses. This is because the IP addresses can change over time. Using Batch service IP addresses directly can cause instability, interruptions, or outages for your Batch pools.
-For User Defined Routes (UDRs), ensure that you have a process in place to update Batch service IP addresses periodically
-in your route table, since these addresses change over time. To learn how to obtain the list of Batch service IP addresses, see [Service tags on-premises](../virtual-network/service-tags-overview.md). The Batch service IP addresses will be
-associated with the `BatchNodeManagement` service tag (or the regional variant that matches your Batch account region).
+For User Defined Routes (UDRs), ensure that you have a process in place to update Batch service IP addresses periodically in your route table, since these addresses change over time. To learn how to obtain the list of Batch service IP addresses, see [Service tags on-premises](../virtual-network/service-tags-overview.md). The Batch service IP addresses will be associated with the `BatchNodeManagement` service tag (or the regional variant that matches your Batch account region).
### Honoring DNS
-Ensure that your systems are honoring DNS Time-to-Live (TTL) for your Batch account service URL. Additionally, ensure
-that your Batch service clients and other connectivity mechanisms to the Batch service do not rely on IP addresses (or [create a pool with static public IP addresses](create-pool-public-ip.md) as described below).
+Ensure that your systems are honoring DNS Time-to-Live (TTL) for your Batch account service URL. Additionally, ensure that your Batch service clients and other connectivity mechanisms to the Batch service do not rely on IP addresses (or [create a pool with static public IP addresses](create-pool-public-ip.md) as described below).
-If your requests receive 5xx level HTTP responses and there is a "Connection: close" header in the response, your
-Batch service client should observe the recommendation by closing the existing connection, re-resolving DNS for the
-Batch account service URL, and attempt following requests on a new connection.
+If your requests receive 5xx level HTTP responses and there is a "Connection: close" header in the response, your Batch service client should observe the recommendation by closing the existing connection, re-resolving DNS for the Batch account service URL, and attempt following requests on a new connection.
### Retry requests automatically
-Ensure that your Batch service clients have appropriate retry policies in place to automatically retry your requests, even
-during normal operation and not exclusively during any service maintenance time periods. These retry policies should span an
-interval of at least 5 minutes. Automatic retry capabilities are provided with various Batch SDKs, such as the
-[.NET RetryPolicyProvider class](/dotnet/api/microsoft.azure.batch.retrypolicyprovider).
+Ensure that your Batch service clients have appropriate retry policies in place to automatically retry your requests, even during normal operation and not exclusively during any service maintenance time periods. These retry policies should span an interval of at least 5 minutes. Automatic retry capabilities are provided with various Batch SDKs, such as the [.NET RetryPolicyProvider class](/dotnet/api/microsoft.azure.batch.retrypolicyprovider).
### Static public IP addresses
batch https://docs.microsoft.com/en-us/azure/batch/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Batch description: Lists Azure Policy built-in policy definitions for Azure Batch. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
batch https://docs.microsoft.com/en-us/azure/batch/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Batch description: Lists Azure Policy Regulatory Compliance controls available for Azure Batch. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
cdn https://docs.microsoft.com/en-us/azure/cdn/cdn-troubleshoot-allowed-ca https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cdn/cdn-troubleshoot-allowed-ca.md
@@ -1,27 +1,24 @@
Title: Allowed CA for enabling custom HTTPS on Azure CDN
-description: If you are using your own certificate to enable HTTPS on a custom domain, you must use an allowed certificate authority (CA) to create it.
+ Title: Allowed CA for enabling custom HTTPS
+
+description: If you're using your own certificate to enable HTTPS on a custom domain, you must use an allowed certificate authority (CA) to create it.
-- - Previously updated : 10/18/2018 Last updated : 02/04/2021
-# Allowed certificate authorities for enabling custom HTTPS on Azure CDN
+# Allowed certificate authorities for enabling custom HTTPS
+
+Specific certificate requirements are required when you [enable the HTTPS feature by using your own certificate](cdn-custom-ssl.md?tabs=option-2-enable-https-with-your-own-certificate#tlsssl-certificates) for an Azure CDN (Content Delivery Network) custom domain.
+
+* The **Azure CDN Standard from Microsoft** profile requires a certificate from one of the approved certificate authorities (CA) in the following list. If a certificate from an unapproved CA or if a self-signed certificate is used, the request is rejected.
-You must meet specific certificate requirements when you [enable the HTTPS feature by using your own certificate](cdn-custom-ssl.md?tabs=option-2-enable-https-with-your-own-certificate#tlsssl-certificates) for an Azure Content Delivery Network (CDN) custom domain. The **Azure CDN Standard from Microsoft** profile requires a certificate from one of the approved certificate authorities (CA) in the following list. If a certificate from an unapproved CA or if a self-signed certificate is used, the request is rejected. **Azure CDN Standard from Verizon** and **Azure CDN Premium from Verizon** profiles accept any valid certificate from any valid CA.
+* **Azure CDN Standard from Verizon** and **Azure CDN Premium from Verizon** profiles accept any valid certificate from any valid CA. Verizon profiles don't support self-signed certificates.
> [!NOTE] > The option of using your own certificate to enable the custom domain HTTPS feature is *not* available for **Azure CDN Standard from Akamai** profiles.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Computer-vision/computer-vision-how-to-install-containers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/computer-vision-how-to-install-containers.md
@@ -27,17 +27,17 @@ The *Read* OCR container allows you to extract printed and handwritten text from
> [!NOTE] > The Read 3.0-preview container has been deprecated.
-The Read 3.2-preview container provides:
+The Read 3.2-preview OCR container provides:
* New models for enhanced accuracy.
-* Support for multiple languages within the same document
-* Support for: Dutch, English, French, German, Italian, Portuguese, and Spanish.
+* Support for multiple languages within the same document.
+* Support for a total of 73 languages. See the full list of [OCR-supported languages](./language-support.md#optical-character-recognition-ocr).
* A single operation for both documents and images. * Support for larger documents and images.
-* Confidence scores from 0 to 1.
-* Support for documents with both print and handwritten text
-* Support for Simplified Chinese and Japanese.
-* confidence scores and labels for printed and handwritten text.
+* Confidence scores.
+* Support for documents with both print and handwritten text.
* Ability to extract text from only selected page(s) in a document.
+* Choose text line output order from default to a more natural reading order.
+* Text line classification as handwritten style or not for Latin languages only.
If you're using Read 2.0 containers today, see the [migration guide](read-container-migration-guide.md) to learn about changes in the new versions.
@@ -202,7 +202,7 @@ Use the host, `http://localhost:5000`, for container APIs. You can view the Swag
You can use the `POST /vision/v3.2/read/analyze` and `GET /vision/v3.2/read/operations/{operationId}` operations in concert to asynchronously read an image, similar to how the Computer Vision service uses those corresponding REST operations. The asynchronous POST method will return an `operationId` that is used as the identifer to the HTTP GET request.
-From the swagger UI, select the `asyncBatchAnalyze` to expand it in the browser. Then select **Try it out** > **Choose file**. In this example, we'll use the following image:
+From the swagger UI, select the `Analyze` to expand it in the browser. Then select **Try it out** > **Choose file**. In this example, we'll use the following image:
![tabs vs spaces](media/tabs-vs-spaces.png)
@@ -220,51 +220,99 @@ The `operation-location` is the fully qualified URL and is accessed via an HTTP
```json { "status": "succeeded",
- "createdDateTime": "2020-09-02T10:30:14Z",
- "lastUpdatedDateTime": "2020-09-02T10:30:15Z",
+ "createdDateTime": "2021-02-04T06:32:08.2752706+00:00",
+ "lastUpdatedDateTime": "2021-02-04T06:32:08.7706172+00:00",
"analyzeResult": { "version": "3.2.0", "readResults": [ { "page": 1,
- "angle": 2.12,
+ "angle": 2.1243,
"width": 502, "height": 252, "unit": "pixel",
- "language": "",
"lines": [ {
- "boundingBox": [58, 42, 314, 59, 311, 123, 56, 121],
+ "boundingBox": [
+ 58,
+ 42,
+ 314,
+ 59,
+ 311,
+ 123,
+ 56,
+ 121
+ ],
"text": "Tabs vs", "appearance": {
- "style": "handwriting",
- "styleConfidence": 0.999
+ "style": {
+ "name": "handwriting",
+ "confidence": 0.96
+ }
}, "words": [ {
- "boundingBox": [85, 45, 242, 62, 241, 122, 83, 123],
+ "boundingBox": [
+ 68,
+ 44,
+ 225,
+ 59,
+ 224,
+ 122,
+ 66,
+ 123
+ ],
"text": "Tabs",
- "confidence": 0.981
+ "confidence": 0.933
}, {
- "boundingBox": [258, 64, 314, 72, 314, 123, 256, 123],
+ "boundingBox": [
+ 241,
+ 61,
+ 314,
+ 72,
+ 314,
+ 123,
+ 239,
+ 122
+ ],
"text": "vs",
- "confidence": 0.958
+ "confidence": 0.977
} ] }, {
- "boundingBox": [286, 171, 415, 165, 417, 197, 287, 201],
+ "boundingBox": [
+ 286,
+ 171,
+ 415,
+ 165,
+ 417,
+ 197,
+ 287,
+ 201
+ ],
"text": "paces", "appearance": {
- "style": "print",
- "styleConfidence": 0.603
+ "style": {
+ "name": "handwriting",
+ "confidence": 0.746
+ }
}, "words": [ {
- "boundingBox": [303, 175, 415, 167, 415, 198, 306, 199],
+ "boundingBox": [
+ 286,
+ 179,
+ 404,
+ 166,
+ 405,
+ 198,
+ 290,
+ 201
+ ],
"text": "paces",
- "confidence": 0.918
+ "confidence": 0.938
} ] }
@@ -404,4 +452,4 @@ In this article, you learned concepts and workflow for downloading, installing,
* Review [Computer Vision overview](overview.md) to learn more about recognizing printed and handwritten text * Refer to the [Computer Vision API](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/56f91f2e778daf14a499f21b) for details about the methods supported by the container. * Refer to [Frequently asked questions (FAQ)](FAQ.md) to resolve issues related to Computer Vision functionality.
-* Use more [Cognitive Services Containers](../cognitive-services-container-support.md)
+* Use more [Cognitive Services Containers](../cognitive-services-container-support.md)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Computer-vision/concept-recognizing-text https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/concept-recognizing-text.md
@@ -32,15 +32,16 @@ The **Read** call takes images and documents as its input. They have the followi
* The file size must be less than 50 MB (4 MB for the free tier) and dimensions at least 50 x 50 pixels and at most 10000 x 10000 pixels. * The PDF dimensions must be at most 17 x 17 inches, corresponding to legal or A3 paper sizes and smaller.
-### Read 3.2 preview allows selecting page(s)
-With the [Read 3.2 preview API](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-1/operations/5d986960601faab4bf452005), for large multi-page documents, you can provide specific page numbers or page ranges as an input parameter to extract text from only those pages. This is a new input parameter in addition to the optional language parameter.
- > [!NOTE] > **Language input** >
-> The [Read call](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d986960601faab4bf452005) has an optional request parameter for language. This is the BCP-47 language code of the text in the document. Read supports auto language identification and multilingual documents, so only provide a language code if you would like to force the document to be processed as that specific language.
+> The [Read call](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d986960601faab4bf452005) has an optional request parameter for language. Read supports auto language identification and multilingual documents, so only provide a language code if you would like to force the document to be processed as that specific language.
+
+## OCR demo (examples)
+
+![OCR demos](./Images/ocr-demo.gif)
-## The Read call
+## Step 1: The Read operation
The Read API's [Read call](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d986960601faab4bf452005) takes an image or PDF document as the input and extracts text asynchronously. The call returns with a response header field called `Operation-Location`. The `Operation-Location` value is a URL that contains the Operation ID to be used in the next step.
@@ -53,7 +54,7 @@ The Read API's [Read call](https://westcentralus.dev.cognitive.microsoft.com/doc
> > The [Computer Vision pricing](https://azure.microsoft.com/pricing/details/cognitive-services/computer-vision/) page includes the pricing tier for Read. Each analyzed image or page is one transaction. If you call the operation with a PDF or TIFF document containing 100 pages, the Read operation will count it as 100 transactions and you will be billed for 100 transactions. If you made 50 calls to the operation and each call submitted a document with 100 pages, you will be billed for 50 X 100 = 5000 transactions.
-## The Get Read Results call
+## Step 2: The Get Read Results operation
The second step is to call [Get Read Results](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d9869604be85dee480c8750) operation. This operation takes as input the operation ID that was created by the Read operation. It returns a JSON response that contains a **status** field with the following possible values. You call this operation iteratively until it returns with the **succeeded** value. Use an interval of 1 to 2 seconds to avoid exceeding the requests per second (RPS) rate.
@@ -70,7 +71,7 @@ The second step is to call [Get Read Results](https://westcentralus.dev.cognitiv
When the **status** field has the **succeeded** value, the JSON response contains the extracted text content from your image or document. The JSON response maintains the original line groupings of recognized words. It includes the extracted text lines and their bounding box coordinates. Each text line includes all extracted words with their coordinates and confidence scores. > [!NOTE]
-> The data submitted to the `Read` operation are temporarily encrypted and stored at rest, and deleted within 48 hours. This lets your applications retrieve the extracted text as part of the service response.
+> The data submitted to the `Read` operation are temporarily encrypted and stored at rest for a short duration, and then deleted. This lets your applications retrieve the extracted text as part of the service response.
## Sample JSON output
@@ -126,73 +127,39 @@ See the following example of a successful JSON response:
} } ```
-### Read 3.2 preview adds text line style (Latin languages only)
-The [Read 3.2 preview API](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-1/operations/5d986960601faab4bf452005) outputs an **appearance** object classifying whether each text line is print or handwriting style, along with a confidence score. This feature is supported only for Latin languages.
-
-Get started with the [Computer Vision REST API or client library quickstarts](./quickstarts-sdk/client-library.md) to start integrating OCR capabilities into your applications.
-
-## Supported languages for print text
-The [Read API](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d986960601faab4bf452005) supports extracting printed text in English, Spanish, German, French, Italian, Portuguese, and Dutch languages.
-
-See the [Supported languages](./language-support.md#optical-character-recognition-ocr) for the full list of OCR-supported languages.
-
-### Read 3.2 preview adds Simplified Chinese and Japanese
-The [Read 3.2 API public preview](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-1/operations/5d986960601faab4bf452005) adds support for Simplified Chinese and Japanese. If your scenario requires supporting more languages, see the [OCR API](#ocr-api) section.
-
-## Supported languages for handwritten text
-The Read operation currently supports extracting handwritten text exclusively in English.
-
-## Use the REST API and SDK
-The [Read 3.x REST API](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d986960601faab4bf452005) is the preferred option for most customers because of ease of integration and fast productivity out of the box. Azure and the Computer Vision service handle scale, performance, data security, and compliance needs while you focus on meeting your customers' needs.
-
-## Deploy on-premise with Docker containers
-The [Read Docker container (preview)](./computer-vision-how-to-install-containers.md) enables you to deploy the new OCR capabilities in your own local environment. Containers are great for specific security and data governance requirements.
-## Example outputs
+## Select page(s) or page ranges for text extraction
+With the [Read 3.2 preview API](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-2/operations/5d986960601faab4bf452005), for large multi-page documents, use the `pages` query parameter to specify page numbers or page ranges to extract text from only those pages. For example, the following example shows a document with 10 pages for both cases - all pages (1-10) and selected pages (3-6).
-### Text from images
-The following Read API output shows the extracted text from an image with different text angles, colors, and fonts.
+## Specify text line order in the output
+With the [Read 3.2 preview API](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-2/operations/5d986960601faab4bf452005), specify the order in which the text lines are output with the `read order` query parameter. Choose between `basic` for the default left-right and top-down line order or `natural` for a more human reading-friendly line order. The following example shows both sets of line order numbers for the same two-column document. Notice that The image on the right shows sequential line numbers within each column to represent the reading order.
-![An image of several words at different colors and angles, with extracted text listed](./Images/text-from-images-example.png)
-### Text from documents
+## Handwritten classification for text lines (Latin only)
+The [Read 3.2 preview API](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-2/operations/5d986960601faab4bf452005) response includes classifying whether each text line is of handwriting style or not, along with a confidence score. This feature is supported only for Latin languages. The following example shows the handwritten classification for the text in the image.
-Read API can also take PDF documents as input.
-![An invoice document, with extracted text listed](./Images/text-from-pdf-example.png)
+## Supported languages
+The Read APIs support a total of 73 languages for print style text. Refer to the full list of [OCR-supported languages](./language-support.md#optical-character-recognition-ocr). Handwritten style OCR is supported exclusively for English.
-### Handwritten text
+## Use the cloud API or deploy on-premise
+The Read 3.x cloud APIs are the preferred option for most customers because of ease of integration and fast productivity out of the box. Azure and the Computer Vision service handle scale, performance, data security, and compliance needs while you focus on meeting your customers' needs.
-The Read operation extracts handwritten text from images (currently only in English).
-
-![An image of a handwritten note, with extracted text listed](./Images/handwritten-example.png)
-
-### Printed text
-
-The Read operation can extract printed text in several different languages.
-
-![An image of a Spanish textbook, with extracted text listed](./Images/supported-languages-example.png)
-
-### Mixed language documents
-
-The Read API supports images and documents that contain multiple different languages, commonly known as mixed language documents. It works by classifying each text line in the document into the detected language before extracting its text contents.
-
-![An image of phrases in several languages, with extracted text listed](./Images/mixed-language-example.png)
+For on-premise deployment, the [Read Docker container (preview)](./computer-vision-how-to-install-containers.md) enables you to deploy the new OCR capabilities in your own local environment. Containers are great for specific security and data governance requirements.
## OCR API The [OCR API](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-g#optical-character-recognition-ocr) then Read API.
-## Data privacy and security
-
-As with all the cognitive services, developers using the Read/OCR services should be aware of Microsoft policies on customer data. See the Cognitive Services page on the [Microsoft Trust Center](https://www.microsoft.com/trust-center/product-overview) to learn more.
- > [!NOTE] > The Computer Vison 2.0 RecognizeText operations are in the process of getting deprecated in favor of the new Read API covered in this article. Existing customers should [transition to using Read operations](upgrade-api-versions.md). ## Next steps - Get started with the [Computer Vision REST API or client library quickstarts](./quickstarts-sdk/client-library.md).-- Learn about the [Read REST API](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d986960601faab4bf452005).-- Learn about the [Read 3.2 public preview REST API](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-1/operations/5d986960601faab4bf452005) with added support for Simplified Chinese and Japanese.
+- Learn about the [Read 3.1 REST API](https://westcentralus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-1-ga/operations/5d986960601faab4bf452005).
+- Learn about the [Read 3.2 public preview REST API](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-2/operations/5d986960601faab4bf452005) with support for a total of 73 languages.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Computer-vision/language-support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/language-support.md
@@ -20,34 +20,89 @@ Some features of Computer Vision support multiple languages; any features not me
Computer Vision's OCR APIs support several languages. They do not require you to specify a language code. See [Optical Character Recognition (OCR)](concept-recognizing-text.md) for more information.
-|Language| Language code | OCR API | Read 3.0 and 3.1 | Read v3.2-preview.1 |
+|Language| Language code | OCR API | Read 3.0/3.1 | Read v3.2 preview |
|:--|:-:|:--:|::|::|
+|Afrikaans|`af`| | |Γ£ö |
+|Albanian |`sq`| | |Γ£ö |
|Arabic | `ar`|Γ£ö | | |
+|Asturian |`ast`| | |Γ£ö |
+|Basque |`eu`| | |Γ£ö |
+|Bislama |`bi`| | |Γ£ö |
+|Breton |`br`| | |Γ£ö |
+|Catalan |`ca`| | |Γ£ö |
+|Cebuano |`ceb`| | |Γ£ö |
+|Chamorro |`ch`| | |Γ£ö |
|Chinese (Simplified) | `zh-Hans`|Γ£ö | |Γ£ö |
-|Chinese (Traditional) | `zh-Hant`|Γ£ö | | |
-|Czech | `cs` |Γ£ö | | |
-|Danish | `da` |Γ£ö | | |
+|Chinese (Traditional) | `zh-Hant`|Γ£ö | |Γ£ö |
+|Cornish |`kw`| | |Γ£ö |
+|Corsican |`co`| | |Γ£ö |
+|Crimean Tatar (Latin) |`crh`| | |Γ£ö |
+|Czech | `cs` |Γ£ö | |Γ£ö |
+|Danish | `da` |Γ£ö | |Γ£ö |
|Dutch | `nl` |Γ£ö |Γ£ö |Γ£ö | |English | `en` |Γ£ö |Γ£ö |Γ£ö |
-|Finnish | `fi` |Γ£ö | | |
+|Estonian |`crh`| | |Γ£ö |
+|Fijian |`fj`| | |Γ£ö |
+|Filipino |`fil`| | |Γ£ö |
+|Finnish | `fi` |Γ£ö | |Γ£ö |
|French | `fr` |Γ£ö |Γ£ö |Γ£ö |
+|Friulian | `fur` | | |Γ£ö |
+|Galician | `gl` | | |Γ£ö |
|German | `de` |Γ£ö |Γ£ö |Γ£ö |
+|Gilbertese | `gil` | | |Γ£ö |
|Greek | `el` |Γ£ö | | |
-|Hungarian | `hu` |Γ£ö | | |
+|Greenlandic | `kl` | | |Γ£ö |
+|Haitian Creole | `ht` | | |Γ£ö |
+|Hani | `hni` | | |Γ£ö |
+|Hmong Daw (Latin) | `mww` | | |Γ£ö |
+|Hungarian | `hu` |Γ£ö | | Γ£ö |
+|Indonesian | `id` | | |Γ£ö |
+|Interlingua | `ia` | | |Γ£ö |
+|Inuktitut (Latin) | `iu` | | |Γ£ö |
+|Irish | `ga` | | |Γ£ö |
|Italian | `it` |Γ£ö |Γ£ö |Γ£ö | |Japanese | `ja` |Γ£ö | |Γ£ö |
-|Korean | `ko` |Γ£ö | | |
+|Javanese | `jv` | | |Γ£ö |
+|Kabuverdianu | `kea` | | |Γ£ö |
+|Kachin (Latin) | `kac` | | |Γ£ö |
+|Kara-Kalpak | `kaa` | | |Γ£ö |
+|Kashubian | `csb` | | |Γ£ö |
+|Khasi | `kha` | | |Γ£ö |
+|Korean | `ko` |Γ£ö | |Γ£ö |
+|KΓÇÖicheΓÇÖ | `quc` | | |Γ£ö |
+|Kurdish (latin) | `kur` | | |Γ£ö |
+|Luxembourgish | `lb` | | |Γ£ö |
+|Malay (Latin) | `ms` | | |Γ£ö |
+|Manx | `gv` | | |Γ£ö |
+|Neapolitan | `nap` | | |Γ£ö |
|Norwegian | `nb` |Γ£ö | | |
-|Polish | `pl` |Γ£ö | | |
+|Norwegian | `no` | | |Γ£ö |
+|Occitan | `oc` | | |Γ£ö |
+|Polish | `pl` |Γ£ö | |Γ£ö |
|Portuguese | `pt` |Γ£ö |Γ£ö |Γ£ö | |Romanian | `ro` |Γ£ö | | |
+|Romansh | `rm` | | |Γ£ö |
|Russian | `ru` |Γ£ö | | |
+|Scots | `sco` | | |Γ£ö |
+|Scottish Gaelic | `gd` | | |Γ£ö |
|Serbian (Cyrillic) | `sr-Cyrl` |Γ£ö | | | |Serbian (Latin) | `sr-Latn` |Γ£ö | | | |Slovak | `sk` |Γ£ö | | |
+|Slovenian | `slv` | | |Γ£ö |
|Spanish | `es` |Γ£ö |Γ£ö |Γ£ö |
-|Swedish | `sw` |Γ£ö | | |
-|Turkish | `tr` |Γ£ö | | |
+|Swahili (Latin) | `sw` | | |Γ£ö |
+|Swedish | `sv` |Γ£ö | |Γ£ö |
+|Tatar (Latin) | `tat` | | |Γ£ö |
+|Tetum | `tet` | | |Γ£ö |
+|Turkish | `tr` |Γ£ö | |Γ£ö |
+|Upper Sorbian | `hsb` | | |Γ£ö |
+|Uzbek (Latin) | `uz` | | |Γ£ö |
+|Volap├╝k | `vo` | | |Γ£ö |
+|Walser | `wae` | | |Γ£ö |
+|Western Frisian | `fy` | | |Γ£ö |
+|Yucatec Maya | `yua` | | |Γ£ö |
+|Zhuang | `za` | | |Γ£ö |
+|Zulu | `zu` | | |Γ£ö |
## Image analysis
@@ -60,10 +115,3 @@ Some actions of the [Analyze - Image](https://westcentralus.dev.cognitive.micros
|Japanese | `ja` | ✔ | ✔| ✔|-|-|-|-|-|❌|✔|✔| |Portuguese | `pt` | ✔ | ✔| ✔|-|-|-|-|-|❌|✔|✔| |Spanish | `es` | ✔ | ✔| ✔|-|-|-|-|-|❌|✔|✔|-
-## Next steps
-
-Get started using the Computer Vision features mentioned in this guide.
-
-* [Analyze a local image (REST)](https://github.com/Azure-Samples/cognitive-services-quickstart-code/blob/master/dotnet/ComputerVision/REST/CSharp-analyze.md)
-* [Extract printed text (REST)](https://github.com/Azure-Samples/cognitive-services-quickstart-code/blob/master/dotnet/ComputerVision/REST/CSharp-print-text.md)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Computer-vision/overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/overview.md
@@ -26,7 +26,7 @@ You can create Computer Vision applications through a [client library SDK](./qui
## Optical Character Recognition (OCR)
-Computer Vision includes [Optical Character Recognition (OCR)](concept-recognizing-text.md) capabilities. You can use the new Read API to extract printed and handwritten text from images and documents. It uses the latest models and works with text on a variety of surfaces and backgrounds. These include receipts, posters, business cards, letters, and whiteboards. The two OCR APIs support extracting printed text in [several languages](./language-support.md). Follow a [quickstart](./quickstarts-sdk/client-library.md) to get started.
+Computer Vision includes [Optical Character Recognition (OCR)](concept-recognizing-text.md) capabilities. You can use the new Read API to extract printed and handwritten text from images and documents. It uses deep learning based models and works with text on a variety of surfaces and backgrounds. These include business documents, invoices, receipts, posters, business cards, letters, and whiteboards. The OCR APIs support extracting printed text in [several languages](./language-support.md). Follow a [quickstart](./quickstarts-sdk/client-library.md) to get started.
## Computer Vision for digital asset management
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Computer-vision/whats-new https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/whats-new.md
@@ -16,6 +16,21 @@
Learn what's new in the service. These items may be release notes, videos, blog posts, and other types of information. Bookmark this page to stay up to date with the service.
+## February 2021
+
+### Read API v3.2 Public Preview with OCR support for 73 languages
+Computer Vision's Read API v3.2 public preview includes these capabilities:
+* OCR for a total of [73 languages](./language-support.md#optical-character-recognition-ocr) including Simplified and Traditional Chinese, Japanese, Korean, and major Latin languages.
+* Choose whether to output the text lines in the left-right and top-bottom (default) order or a more natural reading order.
+* For each text line output, indicate whether its handwriting style or not along with a confidence score (Latin languages only).
+* For a multi-page document extract text only for selected pages or page range.
+
+See the [Read API overview](concept-recognizing-text.md) to learn more.
+
+> [!div class="nextstepaction"]
+> [Use the Read API v3.2 Public Preview](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2-preview-2/operations/5d986960601faab4bf452005)
++ ## January 2021 ### Spatial analysis container update
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/QnAMaker/Concepts/azure-resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/Concepts/azure-resources.md
@@ -227,23 +227,15 @@ The management service of QnA Maker is used only for the QnA Maker portal and fo
Your QnA Maker service deals with two kinds of keys: **authoring keys** and **query endpoint keys** used with the runtime hosted in the App service.
-If you are looking for your **subscription key**, [the terminology has changed](#subscription-keys).
- Use these keys when making requests to the service through APIs. ![Key management](../media/qnamaker-how-to-key-management/key-management.png) |Name|Location|Purpose| |--|--|--|
-|Authoring key|[Azure portal](https://azure.microsoft.com/free/cognitive-services/)|These keys are used to access the [QnA Maker management service APIs](/rest/api/cognitiveservices/qnamaker4.0/knowledgebase). These APIs let you edit the questions and answers in your knowledge base, and publish your knowledge base. These keys are created when you create a new QnA Maker service.<br><br>Find these keys on the **Cognitive Services** resource on the **Keys** page.|
+|Authoring/Subscription key|[Azure portal](https://azure.microsoft.com/free/cognitive-services/)|These keys are used to access the [QnA Maker management service APIs](/rest/api/cognitiveservices/qnamaker4.0/knowledgebase). These APIs let you edit the questions and answers in your knowledge base, and publish your knowledge base. These keys are created when you create a new QnA Maker service.<br><br>Find these keys on the **Cognitive Services** resource on the **Keys** page.|
|Query endpoint key|[QnA Maker portal](https://www.qnamaker.ai)|These keys are used to query the published knowledge base endpoint to get a response for a user question. You typically use this query endpoint in your chat bot or in the client application code that connects to the QnA Maker service. These keys are created when you publish your QnA Maker knowledge base.<br><br>Find these keys in the **Service settings** page. Find this page from the user's menu in the upper right of the page on the drop-down menu.|
-### Subscription keys
-
-The terms authoring and query endpoint key are corrective terms. The previous term was **subscription key**. If you see other documentation referring to subscription keys, these are equivalent to authoring and query endpoint keys (used in the runtime).
-
-You must know what the key is accessing, knowledge base management or knowledge base querying, to know which key you need to find.
- ### Recommended settings for network isolation * Protect Cognitive Service Resource from public access by [configuring the virtual network](../../cognitive-services-virtual-networks.md?tabs=portal).
@@ -307,23 +299,15 @@ In QnA Maker managed (Preview) both the management and the prediction services a
Your QnA Maker managed (Preview) service deals with two kinds of keys: **authoring keys** and **Azure Cognitive Search keys** used to access the service in the customerΓÇÖs subscription.
-If you are looking for your **subscription key**, [the terminology has changed](#subscription-keys).
- Use these keys when making requests to the service through APIs. ![Key management managed preview](../media/qnamaker-how-to-key-management/qnamaker-v2-key-management.png) |Name|Location|Purpose| |--|--|--|
-|Authoring key|[Azure portal](https://azure.microsoft.com/free/cognitive-services/)|These keys are used to access the [QnA Maker management service APIs](/rest/api/cognitiveservices/qnamaker4.0/knowledgebase). These APIs let you edit the questions and answers in your knowledge base, and publish your knowledge base. These keys are created when you create a new QnA Maker service.<br><br>Find these keys on the **Cognitive Services** resource on the **Keys** page.|
+|Authoring/Subscription key|[Azure portal](https://azure.microsoft.com/free/cognitive-services/)|These keys are used to access the [QnA Maker management service APIs](/rest/api/cognitiveservices/qnamaker4.0/knowledgebase). These APIs let you edit the questions and answers in your knowledge base, and publish your knowledge base. These keys are created when you create a new QnA Maker service.<br><br>Find these keys on the **Cognitive Services** resource on the **Keys** page.|
|Azure Cognitive Search Admin Key|[Azure portal](../../../search/search-security-api-keys.md)|These keys are used to communicate with the Azure cognitive search service deployed in the userΓÇÖs Azure subscription. When you associate an Azure cognitive search with the QnA Maker managed (Preview) service, the admin key is automatically passed on to the QnA Maker service. <br><br>You can find these keys on the **Azure Cognitive Search** resource on the **Keys** page.|
-### Subscription keys
-
-The terms authoring and query endpoint key are corrective terms. The previous term was **subscription key**. If you see other documentation referring to subscription keys, these are equivalent to authoring and query endpoint keys (used in the runtime).
-
-You must know what the key is accessing, knowledge base management or knowledge base querying, to know which key you need to find.
- ### Recommended settings for network isolation Protect Cognitive Service Resource from public access by [configuring the virtual network](../../cognitive-services-virtual-networks.md?tabs=portal).
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/QnAMaker/Concepts/data-sources-and-content https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/Concepts/data-sources-and-content.md
@@ -95,4 +95,4 @@ Learn more about the [format guidelines](../reference-document-format-guidelines
## Next steps
-Understand what information is stored in a [question and answer (QnA) pair](question-answer-set.md).
+Learn how to [edit QnAs](../how-to/edit-knowledge-base.md).
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/QnAMaker/How-To/edit-knowledge-base https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/How-To/edit-knowledge-base.md
@@ -6,6 +6,7 @@
Last updated 07/16/2020 + # Edit QnA pairs in your knowledge base QnA Maker allows you to manage the content of your knowledge base by providing an easy-to-use editing experience.
@@ -14,8 +15,27 @@ QnA pairs are added from a datasource, such as a file or URL, or added as an edi
<a name="add-an-editorial-qna-set"></a>
+## Question and answer pairs
+
+A knowledge base consists of question and answer (QnA) pairs. Each pair has one answer and a pair contains all the information associated with that _answer_. An answer can loosely resemble a database row or a data structure instance. The **required** settings in a question-and-answer (QnA) pair are:
+
+* a **question** - text of user query, used to QnA Maker's machine-learning, to align with text of user's question with different wording but the same answer
+* the **answer** - the pair's answer is the response that's returned when a user query is matched with the associated question
+
+Each pair is represented by an **ID**.
+
+The **optional** settings for a pair include:
+
+* **Alternate forms of the question** - this helps QnA Maker return the correct answer for a wider variety of question phrasings
+* **Metadata**: Metadata are tags associated with a QnA pair and are represented as key-value pairs. Metadata tags are used to filter QnA pairs and limit the set over which query matching is performed.
+* **Multi-turn prompts**, used to continue a multi-turn conversation
+
+![QnA Maker knowledge bases](../media/qnamaker-concepts-knowledgebase/knowledgebase.png)
+ ## Add an editorial QnA pair
+If you do not have pre-existing content to populate the knowledge base, you can add QnA pairs editorially in the QnA Maker portal.
+ 1. Sign in to the [QnA portal](https://www.qnamaker.ai/), then select the knowledge base to add the QnA pair to. 1. On the **EDIT** page of the knowledge base, select **Add QnA pair** to add a new QnA pair.
@@ -124,9 +144,17 @@ Periodically select **Save and train** after making edits to avoid losing change
[Markdown](../reference-markdown-format.md) is a better tool when you need to autogenerate content to create knowledge bases to be imported as part of a CI/CD pipeline or for [batch testing](../index.yml).
+## Editing your knowledge base locally
+
+Once a knowledge base is created, it is recommended that you make edits to the knowledge base text in the [QnA Maker portal](https://qnamaker.ai), rather than exporting and reimporting through local files. However, there may be times that you need to edit a knowledge base locally.
+
+Export the knowledge base from the **Settings** page, then edit the knowledge base with Microsoft Excel. If you choose to use another application to edit your exported file, the application may introduce syntax errors because it is not fully TSV compliant. Microsoft Excel's TSV files generally don't introduce any formatting errors.
+
+Once you are done with your edits, reimport the TSV file from the **Settings** page. This will completely replace the current knowledge base with the imported knowledge base.
+ ## Next steps > [!div class="nextstepaction"] > [Collaborate on a knowledge base](../index.yml)
-* [Manage Azure resources used by QnA Maker](set-up-qnamaker-service-azure.md)
+* [Manage Azure resources used by QnA Maker](set-up-qnamaker-service-azure.md)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/QnAMaker/How-To/manage-qna-maker-app https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/How-To/manage-qna-maker-app.md
@@ -66,50 +66,7 @@ When they select a knowledge base, their current role on that QnA Maker resource
:::image type="content" source="../media/qnamaker-how-to-collaborate-knowledge-base/qnamaker-knowledge-base-role-name.png" alt-text="Screenshot of knowledge base in Edit mode with role name in parentheses next to knowledge base name in top-left corner of web page.":::
-## Upgrade runtime version to use active learning
-
-# [QnA Maker GA (stable release)](#tab/v1)
-
-Active Learning is supported in runtime version 4.4.0 and above. If your knowledge base was created on an earlier version, [upgrade your runtime](set-up-qnamaker-service-azure.md#get-the-latest-runtime-updates) to use this feature.
-
-# [QnA Maker managed (preview release)](#tab/v2)
-
-In QnA Maker managed (Preview), since the runtime is hosted by the QnA Maker service itself, there is no need to upgrade the runtime manually.
---
-## Turn on active learning for alternate questions
-
-# [QnA Maker GA (stable release)](#tab/v1)
-
-Active learning is off by default. Turn it on to see suggested questions. After you turn on active learning, you need to send information from the client app to QnA Maker. For more information, see [Architectural flow for using GenerateAnswer and Train APIs from a bot](improve-knowledge-base.md#architectural-flow-for-using-generateanswer-and-train-apis-from-a-bot).
-
-1. Select **Publish** to publish the knowledge base. Active learning queries are collected from the GenerateAnswer API prediction endpoint only. The queries to the Test pane in the QnA Maker portal do not impact active learning.
-
-1. To turn active learning on in the QnA Maker portal, go to the top-right corner, select your **Name**, go to [**Service Settings**](https://www.qnamaker.ai/UserSettings).
-
- ![Turn on active learning's suggested question alternatives from the Service settings page. Select your user name in the top-right menu, then select Service Settings.](../media/improve-knowledge-base/Endpoint-Keys.png)
--
-1. Find the QnA Maker service then toggle **Active Learning**.
-
- > [!div class="mx-imgBorder"]
- > [![On the Service settings page, toggle on Active Learning feature. If you are not able to toggle the feature, you may need to upgrade your service.](../media/improve-knowledge-base/turn-active-learning-on-at-service-setting.png)](../media/improve-knowledge-base/turn-active-learning-on-at-service-setting.png#lightbox)
- > [!Note]
- > The exact version on the preceding image is shown as an example only. Your version may be different.
- Once **Active Learning** is enabled, the knowledge base suggests new questions at regular intervals based on user-submitted questions. You can disable **Active Learning** by toggling the setting again.
-
-# [QnA Maker managed (preview release)](#tab/v2)
-
-By default, active learning is **on** in QnA Maker managed (Preview). To see the suggested alternate questions, [use View options](../How-To/improve-knowledge-base.md#view-suggested-questions) on the Edit page.
---
-## Review suggested alternate questions
-
-[Review alternate suggested questions](improve-knowledge-base.md) on the **Edit** page of each knowledge base.
- ## Next steps > [!div class="nextstepaction"]
-> [Create a knowledge base](./manage-knowledge-bases.md)
+> [Create a knowledge base](./manage-knowledge-bases.md)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/QnAMaker/includes/quickstart-sdk-csharp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/includes/quickstart-sdk-csharp.md
@@ -146,7 +146,7 @@ In the application's `Main` method, add variables and code, shown in the followi
# [QnA Maker GA (stable release)](#tab/version-1) > [!IMPORTANT]
-> Go to the Azure portal and find the key and endpoint for the QnA Maker resource you created in the prerequisites. They will be located on the resource's **key and endpoint** page, under **resource management**.
+> Go to the Azure portal and find the key and endpoint for the QnA Maker resource you created in the prerequisites. They will be located on the resource's **key and endpoint** page, under **resource management**. We use subscription key and authoring key interchangably. For more details on authoring key, follow [Keys in QnA Maker](https://docs.microsoft.com/azure/cognitive-services/qnamaker/concepts/azure-resources?tabs=v1#keys-in-qna-maker).
- Create environment variables named QNA_MAKER_SUBSCRIPTION_KEY, QNA_MAKER_ENDPOINT, and QNA_MAKER_RUNTIME_ENDPOINT to store these values. - The value of QNA_MAKER_ENDPOINT has the format `https://YOUR-RESOURCE-NAME.cognitiveservices.azure.com`.
@@ -158,7 +158,7 @@ In the application's `Main` method, add variables and code, shown in the followi
# [QnA Maker managed (preview release)](#tab/version-2) > [!IMPORTANT]
-> Go to the Azure portal and find the key and endpoint for the QnA Maker resource you created in the prerequisites. They will be located on the resource's **key and endpoint** page, under **resource management**.
+> Go to the Azure portal and find the key and endpoint for the QnA Maker resource you created in the prerequisites. They will be located on the resource's **key and endpoint** page, under **resource management**. We use subscription key and authoring key interchangably. For more details on authoring key, follow [Keys in QnA Maker](https://docs.microsoft.com/azure/cognitive-services/qnamaker/concepts/azure-resources?tabs=v2#keys-in-qna-maker-managed-preview).
- Create environment variables named QNA_MAKER_SUBSCRIPTION_KEY and QNA_MAKER_ENDPOINT to store these values. - The value of QNA_MAKER_ENDPOINT has the format `https://YOUR-RESOURCE-NAME.cognitiveservices.azure.com`.
@@ -168,6 +168,7 @@ In the application's `Main` method, add variables and code, shown in the followi
+ ## Object models # [QnA Maker GA (stable release)](#tab/version-1)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/QnAMaker/reference-document-format-guidelines https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/reference-document-format-guidelines.md
@@ -31,7 +31,7 @@ QnA Maker identifies sections and subsections and relationships in the file base
> [!NOTE] > We don't support extraction of images from uploaded documents currently.
-## Product manuals
+### Product manuals
A manual is typically guidance material that accompanies a product. It helps the user to set up, use, maintain, and troubleshoot the product. When QnA Maker processes a manual, it extracts the headings and subheadings as questions and the subsequent content as answers. See an example [here](https://download.microsoft.com/download/2/9/B/29B20383-302C-4517-A006-B0186F04BE28/surface-pro-4-user-guide-EN.pdf).
@@ -42,7 +42,7 @@ Below is an example of a manual with an index page, and hierarchical content
> [!NOTE] > Extraction works best on manuals that have a table of contents and/or an index page, and a clear structure with hierarchical headings.
-## Brochures, guidelines, papers, and other files
+### Brochures, guidelines, papers, and other files
Many other types of documents can also be processed to generate QA pairs, provided they have a clear structure and layout. These include: Brochures, guidelines, reports, white papers, scientific papers, policies, books, etc. See an example [here](https://qnamakerstore.blob.core.windows.net/qnamakerdata/docs/Manage%20Azure%20Blob%20Storage.docx).
@@ -50,7 +50,7 @@ Below is an example of a semi-structured doc, without an index:
![Azure Blob storage semi-structured Doc](./media/qnamaker-concepts-datasources/semi-structured-doc.png)
-## Structured QnA Document
+### Structured QnA Document
The format for structured Question-Answers in DOC files, is in the form of alternating Questions and Answers per line, one question per line followed by its answer in the following line, as shown below:
@@ -68,7 +68,7 @@ Below is an example of a structured QnA word document:
![Structured QnA document example for a knowledge base](./media/qnamaker-concepts-datasources/structured-qna-doc.png)
-## Structured *TXT*, *TSV* and *XLS* Files
+### Structured *TXT*, *TSV* and *XLS* Files
QnAs in the form of structured *.txt*, *.tsv* or *.xls* files can also be uploaded to QnA Maker to create or augment a knowledge base. These can either be plain text, or can have content in RTF or HTML.
@@ -79,13 +79,13 @@ QnAs in the form of structured *.txt*, *.tsv* or *.xls* files can also be upload
Any additional columns in the source file are ignored.
-### Example of structured Excel file
+#### Example of structured Excel file
Below is an example of a structured QnA *.xls* file, with HTML content: ![Structured QnA excel example for a knowledge base](./media/qnamaker-concepts-datasources/structured-qna-xls.png)
-### Example of alternate questions for single answer in Excel file
+#### Example of alternate questions for single answer in Excel file
Below is an example of a structured QnA *.xls* file, with several alternate questions for a single answer:
@@ -95,7 +95,7 @@ After the file is imported, the question-and-answer pair is in the knowledge bas
![Screenshot of alternate questions for single answer imported into knowledge base](./media/qnamaker-concepts-datasources/xls-alternate-question-example-after-import.png)
-## Structured data format through import
+### Structured data format through import
Importing a knowledge base replaces the content of the existing knowledge base. Import requires a structured .tsv file that contains data source information. This information helps QnA Maker group the question-answer pairs and attribute them to a particular data source.
@@ -106,7 +106,7 @@ Importing a knowledge base replaces the content of the existing knowledge base.
<a href="#formatting-considerations"></a>
-## Multi-turn document formatting
+### Multi-turn document formatting
* Use headings and sub-headings to denote hierarchy. For example You can h1 to denote the parent QnA and h2 to denote the QnA that should be taken as prompt. Use small heading size to denote subsequent hierarchy. Don't use style, color, or some other mechanism to imply structure in your document, QnA Maker will not extract the multi-turn prompts. * First character of heading must be capitalized.
@@ -114,6 +114,56 @@ Importing a knowledge base replaces the content of the existing knowledge base.
**Sample documents**:<br>[Surface Pro (docx)](https://github.com/Azure-Samples/cognitive-services-sample-data-files/blob/master/qna-maker/data-source-formats/multi-turn.docx)<br>[Contoso Benefits (docx)](https://github.com/Azure-Samples/cognitive-services-sample-data-files/blob/master/qna-maker/data-source-formats/Multiturn-ContosoBenefits.docx)<br>[Contoso Benefits (pdf)](https://github.com/Azure-Samples/cognitive-services-sample-data-files/blob/master/qna-maker/data-source-formats/Multiturn-ContosoBenefits.pdf)
+## FAQ URLs
+
+QnA Maker can support FAQ web pages in 3 different forms:
+
+* Plain FAQ pages
+* FAQ pages with links
+* FAQ pages with a Topics Homepage
+
+### Plain FAQ pages
+
+This is the most common type of FAQ page, in which the answers immediately follow the questions in the same page.
+
+Below is an example of a plain FAQ page:
+
+![Plain FAQ page example for a knowledge base](./media/qnamaker-concepts-datasources/plain-faq.png)
++
+### FAQ pages with links
+
+In this type of FAQ page, questions are aggregated together and are linked to answers that are either in different sections of the same page, or in different pages.
+
+Below is an example of an FAQ page with links in sections that are on the same page:
+
+ ![Section Link FAQ page example for a knowledge base](./media/qnamaker-concepts-datasources/sectionlink-faq.png)
++
+### Parent Topics page links to child answers pages
+
+This type of FAQ has a Topics page where each topic is linked to a corresponding set of questions and answers on a different page. QnA Maker crawls all the linked pages to extract the corresponding questions & answers.
+
+Below is an example of a Topics page with links to FAQ sections in different pages.
+
+ ![Deep link FAQ page example for a knowledge base](./media/qnamaker-concepts-datasources/topics-faq.png)
+
+### Support URLs
+
+QnA Maker can process semi-structured support web pages, such as web articles that would describe how to perform a given task, how to diagnose and resolve a given problem, and what are the best practices for a given process. Extraction works best on content that has a clear structure with hierarchical headings.
+
+> [!NOTE]
+> Extraction for support articles is a new feature and is in early stages. It works best for simple pages, that are well structured, and do not contain complex headers/footers.
+
+![QnA Maker supports extraction from semi-structured web pages where a clear structure is presented with hierarchical headings](./media/qnamaker-concepts-datasources/support-web-pages-with-heirarchical-structure.png)
+
+## Import and export knowledge base
+
+**TSV and XLS files**, from exported knowledge bases, can only be used by importing the files from the **Settings** page in the QnA Maker portal. They can't be used as data sources during knowledge base creation or from the **+ Add file** or **+ Add URL** feature on the **Settings** page.
+
+When you import the Knowledge base through these **TSV and XLS files**, the QnA pairs get added to the editorial source and not the sources from which the QnAs were extracted in the exported Knowledge Base.
++ ## Next steps See a full list of [content types and examples](./concepts/data-sources-and-content.md#content-types-of-documents-you-can-add-to-a-knowledge-base)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/how-to-custom-speech-human-labeled-transcriptions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-human-labeled-transcriptions.md
@@ -163,6 +163,10 @@ Here are a few examples of normalization automatically performed on the transcri
| ¡Eine Frage! | eine frage | | wir, haben | wir haben |
+### Text normalization for Japanese
+
+In Japanese (ja-JP), there's a maximum length of 90 characters for each sentence. Lines with longer sentences will be discarded. To add longer text, insert a period in between.
+ ## Next Steps - [Prepare and test your data](./how-to-custom-speech-test-and-train.md)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/includes/spx-setup https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/includes/spx-setup.md
@@ -14,7 +14,7 @@
Follow these steps to install the Speech CLI on Windows: 1. On Windows, you need the [Microsoft Visual C++ Redistributable for Visual Studio 2019](https://support.microsoft.com/help/2977003/the-latest-supported-visual-c-downloads) for your platform. Installing this for the first time may require a restart.
-1. Install [.NET Core 3.1](/dotnet/core/install/linux.md).
+1. Install [.NET Core 3.1](/dotnet/core/install/linux).
2. Install the Speech CLI using NuGet by entering this command: `dotnet tool install --global Microsoft.CognitiveServices.Speech.CLI --version 1.15.0`
@@ -37,7 +37,7 @@ If you output to a file, a text editor like Notepad or a web browser like Micros
Follow these steps to install the Speech CLI on Linux on an x64 CPU:
-1. Install [.NET Core 3.1](/dotnet/core/install/linux.md).
+1. Install [.NET Core 3.1](/dotnet/core/install/linux).
2. Install the Speech CLI using NuGet by entering this command: `dotnet tool install --global Microsoft.CognitiveServices.Speech.CLI --version 1.15.0`
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/speech-container-howto https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-container-howto.md
@@ -36,10 +36,10 @@ Speech containers enable customers to build a speech application architecture th
| Container | Features | Latest | |--|--|--|
-| Speech-to-text | Analyzes sentiment and transcribes continuous real-time speech or batch audio recordings with intermediate results. | 2.7.0 |
-| Custom Speech-to-text | Using a custom model from the [Custom Speech portal](https://speech.microsoft.com/customspeech), transcribes continuous real-time speech or batch audio recordings into text with intermediate results. | 2.7.0 |
-| Text-to-speech | Converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.9.0 |
-| Custom Text-to-speech | Using a custom model from the [Custom Voice portal](https://aka.ms/custom-voice-portal), converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.9.0 |
+| Speech-to-text | Analyzes sentiment and transcribes continuous real-time speech or batch audio recordings with intermediate results. | 2.9.0 |
+| Custom Speech-to-text | Using a custom model from the [Custom Speech portal](https://speech.microsoft.com/customspeech), transcribes continuous real-time speech or batch audio recordings into text with intermediate results. | 2.9.0 |
+| Text-to-speech | Converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.11.0 |
+| Custom Text-to-speech | Using a custom model from the [Custom Voice portal](https://aka.ms/custom-voice-portal), converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.11.0 |
| Speech Language Detection | Detect the language spoken in audio files. | 1.0 | | Neural Text-to-speech | Converts text to natural-sounding speech using deep neural network technology, allowing for more natural synthesized speech. | 1.3.0 |
@@ -313,6 +313,28 @@ This command:
> To install GStreamer in a container, > follow Linux instructions for GStreamer in [Use codec compressed audio input with the Speech SDK](how-to-use-codec-compressed-audio-input-streams.md).
+#### Diarization on the speech-to-text output
+Diarization is enabled by default. to get diarization in your response, use `diarize_speech_config.set_service_property`.
+
+1. Set the the phrase output format to `Detailed`.
+2. Set the mode of diarization. The supported modes are `Identity` and `Anonymous`.
+```python
+diarize_speech_config.set_service_property(
+ name='speechcontext-PhraseOutput.Format',
+ value='Detailed',
+ channel=speechsdk.ServicePropertyChannel.UriQueryParameter
+)
+
+diarize_speech_config.set_service_property(
+ name='speechcontext-phraseDetection.speakerDiarization.mode',
+ value='Identity',
+ channel=speechsdk.ServicePropertyChannel.UriQueryParameter
+)
+```
+> [!NOTE]
+> "Identity" mode returns `"SpeakerId": "Customer"` or `"SpeakerId": "Agent"`.
+> "Anonymous" mode returns `"SpeakerId": "Speaker 1"` or `"SpeakerId": "Speaker 2"`
+ #### Analyze sentiment on the speech-to-text output Starting in v2.6.0 of the speech-to-text container, you should use TextAnalytics 3.0 API endpoint instead of the preview one. For example
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/Speech-Service/speech-services-private-link https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-services-private-link.md
@@ -8,7 +8,7 @@
Previously updated : 12/15/2020 Last updated : 02/04/2021
@@ -265,8 +265,6 @@ If you plan to access the resource by using only a private endpoint, you can ski
westeurope.prod.vnet.cog.trafficmanager.net ```
-3. Confirm that the IP address matches the IP address of your private endpoint.
- > [!NOTE] > The resolved IP address points to a virtual network proxy endpoint, which dispatches the network traffic to the private endpoint for the Cognitive Services resource. The behavior will be different for a resource with a custom domain name but *without* private endpoints. See [this section](#dns-configuration) for details.
@@ -285,29 +283,33 @@ A Speech resource with a custom domain name and a private endpoint enabled uses
We'll use `my-private-link-speech.cognitiveservices.azure.com` as a sample Speech resource DNS name (custom domain) for this section.
-Speech Services has REST APIs for [Speech-to-Text](rest-speech-to-text.md) and [Text-to-Speech](rest-text-to-speech.md). Consider the following information for the private-endpoint-enabled scenario.
+Speech Services has REST APIs for [Speech-to-text](rest-speech-to-text.md) and [Text-to-speech](rest-text-to-speech.md). Consider the following information for the private-endpoint-enabled scenario.
-Speech-to-Text has two REST APIs. Each API serves a different purpose, uses different endpoints, and requires a different approach when you're using it in the private-endpoint-enabled scenario.
+Speech-to-text has two REST APIs. Each API serves a different purpose, uses different endpoints, and requires a different approach when you're using it in the private-endpoint-enabled scenario.
-The Speech-to-Text REST APIs are:
-- [Speech-to-Text REST API v3.0](rest-speech-to-text.md#speech-to-text-rest-api-v30), which is used for [Batch transcription](batch-transcription.md) and [Custom Speech](custom-speech-overview.md). v3.0 is a [successor of v2.0](./migrate-v2-to-v3.md)-- [Speech-to-Text REST API for short audio](rest-speech-to-text.md#speech-to-text-rest-api-for-short-audio), which is used for online transcription
+The Speech-to-text REST APIs are:
+- [Speech-to-text REST API v3.0](rest-speech-to-text.md#speech-to-text-rest-api-v30), which is used for [Batch transcription](batch-transcription.md) and [Custom Speech](custom-speech-overview.md). v3.0 is a [successor of v2.0](./migrate-v2-to-v3.md)
+- [Speech-to-text REST API for short audio](rest-speech-to-text.md#speech-to-text-rest-api-for-short-audio), which is used for online transcription
-Usage of the Speech-to-Text REST API for short audio and the text-to-speech REST API in the private endpoint scenario is the same. It's equivalent to the [Speech SDK case](#speech-resource-with-a-custom-domain-name-and-a-private-endpoint-usage-with-the-speech-sdk) described later in this article.
+Usage of the Speech-to-text REST API for short audio and the Text-to-speech REST API in the private endpoint scenario is the same. It's equivalent to the [Speech SDK case](#speech-resource-with-a-custom-domain-name-and-a-private-endpoint-usage-with-the-speech-sdk) described later in this article.
-Speech-to-Text REST API v3.0 uses a different set of endpoints, so it requires a different approach for the private-endpoint-enabled scenario.
+Speech-to-text REST API v3.0 uses a different set of endpoints, so it requires a different approach for the private-endpoint-enabled scenario.
The next subsections describe both cases.
-##### Speech-to-Text REST API v3.0
+##### Speech-to-text REST API v3.0
-Usually, Speech resources use [Cognitive Services regional endpoints](../cognitive-services-custom-subdomains.md#is-there-a-list-of-regional-endpoints) for communicating with the [Speech-to-Text REST API v3.0](rest-speech-to-text.md#speech-to-text-rest-api-v30). These resources have the following naming format: <p/>`{region}.api.cognitive.microsoft.com`.
+Usually, Speech resources use [Cognitive Services regional endpoints](../cognitive-services-custom-subdomains.md#is-there-a-list-of-regional-endpoints) for communicating with the [Speech-to-text REST API v3.0](rest-speech-to-text.md#speech-to-text-rest-api-v30). These resources have the following naming format: <p/>`{region}.api.cognitive.microsoft.com`.
This is a sample request URL: ```http https://westeurope.api.cognitive.microsoft.com/speechtotext/v3.0/transcriptions ```+
+> [!NOTE]
+> See [this article](sovereign-clouds.md) for Azure Government and Azure China endpoints.
+ After you enable a custom domain for a Speech resource (which is necessary for private endpoints), that resource will use the following DNS name pattern for the basic REST API endpoint: <p/>`{your custom name}.cognitiveservices.azure.com`. That means that in our example, the REST API endpoint name will be: <p/>`my-private-link-speech.cognitiveservices.azure.com`.
@@ -325,48 +327,41 @@ After you enable a custom domain name for a Speech resource, you typically repla
> > A custom domain for a Speech resource contains *no* information about the region where the resource is deployed. So the application logic described earlier will *not* work and needs to be altered.
-##### Speech-to-Text REST API for short audio and text-to-speech REST API
+##### Speech-to-text REST API for short audio and Text-to-speech REST API
-The [Speech-to-Text REST API for short audio](rest-speech-to-text.md#speech-to-text-rest-api-for-short-audio) and the [text-to-speech REST API](rest-text-to-speech.md) use two types of endpoints:
+The [Speech-to-text REST API for short audio](rest-speech-to-text.md#speech-to-text-rest-api-for-short-audio) and the [Text-to-speech REST API](rest-text-to-speech.md) use two types of endpoints:
- [Cognitive Services regional endpoints](../cognitive-services-custom-subdomains.md#is-there-a-list-of-regional-endpoints) for communicating with the Cognitive Services REST API to obtain an authorization token - Special endpoints for all other operations
-The detailed description of the special endpoints and how their URL should be transformed for a private-endpoint-enabled Speech resource is provided in [this subsection](#general-principles) about usage with the Speech SDK. The same principle described for the SDK applies for the Speech-to-Text REST API v1.0 and the text-to-speech REST API.
+> [!NOTE]
+> See [this article](sovereign-clouds.md) for Azure Government and Azure China endpoints.
+
+The detailed description of the special endpoints and how their URL should be transformed for a private-endpoint-enabled Speech resource is provided in [this subsection](#construct-endpoint-url) about usage with the Speech SDK. The same principle described for the SDK applies for the Speech-to-text REST API for short audio and the Text-to-speech REST API.
-Get familiar with the material in the subsection mentioned in the previous paragraph and see the following example. The example describes the text-to-speech REST API. Usage of the Speech-to-Text REST API for short audio is fully equivalent.
+Get familiar with the material in the subsection mentioned in the previous paragraph and see the following example. The example describes the Text-to-speech REST API. Usage of the Speech-to-text REST API for short audio is fully equivalent.
> [!NOTE]
-> When you're using the Speech-to-Text REST API for short audio in private endpoint scenarios, use an authorization token [passed through](rest-speech-to-text.md#request-headers) the `Authorization` [header](rest-speech-to-text.md#request-headers). Passing a speech subscription key to the special endpoint via the `Ocp-Apim-Subscription-Key` header will *not* work and will generate Error 401.
+> When you're using the Speech-to-text REST API for short audio and Text-to-speech REST API in private endpoint scenarios, use a subscription key passed through the `Ocp-Apim-Subscription-Key` header. (See details for [Speech-to-text REST API for short audio](rest-speech-to-text.md#request-headers) and [Text-to-speech REST API](rest-text-to-speech.md#request-headers))
+>
+> Using an authorization token and passing it to the special endpoint via the `Authorization` header will work *only* if you've enabled the **All networks** access option in the **Networking** section of your Speech resource. In other cases you will get either `Forbidden` or `BadRequest` error when trying to obtain an authorization token.
-**Text-to-Speech REST API usage example**
+**Text-to-speech REST API usage example**
We'll use West Europe as a sample Azure region and `my-private-link-speech.cognitiveservices.azure.com` as a sample Speech resource DNS name (custom domain). The custom domain name `my-private-link-speech.cognitiveservices.azure.com` in our example belongs to the Speech resource created in the West Europe region.
-To get the list of the voices supported in the region, do the following two operations:
--- Obtain an authorization token:
- ```http
- https://westeurope.api.cognitive.microsoft.com/sts/v1.0/issuetoken
- ```
-- By using the token, get the list of voices:
- ```http
- https://westeurope.tts.speech.microsoft.com/cognitiveservices/voices/list
- ```
-See more details on the preceding steps in the [text-to-speech REST API documentation](rest-text-to-speech.md).
+To get the list of the voices supported in the region, perform the following request:
-For the private-endpoint-enabled Speech resource, the endpoint URLs for the same operation sequence need to be modified. The same sequence will look like this:
+```http
+https://westeurope.tts.speech.microsoft.com/cognitiveservices/voices/list
+```
+See more details in the [Text-to-speech REST API documentation](rest-text-to-speech.md).
-- Obtain an authorization token:
- ```http
- https://my-private-link-speech.cognitiveservices.azure.com/v1.0/issuetoken
- ```
- See the detailed explanation in the earlier [Speech-to-Text REST API v3.0](#speech-to-text-rest-api-v30) subsection.
+For the private-endpoint-enabled Speech resource, the endpoint URL for the same operation needs to be modified. The same request will look like this:
-- By using the obtained token, get the list of voices:
- ```http
- https://my-private-link-speech.cognitiveservices.azure.com/tts/cognitiveservices/voices/list
- ```
- See a detailed explanation in the [General principles](#general-principles) subsection for the Speech SDK.
+```http
+https://my-private-link-speech.cognitiveservices.azure.com/tts/cognitiveservices/voices/list
+```
+See a detailed explanation in the [Construct endpoint URL](#construct-endpoint-url) subsection for the Speech SDK.
#### Speech resource with a custom domain name and a private endpoint: Usage with the Speech SDK
@@ -374,9 +369,9 @@ Using the Speech SDK with a custom domain name and private-endpoint-enabled Spee
We'll use `my-private-link-speech.cognitiveservices.azure.com` as a sample Speech resource DNS name (custom domain) for this section.
-##### General principles
+##### Construct endpoint URL
-Usually in SDK scenarios (as well as in the text-to-speech REST API scenarios), Speech resources use the dedicated regional endpoints for different service offerings. The DNS name format for these endpoints is:
+Usually in SDK scenarios (as well as in the Speech-to-text REST API for short audio and Text-to-speech REST API scenarios), Speech resources use the dedicated regional endpoints for different service offerings. The DNS name format for these endpoints is:
`{region}.{speech service offering}.speech.microsoft.com`
@@ -384,18 +379,18 @@ An example DNS name is:
`westeurope.stt.speech.microsoft.com`
-All possible values for the region (first element of the DNS name) are listed in [Speech service supported regions](regions.md). The following table presents the possible values for the Speech Services offering (second element of the DNS name):
+All possible values for the region (first element of the DNS name) are listed in [Speech service supported regions](regions.md). (See [this article](sovereign-clouds.md) for Azure Government and Azure China endpoints.) The following table presents the possible values for the Speech Services offering (second element of the DNS name):
| DNS name value | Speech service offering | |-|-| | `commands` | [Custom Commands](custom-commands.md) | | `convai` | [Conversation Transcription](conversation-transcription.md) | | `s2s` | [Speech Translation](speech-translation.md) |
-| `stt` | [Speech-to-Text](speech-to-text.md) |
-| `tts` | [Text-to-Speech](text-to-speech.md) |
+| `stt` | [Speech-to-text](speech-to-text.md) |
+| `tts` | [Text-to-speech](text-to-speech.md) |
| `voice` | [Custom Voice](how-to-custom-voice.md) |
-So the earlier example (`westeurope.stt.speech.microsoft.com`) stands for a Speech-to-Text endpoint in West Europe.
+So the earlier example (`westeurope.stt.speech.microsoft.com`) stands for a Speech-to-text endpoint in West Europe.
Private-endpoint-enabled endpoints communicate with Speech Services via a special proxy. Because of that, *you must change the endpoint connection URLs*.
@@ -456,7 +451,7 @@ Follow these steps to modify your code:
2. Create a `SpeechConfig` instance by using a full endpoint URL:
- 1. Modify the endpoint that you just determined, as described in the earlier [General principles](#general-principles) section.
+ 1. Modify the endpoint that you just determined, as described in the earlier [Construct endpoint URL](#construct-endpoint-url) section.
1. Modify how you create the instance of `SpeechConfig`. Most likely, your application is using something like this: ```csharp
@@ -528,77 +523,35 @@ Compare it with the output from [this section](#resolve-dns-from-other-networks)
#### Speech resource with a custom domain name and without private endpoints: Usage with the REST APIs
-##### Speech-to-Text REST API v3.0
+##### Speech-to-text REST API v3.0
-Speech-to-Text REST API v3.0 usage is fully equivalent to the case of [private-endpoint-enabled Speech resources](#speech-to-text-rest-api-v30).
+Speech-to-text REST API v3.0 usage is fully equivalent to the case of [private-endpoint-enabled Speech resources](#speech-to-text-rest-api-v30).
-##### Speech-to-Text REST API for short audio and text-to-speech REST API
+##### Speech-to-text REST API for short audio and Text-to-speech REST API
-In this case, usage of the Speech-to-Text REST API for short audio and usage of the text-to-speech REST API have no differences from the general case, with one exception for the Speech-to-Text REST API for short audio. (See the following note.) You should use both APIs as described in the [speech-to-text REST API for short audio](rest-speech-to-text.md#speech-to-text-rest-api-for-short-audio) and [text-to-speech REST API](rest-text-to-speech.md) documentation.
+In this case, usage of the Speech-to-text REST API for short audio and usage of the Text-to-speech REST API have no differences from the general case, with one exception. (See the following note.) You should use both APIs as described in the [speech-to-text REST API for short audio](rest-speech-to-text.md#speech-to-text-rest-api-for-short-audio) and [Text-to-speech REST API](rest-text-to-speech.md) documentation.
> [!NOTE]
-> When you're using the Speech-to-Text REST API for short audio in custom domain scenarios, use an authorization token [passed through](rest-speech-to-text.md#request-headers) an `Authorization` [header](rest-speech-to-text.md#request-headers). Passing a speech subscription key to the special endpoint via the `Ocp-Apim-Subscription-Key` header will *not* work and will generate Error 401.
+> When you're using the Speech-to-text REST API for short audio and Text-to-speech REST API in custom domain scenarios, use a subscription key passed through the `Ocp-Apim-Subscription-Key` header. (See details for [Speech-to-text REST API for short audio](rest-speech-to-text.md#request-headers) and [Text-to-speech REST API](rest-text-to-speech.md#request-headers))
+>
+> Using an authorization token and passing it to the special endpoint via the `Authorization` header will work *only* if you've enabled the **All networks** access option in the **Networking** section of your Speech resource. In other cases you will get either `Forbidden` or `BadRequest` error when trying to obtain an authorization token.
#### Speech resource with a custom domain name and without private endpoints: Usage with the Speech SDK
-Using the Speech SDK with custom-domain-enabled Speech resources *without* private endpoints requires the review of, and likely changes to, your application code. Note that these changes are different from the case of a [private-endpoint-enabled Speech resource](#speech-resource-with-a-custom-domain-name-and-a-private-endpoint-usage-with-the-speech-sdk). We're working on more seamless support of private endpoint and custom domain scenarios.
+Using the Speech SDK with custom-domain-enabled Speech resources *without* private endpoints is equivalent to the general case as described in the [Speech SDK documentation](speech-sdk.md).
-We'll use `my-private-link-speech.cognitiveservices.azure.com` as a sample Speech resource DNS name (custom domain) for this section.
+In case you have modified your code for using with a [private-endpoint-enabled Speech resource](#speech-resource-with-a-custom-domain-name-and-a-private-endpoint-usage-with-the-speech-sdk), consider the following.
In the section on [private-endpoint-enabled Speech resources](#speech-resource-with-a-custom-domain-name-and-a-private-endpoint-usage-with-the-speech-sdk), we explained how to determine the endpoint URL, modify it, and make it work through "from endpoint"/"with endpoint" initialization of the `SpeechConfig` class instance. However, if you try to run the same application after having all private endpoints removed (allowing some time for the corresponding DNS record reprovisioning), you'll get an internal service error (404). The reason is that the [DNS record](#dns-configuration) now points to the regional Cognitive Services endpoint instead of the virtual network proxy, and the URL paths like `/stt/speech/recognition/conversation/cognitiveservices/v1?language=en-US` won't be found there.
-If you roll back your application to the standard instantiation of `SpeechConfig` in the style of the following code, your application will terminate with the authentication error (401):
+You need to roll back your application to the standard instantiation of `SpeechConfig` in the style of the following code:
```csharp var config = SpeechConfig.FromSubscription(subscriptionKey, azureRegion); ```
-##### Modifying applications
-
-To let your application use a Speech resource with a custom domain name and without private endpoints, follow these steps:
-
-1. Request an authorization token from the Cognitive Services REST API. [This article](../authentication.md#authenticate-with-an-authentication-token) shows how to get the token.
-
- Use your custom domain name in the endpoint URL. In our example, this URL is:
- ```http
- https://my-private-link-speech.cognitiveservices.azure.com/sts/v1.0/issueToken
- ```
- > [!TIP]
- > You can find this URL in the Azure portal. On your Speech resource page, under the **Resource management** group, select **Keys and Endpoint**.
-
-1. Create a `SpeechConfig` instance by using the authorization token that you obtained in the previous section. Suppose we have the following variables defined:
-
- - `token`: the authorization token obtained in the previous section
- - `azureRegion`: the name of the Speech resource [region](regions.md) (example: `westeurope`)
- - `outError`: (only for the [Objective C](/objectivec/cognitive-services/speech/spxspeechconfiguration#initwithauthorizationtokenregionerror) case)
-
- Create a `SpeechConfig` instance like this:
-
- ```csharp
- var config = SpeechConfig.FromAuthorizationToken(token, azureRegion);
- ```
- ```cpp
- auto config = SpeechConfig::FromAuthorizationToken(token, azureRegion);
- ```
- ```java
- SpeechConfig config = SpeechConfig.fromAuthorizationToken(token, azureRegion);
- ```
- ```python
- import azure.cognitiveservices.speech as speechsdk
- speech_config = speechsdk.SpeechConfig(auth_token=token, region=azureRegion)
- ```
- ```objectivec
- SPXSpeechConfiguration *speechConfig = [[SPXSpeechConfiguration alloc] initWithAuthorizationToken:token region:azureRegion error:outError];
- ```
-> [!NOTE]
-> The caller needs to ensure that the authorization token is valid. Before the authorization token expires, the caller needs to refresh it by calling this setter with a new valid token. Because configuration values are copied when you're creating a new recognizer or synthesizer, the new token value will not apply to recognizers or synthesizers that have already been created.
->
-> For these, set the authorization token of the corresponding recognizer or synthesizer to refresh the token. If you don't refresh the token, the recognizer or synthesizer will encounter errors while operating.
-
-After this modification, your application should work with Speech resources that use a custom domain name without private endpoints.
- ## Pricing For pricing details, see [Azure Private Link pricing](https://azure.microsoft.com/pricing/details/private-link).
@@ -607,5 +560,5 @@ For pricing details, see [Azure Private Link pricing](https://azure.microsoft.co
* [Azure Private Link](../../private-link/private-link-overview.md) * [Speech SDK](speech-sdk.md)
-* [Speech-to-Text REST API](rest-speech-to-text.md)
-* [Text-to-Speech REST API](rest-text-to-speech.md)
+* [Speech-to-text REST API](rest-speech-to-text.md)
+* [Text-to-speech REST API](rest-text-to-speech.md)
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/containers/container-image-tags https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/containers/container-image-tags.md
@@ -47,13 +47,14 @@ This container image has the following tags available. You can also find a full
# [Latest version](#tab/current)
-Release notes for `3.2-preview.1`:
+Release notes for `3.2-preview.2`:
* New v3.2 container | Image Tags | Notes | |-|:| | `latest` | |
+| `3.2-preview.2` | |
| `3.2-preview.1` | | # [Previous versions](#tab/previous)
@@ -148,20 +149,29 @@ The [Custom Speech-to-text][sp-cstt] container image can be found on the `mcr.mi
# [Latest version](#tab/current)
-Release note for `2.7.0-amd64`:
+Release note for `2.9.0-amd64`:
-**Features**
-* Punctuation is set as enabled by default.
+**Feature**
+* More error details for issues when fetching custom models by ID.
+* Hypothesis is supported in conversation results by default.
Note that due to the included phrase lists, the size of this container image has increased.
-| Image Tags | Notes | Digest |
-|-|:|:|
-| `latest` | | `sha256:d1573c2543cb7afedb0122da0995f345767b02f9c5f181950acf1509ca65726` |
-| `2.7.0-amd64` | | `sha256:d1573c2543cb7afedb0122da0995f345767b02f9c5f181950acf1509ca65726` |
+| Image Tags | Notes | Digest |
+|-|:|:-|
+| `latest` | | `sha256:bb1707cadba7add464a86df46d7d340c699692fe8df8d2222816189f06447a1b`|
+| `2.9.0-amd64` | | `sha256:bb1707cadba7add464a86df46d7d340c699692fe8df8d2222816189f06447a1b`|
# [Previous version](#tab/previous)+
+Release note for `2.7.0-amd64`:
+
+**Features**
+* Punctuation is set as enabled by default.
+
+Note that due to the included phrase lists, the size of this container image has increased.
+ Release note for `2.6.0-amd64`: **Features**
@@ -194,6 +204,7 @@ Release note for `2.5.0-amd64`:
| Image Tags | Notes | |-|:--|
+| `2.7.0-amd64` | |
| `2.6.0-amd64` | | | `2.5.0-amd64` | 1st GA version |
@@ -206,17 +217,23 @@ The [Custom Text-to-speech][sp-ctts] container image can be found on the `mcr.mi
# [Latest version](#tab/current)
-Release note for `1.9.0-amd64`:
+Release note for `1.11.0-amd64`:
-Regular monthly release
+**Feature**
+* More error details for issues when fetching custom models by ID.
-| Image Tags | Notes | Digest |
-|-|:|:|
-| `latest` | | `sha256:e0397cf12d1367b13dd258f782bb513c93afcd5ee4b897794fe533205336355` |
-| `1.9.0-amd64` | | `sha256:e0397cf12d1367b13dd258f782bb513c93afcd5ee4b897794fe533205336355` |
+| Image Tags | Notes | Digest |
+|-|:|:-|
+| `latest` | | `sha256:a4a5758a368bc56590eb1c1552fa2bda54f27be9cb0f491468388b9f90cb9110` |
+| `1.11.0-amd64` | | `sha256:a4a5758a368bc56590eb1c1552fa2bda54f27be9cb0f491468388b9f90cb9110` |
# [Previous version](#tab/previous)+
+Release note for `1.9.0-amd64`:
+
+Regular monthly release
+ Release note for `1.8.0-amd64`: **Features**
@@ -229,6 +246,7 @@ Release note for `1.7.0-amd64`:
| Image Tags | Notes | |-|:--|
+| `1.9.0-amd64` | |
| `1.8.0-amd64` | | | `1.7.0-amd64` | 1st GA version |
@@ -242,6 +260,109 @@ Since Speech-to-text v2.5.0, images are supported in the *US Government Virginia
# [Latest version](#tab/current)
+Release note for `2.9.0-amd64-<locale>`:
+
+**Feature**
+* More error details for issues when fetching custom models by ID.
+* Hypothesis is supported in conversation results by default.
+
+Note that due to the included phrase lists, the size of this container image has increased.
+
+| Image Tags | Notes |
+|-|:--|
+| `latest` | Container image with the `en-US` locale. |
+| `2.9.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.9.0-amd64-en-us`. |
+
+This container has the following locales available.
+
+| Locale for v2.9.0 | Notes | Digest |
+|--|:--|:--|
+| `ar-ae` | Container image with the `ar-AE` locale. | `sha256:08885bedb2993daf0c918ecdc6ec775f7982ffa5ca561e80ab9b8a103cde8194` |
+| `ar-bh` | Container image with the `ar-BH` locale. | `sha256:41e7942e4026beaad93e50f199a6a2d855f77c74e60bc9636bf2bf2c7d3bd482` |
+| `ar-eg` | Container image with the `ar-EG` locale. | `sha256:d27f383435770aa01bb4117ba2d50a05ec172a1da35c4920ab43cd0fb74f44c2` |
+| `ar-iq` | Container image with the `ar-IQ` locale. | `sha256:ca2734a6bfc562c4c07981358051d281fb5e089815b9eac14c66a0e6f92e9858` |
+| `ar-jo` | Container image with the `ar-JO` locale. | `sha256:57429ee8e95a76ec953f1b1f94b39a20507626cd7fe5431df826912e5b959e41` |
+| `ar-kw` | Container image with the `ar-KW` locale. | `sha256:08885bedb2993daf0c918ecdc6ec775f7982ffa5ca561e80ab9b8a103cde8194` |
+| `ar-lb` | Container image with the `ar-LB` locale. | `sha256:4c5fb6fdc08343e8640222583373effae3d03907cf1262a4fad3303df9385797` |
+| `ar-om` | Container image with the `ar-OM` locale. | `sha256:5ffd280908e3ee65fcb7bea0b532844f9d8510044ab4c2c612dc3c235938ad0a` |
+| `ar-qa` | Container image with the `ar-QA` locale. | `sha256:08885bedb2993daf0c918ecdc6ec775f7982ffa5ca561e80ab9b8a103cde8194` |
+| `ar-sa` | Container image with the `ar-SA` locale. | `sha256:08885bedb2993daf0c918ecdc6ec775f7982ffa5ca561e80ab9b8a103cde8194` |
+| `ar-sy` | Container image with the `ar-SY` locale. | `sha256:00f3d1fd6ccb857ccef8a72322336e7a097d04027411f0dcc5499b44229fb470` |
+| `bg-bg` | Container image with the `bg-BG` locale. | `sha256:aa6ae12f786dcaa028e5867abba198effed875b6bc4cbafd4be37349e95dceef` |
+| `ca-es` | Container image with the `ca-ES` locale. | `sha256:515a940ccd76ef1926bab3ad259e1cc7ac2bd90bb3860d28f83d0f6324b3f0fe` |
+| `cs-cz` | Container image with the `cs-CZ` locale. | `sha256:03f6242d73de64c3eb3347400ea6e7408a8816bd96f3d6368ea2a8193accd457` |
+| `da-dk` | Container image with the `da-DK` locale. | `sha256:ed6714e804ff2d1bbd41512c78906ad9b8827dfdfed0076a271817e075c2ec40` |
+| `de-de` | Container image with the `de-DE` locale. | `sha256:386f2bb4c4b6ba797919ddcb5bbc9942bf8a03e774f9b01438f9bae0928414ef` |
+| `el-gr` | Container image with the `el-GR` locale. | `sha256:28696d10c78404fec033794e6e6ae0bfd92b0dab5cf7eb1d24cc2cdfbfcb646d` |
+| `en-au` | Container image with the `en-AU` locale. | `sha256:dd9ce70f83767a5bdc52fd62b96e09ce6f79ecc1903ed8e116753099b06b03cd` |
+| `en-ca` | Container image with the `en-CA` locale. | `sha256:70095cf952565256f3a0927358d0fd802d28fe1c3b89b26ead31ba1127cd0b06` |
+| `en-gb` | Container image with the `en-GB` locale. | `sha256:836bc38328636799ec9c8717618d51ab8b50ea2f0dc9663f342c4454938c9b23` |
+| `en-hk` | Container image with the `en-HK` locale. | `sha256:eda3702d95d4ae3b64ceb93bda42e8522776e141a18b2a3dde3bc3fcf0e9a2b8` |
+| `en-ie` | Container image with the `en-IE` locale. | `sha256:bfc2126fffb947bf10ac379efb70db3d2c7ee2c16dd541a5b86e03e73d7d477c` |
+| `en-in` | Container image with the `en-IN` locale. | `sha256:5660d02eabf4e1e9f58e7993ed7e5917b1990b41ed35a484a715d7265400cd0b` |
+| `en-nz` | Container image with the `en-NZ` locale. | `sha256:891c1805fd8011865de7371ffd4bde85d879341f2100e8053bbbc722d7c792bc` |
+| `en-ph` | Container image with the `en-PH` locale. | `sha256:21d6d46398f940a769241fdfffec5658356e54b4127b44efe5e061724f7a7681` |
+| `en-sg` | Container image with the `en-SG` locale. | `sha256:6f473b8ba56bad098c21a0c0496cb312dafcfb83dc1a2e1aff21011f6b39321d` |
+| `en-us` | Container image with the `en-US` locale. | `sha256:20aa22d24e35f7d92ceac96d2cbab8ce46ee0ed7bb601f18fa867f1bd0bcf5ab` |
+| `en-za` | Container image with the `en-ZA` locale. | `sha256:5e5ad2b016a1ceac500813e0a68ff4108ddf5a4ca98cb0aed4930b6d1e8920dd` |
+| `es-ar` | Container image with the `es-AR` locale. | `sha256:b372d9e32e7b518bb9949d8db459bd4e300304e53aed1342aba65a054d4a4c25` |
+| `es-bo` | Container image with the `es-BO` locale. | `sha256:d3538f3834c554ebebbdfe75e261a06f104dfa27143353601c3a6a3d41025129` |
+| `es-cl` | Container image with the `es-CL` locale. | `sha256:0bb100ef5313b182a59c08949e4baf1086bde2c1a6bca3324c4e052f465f7632` |
+| `es-co` | Container image with the `es-CO` locale. | `sha256:cdab27080ef3ded55dcf89cf85bc2ae16de1372f84a42d836ff5f20612b68a61` |
+| `es-cr` | Container image with the `es-CR` locale. | `sha256:e4ea51ffa38f347adc7c0642d50237cfa045683f52b5e3e726e4c28688231d35` |
+| `es-cu` | Container image with the `es-CU` locale. | `sha256:f81c0b7f774d64e673a1311d00604f5e4837fdba4d8fb4a2ab0c8bb8b7fde87d` |
+| `es-do` | Container image with the `es-DO` locale. | `sha256:78035c54e649e34cd8276a402f9c9845e13bc40503da6c2f631698a16a049c67` |
+| `es-ec` | Container image with the `es-EC` locale. | `sha256:e4e4d9c123e452f8ae89bf6cc1292a406f7b482668e36b48ef2fbb29f14c4360` |
+| `es-es` | Container image with the `es-ES` locale. | `sha256:10a4ddd279633cc8696b00be77f6e9309494a560244a325982522aaa805806e7` |
+| `es-gt` | Container image with the `es-GT` locale. | `sha256:a603a8f9c1778808df5d14e3fa1c7e993ef9cca3e0b515a4d4586c2c3a1d14b6` |
+| `es-hn` | Container image with the `es-HN` locale. | `sha256:4f539f8019c489623868bf02f3c61ed4b66d3a85e89250a9b484717a91e9489e` |
+| `es-mx` | Container image with the `es-MX` locale. | `sha256:20fc3806f08ad4e6fd5fb1f71318f1f5b591e2085ee4cbba2f25ea06135e5f6a` |
+| `es-ni` | Container image with the `es-NI` locale. | `sha256:d65520a4f628f6a416171ac58341579fdffba97ddd2941a910bda385d31c735d` |
+| `es-pa` | Container image with the `es-PA` locale. | `sha256:d38ea88613f5db6d6d9f879ef92a204c524bb27766848b825d1e6ce2a9b13cf7` |
+| `es-pe` | Container image with the `es-PE` locale. | `sha256:02205d1ecc29feed3ac8442dbdc1855c419749d9dcbd98028a5d1619166f0328` |
+| `es-pr` | Container image with the `es-PR` locale. | `sha256:c9c3e1ac800120a14f472c8be62730a489e00f29df29fe770a56429ea1c09ef5` |
+| `es-py` | Container image with the `es-PY` locale. | `sha256:859c24c40e65bc19a866218466eb7678f71205bedfcb6ee3180b6cb721194b9a` |
+| `es-sv` | Container image with the `es-SV` locale. | `sha256:036f13d34005f5d6634387c9d13c3535724795b0d6cad832fc46363609fc2f11` |
+| `es-us` | Container image with the `es-US` locale. | `sha256:b8eb300d0a11dc397d0bab02e1f6b26de6091595fd052ebb607f196c28d16f1c` |
+| `es-uy` | Container image with the `es-UY` locale. | `sha256:0ffba124ecd79777ca08055689a1d853916ccd8c8f2806d0001edf5eb4aa42fa` |
+| `es-ve` | Container image with the `es-VE` locale. | `sha256:4d7caf48264eaf18bb2d07b0258d6f64b7c26815fdbdf812718dd8e88f1a6d1e` |
+| `et-ee` | Container image with the `et-EE` locale. | `sha256:310abdc1a8490990a99ce061f04c9d49cafb7a452fbfdc2790de6f60e1505c6c` |
+| `fi-fi` | Container image with the `fi-FI` locale. | `sha256:8f209d30b2d148224b296c2d2c204b5970fbe7aaf5eb3289cf8b6644bfd78373` |
+| `fr-ca` | Container image with the `fr-CA` locale. | `sha256:11b718d4b86d606b198e47deaa25f6ce164cfc53267048e3d2dbe1bc8500cc5a` |
+| `fr-fr` | Container image with the `fr-FR` locale. | `sha256:7a4264a0e9560e6aa3fdee80c3e3f55a0e26cddce8ebbeb7a9c87693ab451a25` |
+| `ga-ie` | Container image with the `ga-IE` locale. | `sha256:bbc764ac08b2ef10ac58a8f9534d4d375109fdf16ab75c8cdbf2d57aa692d3e2` |
+| `gu-in` | Container image with the `gu-IN` locale. | `sha256:2d0a83b7bcf1cfc50cf013c95442519e5236a146b7968e75e129b3a5c33ad3a1` |
+| `hi-in` | Container image with the `hi-IN` locale. | `sha256:f0ee8f259035ac5dd9ef38807495d0f8d989ddbb8eacf83893f1fea22265e6b4` |
+| `hr-hr` | Container image with the `hr-HR` locale. | `sha256:6101ecac9f5f35c1ea1b8cd8e52fdbbc1be2582e4f3e385c16509fd95a002217` |
+| `hu-hu` | Container image with the `hu-HU` locale. | `sha256:9e94c4d6fff73058ce4eef609b8404430a429c6961648655c915cb2fac10656f` |
+| `it-it` | Container image with the `it-IT` locale. | `sha256:44986ad44bb53eaf350e0865e62ea5ba7f37d1f5b52e388f61f56fd7afe8ff32` |
+| `ja-jp` | Container image with the `ja-JP` locale. | `sha256:6b7aaa828d1b2d2fce1831e540e08ba60307088b90ca32e96fd002a67aff926b` |
+| `ko-kr` | Container image with the `ko-KR` locale. | `sha256:1abeda544a7579daac7f8b8f8d34a2cc63b4bd3631e474315d424973ae024ab0` |
+| `lt-lt` | Container image with the `lt-LT` locale. | `sha256:455da50a7db591df7be69d7cd361a77734b9249101d8cf86b807f0350b5167ef` |
+| `lv-lv` | Container image with the `lv-LV` locale. | `sha256:676e17b6223e35d1897b46536e6f523e1d18b78f834b62ec00bb126ad3a2e71a` |
+| `mr-in` | Container image with the `mr-IN` locale. | `sha256:dbfb97e52dc4b4c71dec1a9e622714f004b1e59d7900260e09a85bf15912fccd` |
+| `mt-mt` | Container image with the `mt-MT` locale. | `sha256:19f7f644ae3a0639fdcc53acc065d0e534b74c07f8c095418d4d4d444c566bf1` |
+| `nb-no` | Container image with the `nb-NO` locale. | `sha256:d3a13ab6fa2eb5d5ca0e3281b1092452650e9ede8749f6edcab990e3bbb8d198` |
+| `nl-nl` | Container image with the `nl-NL` locale. | `sha256:7ad5e61f9a72c600bdc79e4c04ac63c239951ac4c0d44e02fe0607a6aff356cc` |
+| `pl-pl` | Container image with the `pl-PL` locale. | `sha256:fe6a4812534d704b145b84fd8857fb3d9052f67fcbbd5d490c5902082e295195` |
+| `pt-br` | Container image with the `pt-BR` locale. | `sha256:adcd34941d4ace7db01bd476d61c9bbafe071419932b4cfae5231cf202af3a14` |
+| `pt-pt` | Container image with the `pt-PT` locale. | `sha256:0534a7e4b391f1ee666b248a274879c081496ed4939b0ad33154d8a96fd67f94` |
+| `ro-ro` | Container image with the `ro-RO` locale. | `sha256:091ea4a31652ff9dbc6259636f6c12b0ceb79a269e2cf3cdec677a1914b6a64e` |
+| `ru-ru` | Container image with the `ru-RU` locale. | `sha256:5eef3ae8afb445e60bb913edd6eed1415abb0bfbc439978f69f4cba7b61c8e6e` |
+| `sk-sk` | Container image with the `sk-SK` locale. | `sha256:98709e9349d889b57933317005af42770e47ce8178a7d9c737d9fbdd81148478` |
+| `sl-si` | Container image with the `sl-SI` locale. | `sha256:3a9139334c4780dc6f6a9b0f15fba5292e16ecf1f5d45fe49a9c8ef3b0e110b3` |
+| `sv-se` | Container image with the `sv-SE` locale. | `sha256:b29b2a65d83c20d65ba4e4fbca66f9fc07e536e161f90448c2bb360eb8de1e55` |
+| `ta-in` | Container image with the `ta-IN` locale. | `sha256:4302e1d979b24a23595ee2b1fd074a57ee36166ce9ac400a3deb397341ae52b2` |
+| `te-in` | Container image with the `te-IN` locale. | `sha256:69be11a63199d9a6f63ac346e689051ba9cd5214894b110da2879aaa0f4a8e88` |
+| `th-th` | Container image with the `th-TH` locale. | `sha256:2e4167dacdcb2c9d91930356ebae311b6b33ceb3e85f908422e880edbd42da64` |
+| `tr-tr` | Container image with the `tr-TR` locale. | `sha256:d46289ee9ba71c9c1dbbefa5da439e71310af74633c9d6d6d448d2ebee60da02` |
+| `zh-cn` | Container image with the `zh-CN` locale. | `sha256:49eeee500e07ffd3056ba8aab314d6c8458399a8c0d6d44ce1d9aebf50ddca06` |
+| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:5a3251ad6df9565d44dd422de4fa0d83a9b50c8a80ec15213403482940d2b2fc` |
+| `zh-tw` | Container image with the `zh-TW` locale. | `sha256:2c45dd90b0c19d7f12b1be44d3e85fe2603cea2389c2877b79d6de351839cf6a` |
++
+# [Previous version](#tab/previous)
+ Release note for `2.7.0-amd64-<locale>`: **Features**
@@ -265,15 +386,46 @@ Release note for `2.7.0-amd64-<locale>`:
Note that due to the included phrase lists, the size of this container image has increased.
-| Image Tags | Notes |
-|-|:--|
-| `latest` | Container image with the `en-US` locale. |
-| `2.7.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.7.0-amd64-en-us`. |
+Release note for `2.6.0-amd64-<locale>`:
+
+**Features**
+* Upgraded to latest models and fully migrated to .NET 3.1
+* Support for phraselist v2
+* Phrase lists are supported in the following locales:
+ * en-au
+ * en-ca
+ * en-gb
+ * en-in
+ * en-us
+ * zh-cn
+* Support for new locale `cs-CZ`
+ * Capitalization and punctuation are currently not supported.
+
+**Fixes**
+* Fixes an issue where confidence scores were always 1 in Diarization mode
+* Migrated use the TextAnalytics 3.0 API
+
+Note that due to the included phrase lists, the size of this container image has increased.
+
+Release note for `2.5.0-amd64-<locale>`:
+
+**Features**
+* Support for Azure US Government Cloud
+
+**Fixes**
+* Fixes an issue with running as a non-root user in Diarization mode
+
+| Image Tags | Notes |
+|--|:--|
+| `2.7.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.7.0-amd64-en-us`. |
+| `2.6.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.6.0-amd64-en-us`. |
+| `2.5.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.5.0-amd64-en-us`. |
+ This container has the following locales available.
-| Locale for v2.7.0 | Notes | Digest |
-|--|:--|:|
+| Locale for v2.7.0 | Notes | Digest |
+|--|:--|:-|
| `ar-ae` | Container image with the `ar-AE` locale. | `sha256:c8e99e71e6740cf671f3bf79de8b7dd890122cb674eedd2440e71e7cbc4c66b` | | `ar-bh` | Container image with the `ar-BH` locale. | `sha256:5a2c140661f50d0c95587121ec1ab8895289f4dda5b3ad14074413e869e6bd4` | | `ar-eg` | Container image with the `ar-EG` locale. | `sha256:783bb8321fcfb7890b0c99935099f7e84c85a698c2fe0031c661e265358d79c` |
@@ -357,46 +509,6 @@ This container has the following locales available.
| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:7a2903462b67336a6ce4c8e2faac42052f0a4392d1d5eb3839758cc8d0429f1` | | `zh-tw` | Container image with the `zh-TW` locale. | `sha256:30fd2b3660e047d24a46fbba14ba282f15bc0339ec93f49afd0d02ff4069146` | -
-# [Previous version](#tab/previous)
-
-Release note for `2.6.0-amd64-<locale>`:
-
-**Features**
-* Upgraded to latest models and fully migrated to .NET 3.1
-* Support for phraselist v2
-* Phrase lists are supported in the following locales:
- * en-au
- * en-ca
- * en-gb
- * en-in
- * en-us
- * zh-cn
-* Support for new locale `cs-CZ`
- * Capitalization and punctuation are currently not supported.
-
-**Fixes**
-* Fixes an issue where confidence scores were always 1 in Diarization mode
-* Migrated use the TextAnalytics 3.0 API
-
-Note that due to the included phrase lists, the size of this container image has increased.
-
-Release note for `2.5.0-amd64-<locale>`:
-
-**Features**
-* Support for Azure US Government Cloud
-
-**Fixes**
-* Fixes an issue with running as a non-root user in Diarization mode
-
-| Image Tags | Notes |
-|--|:--|
-| `2.6.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.6.0-amd64-en-us`. |
-| `2.5.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.5.0-amd64-en-us`. |
--
-This container has the following locales available.
- | Locale for v2.6.0 | Notes | |--|:--| | `ar-ae` | Container image with the `ar-AE` locale. |
@@ -493,15 +605,124 @@ This container image has the following tags available. You can also find a full
# [Latest version](#tab/current)
+Release note for `1.11.0-amd64-<locale-and-voice>`:
+
+**Feature**
+* More error details for issues when fetching custom models by ID.
+
+| Image Tags | Notes |
+||:--|
+| `latest` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. |
+| `1.11.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.11.0-amd64-en-us-ariarus`. |
+
+| Locales for v1.11.0 | Notes | Digest |
+||:|:-|
+| `ar-eg-hoda` | Container image with the `ar-EG` locale and `ar-EG-Hoda` voice. | `sha256:7ba558f444ea482eca87b3e850e9b416c71391282b26a590d1ee3d9a81350188` |
+| `ar-sa-naayf` | Container image with the `ar-SA` locale and `ar-SA-Naayf` voice. | `sha256:7f0afcc205340dea7ffd959812dcba6a11448f6c5c1ab55c1422a360bd876137` |
+| `bg-bg-ivan` | Container image with the `bg-BG` locale and `bg-BG-Ivan` voice. | `sha256:fde80af0e2e8e49b49ddec5f1502a246cf308328738d6f572f0043e625673782` |
+| `ca-es-herenarus` | Container image with the `ca-ES` locale and `ca-ES-HerenaRUS` voice. | `sha256:fb2b50b128aa84ad0cd05db2462337d316ff2d2d78f393c5a9dece588a80654e` |
+| `cs-cz-jakub` | Container image with the `cs-CZ` locale and `cs-CZ-Jakub` voice. | `sha256:9dde22e5e2164bee77aaf9fe4e8fc141d9dfbe3c92c4b07da969d34aa14f7fd0` |
+| `da-dk-hellerus` | Container image with the `da-DK` locale and `da-DK-HelleRUS` voice. | `sha256:4a756cd10ad21dcc2b1c7006ec961f7e267f6d2204d9ad4efd6d4730d67a4ccc` |
+| `de-at-michael` | Container image with the `de-AT` locale and `de-AT-Michael` voice. | `sha256:9d531c162c4279830f99ef0d44a506a023a0137723aab3adff7a663043a1c576` |
+| `de-ch-karsten` | Container image with the `de-CH` locale and `de-CH-Karsten` voice. | `sha256:353d07168b4a44fcc12a0239f5bf20e2d29365b9abe26b9b844fb6194e7c9bcc` |
+| `de-de-heddarus` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:d76ff817fc154ba0f5ce1abb93c5a0269fe5bf7b4feb3b3fe9fe8ffe6fd4fee4` |
+| `de-de-hedda` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:d76ff817fc154ba0f5ce1abb93c5a0269fe5bf7b4feb3b3fe9fe8ffe6fd4fee4` |
+| `de-de-stefan-apollo` | Container image with the `de-DE` locale and `de-DE-Stefan-Apollo` voice. | `sha256:8e22964dc4b77c05f602f72b0e706a534a89a271c4d17b5117af122c34df9a18` |
+| `el-gr-stefanos` | Container image with the `el-GR` locale and `el-GR-Stefanos` voice. | `sha256:fcd6288d5fd4ddfe3d3e65e860895f6f7a7e81216c7113f71e7b1b01eb501150` |
+| `en-au-catherine` | Container image with the `en-AU` locale and `en-AU-Catherine` voice. | `sha256:e49a5ec17b696a3a73d10383d369a2ff88ccddb812898a2eedefe6e6a009ce5a` |
+| `en-au-hayleyrus` | Container image with the `en-AU` locale and `en-AU-HayleyRUS` voice. | `sha256:b7fb06bd992982c7e2e71da217898da45b742aab08e901bfcef9c43acf546bc0` |
+| `en-ca-heatherrus` | Container image with the `en-CA` locale and `en-CA-HeatherRUS` voice. | `sha256:efd7d85845ca597937b8cbea7724cf31797855e0de5f30d66984ab9bac688152` |
+| `en-ca-linda` | Container image with the `en-CA` locale and `en-CA-Linda` voice. | `sha256:8211077d55b440dbb26e42db6322b35ef6ec88e8c2ec6647831e0046668ed8a4` |
+| `en-gb-george-apollo` | Container image with the `en-GB` locale and `en-GB-George-Apollo` voice. | `sha256:f6e924720b71d8f9a1edd4f5f2280e9054263eb79ce5364e03c9b802ad92f2dd` |
+| `en-gb-hazelrus` | Container image with the `en-GB` locale and `en-GB-HazelRUS` voice. | `sha256:de702f70c53e4c1647e5fdd3432d37dc8972e069fcc103a1fc2b0be70f0d6d71` |
+| `en-gb-susan-apollo` | Container image with the `en-GB` locale and `en-GB-Susan-Apollo` voice. | `sha256:5077cb575ffeb64e3d70184a68259438821891f6c9865350d2f887ea43ee99c1` |
+| `en-ie-sean` | Container image with the `en-IE` locale and `en-IE-Sean` voice. | `sha256:c6f734cc12f04697a4d9b2003c46c5a4efd8c68da90838debb5628d9f8e70104` |
+| `en-in-heera-apollo` | Container image with the `en-IN` locale and `en-IN-Heera-Apollo` voice. | `sha256:f5a78e857bc1563cbcd74f7b856bc2e4bd981675b397aeccfa134137f1cd3392` |
+| `en-in-priyarus` | Container image with the `en-IN` locale and `en-IN-PriyaRUS` voice. | `sha256:667729cafd6bf5afe071a0a2989f836943e3bb6d3d1ebe35b7fab9bb311bfebc` |
+| `en-in-ravi-apollo` | Container image with the `en-IN` locale and `en-IN-Ravi-Apollo` voice. | `sha256:e46533f972235f297dd31fd338638f5117e3f04fa4a434d678d1cecc76db023b` |
+| `en-us-aria24krus` | Container image with the `en-US` locale and `en-US-Aria24kRUS` voice. | `sha256:a8f881b60021468dbd96d9733606bd00f7f889ccb523d1773492a8301128e596` |
+| `en-us-ariarus` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. | `sha256:a8f881b60021468dbd96d9733606bd00f7f889ccb523d1773492a8301128e596` |
+| `en-us-benjaminrus` | Container image with the `en-US` locale and `en-US-BenjaminRUS` voice. | `sha256:53ee105977b6440f1a7fe5088255a9c6e437c39b7c66e5cd4aba984a1667b25c` |
+| `en-us-guy24krus` | Container image with the `en-US` locale and `en-US-Guy24kRUS` voice. | `sha256:537d2018f414b825aa9995d2e15e0bdb0119e45f2c6fc10d326e3df6f49ef713` |
+| `en-us-zirarus` | Container image with the `en-US` locale and `en-US-ZiraRUS` voice. | `sha256:05da3347d457ca040cbe9b3e3d586d298a844f906b34ef7b6d768c247274ff1f` |
+| `es-es-helenarus` | Container image with the `es-ES` locale and `es-ES-HelenaRUS` voice. | `sha256:481cc43ba896a0d3291903af84120fa618130e2a2c8dce9b0ef23172b66858a8` |
+| `es-es-laura-apollo` | Container image with the `es-ES` locale and `es-ES-Laura-Apollo` voice. | `sha256:8cb9d071a1e01dc3e63d5f1b1c040aa6fee94488a5bbd60f2c91704abfd921cc` |
+| `es-es-pablo-apollo` | Container image with the `es-ES` locale and `es-ES-Pablo-Apollo` voice. | `sha256:da293ff5c49435c020044614962382040f41b6339ec83677301921a6dabbafb7` |
+| `es-mx-hildarus` | Container image with the `es-MX` locale and `es-MX-HildaRUS` voice. | `sha256:9677d5bbbbe0c73df93948d4ecf3f367830ef9e7cfb3b42557cf94ec514b6c68` |
+| `es-mx-raul-apollo` | Container image with the `es-MX` locale and `es-MX-Raul-Apollo` voice. | `sha256:a5109a6a659aa321892d4c6844e102ac72990fc2d58f32e45a072b291849fee8` |
+| `fi-fi-heidirus` | Container image with the `fi-FI` locale and `fi-FI-HeidiRUS` voice. | `sha256:f8f1aa8168660ee1c21dfa4a92530bcba6f1aeb765cee9087a6cc29d7c332a8a` |
+| `fr-ca-caroline` | Container image with the `fr-CA` locale and `fr-CA-Caroline` voice. | `sha256:450f0f75f26299a89a80efc3ce93b42d6447a32022aaf4f88edc935e56100191` |
+| `fr-ca-harmonierus` | Container image with the `fr-CA` locale and `fr-CA-HarmonieRUS` voice. | `sha256:7b18adf90e6db8f8e2c5955f38aa0adfbdbd10a9a95e2cf13035b9c5416000e8` |
+| `fr-ch-guillaume` | Container image with the `fr-CH` locale and `fr-CH-Guillaume` voice. | `sha256:ec3c238d0bfc3d26f20349ade1c4e19805b796f4bb3d5bf1fe4a9801b1ea1471` |
+| `fr-fr-hortenserus` | Container image with the `fr-FR` locale and `fr-FR-HortenseRUS` voice. | `sha256:7b13613a9c5260e03ed831c79e5538633b4201867068ca0e1624b2c39fa8cf39` |
+| `fr-fr-julie-apollo` | Container image with the `fr-FR` locale and `fr-FR-Julie-Apollo` voice. | `sha256:162c777447e3077438865332ac34df956be43c0429ce9962bcf5df9b210dbf01` |
+| `fr-fr-paul-apollo` | Container image with the `fr-FR` locale and `fr-FR-Paul-Apollo` voice. | `sha256:8cdf28dc31d40a69eb6720fd42b8c19792f973c4e58760abbb6573c6129c81c1` |
+| `he-il-asaf` | Container image with the `he-IL` locale and `he-IL-Asaf` voice. | `sha256:3f9ec9201deca21f5e3e561d6dd673ee6fb2a7f13b4cae2985ffb69622994b99` |
+| `hi-in-hemant` | Container image with the `hi-IN` locale and `hi-IN-Hemant` voice. | `sha256:c6de645816587116384ada93c02257f257a13a4b696e1bd8aeecebb9a9668f15` |
+| `hi-in-kalpana-apollo` | Container image with the `hi-IN` locale and `hi-IN-Kalpana-Apollo` voice. | `sha256:455ab4c9bc7c2457e2e48265065789a54513e07a1dc9e4bc108651f118f1570d` |
+| `hi-in-kalpana` | Container image with the `hi-IN` locale and `hi-IN-Kalpana` voice. | `sha256:455ab4c9bc7c2457e2e48265065789a54513e07a1dc9e4bc108651f118f1570d` |
+| `hr-hr-matej` | Container image with the `hr-HR` locale and `hr-HR-Matej` voice. | `sha256:6ac24252194f91cd815736bd8be03fb95e0b965fabed5de4c631e99cd917da97` |
+| `hu-hu-szabolcs` | Container image with the `hu-HU` locale and `hu-HU-Szabolcs` voice. | `sha256:bf20ea91d922beb682e321a31cabb11ebec474f47edcf4e3787882e2a204b3b5` |
+| `id-id-andika` | Container image with the `id-ID` locale and `id-ID-Andika` voice. | `sha256:859bef31e5d882b508154ec00632e5e1e95bc8ea2dde6198f157703d759746c7` |
+| `it-it-cosimo-apollo` | Container image with the `it-IT` locale and `it-IT-Cosimo-Apollo` voice. | `sha256:b6c81ab4bd0aba217977b0bd83a8a65f7c09b5954cda0870dea15aec0dbbe1ed` |
+| `it-it-luciarus` | Container image with the `it-IT` locale and `it-IT-LuciaRUS` voice. | `sha256:e216a1390a0d4d9f111c56c1d655f36614947eea18d6ec91a9f6d050048b1ad4` |
+| `ja-jp-ayumi-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ayumi-Apollo` voice. | `sha256:ba2042523ea1fff9d2c8b805ac36075169c3aecce0c965d09e326c06eab5a36f` |
+| `ja-jp-harukarus` | Container image with the `ja-JP` locale and `ja-JP-HarukaRUS` voice. | `sha256:fdbc8f59fc1c4b52c11d248ee9a5d7fe4e58343f036e558fbb33282e24d5b71f` |
+| `ja-jp-ichiro-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ichiro-Apollo` voice. | `sha256:08ea0ed61ac152dc5caea2d4cacc81175c272cb4a835eecaa7f8e7c5485740b7` |
+| `ko-kr-heamirus` | Container image with the `ko-KR` locale and `ko-KR-HeamiRUS` voice. | `sha256:40ff95e5fb92278e369b4f37d7dbb109431ecb115b1b9516aa887e6bb4fd030b` |
+| `ms-my-rizwan` | Container image with the `ms-MY` locale and `ms-MY-Rizwan` voice. | `sha256:70cfe68a81ee860136cfaed35909f522c28c20ef5514c2d9d96c283892f8b7f5` |
+| `nb-no-huldarus` | Container image with the `nb-NO` locale and `nb-NO-HuldaRUS` voice. | `sha256:9941cda0e65884900532e6a0ba68e475f373277105594bf09e67225450192d3c` |
+| `nl-nl-hannarus` | Container image with the `nl-NL` locale and `nl-NL-HannaRUS` voice. | `sha256:c71d980dfc70575421d1589c74e8b3e7cc036551412d0ad0f89dbc543252a405` |
+| `pl-pl-paulinarus` | Container image with the `pl-PL` locale and `pl-PL-PaulinaRUS` voice. | `sha256:e5fbd98a70eb1dcf80c446b48b8f17e47ac12853bb255f0aed174c78196de257` |
+| `pt-br-daniel-apollo` | Container image with the `pt-BR` locale and `pt-BR-Daniel-Apollo` voice. | `sha256:9f57f9847f2372fa341cf037410ac68ada1c3075ab9b77cffbcf01d199f7c1f5` |
+| `pt-br-heloisarus` | Container image with the `pt-BR` locale and `pt-BR-HeloisaRUS` voice. | `sha256:ef546532c582392e6ed47df55c0fbfa6dca6d3e523547089263b57354a4efb1a` |
+| `pt-pt-heliarus` | Container image with the `pt-PT` locale and `pt-PT-HeliaRUS` voice. | `sha256:116aefb76ddf39bed379c023c8260d2607314ad1b31ddef83ec2818ad9805a0b` |
+| `ro-ro-andrei` | Container image with the `ro-RO` locale and `ro-RO-Andrei` voice. | `sha256:6968fdefdd798adab48faeb40857c8cdca55712dbf4806703e11ccdfab874051` |
+| `ru-ru-ekaterinarus` | Container image with the `ru-RU` locale and `ru-RU-EkaterinaRUS` voice. | `sha256:48add20e3c147fb4be26c948841a12736c8b10d053aa7d25984df8e4016e939f` |
+| `ru-ru-irina-apollo` | Container image with the `ru-RU` locale and `ru-RU-Irina-Apollo` voice. | `sha256:ce5c055aedb3f9323f41a9de8d8f3dd23fb2ad0621d499f914f5cb3856e995f3` |
+| `ru-ru-pavel-apollo` | Container image with the `ru-RU` locale and `ru-RU-Pavel-Apollo` voice. | `sha256:badc02f9ccdee13ab7dbd4e178bd5c57d332cc3acd2d4a9a3f889d317e0517be` |
+| `sk-sk-filip` | Container image with the `sk-SK` locale and `sk-SK-Filip` voice. | `sha256:763d4fe74b6f04a976482880eed76175854f659bb5bfcb315dce8ef69acead2e` |
+| `sl-si-lado` | Container image with the `sl-SI` locale and `sl-SI-Lado` voice. | `sha256:73374363f9b69e03b8b9de34b319d7797876a3dae40bdce0830a67cf4bb4d4f2` |
+| `sv-se-hedvigrus` | Container image with the `sv-SE` locale and `sv-SE-HedvigRUS` voice. | `sha256:317d6b5d69f56c9087cd1e8004e60a48841b997937dcdccc97e7c0b2e2ffb631` |
+| `ta-in-valluvar` | Container image with the `ta-IN` locale and `ta-IN-Valluvar` voice. | `sha256:d1aaad1d5f32a910e245e6c117178c0703d39035e4053fe2dd2bb646fc02f7b8` |
+| `te-in-chitra` | Container image with the `te-IN` locale and `te-IN-Chitra` voice. | `sha256:0224ac3b2de11c4f6ef65ce0bdcd1b9c4112ea472b3bd5626fdff47a5185f54c` |
+| `th-th-pattara` | Container image with the `th-TH` locale and `th-TH-Pattara` voice. | `sha256:16c7384bfe210f30e09eae3542a58ff9bdbfa9253fdf4d380a53b37809f82c7d` |
+| `tr-tr-sedarus` | Container image with the `tr-TR` locale and `tr-TR-SedaRUS` voice. | `sha256:5c7786c00a66346438ee4065e3eaa03ef9f8323ba839068344492b8a3b6d997a` |
+| `vi-vn-an` | Container image with the `vi-VN` locale and `vi-VN-An` voice. | `sha256:6925744597c45eed8761a9597f3525f435dd420b67ff775a73211fdef9cd9cb2` |
+| `zh-cn-huihuirus` | Container image with the `zh-CN` locale and `zh-CN-HuihuiRUS` voice. | `sha256:b38a3f465062853b171d2bce6c6d8afa14d223e24bfd5ea0827e34c26a09a2c8` |
+| `zh-cn-kangkang-apollo` | Container image with the `zh-CN` locale and `zh-CN-Kangkang-Apollo` voice. | `sha256:fa9555e2f520340457d5cebe469af40516237fb9398a5f90046565655b2862f8` |
+| `zh-cn-yaoyao-apollo` | Container image with the `zh-CN` locale and `zh-CN-Yaoyao-Apollo` voice. | `sha256:d7eeca43e45d09a1c22611f865fb1f8b42673688a11a2acffd37a4e08a7fd8c4` |
+| `zh-hk-danny-apollo` | Container image with the `zh-HK` locale and `zh-HK-Danny-Apollo` voice. | `sha256:ee7257c0179fbe015324b4d29f16fe93964e5f1901906240477fb1d820a500f2` |
+| `zh-hk-tracy-apollo` | Container image with the `zh-HK` locale and `zh-HK-Tracy-Apollo` voice. | `sha256:dfa4effbf7d0ec6c9130c142241b3e247e226e13dc218fd44f986ca1c7fff2ed` |
+| `zh-hk-tracyrus` | Container image with the `zh-HK` locale and `zh-HK-TracyRUS` voice. | `sha256:dfa4effbf7d0ec6c9130c142241b3e247e226e13dc218fd44f986ca1c7fff2ed` |
+| `zh-tw-hanhanrus` | Container image with the `zh-TW` locale and `zh-TW-HanHanRUS` voice. | `sha256:263153fd6e05970e04af9a9bd95fb13591f0138ac030a632a6a78d95936afa4b` |
+| `zh-tw-yating-apollo` | Container image with the `zh-TW` locale and `zh-TW-Yating-Apollo` voice. | `sha256:b8289bb550b9328d83d6a7ec93bdf9524087222f537a55db0b2eb5402c2bf663` |
+| `zh-tw-zhiwei-apollo` | Container image with the `zh-TW` locale and `zh-TW-Zhiwei-Apollo` voice. | `sha256:af4bc0ef2211f69a92541bb14596341375e1003aef541aefcea7843192046b4c` |
++
+# [Previous version](#tab/previous)
+ Release note for `1.9.0-amd64-<locale-and-voice>`: * Regular monthly release
+Release note for `1.8.0-amd64-<locale-and-voice>`:
+
+**Feature**
+
+* Fully migrated to .NET 3.1
+
+Release note for `1.7.0-amd64-<locale-and-voice>`:
+
+**Feature**
+
+* Upgraded components to .NET 3.1
+ | Image Tags | Notes | ||:--|
-| `latest` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. |
| `1.9.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.9.0-amd64-en-us-ariarus`. |-
+| `1.8.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.8.0-amd64-en-us-ariarus`. |
+| `1.7.0-amd64-<locale-and-voice>` | 1st GA version. Replace `<locale>` with one of the available locales, listed below. For example `1.7.0-amd64-en-us-ariarus`. |
| Locales for v1.9.0 | Notes | Digest | ||:|:-|
@@ -587,27 +808,6 @@ Release note for `1.9.0-amd64-<locale-and-voice>`:
| `zh-tw-yating-apollo` | Container image with the `zh-TW` locale and `zh-TW-Yating-Apollo` voice. | `sha256:33eec6e3aaaedafaf3969746eeaf97a1760e763505decfe2abaa03f5054bfd2` | | `zh-tw-zhiwei-apollo` | Container image with the `zh-TW` locale and `zh-TW-Zhiwei-Apollo` voice. | `sha256:456db2898b2e5a9c30b7071ce6ea3f141438cbf1aa4899c7ffccfc2f0dde5bd` | -
-# [Previous version](#tab/previous)
-
-Release note for `1.8.0-amd64-<locale-and-voice>`:
-
-**Feature**
-
-* Fully migrated to .NET 3.1
-
-Release note for `1.7.0-amd64-<locale-and-voice>`:
-
-**Feature**
-
-* Upgraded components to .NET 3.1
-
-| Image Tags | Notes |
-||:--|
-| `1.8.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.8.0-amd64-en-us-ariarus`. |
-| `1.7.0-amd64-<locale-and-voice>` | 1st GA version. Replace `<locale>` with one of the available locales, listed below. For example `1.7.0-amd64-en-us-ariarus`. |
-- | Locales for v1.8.0 | Notes | ||:| | `ar-eg-hoda` | Container image with the `ar-EG` locale and `ar-EG-Hoda` voice. |
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/form-recognizer/form-recognizer-container-howto https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/form-recognizer/form-recognizer-container-howto.md
@@ -7,12 +7,12 @@
Previously updated : 07/14/2020 Last updated : 02/04/2021
-# Install and run Form Recognizer containers (Preview)
+# Install and run Form Recognizer containers (Retiring)
[!INCLUDE [Form Recognizer containers limit](includes/container-limit.md)]
@@ -79,38 +79,10 @@ The minimum and recommended CPU cores and memory to allocate for each Form Recog
> [!Note] > The minimum and recommended values are based on Docker limits and *not* the host machine resources.
-## Get the container images with the docker pull command
-
-Container images for both the **Form Recognizer** and **Recognize Text** offerings are available in the following container registry:
-
-| Container | Fully qualified image name |
-|--||
-| Form Recognizer | `containerpreview.azurecr.io/microsoft/cognitive-services-form-recognizer:latest` |
-| Recognize Text | `containerpreview.azurecr.io/microsoft/cognitive-services-recognize-text:latest` |
-
-You will need both containers, please note that the **Recognizer Text** container is [detailed outside of this article.](../Computer-vision/computer-vision-how-to-install-containers.md#get-the-container-image-with-docker-pull)
+You will need both the Form Recognizer and Recognize Text containers, please note that the **Recognize Text** container is [detailed outside of this article.](../Computer-vision/computer-vision-how-to-install-containers.md#get-the-container-image-with-docker-pull)
[!INCLUDE [Tip for using docker list](../../../includes/cognitive-services-containers-docker-list-tip.md)]
-### Docker pull for the Form Recognizer container
-
-#### Form Recognizer
-
-To get the Form Recognizer container, use the following command:
-
-```Docker
-docker pull containerpreview.azurecr.io/microsoft/cognitive-services-form-recognizer:latest
-```
-### Docker pull for the Recognize Text container
-
-#### Recognize Text
-
-To get the Recognize Text container, use the following command:
-
-```Docker
-docker pull containerpreview.azurecr.io/microsoft/cognitive-services-recognize-text:latest
-```
- ## How to use the container After the container is on the [host computer](#the-host-computer), use the following process to work with the container.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/form-recognizer/includes/container-limit https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/form-recognizer/includes/container-limit.md
@@ -3,10 +3,10 @@
Previously updated : 07/14/2020 Last updated : 02/04/2021
-> [!IMPORTANT]
-> * The limit for Form Recognizer container users has been reached. We are not currently accepting new applications for the Form Recognizer container.
-> * The Form Recognizer containers currently use version 1.0 of the Form Recognizer API. You can access the latest version of the API by using the managed service instead.
+> [!CAUTION]
+> * The Form Recognizer v1.0 container is being retired. This article is for reference only.
+> * You can access the latest version of the API with the REST API and SDK.
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Cognitive Services description: Lists Azure Policy built-in policy definitions for Azure Cognitive Services. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/security-controls-policy.md
@@ -0,0 +1,27 @@
+
+ Title: Azure Policy Regulatory Compliance controls for Azure Cognitive Services
+description: Lists Azure Policy Regulatory Compliance controls available for Azure Cognitive Services. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources.
Last updated : 01/27/2021++++++
+# Azure Policy Regulatory Compliance controls for Azure Cognitive Services
+
+[Regulatory Compliance in Azure Policy](../governance/policy/concepts/regulatory-compliance.md)
+provides Microsoft created and managed initiative definitions, known as _built-ins_, for the
+**compliance domains** and **security controls** related to different compliance standards. This
+page lists the **compliance domains** and **security controls** for Azure Cognitive Services. You can
+assign the built-ins for a **security control** individually to help make your Azure resources
+compliant with the specific standard.
+++
+## Next steps
+
+- Learn more about [Azure Policy Regulatory Compliance](../governance/policy/concepts/regulatory-compliance.md).
+- See the built-ins on the [Azure Policy GitHub repo](https://github.com/Azure/azure-policy).
confidential-computing https://docs.microsoft.com/en-us/azure/confidential-computing/how-to-fortanix-confidential-computing-manager https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/confidential-computing/how-to-fortanix-confidential-computing-manager.md
@@ -0,0 +1,120 @@
+
+ Title: Fortanix Confidential Computing Manager in an Azure managed application
+description: Learn how to deploy Fortanix Confidential Computing Manager (CCM) in a managed application in the Azure portal.
+++++ Last updated : 02/03/2021+++
+# Fortanix Confidential Computing Manager in an Azure managed application
+
+This article shows you how to deploy an application that's managed by Fortanix Confidential Computing Manager in the Azure portal.
+
+Fortanix is a third-party software vendor with products and services built on top of Azure infrastructure. There are other third-party providers offering similar confidential computing services on Azure.
+
+> [!NOTE]
+>The products referenced in this document are not under the control of Microsoft. Microsoft is providing this information to you only as a convenience, and the reference to these non-Microsoft products do not imply endorsement by Microsoft.
+
+## Prerequisites
+
+- A private Docker registry to push converted application images.
+- If you don't have an Azure subscription, [create an account](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go/) before you begin.
+
+## Deploy a Confidential Computing Manager through an Azure managed application
+
+1. Go to the [Azure portal](https://portal.azure.com/).
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/azure-portal.png" alt-text="Azure portal.":::
+
+2. In the Search Bar, search "Fortanix Confidential Computing Manager" and you will find the Marketplace listing for Fortanix CCM. Select **Fortanix Confidential Computing Manager on Azure**.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/search-marketplace-listing.png" alt-text="Marketplace listing.":::
+
+3. The page on which you create the CCM-managed application opens. select **Create**.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/create-managed-application.png" alt-text="Create Application.":::
+
+4. Fill in all the required fields.
+ 1. In the Managed Application Details section, the **Managed Resource Group** field will have a default value that the user can modify if they need to.
+ 2. In the **Region** field, select either **Australia East**, **Australia Southeast**, **East US**, **West US 2**, **West Europe**, **North Europe**, **Canada Central**, **Canada East**, or **East US 2 EUAP**.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/required-fields.png" alt-text="Required Fields":::
+
+ Select **Review + create** to create the Fortanix CCM-managed application.
+
+5. Review the details and once the validation passes, select the **I agree to the terms and conditions above** check box, and then select **Create** to create the managed application.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/review-details.png" alt-text="Review Details.":::
+
+6. The Fortanix CCM deployment will start and notifies that the deployment is in progress.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/deployment-progress.png" alt-text="Deployment Progress.":::
+
+7. When the deployment is complete, select **Go to resource** button to go to the deployed CCM-managed application's "Overview" page to enroll the compute node.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/fortanix-resource.png" alt-text="Screenshot that shows a successful deployment in the Azure portal.]":::
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/fortanix-overview.png" alt-text="Screenshot that shows an overview of the confidential computing resource in the Azure portal.":::
+
+## Enroll the compute node in Fortanix CCM
+
+1. Select **Confidential Computing Manager** from the left navigation menu. Log in to Fortanix CCM and create an account as you see in **Figure 9**.
+
+ For more details on how to sign up, log in and create an account in CCM refer to [CCM Getting Started](https://support.fortanix.com/hc/en-us/articles/360034373551-User-s-Guide-Logging-in).
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/fortanix-login.png" alt-text="Screenshot that shows the Fortanix Confidential Computing Manager login.":::
+
+2. To get the Join Token from the CCM Management Console, first select the **ENROLL NODE** button. Then, in the ENROLL NODE window, select the **COPY** button to copy the join token.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/get-join-token.png" alt-text="Screenshot that shows getting the join token.":::
+
+3. Now to enroll a node agent, select the **Confidential Computing Node Agent** tab and select **Add** to add a CCM node agent.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/add-node-agent.png" alt-text="Screenshot that shows adding the node agent.":::
+
+4. In the CCM node agent form, fill all the required fields. Paste the join token that you copied in Step 2 in **Join Token**. Select **Review + submit** to confirm.
+
+ For more information on how to enroll a CCM compute node, see [Enroll Compute Node](https://support.fortanix.com/hc/en-us/articles/360043085652-User-s-Guide-Compute-Nodes).
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/enroll-compute-node.png" alt-text="Screenshot that shows enrolling the compute node.":::
+
+5. After the validation passes, select **Submit** to complete the node agent creation.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/node-agent-created.png" alt-text="Screenshot that shows the node agent is created.":::
+
+6. To check the deployment status, go to the **Overview** tab, and select **Managed resource group** link.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/node-enrolled.png" alt-text="Screenshot that shows the node is enrolled.":::
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/managed-resource-group.png" alt-text="Screenshot that shows checking the deployment status.":::
+
+7. Now you will notice that the deployment status is still in progress and will take a few minutes for the node agent to be successfully enrolled.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/deployment-in-progress.png" alt-text="Screenshot that shows the deployment in progress.":::
+
+8. When the node agent enrollment is successful, the status changes to "Succeeded".
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/deployment-succeeded.png" alt-text="Screenshot that shows the deployment succeeded.":::
+
+9. Now in the CCM-managed application, go to the Compute Nodes pages and you will notice that the node is in an **Active** state and enrolled successfully.
+
+ :::image type="content" source="media/how-to-fortanix-confidential-computing-manager/node-active-state.png" alt-text="Screenshot that shows the node successfully enrolled.":::
+
+## Clean up resources
+
+The user also can delete a CCM node agent from the Confidential Computing Node Agent page. To delete the node agent, select the node agent and select the **Delete** button on the top bar.
++
+## Next steps
+
+In this quickstart, you enrolled a node using an Azure managed app to Fortanix's Confidential Computing Manager. The node enrollment allows you to convert your application image to run on top of a confidential computing virtual machine. For more information about confidential computing virtual machines on Azure, see [Solutions on Virtual Machines](virtual-machine-solutions.md).
+
+To learn more about Azure's confidential computing offerings, see [Azure confidential computing](overview.md).
+
+Learn how to complete similar tasks using other third-party offerings on Azure, like [Anjuna](https://azuremarketplace.microsoft.com/marketplace/apps/anjuna-5229812.aee-az-v1) and [Scone](https://sconedocs.github.io).
+
connectors https://docs.microsoft.com/en-us/azure/connectors/connectors-run-3270-apps-ibm-mainframe-create-api-3270 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/connectors-run-3270-apps-ibm-mainframe-create-api-3270.md
@@ -7,26 +7,13 @@
Previously updated : 03/06/2019 Last updated : 02/03/2021 tags: connectors # Integrate 3270 screen-driven apps on IBM mainframes with Azure by using Azure Logic Apps and IBM 3270 connector
-> [!NOTE]
-> This connector is in
-> [*public preview*](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
-With Azure Logic Apps and the IBM 3270 connector, you can
-access and run IBM mainframe apps that you usually drive by
-navigating through 3270 emulator screens. That way, you can
-integrate your IBM mainframe apps with Azure, Microsoft,
-and other apps, services, and systems by creating automated
-workflows with Azure Logic Apps. The connector communicates
-with IBM mainframes by using the TN3270 protocol and is
-available in all Azure Logic Apps regions except for Azure
-Government and Azure China 21Vianet. If you're new to logic apps, review
-[What is Azure Logic Apps?](../logic-apps/logic-apps-overview.md)
+With Azure Logic Apps and the IBM 3270 connector, you can access and run IBM mainframe apps that you usually drive by navigating through 3270 emulator screens. That way, you can integrate your IBM mainframe apps with Azure, Microsoft, and other apps, services, and systems by creating automated workflows with Azure Logic Apps. The connector communicates with IBM mainframes by using the TN3270 protocol and is available in all Azure Logic Apps regions except for Azure Government and Azure China 21Vianet. If you're new to logic apps, review [What is Azure Logic Apps?](../logic-apps/logic-apps-overview.md)
This article describes these aspects for using the 3270 connector:
@@ -84,8 +71,7 @@ that Azure Logic Apps supports.
running your logic app. An ISE provides access from your logic app to resources that are protected inside Azure virtual networks.
-* The logic app to use for automating and running
-your 3270 screen-driven app
+* The logic app to use for automating and running your 3270 screen-driven app
The IBM 3270 connector doesn't have triggers, so use another trigger to start your logic app,
@@ -95,7 +81,7 @@ your 3270 screen-driven app
If you use an ISE, select that ISE as your logic app's location. * [Download and install the 3270 Design Tool](https://aka.ms/3270-design-tool-download).
-The only prerequisite is [Microsoft .NET Framework 4.6.1](https://aka.ms/net-framework-download).
+The only prerequisite is [Microsoft .NET Framework 4.8](https://aka.ms/net-framework-download).
This tool helps you record the screens, navigation paths, methods, and parameters for the tasks in your app that you
@@ -143,18 +129,16 @@ to navigate through your mainframe app's screens for the specific task.
* **Methods**: In this mode, you define the method, for example, `GetBalance`, that describes the screen navigation path. You also
-choose the fields on each screen that become the method's input
+select the fields on each screen that become the method's input
and output parameters. ### Unsupported elements The design tool doesn't support these elements:
-* Partial IBM Basic Mapping Support (BMS) maps: If you import
-a BMS map, the design tool ignores partial screen definitions.
-* In/Out parameters: You can't define In/Out parameters.
-* Menu processing: Not supported during preview
-* Array processing: Not supported during preview
+* Partial IBM Basic Mapping Support (BMS) maps: If you import a BMS map, the design tool ignores partial screen definitions.
+
+* Menu processing
<a name="capture-screens"></a>
@@ -171,14 +155,12 @@ connecting to the host. Each connector action must map to
a single task that starts with connecting to your session and ends with disconnecting from your session.
-1. If you haven't already, open the 3270 Design Tool. On the
-toolbar, choose **Capture** so that you enter Capture mode.
-
-1. To start recording, press the F5 key, or from
-the **Recording** menu, select **Start Recording**.
+1. If you haven't already, open the 3270 Design Tool. On the toolbar, select **Capture** so that you enter Capture mode.
1. From the **Session** menu, select **Connect**.
+1. To start recording, from the **Recording** menu, select **Start Recording**. (Keyboard: Ctrl + E)
+ 1. In the **Capture** pane, starting from the first screen in your app, step through your app for the specific task that you're recording.
@@ -187,8 +169,7 @@ for the specific task that you're recording.
1. From the **Session** menu, select **Disconnect**.
-1. To stop recording, press the Shift + F5 keys,
-or from the **Recording** menu, select **Stop Recording**.
+1. To stop recording, from the **Recording** menu, select **Stop Recording**. (Keyboard: Ctrl + Shift + E)
After you capture the screens for a task, the designer tool shows thumbnails that represent those screens. Some notes
@@ -304,11 +285,9 @@ in your plan. Here are some examples of repeated screens:
### Create plans
-1. On the 3270 Design Tool's toolbar, choose
-**Navigation** so that you enter Navigation mode.
+1. On the 3270 Design Tool's toolbar, select **Navigation** so that you enter Navigation mode.
-1. To start your plan, in the **Navigation** pane,
-choose **New Plan**.
+1. To start your plan, in the **Navigation** pane, select **New Plan**.
1. Under **Choose New Plan Name**, enter a name for your plan. From the **Type** list, select the plan type:
@@ -330,7 +309,7 @@ to the navigation plan surface in the **Navigation** pane.
describes the task that you're defining. 1. To define the flow path between screens, including forks
-and joins, on the design tool's toolbar, choose **Flow**.
+and joins, on the design tool's toolbar, select **Flow**.
1. Choose the first screen in the flow. Drag and draw a connection to the next screen in the flow.
@@ -424,7 +403,7 @@ the metadata file, or Host Integration Designer XML (HIDX) file, which now
has the method definitions to use for creating and running an action for the IBM 3270 connector.
-1. On the 3270 Design Tool's toolbar, choose
+1. On the 3270 Design Tool's toolbar, select
**Methods** so that you enter Methods mode. 1. In the **Navigation** pane, select the
@@ -434,7 +413,7 @@ screen that has the input fields you want.
follow these steps: 1. In the **Capture** pane, on the 3270 emulator screen,
- choose the whole field, not just text inside the field,
+ select the whole field, not just text inside the field,
that you want as the first input. > [!TIP]
@@ -442,7 +421,7 @@ follow these steps:
> that you select the complete field, > on the **View** menu, select **All Fields**.
- 1. On the design tool's toolbar, choose **Input Field**.
+ 1. On the design tool's toolbar, select **Input Field**.
To add more input parameters, repeat the previous steps for each parameter.
@@ -451,7 +430,7 @@ follow these steps:
follow these steps: 1. In the **Capture** pane, on the 3270 emulator screen,
- choose the whole field, not just text inside the field,
+ select the whole field, not just text inside the field,
that you want as the first output. > [!TIP]
@@ -459,7 +438,7 @@ follow these steps:
> that you select the complete field, > on the **View** menu, select **All Fields**.
- 1. On the design tool's toolbar, choose **Output Field**.
+ 1. On the design tool's toolbar, select **Output Field**.
To add more output parameters, repeat the previous steps for each parameter.
@@ -498,21 +477,16 @@ get an error, try one of these solutions:
## Test your method
-1. To run your method against the live host,
-while still in Methods mode, press the F5 key,
-or from the design tool's toolbar, choose **Run**.
+1. To run your method against the live host, while still in Methods mode, press the F5 key, or from the design tool's toolbar, select **Test**.
> [!TIP]
- > You can change modes at any time.
- > On the **File** menu, select **Mode**,
- > and then select the mode you want.
+ > You can change modes at any time. On the **File** menu, select **Mode**, and then select the mode you want.
-1. Enter your parameters' values, and choose **OK**.
+1. Enter your parameters' values, and select **OK**.
-1. To continue to the next screen, choose **Next**.
+1. To continue to the next screen, select **Next**.
-1. When you're finished, choose **Done**,
-which shows your output parameter values.
+1. When you're finished, select **Done**, which shows your output parameter values.
<a name="add-metadata-integration-account"></a>
@@ -523,7 +497,7 @@ can upload to your integration account. The 3270
Design Tool creates the HIDX file in a new subfolder where you saved your RAP file.
-1. On the 3270 Design Tool's toolbar, choose **Generate Code**.
+1. In the 3270 Design Tool, from the **Tools** menu, select **Generate Definitions**. (Keyboard: F6)
1. Go to the folder that contains your RAP file, and open the subfolder that the tool created after generating your HIDX file.
@@ -559,24 +533,16 @@ integrating with other apps, services, and systems.
1. Sign in to the [Azure portal](https://portal.azure.com), and open your logic app in Logic App Designer, if not open already.
-1. Under the last step where you want to add an action,
-choose **New step**, and select **Add an action**.
+1. Under the last step where you want to add an action, select **New step** **>** **Add an action**.
-1. Under the search box, choose **Enterprise**.
-In the search box, enter "3270" as your filter.
-From the actions list, select this action:
+1. Under the search box, select **Enterprise**. In the search box, enter `3270` as your filter. From the actions list, select the action named
**Runs a mainframe program over a TN3270 connection** ![Select 3270 action](./media/connectors-create-api-3270/select-3270-action.png)
- To add an action between steps,
- move your pointer over the arrow between steps.
- Choose the plus sign (**+**) that appears,
- and then select **Add an action**.
+ To add an action between steps, move your pointer over the arrow between steps. Select the plus sign (**+**) that appears, and then select **Add an action**.
-1. If no connection exists yet, provide the
-necessary information for your connection,
-and choose **Create**.
+1. If no connection exists yet, provide the necessary information for your connection, and select **Create**.
| Property | Required | Value | Description | |-|-|-|-|
@@ -625,7 +591,7 @@ and choose **Create**.
1. To review the inputs and outputs for each step, expand that step.
-1. To review the outputs, choose **See raw outputs**.
+1. To review the outputs, select **See raw outputs**.
## Connector reference
container-registry https://docs.microsoft.com/en-us/azure/container-registry/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Container Registry description: Lists Azure Policy built-in policy definitions for Azure Container Registry. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
container-registry https://docs.microsoft.com/en-us/azure/container-registry/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Container Registry description: Lists Azure Policy Regulatory Compliance controls available for Azure Container Registry. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/cassandra-support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra-support.md
@@ -38,7 +38,7 @@ The following versions of Cassandra drivers are supported by Azure Cosmos DB Cas
Azure Cosmos DB Cassandra API supports the following CQL data types:
-|Command |Supported |
+|Type |Supported |
||| | ascii | Yes | | bigint | Yes |
@@ -77,13 +77,14 @@ Azure Cosmos DB Cassandra API supports the following CQL functions:
|Command |Supported | ||| | Token * | Yes |
-| ttl | Yes |
-| writetime | Yes |
+| ttl *** | Yes |
+| writetime *** | Yes |
| cast ** | Yes | > [!NOTE] > \* Cassandra API supports token as a projection/selector, and only allows token(pk) on the left-hand side of a where clause. For example, `WHERE token(pk) > 1024` is supported, but `WHERE token(pk) > token(100)` is **not** supported.
-> \*\* The `cast()` function is not nestable in Cassandra API. For example, `SELECT cast(count as double) FROM myTable` is supported, but `SELECT avg(cast(count as double)) FROM myTable` is **not** supported.
+> \*\* The `cast()` function is not nestable in Cassandra API. For example, `SELECT cast(count as double) FROM myTable` is supported, but `SELECT avg(cast(count as double)) FROM myTable` is **not** supported.
+> \*\*\* Custom timestamps and TTL specified with the `USING` option are applied at a row level (and not per cell).
@@ -154,7 +155,6 @@ Azure Cosmos DB supports the following database commands on Cassandra API accoun
| CREATE ROLE | No | | CREATE USER (Deprecated in native Apache Cassandra) | No | | DELETE | Yes |
-| DELETE (lightweight transactions with IF CONDITION)| Yes |
| DISTINCT | No | | DROP AGGREGATE | No | | DROP FUNCTION | No |
@@ -168,18 +168,26 @@ Azure Cosmos DB supports the following database commands on Cassandra API accoun
| DROP USER (Deprecated in native Apache Cassandra) | No | | GRANT | No | | INSERT | Yes |
-| INSERT (lightweight transactions with IF CONDITION)| Yes |
| LIST PERMISSIONS | No | | LIST ROLES | No | | LIST USERS (Deprecated in native Apache Cassandra) | No | | REVOKE | No | | SELECT | Yes |
-| SELECT (lightweight transactions with IF CONDITION)| No |
| UPDATE | Yes |
-| UPDATE (lightweight transactions with IF CONDITION)| No |
| TRUNCATE | No | | USE | Yes |
+## Lightweight Transactions (LWT)
+
+| Component |Supported |
+|||
+| DELETE IF EXISTS | Yes |
+| DELETE conditions | No |
+| INSERT IF NOT EXISTS | Yes |
+| UPDATE IF EXISTS | Yes |
+| UPDATE IF NOT EXISTS | Yes |
+| UPDATE conditions | No |
+ ## CQL Shell commands Azure Cosmos DB supports the following database commands on Cassandra API accounts.
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/graph-partitioning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/graph-partitioning.md
@@ -14,7 +14,9 @@
One of the key features of the Gremlin API in Azure Cosmos DB is the ability to handle large-scale graphs through horizontal scaling. The containers can scale independently in terms of storage and throughput. You can create containers in Azure Cosmos DB that can be automatically scaled to store a graph data. The data is automatically balanced based on the specified **partition key**.
-**Partitioning is required** if the container is expected to store more than 20 GB in size or if you want to allocate more than 10,000 request units per second (RUs). The same general principles from the [Azure Cosmos DB partitioning mechanism](partitioning-overview.md) apply with a few graph-specific optimizations described below.
+Partitioning is done internally if the container is expected to store more than 20 GB in size or if you want to allocate more than 10,000 request units per second (RUs). Data is automatically partitioned based on the partition key you specify. Partition key is required if you create graph containers from the Azure portal or the 3.x or higher versions of Gremlin drivers. Partition key is not required if you use 2.x or lower versions of Gremlin drivers.
+
+The same general principles from the [Azure Cosmos DB partitioning mechanism](partitioning-overview.md) apply with a few graph-specific optimizations described below.
:::image type="content" source="./media/graph-partitioning/graph-partitioning.png" alt-text="Graph partitioning." border="false":::
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/introduction.md
@@ -42,7 +42,7 @@ Build fast with open source APIs, multiple SDKs, schemaless data and no-ETL anal
- Build apps on Core (SQL) API using the languages of your choice with SDKs for .NET, Java, Node.js and Python. Or your choice of drivers for any of the other database APIs. - Run no-ETL analytics over the near-real time operational data stored in Azure Cosmos DB with Azure Synapse Analytics. - Change feed makes it easy to track and manage changes to database containers and create triggered events with Azure Functions.-- Azure Cosmos DBΓÇÖs schema-less service automatically indexes all your data, regardless of the data model, to delivery blazing fast queries.
+- Azure Cosmos DBΓÇÖs schema-less service automatically indexes all your data, regardless of the data model, to deliver blazing fast queries.
### Mission-critical ready
@@ -77,4 +77,4 @@ Get started with Azure Cosmos DB with one of our quickstarts:
- [Get started with Azure Cosmos DB Table API](create-table-dotnet.md) > [!div class="nextstepaction"]
-> [Try Azure Cosmos DB for free](https://azure.microsoft.com/try/cosmosdb/)
+> [Try Azure Cosmos DB for free](https://azure.microsoft.com/try/cosmosdb/)
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Cosmos DB description: Lists Azure Policy built-in policy definitions for Azure Cosmos DB. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Cosmos DB description: Lists Azure Policy Regulatory Compliance controls available for Azure Cosmos DB. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
cosmos-db https://docs.microsoft.com/en-us/azure/cosmos-db/stored-procedures-triggers-udfs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/stored-procedures-triggers-udfs.md
@@ -68,7 +68,7 @@ Stored procedures and triggers are always executed on the primary replica of an
## Bounded execution
-All Azure Cosmos DB operations must complete within the specified timeout duration. This constraint applies to JavaScript functions - stored procedures, triggers, and user-defined functions. If an operation does not complete within that time limit, the transaction is rolled back.
+All Azure Cosmos DB operations must complete within the specified timeout duration. Stored procedures have a timeout limit of 5 seconds. This constraint applies to JavaScript functions - stored procedures, triggers, and user-defined functions. If an operation does not complete within that time limit, the transaction is rolled back.
You can either ensure that your JavaScript functions finish within the time limit or implement a continuation-based model to batch/resume execution. In order to simplify development of stored procedures and triggers to handle time limits, all functions under the Azure Cosmos container (for example, create, read, update, and delete of items) return a boolean value that represents whether that operation will complete. If this value is false, it is an indication that the procedure must wrap up execution because the script is consuming more time or provisioned throughput than the configured value. Operations queued prior to the first unaccepted store operation are guaranteed to complete if the stored procedure completes in time and does not queue any more requests. Thus, operations should be queued one at a time by using JavaScript's callback convention to manage the script's control flow. Because scripts are executed in a server-side environment, they are strictly governed. Scripts that repeatedly violate execution boundaries may be marked inactive and can't be executed, and they should be recreated to honor the execution boundaries.
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/prepare-buy-reservation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/reservations/prepare-buy-reservation.md
@@ -62,7 +62,7 @@ Resources that run in a subscription with other offer types don't receive the re
You can purchase reservations from Azure portal, APIs, PowerShell, CLI. Read the following articles that apply to you when you're ready to make a reservation purchase: -- [App Service](prepay-app-service-isolated-stamp.md)
+- [App Service](prepay-app-service.md)
- [Azure Cache for Redis](../../azure-cache-for-redis/cache-reserved-pricing.md) - [Cosmos DB](../../cosmos-db/cosmos-db-reserved-capacity.md) - [Databricks](prepay-databricks-reserved-capacity.md)
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/prepay-app-service-isolated-stamp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/reservations/prepay-app-service-isolated-stamp.md
@@ -1,75 +0,0 @@
- Title: Save for Azure App Service with reserved capacity
-description: Learn how you can save costs for Azure App Service Isolated Stamp Fee with reserved capacity.
----- Previously updated : 07/24/2020---
-# Save costs for Azure App Service Isolated Stamp Fee with reserved capacity
-
-You can save money on Azure App Service Isolated Stamp Fees by committing to a reservation for your stamp usage for a duration of three years. To purchase Isolated Stamp Fee reserved capacity, you need to choose the Azure region where the stamp will be deployed and the number of stamps to purchase.
-
-When you purchase a reservation, the Isolated Stamp Fee usage that matches the reservation attributes is no longer charged at the pay-as-you go rates. The reservation is applied automatically to the number of Isolated stamps that match the reserved capacity scope and region. You don't need to assign a reservation to an isolated stamp. The reservation doesn't apply to workers, so any other resources associated with the stamp are charged separately.
-
-When the reserved capacity expires, Isolated Stamps continue to run but they're billed at the pay-as-you go rate. Reservations don't renew automatically.
-
-## Determine the right reservation to purchase
-
-By purchasing a reservation, you're committing to using reserved quantities over next three years. Check your usage data to determine how many App Service Isolated Stamps you're consistently using and might use in the future.
-
-Additionally, make sure you understand how the Isolated Stamp emits Linux or Windows meter.
--- By default, an empty Isolated Stamp emits the Windows stamp meter. For example, with no workers deployed. It continues to emit this meter if Windows workers are deployed on the stamp.-- The meter changes to the Linux stamp meter if you deploy a Linux worker.-- In cases where both Linux and Windows workers are deployed, the stamp emits the Windows meter.-
-So, the stamp meter can change between Windows and Linux over the life of the stamp.
-
-Buy Windows stamp reservations if you have one or more Windows workers on the stamp. The only time you should purchase a Linux stamp reservation is if you plan to _only_ have Linux workers on the stamp.
-
-## Buy Isolated Stamp reserved capacity
-
-You can buy Isolated Stamp reserved capacity in the [Azure portal](https://portal.azure.com/#blade/Microsoft_Azure_Reservations/CreateBlade/referrer/documentation/filters/%7B%22reservedResourceType%22%3A%22AppService%22%7D). Pay for the reservation [up front or with monthly payments](./prepare-buy-reservation.md). To buy reserved capacity, you must have the owner role for at least one enterprise subscription or an individual subscription with pay-as-you-go rates.
--- For Enterprise subscriptions, the **Add Reserved Instances** option must be enabled in the [EA portal](https://ea.azure.com/). Or, if the setting is disabled, you must be an EA Admin.-- For the Cloud Solution Provider (CSP) program, only the admin agents or sales agents can purchase Azure Synapse Analytics reserved capacity.-
-**To Purchase:**
-
-1. Go to the [Azure portal](https://portal.azure.com/#blade/Microsoft_Azure_Reservations/CreateBlade/referrer/documentation/filters/%7B%22reservedResourceType%22%3A%22AppService%22%7D).
-1. Select a subscription. Use the **Subscription** list to choose the subscription that's used to pay for the reserved capacity. The payment method of the subscription is charged the costs for the reserved capacity. The subscription type must be an enterprise agreement (offer numbers: MS-AZR-0017P or MS-AZR-0148P) or Pay-As-You-Go (offer numbers: MS-AZR-0003P or MS-AZR-0023P) or a CSP subscription.
- - For an enterprise subscription, the charges are deducted from the enrollment's Azure Prepayment (previously called monetary commitment) balance or charged as overage.
- - For Pay-As-You-Go subscription, the charges are billed to the credit card or invoice payment method on the subscription.
-1. Select a **Scope** to choose a subscription scope.
- - **Single resource group scope** ΓÇö Applies the reservation discount to the matching resources in the selected resource group only.
- - **Single subscription scope** ΓÇö Applies the reservation discount to the matching resources in the selected subscription.
- - **Shared scope** ΓÇö Applies the reservation discount to matching resources in eligible subscriptions that are in the billing context. For Enterprise Agreement customers, the billing context is the enrollment. For individual subscriptions with pay-as-you-go rates, the billing scope is all eligible subscriptions created by the account administrator.
-1. Select a **Region** to choose an Azure region that's covered by the reserved capacity and add the reservation to the cart.
-1. Select an Isolated Plan type and then click **Select**.
- ![Example ](./media/prepay-app-service-isolated-stamp/app-service-isolated-stamp-select.png)
-1. Enter the quantity of App Service Isolated stamps to reserve. For example, a quantity of three would give you three reserved stamps a region. Click **Next: Review + Buy**.
-1. Review and click **Buy now**.
-
-After purchase, go to [Reservations](https://portal.azure.com/#blade/Microsoft_Azure_Reservations/ReservationsBrowseBlade) to view the purchase status and monitor it at any time.
-
-## Cancel, exchange, or refund reservations
-
-You can cancel, exchange, or refund reservations with certain limitations. For more information, see [Self-service exchanges and refunds for Azure Reservations](exchange-and-refund-azure-reservations.md).
-
-## Discount application shown in usage data
-
-Your usage data has an effective price of zero for the usage that gets a reservation discount. The usage data shows the reservation discount for each stamp instance in each reservation.
-
-For more information about how reservation discount shows in usage data, see [Get Enterprise Agreement reservation costs and usage](understand-reserved-instance-usage-ea.md) if you're an Enterprise Agreement (EA) customer. Otherwise see, [Understand Azure reservation usage for your individual subscription with pay-as-you-go rates](understand-reserved-instance-usage.md).
-
-## Next steps
--- To learn more about Azure Reservations, see the following articles:
- - [What are Azure Reservations?](save-compute-costs-reservations.md)
- - [Understand how an Azure App Service Isolated Stamp reservation discount is applied](reservation-discount-app-service-isolated-stamp.md)
- - [Understand reservation usage for your Enterprise enrollment](understand-reserved-instance-usage-ea.md)
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/prepay-app-service https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/reservations/prepay-app-service.md
@@ -0,0 +1,143 @@
+
+ Title: Save for Azure App Service with reserved capacity
+description: Learn how you can save costs for Azure App Service Premium v3 reserved instances and Isolated Stamp Fee.
+++++ Last updated : 02/01/2021++++
+# Save costs with Azure App Service reserved instances
+
+This article explains how you can save with Azure App Service reserved instances for Premium v3 instances and Isolated Stamp Fees.
+
+## Save with Premium v3 reserved instances
+
+When you commit to an Azure App Service Premium v3 reserved instance you can save money. The reservation discount is applied automatically to the number of running instances that match the reservation scope and attributes. You don't need to assign a reservation to an instance to get the discounts.
+
+## Determine the right reserved instance size before you buy
+
+Before you buy a reservation, you should determine the size of the Premium v3 reserved instance that you need. The following sections will help you determine the right Premium v3 reserved instance size.
+
+### Use reservation recommendations
+
+You can use reservation recommendations to help determine the reservations you should purchase.
+
+- Purchase recommendations and recommended quantity are show when you purchase a Premium v3 reserved instance in the Azure portal.
+- Azure Advisor provides purchase recommendations for individual subscriptions.
+- You can use the APIs to get purchase recommendations for both shared scope and single subscription scope. For more information, see [Reserved instance purchase recommendation APIs for enterprise customers](/rest/api/billing/enterprise/billing-enterprise-api-reserved-instance-recommendation).
+- For Enterprise Agreement (EA) and Microsoft Customer Agreement (MCA) customers, purchase recommendations for shared and single subscription scopes are available with the [Azure Consumption Insights Power BI content pack](/power-bi/service-connect-to-azure-consumption-insights).
+
+#### Instance size flexibility setting
+
+The instance size flexibility setting determines which services get the reserved instance discounts.
+
+Whether the setting is on or off, reservation discounts automatically apply to any matching Premium v3 reserved instance usage.
+
+### Analyze your usage information
+
+Analyze your usage information to help determine which reservations you should purchase. Usage data is available in the usage file and APIs. Use them together to determine which reservation to purchase. Check for Premium v3 instances that have high usage on daily basis to determine the quantity of reservations to purchase.
+
+Your usage file shows your charges by billing period and daily usage. For information about downloading your usage file, see [View and download your Azure usage and charges](../understand/download-azure-daily-usage.md). Then, by using the usage file information, you can [determine what reservation to purchase](determine-reservation-purchase.md).
+
+### Purchase restriction considerations
+
+Reservation discounts don't apply for the following Premium v3 instances:
+
+- **Preview or Promo instances** - Any Premium v3 reserved instance-series or size that is in preview or uses promotional meter.
+- **Clouds** - Reservations aren't available for purchase in Germany or China regions.
+
+## Buy a Premium v3 reserved instance
+
+You can buy a reserved Premium v3 reserved instance in the [Azure portal](https://portal.azure.com/#blade/Microsoft_Azure_Reservations/CreateBlade/referrer/documentation/filters/%7B%22reservedResourceType%22%3A%22VirtualMachines%22%7D). Pay for the reservation [up front or with monthly payments](prepare-buy-reservation.md). These requirements apply to buying a Premium v3 reserved instance:
+
+- You must be in an Owner role for at least one EA subscription or a subscription with a pay-as-you-go rate.
+- For EA subscriptions, the **Add Reserved Instances** option must be enabled in the [EA portal](https://ea.azure.com/). Or, if that setting is disabled, you must be an EA Admin for the subscription.
+- For the Cloud Solution Provider (CSP) program, only the admin agents or sales agents can buy reservations.
+
+To buy an instance:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+2. Select **All services** > **Reservations**.
+3. Select **Add** to purchase a new reservation and then click **Instance**.
+4. Enter required fields. Running Premium v3 reserved instances that match the attributes you select qualify for the reservation discount. The actual number of your Premium v3 reserved instances that get the discount depend on the scope and quantity selected.
+
+If you have an EA agreement, you can use the **Add more option** to quickly add additional instances. The option isn't available for other subscription types.
+
+| **Field** | **Description** |
+|||
+| Subscription | The subscription used to pay for the reservation. The payment method on the subscription is charged the costs for the reservation. The subscription type must be an enterprise agreement (offer numbers: MS-AZR-0017P or MS-AZR-0148P) or Microsoft Customer Agreement or an individual subscription with pay-as-you-go rates (offer numbers: MS-AZR-0003P or MS-AZR-0023P). The charges are deducted from the monetary commitment balance, if available, or charged as overage. For a subscription with pay-as-you-go rates, the charges are billed to the credit card or invoice payment method on the subscription. |
+| Scope | The reservation's scope can cover one subscription or multiple subscriptions (shared scope). If you select: <ul><li>**Single resource group scope** ΓÇö Applies the reservation discount to the matching resources in the selected resource group only. </li><li>**Single subscription scope** ΓÇö Applies the reservation discount to the matching resources in the selected subscription.</li><li>**Shared scope** ΓÇö Applies the reservation discount to matching resources in eligible subscriptions that are in the billing context. For EA customers, the billing context is the enrollment. For individual subscriptions with pay-as-you-go rates, the billing scope is all eligible subscriptions created by the account administrator.</li></ul> |
+| Region | The Azure region that's covered by the reservation. |
+| Premium v3 reserved instance size | The size of the Premium v3 reserved instances. |
+| Optimize for | Premium v3 Reserved instance size flexibility is selected by default. Click **Advanced settings** to change the instance size flexibility value to apply the reservation discount to other Premium v3 reserved instances in the same [Premium v3 Reserved Instance size group](../../virtual-machines/reserved-vm-instance-size-flexibility.md). Capacity priority prioritizes data center capacity for your deployments. It offers additional confidence in your ability to launch the Premium v3 reserved instances when you need them. Capacity priority is only available when the reservation scope is single subscription. |
+| Term | One year or three years. There's also a 5-year term available only for HBv2 Premium v3 reserved instances. |
+| Quantity | The number of instances being purchased within the reservation. The quantity is the number of running Premium v3 reserved instances that can get the billing discount. For example, if you are running 10 Standard\_D2 Premium v3 reserved instances in the East US, then you would specify quantity as 10 to maximize the benefit for all running Premium v3 reserved instances. |
+
+## Save with Isolated Stamp Fees
+
+You can save money on Azure App Service Isolated Stamp Fees by committing to a reservation for your stamp usage for a duration of three years. To purchase Isolated Stamp Fee reserved capacity, you need to choose the Azure region where the stamp will be deployed and the number of stamps to purchase.
+
+When you purchase a reservation, the Isolated Stamp Fee usage that matches the reservation attributes is no longer charged at the pay-as-you go rates. The reservation is applied automatically to the number of Isolated stamps that match the reserved capacity scope and region. You don't need to assign a reservation to an isolated stamp. The reservation doesn't apply to workers, so any other resources associated with the stamp are charged separately.
+
+When the reserved capacity expires, Isolated Stamps continue to run but they're billed at the pay-as-you go rate. Reservations don't renew automatically.
+
+## Determine the right Isolated Stamp reservation to purchase
+
+By purchasing a reservation, you're committing to using reserved quantities over next three years. Check your usage data to determine how many App Service Isolated Stamps you're consistently using and might use in the future.
+
+Additionally, make sure you understand how the Isolated Stamp emits Linux or Windows meter.
+
+- By default, an empty Isolated Stamp emits the Windows stamp meter. For example, with no workers deployed. It continues to emit this meter if Windows workers are deployed on the stamp.
+- The meter changes to the Linux stamp meter if you deploy a Linux worker.
+- In cases where both Linux and Windows workers are deployed, the stamp emits the Windows meter.
+
+So, the stamp meter can change between Windows and Linux over the life of the stamp.
+
+Buy Windows stamp reservations if you have one or more Windows workers on the stamp. The only time you should purchase a Linux stamp reservation is if you plan to _only_ have Linux workers on the stamp.
+
+## Buy Isolated Stamp reserved capacity
+
+You can buy Isolated Stamp reserved capacity in the [Azure portal](https://portal.azure.com/#blade/Microsoft_Azure_Reservations/CreateBlade/referrer/documentation/filters/%7B%22reservedResourceType%22%3A%22AppService%22%7D). Pay for the reservation [up front or with monthly payments](./prepare-buy-reservation.md). To buy reserved capacity, you must have the owner role for at least one enterprise subscription or an individual subscription with pay-as-you-go rates.
+
+- For Enterprise subscriptions, the **Add Reserved Instances** option must be enabled in the [EA portal](https://ea.azure.com/). Or, if the setting is disabled, you must be an EA Admin.
+- For the Cloud Solution Provider (CSP) program, only the admin agents or sales agents can purchase Azure Synapse Analytics reserved capacity.
+
+**To Purchase:**
+
+1. Go to the [Azure portal](https://portal.azure.com/#blade/Microsoft_Azure_Reservations/CreateBlade/referrer/documentation/filters/%7B%22reservedResourceType%22%3A%22AppService%22%7D).
+1. Select a subscription. Use the **Subscription** list to choose the subscription that's used to pay for the reserved capacity. The payment method of the subscription is charged the costs for the reserved capacity. The subscription type must be an enterprise agreement (offer numbers: MS-AZR-0017P or MS-AZR-0148P) or Pay-As-You-Go (offer numbers: MS-AZR-0003P or MS-AZR-0023P) or a CSP subscription.
+ - For an enterprise subscription, the charges are deducted from the enrollment's Azure Prepayment (previously called monetary commitment) balance or charged as overage.
+ - For Pay-As-You-Go subscription, the charges are billed to the credit card or invoice payment method on the subscription.
+1. Select a **Scope** to choose a subscription scope.
+ - **Single resource group scope** ΓÇö Applies the reservation discount to the matching resources in the selected resource group only.
+ - **Single subscription scope** ΓÇö Applies the reservation discount to the matching resources in the selected subscription.
+ - **Shared scope** ΓÇö Applies the reservation discount to matching resources in eligible subscriptions that are in the billing context. For Enterprise Agreement customers, the billing context is the enrollment. For individual subscriptions with pay-as-you-go rates, the billing scope is all eligible subscriptions created by the account administrator.
+1. Select a **Region** to choose an Azure region that's covered by the reserved capacity and add the reservation to the cart.
+1. Select an Isolated Plan type and then click **Select**.
+ ![Example ](./media/prepay-app-service/app-service-isolated-stamp-select.png)
+1. Enter the quantity of App Service Isolated stamps to reserve. For example, a quantity of three would give you three reserved stamps a region. Click **Next: Review + Buy**.
+1. Review and click **Buy now**.
+
+After purchase, go to [Reservations](https://portal.azure.com/#blade/Microsoft_Azure_Reservations/ReservationsBrowseBlade) to view the purchase status and monitor it at any time.
+
+## Cancel, exchange, or refund reservations
+
+You can cancel, exchange, or refund reservations with certain limitations. For more information, see [Self-service exchanges and refunds for Azure Reservations](exchange-and-refund-azure-reservations.md).
+
+## Discount application shown in usage data
+
+Your usage data has an effective price of zero for the usage that gets a reservation discount. The usage data shows the reservation discount for each stamp instance in each reservation.
+
+For more information about how reservation discount shows in usage data, see [Get Enterprise Agreement reservation costs and usage](understand-reserved-instance-usage-ea.md) if you're an Enterprise Agreement (EA) customer. Otherwise see, [Understand Azure reservation usage for your individual subscription with pay-as-you-go rates](understand-reserved-instance-usage.md).
+
+## Next steps
+
+- To learn more about Azure Reservations, see the following articles:
+ - [What are Azure Reservations?](save-compute-costs-reservations.md)
+ - [Understand how an Azure App Service Isolated Stamp reservation discount is applied](reservation-discount-app-service.md)
+ - [Understand reservation usage for your Enterprise enrollment](understand-reserved-instance-usage-ea.md)
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/reservation-discount-app-service https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/reservations/reservation-discount-app-service.md
@@ -0,0 +1,80 @@
+
+ Title: Reservation discounts for Azure App Service
+description: Learn how reservation discounts apply to Azure App Service Premium v3 instances and Isolated Stamps.
+++++ Last updated : 02/01/2021+++
+# How reservation discounts apply to Azure App Service Premium v3 instances and Isolated Stamps
+
+This article helps you understand how discounts apply to Azure App Service Premium v3 instances and Isolated Stamps.
+
+## How reservation discounts apply to Premium v3 instances
+
+After you buy an Azure App Service Premium v3 Reserved Instance, the reservation discount is automatically applied to App Service instances that match the attributes and quantity of the reservation. A reservation covers the cost of your Premium v3 instances.
+
+### How the discount is applied to Azure App Service
+
+A reservation discount is *use-it-or-lose-it*. So, if you don't have matching resources for any hour, then you lose a reservation quantity for that hour. You can't carry forward unused reserved hours.
+When you shut down a resource, the reservation discount automatically applies to another matching resource in the specified scope. If no matching resources are found in the specified scope, then the reserved hours are lost.
+
+### Reservation discount for Premium v3 Instances
+
+The Azure reservation discount is applied to running Premium v3 instances on an hourly basis. The reservations that you have purchased are matched to the usage emitted by the running Premium v3 instances to apply the reservation discount. For Premium v3 Instances that may not run the full hour, the reservation will be filled from other instances not using a reservation, including concurrently running instances. At the end of the hour, the reservation application for instances in the hour is locked. In the event an instance does not run for an hour or concurrent instances within the hour do not fill the hour of the reservation, the reservation is underutilized for that hour. The following graph illustrates the application of a reservation to billable VM usage. The illustration is based on one reservation purchase and two matching VM instances.
+
+![Image showing the application of a reservation to billable VM usage](./media/reservation-discount-app-service/reserved-premium-v3-instance-application.png)
+
+1. Any usage that's above the reservation line gets charged at the regular pay-as-you-go rates. You're not charged for any usage below the reservations line, since it has been already paid as part of reservation purchase.
+2. In hour 1, instance 1 runs for 0.75 hours and instance 2 runs for 0.5 hours. Total usage for hour 1 is 1.25 hours. You're charged the pay-as-you-go rates for the remaining 0.25 hours.
+3. For hour 2 and hour 3, both instances ran for 1 hour each. One instance is covered by the reservation and the other is charged at pay-as-you-go rates.
+4. For hour 4, instance 1 runs for 0.5 hours and instance 2 runs for 1 hour. Instance 1 is fully covered by the reservation and 0.5 hours of instance 2 is covered. YouΓÇÖre charged the pay-as-you-go rate for the remaining 0.5 hours.
+
+To understand and view the application of your Azure Reservations in billing usage reports, see [Understand reservation usage](understand-reserved-instance-usage-ea.md).
+
+### Discount can apply to different sizes
+
+When you buy a Reserved Premium v3 Instance and select **Optimized for instance size flexibility**, the discount coverage applies to the Premium v3 instance size you select. It can also apply to other instance sizes that are in the same series instance size flexibility group.
+
+## How reservation discounts apply to Isolated Stamps
+
+After you buy App Service Isolated Stamp Fee reserved capacity, the reservation discount is automatically applied to the Stamp Fee in a region. The reservation discount applies to the usage emitted by the Isolated Stamp Fee meter. Workers, additional Front Ends, and any other resources associated with the stamp continue to get billed at the regular rate.
+
+### Reservation discount application
+
+The App Service Isolated Stamp Fee discount is applied to running isolated stamps on an hourly basis. If you don't have a stamp deployed for an hour, then the reserved capacity is wasted for that hour. It doesn't carry over.
+
+After purchase, the reservation that you buy is matched to an isolated stamp running in a specific region. If you shut down that stamp, then reservation discounts are automatically applied to any other stamps running in the region. When no stamps exist, the reservation is applied to the next stamp that's created in the region.
+
+When stamps don't run for a full hour, the reservation automatically applies to other matching stamps in the same region during the same hour.
+
+### Choose a stamp type - Windows or Linux
+
+An empty Isolated Stamp emits the Windows stamp meter by default. For example, when no workers are deployed. It continues to emit the meter when Windows workers are deployed. The meter changes to the Linux stamp meter if you deploy a Linux worker. The stamp emits the Windows meter when both Linux and Windows workers are deployed.
+
+As a result, the stamp meter can change between Windows and Linux over the life of the stamp. Meanwhile, reservations are operating system specific. You'll need to buy a reservation that supports the workers you plan to deploy to the stamp. Windows-only stamps and mixed stamps use the Windows reservation. Stamps with only Linux workers use the Linux reservation.
+
+The only time you should purchase a Linux reservation is when you plan to _only_ have Linux workers in the stamp.
+
+### Discount examples
+
+The following examples show how the Isolated Stamp Fee reserved instance discount applies, depending on the deployments.
+
+- **Example 1**: You purchase one instance of Isolated Reserved Stamp capacity in a region with no App Service Isolated stamps. You deploy a new stamp to the region and pay reserved rates for that stamp.
+- **Example 2**: You purchase one instance of Isolated Reserved Stamp capacity in a region that already has an App Service Isolated stamp deployed. You start receiving the reserved rate for the deployed stamp.
+- **Example 3**: You purchase one instance of Isolated Reserved Stamp capacity in a region with an App Service Isolated stamp already deployed. You start receiving the reserved rate on the deployed stamp. Later, you delete the stamp and deploy a new one. You receive the reserved rate for the new stamp. Discounts don't carry over for durations without deployed stamps.
+- **Example 4**: You purchase one instance of Isolated Linux Reserved Stamp capacity in a region then deploy a new stamp to the region. When the stamp is initially deployed without workers, it emits the Windows stamp meter. No discount is received. When the first Linux worker is deployed the stamp, it emits the Linux Stamp meter and the reservation discount applies. If a windows worker is later deployed to the stamp, the stamp meter reverts to Windows. You no longer receive a discount for the Isolated Linux Reserved Stamp reservation.
+
+## Next steps
+
+- To learn how to manage a reservation, see [Manage Azure Reservations](manage-reserved-vm-instance.md).
+- To learn more about pre-purchasing App Service Premium v3 and Isolated Stamp reserved capacity to save money, see [Prepay for Azure App Service with reserved capacity](prepay-app-service.md).
+- To learn more about Azure Reservations, see the following articles:
+ - [What are Azure Reservations?](save-compute-costs-reservations.md)
+ - [Manage Reservations in Azure](manage-reserved-vm-instance.md)
+ - [Understand reservation usage for a subscription with pay-as-you-go rates](understand-reserved-instance-usage.md)
+ - [Understand reservation usage for your Enterprise enrollment](understand-reserved-instance-usage-ea.md)
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/reservation-discount-application https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/reservations/reservation-discount-application.md
@@ -43,7 +43,7 @@ Service plans:
Read the following articles that apply to you to learn how discounts apply to a specific Azure service: -- [App Service](reservation-discount-app-service-isolated-stamp.md)
+- [App Service](reservation-discount-app-service.md)
- [Azure Cache for Redis](understand-azure-cache-for-redis-reservation-charges.md) - [Cosmos DB](understand-cosmosdb-reservation-charges.md) - [Database for MariaDB](understand-reservation-charges-mariadb.md)
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/understand/download-azure-invoice https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/understand/download-azure-invoice.md
@@ -65,9 +65,9 @@ You must have an account admin role for a subscription to download its invoice.
1. Select your subscription from the [Subscriptions page](https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade) in the Azure portal. 1. Select **Invoices** from the billing section. ![Screenshot that shows a user selecting invoices option for a subscription](./media/download-azure-invoice/select-subscription-invoice.png)
-1. Select **Download** to download a PDF version of your invoice and then select **Download** under the invoice section.
- ![Screenshot that shows billing periods, the download option, and total charges for each billing period for an MOSP invoice](./media/download-azure-invoice/downloadinvoice-subscription.png)
-1. You can also download a daily breakdown of consumed quantities and charges by selecting **Download** under the usage details section. It may take a few minutes to prepare the CSV file.
+1. Select the invoice that you want to download and then click **Download invoices**.
+ ![Screenshot that the download option for an MOSP invoice](./media/download-azure-invoice/downloadinvoice-subscription.png)
+1. You can also download a daily breakdown of consumed quantities and charges by clicking the download icon and then clicking **Prepare Azure usage file** button under the usage details section. It may take a few minutes to prepare the CSV file.
![Screenshot that shows Download invoice and usage page](./media/download-azure-invoice/usage-and-invoice-subscription.png) For more information about your invoice, see [Understand your bill for Microsoft Azure](../understand/review-individual-bill.md). For help identify unusual costs, see [Analyze unexpected charges](analyze-unexpected-charges.md).
@@ -82,12 +82,12 @@ You must have an account admin role on the support plan subscription to download
1. Search for **Cost Management + Billing**. ![Screenshot that shows search in portal for cost management + billing](./media/download-azure-invoice/search-cmb.png) 1. Select **Invoices** from the left-hand side.
-1. Select your support plan subscription and then select **Download**.
+1. Select your support plan subscription.
[![Screenshot that shows an MOSP support plan invoice billing profile list](./media/download-azure-invoice/cmb-invoices.png)](./media/download-azure-invoice/cmb-invoices-zoomed-in.png#lightbox)
-1. Select **Download** to download a PDF version of your invoice.
- ![Screenshot that shows billing periods, the download option, and total charges for each billing period for an MOSP support plan invoice list](./media/download-azure-invoice/download-invoice-support-plan.png)
+1. Select the invoice that you want to download and then click **Download invoices**.
+ ![Screenshot that shows the download option for an MOSP support plan invoice ](./media/download-azure-invoice/download-invoice-support-plan.png)
-## Allow others to download the your subscription invoice
+## Allow others to download your subscription invoice
To download an invoice:
@@ -102,7 +102,8 @@ To download an invoice:
4. Select your Azure subscription and then click **Allow others to download invoice**. [![Screenshot that shows selecting access to invoice](./media/download-azure-invoice/cmb-select-access-to-invoice.png)](./media/download-azure-invoice/cmb-select-access-to-invoice-zoomed-in.png#lightbox)
-1. Select **On** and then **Save** at the top of the page.
+
+5. Select **On** and then **Save** at the top of the page.
![Screenshot that shows selecting on for access to invoice](./media/download-azure-invoice/cmb-access-to-invoice.png) > [!NOTE]
@@ -122,12 +123,12 @@ You must have an account admin role on a subscription or a support plan to opt i
6. The invoice is sent to your preferred communication email. Select **Update profile** to update the email. ![Screenshot that shows the opt-in flow step 3](./media/download-azure-invoice/invoicearticlestep03-verifyemail.png)
-## Share subscription and support plan invoices
+## Share subscription and support plan invoice
-You may want to share the invoices for your subscription and support plan every month with your accounting team or send them to one of your other email addresses.
+You may want to share the invoice for your subscription and support plan every month with your accounting team or send them to one of your other email addresses.
1. Follow the steps in [Get your subscription's and support plan's invoices in email](#get-mosp-subscription-invoice-in-email) and select **Configure recipients**.
- ![Screenshot that shows a user selecting configure recipients](./media/download-azure-invoice/invoice-article-step03.png)
+ [![Screenshot that shows a user selecting configure recipients](./media/download-azure-invoice/invoice-article-step03.png)](./media/download-azure-invoice/invoice-article-step03-zoomed.png#lightbox)
1. Enter an email address, and then select **Add recipient**. You can add multiple email addresses. ![Screenshot that shows a user adding additional recipients](./media/download-azure-invoice/invoice-article-step04.png) 1. Once you've added all the email addresses, select **Done** from the bottom of the screen.
@@ -168,12 +169,11 @@ You must have an owner or a contributor role on the billing profile or its billi
1. Sign in to the [Azure portal](https://portal.azure.com). 1. Search for **Cost Management + Billing**.
-1. Select **Invoices** from the left-hand side and then select **Email Invoice** from the top of the page.
+1. Select **Invoices** from the left-hand side and then select **Invoice email preference** from the top of the page.
[![Screenshot that shows the Email invoice option for invoices](./media/download-azure-invoice/mca-billing-profile-select-email-invoice.png)](./media/download-azure-invoice/mca-billing-profile-select-email-invoice-zoomed.png#lightbox)
-1. If you have multiple billing profiles, select a billing profile and then select **Opt in**.
- ![Screenshot that shows the opt-in option](./media/download-azure-invoice/mca-billing-profile-email-invoice.png)
-1. Select **Update**.
-1. If you have multiple billing profiles, select a billing profile and then select **Opt in**.
+1. If you have multiple billing profiles, select a billing profile and then select **Yes**.
+ [![Screenshot that shows the opt-in option](./media/download-azure-invoice/mca-billing-profile-email-invoice.png)](./media/download-azure-invoice/mca-billing-profile-select-email-invoice-zoomed.png#lightbox)
+1. Select **Save**.
You give others access to view, download, and pay invoices by assigning them the invoice manager role for an MCA or MPA billing profile. If you've opted in to get your invoice in email, users also get the invoices in email.
@@ -186,7 +186,20 @@ You give others access to view, download, and pay invoices by assigning them the
1. In the Role drop-down list, select **Invoice Manager**. Enter the email address of the user to give access. Select **Save** to assign the role. [![Screenshot that shows adding a user as an invoice manager](./media/download-azure-invoice/mca-added-invoice-manager.png)](./media/download-azure-invoice/mca-added-invoice-manager.png#lightbox)
-
+
+## Share your billing profile's invoice
+
+You may want to share your invoice every month with your accounting team or send them to one of your other email addresses without giving your accounting team or the other email permissions to your billing profile.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Search for **Cost Management + Billing**.
+1. Select **Invoices** from the left-hand side and then select **Invoice email preference** from the top of the page.
+ [![Screenshot that shows the Email invoice option for invoices](./media/download-azure-invoice/mca-billing-profile-select-email-invoice.png)](./media/download-azure-invoice/mca-billing-profile-select-email-invoice-zoomed.png#lightbox)
+1. If you have multiple billing profiles, select a billing profile.
+1. In the additional recipients section, add the email addresses to receive invoices.
+ [![Screenshot that shows additional recipients for the invoice email](./media/download-azure-invoice/mca-billing-profile-add-invoice-recipients.png)](./media/download-azure-invoice/mca-billing-profile-add-invoice-recipients-zoomed.png#lightbox)
+1. Select **Save**.
+ ## Why you might not see an invoice <a name="noinvoice"></a>
cost-management-billing https://docs.microsoft.com/en-us/azure/cost-management-billing/understand/mosp-new-customer-experience https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/understand/mosp-new-customer-experience.md
@@ -37,7 +37,7 @@ When your account is updated, a billing profile is automatically created for eac
Roles on the billing profiles have permissions to view and manage invoices and payment methods. These roles should be assigned to users who pay invoices like members of the accounting team in an organization. For more information, see [billing profile roles and tasks](../manage/understand-mca-roles.md#billing-profile-roles-and-tasks).
-When your account is updated, for each subscription on which you've given others permission to [view invoices](download-azure-invoice.md#allow-others-to-download-the-your-subscription-invoice), users who have an owner, a contributor, a reader, or a billing reader Azure role are given the reader role on the respective billing profile.
+When your account is updated, for each subscription on which you've given others permission to [view invoices](download-azure-invoice.md#allow-others-to-download-your-subscription-invoice), users who have an owner, a contributor, a reader, or a billing reader Azure role are given the reader role on the respective billing profile.
## Invoice sections
data-factory https://docs.microsoft.com/en-us/azure/data-factory/data-movement-security-considerations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/data-movement-security-considerations.md
@@ -13,7 +13,8 @@
Last updated 05/26/2020
-# Security considerations for data movement in Azure Data Factory
+# Security considerations for data movement in Azure Data Factory
+ > [!div class="op_single_selector" title1="Select the version of Data Factory service you are using:"] > > * [Version 1](v1/data-factory-data-movement-security-considerations.md)
@@ -23,13 +24,13 @@ Last updated 05/26/2020
This article describes basic security infrastructure that data movement services in Azure Data Factory use to help secure your data. Data Factory management resources are built on Azure security infrastructure and use all possible security measures offered by Azure.
-In a Data Factory solution, you create one or more data [pipelines](concepts-pipelines-activities.md). A pipeline is a logical grouping of activities that together perform a task. These pipelines reside in the region where the data factory was created.
+In a Data Factory solution, you create one or more data [pipelines](concepts-pipelines-activities.md). A pipeline is a logical grouping of activities that together perform a task. These pipelines reside in the region where the data factory was created.
-Even though Data Factory is only available in few regions, the data movement service is [available globally](concepts-integration-runtime.md#integration-runtime-location) to ensure data compliance, efficiency, and reduced network egress costs.
+Even though Data Factory is only available in few regions, the data movement service is [available globally](concepts-integration-runtime.md#integration-runtime-location) to ensure data compliance, efficiency, and reduced network egress costs.
Azure Data Factory including Azure Integration Runtime and Self-hosted Integration Runtime does not store any temporary data, cache data or logs except for linked service credentials for cloud data stores, which are encrypted by using certificates. With Data Factory, you create data-driven workflows to orchestrate movement of data between [supported data stores](copy-activity-overview.md#supported-data-stores-and-formats), and processing of data by using [compute services](compute-linked-services.md) in other regions or in an on-premises environment. You can also monitor and manage workflows by using SDKs and Azure Monitor.
-Data Factory has been certified for:
+Data Factory has been certified for:
| **[CSA STAR Certification](https://www.microsoft.com/trustcenter/compliance/csa-star-certification)** | | :-- |
@@ -41,10 +42,11 @@ Data Factory has been certified for:
| **[ISO 9001:2015](https://www.microsoft.com/trustcenter/compliance/iso-9001)** | | **[SOC 1, 2, 3](https://www.microsoft.com/trustcenter/compliance/soc)** | | **[HIPAA BAA](/compliance/regulatory/offering-hipaa-hitech)** |
+| **[HITRUST](/compliance/regulatory/offering-hitrust)** |
-If you're interested in Azure compliance and how Azure secures its own infrastructure, visit the [Microsoft Trust Center](https://microsoft.com/en-us/trustcenter/default.aspx). For the latest list of all Azure Compliance offerings check - https://aka.ms/AzureCompliance.
+If you're interested in Azure compliance and how Azure secures its own infrastructure, visit the [Microsoft Trust Center](https://microsoft.com/trustcenter/default.aspx). For the latest list of all Azure Compliance offerings check - https://aka.ms/AzureCompliance.
-In this article, we review security considerations in the following two data movement scenarios:
+In this article, we review security considerations in the following two data movement scenarios:
- **Cloud scenario**: In this scenario, both your source and your destination are publicly accessible through the internet. These include managed cloud storage services such as Azure Storage, Azure Synapse Analytics, Azure SQL Database, Azure Data Lake Store, Amazon S3, Amazon Redshift, SaaS services such as Salesforce, and web protocols such as FTP and OData. Find a complete list of supported data sources in [Supported data stores and formats](copy-activity-overview.md#supported-data-stores-and-formats). - **Hybrid scenario**: In this scenario, either your source or your destination is behind a firewall or inside an on-premises corporate network. Or, the data store is in a private network or virtual network (most often the source) and is not publicly accessible. Database servers hosted on virtual machines also fall under this scenario.
@@ -66,6 +68,7 @@ If the cloud data store supports HTTPS or TLS, all data transfers between data m
> [!NOTE] > To enable encryption in transit while moving data from Oracle follow one of the below options:
+>
> 1. In Oracle server, go to Oracle Advanced Security (OAS) and configure the encryption settings, which supports Triple-DES Encryption (3DES) and Advanced Encryption Standard (AES), refer [here](https://docs.oracle.com/cd/E11882_01/network.112/e40393/asointro.htm#i1008759) for details. ADF automatically negotiates the encryption method to use the one you configure in OAS when establishing connection to Oracle. > 2. In ADF, you can add EncryptionMethod=1 in the connection string (in the Linked Service). This will use SSL/TLS as the encryption method. To use this, you need to disable non-SSL encryption settings in OAS on the Oracle server side to avoid encryption conflict.
@@ -73,30 +76,39 @@ If the cloud data store supports HTTPS or TLS, all data transfers between data m
> TLS version used is 1.2. ### Data encryption at rest+ Some data stores support encryption of data at rest. We recommend that you enable the data encryption mechanism for those data stores. #### Azure Synapse Analytics+ Transparent Data Encryption (TDE) in Azure Synapse Analytics helps protect against the threat of malicious activity by performing real-time encryption and decryption of your data at rest. This behavior is transparent to the client. For more information, see [Secure a database in Azure Synapse Analytics](../synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-manage-security.md). #### Azure SQL Database+ Azure SQL Database also supports transparent data encryption (TDE), which helps protect against the threat of malicious activity by performing real-time encryption and decryption of the data, without requiring changes to the application. This behavior is transparent to the client. For more information, see [Transparent data encryption for SQL Database and Data Warehouse](/sql/relational-databases/security/encryption/transparent-data-encryption-azure-sql). #### Azure Data Lake Store+ Azure Data Lake Store also provides encryption for data stored in the account. When enabled, Data Lake Store automatically encrypts data before persisting and decrypts before retrieval, making it transparent to the client that accesses the data. For more information, see [Security in Azure Data Lake Store](../data-lake-store/data-lake-store-security-overview.md). #### Azure Blob storage and Azure Table storage+ Azure Blob storage and Azure Table storage support Storage Service Encryption (SSE), which automatically encrypts your data before persisting to storage and decrypts before retrieval. For more information, see [Azure Storage Service Encryption for Data at Rest](../storage/common/storage-service-encryption.md). #### Amazon S3+ Amazon S3 supports both client and server encryption of data at rest. For more information, see [Protecting Data Using Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html). #### Amazon Redshift+ Amazon Redshift supports cluster encryption for data at rest. For more information, see [Amazon Redshift Database Encryption](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html). #### Salesforce+ Salesforce supports Shield Platform Encryption that allows encryption of all files, attachments, and custom fields. For more information, see [Understanding the Web Server OAuth Authentication Flow](https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm). ## Hybrid scenarios+ Hybrid scenarios require self-hosted integration runtime to be installed in an on-premises network, inside a virtual network (Azure), or inside a virtual private cloud (Amazon). The self-hosted integration runtime must be able to access the local data stores. For more information about self-hosted integration runtime, see [How to create and configure self-hosted integration runtime](./create-self-hosted-integration-runtime.md). ![self-hosted integration runtime channels](media/data-movement-security-considerations/data-management-gateway-channels.png)
@@ -104,31 +116,31 @@ Hybrid scenarios require self-hosted integration runtime to be installed in an o
The command channel allows communication between data movement services in Data Factory and self-hosted integration runtime. The communication contains information related to the activity. The data channel is used for transferring data between on-premises data stores and cloud data stores. ### On-premises data store credentials+ The credentials can be stored within data factory or be [referenced by data factory](store-credentials-in-key-vault.md) during the runtime from Azure Key Vault. If storing credentials within data factory, it is always stored encrypted on the self-hosted integration runtime.
-
-- **Store credentials locally**. If you directly use the **Set-AzDataFactoryV2LinkedService** cmdlet with the connection strings and credentials inline in the JSON, the linked service is encrypted and stored on self-hosted integration runtime. In this case the credentials flow through Azure backend service, which is extremely secure, to the self-hosted integration machine where it is finally encrypted and stored. The self-hosted integration runtime uses Windows [DPAPI](/previous-versions/ms995355(v=msdn.10)) to encrypt the sensitive data and credential information. -- **Store credentials in Azure Key Vault**. You can also store the data store's credential in [Azure Key Vault](https://azure.microsoft.com/services/key-vault/). Data Factory retrieves the credential during the execution of an activity. For more information, see [Store credential in Azure Key Vault](store-credentials-in-key-vault.md).
+ - **Store credentials locally**. If you directly use the **Set-AzDataFactoryV2LinkedService** cmdlet with the connection strings and credentials inline in the JSON, the linked service is encrypted and stored on self-hosted integration runtime. In this case the credentials flow through Azure backend service, which is extremely secure, to the self-hosted integration machine where it is finally encrypted and stored. The self-hosted integration runtime uses Windows [DPAPI](/previous-versions/ms995355(v=msdn.10)) to encrypt the sensitive data and credential information.
-- **Store credentials locally without flowing the credentials through Azure backend to the self-hosted integration runtime**. If you want to encrypt and store credentials locally on the self-hosted integration runtime without having to flow the credentials through data factory backend, follow the steps in [Encrypt credentials for on-premises data stores in Azure Data Factory](encrypt-credentials-self-hosted-integration-runtime.md). All connectors support this option. The self-hosted integration runtime uses Windows [DPAPI](/previous-versions/ms995355(v=msdn.10)) to encrypt the sensitive data and credential information.
+ - **Store credentials in Azure Key Vault**. You can also store the data store's credential in [Azure Key Vault](https://azure.microsoft.com/services/key-vault/). Data Factory retrieves the credential during the execution of an activity. For more information, see [Store credential in Azure Key Vault](store-credentials-in-key-vault.md).
- Use the **New-AzDataFactoryV2LinkedServiceEncryptedCredential** cmdlet to encrypt linked service credentials and sensitive details in the linked service. You can then use the JSON returned (with the **EncryptedCredential** element in the connection string) to create a linked service by using the **Set-AzDataFactoryV2LinkedService** cmdlet.
+ - **Store credentials locally without flowing the credentials through Azure backend to the self-hosted integration runtime**. If you want to encrypt and store credentials locally on the self-hosted integration runtime without having to flow the credentials through data factory backend, follow the steps in [Encrypt credentials for on-premises data stores in Azure Data Factory](encrypt-credentials-self-hosted-integration-runtime.md). All connectors support this option. The self-hosted integration runtime uses Windows [DPAPI](/previous-versions/ms995355(v=msdn.10)) to encrypt the sensitive data and credential information.
+ - Use the **New-AzDataFactoryV2LinkedServiceEncryptedCredential** cmdlet to encrypt linked service credentials and sensitive details in the linked service. You can then use the JSON returned (with the **EncryptedCredential** element in the connection string) to create a linked service by using the **Set-AzDataFactoryV2LinkedService** cmdlet.
#### Ports used when encrypting linked service on self-hosted integration runtime+ By default, PowerShell uses port 8060 on the machine with self-hosted integration runtime for secure communication. If necessary, this port can be changed. ![HTTPS port for the gateway](media/data-movement-security-considerations/https-port-for-gateway.png)
-
- ### Encryption in transit+ All data transfers are via secure channel HTTPS and TLS over TCP to prevent man-in-the-middle attacks during communication with Azure services. You can also use [IPSec VPN](../vpn-gateway/vpn-gateway-about-vpn-devices.md) or [Azure ExpressRoute](../expressroute/expressroute-introduction.md) to further secure the communication channel between your on-premises network and Azure.
-Azure Virtual Network is a logical representation of your network in the cloud. You can connect an on-premises network to your virtual network by setting up IPSec VPN (site-to-site) or ExpressRoute (private peering).
+Azure Virtual Network is a logical representation of your network in the cloud. You can connect an on-premises network to your virtual network by setting up IPSec VPN (site-to-site) or ExpressRoute (private peering).
The following table summarizes the network and self-hosted integration runtime configuration recommendations based on different combinations of source and destination locations for hybrid data movement.
@@ -140,30 +152,31 @@ The following table summarizes the network and self-hosted integration runtime c
The following images show the use of self-hosted integration runtime for moving data between an on-premises database and Azure services by using ExpressRoute and IPSec VPN (with Azure Virtual Network):
-**ExpressRoute**
+#### Express Route
![Use ExpressRoute with gateway](media/data-movement-security-considerations/express-route-for-gateway.png)
-**IPSec VPN**
+#### IPSec VPN
![IPSec VPN with gateway](media/data-movement-security-considerations/ipsec-vpn-for-gateway.png)
-### <a name="firewall-configurations-and-allow-list-setting-up-for-ip-address-of-gateway"></a> Firewall configurations and allow list setting up for IP addresses
+### Firewall configurations and allow list setting up for IP addresses
-> [!NOTE]
+> [!NOTE]
> You might have to manage ports or set up allow list for domains at the corporate firewall level as required by the respective data sources. This table only uses Azure SQL Database, Azure Synapse Analytics, and Azure Data Lake Store as examples.
-> [!NOTE]
+> [!NOTE]
> For details about data access strategies through Azure Data Factory, see [this article](./data-access-strategies.md#data-access-strategies-through-azure-data-factory).
-#### Firewall requirements for on-premises/private network
+#### Firewall requirements for on-premises/private network
+ In an enterprise, a corporate firewall runs on the central router of the organization. Windows Firewall runs as a daemon on the local machine in which the self-hosted integration runtime is installed. The following table provides outbound port and domain requirements for corporate firewalls: [!INCLUDE [domain-and-outbound-port-requirements](../../includes/domain-and-outbound-port-requirements.md)]
-> [!NOTE]
+> [!NOTE]
> You might have to manage ports or set up allow list for domains at the corporate firewall level as required by the respective data sources. This table only uses Azure SQL Database, Azure Synapse Analytics, and Azure Data Lake Store as examples. The following table provides inbound port requirements for Windows Firewall:
@@ -175,15 +188,16 @@ The following table provides inbound port requirements for Windows Firewall:
![Gateway port requirements](media/data-movement-security-considerations/gateway-port-requirements.png) #### IP configurations and allow list setting up in data stores+ Some data stores in the cloud also require that you allow the IP address of the machine accessing the store. Ensure that the IP address of the self-hosted integration runtime machine is allowed or configured in the firewall appropriately.
-The following cloud data stores require that you allow the IP address of the self-hosted integration runtime machine. Some of these data stores, by default, might not require allow list.
+The following cloud data stores require that you allow the IP address of the self-hosted integration runtime machine. Some of these data stores, by default, might not require allow list.
-- [Azure SQL Database](../azure-sql/database/firewall-configure.md) -- [Azure Synapse Analytics](../synapse-analytics/sql-data-warehouse/create-data-warehouse-portal.md)-- [Azure Data Lake Store](../data-lake-store/data-lake-store-secure-data.md#set-ip-address-range-for-data-access)-- [Azure Cosmos DB](../cosmos-db/how-to-configure-firewall.md)-- [Amazon Redshift](https://docs.aws.amazon.com/redshift/latest/gsg/rs-gsg-authorize-cluster-access.html)
+* [Azure SQL Database](../azure-sql/database/firewall-configure.md)
+* [Azure Synapse Analytics](../synapse-analytics/sql-data-warehouse/create-data-warehouse-portal.md)
+* [Azure Data Lake Store](../data-lake-store/data-lake-store-secure-data.md#set-ip-address-range-for-data-access)
+* [Azure Cosmos DB](../cosmos-db/how-to-configure-firewall.md)
+* [Amazon Redshift](https://docs.aws.amazon.com/redshift/latest/gsg/rs-gsg-authorize-cluster-access.html)
## Frequently asked questions
@@ -193,9 +207,8 @@ Yes. More details [here](https://azure.microsoft.com/blog/sharing-a-self-hosted-
**What are the port requirements for the self-hosted integration runtime to work?**
-The self-hosted integration runtime makes HTTP-based connections to access the internet. The outbound ports 443 must be opened for the self-hosted integration runtime to make this connection. Open inbound port 8060 only at the machine level (not the corporate firewall level) for credential manager application. If Azure SQL Database or Azure Synapse Analytics is used as the source or the destination, you need to open port 1433 as well. For more information, see the [Firewall configurations and allow list setting up for IP addresses](#firewall-configurations-and-allow-list-setting-up-for-ip-address-of-gateway) section.
-
+The self-hosted integration runtime makes HTTP-based connections to access the internet. The outbound ports 443 must be opened for the self-hosted integration runtime to make this connection. Open inbound port 8060 only at the machine level (not the corporate firewall level) for credential manager application. If Azure SQL Database or Azure Synapse Analytics is used as the source or the destination, you need to open port 1433 as well. For more information, see the [Firewall configurations and allow list setting up for IP addresses](#firewall-configurations-and-allow-list-setting-up-for-ip-addresses) section.
## Next steps
-For information about Azure Data Factory Copy Activity performance, see [Copy Activity performance and tuning guide](copy-activity-performance.md).
+For information about Azure Data Factory Copy Activity performance, see [Copy Activity performance and tuning guide](copy-activity-performance.md).
data-factory https://docs.microsoft.com/en-us/azure/data-factory/self-hosted-integration-runtime-troubleshoot-guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/self-hosted-integration-runtime-troubleshoot-guide.md
@@ -239,7 +239,7 @@ Install drivers for both the source and destination datastores on the destinatio
If the traffic can't pass through the network between two datastores (for example, they're configured in two virtual networks), you might not finish copying in one activity even with the IR installed. If you can't finish copying in a single activity, you can create two copy activities with two IRs, each in a VENT: * Copy one IR from datastore 1 to Azure Blob Storage
-* Copy another IR from Azure Blob Storage to ddatastore 2.
+* Copy another IR from Azure Blob Storage to datastore 2.
This solution could simulate the requirement to use the IR to create a bridge that connects two disconnected datastores.
@@ -708,7 +708,7 @@ This notification applies to the following scenarios:
How to determine whether you're affected: -- You *are not* affected if you're defining firewall rules based on fully qualified domain names (FQDNs) that use the approach described in [Set up a firewall configuration and allow list for IP addresses](data-movement-security-considerations.md#firewall-configurations-and-allow-list-setting-up-for-ip-address-of-gateway).
+- You *are not* affected if you're defining firewall rules based on fully qualified domain names (FQDNs) that use the approach described in [Set up a firewall configuration and allow list for IP addresses](data-movement-security-considerations.md#firewall-configurations-and-allow-list-setting-up-for-ip-addresses).
- You *are* affected if you're explicitly enabling the allow list for outbound IPs on your corporate firewall.
@@ -800,4 +800,4 @@ For more help with troubleshooting, try the following resources:
* [Microsoft Q&A page](/answers/topics/azure-data-factory.html) * [Stack overflow forum for Data Factory](https://stackoverflow.com/questions/tagged/azure-data-factory) * [Twitter information about Data Factory](https://twitter.com/hashtag/DataFactory)
-* [Mapping data flows performance guide](concepts-data-flow-performance.md)
+* [Mapping data flows performance guide](concepts-data-flow-performance.md)
data-lake-analytics https://docs.microsoft.com/en-us/azure/data-lake-analytics/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-analytics/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Data Lake Analytics description: Lists Azure Policy built-in policy definitions for Azure Data Lake Analytics. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
data-lake-analytics https://docs.microsoft.com/en-us/azure/data-lake-analytics/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-analytics/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Data Lake Analytics description: Lists Azure Policy Regulatory Compliance controls available for Azure Data Lake Analytics. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
data-lake-store https://docs.microsoft.com/en-us/azure/data-lake-store/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-store/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Data Lake Storage Gen1 description: Lists Azure Policy built-in policy definitions for Azure Data Lake Storage Gen1. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
data-lake-store https://docs.microsoft.com/en-us/azure/data-lake-store/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-store/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Data Lake Storage Gen1 description: Lists Azure Policy Regulatory Compliance controls available for Azure Data Lake Storage Gen1. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-deploy-compute-module-simple https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-gpu-deploy-compute-module-simple.md
@@ -7,7 +7,7 @@
Previously updated : 02/01/2021 Last updated : 02/03/2021 Customer intent: As an IT admin, I need to understand how to configure compute on Azure Stack Edge Pro so I can use it to transform the data before sending it to Azure.
@@ -147,4 +147,4 @@ In this tutorial, you learned how to:
To learn how to administer your Azure Stack Edge Pro device, see: > [!div class="nextstepaction"]
-> [Use local web UI to administer an Azure Stack Edge Pro](azure-stack-edge-manage-access-power-connectivity-mode.md)
+> [Use local web UI to administer an Azure Stack Edge Pro](azure-stack-edge-gpu-manage-access-power-connectivity-mode.md)
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-modify-fpga-modules-gpu https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-gpu-modify-fpga-modules-gpu.md
@@ -7,7 +7,7 @@
Previously updated : 02/01/2021 Last updated : 02/03/2021
@@ -201,8 +201,7 @@ To set memory and CPU usage, use processor limits for modules in the `k8s-experi
``` The memory and CPU specification are not necessary but generally good practice. If `requests` isn't specified, the values set in limits are used as the minimum required.
-Using shared memory for modules also requires a different way. <!-- should we give an example-->
-
+Using shared memory for modules also requires a different way. For example, you can use the Host IPC mode for shared memory access between Live Video Analytics and Inference solutions as described in [Deploy Live Video Analytics on Azure Stack Edge](../media-services/live-video-analytics-edge/deploy-azure-stack-edge-how-to.md#deploy-live-video-analytics-edge-module-using-azure-portal).
## Web proxy
databox-online https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-system-requirements-rest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-gpu-system-requirements-rest.md
@@ -21,7 +21,7 @@ We recommend that you review the information carefully before you connect to the
| Feature | Azure Storage | Azure Stack Edge Blob storage | ||-|| | Azure File storage | Cloud-based SMB file shares supported | Not supported |
-| Storage account type | General-purpose and Azure blob storage accounts | General-purpose v1 only|
+| Storage account type | General-purpose and Azure Blob storage accounts | General-purpose v1 only|
| Blob name | 1,024 characters (2,048 bytes) | 880 characters (1,760 bytes)| | Block blob maximum size | 4.75 TB (100 MB X 50,000 blocks) | 4.75 TB (100 MB x 50,000 blocks) for Azure Stack Edge| | Page blob maximum size | 8 TB | 1 TB |
databox-online https://docs.microsoft.com/en-us/azure/databox-online/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Stack Edge description: Lists Azure Policy built-in policy definitions for Azure Stack Edge. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
databox https://docs.microsoft.com/en-us/azure/databox/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Data Box description: Lists Azure Policy built-in policy definitions for Azure Data Box. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
databox https://docs.microsoft.com/en-us/azure/databox/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Data Box description: Lists Azure Policy Regulatory Compliance controls available for Azure Data Box. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
digital-twins https://docs.microsoft.com/en-us/azure/digital-twins/concepts-twins-graph https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/concepts-twins-graph.md
@@ -59,9 +59,9 @@ You can also use a helper class called `BasicDigitalTwin` to store property fiel
### Create relationships
-Here is some example client code that uses the [DigitalTwins APIs](/rest/api/digital-twins/dataplane/twins) to build a relationship between a *Floor*-type digital twin called *GroundFloor* and a *Room*-type digital twin called *Cafe*.
+Here is some example client code that uses the [DigitalTwins APIs](/rest/api/digital-twins/dataplane/twins) to build a relationship from one digital twin (the "source" twin) to another digital twin (the "target" twin).
## JSON representations of graph elements
digital-twins https://docs.microsoft.com/en-us/azure/digital-twins/quickstart-adt-explorer https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/quickstart-adt-explorer.md
@@ -308,11 +308,15 @@ In this quickstart, you made the temperature update manually. It's common in Azu
To wrap up the work for this quickstart, first end the running console app. This action shuts off the connection to the ADT Explorer app in the browser. You'll no longer be able to view live data in the browser. You can close the browser tab.
-If you plan to continue to the Azure Digital Twins tutorials, you can reuse the instance in this quickstart for those articles, and you don't need to remove it.
+Then, you can choose which resources you'd like to remove, depending on what you'd like to do next.
+
+* **If you plan to continue to the Azure Digital Twins tutorials**, you can reuse the instance in this quickstart for those articles, and you don't need to remove it.
+ [!INCLUDE [digital-twins-cleanup-basic.md](../../includes/digital-twins-cleanup-basic.md)]
-Finally, delete the project sample folder, **Azure_Digital_Twins__ADT__explorer**, you downloaded to your local machine. You might have to delete both the zipped and unzipped versions.
+You may also want to delete the project folder from your local machine.
## Next steps
digital-twins https://docs.microsoft.com/en-us/azure/digital-twins/tutorial-code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/tutorial-code.md
@@ -255,12 +255,16 @@ At this point in the tutorial, you have a complete client app, capable of perfor
:::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/fullClientApp.cs"::: ## Clean up resources
-
-The instance used in this tutorial can be reused in the next tutorial, [*Tutorial: Explore the basics with a sample client app*](tutorial-command-line-app.md). If you plan to continue to the next tutorial, you can keep the Azure Digital Twins instance you set up here.
+
+After completing this tutorial, you can choose which resources you'd like to remove, depending on what you'd like to do next.
+
+* **If you plan to continue to the next tutorial**, the instance used in this tutorial can be reused in the next one. You can keep the Azure Digital Twins resources you set up here and skip the rest of this section.
+ [!INCLUDE [digital-twins-cleanup-basic.md](../../includes/digital-twins-cleanup-basic.md)]
-Finally, delete the project folder you created on your local machine.
+You may also want to delete the project folder from your local machine.
## Next steps
digital-twins https://docs.microsoft.com/en-us/azure/digital-twins/tutorial-command-line-app https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/tutorial-command-line-app.md
@@ -275,12 +275,15 @@ A main feature of Azure Digital Twins is the ability to [query](concepts-query-l
## Clean up resources
-The project in this tutorial forms the basis for the next tutorial, [*Tutorial: Connect an end-to-end solution*](tutorial-end-to-end.md). If you plan to continue to the next tutorial, you can keep the resources you set up here to continue using this Azure Digital Twins instance and configured sample app.
-* In this case, you can use the sample app's `DeleteAllTwins` and `DeleteAllModels` commands to clear the twins and models in your instance, respectively. This will give you a clean slate for the next tutorial.
+After completing this tutorial, you can choose which resources you'd like to remove, depending on what you'd like to do next.
+
+* **If you plan to continue to the next tutorial**, you can keep the resources you set up here to continue using this Azure Digital Twins instance and configured sample app for the next tutorial
+
+* **If you'd like to continue using the Azure Digital Twins instance, but clear out all of its models, twins, and relationships**, you can use the sample app's `DeleteAllTwins` and `DeleteAllModels` commands to clear the twins and models in your instance, respectively. This will give you a clean slate for the next tutorial.
[!INCLUDE [digital-twins-cleanup-basic.md](../../includes/digital-twins-cleanup-basic.md)]
-Finally, delete the project sample folder you downloaded to your local machine.
+You may also want to delete the project folder from your local machine.
## Next steps
digital-twins https://docs.microsoft.com/en-us/azure/digital-twins/tutorial-end-to-end https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/tutorial-end-to-end.md
@@ -403,18 +403,15 @@ Here is a review of the scenario that you built out in this tutorial.
## Clean up resources
-If you no longer need the resources created in this tutorial, follow these steps to delete them.
+After completing this tutorial, you can choose which resources you'd like to remove, depending on what you'd like to do next.
-Using the [Azure Cloud Shell](https://shell.azure.com), you can delete all Azure resources in a resource group with the [az group delete](/cli/azure/group?preserve-view=true&view=azure-cli-latest#az-group-delete) command. This removes the resource group; the Azure Digital Twins instance; the IoT hub and the hub device registration; the event grid topic and associated subscriptions; and the Azure Functions app, including both functions and associated resources like storage.
-> [!IMPORTANT]
-> Deleting a resource group is irreversible. The resource group and all the resources contained in it are permanently deleted. Make sure that you do not accidentally delete the wrong resource group or resources.
+* **If you'd like to continue using the Azure Digital Twins instance you set up in this article, but clear out some or all of its models, twins, and relationships**, you can use the [az dt](/cli/azure/ext/azure-iot/dt?view=azure-cli-latest&preserve-view=true) CLI commands in an [Azure Cloud Shell](https://shell.azure.com) window to delete the elements you'd like to remove.
-```azurecli-interactive
-az group delete --name <your-resource-group>
-```
+ This option will not remove any of the other Azure resources created in this tutorial (IoT Hub, Azure Functions app, etc.). You can delete these individually using the [dt commands](/cli/azure/reference-index?view=azure-cli-latest&preserve-view=true) appropriate for each resource type.
-Finally, delete the project sample folder you downloaded to your local machine.
+You may also want to delete the project folder from your local machine.
## Next steps
dms https://docs.microsoft.com/en-us/azure/dms/dms-tools-matrix https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dms/dms-tools-matrix.md
@@ -84,8 +84,8 @@ The following tables identify the services and tools that you can use to plan su
| Oracle | Azure SQL DB, MI, VM | [SSMA](/sql/ssma/sql-server-migration-assistant?view=sql-server-2017)<br/>[SharePlex*](https://www.quest.com/products/shareplex/)<br/>[Ispirer*](https://www.ispirer.com/solutions) | [SSMA](/sql/ssma/sql-server-migration-assistant?view=sql-server-2017)<br/>[SharePlex*](https://www.quest.com/products/shareplex/)<br/>[Ispirer*](https://www.ispirer.com/solutions) | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[SharePlex*](https://www.quest.com/products/shareplex/)<br/>[Attunity*](https://www.attunity.com/products/replicate/)<br/>[Striim*](https://www.striim.com/partners/striim-for-microsoft-azure/) | | Oracle | Azure Synapse Analytics | [SSMA](/sql/ssma/sql-server-migration-assistant?view=sql-server-2017)<br/>[Ispirer*](https://www.ispirer.com/solutions) | [SSMA](/sql/ssma/sql-server-migration-assistant?view=sql-server-2017)<br/>[Ispirer*](https://www.ispirer.com/solutions) | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[SharePlex*](https://www.quest.com/products/shareplex/)<br/>[Attunity*](https://www.attunity.com/products/replicate/)<br/>[Striim*](https://www.striim.com/partners/striim-for-microsoft-azure/) | | Oracle | Azure DB for PostgreSQL -<br/>Single server | [Ispirer*](https://www.ispirer.com/solutions) | [Ispirer*](https://www.ispirer.com/solutions) | [DMS](https://azure.microsoft.com/services/database-migration/) |
-| MongoDB | Cosmos DB | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Cloudamize*](https://www.cloudamize.com/)<br/>[Imanis Data*](https://www.imanisdata.com/) | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Cloudamize*](https://www.cloudamize.com/)<br/>[Imanis Data*](https://www.imanisdata.com/) | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Cloudamize*](https://www.cloudamize.com/)<br/>[Imanis Data*](https://www.imanisdata.com/)<br/>[Striim*](https://www.striim.com/partners/striim-for-microsoft-azure/) |
-| Cassandra | Cosmos DB | [Imanis Data*](https://www.imanisdata.com/) | [Imanis Data*](https://www.imanisdata.com/) | [Imanis Data*](https://www.imanisdata.com/) |
+| MongoDB | Cosmos DB | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Cloudamize*](https://www.cloudamize.com/)<br/>[Imanis Data*](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/talena-inc.talena-solution-template?tab=Overview) | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Cloudamize*](https://www.cloudamize.com/)<br/>[Imanis Data*](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/talena-inc.talena-solution-template?tab=Overview) | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Cloudamize*](https://www.cloudamize.com/)<br/>[Imanis Data*](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/talena-inc.talena-solution-template?tab=Overview)<br/>[Striim*](https://www.striim.com/partners/striim-for-microsoft-azure/) |
+| Cassandra | Cosmos DB | [Imanis Data*](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/talena-inc.talena-solution-template?tab=Overview) | [Imanis Data*](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/talena-inc.talena-solution-template?tab=Overview) | [Imanis Data*](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/talena-inc.talena-solution-template?tab=Overview) |
| MySQL | Azure SQL DB, MI, VM | [SSMA](/sql/ssma/sql-server-migration-assistant?view=sql-server-2017)<br/>[Ispirer*](https://www.ispirer.com/solutions) | [SSMA](/sql/ssma/sql-server-migration-assistant?view=sql-server-2017)<br/>[Ispirer*](https://www.ispirer.com/solutions) | [Attunity*](https://www.attunity.com/products/replicate/)<br/>[Striim*](https://www.striim.com/partners/striim-for-microsoft-azure/) | | MySQL | Azure DB for MySQL | [MySQL dump*](https://dev.mysql.com/doc/refman/5.7/en/mysqldump.html) | | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Attunity*](https://www.attunity.com/products/replicate/)<br/>[Striim*](https://www.striim.com/partners/striim-for-microsoft-azure/) | | RDS MySQL | Azure DB for MySQL | [MySQL dump*](https://dev.mysql.com/doc/refman/5.7/en/mysqldump.html) | | [DMS](https://azure.microsoft.com/services/database-migration/)<br/>[Attunity*](https://www.attunity.com/products/replicate/)<br/>[Striim*](https://www.striim.com/partners/striim-for-microsoft-azure/) |
dms https://docs.microsoft.com/en-us/azure/dms/tutorial-mongodb-cosmos-db-online https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dms/tutorial-mongodb-cosmos-db-online.md
@@ -11,7 +11,7 @@
Previously updated : 09/25/2019 Last updated : 02/03/2021 # Tutorial: Migrate MongoDB to Azure Cosmos DB's API for MongoDB online using DMS
@@ -64,6 +64,18 @@ To complete this tutorial, you need to:
* Open your Windows firewall to allow Azure Database Migration Service to access the source MongoDB server, which by default is TCP port 27017. * When using a firewall appliance in front of your source database(s), you may need to add firewall rules to allow Azure Database Migration Service to access the source database(s) for migration.
+## Configure Azure Cosmos DB Server Side Retries for efficient migration
+
+Customers migrating from MongoDB to Azure Cosmos DB benefit from resource governance capabilities, which guarantee the ability to fully utilize your provisioned RU/s of throughput. Azure Cosmos DB may throttle a given Data Migration Service request in the course of migration if that request exceeds the container provisioned RU/s; then that request needs to be retried. Data Migration Service is capable of performing retries, however the round-trip time involved in the network hop between Data Migration Service and Azure Cosmos DB impacts the overall response time of that request. Improving response time for throttled requests can shorten the total time needed for migration. The *Server Side Retry* feature of Azure Cosmos DB allows the service to intercept throttle error codes and retry with much lower round-trip time, dramatically improving request response times.
+
+You can find the Server Side Retry capability in the *Features* blade of the Azure Cosmos DB portal
+
+![Screenshot of MongoDB Server-Side Retry feature.](media/tutorial-mongodb-to-cosmosdb-online/mongo-server-side-retry-feature.png)
+
+And if it is *Disabled*, then we recommend you enable it as shown below
+
+![Screenshot of MongoDB Server-Side Retry enable.](media/tutorial-mongodb-to-cosmosdb-online/mongo-server-side-retry-enable.png)
+ ## Register the Microsoft.DataMigration resource provider 1. Sign in to the Azure portal, select **All services**, and then select **Subscriptions**.
dms https://docs.microsoft.com/en-us/azure/dms/tutorial-mongodb-cosmos-db https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dms/tutorial-mongodb-cosmos-db.md
@@ -11,7 +11,7 @@
Previously updated : 01/08/2020 Last updated : 02/03/2021 # Tutorial: Migrate MongoDB to Azure Cosmos DB's API for MongoDB offline using DMS
@@ -49,6 +49,18 @@ To complete this tutorial, you need to:
* Open your Windows firewall to allow Azure Database Migration Service to access the source MongoDB server, which by default is TCP port 27017. * When using a firewall appliance in front of your source database(s), you may need to add firewall rules to allow Azure Database Migration Service to access the source database(s) for migration.
+## Configure Azure Cosmos DB Server Side Retries for efficient migration
+
+Customers migrating from MongoDB to Azure Cosmos DB benefit from resource governance capabilities, which guarantee the ability to fully utilize your provisioned RU/s of throughput. Azure Cosmos DB may throttle a given Data Migration Service request in the course of migration if that request exceeds the container provisioned RU/s; then that request needs to be retried. Data Migration Service is capable of performing retries, however the round-trip time involved in the network hop between Data Migration Service and Azure Cosmos DB impacts the overall response time of that request. Improving response time for throttled requests can shorten the total time needed for migration. The *Server Side Retry* feature of Azure Cosmos DB allows the service to intercept throttle error codes and retry with much lower round-trip time, dramatically improving request response times.
+
+You can find the Server Side Retry capability in the *Features* blade of the Azure Cosmos DB portal
+
+![MongoDB SSR feature](media/tutorial-mongodb-to-cosmosdb/mongo-server-side-retry-feature.png)
+
+And if it is *Disabled*, then we recommend you enable it as shown below
+
+![MongoDB SSR enable](media/tutorial-mongodb-to-cosmosdb/mongo-server-side-retry-enable.png)
+ ## Register the Microsoft.DataMigration resource provider 1. Sign in to the Azure portal, select **All services**, and then select **Subscriptions**.
event-grid https://docs.microsoft.com/en-us/azure/event-grid/event-schema-app-configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/event-schema-app-configuration.md
@@ -87,10 +87,10 @@ The data object has the following properties:
|Title | Description | ||| | [React to Azure App Configuration events by using Event Grid](../azure-app-configuration/concept-app-configuration-event.md?toc=%2fazure%2fevent-grid%2ftoc.json) | Overview of integrating Azure App Configuration with Event Grid. |
-| [Quickstart: route Azure App Configuration events to a custom web endpoint with Azure CLI](../azure-app-configuration/howto-app-configuration-event.md?toc=%2fazure%2fevent-grid%2ftoc.json) | Shows how to use Azure CLI to send Azure App Configuration events to a WebHook. |
+| [Use Event Grid for data change notifications](../azure-app-configuration/howto-app-configuration-event.md?toc=%2fazure%2fevent-grid%2ftoc.json) | Learn how to use Azure App Configuration event subscriptions to send key-value modification events to a web endpoint. |
## Next steps * For an introduction to Azure Event Grid, see [What is Event Grid?](overview.md) * For more information about creating an Azure Event Grid subscription, see [Event Grid subscription schema](subscription-creation-schema.md).
-* For an introduction to working with Azure App Configuration events, see [Route Azure App Configuration events - Azure CLI](../azure-app-configuration/howto-app-configuration-event.md?toc=%2fazure%2fevent-grid%2ftoc.json).
+* For an introduction to working with Azure App Configuration events, see [Use Event Grid for data change notifications](../azure-app-configuration/howto-app-configuration-event.md?toc=%2fazure%2fevent-grid%2ftoc.json).
event-grid https://docs.microsoft.com/en-us/azure/event-grid/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Event Grid description: Lists Azure Policy built-in policy definitions for Azure Event Grid. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
event-grid https://docs.microsoft.com/en-us/azure/event-grid/resize-images-on-storage-blob-upload-event https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/resize-images-on-storage-blob-upload-event.md
@@ -38,7 +38,7 @@ To complete this tutorial:
You must have completed the previous Blob storage tutorial: [Upload image data in the cloud with Azure Storage][previous-tutorial].
+You need an [Azure subscription](../guides/developer/azure-developer-guide.md#understanding-accounts-subscriptions-and-billing). This tutorial doesn't work with the **free** subscription.
[!INCLUDE [cloud-shell-try-it.md](../../includes/cloud-shell-try-it.md)]
event-grid https://docs.microsoft.com/en-us/azure/event-grid/secure-webhook-delivery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/secure-webhook-delivery.md
@@ -2,7 +2,7 @@
Title: Secure WebHook delivery with Azure AD in Azure Event Grid description: Describes how to deliver events to HTTPS endpoints protected by Azure Active Directory using Azure Event Grid Previously updated : 10/05/2020 Last updated : 02/03/2021 # Publish events to Azure Active Directory protected endpoints
@@ -87,6 +87,7 @@ Write-Host $myAppRoles
if ($myAppRoles -match $eventGridRoleName) { Write-Host "The Azure Event Grid role is already defined.`n"
+ $myServicePrincipal = Get-AzureADServicePrincipal -Filter ("appId eq '" + $myApp.AppId + "'")
} else { $myServicePrincipal = Get-AzureADServicePrincipal -Filter ("appId eq '" + $myApp.AppId + "'")
event-grid https://docs.microsoft.com/en-us/azure/event-grid/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Event Grid description: Lists Azure Policy Regulatory Compliance controls available for Azure Event Grid. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
event-hubs https://docs.microsoft.com/en-us/azure/event-hubs/policy-reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-hubs/policy-reference.md
@@ -1,7 +1,7 @@
Title: Built-in policy definitions for Azure Event Hubs description: Lists Azure Policy built-in policy definitions for Azure Event Hubs. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
event-hubs https://docs.microsoft.com/en-us/azure/event-hubs/security-controls-policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-hubs/security-controls-policy.md
@@ -1,7 +1,7 @@
Title: Azure Policy Regulatory Compliance controls for Azure Event Hubs description: Lists Azure Policy Regulatory Compliance controls available for Azure Event Hubs. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 01/29/2021 Last updated : 02/04/2021
expressroute https://docs.microsoft.com/en-us/azure/expressroute/expressroute-locations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-locations.md
@@ -249,7 +249,7 @@ If you are remote and don't have fiber connectivity or you want to explore other
| | | | | **[1CLOUDSTAR](https://www.1cloudstar.com/service/cloudconnect-azure-expressroute/)** |Equinix |Singapore | | **[Airgate Technologies, Inc.](https://www.airgate.ca/)** | Equinix, Cologix | Toronto, Montreal |
-| **[Alaska Communications](https://www.alaskacommunications.com/For-Your-Business/Direct-Cloud-Service)** |Equinix |Seattle |
+| **[Alaska Communications](https://www.alaskacommunications.com/Business)** |Equinix |Seattle |
| **[Altice Business](https://golightpath.com/transport)** |Equinix |New York, Washington DC | | **[Arteria Networks Corporation](https://www.arteria-net.com/business/service/cloud/sca/)** |Equinix |Tokyo | | **[Axtel](https://alestra.mx/landing/expressrouteazure/)** |Equinix |Dallas|
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmark https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/azure-security-benchmark.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for Azure Security Benchmark description: Details of the Azure Security Benchmark Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
@@ -44,7 +44,7 @@ initiative definition.
||||| |[Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F08e6af2d-db70-460a-bfe9-d5bd474ba9d6) |Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential attack surface |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json) | |[All Internet traffic should be routed via your deployed Azure Firewall](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffc5e4038-4584-4632-8c85-c0448d374b2c) |Azure Security Center has identified that some of your subnets aren't protected with a next generation firewall. Protect your subnets from potential threats by restricting access to them with Azure Firewall or a supported next generation firewall |AuditIfNotExists, Disabled |[3.0.0-preview](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json) |
-|[API Management services should use a virtual network](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fef619a2c-cc4d-4d03-b2ba-8c94a834d85b) |Virtual network on API Management services of the specified SKU should be enabled. |Audit, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json) |
+|[API Management services should use a virtual network](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fef619a2c-cc4d-4d03-b2ba-8c94a834d85b) |Azure Virtual Network deployment provides enhanced security, isolation and allows you to place your API Management service in a non-internet routable network that you control access to. These networks can then be connected to your on-premises networks using various VPN technologies, which enables access to your backend services within the network and/or on-premises. The developer portal and API gateway, can be configured to be accessible either from the Internet or only within the virtual network. |Audit, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json) |
|[Authorized IP ranges should be defined on Kubernetes Services](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0e246bcf-5f6f-4f87-bc6f-775d4712c7ea) |Restrict access to the Kubernetes Service Management API by granting API access only to IP addresses in specific ranges. It is recommended to limit access to authorized IP ranges to ensure that only applications from allowed networks can access the cluster. |Audit, Disabled |[2.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableIpRanges_KubernetesService_Audit.json) | |[Azure Cosmos DB accounts should have firewall rules](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb) |Firewall rules should be defined on your Azure Cosmos DB accounts to prevent traffic from unauthorized sources. Accounts that have at least one IP rule defined with the virtual network filter enabled are deemed compliant. Accounts disabling public access are also deemed compliant. |Audit, Deny, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesExist_Audit.json) | |[Cognitive Services accounts should restrict network access](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F037eea7a-bd0a-46c5-9a66-03aea78705d3) |Network access to Cognitive Services accounts should be restricted. Configure network rules so only applications from allowed networks can access the Cognitive Services account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_NetworkAcls_Audit.json) |
@@ -262,13 +262,13 @@ initiative definition.
|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | ||||| |[API App should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb7ddfbdc-1260-477d-91fd-98bd9be789a6) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json) |
-|[Enforce HTTPS ingress in Kubernetes cluster](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d) |This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit [https://aka.ms/kubepolicydoc](https://aka.ms/kubepolicydoc). |audit, deny, disabled |[5.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json) |
|[Enforce SSL connection should be enabled for MySQL database servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe802a67a-daf5-4436-9ea6-f6d821dd0c5d) |Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server. |Audit, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json) | |[Enforce SSL connection should be enabled for PostgreSQL database servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fd158790f-bfb0-486c-8631-2dc6b4e8e6af) |Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server. |Audit, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json) | |[FTPS only should be required in your API App](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9a1b8c48-453a-4044-86c3-d8bfd823e4f5) |Enable FTPS enforcement for enhanced security |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json) | |[FTPS only should be required in your Function App](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F399b2637-a50f-4f95-96f8-3a145476eb15) |Enable FTPS enforcement for enhanced security |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json) | |[FTPS should be required in your Web App](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b) |Enable FTPS enforcement for enhanced security |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json) | |[Function App should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json) |
+|[Kubernetes clusters should be accessible only over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d) |Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit [https://aka.ms/kubepolicydoc](https://aka.ms/kubepolicydoc) |audit, deny, disabled |[5.0.2](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json) |
|[Latest TLS version should be used in your API App](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e) |Upgrade to the latest TLS version |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json) | |[Latest TLS version should be used in your Function App](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff9d614c5-c173-4d56-95a7-b4437057d193) |Upgrade to the latest TLS version |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json) | |[Latest TLS version should be used in your Web App](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b) |Upgrade to the latest TLS version |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json) |
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmarkv1 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/azure-security-benchmarkv1.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for Azure Security Benchmark v1 description: Details of the Azure Security Benchmark v1 Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-initiatives https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/built-in-initiatives.md
@@ -1,7 +1,7 @@
Title: List of built-in policy initiatives description: List built-in policy initiatives for Azure Policy. Categories include Regulatory Compliance, Guest Configuration, and more. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/built-in-policies.md
@@ -1,7 +1,7 @@
Title: List of built-in policy definitions description: List built-in policy definitions for Azure Policy. Categories include Tags, Regulatory Compliance, Key Vault, Kubernetes, Guest Configuration, and more. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-1-0 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/cis-azure-1-1-0.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for CIS Microsoft Azure Foundations Benchmark description: Details of the CIS Microsoft Azure Foundations Benchmark Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/cmmc-l3 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/cmmc-l3.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for CMMC Level 3 description: Details of the CMMC Level 3 Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
@@ -596,7 +596,6 @@ initiative definition.
|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | |||||
-|[A security contact phone number should be provided for your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb4d66858-c922-44e3-9566-5cdb7a7be744) |Enter a phone number to receive notifications when Azure Security Center detects compromised resources - This policy is deprecated because phone numbers are no longer used in any scenario by Azure Security Center |AuditIfNotExists, Disabled |[1.0.0-deprecated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_phone_number.json) |
|[Email notification for high severity alerts should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6e2593d9-add6-4083-9c9b-4b7d2188c899) |To ensure the relevant people in your organization are notified when there is a potential security breach in one of your subscriptions, enable email notifications for high severity alerts in Security Center. |AuditIfNotExists, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json) | |[Email notification to subscription owner for high severity alerts should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0b15565f-aa9e-48ba-8619-45960f2c314d) |To ensure your subscription owners are notified when there is a potential security breach in their subscription, set email notifications to subscription owners for high severity alerts in Security Center. |AuditIfNotExists, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json) | |[Subscriptions should have a contact email address for security issues](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7) |To ensure the relevant people in your organization are notified when there is a potential security breach in one of your subscriptions, set a security contact to receive email notifications from Security Center. |AuditIfNotExists, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json) |
@@ -609,7 +608,6 @@ initiative definition.
|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | |||||
-|[A security contact phone number should be provided for your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb4d66858-c922-44e3-9566-5cdb7a7be744) |Enter a phone number to receive notifications when Azure Security Center detects compromised resources - This policy is deprecated because phone numbers are no longer used in any scenario by Azure Security Center |AuditIfNotExists, Disabled |[1.0.0-deprecated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_phone_number.json) |
|[All Internet traffic should be routed via your deployed Azure Firewall](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffc5e4038-4584-4632-8c85-c0448d374b2c) |Azure Security Center has identified that some of your subnets aren't protected with a next generation firewall. Protect your subnets from potential threats by restricting access to them with Azure Firewall or a supported next generation firewall |AuditIfNotExists, Disabled |[3.0.0-preview](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json) | |[An activity log alert should exist for specific Security operations](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3b980d31-7904-4bb7-8575-5665739a8052) |This policy audits specific Security operations with no activity log alerts configured. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json) | |[Azure Defender for App Service should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F2913021d-f2fd-4f3d-b958-22354e2bdbcb) |Azure Defender for App Service leverages the scale of the cloud, and the visibility that Azure has as a cloud provider, to monitor for common web app attacks. |AuditIfNotExists, Disabled |[1.0.3](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json) |
@@ -734,7 +732,6 @@ initiative definition.
|[Vulnerabilities in security configuration on your machines should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15) |Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json) | |[Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4) |Audit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json) | |[Vulnerabilities on your SQL databases should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffeedbf84-6b99-488c-acc2-71c829aa5ffc) |Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities. |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json) |
-|[Vulnerabilities should be remediated by a Vulnerability Assessment solution](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F760a85ff-6162-42b3-8d70-698e268f648c) |Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations. |AuditIfNotExists, Disabled |[3.0.0-deprecated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VMVulnerabilities_Audit.json) |
|[Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9) |Ensure that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers. |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json) | |[Vulnerability assessment should be enabled on SQL Managed Instance](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1b7aa243-30e4-4c9e-bca8-d0d3022b634a) |Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities. |AuditIfNotExists, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json) | |[Vulnerability assessment should be enabled on your SQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9) |Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities. |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json) |
@@ -845,8 +842,8 @@ initiative definition.
|[Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F67121cc7-ff39-4ab8-b7e3-95b84dab487d) |Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at [https://aka.ms/cosmosdb-cmk](https://aka.ms/cosmosdb-cmk). |Audit, Deny, Disabled |[1.0.2](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_CustomerManagedKey_Audit.json) | |[Container registries should be encrypted with a customer-managed key (CMK)](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580) |Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at [https://aka.ms/acr/CMK](https://aka.ms/acr/CMK). |Audit, Deny, Disabled |[1.1.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_CMKEncryptionEnabled_Audit.json) | |[Disk encryption should be applied on virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0961003e-5a0a-4549-abde-af6a37f2724d) |Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations. |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json) |
-|[Disk encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff4b53539-8df9-40e4-86c6-6b607703bd4e) |Enabling disk encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json) |
-|[Double encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fec068d99-e9c7-401f-8cef-5bdde4e6ccf1) |Enabling double encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms and two different keys. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json) |
+|[Disk encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff4b53539-8df9-40e4-86c6-6b607703bd4e) |Enabling disk encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json) |
+|[Double encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fec068d99-e9c7-401f-8cef-5bdde4e6ccf1) |Enabling double encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms and two different keys. |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json) |
|[Infrastructure encryption should be enabled for Azure Database for MySQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3a58212a-c829-4f13-9872-6371df2fd0b4) |Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_InfrastructureEncryption_Audit.json) | |[Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F24fba194-95d6-48c0-aea7-f65bf859c598) |Enable infrastructure encryption for Azure Database for PostgreSQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_InfrastructureEncryption_Audit.json) | |[Keys should be the specified cryptographic type RSA or EC](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F75c4f823-d65c-4f29-a733-01d0077fdbcb) |Some applications require the use of keys backed by a specific cryptographic type. Enforce a particular cryptographic key type, RSA or EC, in your environment. |Audit, Deny, Disabled |[1.0.0-preview](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json) |
@@ -996,8 +993,8 @@ initiative definition.
|[Azure Data Box jobs should enable double encryption for data at rest on the device](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fc349d81b-9985-44ae-a8da-ff98d108ede8) |Enable a second layer of software-based encryption for data at rest on the device. The device is already protected via Advanced Encryption Standard 256-bit encryption for data at rest. This option adds a second layer of data encryption. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json) | |[Cognitive Services accounts should enable data encryption](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F2bdd0062-9d75-436e-89df-487dd8e4b3c7) |This policy audits any Cognitive Services account not using data encryption. For each Cognitive Services account with storage, should enable data encryption with either customer managed or Microsoft managed key. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_Encryption_Audit.json) | |[Disk encryption should be applied on virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0961003e-5a0a-4549-abde-af6a37f2724d) |Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations. |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json) |
-|[Disk encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff4b53539-8df9-40e4-86c6-6b607703bd4e) |Enabling disk encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json) |
-|[Double encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fec068d99-e9c7-401f-8cef-5bdde4e6ccf1) |Enabling double encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms and two different keys. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json) |
+|[Disk encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff4b53539-8df9-40e4-86c6-6b607703bd4e) |Enabling disk encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json) |
+|[Double encryption should be enabled on Azure Data Explorer](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fec068d99-e9c7-401f-8cef-5bdde4e6ccf1) |Enabling double encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms and two different keys. |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json) |
|[Infrastructure encryption should be enabled for Azure Database for MySQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3a58212a-c829-4f13-9872-6371df2fd0b4) |Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys. |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_InfrastructureEncryption_Audit.json) | |[Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F24fba194-95d6-48c0-aea7-f65bf859c598) |Enable infrastructure encryption for Azure Database for PostgreSQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_InfrastructureEncryption_Audit.json) | |[Require encryption on Data Lake Store accounts](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa7ff3161-0087-490a-9ad9-ad6217f4f43a) |This policy ensures encryption is enabled on all Data Lake Store accounts |deny |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json) |
@@ -1037,7 +1034,6 @@ initiative definition.
|[Vulnerabilities in security configuration on your machines should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15) |Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json) | |[Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4) |Audit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json) | |[Vulnerabilities on your SQL databases should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffeedbf84-6b99-488c-acc2-71c829aa5ffc) |Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities. |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json) |
-|[Vulnerabilities should be remediated by a Vulnerability Assessment solution](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F760a85ff-6162-42b3-8d70-698e268f648c) |Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations. |AuditIfNotExists, Disabled |[3.0.0-deprecated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VMVulnerabilities_Audit.json) |
### Provide protection from malicious code at appropriate locations within organizational information systems.
@@ -1086,7 +1082,6 @@ initiative definition.
|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | |||||
-|[A security contact phone number should be provided for your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb4d66858-c922-44e3-9566-5cdb7a7be744) |Enter a phone number to receive notifications when Azure Security Center detects compromised resources - This policy is deprecated because phone numbers are no longer used in any scenario by Azure Security Center |AuditIfNotExists, Disabled |[1.0.0-deprecated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_phone_number.json) |
|[Advanced data security should be enabled on SQL Managed Instance](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fabfb7388-5bf4-4ad7-ba99-2cd2f41cebb9) |Audit each SQL Managed Instance without advanced data security. |AuditIfNotExists, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json) | |[Advanced data security should be enabled on your SQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fabfb4388-5bf4-4ad7-ba82-2cd2f41ceae9) |Audit SQL servers without Advanced Data Security |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json) | |[All Internet traffic should be routed via your deployed Azure Firewall](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffc5e4038-4584-4632-8c85-c0448d374b2c) |Azure Security Center has identified that some of your subnets aren't protected with a next generation firewall. Protect your subnets from potential threats by restricting access to them with Azure Firewall or a supported next generation firewall |AuditIfNotExists, Disabled |[3.0.0-preview](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json) |
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/hipaa-hitrust-9-2 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/hipaa-hitrust-9-2.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for HIPAA HITRUST 9.2 description: Details of the HIPAA HITRUST 9.2 Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/iso-27001 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/iso-27001.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for ISO 27001:2013 description: Details of the ISO 27001:2013 Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-171-r2 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/nist-sp-800-171-r2.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for NIST SP 800-171 R2 description: Details of the NIST SP 800-171 R2 Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r4 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/nist-sp-800-53-r4.md
@@ -1,7 +1,7 @@
Title: Regulatory Compliance details for NIST SP 800-53 R4 description: Details of the NIST SP 800-53 R4 Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 01/29/2021 Last updated : 02/04/2021
governance https://docs.microsoft.com/en-us/azure/governance/resource-graph/samples/advanced https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/samples/advanced.md
@@ -72,9 +72,9 @@ Search-AzGraph -Query "Resources | distinct type, apiVersion | where isnotnull(a
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20distinct%20type%2C%20apiVersion%0D%0A%7C%20where%20isnotnull%28apiVersion%29%0D%0A%7C%20order%20by%20type%20asc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20distinct%20type%2C%20apiVersion%0D%0A%7C%20where%20isnotnull%28apiVersion%29%0D%0A%7C%20order%20by%20type%20asc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20distinct%20type%2C%20apiVersion%0D%0A%7C%20where%20isnotnull%28apiVersion%29%0D%0A%7C%20order%20by%20type%20asc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20distinct%20type%2C%20apiVersion%0D%0A%7C%20where%20isnotnull%28apiVersion%29%0D%0A%7C%20order%20by%20type%20asc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20distinct%20type%2C%20apiVersion%0D%0A%7C%20where%20isnotnull%28apiVersion%29%0D%0A%7C%20order%20by%20type%20asc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20distinct%20type%2C%20apiVersion%0D%0A%7C%20where%20isnotnull%28apiVersion%29%0D%0A%7C%20order%20by%20type%20asc" target="_blank">portal.azure.cn</a>
@@ -109,9 +109,9 @@ Search-AzGraph -Query "Resources | where type=~ 'microsoft.compute/virtualmachin
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%3D~%20%27microsoft.compute%2Fvirtualmachinescalesets%27%0D%0A%7C%20where%20name%20contains%20%27contoso%27%0D%0A%7C%20project%20subscriptionId%2C%20name%2C%20location%2C%20resourceGroup%2C%20Capacity%20%3D%20toint%28sku.capacity%29%2C%20Tier%20%3D%20sku.name%0D%0A%7C%20order%20by%20Capacity%20desc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%3D~%20%27microsoft.compute%2Fvirtualmachinescalesets%27%0D%0A%7C%20where%20name%20contains%20%27contoso%27%0D%0A%7C%20project%20subscriptionId%2C%20name%2C%20location%2C%20resourceGroup%2C%20Capacity%20%3D%20toint%28sku.capacity%29%2C%20Tier%20%3D%20sku.name%0D%0A%7C%20order%20by%20Capacity%20desc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%3D~%20%27microsoft.compute%2Fvirtualmachinescalesets%27%0D%0A%7C%20where%20name%20contains%20%27contoso%27%0D%0A%7C%20project%20subscriptionId%2C%20name%2C%20location%2C%20resourceGroup%2C%20Capacity%20%3D%20toint%28sku.capacity%29%2C%20Tier%20%3D%20sku.name%0D%0A%7C%20order%20by%20Capacity%20desc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%3D~%20%27microsoft.compute%2Fvirtualmachinescalesets%27%0D%0A%7C%20where%20name%20contains%20%27contoso%27%0D%0A%7C%20project%20subscriptionId%2C%20name%2C%20location%2C%20resourceGroup%2C%20Capacity%20%3D%20toint%28sku.capacity%29%2C%20Tier%20%3D%20sku.name%0D%0A%7C%20order%20by%20Capacity%20desc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%3D~%20%27microsoft.compute%2Fvirtualmachinescalesets%27%0D%0A%7C%20where%20name%20contains%20%27contoso%27%0D%0A%7C%20project%20subscriptionId%2C%20name%2C%20location%2C%20resourceGroup%2C%20Capacity%20%3D%20toint%28sku.capacity%29%2C%20Tier%20%3D%20sku.name%0D%0A%7C%20order%20by%20Capacity%20desc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%3D~%20%27microsoft.compute%2Fvirtualmachinescalesets%27%0D%0A%7C%20where%20name%20contains%20%27contoso%27%0D%0A%7C%20project%20subscriptionId%2C%20name%2C%20location%2C%20resourceGroup%2C%20Capacity%20%3D%20toint%28sku.capacity%29%2C%20Tier%20%3D%20sku.name%0D%0A%7C%20order%20by%20Capacity%20desc" target="_blank">portal.azure.cn</a>
@@ -144,9 +144,9 @@ Search-AzGraph -Query "Resources | summarize resourceCount=count() by subscripti
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20resourceCount%3Dcount%28%29%20by%20subscriptionId%0D%0A%7C%20join%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20project-away%20subscriptionId%2C%20subscriptionId1" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20resourceCount%3Dcount%28%29%20by%20subscriptionId%0D%0A%7C%20join%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20project-away%20subscriptionId%2C%20subscriptionId1" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20resourceCount%3Dcount%28%29%20by%20subscriptionId%0D%0A%7C%20join%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20project-away%20subscriptionId%2C%20subscriptionId1" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20resourceCount%3Dcount%28%29%20by%20subscriptionId%0D%0A%7C%20join%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20project-away%20subscriptionId%2C%20subscriptionId1" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20resourceCount%3Dcount%28%29%20by%20subscriptionId%0D%0A%7C%20join%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20project-away%20subscriptionId%2C%20subscriptionId1" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20resourceCount%3Dcount%28%29%20by%20subscriptionId%0D%0A%7C%20join%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20project-away%20subscriptionId%2C%20subscriptionId1" target="_blank">portal.azure.cn</a>
@@ -177,9 +177,9 @@ Search-AzGraph -Query "Resources | project tags | summarize buildschema(tags)"
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20tags%0D%0A%7C%20summarize%20buildschema%28tags%29" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20tags%0D%0A%7C%20summarize%20buildschema%28tags%29" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20tags%0D%0A%7C%20summarize%20buildschema%28tags%29" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20tags%0D%0A%7C%20summarize%20buildschema%28tags%29" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20tags%0D%0A%7C%20summarize%20buildschema%28tags%29" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20tags%0D%0A%7C%20summarize%20buildschema%28tags%29" target="_blank">portal.azure.cn</a>
@@ -223,9 +223,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.compute/virtualmachi
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%20and%20name%20matches%20regex%20%40%27%5EContoso%28.%2A%29%5B0-9%5D%2B%24%27%0D%0A%7C%20project%20name%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%20and%20name%20matches%20regex%20%40%27%5EContoso%28.%2A%29%5B0-9%5D%2B%24%27%0D%0A%7C%20project%20name%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%20and%20name%20matches%20regex%20%40%27%5EContoso%28.%2A%29%5B0-9%5D%2B%24%27%0D%0A%7C%20project%20name%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%20and%20name%20matches%20regex%20%40%27%5EContoso%28.%2A%29%5B0-9%5D%2B%24%27%0D%0A%7C%20project%20name%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%20and%20name%20matches%20regex%20%40%27%5EContoso%28.%2A%29%5B0-9%5D%2B%24%27%0D%0A%7C%20project%20name%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%20and%20name%20matches%20regex%20%40%27%5EContoso%28.%2A%29%5B0-9%5D%2B%24%27%0D%0A%7C%20project%20name%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.cn</a>
@@ -261,9 +261,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.documentdb/databasea
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.documentdb%2Fdatabaseaccounts%27%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocations%20%3D%20%28properties.writeLocations%29%0D%0A%7C%20mv-expand%20writeLocations%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocation%20%3D%20tostring%28writeLocations.locationName%29%0D%0A%7C%20where%20writeLocation%20in%20%28%27East%20US%27%2C%20%27West%20US%27%29%0D%0A%7C%20summarize%20by%20id%2C%20name" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.documentdb%2Fdatabaseaccounts%27%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocations%20%3D%20%28properties.writeLocations%29%0D%0A%7C%20mv-expand%20writeLocations%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocation%20%3D%20tostring%28writeLocations.locationName%29%0D%0A%7C%20where%20writeLocation%20in%20%28%27East%20US%27%2C%20%27West%20US%27%29%0D%0A%7C%20summarize%20by%20id%2C%20name" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.documentdb%2Fdatabaseaccounts%27%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocations%20%3D%20%28properties.writeLocations%29%0D%0A%7C%20mv-expand%20writeLocations%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocation%20%3D%20tostring%28writeLocations.locationName%29%0D%0A%7C%20where%20writeLocation%20in%20%28%27East%20US%27%2C%20%27West%20US%27%29%0D%0A%7C%20summarize%20by%20id%2C%20name" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.documentdb%2Fdatabaseaccounts%27%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocations%20%3D%20%28properties.writeLocations%29%0D%0A%7C%20mv-expand%20writeLocations%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocation%20%3D%20tostring%28writeLocations.locationName%29%0D%0A%7C%20where%20writeLocation%20in%20%28%27East%20US%27%2C%20%27West%20US%27%29%0D%0A%7C%20summarize%20by%20id%2C%20name" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.documentdb%2Fdatabaseaccounts%27%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocations%20%3D%20%28properties.writeLocations%29%0D%0A%7C%20mv-expand%20writeLocations%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocation%20%3D%20tostring%28writeLocations.locationName%29%0D%0A%7C%20where%20writeLocation%20in%20%28%27East%20US%27%2C%20%27West%20US%27%29%0D%0A%7C%20summarize%20by%20id%2C%20name" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.documentdb%2Fdatabaseaccounts%27%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocations%20%3D%20%28properties.writeLocations%29%0D%0A%7C%20mv-expand%20writeLocations%0D%0A%7C%20project%20id%2C%20name%2C%20writeLocation%20%3D%20tostring%28writeLocations.locationName%29%0D%0A%7C%20where%20writeLocation%20in%20%28%27East%20US%27%2C%20%27West%20US%27%29%0D%0A%7C%20summarize%20by%20id%2C%20name" target="_blank">portal.azure.cn</a>
@@ -299,9 +299,9 @@ Search-AzGraph -Query "Resources | join kind=leftouter (ResourceContainers | whe
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20join%20kind%3Dleftouter%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20project%20type%2C%20name%2C%20SubName" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20join%20kind%3Dleftouter%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20project%20type%2C%20name%2C%20SubName" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20join%20kind%3Dleftouter%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20project%20type%2C%20name%2C%20SubName" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20join%20kind%3Dleftouter%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20project%20type%2C%20name%2C%20SubName" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20join%20kind%3Dleftouter%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20project%20type%2C%20name%2C%20SubName" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20join%20kind%3Dleftouter%20%28ResourceContainers%20%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%27%20%7C%20project%20SubName%3Dname%2C%20subscriptionId%29%20on%20subscriptionId%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20project%20type%2C%20name%2C%20SubName" target="_blank">portal.azure.cn</a>
@@ -338,9 +338,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.sql/servers/database
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Fdatabases%27%0D%0A%7C%20project%20databaseId%20%3D%20id%2C%20databaseName%20%3D%20name%2C%20elasticPoolId%20%3D%20tolower%28tostring%28properties.elasticPoolId%29%29%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Felasticpools%27%0D%0A%20%20%20%20%7C%20project%20elasticPoolId%20%3D%20tolower%28id%29%2C%20elasticPoolName%20%3D%20name%2C%20elasticPoolState%20%3D%20properties.state%29%0D%0Aon%20elasticPoolId%0D%0A%7C%20project-away%20elasticPoolId1" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Fdatabases%27%0D%0A%7C%20project%20databaseId%20%3D%20id%2C%20databaseName%20%3D%20name%2C%20elasticPoolId%20%3D%20tolower%28tostring%28properties.elasticPoolId%29%29%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Felasticpools%27%0D%0A%20%20%20%20%7C%20project%20elasticPoolId%20%3D%20tolower%28id%29%2C%20elasticPoolName%20%3D%20name%2C%20elasticPoolState%20%3D%20properties.state%29%0D%0Aon%20elasticPoolId%0D%0A%7C%20project-away%20elasticPoolId1" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Fdatabases%27%0D%0A%7C%20project%20databaseId%20%3D%20id%2C%20databaseName%20%3D%20name%2C%20elasticPoolId%20%3D%20tolower%28tostring%28properties.elasticPoolId%29%29%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Felasticpools%27%0D%0A%20%20%20%20%7C%20project%20elasticPoolId%20%3D%20tolower%28id%29%2C%20elasticPoolName%20%3D%20name%2C%20elasticPoolState%20%3D%20properties.state%29%0D%0Aon%20elasticPoolId%0D%0A%7C%20project-away%20elasticPoolId1" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Fdatabases%27%0D%0A%7C%20project%20databaseId%20%3D%20id%2C%20databaseName%20%3D%20name%2C%20elasticPoolId%20%3D%20tolower%28tostring%28properties.elasticPoolId%29%29%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Felasticpools%27%0D%0A%20%20%20%20%7C%20project%20elasticPoolId%20%3D%20tolower%28id%29%2C%20elasticPoolName%20%3D%20name%2C%20elasticPoolState%20%3D%20properties.state%29%0D%0Aon%20elasticPoolId%0D%0A%7C%20project-away%20elasticPoolId1" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Fdatabases%27%0D%0A%7C%20project%20databaseId%20%3D%20id%2C%20databaseName%20%3D%20name%2C%20elasticPoolId%20%3D%20tolower%28tostring%28properties.elasticPoolId%29%29%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Felasticpools%27%0D%0A%20%20%20%20%7C%20project%20elasticPoolId%20%3D%20tolower%28id%29%2C%20elasticPoolName%20%3D%20name%2C%20elasticPoolState%20%3D%20properties.state%29%0D%0Aon%20elasticPoolId%0D%0A%7C%20project-away%20elasticPoolId1" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Fdatabases%27%0D%0A%7C%20project%20databaseId%20%3D%20id%2C%20databaseName%20%3D%20name%2C%20elasticPoolId%20%3D%20tolower%28tostring%28properties.elasticPoolId%29%29%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.sql%2Fservers%2Felasticpools%27%0D%0A%20%20%20%20%7C%20project%20elasticPoolId%20%3D%20tolower%28id%29%2C%20elasticPoolName%20%3D%20name%2C%20elasticPoolState%20%3D%20properties.state%29%0D%0Aon%20elasticPoolId%0D%0A%7C%20project-away%20elasticPoolId1" target="_blank">portal.azure.cn</a>
@@ -391,9 +391,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.compute/virtualmachi
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%0D%0A%7C%20extend%20nics%3Darray_length%28properties.networkProfile.networkInterfaces%29%20%0D%0A%7C%20mv-expand%20nic%3Dproperties.networkProfile.networkInterfaces%20%0D%0A%7C%20where%20nics%20%3D%3D%201%20or%20nic.properties.primary%20%3D~%20%27true%27%20or%20isempty%28nic%29%20%0D%0A%7C%20project%20vmId%20%3D%20id%2C%20vmName%20%3D%20name%2C%20vmSize%3Dtostring%28properties.hardwareProfile.vmSize%29%2C%20nicId%20%3D%20tostring%28nic.id%29%20%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fnetworkinterfaces%27%0D%0A%20%20%20%20%7C%20extend%20ipConfigsCount%3Darray_length%28properties.ipConfigurations%29%20%0D%0A%20%20%20%20%7C%20mv-expand%20ipconfig%3Dproperties.ipConfigurations%20%0D%0A%20%20%20%20%7C%20where%20ipConfigsCount%20%3D%3D%201%20or%20ipconfig.properties.primary%20%3D~%20%27true%27%0D%0A%20%20%20%20%7C%20project%20nicId%20%3D%20id%2C%20publicIpId%20%3D%20tostring%28ipconfig.properties.publicIPAddress.id%29%29%0D%0Aon%20nicId%0D%0A%7C%20project-away%20nicId1%0D%0A%7C%20summarize%20by%20vmId%2C%20vmName%2C%20vmSize%2C%20nicId%2C%20publicIpId%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fpublicipaddresses%27%0D%0A%20%20%20%20%7C%20project%20publicIpId%20%3D%20id%2C%20publicIpAddress%20%3D%20properties.ipAddress%29%0D%0Aon%20publicIpId%0D%0A%7C%20project-away%20publicIpId1" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%0D%0A%7C%20extend%20nics%3Darray_length%28properties.networkProfile.networkInterfaces%29%20%0D%0A%7C%20mv-expand%20nic%3Dproperties.networkProfile.networkInterfaces%20%0D%0A%7C%20where%20nics%20%3D%3D%201%20or%20nic.properties.primary%20%3D~%20%27true%27%20or%20isempty%28nic%29%20%0D%0A%7C%20project%20vmId%20%3D%20id%2C%20vmName%20%3D%20name%2C%20vmSize%3Dtostring%28properties.hardwareProfile.vmSize%29%2C%20nicId%20%3D%20tostring%28nic.id%29%20%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fnetworkinterfaces%27%0D%0A%20%20%20%20%7C%20extend%20ipConfigsCount%3Darray_length%28properties.ipConfigurations%29%20%0D%0A%20%20%20%20%7C%20mv-expand%20ipconfig%3Dproperties.ipConfigurations%20%0D%0A%20%20%20%20%7C%20where%20ipConfigsCount%20%3D%3D%201%20or%20ipconfig.properties.primary%20%3D~%20%27true%27%0D%0A%20%20%20%20%7C%20project%20nicId%20%3D%20id%2C%20publicIpId%20%3D%20tostring%28ipconfig.properties.publicIPAddress.id%29%29%0D%0Aon%20nicId%0D%0A%7C%20project-away%20nicId1%0D%0A%7C%20summarize%20by%20vmId%2C%20vmName%2C%20vmSize%2C%20nicId%2C%20publicIpId%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fpublicipaddresses%27%0D%0A%20%20%20%20%7C%20project%20publicIpId%20%3D%20id%2C%20publicIpAddress%20%3D%20properties.ipAddress%29%0D%0Aon%20publicIpId%0D%0A%7C%20project-away%20publicIpId1" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%0D%0A%7C%20extend%20nics%3Darray_length%28properties.networkProfile.networkInterfaces%29%20%0D%0A%7C%20mv-expand%20nic%3Dproperties.networkProfile.networkInterfaces%20%0D%0A%7C%20where%20nics%20%3D%3D%201%20or%20nic.properties.primary%20%3D~%20%27true%27%20or%20isempty%28nic%29%20%0D%0A%7C%20project%20vmId%20%3D%20id%2C%20vmName%20%3D%20name%2C%20vmSize%3Dtostring%28properties.hardwareProfile.vmSize%29%2C%20nicId%20%3D%20tostring%28nic.id%29%20%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fnetworkinterfaces%27%0D%0A%20%20%20%20%7C%20extend%20ipConfigsCount%3Darray_length%28properties.ipConfigurations%29%20%0D%0A%20%20%20%20%7C%20mv-expand%20ipconfig%3Dproperties.ipConfigurations%20%0D%0A%20%20%20%20%7C%20where%20ipConfigsCount%20%3D%3D%201%20or%20ipconfig.properties.primary%20%3D~%20%27true%27%0D%0A%20%20%20%20%7C%20project%20nicId%20%3D%20id%2C%20publicIpId%20%3D%20tostring%28ipconfig.properties.publicIPAddress.id%29%29%0D%0Aon%20nicId%0D%0A%7C%20project-away%20nicId1%0D%0A%7C%20summarize%20by%20vmId%2C%20vmName%2C%20vmSize%2C%20nicId%2C%20publicIpId%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fpublicipaddresses%27%0D%0A%20%20%20%20%7C%20project%20publicIpId%20%3D%20id%2C%20publicIpAddress%20%3D%20properties.ipAddress%29%0D%0Aon%20publicIpId%0D%0A%7C%20project-away%20publicIpId1" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%0D%0A%7C%20extend%20nics%3Darray_length%28properties.networkProfile.networkInterfaces%29%20%0D%0A%7C%20mv-expand%20nic%3Dproperties.networkProfile.networkInterfaces%20%0D%0A%7C%20where%20nics%20%3D%3D%201%20or%20nic.properties.primary%20%3D~%20%27true%27%20or%20isempty%28nic%29%20%0D%0A%7C%20project%20vmId%20%3D%20id%2C%20vmName%20%3D%20name%2C%20vmSize%3Dtostring%28properties.hardwareProfile.vmSize%29%2C%20nicId%20%3D%20tostring%28nic.id%29%20%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fnetworkinterfaces%27%0D%0A%20%20%20%20%7C%20extend%20ipConfigsCount%3Darray_length%28properties.ipConfigurations%29%20%0D%0A%20%20%20%20%7C%20mv-expand%20ipconfig%3Dproperties.ipConfigurations%20%0D%0A%20%20%20%20%7C%20where%20ipConfigsCount%20%3D%3D%201%20or%20ipconfig.properties.primary%20%3D~%20%27true%27%0D%0A%20%20%20%20%7C%20project%20nicId%20%3D%20id%2C%20publicIpId%20%3D%20tostring%28ipconfig.properties.publicIPAddress.id%29%29%0D%0Aon%20nicId%0D%0A%7C%20project-away%20nicId1%0D%0A%7C%20summarize%20by%20vmId%2C%20vmName%2C%20vmSize%2C%20nicId%2C%20publicIpId%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fpublicipaddresses%27%0D%0A%20%20%20%20%7C%20project%20publicIpId%20%3D%20id%2C%20publicIpAddress%20%3D%20properties.ipAddress%29%0D%0Aon%20publicIpId%0D%0A%7C%20project-away%20publicIpId1" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%0D%0A%7C%20extend%20nics%3Darray_length%28properties.networkProfile.networkInterfaces%29%20%0D%0A%7C%20mv-expand%20nic%3Dproperties.networkProfile.networkInterfaces%20%0D%0A%7C%20where%20nics%20%3D%3D%201%20or%20nic.properties.primary%20%3D~%20%27true%27%20or%20isempty%28nic%29%20%0D%0A%7C%20project%20vmId%20%3D%20id%2C%20vmName%20%3D%20name%2C%20vmSize%3Dtostring%28properties.hardwareProfile.vmSize%29%2C%20nicId%20%3D%20tostring%28nic.id%29%20%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fnetworkinterfaces%27%0D%0A%20%20%20%20%7C%20extend%20ipConfigsCount%3Darray_length%28properties.ipConfigurations%29%20%0D%0A%20%20%20%20%7C%20mv-expand%20ipconfig%3Dproperties.ipConfigurations%20%0D%0A%20%20%20%20%7C%20where%20ipConfigsCount%20%3D%3D%201%20or%20ipconfig.properties.primary%20%3D~%20%27true%27%0D%0A%20%20%20%20%7C%20project%20nicId%20%3D%20id%2C%20publicIpId%20%3D%20tostring%28ipconfig.properties.publicIPAddress.id%29%29%0D%0Aon%20nicId%0D%0A%7C%20project-away%20nicId1%0D%0A%7C%20summarize%20by%20vmId%2C%20vmName%2C%20vmSize%2C%20nicId%2C%20publicIpId%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fpublicipaddresses%27%0D%0A%20%20%20%20%7C%20project%20publicIpId%20%3D%20id%2C%20publicIpAddress%20%3D%20properties.ipAddress%29%0D%0Aon%20publicIpId%0D%0A%7C%20project-away%20publicIpId1" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.compute%2Fvirtualmachines%27%0D%0A%7C%20extend%20nics%3Darray_length%28properties.networkProfile.networkInterfaces%29%20%0D%0A%7C%20mv-expand%20nic%3Dproperties.networkProfile.networkInterfaces%20%0D%0A%7C%20where%20nics%20%3D%3D%201%20or%20nic.properties.primary%20%3D~%20%27true%27%20or%20isempty%28nic%29%20%0D%0A%7C%20project%20vmId%20%3D%20id%2C%20vmName%20%3D%20name%2C%20vmSize%3Dtostring%28properties.hardwareProfile.vmSize%29%2C%20nicId%20%3D%20tostring%28nic.id%29%20%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fnetworkinterfaces%27%0D%0A%20%20%20%20%7C%20extend%20ipConfigsCount%3Darray_length%28properties.ipConfigurations%29%20%0D%0A%20%20%20%20%7C%20mv-expand%20ipconfig%3Dproperties.ipConfigurations%20%0D%0A%20%20%20%20%7C%20where%20ipConfigsCount%20%3D%3D%201%20or%20ipconfig.properties.primary%20%3D~%20%27true%27%0D%0A%20%20%20%20%7C%20project%20nicId%20%3D%20id%2C%20publicIpId%20%3D%20tostring%28ipconfig.properties.publicIPAddress.id%29%29%0D%0Aon%20nicId%0D%0A%7C%20project-away%20nicId1%0D%0A%7C%20summarize%20by%20vmId%2C%20vmName%2C%20vmSize%2C%20nicId%2C%20publicIpId%0D%0A%7C%20join%20kind%3Dleftouter%20%28%0D%0A%20%20%20%20Resources%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.network%2Fpublicipaddresses%27%0D%0A%20%20%20%20%7C%20project%20publicIpId%20%3D%20id%2C%20publicIpAddress%20%3D%20properties.ipAddress%29%0D%0Aon%20publicIpId%0D%0A%7C%20project-away%20publicIpId1" target="_blank">portal.azure.cn</a>
@@ -445,9 +445,9 @@ Search-AzGraph -Query "Resources | where type == 'microsoft.compute/virtualmachi
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0A%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines'%0A%7C%20extend%0A%20%20%20%20JoinID%20%3D%20toupper(id)%2C%0A%20%20%20%20OSName%20%3D%20tostring(properties.osProfile.computerName)%2C%0A%20%20%20%20OSType%20%3D%20tostring(properties.storageProfile.osDisk.osType)%2C%0A%20%20%20%20VMSize%20%3D%20tostring(properties.hardwareProfile.vmSize)%0A%7C%20join%20kind%3Dleftouter(%0A%20%20%20%20Resources%0A%20%20%20%20%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines%2Fextensions'%0A%20%20%20%20%7C%20extend%20%0A%20%20%20%20%20%20%20%20VMId%20%3D%20toupper(substring(id%2C%200%2C%20indexof(id%2C%20'%2Fextensions')))%2C%0A%20%20%20%20%20%20%20%20ExtensionName%20%3D%20name%0A)%20on%20%24left.JoinID%20%3D%3D%20%24right.VMId%0A%7C%20summarize%20Extensions%20%3D%20make_list(ExtensionName)%20by%20id%2C%20OSName%2C%20OSType%2C%20VMSize%0A%7C%20order%20by%20tolower(OSName)%20asc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0A%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines'%0A%7C%20extend%0A%20%20%20%20JoinID%20%3D%20toupper(id)%2C%0A%20%20%20%20OSName%20%3D%20tostring(properties.osProfile.computerName)%2C%0A%20%20%20%20OSType%20%3D%20tostring(properties.storageProfile.osDisk.osType)%2C%0A%20%20%20%20VMSize%20%3D%20tostring(properties.hardwareProfile.vmSize)%0A%7C%20join%20kind%3Dleftouter(%0A%20%20%20%20Resources%0A%20%20%20%20%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines%2Fextensions'%0A%20%20%20%20%7C%20extend%20%0A%20%20%20%20%20%20%20%20VMId%20%3D%20toupper(substring(id%2C%200%2C%20indexof(id%2C%20'%2Fextensions')))%2C%0A%20%20%20%20%20%20%20%20ExtensionName%20%3D%20name%0A)%20on%20%24left.JoinID%20%3D%3D%20%24right.VMId%0A%7C%20summarize%20Extensions%20%3D%20make_list(ExtensionName)%20by%20id%2C%20OSName%2C%20OSType%2C%20VMSize%0A%7C%20order%20by%20tolower(OSName)%20asc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0A%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines'%0A%7C%20extend%0A%20%20%20%20JoinID%20%3D%20toupper(id)%2C%0A%20%20%20%20OSName%20%3D%20tostring(properties.osProfile.computerName)%2C%0A%20%20%20%20OSType%20%3D%20tostring(properties.storageProfile.osDisk.osType)%2C%0A%20%20%20%20VMSize%20%3D%20tostring(properties.hardwareProfile.vmSize)%0A%7C%20join%20kind%3Dleftouter(%0A%20%20%20%20Resources%0A%20%20%20%20%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines%2Fextensions'%0A%20%20%20%20%7C%20extend%20%0A%20%20%20%20%20%20%20%20VMId%20%3D%20toupper(substring(id%2C%200%2C%20indexof(id%2C%20'%2Fextensions')))%2C%0A%20%20%20%20%20%20%20%20ExtensionName%20%3D%20name%0A)%20on%20%24left.JoinID%20%3D%3D%20%24right.VMId%0A%7C%20summarize%20Extensions%20%3D%20make_list(ExtensionName)%20by%20id%2C%20OSName%2C%20OSType%2C%20VMSize%0A%7C%20order%20by%20tolower(OSName)%20asc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0A%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines'%0A%7C%20extend%0A%20%20%20%20JoinID%20%3D%20toupper(id)%2C%0A%20%20%20%20OSName%20%3D%20tostring(properties.osProfile.computerName)%2C%0A%20%20%20%20OSType%20%3D%20tostring(properties.storageProfile.osDisk.osType)%2C%0A%20%20%20%20VMSize%20%3D%20tostring(properties.hardwareProfile.vmSize)%0A%7C%20join%20kind%3Dleftouter(%0A%20%20%20%20Resources%0A%20%20%20%20%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines%2Fextensions'%0A%20%20%20%20%7C%20extend%20%0A%20%20%20%20%20%20%20%20VMId%20%3D%20toupper(substring(id%2C%200%2C%20indexof(id%2C%20'%2Fextensions')))%2C%0A%20%20%20%20%20%20%20%20ExtensionName%20%3D%20name%0A)%20on%20%24left.JoinID%20%3D%3D%20%24right.VMId%0A%7C%20summarize%20Extensions%20%3D%20make_list(ExtensionName)%20by%20id%2C%20OSName%2C%20OSType%2C%20VMSize%0A%7C%20order%20by%20tolower(OSName)%20asc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0A%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines'%0A%7C%20extend%0A%20%20%20%20JoinID%20%3D%20toupper(id)%2C%0A%20%20%20%20OSName%20%3D%20tostring(properties.osProfile.computerName)%2C%0A%20%20%20%20OSType%20%3D%20tostring(properties.storageProfile.osDisk.osType)%2C%0A%20%20%20%20VMSize%20%3D%20tostring(properties.hardwareProfile.vmSize)%0A%7C%20join%20kind%3Dleftouter(%0A%20%20%20%20Resources%0A%20%20%20%20%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines%2Fextensions'%0A%20%20%20%20%7C%20extend%20%0A%20%20%20%20%20%20%20%20VMId%20%3D%20toupper(substring(id%2C%200%2C%20indexof(id%2C%20'%2Fextensions')))%2C%0A%20%20%20%20%20%20%20%20ExtensionName%20%3D%20name%0A)%20on%20%24left.JoinID%20%3D%3D%20%24right.VMId%0A%7C%20summarize%20Extensions%20%3D%20make_list(ExtensionName)%20by%20id%2C%20OSName%2C%20OSType%2C%20VMSize%0A%7C%20order%20by%20tolower(OSName)%20asc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0A%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines'%0A%7C%20extend%0A%20%20%20%20JoinID%20%3D%20toupper(id)%2C%0A%20%20%20%20OSName%20%3D%20tostring(properties.osProfile.computerName)%2C%0A%20%20%20%20OSType%20%3D%20tostring(properties.storageProfile.osDisk.osType)%2C%0A%20%20%20%20VMSize%20%3D%20tostring(properties.hardwareProfile.vmSize)%0A%7C%20join%20kind%3Dleftouter(%0A%20%20%20%20Resources%0A%20%20%20%20%7C%20where%20type%20%3D%3D%20'microsoft.compute%2Fvirtualmachines%2Fextensions'%0A%20%20%20%20%7C%20extend%20%0A%20%20%20%20%20%20%20%20VMId%20%3D%20toupper(substring(id%2C%200%2C%20indexof(id%2C%20'%2Fextensions')))%2C%0A%20%20%20%20%20%20%20%20ExtensionName%20%3D%20name%0A)%20on%20%24left.JoinID%20%3D%3D%20%24right.VMId%0A%7C%20summarize%20Extensions%20%3D%20make_list(ExtensionName)%20by%20id%2C%20OSName%2C%20OSType%2C%20VMSize%0A%7C%20order%20by%20tolower(OSName)%20asc" target="_blank">portal.azure.cn</a>
@@ -484,9 +484,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.storage/storageaccou
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20where%20tags%5B%27Key1%27%5D%20%3D~%20%27Value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20where%20tags%5B%27Key1%27%5D%20%3D~%20%27Value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20where%20tags%5B%27Key1%27%5D%20%3D~%20%27Value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20where%20tags%5B%27Key1%27%5D%20%3D~%20%27Value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20where%20tags%5B%27Key1%27%5D%20%3D~%20%27Value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20where%20tags%5B%27Key1%27%5D%20%3D~%20%27Value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.cn</a>
@@ -524,9 +524,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.storage/storageaccou
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20mv-expand%20bagexpansion%3Darray%20tags%0D%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0D%0A%20%20%20%20%7C%20where%20tags%5B0%5D%20%3D~%20%27key1%27%20and%20tags%5B1%5D%20%3D~%20%27value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20mv-expand%20bagexpansion%3Darray%20tags%0D%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0D%0A%20%20%20%20%7C%20where%20tags%5B0%5D%20%3D~%20%27key1%27%20and%20tags%5B1%5D%20%3D~%20%27value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20mv-expand%20bagexpansion%3Darray%20tags%0D%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0D%0A%20%20%20%20%7C%20where%20tags%5B0%5D%20%3D~%20%27key1%27%20and%20tags%5B1%5D%20%3D~%20%27value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20mv-expand%20bagexpansion%3Darray%20tags%0D%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0D%0A%20%20%20%20%7C%20where%20tags%5B0%5D%20%3D~%20%27key1%27%20and%20tags%5B1%5D%20%3D~%20%27value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20mv-expand%20bagexpansion%3Darray%20tags%0D%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0D%0A%20%20%20%20%7C%20where%20tags%5B0%5D%20%3D~%20%27key1%27%20and%20tags%5B1%5D%20%3D~%20%27value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.storage%2Fstorageaccounts%27%0D%0A%7C%20join%20kind%3Dinner%20%28%0D%0A%20%20%20%20ResourceContainers%0D%0A%20%20%20%20%7C%20where%20type%20%3D~%20%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%0D%0A%20%20%20%20%7C%20mv-expand%20bagexpansion%3Darray%20tags%0D%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0D%0A%20%20%20%20%7C%20where%20tags%5B0%5D%20%3D~%20%27key1%27%20and%20tags%5B1%5D%20%3D~%20%27value1%27%0D%0A%20%20%20%20%7C%20project%20subscriptionId%2C%20resourceGroup%29%0D%0Aon%20subscriptionId%2C%20resourceGroup%0D%0A%7C%20project-away%20subscriptionId1%2C%20resourceGroup1" target="_blank">portal.azure.cn</a>
@@ -557,9 +557,9 @@ Search-AzGraph -Query "ResourceContainers | where type=='microsoft.resources/sub
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%0D%0A%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%20%7C%20project%20name%2C%20type%20%20%7C%20limit%205%0D%0A%7C%20union%20%20%28Resources%20%7C%20project%20name%2C%20type%20%7C%20limit%205%29" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%0D%0A%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%20%7C%20project%20name%2C%20type%20%20%7C%20limit%205%0D%0A%7C%20union%20%20%28Resources%20%7C%20project%20name%2C%20type%20%7C%20limit%205%29" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%0D%0A%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%20%7C%20project%20name%2C%20type%20%20%7C%20limit%205%0D%0A%7C%20union%20%20%28Resources%20%7C%20project%20name%2C%20type%20%7C%20limit%205%29" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%0D%0A%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%20%7C%20project%20name%2C%20type%20%20%7C%20limit%205%0D%0A%7C%20union%20%20%28Resources%20%7C%20project%20name%2C%20type%20%7C%20limit%205%29" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%0D%0A%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%20%7C%20project%20name%2C%20type%20%20%7C%20limit%205%0D%0A%7C%20union%20%20%28Resources%20%7C%20project%20name%2C%20type%20%7C%20limit%205%29" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%0D%0A%7C%20where%20type%3D%3D%27microsoft.resources%2Fsubscriptions%2Fresourcegroups%27%20%7C%20project%20name%2C%20type%20%20%7C%20limit%205%0D%0A%7C%20union%20%20%28Resources%20%7C%20project%20name%2C%20type%20%7C%20limit%205%29" target="_blank">portal.azure.cn</a>
@@ -591,9 +591,9 @@ Search-AzGraph -Query "Resources | where type == 'microsoft.compute/virtualmachi
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%20%7C%20where%20type%20%3D%3D%20%27microsoft.compute%2Fvirtualmachines%27%20%7C%20summarize%20count%28%29%20by%20tostring%28properties.extended.instanceView.powerState.code%29" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%20%7C%20where%20type%20%3D%3D%20%27microsoft.compute%2Fvirtualmachines%27%20%7C%20summarize%20count%28%29%20by%20tostring%28properties.extended.instanceView.powerState.code%29" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%20%7C%20where%20type%20%3D%3D%20%27microsoft.compute%2Fvirtualmachines%27%20%7C%20summarize%20count%28%29%20by%20tostring%28properties.extended.instanceView.powerState.code%29" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%20%7C%20where%20type%20%3D%3D%20%27microsoft.compute%2Fvirtualmachines%27%20%7C%20summarize%20count%28%29%20by%20tostring%28properties.extended.instanceView.powerState.code%29" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%20%7C%20where%20type%20%3D%3D%20%27microsoft.compute%2Fvirtualmachines%27%20%7C%20summarize%20count%28%29%20by%20tostring%28properties.extended.instanceView.powerState.code%29" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%20%7C%20where%20type%20%3D%3D%20%27microsoft.compute%2Fvirtualmachines%27%20%7C%20summarize%20count%28%29%20by%20tostring%28properties.extended.instanceView.powerState.code%29" target="_blank">portal.azure.cn</a>
@@ -663,7 +663,7 @@ Search-AzGraph -Query "GuestConfigurationResources | extend vmid = split(propert
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/GuestConfigurationResources%20%7C%20extend%20vmid%20%3D%20split(properties.targetResourceId%2C%22%2F%22)%20%7C%20where%20properties.complianceStatus%20%3D%3D%20'NonCompliant'%20%7C%20mvexpand%20properties.latestAssignmentReport.resources%20%7C%20mvexpand%20properties_latestAssignmentReport_resources.reasons%20%7C%20project%20machine%20%3D%20tostring(vmid%5B(-1)%5D)%2C%20type%20%3D%20tostring(vmid%5B(-3)%5D)%2C%20name%2C%20status%20%3D%20tostring(properties.complianceStatus)%2C%20resource%20%3D%20tostring(properties_latestAssignmentReport_resources.resourceId)%2C%20phrase%20%3D%20tostring(properties_latestAssignmentReport_resources_reasons.phrase)%20%7C%20summarize%20count()%20by%20resource%2C%20name%20%7C%20order%20by%20count_%20%7C%20limit%20100" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/GuestConfigurationResources%20%7C%20extend%20vmid%20%3D%20split(properties.targetResourceId%2C%22%2F%22)%20%7C%20where%20properties.complianceStatus%20%3D%3D%20'NonCompliant'%20%7C%20mvexpand%20properties.latestAssignmentReport.resources%20%7C%20mvexpand%20properties_latestAssignmentReport_resources.reasons%20%7C%20project%20machine%20%3D%20tostring(vmid%5B(-1)%5D)%2C%20type%20%3D%20tostring(vmid%5B(-3)%5D)%2C%20name%2C%20status%20%3D%20tostring(properties.complianceStatus)%2C%20resource%20%3D%20tostring(properties_latestAssignmentReport_resources.resourceId)%2C%20phrase%20%3D%20tostring(properties_latestAssignmentReport_resources_reasons.phrase)%20%7C%20summarize%20count()%20by%20resource%2C%20name%20%7C%20order%20by%20count_%20%7C%20limit%20100" target="_blank">portal.azure.com</a>
@@ -707,7 +707,7 @@ Search-AzGraph -Query "GuestConfigurationResources | extend vmid = split(propert
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/GuestConfigurationResources%20%7C%20extend%20vmid%20%3D%20split(properties.targetResourceId%2C'%2F')%20%7C%20mvexpand%20properties.latestAssignmentReport.resources%20%7C%20mvexpand%20properties_latestAssignmentReport_resources.reasons%20%7C%20where%20name%20in%20('installed_application_linux')%20%7C%20where%20properties_latestAssignmentReport_resources_reasons.phrase%20contains%20'Python'%20%7C%20project%20machine%20%3D%20tostring(vmid%5B(-1)%5D)%2C%20type%20%3D%20tostring(vmid%5B(-3)%5D)%2C%20name%2C%20status%20%3D%20tostring(properties.complianceStatus)%2C%20resource%20%3D%20tostring(properties_latestAssignmentReport_resources.resourceId)%2C%20phrase%20%3D%20tostring%20(properties_latestAssignmentReport_resources_reasons.phrase)" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/GuestConfigurationResources%20%7C%20extend%20vmid%20%3D%20split(properties.targetResourceId%2C'%2F')%20%7C%20mvexpand%20properties.latestAssignmentReport.resources%20%7C%20mvexpand%20properties_latestAssignmentReport_resources.reasons%20%7C%20where%20name%20in%20('installed_application_linux')%20%7C%20where%20properties_latestAssignmentReport_resources_reasons.phrase%20contains%20'Python'%20%7C%20project%20machine%20%3D%20tostring(vmid%5B(-1)%5D)%2C%20type%20%3D%20tostring(vmid%5B(-3)%5D)%2C%20name%2C%20status%20%3D%20tostring(properties.complianceStatus)%2C%20resource%20%3D%20tostring(properties_latestAssignmentReport_resources.resourceId)%2C%20phrase%20%3D%20tostring%20(properties_latestAssignmentReport_resources_reasons.phrase)" target="_blank">portal.azure.com</a>
@@ -750,7 +750,7 @@ Search-AzGraph -Query "GuestConfigurationResources | where properties.compliance
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/GuestConfigurationResources%20%7C%20where%20properties.complianceStatus%20%3D%3D%20'NonCompliant'%20%7C%20extend%20vmid%20%3D%20split(properties.targetResourceId%2C'%2F')%20%7C%20mvexpand%20properties.latestAssignmentReport.resources%20%7C%20mvexpand%20properties_latestAssignmentReport_resources.reasons%20%7C%20extend%20machine%20%3D%20tostring(vmid%5B(-1)%5D)%20%7C%20where%20machine%20%3D%3D%20'MACHINENAME'%20%7C%20project%20phrase%20%3D%20tostring(properties_latestAssignmentReport_resources_reasons.phrase)%2C%20resource%20%3D%20tostring(properties_latestAssignmentReport_resources.resourceId)%2C%20name%2C%20machine%2C%20resourceGroup%2C%20subscriptionId" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/GuestConfigurationResources%20%7C%20where%20properties.complianceStatus%20%3D%3D%20'NonCompliant'%20%7C%20extend%20vmid%20%3D%20split(properties.targetResourceId%2C'%2F')%20%7C%20mvexpand%20properties.latestAssignmentReport.resources%20%7C%20mvexpand%20properties_latestAssignmentReport_resources.reasons%20%7C%20extend%20machine%20%3D%20tostring(vmid%5B(-1)%5D)%20%7C%20where%20machine%20%3D%3D%20'MACHINENAME'%20%7C%20project%20phrase%20%3D%20tostring(properties_latestAssignmentReport_resources_reasons.phrase)%2C%20resource%20%3D%20tostring(properties_latestAssignmentReport_resources.resourceId)%2C%20name%2C%20machine%2C%20resourceGroup%2C%20subscriptionId" target="_blank">portal.azure.com</a>
## Next steps
governance https://docs.microsoft.com/en-us/azure/governance/resource-graph/samples/starter https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/samples/starter.md
@@ -1,7 +1,7 @@
Title: Starter query samples description: Use Azure Resource Graph to run some starter queries, including counting resources, ordering resources, or by a specific tag. Previously updated : 01/21/2021 Last updated : 02/04/2021 # Starter Resource Graph query samples
@@ -68,9 +68,9 @@ Search-AzGraph -Query "Resources | summarize count()"
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20count%28%29" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20count%28%29" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20count%28%29" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20count%28%29" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20count%28%29" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20summarize%20count%28%29" target="_blank">portal.azure.cn</a>
@@ -101,9 +101,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.keyvault/vaults' | c
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20count" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20count" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20count" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20count" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20count" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.keyvault%2Fvaults%27%0D%0A%7C%20count" target="_blank">portal.azure.cn</a>
@@ -135,9 +135,9 @@ Search-AzGraph -Query "Resources | project name, type, location | order by name
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20type%2C%20location%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20type%2C%20location%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20type%2C%20location%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20type%2C%20location%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20type%2C%20location%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20type%2C%20location%0D%0A%7C%20order%20by%20name%20asc" target="_blank">portal.azure.cn</a>
@@ -170,9 +170,9 @@ Search-AzGraph -Query "Resources | project name, location, type| where type =~ '
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20location%2C%20type%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20order%20by%20name%20desc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20location%2C%20type%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20order%20by%20name%20desc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20location%2C%20type%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20order%20by%20name%20desc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20location%2C%20type%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20order%20by%20name%20desc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20location%2C%20type%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20order%20by%20name%20desc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20project%20name%2C%20location%2C%20type%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20order%20by%20name%20desc" target="_blank">portal.azure.cn</a>
@@ -205,9 +205,9 @@ Search-AzGraph -Query "Resources | where type =~ 'Microsoft.Compute/virtualMachi
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20project%20name%2C%20properties.storageProfile.osDisk.osType%0D%0A%7C%20top%205%20by%20name%20desc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20project%20name%2C%20properties.storageProfile.osDisk.osType%0D%0A%7C%20top%205%20by%20name%20desc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20project%20name%2C%20properties.storageProfile.osDisk.osType%0D%0A%7C%20top%205%20by%20name%20desc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20project%20name%2C%20properties.storageProfile.osDisk.osType%0D%0A%7C%20top%205%20by%20name%20desc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20project%20name%2C%20properties.storageProfile.osDisk.osType%0D%0A%7C%20top%205%20by%20name%20desc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20project%20name%2C%20properties.storageProfile.osDisk.osType%0D%0A%7C%20top%205%20by%20name%20desc" target="_blank">portal.azure.cn</a>
@@ -242,9 +242,9 @@ Search-AzGraph -Query "Resources | where type =~ 'Microsoft.Compute/virtualMachi
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28properties.storageProfile.osDisk.osType%29" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28properties.storageProfile.osDisk.osType%29" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28properties.storageProfile.osDisk.osType%29" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28properties.storageProfile.osDisk.osType%29" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28properties.storageProfile.osDisk.osType%29" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28properties.storageProfile.osDisk.osType%29" target="_blank">portal.azure.cn</a>
@@ -275,9 +275,9 @@ Search-AzGraph -Query "Resources | where type =~ 'Microsoft.Compute/virtualMachi
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20extend%20os%20%3D%20properties.storageProfile.osDisk.osType%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28os%29" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20extend%20os%20%3D%20properties.storageProfile.osDisk.osType%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28os%29" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20extend%20os%20%3D%20properties.storageProfile.osDisk.osType%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28os%29" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20extend%20os%20%3D%20properties.storageProfile.osDisk.osType%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28os%29" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20extend%20os%20%3D%20properties.storageProfile.osDisk.osType%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28os%29" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Compute%2FvirtualMachines%27%0D%0A%7C%20extend%20os%20%3D%20properties.storageProfile.osDisk.osType%0D%0A%7C%20summarize%20count%28%29%20by%20tostring%28os%29" target="_blank">portal.azure.cn</a>
@@ -313,9 +313,9 @@ Search-AzGraph -Query "Resources | where type contains 'storage' | distinct type
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27storage%27%20%7C%20distinct%20type" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27storage%27%20%7C%20distinct%20type" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27storage%27%20%7C%20distinct%20type" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27storage%27%20%7C%20distinct%20type" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27storage%27%20%7C%20distinct%20type" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27storage%27%20%7C%20distinct%20type" target="_blank">portal.azure.cn</a>
@@ -349,9 +349,9 @@ Search-AzGraph -Query "Resources | where type contains 'publicIPAddresses' and i
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20project%20properties.ipAddress%0D%0A%7C%20limit%20100" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20project%20properties.ipAddress%0D%0A%7C%20limit%20100" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20project%20properties.ipAddress%0D%0A%7C%20limit%20100" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20project%20properties.ipAddress%0D%0A%7C%20limit%20100" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20project%20properties.ipAddress%0D%0A%7C%20limit%20100" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20project%20properties.ipAddress%0D%0A%7C%20limit%20100" target="_blank">portal.azure.cn</a>
@@ -381,9 +381,9 @@ Search-AzGraph -Query "Resources | where type contains 'publicIPAddresses' and i
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20summarize%20count%20%28%29%20by%20subscriptionId" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20summarize%20count%20%28%29%20by%20subscriptionId" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20summarize%20count%20%28%29%20by%20subscriptionId" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20summarize%20count%20%28%29%20by%20subscriptionId" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20summarize%20count%20%28%29%20by%20subscriptionId" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20contains%20%27publicIPAddresses%27%20and%20isnotempty%28properties.ipAddress%29%0D%0A%7C%20summarize%20count%20%28%29%20by%20subscriptionId" target="_blank">portal.azure.cn</a>
@@ -415,9 +415,9 @@ Search-AzGraph -Query "Resources | where tags.environment=~'internal' | project
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name" target="_blank">portal.azure.cn</a>
@@ -446,9 +446,9 @@ Search-AzGraph -Query "Resources | where tags.environment=~'internal' | project
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name%2C%20tags" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name%2C%20tags" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name%2C%20tags" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name%2C%20tags" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name%2C%20tags" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20tags.environment%3D~%27internal%27%0D%0A%7C%20project%20name%2C%20tags" target="_blank">portal.azure.cn</a>
@@ -480,9 +480,9 @@ Search-AzGraph -Query "Resources | where type =~ 'Microsoft.Storage/storageAccou
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Storage%2FstorageAccounts%27%0D%0A%7C%20where%20tags%5B%27tag%20with%20a%20space%27%5D%3D%3D%27Custom%20value%27" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Storage%2FstorageAccounts%27%0D%0A%7C%20where%20tags%5B%27tag%20with%20a%20space%27%5D%3D%3D%27Custom%20value%27" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Storage%2FstorageAccounts%27%0D%0A%7C%20where%20tags%5B%27tag%20with%20a%20space%27%5D%3D%3D%27Custom%20value%27" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Storage%2FstorageAccounts%27%0D%0A%7C%20where%20tags%5B%27tag%20with%20a%20space%27%5D%3D%3D%27Custom%20value%27" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Storage%2FstorageAccounts%27%0D%0A%7C%20where%20tags%5B%27tag%20with%20a%20space%27%5D%3D%3D%27Custom%20value%27" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%27Microsoft.Storage%2FstorageAccounts%27%0D%0A%7C%20where%20tags%5B%27tag%20with%20a%20space%27%5D%3D%3D%27Custom%20value%27" target="_blank">portal.azure.cn</a>
@@ -533,9 +533,9 @@ Search-AzGraph -Query "ResourceContainers | where isnotempty(tags) | project tag
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%20%0A%7C%20where%20isnotempty%28tags%29%0A%7C%20project%20tags%0A%7C%20mvexpand%20tags%0A%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%7C%20union%20%28%0A%20%20%20%20resources%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0A%20%20%20%20%7C%20project%20tags%0A%20%20%20%20%7C%20mvexpand%20tags%0A%20%20%20%20%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%20%20%20%20%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%29%0A%7C%20distinct%20tagKey%2C%20tagValue%0A%7C%20where%20tagKey%20%21startswith%20%22hidden-%22" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%20%0A%7C%20where%20isnotempty%28tags%29%0A%7C%20project%20tags%0A%7C%20mvexpand%20tags%0A%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%7C%20union%20%28%0A%20%20%20%20resources%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0A%20%20%20%20%7C%20project%20tags%0A%20%20%20%20%7C%20mvexpand%20tags%0A%20%20%20%20%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%20%20%20%20%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%29%0A%7C%20distinct%20tagKey%2C%20tagValue%0A%7C%20where%20tagKey%20%21startswith%20%22hidden-%22" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%20%0A%7C%20where%20isnotempty%28tags%29%0A%7C%20project%20tags%0A%7C%20mvexpand%20tags%0A%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%7C%20union%20%28%0A%20%20%20%20resources%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0A%20%20%20%20%7C%20project%20tags%0A%20%20%20%20%7C%20mvexpand%20tags%0A%20%20%20%20%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%20%20%20%20%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%29%0A%7C%20distinct%20tagKey%2C%20tagValue%0A%7C%20where%20tagKey%20%21startswith%20%22hidden-%22" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%20%0A%7C%20where%20isnotempty%28tags%29%0A%7C%20project%20tags%0A%7C%20mvexpand%20tags%0A%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%7C%20union%20%28%0A%20%20%20%20resources%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0A%20%20%20%20%7C%20project%20tags%0A%20%20%20%20%7C%20mvexpand%20tags%0A%20%20%20%20%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%20%20%20%20%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%29%0A%7C%20distinct%20tagKey%2C%20tagValue%0A%7C%20where%20tagKey%20%21startswith%20%22hidden-%22" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%20%0A%7C%20where%20isnotempty%28tags%29%0A%7C%20project%20tags%0A%7C%20mvexpand%20tags%0A%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%7C%20union%20%28%0A%20%20%20%20resources%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0A%20%20%20%20%7C%20project%20tags%0A%20%20%20%20%7C%20mvexpand%20tags%0A%20%20%20%20%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%20%20%20%20%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%29%0A%7C%20distinct%20tagKey%2C%20tagValue%0A%7C%20where%20tagKey%20%21startswith%20%22hidden-%22" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/ResourceContainers%20%0A%7C%20where%20isnotempty%28tags%29%0A%7C%20project%20tags%0A%7C%20mvexpand%20tags%0A%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%7C%20union%20%28%0A%20%20%20%20resources%0A%20%20%20%20%7C%20where%20isnotempty%28tags%29%0A%20%20%20%20%7C%20project%20tags%0A%20%20%20%20%7C%20mvexpand%20tags%0A%20%20%20%20%7C%20extend%20tagKey%20%3D%20tostring%28bag_keys%28tags%29%5B0%5D%29%0A%20%20%20%20%7C%20extend%20tagValue%20%3D%20tostring%28tags%5BtagKey%5D%29%0A%29%0A%7C%20distinct%20tagKey%2C%20tagValue%0A%7C%20where%20tagKey%20%21startswith%20%22hidden-%22" target="_blank">portal.azure.cn</a>
@@ -567,9 +567,9 @@ Search-AzGraph -Query "Resources | where type =~ 'microsoft.network/networksecur
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%22microsoft.network%2Fnetworksecuritygroups%22%20and%20isnull%28properties.networkInterfaces%29%20and%20isnull%28properties.subnets%29%0D%0A%7C%20project%20name%2C%20resourceGroup%0D%0A%7C%20sort%20by%20name%20asc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%22microsoft.network%2Fnetworksecuritygroups%22%20and%20isnull%28properties.networkInterfaces%29%20and%20isnull%28properties.subnets%29%0D%0A%7C%20project%20name%2C%20resourceGroup%0D%0A%7C%20sort%20by%20name%20asc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%22microsoft.network%2Fnetworksecuritygroups%22%20and%20isnull%28properties.networkInterfaces%29%20and%20isnull%28properties.subnets%29%0D%0A%7C%20project%20name%2C%20resourceGroup%0D%0A%7C%20sort%20by%20name%20asc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%22microsoft.network%2Fnetworksecuritygroups%22%20and%20isnull%28properties.networkInterfaces%29%20and%20isnull%28properties.subnets%29%0D%0A%7C%20project%20name%2C%20resourceGroup%0D%0A%7C%20sort%20by%20name%20asc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%22microsoft.network%2Fnetworksecuritygroups%22%20and%20isnull%28properties.networkInterfaces%29%20and%20isnull%28properties.subnets%29%0D%0A%7C%20project%20name%2C%20resourceGroup%0D%0A%7C%20sort%20by%20name%20asc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/Resources%0D%0A%7C%20where%20type%20%3D~%20%22microsoft.network%2Fnetworksecuritygroups%22%20and%20isnull%28properties.networkInterfaces%29%20and%20isnull%28properties.subnets%29%0D%0A%7C%20project%20name%2C%20resourceGroup%0D%0A%7C%20sort%20by%20name%20asc" target="_blank">portal.azure.cn</a>
@@ -611,9 +611,9 @@ Search-AzGraph -Query "advisorresources | where type == 'microsoft.advisor/recom
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/advisorresources%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.advisor%2Frecommendations%27%0D%0A%7C%20where%20properties.category%20%3D%3D%20%27Cost%27%0D%0A%7C%20extend%0D%0A%20%20%20%20resources%20%3D%20tostring%28properties.resourceMetadata.resourceId%29%2C%0D%0A%20%20%20%20savings%20%3D%20todouble%28properties.extendedProperties.savingsAmount%29%2C%0D%0A%20%20%20%20solution%20%3D%20tostring%28properties.shortDescription.solution%29%2C%0D%0A%20%20%20%20currency%20%3D%20tostring%28properties.extendedProperties.savingsCurrency%29%0D%0A%7C%20summarize%0D%0A%20%20%20%20dcount%28resources%29%2C%20%0D%0A%20%20%20%20bin%28sum%28savings%29%2C%200.01%29%0D%0A%20%20%20%20by%20solution%2C%20currency%0D%0A%7C%20project%20solution%2C%20dcount_resources%2C%20sum_savings%2C%20currency%0D%0A%7C%20order%20by%20sum_savings%20desc" target="_blank">portal.azure.com <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/advisorresources%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.advisor%2Frecommendations%27%0D%0A%7C%20where%20properties.category%20%3D%3D%20%27Cost%27%0D%0A%7C%20extend%0D%0A%20%20%20%20resources%20%3D%20tostring%28properties.resourceMetadata.resourceId%29%2C%0D%0A%20%20%20%20savings%20%3D%20todouble%28properties.extendedProperties.savingsAmount%29%2C%0D%0A%20%20%20%20solution%20%3D%20tostring%28properties.shortDescription.solution%29%2C%0D%0A%20%20%20%20currency%20%3D%20tostring%28properties.extendedProperties.savingsCurrency%29%0D%0A%7C%20summarize%0D%0A%20%20%20%20dcount%28resources%29%2C%20%0D%0A%20%20%20%20bin%28sum%28savings%29%2C%200.01%29%0D%0A%20%20%20%20by%20solution%2C%20currency%0D%0A%7C%20project%20solution%2C%20dcount_resources%2C%20sum_savings%2C%20currency%0D%0A%7C%20order%20by%20sum_savings%20desc" target="_blank">portal.azure.us <span class="docon docon-navigate-external x-hidden-focus"></span></a>-- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/advisorresources%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.advisor%2Frecommendations%27%0D%0A%7C%20where%20properties.category%20%3D%3D%20%27Cost%27%0D%0A%7C%20extend%0D%0A%20%20%20%20resources%20%3D%20tostring%28properties.resourceMetadata.resourceId%29%2C%0D%0A%20%20%20%20savings%20%3D%20todouble%28properties.extendedProperties.savingsAmount%29%2C%0D%0A%20%20%20%20solution%20%3D%20tostring%28properties.shortDescription.solution%29%2C%0D%0A%20%20%20%20currency%20%3D%20tostring%28properties.extendedProperties.savingsCurrency%29%0D%0A%7C%20summarize%0D%0A%20%20%20%20dcount%28resources%29%2C%20%0D%0A%20%20%20%20bin%28sum%28savings%29%2C%200.01%29%0D%0A%20%20%20%20by%20solution%2C%20currency%0D%0A%7C%20project%20solution%2C%20dcount_resources%2C%20sum_savings%2C%20currency%0D%0A%7C%20order%20by%20sum_savings%20desc" target="_blank">portal.azure.cn <span class="docon docon-navigate-external x-hidden-focus"></span></a>
+- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/advisorresources%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.advisor%2Frecommendations%27%0D%0A%7C%20where%20properties.category%20%3D%3D%20%27Cost%27%0D%0A%7C%20extend%0D%0A%20%20%20%20resources%20%3D%20tostring%28properties.resourceMetadata.resourceId%29%2C%0D%0A%20%20%20%20savings%20%3D%20todouble%28properties.extendedProperties.savingsAmount%29%2C%0D%0A%20%20%20%20solution%20%3D%20tostring%28properties.shortDescription.solution%29%2C%0D%0A%20%20%20%20currency%20%3D%20tostring%28properties.extendedProperties.savingsCurrency%29%0D%0A%7C%20summarize%0D%0A%20%20%20%20dcount%28resources%29%2C%20%0D%0A%20%20%20%20bin%28sum%28savings%29%2C%200.01%29%0D%0A%20%20%20%20by%20solution%2C%20currency%0D%0A%7C%20project%20solution%2C%20dcount_resources%2C%20sum_savings%2C%20currency%0D%0A%7C%20order%20by%20sum_savings%20desc" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/advisorresources%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.advisor%2Frecommendations%27%0D%0A%7C%20where%20properties.category%20%3D%3D%20%27Cost%27%0D%0A%7C%20extend%0D%0A%20%20%20%20resources%20%3D%20tostring%28properties.resourceMetadata.resourceId%29%2C%0D%0A%20%20%20%20savings%20%3D%20todouble%28properties.extendedProperties.savingsAmount%29%2C%0D%0A%20%20%20%20solution%20%3D%20tostring%28properties.shortDescription.solution%29%2C%0D%0A%20%20%20%20currency%20%3D%20tostring%28properties.extendedProperties.savingsCurrency%29%0D%0A%7C%20summarize%0D%0A%20%20%20%20dcount%28resources%29%2C%20%0D%0A%20%20%20%20bin%28sum%28savings%29%2C%200.01%29%0D%0A%20%20%20%20by%20solution%2C%20currency%0D%0A%7C%20project%20solution%2C%20dcount_resources%2C%20sum_savings%2C%20currency%0D%0A%7C%20order%20by%20sum_savings%20desc" target="_blank">portal.azure.us</a>
+- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/advisorresources%0D%0A%7C%20where%20type%20%3D%3D%20%27microsoft.advisor%2Frecommendations%27%0D%0A%7C%20where%20properties.category%20%3D%3D%20%27Cost%27%0D%0A%7C%20extend%0D%0A%20%20%20%20resources%20%3D%20tostring%28properties.resourceMetadata.resourceId%29%2C%0D%0A%20%20%20%20savings%20%3D%20todouble%28properties.extendedProperties.savingsAmount%29%2C%0D%0A%20%20%20%20solution%20%3D%20tostring%28properties.shortDescription.solution%29%2C%0D%0A%20%20%20%20currency%20%3D%20tostring%28properties.extendedProperties.savingsCurrency%29%0D%0A%7C%20summarize%0D%0A%20%20%20%20dcount%28resources%29%2C%20%0D%0A%20%20%20%20bin%28sum%28savings%29%2C%200.01%29%0D%0A%20%20%20%20by%20solution%2C%20currency%0D%0A%7C%20project%20solution%2C%20dcount_resources%2C%20sum_savings%2C%20currency%0D%0A%7C%20order%20by%20sum_savings%20desc" target="_blank">portal.azure.cn</a>
@@ -648,7 +648,7 @@ Search-AzGraph -Query "GuestConfigurationResources | extend vmid = split(propert
:::image type="icon" source="../media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer: -- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/GuestConfigurationResources%20%7C%20extend%20vmid%20%3D%20split(properties.targetResourceId%2C%22%2F%22)%20%7C%20mvexpand%20properties.latestAssignmentReport.resources%20%7C%20where%20properties_latestAssignmentReport_resources.resourceId%20!%3D%20'Invalid%20assignment%20package.'%20%7C%20project%20machine%20%3D%20tostring(vmid%5B(-1)%5D)%2C%20type%20%3D%20tostring(vmid%5B(-3)%5D)%20%7C%20distinct%20machine%2C%20type%20%7C%20su